Activity Report 2005

Laboratory of Cryptography and System Security (CrySyS)
Department of Telecommunications
Budapest University of Technology and Economics



Research themes

Secure routing in ad hoc and sensor networks

Routing is one of the most basic networking functions in multi-hop networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers, and several "secure" routing protocols have been proposed for wireless ad hoc networks. However, the security of those protocols have been analyzed either by informal means only, or with formal methods that have never been intended for the analysis of this kind of protocols. Our research revealed that many of the proposed protocols (e.g., SRP and Ariadne) are flawed in the sense that they do not achieve the properties claimed by their authors. We beleive that the main reason for this is the lack of a mathematical model in which rigourous definitions of security can be given and protocols can be proven secure (or not) with respect to these definitions. We addressed these problems by proposing a sound mathematical technique for the analysis of routing protocols. Our method is an adoptation of the simulation paradigm to ad hoc routing protocols. We demonstrated the usefulness of our approach by proposing a new on-demand source routing protocol, called endairA, and proving it to be secure in our model.

A related problem, which is not handled by our framework mentioned above, is the problem of wormholes. Setting up a wormhole is another way by which the adversary can considerably modify the percieved topology of the network. Wormhole detection is therefore very important. We have been working on a novel approach to wormhole detection in sensor networks, which is based on some statistical techniques. The main advantage of this approach is that it requires no special hardware in the sensors, no directional antennas, and no strong systems assumptions (e.g., precise clock synchronization). It requires the sensors to send some local topology data to the base stations, and it pushes the bulk of the detection work to the base stations. The disadvantage of the approach is that detection is probabilistic, and there is a possibility of a false positive as well as a false negative. Currently, we are further developing this method and we try to fine-tune it in order to miximize the probability of detection and minimize the probability of false detections.

Related publications: ABV05esas, ABV05ht, ABV05ht-en, BDV05esas, ABV??tmc

Attack resistant data aggregation in sensor networks

The problem of resilient data aggregation is to perform data aggregation in the presence of an adversary that can modify the input to the aggregation function. In fact, there are two ways in which the input can be modified. Firstly, the messages that carry the data from the sensors to the place of aggregation (usually the base station) can be modified in transit. This can be detected by cryptographic techniques, and resilient data aggregation is not concerned with this problem. Secondly, the adversary may compromise some sensors in the network and affect their readings (e.g., it can increase the temperature around a temperature sensor). This latter kind of attack cannot be prevented, neither detected, by cryptographic mechanisms. Resilient aggregation is concerned with this problem.

We proposed a novel data aggregation model, where the aggregator analyzes the input data before aggregation, and tries to detect unexpected deviations in the received sensor readings. In our model, the adversary does not only want to cause maximal distortion in the output of the aggregation function, but it also wants to remain undetected. We showed that in this case, the distortion caused by the adversary can usually be upper bounded, even for aggregation functions that were considered to be insecure before (e.g., the average). This result has high practical importance, since these functions are commonly used in practice.

Related publications: BSV06persens

Mobility supporting security architectures

Supporting mobility of users and devices usually requires dynamic switching between networks (access points), network operators, and/or wireless communication technologies. Naturally, this switching means changes in the security context too. However, switching the security context may have undesirable effects on the performance of the system (e.g., increased delay, disruption of connection), and therefore, minimizing these effects is an important system design criterion. We study how this criterion can be satisfied by careful design of the security architecture.

In order to be widely acceptable, the security architectures that we want to design should be compatible with existing standards in the field. Essentially, the design task is to bring together the various existing technologies into a common architecture by identifying and implementing the missing elements that can glue them together. For this reason, we extensively studied the security architectures of various wireless technologies, such as WiFi, WiMax, Bluetooth, etc.

Location privacy in wireless mobile systems

Besides their advantages to the users, wireless mobile networks also present some privacy risks. First, for the operation of wireless mobile systems, it is often necessary that the “system” is able to determine in which network a given user and/or device is located at a given instance in time. Second, by eavesdropping wireless communications, an adversary can determine who is in vicinity based on the fixed identifiers that are used in wireless protocols (e.g., MAC addresses). Thus, the whereabouts of mobile users can be tracked by network operators and external eavesdroppers. We study these location privacy problems in the context of RFID systems, public transport systems, and vehicular networks.

Emergence of spontaneous cooperation in sensor networks

Sensor networks are large scale networks consisting of several nodes and some base stations. The nodes are monitoring the environment and send their measurement data towards the base stations possibly via multiple hops. Since the nodes are often battery powered, an important design criterion for sensor networks is the maximization of their lifetime. In this work, we considered multi-domain sensor networks, by which we mean a set of sensor networks that co-exist at the same physical location but run by different authorities. In this setting, the lifetime of all networks can be increased if the nodes cooperate and also forward packets originating from foreign domains. There is a risk, however, that a selfish network takes advantage of the cooperativeness of the other networks and exploits them. We studied this problem in a game theoretic setting, and showed that, in most cases, there is a Nash equilibrium in the system, in which at least one of the strategies is cooperative, even without introducing any external incentives (e.g., payments).

Related publications: FHB05persens, BHS05esas

DHA: Directory Harvest Attacks

The goal of the DHA attacker is to identify valid e-mail addresses in a system, which addresses can be sold or used for spamming purposes. To achieve the goal, the attacker tries numerous different addresses and selects valid addresses according to the response of the e-mail server. We elaborated a method for optimizing the wordlist size used by the attacker under limited resources. This optimization provides deeper insight into the capabilities of the DHA attacker, and yields firm ways upon which efficient protection can be developed. We analyzed the results and proved that our method is optimal. We also developed an efficient countermeasure against DHA. This is a network based method, where the possible attack events are collected by a trusted server (DHA RBL server). The DHA RBL server analyzes the data and builds up the list of attackers, which enables our prototype client module to filter out all emails coming from known attackers. The prototype implementation was examined in real-life systems, the results show that our approach is viable.

Related publications: BV05cts, SzSz05nw-1, SzSz05nw-2

The untrusted terminal problem in smart card applications

Human users need trusted computers when they want to generate digital signatures. In many applications, in particular if the users are mobile, they need to carry their trusted computers with themselves. An appealing approach is to implement such trusted computers in smart cards. Smart cards are easy to use, easy to carry, and relatively difficult to tamper with; in addition, experience shows that they can be deployed on a large scale. However, smart cards do not have a user interface, therefore, the user still needs a terminal in order to authorize the card to produce digital signatures. If the terminal is operated by a malicious entity, then it can mislead the user and obtain a digital signature on an arbitrary document. In order to mitigate this problem, we proposed a solution based on conditional signatures. More specifically, we proposed a framework for the controlled revocation of unintended digital signatures. In addition, we proposed various protocols within this framework with a special emphasis on privacy issues.

Related publications: BBV05tdsc, BV05tatra


The research topics listed above have been investigated in the context of the following projects:

Successful project proposals

In 2005, we participated in the following successful project proposals. These projects will provide additional funding resources to continue our research.

Successful PhD defenses

In December 2005, István Zsolt Berta defended his thesis!

Publications in 2005

Book chapter:
[BBV05his]   I. Berta, L. Buttyán, I. Vajda,
Standards for Product Security Assessment,
In H. Bidgoli (ed.) The Handbook of Information Security, John Wiley & Sons, Inc. 2005.

Journal and magazine articles:
[BBV05tdsc]   I. Berta, L. Buttyán, and I. Vajda,
A framework for the revocation of unintended digital signatures initiated by malicious terminals,
IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 3, July-September 2005.

[ABV05ht-en]   G. Ács, L. Buttyán, I. Vajda,
Provable Security for Ad Hoc Routing Protocols,
Hiradástechnika, June 2005.

[BGyV05mtud]   Buttyán L., Györfi L., Vajda I.,
Adatbiztonság: titkosítás, hitelesítés, digitális aláírás,
Magyar Tudomány, 2005. május

[ABV05ht]   Ács G., Buttyán L., Vajda I.,
Ad hoc útvonalválasztó protokollok bizonyított biztonsága,
Hiradástechnika, 2005. március

[BV05tatra]   I. Zs. Berta and I. Vajda,
Limitations of humans when using malicious terminals,
Tatra Mountains Mathematical Publications 2005.

Conference and workshop papers:
[ABV05esas]   G. Ács, L. Buttyán, and I. Vajda,
Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks,
Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005)
Visegrád, Hungary, July 13-14, 2005.

[BDV05esas]   L. Buttyán, L. Dóra, and I. Vajda,
Statistical Wormhole Detection in Sensor Networks,
Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005)
Visegrád, Hungary, July 13-14, 2005.

[BHS05esas]   L. Buttyán, T. Holczer, and P. Schaffer,
Spontaneous Cooperation in Multi-Domain Sensor Networks,
Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005)
Visegrád, Hungary, July 13-14, 2005.

[FHB05persens]   M. Félegyházi, J.-P. Hubaux, and L. Buttyán,
Cooperative Packet Forwarding in Multi-Domain Sensor Networks,
First International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2005)
Kauai Island, Hawaii, March 8, 2005.

[BV05cts]   B. Bencsáth, I. Vajda,
Efficient Directory Harvest Attacks,
IEEE Symposium on Collaborative Technologies and Systems, 2005.

[SzSz05nw-1]   Géza Szabó, Gábor Szabó,
DHA támadás elleni védekezés lehetősége a támadók felismerése és központosított tiltása segítségével,
Networkshop 2005.

[SzSz05nw-2]   Gábor Szabó, Géza Szabó,
A Magyarországon alkalmazott spamszűrési módszerek és a Sender ID,
Networkshop 2005.

Papers accepted for publication:
[BBHJ06tmc]   N. Ben Salem, L. Buttyán, J.-P. Hubaux, and M. Jakobsson
Node Cooperation in Hybrid Ad hoc Networks,
IEEE Transactions on Mobile Computing, Vol. 5, No. 4, April 2006.

[FHB06tmc]   M. Félegyházi, J.-P. Hubaux, and L. Buttyán,
Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks,
IEEE Transactions on Mobile Computing, Vol. 5, No. 4, April 2006.

[CHB06tmc]   S. Capkun, J.-P. Hubaux, and L. Buttyán,
Mobility Helps Peer-to-Peer Security,
IEEE Transactions on Mobile Computing, Vol. 5, No. 1, January 2006.

[ABV??tmc]   G. Ács, L. Buttyán, and I. Vajda,
Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks,
to appear in IEEE Transactions on Mobile Computing.

[BSV06persens]   L. Buttyán, P. Schaffer, and I. Vajda,
Resilient Aggregation with Attack Detection in Sensor Networks,
Second IEEE Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2006)
Pisa, Italy, March, 2006.


Our teaching activities are mainly related to the base course called Information Security and to the Special on Security of Information and Communication Systems.

Courses given in 2005

Boldizsár Bencsáth, Gergely Ács, László Dóra, Tamás Holczer, and Péter Schaffer provided help in the preparation and the correction of the tests of the Information Security course. Gergely Ács, László Dóra, Tamás Holczer, and Péter Schaffer provided help in correction of the homeworks of the Network Security Protocols course.

Laboratory exercises in 2005

Tamás Holczer had the responsibility of organizing the exercise sessions. The exercise sessions were supervised by Gergely Ács, László Dóra, Tamás Holczer, and Péter Schaffer. Exercises for the Siemens smart card have been developed by Dávid Halmos and Tamás Kapócs.

Student projects in 2005

Projects supervised by Levente Buttyán:

Projects supervised by Boldizsár Bencsáth:

Diploma projects in 2005

Industrial partnerships

In 2005, we further increased the number of our industrial connections:

Changes in personnel

As of September 2005, 5 new PhD students joined the lab:


buttyan (at)