Secure routing in multi-hop wireless networks

Routing is one of the most fundamental networking functions. It is known that an adversary can easily paralyze the operation of a whole network by attacking the routing protocol. Moreover, attacks against the routing protocol usually do not require a lot of resources, but alteration of a few routing messages or injection of some fake ones is sufficient to disturb the operation of the network. Hence, the problem of secure routing is very relevant.

Most of the routing protocols proposed for wireless ad hoc and sensor networks are insecure. One of the reasons is that there is no clear understanding of what secure routing should mean. In additon, tools that allow the security analysis of routing protocols are lacking.

Therefore, our goal is to develop formal models in which precise definitions of secure routing can be given, and routing protocols proposed for multi-hop wireless networks can be rigorously analyzed. Our ultimate objective is to better understand the design principles of secure routing protocols and to apply those principles for designing secure routing protocols for ad hoc and sensor networks.

Node capture attacks in sensor networks

Sensor nodes are often unattended and easy to capture. In addition, sensors are rarely tamper resistant, therefore, the operation of captured nodes can be corrupted. A corrupted sensor node may still send authentic messages (e.g., it can use the cryptographic keys stored in it), but it may not work according to its original specifications (e.g., it may send erronous readings to the base station). It is clear that this is an undesirable situation, and one would like to detect if a node is captured and corrupted, or at least eliminate the effect of corrupted nodes.

We study the problem of node capture in the context of data aggregation in sensor networks. Our goal is to design node capture resilient data aggregation schemes that eliminate the effect of corrupted data on the aggregated value. We also intend to study attestation mechanisms that would allow the explicit detection of a corrupted sensor node.

Location privacy

One serious concern about ubiquitous computing is that it may result in breaches of privacy. In particular, the whereabouts of mobile individuals may be easily tracked by monitoring the wireless transmissions of their electronic devices that they carry with themselves. So one would like to ensure location privacy for users, while still making the services of the system available to them.

Our goal is to study the location privacy problem in various environments including traditional mobile networks and vehicular ad hoc networks, and to design appropriate privacy preserving mechanisms for these environments.

Mobility supporting security architectures

Security in delay tolerant networks

A Delay Tolerant Network (DTN) consists of partial subnetworks, and deviates from the usual concept where the packets are forwarded on dedicated connections. In a DTN, the nodes carry the packets while they are moving, and forwards the packets when they are near enough to establish a connection through by means of wireless technology. Because of the moving nodes the connections are usually short-lived. Furthermore, the limited energy, limited memory, and the low bandwidth of the wireless connection characterize the usual nodes.

Our aim is to analize an application framework from security point of view, where the nodes can carry packets to other nodes and exchange them for packets that the node is interested in. In this environment, we recognized three problem:

• The packet forwarding depends on the cooperation willingness of the participant nodes, thus, we asked what made a node download uninterested data and store it in his memory, while it has only limited memory capacity. It is important to answer this question, because usually the protocol designers assume full cooperation, and if the overwhelming majority of the nodes deny the cooperation, the information dissemination will slow down unexpectedly.
• In a not prudently developed environment, the attackers are allowed to inject fake messages (SPAMs) to the system. Due to this attack, the whole system may suffer from the decrease of the speed of the information dissemination, and the user's attention tends to the fake messages, instead of the real ones.
• The problem of privacy naturally arises in an environment where the mobile equipments can be bound to the moving users. If an attacker can observe the downloaded information and find out the interest profile of the user, the attacker is able to trace the user's mobile equipment. This problem can not be solved with equipment ID change, because the user is bounded to the interest profile and not to an ID.

Protection against Denial of Service attacks, spam, and malware

Today, e-mail viruses generate 40-60% of the total Internet e-mail traffic. These viruses infect millions of computers, and by doing so, they enable identity theft, spamming, etc. Anti-virus softwares have not solved the problem of Internet viruses yet. In particular, they do not stop the rapid propagation of new viruses. A system approach seems to be necessary to achieve a better protection.

We are developing a general architecture consisting of some small, collaborative components allowing

• the identification of virus sources (owners of infected computers, virus writers), rapid response to unknown viruses, and collection of descriptive information about the propagation (through statistics)
• the elimination of false "virus alert" e-mail messages (where the sender is valid) without eliminating virus alerts to valid senders
• the protection against directory harvest attacks aiming at obtaining valid e-mail addresses typically for spamming purposes
• the protection against more generic forms of DoS attacks using network traffic analysis
• the protection of SMTP servers against DoS attacks (false notifications, rapid virus propagation or direct attack)

MIK: Competence Center in Mobile Communications and Networking

MIK is a unique R&D; and technology innovation center in Hungary for future wireless communication technologies (3G/4G), which is based on university knowledge-base and existing industrial background. The goals of this center are the following:

• to support research in the field of high-speed mobile communication technologies, including new technologies beyond third generation mobile networks;
• to promote the introduction of 3G/4G mobile technologies and network services, as well as the development and testing of applications in an unbiased environment;
• to provide a ground for experiments for universities, industrial companies including SMEs, to promote close R&D; co-operation;
• to encourage and support the creation, development and practical implementation of the latest mobile communication technologies/applications.

The center has several academic and industrial members. The center is led by the Department of Telecommunications of the Budapest University of Technology and Economics. The center started its operation in July 2005.

More information: http://www.mik.bme.hu/

UbiSec&Sens;: Ubiquitous Sensing and Security in the European Homeland

Wireless Sensor Networks (WSN)s are an exciting development with very large potential to have a significant beneficial impact on every aspect of our lives while generating huge opportunities for European industry. What is needed to kick off the development and exploitation of WSNs is an architecture for medium and large scale wireless sensor networks integrating comprehensive security capabilities right form the concept stage. This would support the rapid development of sensor networks and would open up the application domain for commercial activities.

UbiSec&Sens; intends to solve this by providing a comprehensive architecture for medium and large scale wireless sensor networks with the full level of security that will make them trusted and secure for all applications. In addition, UbiSec&Sens; will provide a complete tool box of security aware components which, together with the UbiSec&Sens; radically new design cycle for secure sensor networks, will enable the rapid development of trusted sensor network applications.

The UbiSec&Sens; approach is to use three representative WSN scenarios to iteratively determine solutions for the key WSN issues of scalability, security, reliability, self-healing and robustness. This will also give a clearer understanding of the real-world WSN requirements and limitations as well as identifying how to achieve a successful rollout of WSNs.

The results of UbiSec&Sens; are a necessary step to progress the field of security and communication research in Europe and, as well as advancing the competitiveness of the European industry, they assist the European Commission to develop more comprehensive programs for innovative socially and economically beneficial sensor applications to be part of future research programs after 2007.

UbiSec&Sens; is a STREP funded by the EU. The project runs for 3 years starting in 2006.

More information: http://www.ist-ubisecsens.org/

SeVeCom: Secure Vehicular Communications

Vehicular communications (VC) and inter-vehicular communications (IVC) bring the promise of improved road safety and optimised road traffic through co-operative systems applications. To this end, a number of initiatives have been launched, such as the Car-2-Car consortium in Europe, or the DSRC in North America. A prerequisite for the successful deployment of vehicular communications is to make them secure. For example, it is essential to make sure that life-critical information cannot be modified by an attacker; it should also protect as far as possible the privacy of the drivers and passengers. The specific operational environment (moving vehicles, sporadic connectivity, ...) makes the problem very novel and challenging.

SeVeCom addresses security of future vehicle communication networks, including both the security and privacy of inter-vehicular and vehicle-infrastructure communication. Its objective is to define the security architecture of such networks, as well as to propose a roadmap for progressive deployment of security functions in these networks.

SeVeCom will focus on communications specific to road traffic. This includes messages related to traffic information, anonymous safety-related messages, and liability-related messages. The following research and innovation work is foreseen:

• Identification of the variety of threats: attacker’s model and potential vulnerabilities; in particular, study of attacks against the radio channel and transferred data, but also against the vehicle itself through internal attacks, e.g., against TCU (Telematics Control Unit), ECU (Electronic Control Unit) and the internal control bus.
• Specification of an architecture and of security mechanisms which provide the right level of protection. It will address issues such as the apparent contradiction between liability and privacy, or the extent to which a vehicle can check the consistency of claims made by other vehicles. The following topics will be fully addressed: Key and identity management, Secure communication protocols (including secure routing), Tamper proof device and decision on crypto-system, Privacy. The following topics will be investigated in preparation of further work: Intrusion Detection, Data consistency, Secure positioning, Secure user interface.
• The definition of cryptographic primitives which take into account the specific operational environment. The challenge is to address (1) the variety of threats, (2) the sporadic connectivity created by moving vehicles and the resulting real-time constraints, (3) the low-cost requirements of embedded systems in vehicles. These primitives will be adaptations of existing cryptosystems to the VC environment.

SeVeCom is a STREP funded by the EU. The project runs for 3 years starting in 2006.

More information: http://www.sevecom.org/

BIONETS: Biologically-Inspired Autonomic Networks and Services

The motivation for BIONETS comes from emerging trends towards pervasive computing and communication environments, where myriads of networked devices with very different features will enhance our five senses, our communication and tool manipulation capabilities. The complexity of such environments will not be far from that of biological organisms, ecosystems, and socio-economic communities.

Traditional communication approaches are ineffective in this context, since they fail to address several new features: a huge number of nodes including low-cost sensing/identifying devices, a wide heterogeneity in node capabilities, high node mobility, the management complexity, the possibility of exploiting spare node resources.

BIONETS aims at a novel approach able to address these challenges. Nature and society exhibit many instances of systems in which large populations are able to reach efficient equilibrium states and to develop effective collaboration and survival strategies, able to work in the absence of central control and to exploit local interactions. BIONETS seeks inspiration from these systems to provide a fully integrated network and service environment that scales to large amounts of heterogeneous devices, and that is able to adapt and evolve in an autonomic way.

The goal of BIONETS is to provide a biologically-inspired open networking paradigm for the creation, dissemination, execution, and evolution of autonomic services able to adapt to the surrounding environment and user needs, to evolve without direct human supervision, and able to deal with large-scale networks of heterogeneous nodes ranging from small, cheap devices to more complex network nodes. In order to achieve this goal, the project will design and implement a new communication architecture and service framework inspired by nature, and optimised for maximum adaptation to society.

BIONETS is an IP funded by the EU. The project runs for 2 years starting in 2006.

More information: http://www.bionets.org/

DESEREC: Dependable Security by Enhanced Reconfigurability

Most of European critical activities rely on networked Information Systems, highly interconnected. The performance of such Information Systems could be jeopardized by incidents of various kinds. A multi-disciplinary approach is compulsory to leverage their dependability by an alliance of three approaches:

• Modelling and simulation: DESEREC devises and develops innovative approaches and tools to design, model, simulate, and plan ICT-based critical infrastructures to dramatically improve their resilience.
• Detection: DESEREC integrates various kinds of detection mechanism to ensure a fast detection of severe incidents but also to be able to detect incidents based on a complex combination of unrelated events or to an abnormal behaviour of the system.
• Response: DESEREC provides a framework for computer-aided and automated counter-measures initiatives in order to respond in a quick and appropriate way to a large range of incident to mitigate the threats to the dependability and rapidly thwarts the problem. Re-configuration of Information Systems is the utmost mechanism for their survivability.

These three features respond both to attacks from the outside (e.g., aiming at Intrusion or Denial of Service), and to intrinsic failures, whatever is the origin (hardware failure, software fault, environment).

The DESEREC framework includes three response loops working on 3 different timings:

• A few seconds to locally respond to a severe and well characterised incident and to launch emergency curative procedures to avoid the escalation process or dramatic damage.
• Some minutes to detect a very complex problem and to allow time to adapt the system through computer aided reactions.
• Some hours to model a new configuration of the information system optimised for a new situation.

The DESEREC approach, framework, and tools apply to critical information and communication systems in order to improve their resilience and their depndability.

DESEREC is an IP funded by the EU. The project runs for 3 years starting in 2006.

More information: http://www.deserec.eu/

Besides the projects listed above, our research is funded by

• the Hungarian Scientific Research Funds (OTKA T046664);
• the Ministry of Education (BÖ2003/70);
• IKMA;
• the High Speed Networks Laboratory (HSN Lab).