The Improved Broadcast Authentication Schemes in Wireless Sensor Networks

Yang, Li-Wei

15 July 2008

In the environment of wireless sensor network, while one node want to send a message to another node, the most natural way is used broadcasting to distribute the message to the whole network. In the other words, as long as one node sends messages to the other node, its neighbor nodes can also listen to these messages, and then receive them. The advantage of broadcast networks is that can efficiently distribute data to multiple receivers. However, it has some drawbacks. A sensor network may be deployed in hostile environment where there are malicious attacks. The malicious attacker can send false messages to his neighbor nodes, and then rely on these neighbor nodes to distribute over the network. So if there are not any schemes of the security authentication in the message when a node wants to use broadcast, everyone can impersonate the sender and broadcast false messages. We call this a packet injection attack. So security is a main challenge in broadcast network. In order to authenticate a broadcast message¡Ait would conform to two conditions. First, insure that the data is transmitted from the claimed source. Second, the messages are not be modified en route. TESLA has been proposed to provide such services for sensor networks¡Ait mainly use time synchronization and delay disclosure key to protect encryption key¡CHowever, this scheme still has some drawbacks, so we propose some schemes to modify TESLA in this paper, and we will show these schemes can achieve better performance than previous ones.

Broadcast Authentication Scheme

Security

Wireless Sensor Network

Data Protection in Transit and at Rest with Leakage Detection

Denis A Ulybyshev (6620474)

15 May 2019

<p>In service-oriented architecture, services can communicate and share data among themselves. This thesis presents a solution that allows detecting several types of data leakages made by authorized insiders to unauthorized services. My solution provides role-based and attribute-based access control for data so that each service can access only those data subsets for which the service is authorized, considering a context and service’s attributes such as security level of the web browser and trust level of service. My approach provides data protection in transit and at rest for both centralized and peer-to-peer service architectures. The methodology ensures confidentiality and integrity of data, including data stored in untrusted cloud. In addition to protecting data against malicious or curious cloud or database administrators, the capability of running a search through encrypted data, using SQL queries, and building analytics over encrypted data is supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to Encrypted Data Processing in Untrusted Environments) project, funded by Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is illustrated in this thesis for two use cases, including a Hospital Information System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything communication system with secure exchange of vehicle’s and drivers’ data, as well as data on road events and road hazards. </p><p>To help with investigating data leakage incidents in service-oriented architecture, integrity of provenance data needs to be guaranteed. For that purpose, I integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every data access, transfer or update is recorded in a public blockchain ledger, is non-repudiatable and can be verified at any time in the future. The work on this project, called “Blockhub,” is in progress.</p>

Computer System Security

Database Management

Data Privacy

data protection mechanism

role-based access control

attribute-based encryption scheme

Leakage Detection

encrypted search queries

identity management

authentication scheme

blockchain technology application

Kryptografie na výpočetně omezených zařízeních / Cryptography on Computationally Limited Devices

Hampl, Dalibor

January 2012

The thesis focuses on cryptographic algorithms of low performance devices, and mutual authentication of authentication server and user using smart cards. In the first part of this thesis the cryptography, cryptographic primitives, cryptographic goals, security models and cryptographic algorithms of low performance devices are presented. The second part focuses on low performance devices as RFID tags, NFC technology, microcontrollers and smart cards (.NET cards, java cards, MIFARE cards). The practical part deals with the comparison of chosen low performance devices and measure the time required for encryption and decryption using different cryptographic algorithms on Gemalto .NET Smart Card V2+. This thesis describes and explains the three authentication schemes for mutual authentication of remote server and user using smart cards. The new authentication scheme, which is based on the second related scheme, attempts to eliminate possible security attacks and keeps efficiency. For all four authentication schemes the application is implemented to test required time for authentication of server and user using smart cards.

Memory-based Hardware-intrinsic Security Mechanisms for Device Authentication in Embedded Systems

Soubhagya Sutar (9187907)

30 July 2020

<div>The Internet-of-Things (IoT) is one of the fastest-growing technologies in computing, revolutionizing several application domains such as wearable computing, home automation, industrial manufacturing, <i>etc</i>. This rapid proliferation, however, has given rise to a plethora of new security and privacy concerns. For example, IoT devices frequently access sensitive and confidential information (<i>e.g.,</i> physiological signals), which has made them attractive targets for various security attacks. Moreover, with the hardware components in these systems sourced from manufacturers across the globe, instances of counterfeiting and piracy have increased steadily. Security mechanisms such as device authentication and key exchange are attractive options for alleviating these challenges.</div><div><br></div><div>In this dissertation, we address the challenge of enabling low-cost and low-overhead device authentication and key exchange in off-the-shelf embedded systems. The first part of the dissertation focuses on a hardware-intrinsic mechanism and proposes the design of two Physically Unclonable Functions (PUFs), which leverage the memory (DRAM, SRAM) in the system, thus, requiring minimal (or no) additional hardware for operation. Two lightweight authentication and error-correction techniques, which ensure robust operation under wide environmental and temporal variations, are also presented. Experimental results obtained from prototype implementations demonstrate the effectiveness of the design. The second part of the dissertation focuses on the application of these techniques in real-world systems through a new end-to-end authentication and key-exchange protocol in the context of an Implantable Medical Device (IMD) ecosystem. Prototype implementations exhibit an energy-efficient design that guards against security and privacy attacks, thereby making it suitable for resource-constrained devices such as IMDs.</div><div><br></div>

Computer Engineering

Computer System Security

physically unclonable functions

PUF

Dynamic Random Access Memories

DRAM

device authentication

key exchange

authentication protocol

authentication scheme

authentication mechanism

combination PUF

memory PUF

implantable medical devices

IMD

IMD security

hardware security

Embedded Systems Security

Extending the security perimeter through a web of trust: the impact of GPS technology on location-based authentication techniques

Adeka, Muhammad I., Shepherd, Simon J., Abd-Alhameed, Raed

January 2013

No / Security is a function of the trust that is associated with the active variables in a system. Thus, the human factor being the most critical element in security systems, the security perimeter could be defined in relation to the human trust level. Trust level could be measured via positive identification of the person/device on the other side of the interaction medium, using various authentication schemes; location-based being one of the latest. As for the location-based services, the identity of a customer remains hazy as long as his location is unknown; he virtually remains a ghost in the air, with implications on trust. This paper reviews the various location-based authentication techniques with a focus on the role that GPS could play in optimising this authentication approach. It advocates the urgent need to make all transmission devices GPS-compliant as a way forward, despite the privacy issues that might arise.

Global positioning system

Security perimeter

GPS

Location based services

Social networking online

Critical elements

Authentication techniques

Interaction mediums

GPS compliant

Authentication

Transmission devices

GPS technologies

Web of trust

Authentication scheme

Telecommunication services

Mobile security

Auditable Computations on (Un)Encrypted Graph-Structured Data

Servio Ernesto Palacios Interiano (8635641)

29 July 2020

<div>Graph-structured data is pervasive. Modeling large-scale network-structured datasets require graph processing and management systems such as graph databases. Further, the analysis of graph-structured data often necessitates bulk downloads/uploads from/to the cloud or edge nodes. Unfortunately, experience has shown that malicious actors can compromise the confidentiality of highly-sensitive data stored in the cloud or shared nodes, even in an encrypted form. For particular use cases —multi-modal knowledge graphs, electronic health records, finance— network-structured datasets can be highly sensitive and require auditability, authentication, integrity protection, and privacy-preserving computation in a controlled and trusted environment, i.e., the traditional cloud computation is not suitable for these use cases. Similarly, many modern applications utilize a "shared, replicated database" approach to provide accountability and traceability. Those applications often suffer from significant privacy issues because every node in the network can access a copy of relevant contract code and data to guarantee the integrity of transactions and reach consensus, even in the presence of malicious actors.</div><div><br></div><div>This dissertation proposes breaking from the traditional cloud computation model, and instead ship certified pre-approved trusted code closer to the data to protect graph-structured data confidentiality. Further, our technique runs in a controlled environment in a trusted data owner node and provides proof of correct code execution. This computation can be audited in the future and provides the building block to automate a variety of real use cases that require preserving data ownership. This project utilizes trusted execution environments (TEEs) but does not rely solely on TEE's architecture to provide privacy for data and code. We thoughtfully examine the drawbacks of using trusted execution environments in cloud environments. Similarly, we analyze the privacy challenges exposed by the use of blockchain technologies to provide accountability and traceability.</div><div><br></div><div>First, we propose AGAPECert, an Auditable, Generalized, Automated, Privacy-Enabling, Certification framework capable of performing auditable computation on private graph-structured data and reporting real-time aggregate certification status without disclosing underlying private graph-structured data. AGAPECert utilizes a novel mix of trusted execution environments, blockchain technologies, and a real-time graph-based API standard to provide automated, oblivious, and auditable certification. This dissertation includes the invention of two core concepts that provide accountability, data provenance, and automation for the certification process: Oblivious Smart Contracts and Private Automated Certifications. Second, we contribute an auditable and integrity-preserving graph processing model called AuditGraph.io. AuditGraph.io utilizes a unique block-based layout and a multi-modal knowledge graph, potentially improving access locality, encryption, and integrity of highly-sensitive graph-structured data. Third, we contribute a unique data store and compute engine that facilitates the analysis and presentation of graph-structured data, i.e., TruenoDB. TruenoDB offers better throughput than the state-of-the-art. Finally, this dissertation proposes integrity-preserving streaming frameworks at the edge of the network with a personalized graph-based object lookup.</div>

Applied Computer Science

Distributed Computing

Computer System Security

Open Software

Data Encryption

Database Management

Oblivious Smart Contract

Private Automated Certification

supply chain processes

graph structured data

authentication scheme

data ownership

graph analysis applications

Auditable Computation

encrypted graph-structured data

auditable graph analysis

graph data science

AuditGraph.io

TruenoDB

Graph database

supply chain

auditable graph computation

Blockchain