311 research outputs found
DHB-KEY - A Diffie-Hellman Key Distribution Protocol for Wireless Sensor Networks
Many sensor network applications require secure communication between sensor nodes and the sink. This paper presents a key distribution scheme based on the well known Elliptic Curve Diffie-Hellman key exchange mechanism. The DHB-KEY scheme is performed in two stages. The first stage is carried out in a secure environment before network deployment. The second stage is carried out periodically using a single broadcast message. Each node arrives at a unique key it shares with the sink. This paper presents a first evaluation and a prototype implementation of the protocol. We have found that the presented key distribution approach uses energy and communication resources efficiently and has a low deployment complexity
Securing Communication in 6LoWPAN with Compressed IPsec
Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. It may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec. Our extension supports both IPsec’s Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms
Integrated optical components for quantum key distribution
The security of current public key cryptosystems, such as RSA, depends on the difficulty of computing certain functions known as trapdoor functions. However, as computational resources become more abundant with the fast development of super- and quantum computers, relying on such methods for communication security becomes risky. Quantum key distribution (QKD), is a potential solution that can allow theoretically secure key exchange for future communications. Chip-scale integration of this solution for securing communication of embedded systems and hand held devices demands miniaturizing the optical components that are used in typical QKD boxes, hence reducing its size and cost. The aim of the work in this thesis is firstly investigating novel approaches to realising integrable single photon sources and detectors for applications such as QKD, and secondly proposing a chip-scale integrated QKD system with efficient and optimised optical components. In the first part of the thesis, a model for coupling 2D material emitters to rod-type photonic cavities is studied for room temperature single photon sources. Our investigated approach allows better coupling between the emitter and the cavity modes than conventional methods, while increasing light collection ratio. In the second part, site-controlled growth of semiconductor III-V nanowires on Si for photodetection applications is achieved by fabricating the sites using electron-beam lithography and wet etching. Studies were also carried out to investigate the effect of the wafer’s growth temperature on the nanowire formation. Finally, a model was proposed for realising a chip-scale QKD system using photonic crystals as a photonic circuit platform. The work involves increasing the Q-factor of the cavity single photon source, increasing cavity waveguide coupling, reducing losses in beam splitters and out-couplers. A final model of a chip-scale QKD system which involves the optimised components is proposed at the end of the thesis
Validating the Sensor Network Calculus by Simulations
Abstract Network Calculus has been proposed and customized as a framework for worst-case analysis in wireless sensor networks (WSNs). It has been demonstrated that this so-called Sensor Network Calculus (SNC) is an effective network dimensioning tool as it allows us to calculate maximum message transfer delays and communication related energy consumption patterns before network deployment. So far it is unclear how the SNC calculated worst-case delay bounds compare to values experienced in real deployments. Our experiments presented in this paper show that an SNC worst-case delay prediction can be as little as 2.7% above the measured worst-case delay in a typical application scenario. Thus, it can be concluded that the SNC has a very practical relevance for dimensioning wireless sensor networks
Evaluating and improving firewalls for ip-telephony environments
Firewalls are a well established security mechanism for providing access control and auditing at the borders between different administrative network domains. Their basic architecture, techniques and operation modes did not change fundamentally during the last years. On the other side new challenges emerge rapidly when new innovative application domains have to be supported. IP-Telephony applications are considered to have a huge economic potential in the near future. For their widespread acceptance and thereby their economic success they must cope with established security policies. Existing firewalls face immense problems here, if they - as it still happens quite often - try to handle the new challenges in a way they did with "traditional applications". As we will show in this paper, IP-Telephony applications differ from those in many aspects, which makes such an approach quite inadequate. After identifying and characterizing the problems we therefore describe and evaluate a more appropriate approach. The feasibility of our architecture will be shown. It forms the basis of a prototype implementation, that we are currently working on
SonarSnoop: active acoustic side-channel attacks
We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim's finger movements can be inferred to steal Android phone unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats
Towards Reactive Acoustic Jamming for Personal Voice Assistants
Personal Voice Assistants (PVAs) such as the Amazon Echo are com- monplace and it is now likely to always be in range of at least one PVA. Although the devices are very helpful they are also continuously monitoring conversations. When a PVA detects a wake word, the immediately following conversation is recorded and transported to a cloud system for further analysis. In this paper we investigate an active protection mechanism against PVAs: reactive jamming. A Protection Jamming Device (PJD) is employed to observe conversations. Upon detection of a PVA wake word the PJD emits an acoustic jamming signal. The PJD must detect the wake word faster than the PVA such that the jamming signal still prevents wake word detection by the PVA. The paper presents an evaluation of the e ectiveness of di erent jamming signals. We quantify the impact of jamming signal and wake word overlap on jamming success. Furthermore, we quantify the jamming false positive rate in depen- dence of the overlap. Our evaluation shows that a 100% jamming success can be achieved with an overlap of at least 60% with a negligible false positive rate. Thus, reactive jamming of PVAs is feasible without creating a system perceived as a noise nuisance
Smart Speaker Privacy Control - Acoustic Tagging for Personal Voice Assistants
Personal Voice Assistants (PVAs) such as the Siri, Amazon Echo and Google Home are now commonplace. PVAs continuously monitor conversations which may be transported to a cloud back end where they are stored, processed and maybe even passed on to other service providers. At present, a user has little control over this process. He is unable to control the recording behaviour of surrounding PVAs, is unable to signal his privacy requirements to back-end systems and is unable to track conversation recordings. In this paper we explore techniques for embedding additional information into acoustic signals processed by PVAs. A user employs a tagging device which emits an acoustic signal when PVA activity is assumed. Any active PVA will embed this tag in the recorded audio stream. The tag may signal a cooperating PVA or back-end system that a user has not given a recording consent. The tag may also be used to trace when and where a recording was taken. In this paper we discuss different tagging techniques and application scenarios. We describe the implementation of a prototype tagging device based on PocketSphinx. Using the popular PVA Google Home Mini we demonstrate that the device can tag conversations and that the tagging signal can be retrieved from conversations stored in the Google back-end system
Vulnerabilities and security limitations of current IP telephony systems
Within the traditional telephone system a certain level of quality and security has been established over the years. If we try to use IP Telephony systems as a core part of our future communication infrastructure (e.g. as classical PBX enhancement or replacement) continuous high availability, stable and error-free operation and the protection of the privacy of the spoken word are challenges, that definitely have to be met. Since manufacturers start deploying new end systems and infrastructure components rather fast now - a critical inspection of their security features and vulnerabilities is mandatory. The critical presentation of the theoretical background of certain vulnerabilities, testing and attacking tools and the evaluation results reveals, that well-known security flaws become part of implementations in the new application area again and the security level of a number of examined solutions is rather insufficient
A survey of requirements and standardization efforts for IP-telephony-security
Security as a dimension of trustworthiness in IP-Telephony systems and protocols is a main condition for the commercial success of IP-Telephony. In this work, we present a survey of security requirements and show how various standardization efforts address these requirements. We describe the basic tasks and elements of IP-Telephony systems and compare them to Telephony via PSTNs to derive some possible attacks for example. We classify the security preconditions to achieve trustworthiness of users and providers in this systems. We list weighty criteria for further evaluation of security mechanisms which can fulfil these requirements. After this, we describe the integration of security mechanisms in current IP-Telephony protocols and figure out work areas which have to be solved in future
- …
