Application scenarios for wireless sensor networks (WSNs) and body area networks (BANs) are extremely diverse and heterogeneous, ranging from smart environment to perimeter sensing, to weather and ambient control, to healthcare, to military applications, and so on. The same diversity is valid for Underwater Acoustic Sensor Networks (UASNs), which are becoming the key enabler for a large set of application scenarios ranging from scientific exploration and commercial exploitation, to homeland security. With so much diversity, a one-size-fits-all general design paradigm for security appears far from being effective, if even possible. Thus, our focus is on the development of new security solutions specifically tailored for BANs, WSNs and UASNs. We have developed standard based end-to-end security protocols for the IoT, context-aware decentralized Data Access control for GREEn WSNs, protection mechanims against Denial-of-Sleep attacks for Wake-up-enabled networks, security frameworks and reputation based routing protocols for UASNs.
The growing number of applications based on Internet of Things (IoT) technologies is pushing towards standardized protocol stacks for machine-to-machine (M2M) communication and the adoption of standard-based security solutions, such as the Datagram Transport Layer Security (DTLS). Despite the huge diffusion of DTLS, there is a lack of optimized implementations tailored to resource constrained devices. High energy consumption and long delays of current implementations limit their effective usage in real-life deployments. The aim of our research is to explain how to design and implement DTLS-like protocols exploiting Elliptic Curve Cryptography (ECC) optimizations and minimizing ROM occupancy. We have implemented several solutions on an off-the-shelf mote platform and evaluated their performance. Results show that our ECC optimizations outperform priors scalar multiplication in state of the art for class 1 mote platforms, and improve network lifetime by a factor of up to 6.5 with respect to a standard-based not optimized implementation.
Can energy harvesting capabilities embedded in modern sensor nodes be exploited so as to support security mechanisms which otherwise would be too demanding and hardly viable? We have tried to answer to this question through several research works. First, we have focused on the support of extremely powerful, but complex, fine-grained data-centric access control mechanisms based on multi-authority Ciphertext Policy Attribute Based Encryption (CP-ABE). By integrating access control policies into the (encrypted) data, such mechanisms do not require any server-based access control infrastructure and are thus highly desirable in many wireless sensor network scenarios. Second, we have further optimized prior pre-computation techniques by exploiting more recent results on Cayley graph expanders and implemented the (Elliptic Curve) Digital Signature Algorithm. Our results show that the energy that micro solar cells and wind microturbines can be exploit to cryptographic processing. We believe that the exploitation of harvested energy for security protocols is a very compelling playground for future creative constructions. A different approach for low power networks foreseen the use of Wake-up-radio-based technology. Thanks to this, they have the potential to achieve low latency data collection at minimum energy cost, thus meeting the challenging lifetime and quality-of-service demands of emerging IoT and WSNs applications. However, the fact that nodes can be remotely activated on-demand makes wake-up-radio-based networks vulnerable to energy exhausting attacks. We developed a full-fledged solution to counteract Denial-of-Sleep (DoS) attacks to wake-up-radio-based sensing systems. A core component of our proposed solution is a key exchange protocol based on Elliptic Curve Cryptography (the Fully Hashed MQV protocol), which we use in conjunction with implicit certificates.
Despite the increasing interest on UASNs, solutions to secure protocols from the network layer up to the application layer are still overlooked. The aim of this research group is therefore manyfold. We study common threats and countermeasures for UASNs. We also select the most effective cryptographic primitives to build and constantly improve our security framework SecFUN. SecFUN is flexible and configurable with different features and security levels to satisfy UASN deployment security requirements. It provides data confidentiality, integrity, authentication and nonrepudiation by exploiting as building blocks AES in the Galois Counter Mode (GCM) and short digital signature algorithms such as ZSS, BLS and Quartz. We have exploited SecFUN primitives to design and develop R-CARP, a reputation based channel aware routing protocol for underwater acoustic sensor networks (UASNs). R-CARP is an improved version of CARP, the channel aware routing protocol, enriched with a reputation based mechanism to contrast malicious node behavior. To secure R-CARP we employ BLS, a short digital signature algorithm, exploiting its aggregation property to reduce the additional communication overhead. Results of our works show that a flexible and full-fledged security solution tailored to meet the requirements of UASNs can be provided at reasonable costs.