Yue-Hsun Lin

RCDA: Recoverable Concealed Data Aggregation for Data Integrity in Wireless Sensor Networks

Recently, several data aggregation schemes based on privacy homomorphism encryption have been proposed and investigated on wireless sensor networks. These data aggregation schemes provide better security compared with traditional aggregation since cluster heads (aggregator) can directly aggregate the ciphertexts without decryption; consequently, transmission overhead is reduced. However, the base station only retrieves the aggregated result, not individual data, which causes two problems. First, the usage of aggregation functions is constrained. For example, the base station cannot retrieve the maximum value of all sensing data if the aggregated result is the summation of sensing data. Second, the base station cannot confirm data integrity and authenticity via attaching message digests or signatures to each sensing sample. In this paper, we attempt to overcome the above two drawbacks. In our design, the base station can recover all sensing data even these data has been aggregated. This property is called “recoverable.” Experiment results demonstrate that the transmission overhead is still reduced even if our approach is recoverable on sensing data. Furthermore, the design has been generalized and adopted on both homogeneous and heterogeneous wireless sensor networks.

CDAMA: Concealed Data Aggregation Scheme for Multiple Applications in Wireless Sensor Networks

For wireless sensor networks, data aggregation scheme that reduces a large amount of transmission is the most practical technique. In previous studies, homomorphic encryptions have been applied to conceal communication during aggregation such that enciphered data can be aggregated algebraically without decryption. Since aggregators collect data without decryption, adversaries are not able to forge aggregated results by compromising them. However, these schemes are not satisfy multi-application environments. Second, these schemes become insecure in case some sensor nodes are compromised. Third, these schemes do not provide secure counting; thus, they may suffer unauthorized aggregation attacks. Therefore, we propose a new concealed data aggregation scheme extended from Boneh et al.s homomorphic public encryption system. The proposed scheme has three contributions. First, it is designed for a multi-application environment. The base station extracts application-specific data from aggregated ciphertexts. Next, it mitigates the impact of compromising attacks in single application environments. Finally, it degrades the damage from unauthorized aggregations. To prove the proposed schemes robustness and efficiency, we also conducted the comprehensive analyses and comparisons in the end.

A Study of User-Friendly Hash Comparison Schemes

Several security protocols require a human to compare two hash values to ensure successful completion. When the hash values are represented as long sequences of numbers, humans may make a mistake or require significant time and patience to accurately compare the hash values. To improve usability during comparison, a number of researchers have proposed various hash representations that use words, sentences, or images rather than numbers. This is the first work to perform a comparative study of these hash comparison schemes to determine which scheme allows the fastest and most accurate comparison. To evaluate the schemes, we performed an online user study with more than 400 participants. Our findings indicate that only a small number of schemes allow quick and accurate comparison across a wide range of subjects from varying backgrounds.

An Efficient and Verifiable Concealed Data Aggregation Scheme in Wireless Sensor Networks

Data aggregation is one of the most important techniques in wireless sensor networks to save energy through reducing lots of transmission. However, plaintext aggregation is insecure since eavesdropping or modifying messages is possible. Due to this, concealed data aggregation schemes based on homomorphic encryption have been proposed. Ciphertexts can be operated algebraic computations without decryption in those schemes. Unfortunately, they only provide data confidentiality. While compromising secret in captured sensor nodes, an adversary can still create forged ciphertexts. In this paper, we combines Boneh et al.s aggregate signature scheme and Mykletun et al.s concealed data aggregation scheme to overcome the above problems. The proposed scheme aggregates not only ciphertexts but also signatures. Through verifying aggregated signature, data integrity of each plaintext can be guaranteed. Furthermore, the communication overhead for each cluster head is still constant. Each cluster head sends an aggregated signature and an aggregated ciphertext to the base station. For resource constrained environment, the proposed scheme is secure and efficient practically.

Secure and fast handover scheme based on pre- authentication method for 802.16/WiMAX infrastructure networks

802.16/WiMAX is going to be the most popular technology in wireless communications. In 2006, IEEE 802.16e has been proposed for mobility issue. In order to maintain security, re-authentication should be considered when the mobile station handovers. However, re-authentication often takes latency and consumes power. On the other hand, several fast authentication schemes have been proposed based on pre-authentication concept in 802.11/WLAN networks. These schemes provide different methods to enhance the efficiency and security of re-authentication procedure. By using the pre-authentication concept, we propose a pre-authentication scheme for WiMAX infrastructures in this paper. Due to flexibility and security, the proposed scheme is combined with the PKI architecture. It provides a secure and fast re-authentication procedure during macro-handover in 802.16/WiMAX networks.

Efficient Authentication Schemes for Handover in Mobile WiMAX

Mobile WiMAX is the next generation of broadband wireless network. It allows users to roam over the network under vehicular speeds. However, when a mobile station changes from one base station to another, it should be authenticated again. This may lead to delay in communication, especially for real-time applications, such as VoIP and Pay-TV systems. In this paper, we propose two efficient schemes to enhance the performance of authentication during handover in mobile WiMAX. The first scheme adopts, instead of the standard EAP method used in handover authentication, an efficient shared key-based EAP method. The second one, skips the standard EAP method, does the authentication in SA-TEK three-way handshake in PKMv2 process. In addition, the security proofs of our schemes are provided in this paper.

DepenDNS: Dependable Mechanism against DNS Cache Poisoning

DNS cache poisoning attacks have been proposed for a long time. In 2008, Kaminsky enhanced the attacks to be powerful based on nonce query method. By leveraging Kaminskys attack, phishing becomes large-scale since victims are hard to detect attacks. Hence, DNS cache poisoning is a serious threat in the current DNS infrastructure. In this paper, we propose a countermeasure, DepenDNS, to prevent from cache poisoning attacks. DepenDNS queries multiple resolvers concurrently to verify an trustworthy answer while users perform payment transactions, e.g., auction, banking. Without modifying any resolver or authority server, DepenDNS is conveniently deployed on client side. In the end of paper, we conduct several experiments on DepenDNS to show its efficiency. We believe DepenDNS is a comprehensive solution against cache poisoning attacks.

Eliminating rouge femtocells based on distance bounding protocol and geographic information

Recently, femtocell solutions have been attracting increasing attention since coverage for broadband radios can effectively eliminate wireless notspots. To restrict malicious subscribers from accessing femtocells, 3G/WiMAX standards introduce an access control strategy, called Closed Subscriber Group (CSG). However, CSG only prevents malicious clients, but not rouge femtocells. In 2009, Han et al. proposed the first mutual authentication mechanism. This mechanism does not consider the case that an attacker can locate femtocells in an unregistered area even these femtocells are legitimate. In this paper, we first define two attacks, sinkhole and wormhole attacks, in femtocell-enabled mobile networks. Then, we design two approaches based on distance bounding protocols and geographic information to defend against these two attacks. In our design, a subscriber can confirm whether or not the femtocell he connected with is physically-present. Experiment results demonstrate that the distance bounding protocol can estimate an approximate distance between a subscribers device and the deployed femtocell. Moreover, femtocells that are deployed inside or outside can both be identified and distinguished without the bias of signal strength based on our design.

KISS: “Key It Simple and Secure” Corporate Key Management

Deploying a corporate key management system faces fundamental challenges, such as fine-grained key usage control and secure system administration. None of the current commercial systems (either based on software or hardware security modules) or research proposals adequately address both challenges with small and simple Trusted Computing Base (TCB). This paper presents a new key management architecture, called KISS, to enable comprehensive, trustworthy, user-verifiable, and cost-effective key management. KISS protects the entire life cycle of cryptographic keys. In particular, KISS allows only authorized applications and/or users to use the keys. Using simple devices, administrators can remotely issue authenticated commands to KISS and verify system output. KISS leverages readily available commodity hardware and trusted computing primitives to design system bootstrap protocols and management mechanisms, which protects the system from malware attacks and insider attacks.

Practical RSA signature scheme based on periodical rekeying for wireless sensor networks

Broadcast is an efficient communication channel on wireless sensor networks. Through authentic broadcast, deployed sensors can perform legitimate actions issued by a base station. According to previous literature, a complete solution for authentic broadcast is digital signature based on asymmetric cryptography. However, asymmetric cryptography utilizes expensive operations, which result in computational bottlenecks. Among these cryptosystems, Elliptic Curve Cryptography (ECC) seems to be the most efficient and the most popular choice. Unfortunately, signature verification in ECC is not efficient enough. In this article, we propose an authentic broadcast scheme based on RSA. Unlike conventional approaches, the proposed scheme adopts short moduli to enhance performance. Meanwhile, the weakness of short moduli can be fixed with rekeying strategies. To minimize the rekeying overhead, a Multi-Modulus RSA generation algorithm, which can reduce communication overhead by 50%, is proposed. We implemented the proposed scheme on MICAz. On 512-bit moduli, each verification spends at most 0.077 seconds, which is highly competitive with other public-key cryptosystems.