Vashek Matyas

Neighbor-Based Intrusion Detection for Wireless Sensor Networks

The neighbor-based detection technique explores the principle that sensor nodes situated spatially close to each other tend to have a similar behavior. A node is considered malicious if its behavior significantly differs from its neighbors. This detection technique is localized, unsupervised and adapts to changing network dynamics. Although the technique is promising, it has not been deeply researched in the context of wireless sensor networks yet. In this paper, we present symptoms which can be used in the neighbor-based technique for detection of selective forwarding, jamming and hello flood attacks. We implemented an intrusion detection system which employs the neighbor-based detection technique. The system was designed for and works on the TinyOS operating system running the Collection Tree Protocol. We evaluated accuracy of the technique in the detection of selective forwarding, jamming and hello flood attacks. The results show that the neighbor-based detection technique is highly accurate, especially in the case when collaboration among neighboring nodes is used.

Calibrating and Comparing Simulators for Wireless Sensor Networks

In this paper, we present our findings from the calibration and comparison of selected simulators for wireless sensor networks. This work is motivated by our current research on a framework that optimizes a network-based intrusion detection system for a given application. For this purpose, we need a simulator that supports realistic models for topology, antenna, radio propagation, noise, radio, medium access control and energy consumption - factors that can influence the performance of an intrusion detection system, which is intended to be run on the medium access control layer. In the paper, we consider four open-source simulators - Castalia, MiXiM, TOSSIM and WSNet. We compare these simulators and run a set of experiments on MICAz sensor nodes in the indoor and outdoor environment. Based on the data gathered from the real experiments, we calibrate the radio propagation and noise models of Castalia, MiXiM, TOSSIM and WSNet. Also, we calibrate the energy consumption model of Castalia, MiXiM and WSNet according to the MICAz datasheet. We present the results from the simulations and compare them between each other. Even though the simulators are set in the same way, their results significantly differ from each other. In the paper, we discuss possible reasons of the differences.

Towards True Random Number Generation in Mobile Environments

In our paper, we analyze possibilities to generate true random data in mobile devices such as mobile phones or pocket computers. We show how to extract arguably true random data with a probability distribution *** = 2*** 64 close to the uniform distribution in the trace distance. To postprocess the random data acquired from the camera we use a randomness extractor based on the Carter-Wegman universal2 families of hashing functions. We generate the data at the bit rate approximatively 36 bits per second --- we used such a low bit rate only to allow statistical testing at a reasonable level of confidence.

The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli

We report on our discovery of an algorithmic flaw in the construction of primes for RSA key generation in a widely-used library of a major manufacturer of cryptographic hardware. The primes generated by the library suffer from a significant loss of entropy. We propose a practical factorization method for various key lengths including 1024 and 2048 bits. Our method requires no additional information except for the value of the public modulus and does not depend on a weak or a faulty random number generator. We devised an extension of Coppersmiths factorization attack utilizing an alternative form of the primes in question. The library in question is found in NIST FIPS 140-2 and CC~EAL~5+ certified devices used for a wide range of real-world applications, including identity cards, passports, Trusted Platform Modules, PGP and tokens for authentication or software signing. As the relevant library code was introduced in 2012 at the latest (and probably earlier), the impacted devices are now widespread. Tens of thousands of such keys were directly identified, many with significant impacts, especially for electronic identity documents, software signing, Trusted Computing and PGP. We estimate the number of affected devices to be in the order of at least tens of millions. The worst cases for the factorization of 1024 and 2048-bit keys are less than 3 CPU-months and 100 CPU-years on single core of common recent CPUs, respectively, while the expected time is half of that of the worst case. The attack can be parallelized on multiple CPUs. Worse still, all susceptible keys contain a strong fingerprint that is verifiable in microseconds on an ordinary laptop -- meaning that all vulnerable keys can be quickly identified, even in very large datasets.

Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms

Password recovery is a critical, and often overlooked, requirement of account management. Currently popular solutions, such as security questions and out-of-band communications, have recognized security and usability issues. In this paper we evaluate two alternate recovery solutions considered by our industrial partner, using backup codes and trusted people, in order to determine their suitability as a viable password recovery solution. In this paper we focus on the usability evaluation of these two representative recovery methods, and not on the specifics of their design – while our evaluation results do indirectly point to general design enhancements. Our study determined that participants felt that backup codes (implemented as a QR-code in our solution) offer levels of usability and security that are acceptable to users for securing their “ordinary” accounts. For accounts perceived to require more security (e.g., online banking) more security was preferred by participants, resulting in a preference for trusted party recovery compared to backup codes. Our results also suggest that further research and deployment considerations should be given to options for other methods of password recovery, such as backup codes and trusted parties (Full details and paper supplementary materials can be found at http://crcs.cz/papers/wistp2016.).

Two Improvements of Random Key Predistribution for Wireless Sensor Networks

Key distribution is of a critical importance to security of wireless sensor networks (WSNs). Random key predistribution is an acknowledged approach to the key distribution problem. In this paper, we propose and analyze two novel improvements that enhance security provided by the random key predistribution schemes. The first improvement exploits limited length collisions in secure hash functions to increase the probability of two nodes sharing a key. The second improvement introduces hash chains into the key pool construction to directly increase the resilience against a node capture attack. Both improvements can be further combined to bring the best performance. We evaluate the improvements both analytically and computationally on a network simulator. The concepts used are not limited to the random key predistribution.

Improving Intrusion Detection Systems for Wireless Sensor Networks

A considerable amount of research has been undertaken in the field of intrusion detection in wireless sensor networks. Researchers proposed a number of relevant mechanisms, and it is not an easy task to select the right ones for a given application scenario. Even when a network operator knows what mechanism to use, it remains an open issue how to configure this particular mechanism in such a way that it is efficient for the particular needs. We propose a framework that optimizes the configuration of an intrusion detection system in terms of detection accuracy and memory usage. There is a variety of scenarios, and a single set of configuration values is not optimal for all of them. Therefore, we believe, such a framework is of a great value for a network operator who needs to optimize an intrusion detection system for his particular needs, e.g., attacker model, environment, node parameters.

Generating Random and Pseudorandom Sequences in Mobile Devices

In our paper we study practical aspects of random and pseudorandom number generation in mobile environments. We examine and analyze several sources of randomness available in current mobile phones and other mobile devices at the application level. We identify good physical sources of randomness that are capable of generating data with high entropy in reasonable time and we investigate some relevant aspects (such as security, energy requirements, performance) of integrating selected pseudorandom number generators in the Symbian OS environment. The main contribution of this paper is the identification and analysis of randomness sources in mobile devices and a practical proposal for their post-processing, including a prototype implementation.

Towards better selective forwarding and delay attacks detection in wireless sensor networks

A number of intrusion detection techniques have been proposed to detect different kinds of active attacks on wireless sensor networks (WSNs). Selective forwarding and delay attacks are two simple but effective attacks that can disrupt the communication in WSNs. We propose two parametrized collaborative intrusion detection techniques and optimize their parameters for given scenarios using extensive simulations and multiobjective evolutionary algorithms. Moreover, we sample the whole search space to enable evaluation of evolution performance. We evaluate the influence of changes of the number of malicious nodes on the intrusion detection performance.

On Node Capturing Attacker Strategies

In distributed environments, such as wireless networks, a common adversary is considered to take control over a fraction of the nodes and hence to affect the system behaviour. We have examined several key management schemes for wireless sensor networks where the adversary compromises all the secret keys stored on captured nodes. We propose a number of realistic movement strategies that an actual attacker could pursue to capture nodes and examine the fallout of these attack approaches.