Ronald Watro

TinyPK: securing sensor networks with public key technology

Wireless networks of miniaturized, low-power sensor/actuator devices are poised to become widely used in commercial and military environments. The communication security problems for these networks are exacerbated by the limited power and energy of the sensor devices. In this paper, we describe the design and implementation of public-key-(PK)-based protocols that allow authentication and key agreement between a sensor network and a third party as well as between two sensor networks. Our work is novel in that PK technology was commonly believed to be too inefficient for use on low-power devices. As part of our solution, we exploit the efficiency of public operations in the RSA cryptosystem and design protocols that place the computationally expensive operations on the parties external to the sensor network, when possible. Our protocols have been implemented on UC Berkeley MICA2 motes using the TinyOS development environment.

Quantifying & minimizing attack surfaces containing moving target defenses

The cyber security exposure of resilient systems is frequently described as an attack surface. A larger surface area indicates increased exposure to threats and a higher risk of compromise. Ad-hoc addition of dynamic proactive defenses to distributed systems may inadvertently increase the attack surface. This can lead to cyber friendly fire, a condition in which adding superfluous or incorrectly configured cyber defenses unintentionally reduces security and harms mission effectiveness. Examples of cyber friendly fire include defenses which themselves expose vulnerabilities (e.g., through an unsecured admin tool), unknown interaction effects between existing and new defenses causing brittleness or unavailability, and new defenses which may provide security benefits, but cause a significant performance impact leading to mission failure through timeliness violations. This paper describes a prototype service capability for creating semantic models of attack surfaces and using those models to (1) automatically quantify and compare cost and security metrics across multiple surfaces, covering both system and defense aspects, and (2) automatically identify opportunities for minimizing attack surfaces, e.g., by removing interactions that are not required for successful mission execution.

Privacy-Enhanced Android for Smart Cities Applications

Many Smart Cities applications will collect data from and otherwise interact with the mobile devices of individual users. In the past, it has been difficult to assure users that smart applications will protect their private data and use the data only for the application’s intended purpose. The current paper describes a plan for developing Privacy-Enhanced Android, an extension of the current Android OS with new privacy features based on homomorphic and functional encryption and Secure Multiparty Computation. Our goal is to make these advances in privacy-preserving technologies available to the mobile developer community, so that they can be broadly applied and enable the impactful social utility envisioned by Smart Cities.

An architecture for scalable network defense

We describe a novel architecture for network defense designed for scaling to very high data rates (100 Gb/s) and very large user populations. Scaling requires both efficient attack detection algorithms as well as appropriate an execution environment. Our architecture considers the time budget of traffic data extraction and algorithmic processing, provides a suite of detection algorithms”each designed to present different and complementary views of the data—that generate many “traffic events,” and reduces false positives by correlating these traffic events into benign or malicious hypotheses.