Tanya Roosta

Security and Privacy Issues with Health Care Information Technology

The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration

Time synchronization attacks in sensor networks

Time synchronization is a critical building block in distributed wireless sensor networks. Because sensor nodes may be severely resource-constrained, traditional time-synchronization protocols cannot be used in sensor networks. Various time-synchronization protocols tailored for such networks have been proposed to solve this problem. However, none of these protocols have been designed with security in mind. If an adversary were able to compromise a node, he might prevent a network from effectively executing certain applications, such as sensing or tracking an object, or he might even disable the network by disrupting a fundamental service such as a TDMA-based channel-sharing scheme. In this paper we give a survey of the most common time synchronization protocols and outline the possible attacks on each protocol. In addition, we discuss how different sensor network applications that are affected by time synchronization attacks, and we propose some countermeasures for these attack.

Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems

In recent years we have witnessed the emergence and establishment of research in sensor network security. The majority of the literature has focused on discovering numerous vulnerabilities and attacks against sensor networks, along with suggestions for corresponding countermeasures. However, there has been little guidance for understanding the holistic nature of sensor network security for practical deployments. In this paper, we discuss these concerns and propose a taxonomy composed of the security properties of the sensor network, the threat model, and the security design space. In particular, we try to understand the application-layer goals of a sensor network, and provide a guide to research challenges that need to be addressed in order to prioritize our defenses against threats to application-layer goals.

A testbed for secure and robust SCADA systems

The Supervisory Control and Data Acquisition System (SCADA) monitor and control real-time systems. SCADA systems are the backbone of the critical infrastructure, and any compromise in their security can have grave consequences. Therefore, there is a need to have a SCADA testbed for checking vulnerabilities and validating security solutions. In this paper we develop such a SCADA testbed.

Key management and secure software updates in wireless process control environments

Process control systems using wireless sensor nodes are large and complex environments built to last for a long time. Cryptographic keys are typically preloaded in the wireless nodes prior to deployment and used for the rest of their lifetime. To reduce the risk of successful cryptanalysis, new keys must be established (rekeying). We have designed a rekeying scheme that provides both backward and forward secrecy. Furthermore, since these nodes are used for extensive periods of time, there is a need to update the software on the nodes. Different types of sensors run different types and versions of software. We therefore establish group keys to update the software on groups of nodes. The software binary is split into fragments to construct a hash chain that is then signed by the network manager. The nodes can thus verify the authenticity and the integrity of the new software binary. We extend this protocol by encrypting the packets with the group key such that only the intended receivers can access the new software binary.

Transactional Confidentiality in Sensor Networks

In a sensor network environment, elements such as message rate, message size, mote frequency, and message routing can reveal transactional data - that is, information about the sensors deployed, frequency of events monitored, network topology, parties deploying the network, and location of subjects and objects moving through the networked space. Whereas the confidentiality of network communications content is secured through encryption and authentication techniques, the ability of network outsiders and insiders to observe transactional data can also compromise network confidentiality. Four types of transactional data are typically observable in sensor networks. Measures to limit the availability and utility of transactional data are essential to preserving confidentiality in sensor networks.

An intrusion detection system for wireless process control systems

A recent trend in the process control system (PCS) is to deploy sensor networks in hard-to-reach areas. Using wireless sensors greatly decreases the wiring costs and increases the volume of data gathered for plant monitoring. However, ensuring the security of the deployed sensor network, which is part of the overall security of PCS, is of crucial importance. In this paper, we design a model-based intrusion detection system (IDS) for sensor networks used for PCS. Given that PCS tends to have regular traffic patterns and a well-defined request-response communication, we can design an IDS that models normal behavior of the entities and detects attacks when there is a deviation from this model. Model-based IDS can prove useful in detecting unknown attacks.

Using Social Network Theory Towards Development of Wireless Ad Hoc Network Trust

The evolution and existence of stable trust relations have been studied extensively in the context of social theory. However, reputation systems or trust schemes have only been recently used in the domain of wireless ad hoc net works. It has been shown that these schemes provide positive results as a self-policing mechanism for the routing of data in wireless ad hoc network security. This paper develops a relationship between the trust concepts in the social network theory and wireless ad hoc networks. In addition, the paper maps existing trust schemes in wireless ad hoc networks to a long-standing theory in social networks. Most importantly, a refined model of trust evaluation in social networks is constructed and mapped to a new trust scheme for ad hoc networks. The new trust scheme is analyzed and shown to outperform existing schemes using scenario and simulation analysis.

Inherent Security of Routing Protocols in Ad-Hoc and Sensor Networks

Many of the routing protocols that have been designed for wireless ad-hoc networks focus on energy-efficiency and guaranteeing high throughput in a non-adversarial setting. However, given that ad-hoc and sensor networks are deployed and left unattended for long periods of time, it is crucial to design secure routing protocols for these networks. Over the past few years, attacks on the routing protocols have been studied and a number of secure routing protocols have been designed for wireless sensor networks. However, there has not been a comprehensive study of how these protocols compare in terms of achieving security goals and maintaining high throughput. In this paper, we focus on the problem of analyzing the inherent security of routing protocols with respect to two categories: multi-path and single-path routing. Within each category, we focus on deterministic vs. probabilistic mechanisms for setting up the routes. We consider the scenario in which an adversary has subverted a subset of the nodes, and as a result, the paths going through these nodes are compromised. We present our findings through simulation results.

Distributed Reputation System for Tracking Applications in Sensor Networks

Ad-hoc sensor networks are becoming more common, yet security of these networks is still an issue, node misbehavior due to malicious attacks can impair the overall functioning of the system. Existing approaches mainly rely on cryptography to ensure data authentication and integrity. These approaches only address part of the problem of security in sensor networks. However, cryptography is not sufficient to prevent the attacks in which some of the nodes are overtaken and compromised by a malicious user. Recently, the use of reputation systems has shown positive results as a self-policing mechanism in ad-hoc networks. This scheme can aid in decreasing vulnerabilities which are not solved by cryptography, We look at how a distributed reputation scheme can benefit the object tracking application in sensor networks. Tracking multiple objects is one of the most important applications of the sensor network. In our setup, nodes detect misbehavior locally from observations, and assign a reputation to each of their neighbors. These reputations are used to weight node readings appropriately when performing object tracking. Over time, data from malicious nodes will not be included in the track formation process. We evaluate the reputation system experimentally and demonstrate how it improves object tracking in the presence of malicious nodes