Zinaida Benenson

Tampering with motes: real-world physical attacks on wireless sensor networks

Most security protocols for wireless sensor networks (WSN) assume that the adversary can gain full control over a sensor node through direct physical access (node capture attack). But so far the amount of effort an attacker has to undertake in a node capture attack is unknown. In our project we evaluate different physical attacks against sensor node hardware. Detailed knowledge about the effort needed for physical attacks allows to fine tune security protocols in WSNs so they provide optimal protection at minimal cost.

Cooperative Intrusion Detection in Wireless Sensor Networks

We consider the problem of cooperative intrusion detection in wireless sensor networks where the nodes are equipped with local detector modules and have to identify the intruder in a distributed fashion. The detector modules issue suspicions about an intrusion in the sensors neighborhood. We formally define the problem of intrusion detection and identify necessary and sufficient conditions for its solvability. Based on these conditions we develop a generic algorithm for intrusion detection and present simulations and experiments which show the effectiveness of our approach.

TrustedPals: secure multiparty computation implemented with smart cards

We study the problem of Secure Multi-party Computation (SMC) in a model where individual processes contain a tamper-proof security module, and introduce the TrustedPals framework, an efficient smart card based implementation of SMC for any number of participating entities in such a model. Security modules can be trusted by other processes and can establish secure channels between each other. However, their availability is restricted by their host, that is, a corrupted party can stop the computation of its own security module as well as drop any message sent by or to its security module. We show that in this model SMC can be implemented by reducing it to a fault-tolerance problem at the level of security modules. Since the critical part of the computation can be executed locally on the smart card, we can compute any function securely with a protocol complexity which is polynomial only in the number of processes (that is, the complexity does not depend on the function which is computed), in contrast to previous approaches.

An algorithmic framework for robust access control in wireless sensor networks

If the data collected within a sensor network is valuable or should be kept confidential then security measures should protect the access to this data. We first determine security issues in the context of access control in sensor networks especially focusing on the problem of node capture, i.e., the possibility that an attacker can completely take over some of the sensor nodes. We then introduce the notion of t-robust sensor networks which can withstand capture of up to t nodes and consider three basic security concepts for such networks: (1) t-robust storage, a mechanism to securely store data within a set of sensors such that capture of any t sensors does not reveal that data to the adversary; (2) n-authentication which ensures that authentication is achieved with every uncompromised sensor in the broadcast range of a client (n denotes the number of nodes in that broadcast range); and (3) n-authorization, an authorization primitive with similar properties like n-authentication. We present a generic t-robust protocol for implementing access control using these primitives.

Topology-based Clusterhead Candidate Selection in Wireless Ad-hoc and Sensor Networks

Clustering techniques create hierarchal network structures, called clusters, on an otherwise flat network. Neighboring devices elect one appropriate device as clusterhead. Due to the dynamic environment, clusterhead selection becomes an important issue. We consider the problem of appropriate clusterhead selection in wireless ad-hoc networks and sensor networks. This work presents topological criteria for robust clusterhead candidate selection, resilient to sporadic node mobility and failure as well as for efficient information dissemination. One of the main ideas of our approach is to avoid selecting nodes located close to the network partition border as such nodes are more likely to move out of the partition, thus causing a clusterhead re-election. We conducted experiments both for static topologies as well as for cases in the presence of node mobility. Our results showed that the frequency of clusterhead re-election and average shortest path length from the clusterhead decrease when considering topological criteria. Additionally, the clusters tend to be robust to clusterhead failure. The presented mechanisms rely on local topological information only and do not require geographical data.

Authenticated query flooding in sensor networks

We propose a novel mechanism for authentication of flooded queries in sensor networks. Each sensor can verify with certain probability that the query is sent by the base station. Implicit cooperation between sensor nodes during the flooding process ensures that the propagation of fake queries is limited to a small part of the network.

Android and iOS users' differences concerning security and privacy

We compare Android and iOS users according to their demographic differences, security and privacy awareness, and reported behavior when installing apps. We present an exploratory study based on an online survey with more than 700 German students and describe directions for further research.

Differences between Android and iPhone Users in Their Security and Privacy Awareness

This work compares Android and iPhone users according to their security and privacy awareness when handling apps. Based on an online survey conducted with over 700 German respondents (mostly university students) we found out that Android users seem to be more aware of the risks associated with the app usage than iPhone users. For example, iPhone users almost never consider the possibility of apps sending premium-rate SMS or causing other hidden costs. Furthermore, Android users more often mention security, trust and privacy issues as important factors when they decide to use a new app. We hypothesize that the cause of these differences they are likely to arise through differences in app market policies, in app review processes and in presentation of data usage by the apps.

Authenticated Query Flooding in Sensor Networks

We propose a novel mechanism for authentication of flooded queries in sensor networks. Each sensor can verify with certain probability that the query is sent by the base station. Implicit cooperation between sensor nodes during the flooding process ensures that the propagation of fake queries is limited to a small part of the network

Attacker Models for Wireless Sensor Networks

Abstract Assumptions about attackers critically influence security and efficiency of protocols. Without precisely defined attacker models, proving security of protocols becomes impossible. Especially the area of sensor network security lacks well-established and precise attacker models. We present a general framework for attacker models in wireless sensor networks that structures and orders typical assumptions about attackers. Zusammenfassung Präzise Annahmen über mögliche Angreifer sind unbedingt erforderlich zur Entwicklung von Sicherheitslösungen. Dennoch gibt es im Bereich Sensornetze keine etablierten Angreifermodelle. In dieser Arbeit wird ein Rahmenwerk zur Definition und Strukturierung von Angreiferannahmen in Sensornetzen vorgestellt.