Activity Report (2006)

Laboratory of Cryptography and systems Security (CrySyS)
Department of Telecommunications
Budapest University of Technology and Economics



Faculty members and senior researchers:

PhD students:

Correspondent members:

Research activity

Research themes

Secure routing in multi-hop wireless networks

Routing is one of the most fundamental networking functions. It is known that an adversary can easily paralyze the operation of a whole network by attacking the routing protocol. Moreover, attacks against the routing protocol usually do not require a lot of resources, but alteration of a few routing messages or injection of some fake ones is sufficient to disturb the operation of the network. Hence, the problem of secure routing is very relevant.

Most of the routing protocols proposed for wireless ad hoc and sensor networks are insecure. One of the reasons is that there is no clear understanding of what secure routing should mean. In additon, tools that allow the security analysis of routing protocols are lacking.

Therefore, our goal is to develop formal models in which precise definitions of secure routing can be given, and routing protocols proposed for multi-hop wireless networks can be rigorously analyzed. Our ultimate objective is to better understand the design principles of secure routing protocols and to apply those principles for designing secure routing protocols for ad hoc and sensor networks.

Participating researchers: Gergely Ács, Levente Buttyán, István Vajda
Related projects: UbiSecSens, OTKA T046664
Related publications: AB06ht-en, AB06ht, ABV06sasn, ABV06tmc

Resilient data aggregation in sensor networks

Sensor nodes are often unattended and easy to capture. In addition, sensors are rarely tamper resistant, therefore, the operation of captured nodes can be corrupted. A corrupted sensor node may still send authentic messages (e.g., it can use the cryptographic keys stored in it), but it may not work according to its original specifications (e.g., it may send erronous readings to the base station). It is clear that this is an undesirable situation, and one would like to detect if a node is captured and corrupted, or at least eliminate the effect of corrupted nodes.

We study the problem of node capture in the context of data aggregation in sensor networks. Our goal is to design node capture resilient data aggregation schemes that eliminate the effect of corrupted data on the aggregated value.

Participating researchers: Péter Schaffer, István Vajda, Levente Buttyán
Related projects: UbiSecSens, OTKA T046664
Related publications: BSV06springer, BSV06sasn, BSV06persens

Location privacy in mobile systems

One serious concern about ubiquitous computing is that it may result in breaches of privacy. In particular, the whereabouts of mobile individuals may be easily tracked by monitoring the wireless transmissions of their electronic devices that they carry with themselves. So one would like to ensure location privacy for users, while still making the services of the system available to them.

Our goal is to study the location privacy problem in various environments including traditional mobile networks and vehicular ad hoc networks, and to design appropriate privacy preserving mechanisms for these environments.

Participating researchers: Tamás Holczer, Levente Buttyán, István Vajda
Related projects: SeVeCom, MIK 2.3.1, OTKA T046664
Related publications: BHV06pet, BHV06ist

Security in delay tolerant networks

In a delay tolerant network, the nodes carry the packets while they are moving, and forwards the packets to the nodes in their vicinity in an opportunistic manner. Due to node mobility, the wireless links between the nodes are usually short-lived. Furthermore, nodes are usually constrained in terms of energy supply, memory, CPU, and available bandwidth.

In this context, we study three problems:

Participating researchers: László Dóra, Levente Buttyán, Márk Félegyházi, István Vajda
Related projects: BIONETS, OTKA T046664
Related publications: FHB06tmc

Mobility supporting security architectures

Enabling mobility is one of the key features of today's wireless networks. In order to provide services to mobile users anywhere at any time, network operators will deploy wireless access networks based on various technologies (e.g., WiFi, UMTS, etc.). Users are expecting to be able to dynamically choose among these technologies and use the most appropriate one for their purposes. We study what this dynamicity of user requirements and heterogeneity of technologies mean for the security architecture. Our goal is to develop a security architecture that supports user mobility in a heterogeneous wireless environment. We also study the security requirements of modern services targeting mobile users, such as location based services and m-commerce services, and we intend to develop appropriate security mechansisms for them.

Participating researchers: László Dóra, Levente Buttyán, István Vajda
Related projects: MIK 2.3.1, MESSENGER, MobilSEC
Related publications: BD06ht

Mitigating network denial-of-service problems

Today, e-mail viruses generate 40-60% of the total Internet e-mail traffic. These viruses infect millions of computers, and by doing so, they enable identity theft, spamming, etc. Anti-virus softwares have not solved the problem of Internet viruses yet. In particular, they do not stop the rapid propagation of new viruses. A system approach seems to be necessary to achieve a better protection.

We are developing a general architecture consisting of some small, collaborative components allowing the following:

Participating researchers: Boldizsár Bencsáth, István Vajda
Related projects: DESEREC
Related publications: BV06mat, SzB06ht, SzB06netws

R&D projects


Wireless Sensor Networks (WSN)s are an exciting development with very large potential to have a significant beneficial impact on every aspect of our lives while generating huge opportunities for European industry. What is needed to kick off the development and exploitation of WSNs is an architecture for medium and large scale wireless sensor networks integrating comprehensive security capabilities right form the concept stage. This would support the rapid development of sensor networks and would open up the application domain for commercial activities.

UbiSec&Sens intends to solve this by providing a comprehensive architecture for medium and large scale wireless sensor networks with the full level of security that will make them trusted and secure for all applications. In addition, UbiSec&Sens will provide a complete tool box of security aware components which, together with the UbiSec&Sens radically new design cycle for secure sensor networks, will enable the rapid development of trusted sensor network applications.

The UbiSec&Sens approach is to use three representative WSN scenarios to iteratively determine solutions for the key WSN issues of scalability, security, reliability, self-healing and robustness. This will also give a clearer understanding of the real-world WSN requirements and limitations as well as identifying how to achieve a successful rollout of WSNs.

The results of UbiSec&Sens are a necessary step to progress the field of security and communication research in Europe and, as well as advancing the competitiveness of the European industry, they assist the European Commission to develop more comprehensive programs for innovative socially and economically beneficial sensor applications to be part of future research programs after 2007.


Vehicular communications (VC) and inter-vehicular communications (IVC) bring the promise of improved road safety and optimised road traffic through co-operative systems applications. To this end, a number of initiatives have been launched, such as the Car-2-Car consortium in Europe, or the DSRC in North America. A prerequisite for the successful deployment of vehicular communications is to make them secure. For example, it is essential to make sure that life-critical information cannot be modified by an attacker; it should also protect as far as possible the privacy of the drivers and passengers. The specific operational environment (moving vehicles, sporadic connectivity, ...) makes the problem very novel and challenging.

SeVeCom addresses security of future vehicle communication networks, including both the security and privacy of inter-vehicular and vehicle-infrastructure communication. Its objective is to define the security architecture of such networks, as well as to propose a roadmap for progressive deployment of security functions in these networks.

SeVeCom will focus on communications specific to road traffic. This includes messages related to traffic information, anonymous safety-related messages, and liability-related messages. The following research and innovation work is foreseen:


The motivation for BIONETS comes from emerging trends towards pervasive computing and communication environments, where myriads of networked devices with very different features will enhance our five senses, our communication and tool manipulation capabilities. The complexity of such environments will not be far from that of biological organisms, ecosystems, and socio-economic communities.

Traditional communication approaches are ineffective in this context, since they fail to address several new features: a huge number of nodes including low-cost sensing/identifying devices, a wide heterogeneity in node capabilities, high node mobility, the management complexity, the possibility of exploiting spare node resources.

BIONETS aims at a novel approach able to address these challenges. Nature and society exhibit many instances of systems in which large populations are able to reach efficient equilibrium states and to develop effective collaboration and survival strategies, able to work in the absence of central control and to exploit local interactions. BIONETS seeks inspiration from these systems to provide a fully integrated network and service environment that scales to large amounts of heterogeneous devices, and that is able to adapt and evolve in an autonomic way.

The goal of BIONETS is to provide a biologically-inspired open networking paradigm for the creation, dissemination, execution, and evolution of autonomic services able to adapt to the surrounding environment and user needs, to evolve without direct human supervision, and able to deal with large-scale networks of heterogeneous nodes ranging from small, cheap devices to more complex network nodes. In order to achieve this goal, the project will design and implement a new communication architecture and service framework inspired by nature, and optimised for maximum adaptation to society.


Most of European critical activities rely on networked Information Systems, highly interconnected. The performance of such Information Systems could be jeopardized by incidents of various kinds. A multi-disciplinary approach is compulsory to leverage their dependability by an alliance of three approaches:

These three features respond both to attacks from the outside (e.g., aiming at Intrusion or Denial of Service), and to intrinsic failures, whatever is the origin (hardware failure, software fault, environment).

The DESEREC framework includes three response loops working on 3 different timings:

The DESEREC approach, framework, and tools apply to critical information and communication systems in order to improve their resilience and their depndability.


The general objective of the MobilSEC project is to develop new user authentication mechanisms that provide stronger security than the traditional username/password approach, but still do not require special hardware such as smart cards or other physical security tokens. The authentication methods that are developed in the project should also support mobile users, and they should also ensure privacy for the users as much as possible.

MIK 2.3.1

This is project No 2.3.1 of the Mobile Innovation Center (MIK). The general objective of the project is to study the relationship between mobility (users, devices, and services) and security. In particular, the project is concerned with the following problems:


The goal of this project is to develop a media streaming architecture for next generation, heterogeneous mobile systems that allows for the provision of high quality streaming services in a flexible and scalable way taking also into account the varying user requirements and network conditions. The project covers basic and applied research and aims for a prototype impementation of the streaming architecture. Within this project, the CrySyS Lab is responsible for data and service security issues, in particular, for the security issues related to mobility and hand over.

OTKA T046664

The vision of ubiquitous computing is to surround people with all kinds of embedded computing devices that could assist them in their everyday activity and make their life easier. In order to take full advantage of this new paradigm, it is expected that these devices will form networks through which they can communicate with each other and reach existing computing infrastructures such as the Internet. Besides its potential advantages, the ubiquitous computing paradigm also raises several problems related to security and privacy. Broadly speaking, these problems can be divided into two classes: First, there are traditional security and privacy problems that also arise in a ubiquitous computing environment (e.g., authenication, integrity protection, availability, anonymity), but these must be solved under fundemantally different conditions and assumptions. Second, there are brand new security and privacy problems that arise due to the very nature of the ubiquitous computing environment. An example for the latter is the problem of cooperation among potentially selfish mobile nodes.

The research topics we are dealing with in this project are the following:

Publications in 2006

Book chapters:
[BSV06springer]  L. Buttyán, P. Schaffer, and I. Vajda,
Resilient Aggregation: Statistical Approaches,
In N. P. Mahalik, editor, Sensor Network and Configuration, Springer, 2006.

[BBV06his]  I. Berta, L. Buttyán, I. Vajda,
Standards for Product Security Assessment,
In H. Bidgoli (ed.) The Handbook of Information Security, John Wiley & Sons, Inc. 2006.

Journal and magazine articles:
[AB06ht-en]  G. Ács, L. Buttyán,
A taxonomy of routing protocols for wireless sensor networks,
Híradástechnika, December 2006.

[ABV06tmc]  G. Ács, L. Buttyán, and I. Vajda,
Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks,
IEEE Transactions on Mobile Computing, Vol. 5, No. 11, November 2006.

[BV06mat]  Bencsáth B., Vajda I.,
Internetes szolgáltatás-megtagadásos támadások játékelméleti modellben,
Alkalmazott Matematikai Lapok, Vol 23, 2006, pp. 335-348.

[AB06ht]  Ács G., Buttyán L.,
Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban,
Híradástechnika, 2006. november

[BD06ht]  Buttyán L., Dóra L.,
WiFi biztonság -- A jó, a rossz, és a csúf,
Híradástechnika, 2006. május

[SzB06ht]  Szabó G., Bencsáth B.,
DHA támadás elleni védekezés központosított szűréssel,
Híradástechnika, 2006. május

[FHB06tmc]  M. Félegyházi, J.-P. Hubaux, and L. Buttyán,
Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks,
IEEE Transactions on Mobile Computing, Vol. 5, No. 5, May 2006.

[BBHJ06tmc]  N. Ben Salem, L. Buttyán, J.-P. Hubaux, and M. Jakobsson,
Node Cooperation in Hybrid Ad hoc Networks,
IEEE Transactions on Mobile Computing, Vol. 5, No. 4, April 2006.

[CHB06tmc]  S. Capkun, J.-P. Hubaux, and L. Buttyán,
Mobility Helps Peer-to-Peer Security,
IEEE Transactions on Mobile Computing, Vol. 5, No. 1, January 2006.

Conference and workshop papers:
[BSV06sasn]  L. Buttyán, P. Schaffer, and I. Vajda,
RANBAR: RANSAC-Based Resilient Aggregation in Sensor Networks,
4th ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2006)
Alexandria, VA, October 30, 2006.

[ABV06sasn]  G. Ács, L. Buttyán, and I. Vajda,
Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks,
4th ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2006)
Alexandria, VA, October 30, 2006.

[BHV06pet]  L. Buttyán, T. Holczer, and I. Vajda,
Optimal Key-Trees for Tree-Based Private Authentication,
International Workshop on Privacy Enhancing Technologies (PET 2006)
Cambridge, UK, June, 2006.

[BHV06ist]  L. Buttyán, T. Holczer, and I. Vajda,
Providing Location Privacy in Automated Fare Collection Systems,
15th IST Mobile and Wireless Communication Summit
Mykonos, Greece, June, 2006.

[L+06ist]  T. Leinmueller, L. Buttyan, JP Hubaux, F. Kargl, R. Kroh, P. Papadimitratos, M. Raya, and E. Schoch
SEVECOM - Secure Vehicle Communication,
15th IST Mobile and Wireless Communication Summit
Mykonos, Greece, June, 2006.

[BSV06persens]  L. Buttyán, P. Schaffer, and I. Vajda,
Resilient Aggregation with Attack Detection in Sensor Networks,
Second IEEE Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2006)
Pisa, Italy, March, 2006.

[SzB06netws]  Szabó G., Bencsáth B.,
DHA védelmi rendszer eredményeinek statisztikai vizsgálata,
NIIF Networkshop
Budapest, 2006.

Teaching activity

Our teaching activities are mainly related to the base course called Information Security and to the Special on Security of Information and Communication Systems.

Courses given in 2006

Laboratory exercises in 2006

Student semester projects in 2006

Diploma projects in 2006


In 2006, the following institutions and companies supported our work:

buttyan (at)