Ad hoc wireless networks are becoming important in several application domains. In these networks, nodes cooperate among themselves to achieve collective tasks, without requiring any pre-existing infrastructure. However, the cooperative nature and the possible hostile environments where the networks may be deployed make them vulnerable to a wide range of security attacks. Some of these attacks can be addressed through customized cryptographic primitives. However, the adversary can physically compromise the network nodes, and thus defeat the cryptographic measures. Further, the adversary may have much higher computational and communication capabilities than the legitimate nodes, and the malicious nodes can collude among themselves. This has created a difficult imbalance in securing ad hoc networks---defense is hard and resource-consuming while attack is often easy.
In this project, the PIs at Purdue University are developing a provably-assurable ad hoc network protocol suite to invert this imbalance. The system developed can give guaranteed security properties under a wide, and rigorously quantifiable, range of adversarial behaviors, including Byzantine behaviors. The project employs two main thrusts: (i) Security by diversification and randomization; and (ii) Security through accountability and reputation. The solution is applied to secure routing, secure data aggregation, and distributed leader selection.
Broader Impact: The project will significantly advance our understanding of the fundamental limits for security in wireless ad hoc networks. It will provide methods to design provably-secure wireless protocols for a large class of mission-critical applications. The results will be disseminated through public release of detailed design documents, software, and graduate course materials.
Ad hoc wireless networks have become important in several application domains. In agriculture, sensor networks can monitor important events such as those related to pests, temperature, humidity changes. In the electrical grid, smart meters can forward electricity usage information to local data collection points. In these networks, nodes cooperate among themselves to forward packets and to perform collective tasks, without requiring any pre-existing communication infrastructure such as a cell-phone service. Therefore, they can be deployed more cost-effectively. However, the cooperative nature and the possible hostile environments where the networks may be deployed make them vulnerable to a wide range of security attacks. Some of these attacks can be addressed through customized cryptographic primitives. However, the adversary can physically compromise the network nodes, and thus defeat all cryptographic measures. Further, the adversary may have much higher computational and communication capabilities than the legitimate nodes, and the malicious nodes can collude among themselves. This has created a difficult imbalance in securing ad hoc networks --- defense is hard and resource-consuming while attack is often easy. Intellectual Merits: The PIs at Purdue University developed a provably-assurable ad hoc network protocol suite to invert this imbalance. Our system can give guaranteed security properties under a wide, and rigorously quantifiable, range of adversarial behaviors. In the following, we summarize the key outcomes from this project: 1. Increasingly, cyber-physical systems, such as the smart electrical grid, utilize ad hoc wireless networks for communication and control. A pressing challenge is how to secure the "cyber"-communication; otherwise the "physical"-system (e.g., for electricity generation and distribution) may be severely disrupted when communication capability is lost. The project team studied a devastating type of attack to cyber-physical systems called the network isolation attack. In this attack, an adversary compromises a set of nodes that enclose a region, and prevents any communications from/to the isolated region. A novel solution is developed to defend against the network isolation attack. The proposed solution is able to achieve the following security guarantee: either a legitimate node can successfully deliver a message to another legitimate node, or the network control center can identify a small set of suspect nodes, which is guaranteed to contain a compromised node. Further, the solution can achieve such guarantees with low computation and communication cost. Hence, it significantly increases the safety of critical cyber-physical systems. 2. Event monitoring is a common application in wireless sensor networks. For event monitoring, a number of sensor nodes are deployed to monitor certain phenomenon, such as in an agricultural field or in a battle-field. When an event is detected, the sensor nodes report it to a base station (BS), where a network operator can take appropriate actions. In many common use-cases, the event must be reported within a time bound to the BS. However, such event reports can be hampered by compromised nodes in the middle that drop, modify, or delay the event report. To defend against such attacks, the project team developed SEM, a Secure Event Monitoring protocol against arbitrary malicious attacks by adversary nodes. SEM provided the guarantee that as long as the compromised nodes want to avoid being detected, a legitimate sensor node can report an event to the BS within a bounded time. If the compromised nodes launch an attack that causes the event report not to arrive at the BS within the bounded time, the BS can identify a pair of nodes that is guaranteed to contain at least one compromised node. Further, SEM incurs very low overhead. 3. A new mechanism was developed to preserve user privacy for smart meter data. Privacy has been a key concern in the deployment of smart meters. The study showed how to balance the efficiency of data collection with the privacy concerns of the individual end-user by using a local battery. The battery allows the user to disclose a different electricity usage pattern to the utility and outsiders. Further, it allows the user to achieve cost-savings by charging during low-price periods. 4. The project team addressed the problem of how to deploy "sniffers" in an ad hoc wireless network for monitoring purpose. "Sniffers" can overhear and verify communication among the other nodes. Algorithms were developed that assign sniffers to monitor multiple frequency channels, taking into account the fact that they themselves are imperfect and may make errors or be compromised. Broader Impact: The project advanced our understanding of the fundamental limits of security in wireless ad hoc networks. It provided methods to design provably-secure wireless protocols for a large class of mission-critical applications. The results were disseminated through publications and graduate course materials. Two Ph.D. students and one undergraduate student supported by the project were trained on both the theoretical and practical aspects of network security. Open source release of software was made which could be used to further advance the field.