Daojing He,Jiajun Bu,Sencun Zhu,Mingjian Yin,Yi Gao,Haodong Wang,Sammy Chan,Chun Chen

DOI: https://doi.org/10.1109/infcom.2011.5935176

2011-01-01

Abstract:A distributed access control module in wireless sensor networks (WSNs) allows the network to authorize and grant user access privileges for in-network data access. Prior research mainly focuses on designing such access control modules for WSNs, but little attention has been paid to protect user's identity privacy when a user is verified by the network for data accesses. Often, a user does not want the WSN to associate his identity to the data he requests, particularly in a single-owner multi-user WSN. In this paper, we present the design, implementation, and evaluation of a novel approach, Priccess, to ensure privacy-preserving access control. In addition to the theoretical analysis that demonstrates the security properties of Priccess, this paper also reports the experimental results of Priccess in a network of Imote2 motes, which show the efficiency of Priccess in practice.

Changsha Ma,Kaiping Xue,Peilin Hong

DOI: https://doi.org/10.1002/sec.777

IF: 1.968

2013-01-01

Security and Communication Networks

Abstract:Access control plays an important role in protecting security-sensitive sensor data from being utilized by malicious users. Despite the numerous studies on access control for wireless sensor networks (WSNs), however, few of them pay attention to preserving user privacy, which has recently been an urgent demand of the network users. In this paper, we propose two access control schemes with different privacy preserving properties for WSNs, which can adaptively satisfy the demands of the sensor network users. First, on the basis of our signcryption approach, we propose a distributed query protected access control scheme where the query message is encrypted in the process of user authentication. Because no other users could decrypt and read the query message, the user can preserve the privacy of the target data type. With the additional help with proxy signature, we then design a distributed anonymous access control scheme. Apart from protecting the data type information, distributed anonymous access control preserves the privacy of the user's access behavior by anonymizing the user's identity. In contrast to the previous privacy-preserved access control schemes for WSNs, our schemes can efficiently protect the privacy of users without significantly increasing the network overhead and the energy consumption on sensors. Copyright (c) 2013 John Wiley & Sons, Ltd.

Daojing He,Jiajun Bu,Sencun Zhu,Sammy Chan,Chun Chen

DOI: https://doi.org/10.1109/TWC.2011.072511.102283

IF: 10.4

2011-01-01

IEEE Transactions on Wireless Communications

Abstract:A distributed access control module in wireless sensor networks (WSNs) allows the network to authorize and grant user access privileges for in-network data access. Prior research mainly focuses on designing such access control modules for WSNs, but little attention has been paid to protect user's identity privacy when a user is verified by the network for data accesses. Often, a user does not want the WSN to associate his identity to the data he requests. In this paper, we present the design, implementation, and evaluation of a novel approach, Priccess, to ensure distributed privacy-preserving access control. In Priccess, users who have similar access privileges are organized into the same group by the network owner. A network user signs a query command on behalf of his group and then sends the signed query to the sensor nodes of his interest. The signature can be verified by its recipient as coming from someone authorized without exposing the actual signer. In addition to the theoretical analysis that demonstrates the security properties of Priccess, this paper also reports the experimental results of Priccess in a network of Imote2 motes, which show the efficiency of Priccess in practice.

Miao Xu,Wenyuan Xu,Jason O'Kane

DOI: https://doi.org/10.1109/MASS.2011.43

2011-01-01

Abstract:Wireless sensor networks are vulnerable to various attacks and network dynamics that can breach data privacy and harm data availability. Since those threats cannot be addressed purely by cryptography-based methods, this paper presents a data dissemination scheme that can enhance two goals: data privacy and data availability, leveraging the node location diversity presented in typical wireless sensor networks rather than relying on cryptographic techniques. We demonstrate that the message content is important to quantify the uncertainty associated with data privacy and data availability, and provide content-based definitions utilizing information states. Further, to strike the balance between two conflicting goals in an energy efficient way, we construct a spatial privacy graph based on the locations of network nodes, and use a distributed coloring scheme to ensure that any pairs of nodes whose combined data provide too much information should not send their sensed data to the same storage node. Additionally, sensor nodes selectively send data to multiple storage nodes to achieve higher availability. Our experimental results show that our scheme can achieve better data privacy and a higher level of data availability at smaller energy cost than other baseline data dissemination schemes.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Shucheng Yu,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/TPDS.2010.130

IF: 5.3

2011-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Distributed sensor data storage and retrieval has gained increasing popularity in recent years for supporting various applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such architecture also poses a number of security challenges especially when applied in mission-critical applications such as battle field and e-healthcare. First, as sensor data are stored and maintained by individual sensors and unattended sensors are easily subject to strong attacks such as physical compromise, it is significantly harder to ensure data security. Second, in many mission-critical applications, fine-grained data access control is a must as illegal access to the sensitive data may cause disastrous result and/or prohibited by the law. Last but not least, sensors usually are resource-scarce, which limits the direct adoption of expensive cryptographic primitives. To address the above challenges, we propose in this paper a distributed data access control scheme that is able to fulfill fine-grained access control over sensor data and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs.

Ning Yang,Hao Jiang,Daoxing Guo,Yuan Liu,Guoru Ding,Zhen Chen,Zhaohui Yang

DOI: https://doi.org/10.1109/lcomm.2024.3419829

IF: 3.5529

2024-01-01

IEEE Communications Letters

Abstract:The reliability and accuracy of cooperative spectrum sensing (CSS) in cognitive radio networks (CRNs) are highly dependent on the integrity of the shared spectrum sensing data. However, driven by selfishness and malicious intentions, secondary users (SUs) may launch SSDF attacks, resulting in the damage to the integrity of sensing data, which will seriously affect the performance of CRNs, especially under massive SSDF attacks. Therefore, a blockchain-based CSS model is firstly proposed and a reputation-based consensus mechanism, named proof of reputation (PoR), is designed to enable CSS to countermeasure massive SSDF attacks in an environmentally friendly manner while supporting the operation of blockchain. Secondly, a reputation evaluation scheme based on extended sensing time and transmission result is developed to evaluate the reputation of SUs. In addition, in order to maximize the recognition performance of SSDF attacks, a closed-form expression of the optimal decision threshold constrained by the misjudged probability of honest SU is derived. Finally, the effectiveness and superiority of the proposed PoR consensus algorithm against massive SSDF attacks are demonstrated by comparing the simulation with the existing solutions.

Mingming Li,Jianbin Hu,Nike Gui

DOI: https://doi.org/10.1007/978-3-642-13067-0_61

2010-01-01

Abstract:Traditional wireless sensor networks (WSN) are entity-centric systems making Sybil attacks, collusion attacks, false data injection attacks etc very effective attacks These attacks are critical security threat to WSN Although there are many security solutions to these attacks, such as cryptography, reputation, authentic consensus, none of them can well defense all these attacks respectively In this paper, we address this challenge by combining classical security solutions and extending the traditional entity-centric trust to data-centric trust via Dempster-Shafer Theory (DST) and a new method: Proof-of-Reputation-Relevance (PoRR) Our data-centric trust framework gives a whole solution for those attacks It is realized by our PoRR accomplished by collecting reputation weighted authentic consensus from witness nodes in a cooperative way Event reports from attacks who fail to provide right PoRR are discarded or given low trust levels Our simulation results show that our scheme is highly resilient to attackers and converges stably to the correct decision.

Zhengyan Zhou,Hanze Chen,Lingfei Chen,Dong Zhang,Chunming Wu,Xuan Liu,Muhammad Khurram Khan

DOI: https://doi.org/10.1109/tgcn.2024.3432781

2024-01-01

IEEE Transactions on Green Communications and Networking

Abstract:Radio access network (RAN) enables large-scale collection of sensitive data. Privacy-preserving techniques aim to learn knowledge from sensitive data to improve services without compromising privacy. However, as the data scale increases, enforcing privacy-preserving techniques on sensitive data may consume a considerable amount of system resources and impose performance penalties. To reduce system resource consumption, we present NetDP, an in-network architecture for privacy-preserving techniques by leveraging programmable switches to improve resource efficiency (i.e., CPU cycles, network bandwidth, and privacy budgets). The key idea of NetDP is to accommodate and exploit cryptographic operators to reduce resource consumption rather than repetitively and exhaustively suppressing the impact of these techniques. To the best of our knowledge, this is the first time that privacy-preserving techniques in a large-scale data processing system have been enforced on programmable switches. Our experiments based on Tofino switches indicate that NetDP significantly reduces computation latency (e.g., 40.2%-55.8% latency in computations) without impacting fidelity.

Yue Zhao,Bo Tian,Yiru Niu,Hao Zhang,Zhongqiang Yi,Ruiqi Zeng

DOI: https://doi.org/10.3390/s21206815

IF: 3.9

2021-10-13

Sensors

Abstract:As a typical application of sensor networks, there exist many information security problems in smart parks, such as confusion of personnel access, lack of security management, disorderly data flow, insufficient collection of audit evidence, and so on. Aiming at the scenario of personnel and equipment moving in different areas of smart parks, the paper proposes a joint authorization and dynamic access control mechanism, which can provide unified identity management services, access control services, and policy management services, and effectively solve the problem of multi-authorization in user identity and authority management. The license negotiation interaction protocol is designed to prevent common network attack threats in the process of identity authentication and authority management. In order to realize the tamper-proof storage of personnel and equipment movement trajectory, the paper also designs a movement trajectory traceability protocol based on a Merkle tree, which solves the problems of internal personnel malicious attack, trusted third-party dependency bottleneck, high overheads of tracking algorithms, and so on. The experimental results show that compared with the current security control mechanisms for sensor networks, the joint authorization, and dynamic access control mechanism can support multi-party authorization and traceability, while the overhead it generates in initialization, encryption, decryption, and key generation steps are basically the same as other mechanisms do.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Varsha Bhat Kukkala,S.R.S Iyengar

DOI: https://doi.org/10.48550/arXiv.1705.06929

2017-05-19

Abstract:In this paper, we formalize the notion of distributed sensitive social networks (DSSNs), which encompasses networks like enmity networks, financial transaction networks, supply chain networks and sexual relationship networks. Compared to the well studied traditional social networks, DSSNs are often more challenging to study, given the privacy concerns of the individuals on whom the network is knit. In the current work, we envision the use of secure multiparty tools and techniques for performing privacy preserving social network analysis over DSSNs. As a step towards realizing this, we design efficient data-oblivious algorithms for computing the K-shell decomposition and the PageRank centrality measure for a given DSSN. The designed data-oblivious algorithms can be translated into equivalent secure computation protocols. We also list a string of challenges that are needed to be addressed, for employing secure computation protocols as a practical solution for studying DSSNs.

Social and Information Networks,Cryptography and Security

Songtao Ye,Junfei Liu,Jin Zhang

DOI: https://doi.org/10.1109/gcis.2012.108

2012-01-01

Abstract:The architecture of two tiered sensor networks, where storage nodes serve as an intermediate tier between sensors and a sink for storing and processing data, has aroused researchers' attention because of the benefits of power and storage saving. In a sensor network, multiple sensor data streams are correlated. Correlation tracking can describe the key trends and reduce the complexity of further data processing. However, the importance of storage nodes also makes them attractive to attackers. In this paper we propose a method to guarantee both the utility and privacy of data on storage nodes through correlation tracking. To preserve privacy, we add random noise on original data. To preserve utility, the additive noise is distributed along the direction of sensor data. We provide both a mathematical and experimental evaluation on real dataset to validate the effectiveness of our algorithm.

Qianyun Zhang,Weihao Zeng,Zhijin Qin,Yun Lin,Zhenyu Guan,Jianwei Liu

DOI: https://doi.org/10.1109/jiot.2023.3344648

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In cognitive radio networks, cooperative spectrum sensing (CSS) is a key approach to effectively discover spectrum opportunities for secondary users. However, due to the presence of malicious nodes, CSS faces significant challenges in the trust issue of sensing results caused by spectrum sensing data falsification and the privacy leakage of sensing nodes. In this article, we develop a trustworthy and privacy-preserving CSS solution based on blockchain, TaP2-CSS. It achieves the transparency and trustworthiness in exchanging and fusing sensing reports and preserves privacy of sensing nodes. More specifically, a fusion scheme is proposed to realize the high defense capability against the spectrum sensing falsification attack launched by lurking and persistent malicious nodes. Furthermore, to address privacy threats of sensing nodes, we propose a privacy-preserving sensing scheme based on dynamic sensing time for resource-constrained sensing nodes. It effectively limits the location information leaked by sensing reports without the need for complex cryptographic computation and protocol interaction. Comprehensive evaluation and comparison show that the proposed solution achieves high sensing accuracy in the presence of malicious nodes while preserving the privacy of sensing nodes.

Sheng Zhong,Tingting Chen

2011-01-01

Abstract:In today’s society, advanced cyber-infrastructure are connecting a huge number of mutually unfamiliar people, and forming a computing environment with untrusted parties. The human factors of untrusted parties, especially the considerations of privacy, security and incentives, bring new challenges in designing our systems, services and software with distributed computations. This thesis addresses the incentive and privacy issues in distributed computing with untrusted parties.Wireless networks with recent technical advances have become one of the most popular platforms for computing with untrusted parties. However, in civilian wireless networks, nodes often belong to different users and those users may be selfish. Existing protocols that were designed without considering user incentives often require nodes to spend their own resources for others. Hence selfish users may deviate from these protocols, in order to maximize their benefits. It causes serious problems to performance and even functioning of wireless networks. So, it is of great importance to provide incentives to those selfish users in wireless networks. First part of this thesis focuses on designing incentive-compatible packet forwarding protocols for three different types of wireless networks, i.e., ad hoc wireless networks, wireless networks using network coding and vehicular ad hoc networks. First, for traditional ad hoc wireless networks, the first reputation system that has rigorous analysis and guaranteed incentive compatibility in a practical model is proposed, to enhance the cooperation among nodes in forwarding packets for others. Second, for newly emerging wireless networks using network coding, the first-ever enforceable incentive scheme to stimulate packet forwarding is proposed that uses a combination of game theoretic and cryptographic techniques. Third, the problem on how to stimulate message forwarding in vehicular ad hoc networks that have no end-to-end connections is solved, and an incentive scheme with rigorous analysis based on coalitional game theory is proposed.In the distributed computing environments with untrusted parties, besides incentive issues, privacy concerns from the participants also impede the process of obtaining better computation results. To address the privacy concerns, the second part of this thesis focuses on designing privacy preserving distributed data mining protocols, when the input data comes from different parties. In particular, the first privacy preserving back-propagation learning algorithms for multi-layer neural networks with vertically partitioned data, using cryptographic tools, with provable security is proposed. Furthermore, a privacy preserving algorithm for growing neural gas with input data from two parties is also presented. This algorithm allows two parties to jointly conduct grow neural gas algorithm without revealing any party’s data.

Chen Gao,Zidong Wang,Lifeng Ma,Hongjian Liu,Xiao He

DOI: https://doi.org/10.1109/tnse.2024.3357804

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:In this paper, the differentially private synchronization control (DPSC) problem is investigated for a class of nonlinear complex networks against possible eavesdropping attacks. The complex network is composed of a number of coupled nodes whose nonlinear dynamics is remotely controlled via a communication link. The initial state of the underly network serve as the private information to be protected from potential eavesdroppers. First, the concepts of mean-square synchronization and differential privacy are introduced to quantify, respectively, the performance of synchronization and the level of privacy. A new DPSC scheme is then proposed, which consists of a noise generator, a pair of input and output noise injectors, and a synchronization controller, in order to guarantee the ultimate mean-square synchronization with preserved differential privacy. In addition, the underlying co-design issue is thoroughly discussed on the input/output noise injector and the synchronization controller. Finally, a series of simulations are carried out to show the effectiveness of the proposed DPSC scheme.

Ting Li,Wei Liu,Shangsheng Xie,Mianxiong Dong,Kaoru Ota,Neal N. Xiong,Qiang Li

DOI: https://doi.org/10.1109/jiot.2021.3117971

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Contemporarily, the fast development of computing, communication, and storage technology has revolutionized the way that various data-based applications reach massive data from underlying sensor networks. However, such a process also raises two challenging but critical issues: 1) trustworthy and 2) privacy issue for data collectors. Therefore, this article proposes a novel system, which is designed over the distributed mobile-edge network to sufficiently exploit advantages of blockchain and differential privacy (DP) to collect trustworthy data and protect privacy for data collectors. First, to improve trustworthiness of data collections, a new consensus mechanism is proposed for blockchain-based data collection structure, which comprehensively incorporates trustworthy, collection contribution, and throughput together to prefer data collectors for the next block. Second, with the assistance of fully trusted devices, a verifiable trustworthy evaluation strategy is designed to accurately compute the trustworthiness for data collectors. Third, we enforce DP on the data stored in a global blockchain maintained by the cloud server to protect privacy for data collectors without influencing data availability. Finally, both theoretical analyses and experimental results prove that the proposed system comprehensively improves performance of data collections in distributed network without adding any additional cost for the cloud server, compared to other schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qiyuan Zhang,Xuehai Zhou,Feng Yang

DOI: https://doi.org/10.1109/wicom.2009.5301523

2009-01-01

Abstract:Authentication is necessary to not only data exchange processes but also network administrative tasks in Wireless Sensor Networks. So far, only data authentication has drawn much attention from the research community. We propose an efficient Distributed Node Authentication (DNA) scheme that utilizes geographic location and trust relationship among neighboring sensor nodes to authenticate the identity of sensor nodes. Analysis and simulation results demonstrate that DNA is robust against node failure/sleeping and resilient to network attackers.