Sammy Chan

ReTrust: Attack-Resistant and Lightweight Trust Management for Medical Sensor Networks

Wireless medical sensor networks (MSNs) enable ubiquitous health monitoring of users during their everyday lives, at health sites, without restricting their freedom. Establishing trust among distributed network entities has been recognized as a powerful tool to improve the security and performance of distributed networks such as mobile ad hoc networks and sensor networks. However, most existing trust systems are not well suited for MSNs due to the unique operational and security requirements of MSNs. Moreover, similar to most security schemes, trust management methods themselves can be vulnerable to attacks. Unfortunately, this issue is often ignored in existing trust systems. In this paper, we identify the security and performance challenges facing a sensor network for wireless medical monitoring and suggest it should follow a two-tier architecture. Based on such an architecture, we develop an attack-resistant and lightweight trust management scheme named ReTrust. This paper also reports the experimental results of the Collection Tree Protocol using our proposed system in a network of TelosB motes, which show that ReTrust not only can efficiently detect malicious/faulty behaviors, but can also significantly improve the network performance in practice.

PD-RED: to improve the performance of RED

We propose a new active queue management (AQM) scheme to improve the performance of the well-known random early detection (RED) AQM. The new AQM is based on the proportional derivative (PD) control principle, and we call it PD-RED. In PD-RED we introduce minimal changes to RED. We demonstrate the improvement in performance of PD-RED over adaptive RED AQM by simulations.

Secure and Efficient Handover Authentication Based on Bilinear Pairing Functions

Seamless handover over multiple access points is highly desirable to mobile nodes, but ensuring security and efficiency of this process is challenging. This paper shows that prior handover authentication schemes incur high communication and computation costs, and are subject to a few security attacks. Further, a novel handover authentication protocol named PairHand is proposed. PairHand uses pairing-based cryptography to secure handover process and to achieve high efficiency. Also, an efficient batch signature verification scheme is incorporated into PairHand. Experiments using our implementation on laptop PCs show that PairHand is feasible in real applications.

Privacy-Preserving Universal Authentication Protocol for Wireless Communications

Seamless roaming over wireless networks is highly desirable to mobile users, and security such as authentication of mobile users is challenging. In this paper, we propose a privacy-preserving universal authentication protocol, called Priauth, which provides strong user anonymity against both eavesdroppers and foreign servers, session key establishment, and achieves efficiency. Most importantly, Priauth provides an efficient approach to tackle the problem of user revocation while supporting strong user untraceability.

Iterative decoding of multi-dimensional concatenated single parity check codes

This paper is concerned with the decoding technique and performance of multi-dimensional concatenated single-parity-check (SPC) code. A very efficient sub-optimal soft-in-soft-out decoding rule is presented for the SPC code, costing only 3 addition-equivalent-operations per information bit. Multi-dimensional concatenated coding and decoding principles are investigated. Simulation results of rate 5/6 and 4/5 3-dimensional concatenated SPC codes are provided. Performance of BER=10/sup -4/-10/sup -5/ can be achieved by the MAP and max-log-MAP decoders, respectively, with E/sub b//N/sub 0/ only 1 and 1.5 dB away from the theoretical limits.

Secure service provision in smart grid communications

The smart grid provides a platform for thirdparty service providers to remotely monitor and manage energy usage for consumers. At the same time, the involvement of service providers brings a new set of security threats to the smart grid. In this article, we first identify the cyber security challenges on service provision in the smart grid. Then we present two main security issues related to service provision and provide potential solutions. The first one is to establish a secure communication procedure among the electric utility, consumers, and service providers. The second one is to provide a privacy-preserving yet accountable authentication framework among the smart grid entities without relying on any trusted third party. Finally, we suggest directions of future work on secure service provision by describing several open issues.

Distributed Access Control with Privacy Support in Wireless Sensor Networks

A distributed access control module in wireless sensor networks (WSNs) allows the network to authorize and grant user access privileges for in-network data access. Prior research mainly focuses on designing such access control modules for WSNs, but little attention has been paid to protect users identity privacy when a user is verified by the network for data accesses. Often, a user does not want the WSN to associate his identity to the data he requests. In this paper, we present the design, implementation, and evaluation of a novel approach, Priccess, to ensure distributed privacy-preserving access control. In Priccess, users who have similar access privileges are organized into the same group by the network owner. A network user signs a query command on behalf of his group and then sends the signed query to the sensor nodes of his interest. The signature can be verified by its recipient as coming from someone authorized without exposing the actual signer. In addition to the theoretical analysis that demonstrates the security properties of Priccess, this paper also reports the experimental results of Priccess in a network of Imote2 motes, which show the efficiency of Priccess in practice.

PD-controller: a new active queue management scheme

This paper describes a proportional-differential (PD) control algorithm as a new active queue management (AQM) scheme for TCP/IP congestion control. From the viewpoint of the control theory, TCP congestion control system can be regarded as a feedback regulating system. In this paper, a robust AQM called PD-controller is proposed. The design principles of PD-controller are presented in details. Its performance is extensively evaluated by simulations. The results demonstrate that the PD-controller AQM is stable and robust against traffic load fluctuations, UDP and HTTP disturbances. Its superiority over other AQMs is also demonstrated.

A Distributed Trust Evaluation Model and Its Application Scenarios for Medical Sensor Networks

The development of medical sensor networks (MSNs) is imperative for e-healthcare, but security remains a formidable challenge yet to be resolved. Traditional cryptographic mechanisms do not suffice given the unique characteristics of MSNs, and the fact that MSNs are susceptible to a variety of node misbehaviors. In such situations, the security and performance of MSNs depend on the cooperative and trust nature of the distributed nodes, and it is important for each node to evaluate the trustworthiness of other nodes. In this paper, we identify the unique features of MSNs and introduce relevant node behaviors, such as transmission rate and leaving time, into trust evaluation to detect malicious nodes. We then propose an application-independent and distributed trust evaluation model for MSNs. The trust management is carried out through the use of simple cryptographic techniques. Simulation results demonstrate that the proposed model can be used to effectively identify malicious behaviors and thereby exclude malicious nodes. This paper also reports the experimental results of the Collection Tree Protocol with the addition of our proposed model in a network of TelosB motes, which show that the network performance can be significantly improved in practice. Further, some suggestions are given on how to employ such a trust evaluation model in some application scenarios.

SDRP: A Secure and Distributed Reprogramming Protocol for Wireless Sensor Networks

Wireless reprogramming for a wireless sensor network is the process of uploading new code or changing the functionality of existing code. For security reasons, every code update must be authenticated to prevent an adversary from installing malicious code in the network. All existing reprogramming protocols are based on the centralized approach in which only the base station has the authority to initiate reprogramming. However, it is desirable and sometimes necessary for multiple authorized network users to simultaneously and directly reprogram sensor nodes without involving the base station, which is referred to as distributed reprogramming. In this case, the network owner can also assign different reprogramming privileges to different users. Motivated by this consideration, we develop a secure and distributed reprogramming protocol named SDRP , which is the first work of its kind. The protocol uses identity-based cryptography to secure the reprogramming and to reduce the communication and storage requirements of each node. Moreover, our theoretical analysis demonstrates the security properties of our protocol. We also implement SDRP in a network of resource-limited sensor nodes to show its high efficiency in practice.