Firdous Kausar

An efficient key distribution scheme for heterogeneous sensor networks

Key distribution refers to the problem of establishing shared secrets on sensor nodes such that secret symmetric keys for communication privacy, integrity and authenticity can be generated. In a wireless sensor network, pre-distribution of secret keys is possibly the most practical approach to protect network communications but it is difficult due to the ad hoc nature, intermittent connectivity, and resource limitations of the sensor networks. In this paper, we propose a key distribution scheme based on random key pre-distribution for heterogeneous sensor network (HSN) to achieve better performance and security as compared to homogeneous network which suffer from high communication overhead, computation overhead, and/or high storage requirements. In a key generation process, instead of generating a large pool of random keys, a key pool is represented by a small number of generation keys. For a given generation key and publicly known seed value, a one-way hash function generates a key chain, and these key chains collectively make a key pool. Each sensor node is assigned a small number of randomly selected generation keys. The proposed scheme reduces the storage requirements while maintaining the same security strength.

Secure group communication with self-healing and rekeying in wireless sensor networks

We have developed a self-healing key distribution scheme for secure multicast group communications for wireless sensor network environment. We present a strategy for securely distributing rekeying messages and specify techniques for joining and leaving a group. Access control in multicast system is usually achieved by encrypting the content using an encryption key, known as the group key (session key) that is only known by the group controller and all legitimate group members. In our scheme, all rekeying messages, except for unicast of an individual key, are transmitted without any encryption using one-way hash function and XOR operation. In our proposed scheme, nodes are capable of recovering lost session keys on their own, without requesting additional transmission from the group controller. The proposed scheme provides both backward and forward secrecy. We analyze the proposed scheme to verify that it satisfies the security and performance requirements for secure group communication.

Scalable and efficient key management for heterogeneous sensor networks

As typical wireless sensor networks (WSNs) have resource limitations, predistribution of secret keys is possibly the most practical approach for secure network communications. In this paper, we propose a key management scheme based on random key predistribution for heterogeneous wireless sensor networks (HSNs). As large-scale homogeneous networks suffer from high costs of communication, computation, and storage requirements, the HSNs are preferred because they provide better performance and security solutions for scalable applications in dynamic environments. We consider hierarchical HSN consisting of a small number high-end sensors and a large number of low-end sensors. To address storage overhead problem in the constraint sensor nodes, we incorporate a key generation process, where instead of generating a large pool of random keys, a key pool is represented by a small number of generation keys. For a given generation key and a publicly known seed value, a keyed-hash function generates a key chain; these key chains collectively make a key pool. As dynamic network topology is native to WSNs, the proposed scheme allows dynamic addition and removal of nodes. This paper also reports the implementation and the performance of the proposed scheme on Crossbow’s MicaZ motes running TinyOS. The results indicate that the proposed scheme can be applied efficiently in resource-constrained sensor networks. We evaluate the computation and storage costs of two keyed-hash algorithms for key chain generation, HMAC-SHA1 and HMAC-MD5.

Security Analysis of Ultra-lightweight Cryptographic Protocol for Low-cost RFID Tags: Gossamer Protocol

Gossamer protocol has been recently published to achieve mutual authentication in low-cost RFID tags. This protocol is considered to fall in ultra-lightweight class as it incorporates simple and low cost operations. Most of the earlier proposals in this class were exposed soon after their publication. Common weaknesses included use of Triangular functions and improper use of logic operators. Gossamer protocol used two non-triangular functions a) ROTbits and b) MIXbits. These functions provide confusion and diffusion properties and are implemented as cheaper operations. Thus, this protocol can be used for EPCglobal Class-1 Generation-2 standard (considered as universal standard for low-cost tags). This protocol is able to overcome existing weaknesses and is considered to be more attractive for low-capability devices as compared to earlier protocols of this class. In this paper, we analyze the security features provided by Gossamer protocol. The vulnerabilities discovered during this analysis reveal that different attacks including denial of service, memory and computation exhaustive, de-synchronization, replay, attack on data integrity and IDS (index pseudonym) collision are possible. As a consequence, we propose a new mutual authentication protocol keeping in mind the constraints and making use of the existing operations without addition of any expensive one. The analysis of the proposed protocol shows that it is resistant to all the attacks possible in case of Gossamer protocol. A comparative security analysis shows that proposed protocol provides better security features with a small compromise of communication overheads. Two additional public messages are exchanged between the reader and the tag to address the vulnerabilities present in Gossamer protocol.

Key Management and Secure Routing in Heterogeneous Sensor Networks

Key management is very critical to security protocols, as encryption and authentication services are based on the operations involving keys. In this paper, we propose a key management scheme based on random key pre-distribution for heterogeneous sensor network (HSN) to achieve better performance and security as compared to homogeneous network which suffer from high communication overhead, computation overhead, and/or high storage requirements. In a key pre-distribution phase, all the keys of the key pool are assigned to H-sensors and only one key of that pool is assigned to L-sensor, which significantly reduce the storage requirements while providing the full network connectivity. Further a secure routing structure is also proposed as application of our proposed key management scheme. Analysis shows that the proposed scheme is more resilient against node capture as compare to other random key distribution schemes.

Analysis of Download Accelerator Plus (DAP) for Forensic Artefacts

Download Accelerator Plus (DAP) is one of the most popular download managers [1] due to its free availability, download speed and versatility. This software records download activities across multiple files which include history, registry, RAM, swap and temporary files. This paper analyzes a) the log files (with .DAT extension), b) windows registry entries, and c) RAM and swap files from forensic view point. We also look at tools and techniques for extracting evidence. This research work describes a number of traces left behind after the use of DAP such as install location, download path, downloaded files and menu extensions to name a few, enabling digital investigators to search and interpret download activities. Moreover the study is supported by a tool, DAP Forensic Artefact Colletor (DAPFAC), that assists forensic examiners by providing valuable information which is retrieved from the windows registry and history files on the basis of analysis performed. The widespread use of DAP makes this analysis, an attractive option, ranging from law enforcement agencies to employees monitoring manager.

Analysis of Internet Download Manager for collection of digital forensic artefacts

Internet Download Manager (IDM) provides accelerated download speed and flexibility in features. Its attractiveness lies behind video content processing and automatic handling of downloads. This paper analyzes IDM activities recorded across multiple files that includes Windows Registry, history and log files from artefacts collection view point. The tools and techniques used for extracting evidence are also elaborated. In case of download managers, the foremost concerns are installation location, download path, downloaded file, URL address, login credentials for password protected websites, date and time the activity was performed. This enables digital forensic investigators to envisage and deduce suspicious activities.

An Authenticated Key Management Scheme for Hierarchical Wireless Sensor Networks

Key Management is a critical security service in wireless sensor networks (WSNs). It is an essential cryptographic primitive upon which other security primitives are built. The most critical security requirements in WSNs include authentication and confidentiality. These security requirements can be provided by a key management but it is difficult due to the ad hoc nature, intermittent connectivity, and resource limitations of the sensor networks. In this paper we propose an authenticated key management (AKM) scheme for hierarchical networks based on the random key pre-distribution. Further, a secure cluster formation algorithm is proposed. The base station periodically refreshes the network key, which provides the following: a) the authenticated network communication, and b) a global and continuous authentication of each network entity. Multiple level of encryption is provided by using two keys: 1) a pair-wise shared key between nodes, and 2) a network key. The AKM scheme is more resilient to node capture as compared to other random key pre-distribution schemes. The proposed key management scheme can be applied for different routing and energy efficient data dissemination techniques for sensor networks.

A Random Key Distribution Scheme for Securing Wireless Sensor Network

Sensor networks are expected to play an essential role in the upcoming age of pervasive computing. Due to their constraints in computation, memory, and power resources, their susceptibility to physical capture, and use of wireless communications, security is a challenge in these networks. The scale of deployment of wireless sensor networks requires careful decisions and trade-offs among various security measures. In this paper we present a key management scheme based on the basic random key predistribution scheme. Our analysis of this scheme shows that it is resilient to node capture and provide features such as dynamic security, low-complexity, node to node authentication, global and continuous authentication of every node in thee network and multiple level of encryption.

A Comparative Analysis of HC-128 and Rabbit Encryption Schemes for Pervasive Computing in WSN Environment

Confidentiality, integrity and availability (CIA) are the three basic requirements for an encryption mechanism utilized in any security architecture. Implementation of such a comprehensive security framework for pervasive computing environment, specifically in wireless sensor networks (WSN), is not feasible in the context of scarce resource availability and its efficient utilization. Application of stream ciphers for conventional security applications has proved to be proficient in terms of efficient energy and memory consumption. This paper presents WSN-specific NesC based implementations of two stream ciphers selected from the eSTREAM project, namely HC-128 and Rabbit. HC-128 and Rabbit have both qualified for the final portfolio phase of the eSTREAM project but their suitability for WSNs needs to be justified in a totally different context. If the two stream ciphers manage to adhere to the WSN-specific requirements and perform efficiently under these requirements only then the scheme/s can be classified as suitable. This paper tends to test the suitability of HC-128 and Rabbit for WSN-specific environment and evaluates the schemes in terms of memory usage, time consumption and energy utilization. The aim of this study is to present either one of the two schemes as an efficient solution for pervasive computing.