Loukas Lazos

SeRLoc: secure range-independent localization for wireless sensor networks

In many applications of wireless sensor networks (WSN), sensors are deployed un-tethered in hostile environments. For location-aware WSN applications, it is essential to ensure that sensors can determine their location, even in the presence of malicious adversaries. In this paper we address the problem of enabling sensors of WSN to determine their location in an un-trusted environment. Since localization schemes based on distance estimation are expensive for the resource constrained sensors, we propose a range-independent localization algorithm called SeRLoc. SeRLoc is distributed algorithm and does not require any communication among sensors. In addition, we show that SeRLoc is robust against severe WSN attacks, such as the wormhole attack, the sybil attack and compromised sensors. To the best of our knowledge, ours is the first work that provides a security-aware range-independent localization scheme for WSN. We present a threat analysis and comparison of the performance of SeRLoc with state-of-the-art range-independent localization schemes.

SeRLoc: Robust localization for wireless sensor networks

Many distributed monitoring applications of Wireless Sensor Networks (WSNs) require the location information of a sensor node. In this article, we address the problem of enabling nodes of Wireless Sensor Networks to determine their location in an untrusted environment, known as the secure localization problem. We propose a novel range-independent localization algorithm called SeRLoc that is well suited to a resource constrained environment such as a WSN. SeRLoc is a distributed algorithm based on a two-tier network architecture that allows sensors to passively determine their location without interacting with other sensors. We show that SeRLoc is robust against known attacks on a WSNs such as the wormhole attack, the Sybil attack, and compromise of network entities and analytically compute the probability of success for each attack. We also compare the performance of SeRLoc with state-of-the-art range-independent localization schemes and show that SeRLoc has better performance.

A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks

Wireless ad hoc networks are envisioned to be randomly deployed in versatile and potentially hostile environments. Hence, providing secure and uninterrupted communication between the un-tethered network nodes becomes a critical problem. In this paper, we investigate the wormhole attack in wireless ad hoc networks, an attack that can disrupt vital network functions such as routing. In the wormhole attack, the adversary establishes a low-latency unidirectional or bi-directional link, such as a wired or long-range wireless link, between two points in the network that are not within communication range of each other. The attacker then records one or more messages at one end of the link, tunnels them via the link to the other end, and replays them into the network in a timely manner. The wormhole attack is easily implemented and particularly challenging to detect, since it does not require breach of the authenticity and confidentiality of communication, or the compromise of any host. We present a graph theoretic framework for modeling wormhole links and derive the necessary and sufficient conditions for detecting and defending against wormhole attacks. Based on our framework, we show that any candidate solution preventing wormholes should construct a communication graph that is a subgraph of the geometric graph defined by the radio range of the network nodes. Making use of our framework, we propose a cryptographic mechanism based on local broadcast keys in order to prevent wormholes. Our solution does not need time synchronization or time measurement, requires only a small fraction of the nodes to know their location, and is decentralized. Hence, it is suitable for networks with the most stringent constraints such as sensor networks. Finally, we believe our work is the first to provide an analytical evaluation in terms of probabilities of the extent to which a method prevents wormholes.

HiRLoc: high-resolution robust localization for wireless sensor networks

In this paper, we address the problem of robustly estimating the position of randomly deployed nodes of a wireless sensor network (WSN), in the presence of security threats. We propose a range-independent localization algorithm called high-resolution range-independent localization (HiRLoc), that allows sensors to passively determine their location with high resolution, without increasing the number of reference points, or the complexity of the hardware of each reference point. In HiRLoc, sensors determine their location based on the intersection of the areas covered by the beacons transmitted by multiple reference points. By combining the communication range constraints imposed by the physical medium with computationally efficient cryptographic primitives that secure the beacon transmissions, we show that HiRLoc is robust against known attacks on WSN, such as the wormhole attack, the Sybil attack, and compromise of network entities. Finally, our performance evaluation shows that HiRLoc leads to a significant improvement in localization accuracy compared with state-of-the-art range-independent localization schemes, while requiring fewer reference points.

Stochastic coverage in heterogeneous sensor networks

We study the problem of coverage in planar heterogeneous sensor networks. Coverage is a performance metric that quantifies how well a field of interest is monitored by the sensor deployment. To derive analytical expressions of coverage for heterogeneous sensor networks, we formulate the coverage problem as a set intersection problem, a problem studied in integral geometry. Compared to previous analytical results, our formulation allows us to consider a network model where sensors are deployed according to an arbitrary stochastic distribution; sensing areas of sensors need not follow the unit disk model but can have any arbitrary shape; sensors need not have an identical sensing capability. Furthermore, our formulation does not assume deployment of sensors over an infinite plane and, hence, our derivations do not suffer from the border effect problem arising in a bounded field of interest. We compare our theoretical results with the spatial Poisson approximation that is widely used in modeling coverage. By computing the Kullback-Leibler and total variation distance between the probability density functions derived via our theoretical results, the Poisson approximation, and the simulation, we show that our formulas provide a more accurate representation of the coverage in sensor networks. Finally, we provide examples of calculating network parameters such as the network size and sensing range in order to achieve a desired degree of coverage.

Preventing wormhole attacks on wireless ad hoc networks: a graph theoretic approach

We study the problem of characterizing the wormhole attack, an attack that can be mounted on a wide range of wireless network protocols without compromising any cryptographic quantity or network node. A wormhole, in essence, creates a communication link between an origin and a destination point that could not exist with the use of the regular communication channel. Hence, a wormhole modifies the connectivity matrix of the network, and can be described by a graph abstraction of the ad hoc network. Making use of geometric random graphs induced by the communication range constraint of the nodes, we present the necessary and sufficient conditions for detecting and defending against wormholes. Using our theory, we also present a defense mechanism based on local broadcast keys. We believe our work is the first one to present analytical calculation of the probabilities of detection. We also present simulation results to illustrate our theory.

Mitigating control-channel jamming attacks in multi-channel ad hoc networks

We address the problem of control-channel jamming attacks in multi-channel ad hoc networks. Deviating from the traditional view that sees jamming attacks as a physical-layer vulnerability, we consider a sophisticated adversary who exploits knowledge of the protocol mechanics along with cryptographic quantities extracted from compromised nodes to maximize the impact of his attack on higher-layer functions. We propose new security metrics that quantify the ability of the adversary to deny access to the control channel, and the overall delay incurred in re-establishing the control channel. We also propose a randomized distributed scheme that allows nodes to establish a new control channel using frequency hopping. Our method differs from classic frequency hopping in that no two nodes share the same hopping sequence, thus mitigating the impact of node compromise. Furthermore, a compromised node is uniquely identified through its hop sequence, leading to its isolation from any future information regarding the frequency location of the control channel.

Spectrum Opportunity-Based Control Channel Assignment in Cognitive Radio Networks

We address the problem of dynamic assignment of coordination (control) channels in cognitive radio networks (CRNs) by exploiting time- and space-varying spectrum opportunities. Motivated by the inherent grouping of Cognitive Radio (CR) users according to channel availability, we propose a cluster-based architecture for control-channel assignment in a CRN. CRs are grouped in the same cluster if they roughly sense similar idle channels and are within communication range, either directly or via a clusterhead. We formulate the clustering design as a maximum edge biclique problem. A distributed cluster agreement algorithm called Spectrum-Opportunity Clustering (SOC) is proposed to solve this problem. SOC provides a desirable balance between two competing factors: the set of common idle channels within each cluster and the cluster size. A large set of common idle channels within each cluster allows graceful migration from the current control channel should primary radio (PR) activity appear on that channel. Hence, SOC provides a stable network partition with respect to local coordination, with no need for frequent reclustering. Moreover, when reclustering has to be performed (due to CR mobility or PR activity), CRs agree on new clusters after the broadcast of only three messages, thus incurring low communication overhead.

Energy-aware secure multicast communication in ad-hoc networks using geographic location information

The problem of securing multicast communications in an energy-constrained ad-hoc network requires the efficient management of cryptographic quantities. We show that existing efficient key distribution techniques for wired networks that rely on logical hierarchies are extremely energy inefficient. We also show that the consideration of the physical location of the members is critical for developing energy-efficient key distribution schemes. By exploiting the spatial correlation between the members of the multicast group, we construct an energy-aware key distribution scheme. We present simulation results to illustrate the improvements achieved by our proposed algorithm.

Packet-Hiding Methods for Preventing Selective Jamming Attacks

The open nature of the wireless medium leaves it vulnerable to intentional interference attacks, typically referred to as jamming. This intentional interference with wireless transmissions can be used as a launchpad for mounting Denial-of-Service attacks on wireless networks. Typically, jamming has been addressed under an external threat model. However, adversaries with internal knowledge of protocol specifications and network secrets can launch low-effort jamming attacks that are difficult to detect and counter. In this work, we address the problem of selective jamming attacks in wireless networks. In these attacks, the adversary is active only for a short period of time, selectively targeting messages of high importance. We illustrate the advantages of selective jamming in terms of network performance degradation and adversary effort by presenting two case studies; a selective attack on TCP and one on routing. We show that selective jamming attacks can be launched by performing real-time packet classification at the physical layer. To mitigate these attacks, we develop three schemes that prevent real-time packet classification by combining cryptographic primitives with physical-layer attributes. We analyze the security of our methods and evaluate their computational and communication overhead.