Diethelm Ostry

Safety assurance and rescue communication systems in high-stress environments: A mining case study

Effective communication is critical to the success of response and rescue operations; however, unreliable operation of communication systems in high-stress environments is a significant obstacle to achieving this. The contribution of this article is threefold. First, it outlines those common characteristics that impair communication in high-stress environments and then evaluates their importance, specifically in the underground mine environment. Second, it discusses current underground mine communication techniques and identifies their potential problems. Third, it explores the design of wireless sensor network based communication and location sensing systems that could potentially address current challenges. Finally, preliminary results are presented of an empirical study of communication using a WSN constructed from commercially available wireless sensor nodes in an underground mine near Parkes, New South Wales, Australia.

Secure multi-hop network programming with multiple one-way key chains

Current network programming protocols provide an efficient way to update program images running on sensor nodes without having physical access to them. Securing these updates, however, remains a challenging and important issue, given the open environment where sensor nodes are often deployed. Several approaches addressing these issues have been reported, but their use of cryptographically strong protocols means that their computational costs (and hence, power consumption and communication costs) are relatively high. In this paper, we propose a novel scheme to secure a multihop network programming protocol through the use of multiple one-way hash chains. The scheme is shown to be lower in computational, power consumption, and communication costs yet still able to secure multihop propagation of program images. We demonstrate the use of this scheme and provide some results using the popular network programming protocol, Deluge. In addition, we include a performance evaluation of our scheme, implemented in TinyOS, in terms of latency and energy consumption.

A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networks

Code dissemination protocols provide a convenient way to update program images via wireless communication. Due to the open environment in which Wireless Sensor Networks (WSNs) are typically deployed, it is important that a code dissemination protocol ensures that a program image update can be authenticated as coming from a trusted source. In some applications it is also required that the data be kept confidential in spite of the possibility of message interception. Authentication and confidentiality are implemented through cryptographic operations which may be expensive in power consumption, making a protocol with these features vulnerable to attack by an adversary who transmits forged data, forcing nodes to waste energy in identifying it as invalid i.e., a signature-based DoS attack). Additionally, in multi-hop dissemination protocols, each sensor node is required to broadcast its program image when requested by its neighbors. An adversary could repeatedly send spurious program image requests to its neighbors, making them exhaust their energy reserves i.e., request-based DoS attack). In this paper, we present a new approach to achieve confidentiality in multi-hop code dissemination. We propose counter-measures against both types of DoS attacks mentioned above. To our knowledge, we are the first to integrate confidentiality and DoS-attack-resistance in a multi-hop code dissemination protocol. Our approach is based on Deluge, an open source, state-of-the-art code dissemination protocol for WSNs. In addition, We provide a performance evaluation in terms of latency and energy consumption in our scheme, compared with the original Deluge and the existing secure Deluge.

Zero reconciliation secret key generation for body-worn health monitoring devices

Wearable wireless sensor devices are key components in the emerging technology of personalized healthcare monitoring. Medical data collected by these devices must be secured, especially on the wireless link to the gateway equipment. However, it is difficult to manage the required cryptographic keys, as users may lack the awareness or requisite skills for this task. Alternatively, recent work has shown that two communicating devices can generate secret keys derived directly from symmetrical properties of the wireless channel between them. This channel is also strongly dependent on positioning and movement and cannot be inferred in detail by an eavesdropper. Existing schemes, however, yield keys with mismatching bits at the two ends, requiring reconciliation mechanisms with high implementation and energy costs that are unsuitable for resource-poor body-worn devices. In this work we propose a secret-key generation mechanism which uses signal strength fluctuations caused by incidental motion of body-worn devices to construct shared keys with near-perfect agreement, thereby avoiding reconciliation costs. Our contributions are: (1) we analyse channel measurement asymmetries caused by non-simultaneous probing of the channel by the link end-points, (2) we propose a practical filtering scheme to minimize these asymmetries, dramatically improving signal correlation between the two ends without reducing entropy, and (3) we develop a method to restrict key generation to periods of channel fluctuation, ensuring near perfect key agreement. To the best of our knowledge, this work is the first to demonstrate the feasibility of generating high quality secret keys with zero reconciliation cost in body-worn networks for healthcare monitoring.

Packet Pacing in Short Buffer Optical Packet Switched Networks

In the absence of a cost-effective technology for storing optical signals, emerging optical packet switched (OPS) networks are expected to have severely limited buffering capability. This paper investigates the resulting impact on end-to-end loss and throughput, and proposes that the optical edge switches “pace” packets into the OPS core to improve performance without adversely affecting end-to-end delays. In this context, our contributions are three-fold. We first evaluate the impact of short buffers on the performance of real-time and TCP traffic. This helps us identify short-time-scale burstiness as the major contributor to performance degradation, so we propose that the optical edge switches pace the transmission of packets into the OPS core while respecting their delay-constraints. Our second contribution develops algorithms of poly-logarithmic complexity that can perform optimal real-time pacing of high data rate traffic. Lastly, we show via simulations of a realistic network carrying real-time traffic that pacing can significantly reduce losses at the expense of a bounded increase in end-to-end delay. The loss-delay trade-off mechanism provided by pacing can help achieve desired OPS network performance.

Secret Key Generation Rate vs. Reconciliation Cost Using Wireless Channel Characteristics in Body Area Networks

In this paper, we investigate the feasibility of real time derivation of cryptographic keys in body area networks using unique characteristics of the underlying wireless channel. We perform experiments to confirm that motion does indeed provide significant highly correlated randomness on either end of the wireless link between base station and mobile mote to enable real-time key generation. Furthermore, we demonstrate that channel characteristics for a dynamic body area network consist of two different components, a fast and a slow component, each of which make a qualitatively different contribution to key generation. These components can be isolated to address specific needs of the application scenario: the fast component can yield high entropy keys at a fast rate between base station and mobile mote with some bit disagreement between the two devices, the slow component generates keys at a lower rate but with very high level of bit agreement. Our experimental results highlight this tradeoff, and our key generation protocol details the key extraction process.

Confidential and Secure Broadcast in Wireless Sensor Networks

Wireless sensor networks need broadcast for operations such as software updates, network queries, and command dissemination. Alongside ensuring authenticity of the source and data, keeping the broadcast data secret is vital in certain applications such as battlefield control, emergency response, and natural resource management. In this paper we propose and prototype a mechanism for ensuring confidentiality and authenticity of broadcast data in single-hop networks, and discuss possible extensions to multi-hop settings. Our scheme uses known low-complexity symmetric encryption techniques for confidentiality, while changing the encryption key on a per-packet basis in a verifiable but non-forgeable way to ensure authenticity. Message integrity, freshness, and semantic security are also provided, and the broadcast data can be dynamic and incrementally processed. We incorporate our security scheme into Deluge, the de facto network programming protocol in TinyOS, and quantify the cost in terms of broadcast data transfer time and node memory space on a TelosB mote based platform.

Authentication of lossy data in body-sensor networks for cloud-based healthcare monitoring

Growing pressure on healthcare costs is spurring development of lightweight bodyworn sensors for real-time and continuous physiological monitoring. Data from these sensors is streamed wirelessly to a handheld device such as a smartphone or tablet, and then archived in the cloud by personal health record services. Authenticating the data these devices generate is vital to ensure proper diagnosis, traceability, and validation of claims. Digital signatures at the packet-level are too resource-intensive for bodyworn devices, while block-level signatures are not robust to loss. In this paper we propose, analyse, and validate a practical, lightweight robust authentication scheme suitable for health-monitoring. We make three specific contributions: (a) we develop an authentication scheme that is both low-cost (using a Merkle hash tree to amortise digital signature costs), and loss-resilient (using network coding to recover strategic nodes within the tree). (b) We design a framework for optimizing placement of network coding within the tree to maximise data verifiability for a given overhead and loss environment. (c) We validate our scheme using experimental traces of typical operating conditions to show that it achieves high success (over 99% of the medical data can be authenticated) at very low overheads (as low as 5% extra transmissions) and at very low cost (the bodyworn device has to perform a digital signature operation no more than once per hour). We believe our novel authentication scheme can be a key step in the integration of wearable medical monitoring devices into current cloud-based healthcare systems.

Secure Multihop Network Programming with Multiple One-Way Key Chains

Current network programming protocols provide an efficient way to update program images running on sensor nodes without having physical access to them. Securing these updates, however, remains a challenging and important issue, given the open environment where sensor nodes are often deployed. Several approaches addressing these issues have been reported, but their use of cryptographically strong protocols means that their computational costs (and hence, power consumption and communication costs) are relatively high. In this paper, we propose a novel scheme to secure a multihop network programming protocol through the use of multiple one-way hash chains. The scheme is shown to be lower in computational, power consumption, and communication costs yet still able to secure multihop propagation of program images. We demonstrate the use of this scheme and provide some results using the popular network programming protocol, Deluge. In addition, we include a performance evaluation of our scheme, implemented in TinyOS, in terms of latency and energy consumption.

Eliminating Reconciliation Cost in Secret Key Generation for Body-Worn Health Monitoring Devices

Medical data collected by wearable wireless sensor devices must be adequately secured. A prerequisite for mass deployment of these secure systems is the ability to periodically renew cryptographic keys without user involvement. Recent work has shown that two communicating devices can generate secret keys directly from measurements of their common wireless channel, which is symmetric but cannot be inferred in detail by an eavesdropper. These schemes may, however, yield mismatching keys at the two ends, requiring reconciliation mechanisms with high implementation and energy costs, unsuitable for resource-poor body-worn devices. In this work, we demonstrate a scheme for secret-key generation able to construct shared keys with near-perfect agreement, thereby avoiding reconciliation costs. Our specific contributions are: (1) we identify non-simultaneous probing of the channel by the link end-points as the dominant cause of channel measurement disagreement; (2) we develop a practical filtering scheme to reduce this disagreement, dramatically improving signal correlation between the two ends without affecting key entropy; and (3) we show that by restricting key generation to periods of significant channel fluctuation, we achieve near-perfect key agreement. We demonstrate in several representative body-worn settings that our scheme can generate secret bits with 99.8% agreement, and so yield near-perfect matching 128-bit keys approximately every half hour.