Mario Strasser

Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping

We consider the following problem: how can two devices that do not share any secrets establish a shared secret key over a wireless radio channel in the presence of a communication jammer? An inherent challenge in solving this problem is that known anti-jamming techniques (e.g., frequency hopping or direct-sequence spread spectrum) which should support device communication during the key establishment require that the devices share a secret spreading key (or code) prior to the start of their communication. This requirement creates a circular dependency between antijamming spread-spectrum communication and key establishment, which has so far not been addressed. In this work, we propose an uncoordinated frequency hopping (UFH) scheme that breaks this dependency and enables key establishment in the presence of a communication jammer. We perform a detailed analysis of our UFH scheme and show its feasibility, both in terms of execution time and resource requirements.

Anti-jamming broadcast communication using uncoordinated spread spectrum techniques

Jamming-resistant communication is crucial for safety-critical applications such as emergency alert broadcasts or the dissemination of navigation signals in adversarial settings. In such applications, mission-critical messages are broadcast to a large and unknown number of (potentially untrusted) receivers that rely on the availability, integrity, and authenticity of the messages; here, availability primarily refers to the ability to communicate in the presence of jamming. Common techniques to counter jamming-based denial-of-service attacks such as Frequency Hopping (FH) and Direct Sequence Spread Spectrum (DSSS) cannot be applied in such settings because they depend on secret pairwise or group keys shared between the sender and the receivers before the communication. This dependency entails serious or unsolvable scalability and keysetup problems or weak jamming-resistance (a single malicious receiver can compromise the whole system). As a solution, in this work, we propose uncoordinated spread spectrum techniques that enable anti-jamming broadcast communication without shared secrets. Uncoordinated spread spectrum techniques can handle an unlimited amount of (malicious) receivers. We present two instances (Uncoordinated FH and Uncoordinated DSSS) and analyze differences in their performance as well as their combination. We further discuss the applications of these techniques to anti-jamming navigation broadcast, bootstrapping of coordinated spread spectrum communication, and anti-jamming emergency alerts.

Efficient uncoordinated FHSS anti-jamming communication

We address the problem of jamming-resistant communication in scenarios in which the communicating parties do not share secret keys. This includes scenarios where the communicating parties are not known in advance or where not all parties can be trusted (e.g., jamming-resistant key establishment or anti-jamming broadcast to a large set of unknown receivers). In these cases, the deployment of shared secret keys is unrealistic, and therefore this problem cannot be solved using existing anti-jamming solutions like FHSS and DSSS that depend on pre-shared keys. Recently, a solution to this problem has been proposed that introduces Uncoordinated Frequency Hopping (UFH), a new spread-spectrum anti-jamming technique that does not rely on secret keys. In this work, we investigate the efficiency of UFH-based communication: we identify optimal strategies for the UFH frequency channel selection and we propose a set of new UFH-based anti-jamming schemes that, compared to the original UFH proposal, reduce the communication latency up to one-half (i.e., increase UFH communication throughput up to two times).

Detection of reactive jamming in sensor networks

An integral part of most security- and safety-critical applications is a dependable and timely alarm notification. However, owing to the resource constraints of wireless sensor nodes (i.e., their limited power and spectral diversity), ensuring a timely and jamming-resistant delivery of alarm messages in applications that rely on wireless sensor networks is a challenging task. With current alarm forwarding schemes, blocking of an alarm by jamming is straightforward and jamming is very likely to remain unnoticed. In this work, we propose a novel jamming detection scheme as a solution to this problem. Our scheme is able to identify the cause of bit errors for individual packets by looking at the received signal strength during the reception of these bits and is well-suited for the protection of reactive alarm systems with very low network traffic. We present three different techniques for the identification of bit errors based on: predetermined knowledge, error correcting codes, and limited node wiring. We perform a detailed evaluation of the proposed solution and validate our findings experimentally with Chipcon CC1000 radios. The results show that our solution effectively detects sophisticated jamming attacks that cannot be detected with existing techniques and enables the formation of robust sensor networks for dependable delivery of alarm notifications. Our scheme also meets the high demands on the energy efficiency of reactive surveillance applications as it can operate without introducing additional wireless network traffic.

A Software-Based Trusted Platform Module Emulator

When developing and researching new trusted computing technologies, appropriate tools to investigate their behavior and to evaluate their performance are of paramount importance. In this paper, we present an efficient and portable TPM emulator for Unix. Our emulator enables not only the implementation of flexible and low-cost test-beds and simulators but, in addition, provides programmers of trusted systems with a powerful testing and debugging tool that can also be used for educational purposes. Thanks to its portability and interoperability, the TPM emulator runs on a variety of platforms and is compatible with the most relevant software packages and interfaces.

Secure remote execution of sequential computations

We describe a scheme that secures the remote execution of sequential computations in grid-computing scenarios. To the best of our knowledge, this is the first contribution that addresses the security of generic sequential computations. By dividing sequential tasks into smaller subtasks and permuting them among participants, we show that our scheme facilitates the insertion of selective redundancy and/or pre-computed functions (ringers) that are indistinguishable from other computations. We analyze the security of this proposal and we demonstrate that our scheme enables the detection of individual and colluding malicious participants. In addition, we show that our scheme can be equally used to securely track the progress of remote execution. We further investigate the damages introduced by possible chaining of errors within the remote execution and we discuss recovery mechanisms to counter these challenges. We validate our findings both analytically and empirically via simulations.

Securing the distribution and storage of secrets with trusted platform modules

We present a protocol that allows servers to securely distribute secrets to trusted platforms. The protocol maintains the confidentiality of secrets in the face of eavesdroppers and careless users. Given an ideal (tamper-proof) trusted platform, the protocol can even withstand attacks by dishonest users. As an example of its use, we present an application to secure document processing.

Autonomous and distributed node recovery in wireless sensor networks

Intrusion or misbehaviour detection systems are an important and widely accepted security tool in computer and wireless sensor networks. Their aim is to detect misbehaving or faulty nodes in order to take appropriate countermeasures, thus limiting the damage caused by adversaries as well as by hard or software faults. So far, however, once detected, misbehaving nodes have just been isolated from the rest of the sensor network and hence are no longer usable by running applications. In the presence of an adversary or software faults, this proceeding will inevitably lead to an early and complete loss of the whole network.For this reason, we propose to no longer expel misbehaving nodes, but to recover them into normal operation. In this paper, we address this problem and present a formal specification of what is considered a secure and correct node recovery algorithm together with a distributed algorithm that meets these properties. We discuss its requirements on the soft- and hardware of a node and show how they can be fulfilled with current and upcoming technologies. The algorithm is evaluated analytically as well as by means of extensive simulations, and the findings are compared to the outcome of a real implementation for the BTnode sensor platform. The results show that recovering sensor nodes is an expensive, though feasible and worthwhile task. Moreover, the proposed program code update algorithm is not only secure but also fair and robust.

Connectivity-Aware Routing in Sensor Networks

Sensor network applications such as environmental monitoring demand that the data collection process be carried out for the longest possible time. Our paper addresses this problem by presenting a routing scheme that ensures that the monitoring network remains connected and hence the live sensor nodes deliver data for a longer duration. We analyze the role of relay nodes (neighbours of the base-station) in maintaining network connectivity and present a routing strategy that, for a particular class of networks, approaches the optimal as the set of relay nodes becomes larger. We then use these findings to develop an appropriate distributed routing protocol using potential-based routing. The basic idea of potential-based routing is to define a (scalar) potential value at each node in the network and forward data to the neighbor with the highest potential. We propose a potential function and evaluate its performance through simulations. The results show that our approach performs better than the well known lifetime maximization policy proposed by Chang and Tassiulas (2004), as well as AODV [Adhoc on demand distance vector routing] proposed by Perkins (1997).

Holmes: A data theft forensic framework

This paper presents Holmes, a forensic framework for postmortem investigation of data theft incidents in enterprise networks. Holmes pro-actively collects potential evidence from hosts and the network for correlation analysis at a central location. In order to optimize the storage requirements for the collected data, Holmes relies on compact network and host data structures. We evaluate the theoretical storage requirements of Holmes in average networks and quantify the improvements compared to raw data collection alternatives. Finally, we present the application of Holmes to two realistic data theft investigation scenarios and discuss how combining network and host data can improve the efficiency and reliability of these investigations.