Publications (10)0 Total impact
- [show abstract] [hide abstract]
ABSTRACT: Previous research on physical layer network coding (PNC) focuses on the improvements in bandwidth usage efficiency. Its capability to assist wireless nodes in localization was first discussed in . In that paper, however, the authors discussed only the basic idea to detect and separate the interfered signals for calculating the node positions. Many important issues to turn the idea into a practical approach are not extensively studied. In this paper, we plan to investigate these problems. Specifically, our research focuses on the bootstrap procedures, security, and localization accuracy of the PNC based mechanism. We first study the required node density to bootstrap the localization procedure in both infrastructure-based and self-organized networks. With this question answered, researchers can recognize the network scenarios to which PNC based localization can be applied. We design mechanisms to protect integrity of the exchanged information and defend against node impersonation attacks so that the localization procedures will be robust against malicious activities. For localization accuracy, we study the negative impacts of the position errors of the anchor nodes. We design two mechanisms to reduce the localization inaccuracy for both individual nodes and cumulative procedures through excluding the anchor nodes with positioning errors and introducing multiple bootstrap areas. Both simulation and theoretical analysis are used to support our investigation. This research shows that PNC based node localization can satisfy the security and accuracy requirements of different types of wireless networks and it can be widely deployed.Ad Hoc Networks. 09/2012; 10(7):1267–1277.
- [show abstract] [hide abstract]
ABSTRACT: We have designed and developed a 3D digital Lego system as an education tool for teaching security protocols effectively in Information Assurance courses (Lego is a trademark of the LEGO Group. Here, we use it only to represent the pieces of a construction set.). Our approach applies the pedagogical methods learned from toy construction sets by treating security primitives as Lego pieces and protocols as construction results. Simulating the Lego toys, the digital Legos use matching shapes to help students understand the relationships among security primitives and protocols. Specifically, we present a flexible Lego generation method that can use various intuitive shapes to represent abstract and complex security protocols. Our design allows easy generation of new Lego sets and creation of different course materials. The integrated system also provides D interaction methods that simulate the real Lego building experience. For selected security courses, we have designed sample demonstrations and experiments for a set of important protocols. The initial evaluation results show encouraging feedback from students on using digital Legos in introductory security courses.TLT. 01/2011; 4:125-137.
Conference Proceeding: Rethinking about guessing attacks.[show abstract] [hide abstract]
ABSTRACT: Although various past efforts have been made to characterize and detect guessing attacks, there is no consensus on the definition of guessing attacks. Such a lack of generic definition makes it extremely difficult to evaluate the resilience of security protocols to guessing attacks. To overcome this hurdle, we seek a new definition in this paper to fully characterize the attacker's guessing capabilities (i.e., guessability). This provides a general framework to reason about guessing attacks in a symbolic setting, independent of specific intruder models. We show how the framework can be used to analyze both passive and active guessing attacks.Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, Hong Kong, China, March 22-24, 2011; 01/2011
- [show abstract] [hide abstract]
ABSTRACT: Previous research on security of network coding focused on the protection of data dissemination procedures and the detection of malicious activities such as pollution attacks. The capabilities of network coding to detect other attacks have not been fully explored. In this paper, we propose a new mechanism based on physical layer network coding to detect wormhole attacks. When two signal sequences collide at the receiver, the starting point of the collision is determined by the distances between the receiver and the senders. Therefore, by comparing the starting points of the collisions at two receivers, we can estimate the distance between them and detect fake neighbor connections via wormholes. While the basic idea is clear, we have proposed several schemes at both physical and network layers to transform the idea into a practical approach. Simulations using BPSK modulation at the physical layer show that the wireless nodes can effectively detect fake neighbor connections without the adoption of special hardware or time synchronization.Tsinghua Science & Technology 01/2011; 16(5):505-519.
Conference Proceeding: Secure software attestation for military telesurgical robot systems[show abstract] [hide abstract]
ABSTRACT: Telesurgical robot systems (TRS) are often deployed in unattended environments such as battlefields or rural areas. Therefore, adversaries can easily access the devices, compromise the system, and install their own malware. If the integrity and health of the system software and configuration files are not verified before their usage, the safety and lives of the injured soldiers and patients may be in danger. Many existing software attestation mechanisms depend on the calculation delay to distinguish a correct memory image from a compromised system. We cannot directly apply this technique to transcontinental TRS when we consider the long transmission delay between the verifier and the prover. In this paper, we propose a software attestation mechanism that can distinguish between these two kinds of delay. A secure communication protocol among the verifier, telesurgical robot, and secure token of the remote medical personnel is designed. The safety of the approach is analyzed and its overhead is evaluated.MILITARY COMMUNICATIONS CONFERENCE, 2010 - MILCOM 2010; 12/2010
Conference Proceeding: Rethinking about Type-Flaw Attacks.[show abstract] [hide abstract]
ABSTRACT: Many security protocols are vulnerable to type flaw attacks, in which a protocol message may be forged from another message. The previous approaches focus on heuristic schemes to protect specific protocols but fail to expose the enabling factors of such attacks. In this paper, we investigate the relationship between the type flaw attacks on the security protocols and the knowledge of the principals. We formalize the notion of recognizability that characterizes the fact that a message could not be type-flawed. The approach helps us better understand security protocols and gives insights into the detection and prevention of type-flaw attacks.Proceedings of the Global Communications Conference, 2010. GLOBECOM 2010, 6-10 December 2010, Miami, Florida, USA; 01/2010
Conference Proceeding: Deciding Recognizability under Dolev-Yao Intruder Model.[show abstract] [hide abstract]
ABSTRACT: The importance of reasoning about recognizability has recently been stressed in finding type flaw attacks, in which a protocol message may be forged from another message. However, the problem of deciding recognizability has never been fully exploited. To fill this gap, we present a terminating procedure to decide recognizability under the standard Dolev-Yao model. By incorporating the proposed procedure with Athena, a well-know security protocol verifier, our experiments succeed in finding potential type flaw attacks.Information Security - 13th International Conference, ISC 2010, Boca Raton, FL, USA, October 25-28, 2010, Revised Selected Papers; 01/2010
Conference Proceeding: Node Localization in Wireless Networks through Physical Layer Network Coding.[show abstract] [hide abstract]
ABSTRACT: Previous research on physical layer network coding (PNC) focuses on the improvements in bandwidth usage efficiency. In this paper, we propose a PNC-based node localization mechanism. When two signal sequences collide at the receiver, the starting point of collision is determined by the distances between the receiver and senders. When the signal interference results from two receivers are combined together, we can determine a hyperbola with two senders as the respective focal points. In this way, by using multiple pairs of anchor nodes as senders, we can determine multiple hyperbolas and the node position will be at the intersection point of these hyperbolas. The proposed approach does not require the wireless nodes to be equipped with any special hardware such as synchronized clocks. We propose several schemes at the physical and network layers to transform the idea into a practical approach. We also investigate the overhead, localization accuracy, and safety of the approach.Proceedings of the Global Communications Conference, 2010. GLOBECOM 2010, 6-10 December 2010, Miami, Florida, USA; 01/2010
Conference Proceeding: Using deductive knowledge to improve cryptographic protocol verification[show abstract] [hide abstract]
ABSTRACT: An effective representation of principals' knowledge can greatly improve the efficiency of cryptographic protocol analysis. In this paper, we propose a mechanism to represent the deductive knowledge contained in a set of terms. Using Dolev-Yao model as an example, we design two algorithms to generate the knowledge representation and derive terms, respectively. We prove that using our knowledge representation, a principal can derive a term by using only constructive operations. To demonstrate the advantages of the proposed approach, we integrate it with Athena to build a new protocol verifier. The new approach will drastically reduce the number of states that are generated and analyzed during protocol verification. Experiments on several cryptographic protocols widely used for evaluating protocol verifiers demonstrate the improvements.Military Communications Conference, 2009. MILCOM 2009. IEEE; 11/2009
Conference Proceeding: Secure and efficient access to outsourced data.[show abstract] [hide abstract]
ABSTRACT: Providing secure and efficient access to large scale outsourced data is an important component of cloud computing. In this paper, we propose a mechanism to solve this problem in owner-write-users-read applications. We propose to encrypt every data block with a different key so that flexible cryptography-based access control can be achieved. Through the adoption of key derivation methods, the owner needs to maintain only a few secrets. Analysis shows that the key derivation procedure using hash functions will introduce very limited computation overhead. We propose to use over-encryption and/or lazy revocation to prevent revoked users from getting access to updated data blocks. We design mechanisms to handle both updates to outsourced data and changes in user access rights. We investigate the overhead and safety of the proposed approach, and study mechanisms to improve data access efficiency.Proceedings of the first ACM Cloud Computing Security Workshop, CCSW 2009, Chicago, IL, USA, November 13, 2009; 01/2009