1.
Jinyoun Cho, A. Selcuk Uluagac, John Copeland, Yusun Chang
Efficient safety message forwarding using multi-channels in low density VANETs Conference Paper
In the proceedings of the IEEE Global Communications Conference (GLOBECOM), 2014.
Abstract | Links | BibTeX | Tags: Vehicle security, Wireless Security
@conference{ChoEfficientIEEE2014,
title = {Efficient safety message forwarding using multi-channels in low density VANETs},
author = {Jinyoun Cho and A. Selcuk Uluagac and John Copeland and Yusun Chang},
url = {https://ieeexplore.ieee.org/abstract/document/7036786/},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {In the proceedings of the IEEE Global Communications Conference (GLOBECOM)},
abstract = {Vehicular Ad-hoc networks (VANETs) provide a way for a vehicle to deliver various types of information to users or drivers in other vehicles. Distributing a large amount of information such as multimedia messages in a single control channel makes the control channel easily congested. Transmitting multimedia messages through multi-channel to avoid this congestion becomes a feasible solution. However, low-connectivity in a low vehicle density in multi-channel poses unique challenges and can produce connection failure if this issue is not carefully addressed. In this paper, a network coding technique with divide-and-deliver is introduced to solve this unique challenge for delivering multimedia contents through multiple service channels in a low vehicle density. Through the rigorous analytical derivation and extensive simulation, we show the proposed scheme significantly improves reliability with minimum usage of the control channels in a typical VANETs environment.},
keywords = {Vehicle security, Wireless Security},
pubstate = {published},
tppubtype = {conference}
}
Vehicular Ad-hoc networks (VANETs) provide a way for a vehicle to deliver various types of information to users or drivers in other vehicles. Distributing a large amount of information such as multimedia messages in a single control channel makes the control channel easily congested. Transmitting multimedia messages through multi-channel to avoid this congestion becomes a feasible solution. However, low-connectivity in a low vehicle density in multi-channel poses unique challenges and can produce connection failure if this issue is not carefully addressed. In this paper, a network coding technique with divide-and-deliver is introduced to solve this unique challenge for delivering multimedia contents through multiple service channels in a low vehicle density. Through the rigorous analytical derivation and extensive simulation, we show the proposed scheme significantly improves reliability with minimum usage of the control channels in a typical VANETs environment.
2.
Shouling Ji, A. Selcuk Uluagac, Raheem Beyah, Zhipeng Cai
Practical unicast and convergecast scheduling schemes for Cognitive Radio Networks Journal Article
Journal of Combinatorial Optimization, 2013.
Abstract | Links | BibTeX | Tags: Network Security, Wireless Security
@article{JiRadioNetworksSpringer2013,
title = {Practical unicast and convergecast scheduling schemes for Cognitive Radio Networks},
author = {Shouling Ji and A. Selcuk Uluagac and Raheem Beyah and Zhipeng Cai},
url = {https://link.springer.com/article/10.1007/s10878-011-9446-7},
doi = {10.1007/s10878-011-9446-7},
year = {2013},
date = {2013-07-01},
urldate = {2013-07-01},
journal = {Journal of Combinatorial Optimization},
abstract = {Cognitive Radio Networks (CRNs) have paved a road for Secondary Users (SUs) to opportunistically exploit unused spectrum without harming the communications among Primary Users (PUs). In this paper, practical unicast and convergecast schemes, which are overlooked by most of the existing works for CRNs, are proposed. We first construct a cell-based virtual backbone for CRNs. Then prove that SUs have positive probabilities to access the spectrum and the expected one hop delay is bounded by a constant, if the density of PUs is finite. According to this fact, we proposed a three-step unicast scheme and a two-phase convergecast scheme. We demonstrate that the induced delay from our proposed Unicast Scheduling (US) algorithm scales linearly with the transmission distance between the source and the destination. Furthermore, the expected delay of the proposed Convergecast Scheduling (CS) algorithm is proven to be upper bounded by O(logn + sqrt(n/logn)). To the best of our knowledge, this is the first study of convergecast in CRNs. Finally, the performance of the proposed algorithms is validated through simulations.},
keywords = {Network Security, Wireless Security},
pubstate = {published},
tppubtype = {article}
}
Cognitive Radio Networks (CRNs) have paved a road for Secondary Users (SUs) to opportunistically exploit unused spectrum without harming the communications among Primary Users (PUs). In this paper, practical unicast and convergecast schemes, which are overlooked by most of the existing works for CRNs, are proposed. We first construct a cell-based virtual backbone for CRNs. Then prove that SUs have positive probabilities to access the spectrum and the expected one hop delay is bounded by a constant, if the density of PUs is finite. According to this fact, we proposed a three-step unicast scheme and a two-phase convergecast scheme. We demonstrate that the induced delay from our proposed Unicast Scheduling (US) algorithm scales linearly with the transmission distance between the source and the destination. Furthermore, the expected delay of the proposed Convergecast Scheduling (CS) algorithm is proven to be upper bounded by O(logn + sqrt(n/logn)). To the best of our knowledge, this is the first study of convergecast in CRNs. Finally, the performance of the proposed algorithms is validated through simulations.
3.
A. Selcuk Uluagac, Raheem A. Beyah, John A. Copeland
Secure SOurce-BAsed Loose Synchronization (SOBAS) for Wireless Sensor Networks Journal Article
In proceedings of IEEE Transactions on Parallel and Distributed Systems, 2013.
Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security
@article{UluagacSOBASIEEE2013,
title = {Secure SOurce-BAsed Loose Synchronization (SOBAS) for Wireless Sensor Networks},
author = {A. Selcuk Uluagac and Raheem A. Beyah and John A. Copeland},
url = {https://ieeexplore.ieee.org/abstract/document/6216359},
doi = {10.1109/TPDS.2012.170},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
journal = {In proceedings of IEEE Transactions on Parallel and Distributed Systems},
abstract = {We present the Secure SOurce-BAsed Loose Synchronization (SOBAS) protocol to securely synchronize the events in the network, without the transmission of explicit synchronization control messages. In SOBAS, nodes use their local time values as a one-time dynamic key to encrypt each message. In this way, SOBAS provides an effective dynamic en-route filtering mechanism, where the malicious data is filtered from the network. With SOBAS, we are able to achieve our main goal of synchronizing events at the sink as quickly, as accurately, and as surreptitiously as possible. With loose synchronization, SOBAS reduces the number of control messages needed for a WSN to operate providing the key benefits of reduced energy consumption as well as reducing the opportunity for malicious nodes to eavesdrop, intercept, or be made aware of the presence of the network. Albeit a loose synchronization per se, SOBAS is also able to provide (7.24μ)s clock precision given today's sensor technology, which is much better than other comparable schemes (schemes that do not employ GPS devices). Also, we show that by recognizing the need for and employing loose time synchronization, necessary synchronization can be provided to the WSN application using half of the energy needed for traditional schemes. Both analytical and simulation results are presented to verify the feasibility of SOBAS as well as the energy consumption of the scheme under normal operation and attack from malicious nodes.},
keywords = {IoT Security, Network Security, Wireless Security},
pubstate = {published},
tppubtype = {article}
}
We present the Secure SOurce-BAsed Loose Synchronization (SOBAS) protocol to securely synchronize the events in the network, without the transmission of explicit synchronization control messages. In SOBAS, nodes use their local time values as a one-time dynamic key to encrypt each message. In this way, SOBAS provides an effective dynamic en-route filtering mechanism, where the malicious data is filtered from the network. With SOBAS, we are able to achieve our main goal of synchronizing events at the sink as quickly, as accurately, and as surreptitiously as possible. With loose synchronization, SOBAS reduces the number of control messages needed for a WSN to operate providing the key benefits of reduced energy consumption as well as reducing the opportunity for malicious nodes to eavesdrop, intercept, or be made aware of the presence of the network. Albeit a loose synchronization per se, SOBAS is also able to provide (7.24μ)s clock precision given today's sensor technology, which is much better than other comparable schemes (schemes that do not employ GPS devices). Also, we show that by recognizing the need for and employing loose time synchronization, necessary synchronization can be provided to the WSN application using half of the energy needed for traditional schemes. Both analytical and simulation results are presented to verify the feasibility of SOBAS as well as the energy consumption of the scheme under normal operation and attack from malicious nodes.
4.
A. Selcuk Uluagac, Sakthi V. Radhakrishnan, Cherita Corbett, Antony Baca, Raheem Beyah
A passive technique for fingerprinting wireless devices with Wired-side Observations Conference Paper
In the proceedings of the IEEE Conference on Communications and Network Security (CNS) , 2013.
Abstract | Links | BibTeX | Tags: Fingerprinting, Wireless Security
@conference{UluagacFingerprintingIEEE2013,
title = {A passive technique for fingerprinting wireless devices with Wired-side Observations},
author = {A. Selcuk Uluagac and Sakthi V. Radhakrishnan and Cherita Corbett and Antony Baca and Raheem Beyah},
url = {https://ieeexplore.ieee.org/abstract/document/6682720/},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {In the proceedings of the IEEE Conference on Communications and Network Security (CNS)
},
abstract = {In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.},
keywords = {Fingerprinting, Wireless Security},
pubstate = {published},
tppubtype = {conference}
}
In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.
5.
Marco Valero, A. Selcuk Uluagac, S. Venkatachalam, K. C. Ramalingam, Raheem Beyah
The Monitoring Core: A framework for sensor security application development Conference Paper
In the proceedings of the IEEE 9th International Conference on Mobile Adhoc and Sensor Systems (MASS) , 2012.
Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security
@conference{ValeroMonitoringCoreIEEE2012,
title = {The Monitoring Core: A framework for sensor security application development},
author = {Marco Valero, A. Selcuk Uluagac, S. Venkatachalam, K. C. Ramalingam and Raheem Beyah},
url = {https://ieeexplore.ieee.org/abstract/document/6502525/},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {In the proceedings of the IEEE 9th International Conference on Mobile Adhoc and Sensor Systems (MASS)
},
abstract = {Wireless sensor networks (WSNs) are used for the monitoring of physical and environmental phenomena, and applicable in a range of different domains (e.g., health care, military, critical infrastructure). When using WSNs in a variety of real-world applications, security is a vital problem that should be considered by developers. As the development of security applications (SAs) for WSNs require meticulous procedures and operations, the software implementation process can be more challenging than regular applications. Hence, in an effort to facilitate the design, development and implementation of WSN security applications, we introduce the Monitoring Core (M-Core). The M-Core is a modular, lightweight, and extensible software layer that gathers necessary data including the internal and the external status of the sensor (e.g., information about ongoing communications, neighbors, and sensing), and provides relevant information for the development of new SAs. Similar to other software development tools, the M-Core was developed to facilitate the design and development of new WSN SAs on different platforms. Moreover, a new user-friendly domain-specific language, the M-Core Control Language (MCL), was developed to further facilitate the use of the M-Core and reduce the developer's coding time. With the MCL, a user can implement new SAs without the overhead of learning the details of the underlying sensor software architecture (e.g., TinyOS). The M-Core has been implemented in TinyOS-2.x and tested on real sensors (Tmote Sky and MicaZ). Using the M-Core architecture, we implemented several SAs to show that the M-Core allows easy and rapid development of security programs efficiently and effectively.},
keywords = {IoT Security, Network Security, Wireless Security},
pubstate = {published},
tppubtype = {conference}
}
Wireless sensor networks (WSNs) are used for the monitoring of physical and environmental phenomena, and applicable in a range of different domains (e.g., health care, military, critical infrastructure). When using WSNs in a variety of real-world applications, security is a vital problem that should be considered by developers. As the development of security applications (SAs) for WSNs require meticulous procedures and operations, the software implementation process can be more challenging than regular applications. Hence, in an effort to facilitate the design, development and implementation of WSN security applications, we introduce the Monitoring Core (M-Core). The M-Core is a modular, lightweight, and extensible software layer that gathers necessary data including the internal and the external status of the sensor (e.g., information about ongoing communications, neighbors, and sensing), and provides relevant information for the development of new SAs. Similar to other software development tools, the M-Core was developed to facilitate the design and development of new WSN SAs on different platforms. Moreover, a new user-friendly domain-specific language, the M-Core Control Language (MCL), was developed to further facilitate the use of the M-Core and reduce the developer's coding time. With the MCL, a user can implement new SAs without the overhead of learning the details of the underlying sensor software architecture (e.g., TinyOS). The M-Core has been implemented in TinyOS-2.x and tested on real sensors (Tmote Sky and MicaZ). Using the M-Core architecture, we implemented several SAs to show that the M-Core allows easy and rapid development of security programs efficiently and effectively.
6.
KC Ramalingam, Venkatachalam Subramanian, Selcuk Uluagac, Raheem Beyah
SIMAGE: Secure and Link-Quality Cognizant Image Distribution for wireless sensor networks Conference Paper
In the proceedings of IEEE Global Communications Conference (GLOBECOM), 2012.
Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security
@conference{RamalingamSimageIEEE2012,
title = {SIMAGE: Secure and Link-Quality Cognizant Image Distribution for wireless sensor networks},
author = {KC Ramalingam, Venkatachalam Subramanian, Selcuk Uluagac and Raheem Beyah},
url = {https://ieeexplore.ieee.org/abstract/document/6503181/},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {In the proceedings of IEEE Global Communications Conference (GLOBECOM)},
abstract = {Wireless sensor networks (WSNs) are used in a range of critical domains (e.g., health care, military, critical infrastructure) where it is necessary that the nodes be reprogrammed with a new or modified code image without removing them from the deployment area. Various protocols have been developed for the dissemination of code images between sensors in multi-hop WSNs, where these sensor nodes may have varying levels of link quality. However, the code dissemination process in these protocols is hindered by the nodes with poor link quality. This results in an increased number of retransmissions and code dissemination time. Also, in several of the techniques, the code dissemination process is not secure and can be eavesdropped or disrupted by a malicious wireless sensor node in the transmission range. In this paper, we propose a simple approach, Secure and Link-Quality Cognizant Image Distribution (SIMAGE), to enhance the existing code dissemination protocol using the available resources in the sensors. Specifically, our approach adapts to the varying link conditions via dynamic packet sizing to reduce the number of retransmissions and overall code dissemination time. Our approach also provides confidentiality and integrity to the code dissemination process by utilizing energy-efficient encryption and authentication mechanisms with RC4 and the CBC-MAC. We have evaluated SIMAGE in a network of real sensors and the results show that adjusting the packet size as a function of link quality reduces the retransmitted data by 93% and the image transmission time by 35% when compared to the existing code dissemination protocols. The trade-offs between reliability, security overhead, and overall transmission time for SIMAGE are also discussed.},
keywords = {IoT Security, Network Security, Wireless Security},
pubstate = {published},
tppubtype = {conference}
}
Wireless sensor networks (WSNs) are used in a range of critical domains (e.g., health care, military, critical infrastructure) where it is necessary that the nodes be reprogrammed with a new or modified code image without removing them from the deployment area. Various protocols have been developed for the dissemination of code images between sensors in multi-hop WSNs, where these sensor nodes may have varying levels of link quality. However, the code dissemination process in these protocols is hindered by the nodes with poor link quality. This results in an increased number of retransmissions and code dissemination time. Also, in several of the techniques, the code dissemination process is not secure and can be eavesdropped or disrupted by a malicious wireless sensor node in the transmission range. In this paper, we propose a simple approach, Secure and Link-Quality Cognizant Image Distribution (SIMAGE), to enhance the existing code dissemination protocol using the available resources in the sensors. Specifically, our approach adapts to the varying link conditions via dynamic packet sizing to reduce the number of retransmissions and overall code dissemination time. Our approach also provides confidentiality and integrity to the code dissemination process by utilizing energy-efficient encryption and authentication mechanisms with RC4 and the CBC-MAC. We have evaluated SIMAGE in a network of real sensors and the results show that adjusting the packet size as a function of link quality reduces the retransmitted data by 93% and the image transmission time by 35% when compared to the existing code dissemination protocols. The trade-offs between reliability, security overhead, and overall transmission time for SIMAGE are also discussed.
7.
Marco Valero, Sang Shin Jung, A. Selcuk Uluagac, Yingshu Li, Raheem Beyah
Di-Sec: A distributed security framework for heterogeneous Wireless Sensor Networks Conference Paper
In the proceedings IEEE International Conference on Computer Communications (INFOCOM), 2012.
Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security
@conference{ValeroDi-SecIEEE2012,
title = {Di-Sec: A distributed security framework for heterogeneous Wireless Sensor Networks},
author = {Marco Valero and Sang Shin Jung and A. Selcuk Uluagac and Yingshu Li and Raheem Beyah},
url = {https://ieeexplore.ieee.org/abstract/document/6195801/},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {In the proceedings IEEE International Conference on Computer Communications (INFOCOM)},
abstract = {Wireless Sensor Networks (WSNs) are deployed for monitoring in a range of critical domains (e.g., health care, military, critical infrastructure). Accordingly, these WSNs should be resilient to attacks. The current approach to defending against malicious threats is to develop and deploy a specific defense mechanism for a specific attack. However, the problem with this traditional approach to defending sensor networks is that the solution for the Jamming attack does not defend against other attacks (e.g., Sybil and Selective Forwarding). In reality, one cannot know a priori what type of attack an adversary will launch. This work addresses the challenges with the traditional approach to securing sensor networks and presents a comprehensive framework, Di-Sec, that can defend against all known and forthcoming attacks. At the heart of Di-Sec lies the monitoring core (M-Core), which is an extensible and lightweight layer that gathers statistics relevant for the defense mechanisms. The M-Core allows for the monitoring of both internal and external threats and supports the execution of multiple detection and defense mechanisms (DDMs) against different threats in parallel. Along with Di-Sec, a new user-friendly domain-specific language was developed, the M-Core Control Language (MCL). Using the MCL, a user can implement new defense mechanisms without the overhead of learning the details of the underlying software architecture (i.e., TinyOS, Di-Sec). Hence, the MCL expedites the development of sensor defense mechanisms by significantly simplifying the coding process for developers. The Di-Sec framework has been implemented and tested on real sensors to evaluate its feasibility and performance. Our evaluation of memory, communication, and sensing components shows that Di-Sec is feasible on today's resource-limited sensors and has a nominal overhead. Furthermore, we illustrate the basic functionality of Di-Sec by implementing and simultaneously executing DDMs for attacks at various layers of the communication stack (i.e., Jamming, Selective Forwarding, Sybil, and Internal attacks).},
keywords = {IoT Security, Network Security, Wireless Security},
pubstate = {published},
tppubtype = {conference}
}
Wireless Sensor Networks (WSNs) are deployed for monitoring in a range of critical domains (e.g., health care, military, critical infrastructure). Accordingly, these WSNs should be resilient to attacks. The current approach to defending against malicious threats is to develop and deploy a specific defense mechanism for a specific attack. However, the problem with this traditional approach to defending sensor networks is that the solution for the Jamming attack does not defend against other attacks (e.g., Sybil and Selective Forwarding). In reality, one cannot know a priori what type of attack an adversary will launch. This work addresses the challenges with the traditional approach to securing sensor networks and presents a comprehensive framework, Di-Sec, that can defend against all known and forthcoming attacks. At the heart of Di-Sec lies the monitoring core (M-Core), which is an extensible and lightweight layer that gathers statistics relevant for the defense mechanisms. The M-Core allows for the monitoring of both internal and external threats and supports the execution of multiple detection and defense mechanisms (DDMs) against different threats in parallel. Along with Di-Sec, a new user-friendly domain-specific language was developed, the M-Core Control Language (MCL). Using the MCL, a user can implement new defense mechanisms without the overhead of learning the details of the underlying software architecture (i.e., TinyOS, Di-Sec). Hence, the MCL expedites the development of sensor defense mechanisms by significantly simplifying the coding process for developers. The Di-Sec framework has been implemented and tested on real sensors to evaluate its feasibility and performance. Our evaluation of memory, communication, and sensing components shows that Di-Sec is feasible on today's resource-limited sensors and has a nominal overhead. Furthermore, we illustrate the basic functionality of Di-Sec by implementing and simultaneously executing DDMs for attacks at various layers of the communication stack (i.e., Jamming, Selective Forwarding, Sybil, and Internal attacks).
8.
A. Selcuk Uluagac, Raheem A. Beyah, Yingshu Li, John A. Copeland
VEBEK: Virtual Energy-Based Encryption and Keying for Wireless Sensor Networks Journal Article
IEEE Transactions on Mobile Computing Journal, 2010.
Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security
@article{UluagacVEBEKIEEE2010,
title = {VEBEK: Virtual Energy-Based Encryption and Keying for Wireless Sensor Networks},
author = {A. Selcuk Uluagac, Raheem A. Beyah, Yingshu Li and John A. Copeland},
url = {https://ieeexplore.ieee.org/abstract/document/5438995/},
doi = {10.1109/TMC.2010.51},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
journal = {IEEE Transactions on Mobile Computing Journal},
abstract = {Designing cost-efficient, secure network protocols for Wireless Sensor Networks (WSNs) is a challenging problem because sensors are resource-limited wireless devices. Since the communication cost is the most dominant factor in a sensor's energy consumption, we introduce an energy-efficient Virtual Energy-Based Encryption and Keying (VEBEK) scheme for WSNs that significantly reduces the number of transmissions needed for rekeying to avoid stale keys. In addition to the goal of saving energy, minimal transmission is imperative for some military applications of WSNs where an adversary could be monitoring the wireless spectrum. VEBEK is a secure communication framework where sensed data is encoded using a scheme based on a permutation code generated via the RC4 encryption mechanism. The key to the RC4 encryption mechanism dynamically changes as a function of the residual virtual energy of the sensor. Thus, a one-time dynamic key is employed for one packet only and different keys are used for the successive packets of the stream. The intermediate nodes along the path to the sink are able to verify the authenticity and integrity of the incoming packets using a predicted value of the key generated by the sender's virtual energy, thus requiring no need for specific rekeying messages. VEBEK is able to efficiently detect and filter false data injected into the network by malicious outsiders. The VEBEK framework consists of two operational modes (VEBEK-I and VEBEK-II), each of which is optimal for different scenarios. In VEBEK-I, each node monitors its one-hop neighbors where VEBEK-II statistically monitors downstream nodes. We have evaluated VEBEK's feasibility and performance analytically and through simulations. Our results show that VEBEK, without incurring transmission overhead (increasing packet size or sending control messages for rekeying), is able to eliminate malicious data from the network in an energy-efficient manner. We also show that our framework performs better than other comparable schemes in the literature with an overall 60-100 percent improvement in energy savings without the assumption of a reliable medium access control layer.},
keywords = {IoT Security, Network Security, Wireless Security},
pubstate = {published},
tppubtype = {article}
}
Designing cost-efficient, secure network protocols for Wireless Sensor Networks (WSNs) is a challenging problem because sensors are resource-limited wireless devices. Since the communication cost is the most dominant factor in a sensor's energy consumption, we introduce an energy-efficient Virtual Energy-Based Encryption and Keying (VEBEK) scheme for WSNs that significantly reduces the number of transmissions needed for rekeying to avoid stale keys. In addition to the goal of saving energy, minimal transmission is imperative for some military applications of WSNs where an adversary could be monitoring the wireless spectrum. VEBEK is a secure communication framework where sensed data is encoded using a scheme based on a permutation code generated via the RC4 encryption mechanism. The key to the RC4 encryption mechanism dynamically changes as a function of the residual virtual energy of the sensor. Thus, a one-time dynamic key is employed for one packet only and different keys are used for the successive packets of the stream. The intermediate nodes along the path to the sink are able to verify the authenticity and integrity of the incoming packets using a predicted value of the key generated by the sender's virtual energy, thus requiring no need for specific rekeying messages. VEBEK is able to efficiently detect and filter false data injected into the network by malicious outsiders. The VEBEK framework consists of two operational modes (VEBEK-I and VEBEK-II), each of which is optimal for different scenarios. In VEBEK-I, each node monitors its one-hop neighbors where VEBEK-II statistically monitors downstream nodes. We have evaluated VEBEK's feasibility and performance analytically and through simulations. Our results show that VEBEK, without incurring transmission overhead (increasing packet size or sending control messages for rekeying), is able to eliminate malicious data from the network in an energy-efficient manner. We also show that our framework performs better than other comparable schemes in the literature with an overall 60-100 percent improvement in energy savings without the assumption of a reliable medium access control layer.
9.
Selcuk Uluagac, Raheem A. Beyah, John A. Copeland
Time-Based Dynamic Keying and En-Route Filtering (TICK) for Wireless Sensor Networks Conference Paper
In the proceedings of IEEE Global Telecommunications Conference (GLOBECOM), 2010.
Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security
@conference{UluagacTICKIEEE2010,
title = {Time-Based Dynamic Keying and En-Route Filtering (TICK) for Wireless Sensor Networks},
author = {Selcuk Uluagac, Raheem A. Beyah and John A. Copeland},
url = {https://ieeexplore.ieee.org/abstract/document/5683787/},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
booktitle = {In the proceedings of IEEE Global Telecommunications Conference (GLOBECOM)},
abstract = {Given that transmission cost is significant in a Wireless Sensor Network (WSN), sending explicit keying control messages significantly increases the amount of energy consumed by each sensing device. Thus, in this paper, we address the issue of security for WSNs from a completely novel perspective. We present a technique to secure the network, without the transmission of explicit keying messages needed to avoid stale keys. Our protocol, the TIme-Based DynamiC Keying and En-Route Filtering (TICK) protocol for WSNs secures events as they occur. As opposed to current chatty schemes that incur regular keying message overhead, nodes use their local time values as a one-time dynamic key to encrypt each message. Further, this mechanism prevents malicious nodes from injecting false packets into the network. TICK is as a worst case twice more energy efficient than existing related work. Both an analytical framework and simulation results are presented to verify the feasibility of TICK as well as the energy consumption of the scheme under normal operation and attack from malicious nodes.},
keywords = {IoT Security, Network Security, Wireless Security},
pubstate = {published},
tppubtype = {conference}
}
Given that transmission cost is significant in a Wireless Sensor Network (WSN), sending explicit keying control messages significantly increases the amount of energy consumed by each sensing device. Thus, in this paper, we address the issue of security for WSNs from a completely novel perspective. We present a technique to secure the network, without the transmission of explicit keying messages needed to avoid stale keys. Our protocol, the TIme-Based DynamiC Keying and En-Route Filtering (TICK) protocol for WSNs secures events as they occur. As opposed to current chatty schemes that incur regular keying message overhead, nodes use their local time values as a one-time dynamic key to encrypt each message. Further, this mechanism prevents malicious nodes from injecting false packets into the network. TICK is as a worst case twice more energy efficient than existing related work. Both an analytical framework and simulation results are presented to verify the feasibility of TICK as well as the energy consumption of the scheme under normal operation and attack from malicious nodes.
10.
Selcuk Uluagac, Raheem A Beyah,, John A. Copeland
Analysis of Varying AS Path Lengths from the Edge of the Network Conference Paper
In the proceedings of IEEE Global Telecommunications Conference (GLOBECOM), 2010.
Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security
@conference{UluagacIEEE2010,
title = {Analysis of Varying AS Path Lengths from the Edge of the Network},
author = {Selcuk Uluagac, Raheem A Beyah, and John A. Copeland},
url = {https://ieeexplore.ieee.org/abstract/document/5683787/},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
booktitle = {In the proceedings of IEEE Global Telecommunications Conference (GLOBECOM)},
abstract = {Understanding and analyzing the past and current behavior of the Internet will be instrumental in building tomorrow's more efficient and scalable networks (e.g., the future Internet). In this paper, we study the impact of Autonomous Systems (ASs) paths' end-to-end latency. Unfortunately, due to the diverse set of non-disclosed routing policies among ASs, packets belonging to a certain end-to- end connection may traverse different ASs, causing fluctuating AS paths. Fluctuation of AS paths has been studied in the literature directly from the core of the network. In this paper, we take a different approach to the analysis of the fluctuation, solely from the edge of the network. Specifically, from the end user's perspective, some AS paths may be optimal (or better) and some sub-optimal. Furthermore, there is not a unique definition for sub- optimality as it may be reflected with various measures (e.g., latency) depending on the application requirements and expectations. In this paper we analyze fluctuating AS path lengths (ASPLs) and investigate their impact on the end-to-end latency over the Internet at a greater scale than previous studies. This study was conducted using Scriptroute to probe various PlanetLab nodes. Our results show that all of the source nodes experienced some AS path differences and the ASPL values that the sources use greatly vary. At worst, some nodes experienced different paths over 70% of the time during our measurements. We observed that the largest difference in ASPLs on a particular connection was as high as 6 with an average of 2.5. Moreover, we present real cases where ASPL and latency values are related, inversely related, and not related at all. Finally, we provide a simple definition for suboptimality and analyze the collected data against this definition. We show that overall 82% of the fluctuating paths and 9% of all the traces between source-destination pairs faced sub-optimal AS paths.},
keywords = {IoT Security, Network Security, Wireless Security},
pubstate = {published},
tppubtype = {conference}
}
Understanding and analyzing the past and current behavior of the Internet will be instrumental in building tomorrow's more efficient and scalable networks (e.g., the future Internet). In this paper, we study the impact of Autonomous Systems (ASs) paths' end-to-end latency. Unfortunately, due to the diverse set of non-disclosed routing policies among ASs, packets belonging to a certain end-to- end connection may traverse different ASs, causing fluctuating AS paths. Fluctuation of AS paths has been studied in the literature directly from the core of the network. In this paper, we take a different approach to the analysis of the fluctuation, solely from the edge of the network. Specifically, from the end user's perspective, some AS paths may be optimal (or better) and some sub-optimal. Furthermore, there is not a unique definition for sub- optimality as it may be reflected with various measures (e.g., latency) depending on the application requirements and expectations. In this paper we analyze fluctuating AS path lengths (ASPLs) and investigate their impact on the end-to-end latency over the Internet at a greater scale than previous studies. This study was conducted using Scriptroute to probe various PlanetLab nodes. Our results show that all of the source nodes experienced some AS path differences and the ASPL values that the sources use greatly vary. At worst, some nodes experienced different paths over 70% of the time during our measurements. We observed that the largest difference in ASPLs on a particular connection was as high as 6 with an average of 2.5. Moreover, we present real cases where ASPL and latency values are related, inversely related, and not related at all. Finally, we provide a simple definition for suboptimality and analyze the collected data against this definition. We show that overall 82% of the fluctuating paths and 9% of all the traces between source-destination pairs faced sub-optimal AS paths.
Citations: 8413
h-index: 44
i10-index: 107
