security metrics

need to identify security metrics to assess the awissenet tool kit.

awissenet abstract

AWISSENET (Ad-hoc & WIreless Sensor SEcure NETwork) is a project focused on security and resilience across ad-hoc personal area networks (PAN) and wireless sensor networks. AWISSENET motivation is to implement a scalable, secure and context-aware networking protocol stack, able to offer self-configuration and secure roaming of data and services over multiple administrative domains and across insecure infrastructures of heterogeneous ad-hoc & wireless tiny sensory networks. AWISSENET optimisations will be extended, where applicable, from network up to the applications layer, focusing on three key research topics:

• Discovery, evaluation and selection of trusted routes based on multiple security metrics and key pre-distribution methods. The overall scheme must support secure routing even with disappearing nodes, multiple levels of in-network processing and multiple layers of aggregation. Moreover to protect the secure routing information from traffic analysis attacks, we will research utilisation of dynamic obfuscation of relationships.

• Secure Service Discovery, providing a network-level security framework, which will protect service discovery messages inside the AWISSENET, when crossing unknown domains or when interacting with public service providers. In order to execute the security algorithms in a very low-power manner, a small low-power FPGA will also be placed in the designated nodes; based on real-world experiments carried out by one of the partners those tiny FPGAs consume less than 1/100^th of the power consumed by a low power microcontroller when executing the exact same encryption/decryption/authentication algorithms

• Intrusion detection, intruder identification and recovery based on distributed trust to provide security against malicious attacks. Intrusion detection can also be much more efficiently executed by low-power FPGAs than by microcontrollers; as in the case of the security algorithms the overall FPGA power consumption for executing a certain intrusion detection scheme can be 1/100^th of that consumed by a microcontroller executing the same framework

• Highly Secure sensor nodes against attacks from users having actual access to those nodes. This is a very important issue since due to the nature of the sensor networks, in most of them, anyone can have access (or near access) to their nodes. As it is known in order to heavily increase the resistance of any processing unit to the “side attacks”, such as simple power attacks (SPAs) and differential power attacks (DPAs), specific parts of the security algorithms should be executed by dedicated hardware modules, designed in certain ways.

The AWISSENET results will be packed in a AWISSENET security toolbox, which will enable easy configuration and instant support of Ad-hoc PAN & WIreless Sensor SEcure NETworks. The proposed architecture and protocol toolbox will be prototyped and validated in a large trial of more than 100 nodes, consisting of sensor/MOTEs, wireless cameras and RFID tags. Over this trial, a number of PAN and wireless sensor application scenarios will be validated e.g. ambient intelligence in environments like industry, home, roads and disaster recovery.

---