Section: New Results
Security in infrastructure-less and constrained networks
WSN security is a major concern and many new protocols are being designed. Most of these protocols rely on cryptography, and therefore require a cryptographic pseudo-random number generator (CPRNG). However designing an efficient and secure CPRNG for wireless sensor networks is not trivial since most of the current source of randomness used by standard CPRNG are not present on a wireless sensor node. We present TinyRNG, a CPRNG for wireless sensor nodes. Our generator uses the received bit errors as one of the sources of randomness. We show that transmission bit errors on a wireless sensor network are a very good source of randomness. We demonstrate that these errors are randomly distributed and uncorrelated from one sensor to another. Furthermore we show that these errors are difficult to observe and manipulate by an attacker.
The need for anonymity in ad hoc networks, typically for military applications, drove several researchers to explore a wide range of techniques that aim to thwarting omni-present attackers and local attackers, given various optimization criteria such as complexity, transmission costs and processing costs.
In the context of anonymity, the goal of an attacker is to gather as much information as possible on the network activities, namely: who is communicating with whom? The problem is highly relevant in ad hoc networks since the open nature of the wireless channel goes in favor of the attacker: it can eavesdrop ``local'' communications and gather the information from the packets themselves, or it can get a ``global'' view of the communications, inferring the information from the traffic patterns.
Several techniques to improve anonymity have been proposed in the literature. They rely basically on multicast or on onion routing to thwart global attackers or local attackers respectively. None of the techniques provide a combined solution due to the incompatibility between the two components. We have developped a novel packet coding technique  that make the combination possible, thus integrating the advantages in a more complete and robust solution.
Our technique has the following characteristics: (1) it combines multicast and onion-based packet encryption to provide both global and local anonymity solutions, putting the two pieces of the complete puzzle together; (2) it makes the packets, and their headers , change at each hop to reduce traceability. This is an inherent property of (unicast) onion routing that cannot be maintained when combined with multicast routing; (3) it leverages the wireless/open nature of the radio channel to add supporting components to make those mechanisms even more efficient in hiding network communications.
Secure Aggregation and Group Communication in Wireless Sensor Networks
Wireless sensor networks (WSNs) are ad-hoc networks composed of tiny devices with limited computation and energy capacities. For such devices, data transmission is a very energy-consuming operation. It thus becomes essential to the lifetime of a WSN to minimize the number of bits sent by each device. One well-known approach is to aggregate sensor data (e.g., by adding) along the path from sensors to the sink. Aggregation becomes especially challenging if end-to-end privacy between sensors and the sink is required.
We developped a simple additively homomorphic stream cipher that allows efficient aggregation of encrypted data. The new cipher only uses modular additions (with very small moduli) and is therefore very well suited for CPU-constrained devices. We showed that aggregation based on this cipher can be used to efficiently compute statistical values such as mean, variance and standard deviation of sensed data, while achieving significant bandwidth gain.
We have also developped AIE (Authenticated Interleaved Encryption), a new scheme that allows nodes of a network to exchange messages securely (i.e. encrypted and authenticated) without sharing a common key or using public key cryptography. This scheme is well adapted to networks, such as ad hoc, overlay or sensor networks, where nodes have limited capabilities and can share only a small number of symmetric keys. It provides privacy and integrity. An eavesdropper listening to a communication is unable to decrypt it and modify it without being detected. We show that our proposal can be used in wireless sensor networks to send encrypted packets to very dynamic sets of nodes without having to establish and maintain group keys. These sets of nodes can be explicitly specified by the source or can be specified by the network according to some criteria, such as their location, proximity to an object, temperature range. As a result, a node can, for example, send encrypted data to all the nodes within a given geographical area, without having to identify the destination nodes in advance. Finally we show that our proposal can be used to implement a secure and scalable aggregation scheme for wireless sensor networks.
RFID Security/Noisy Tags
We have developped a novel key agreement protocol that can be used between an RFID tag and a reader. Similarly to the famous blocker tag suggested by Juels, Rivest, and Szydlo, our scheme makes use of special tags that we call noisy tags . Noisy tags are owned by the reader's manager and set out within the reader's field. They are regular RFID tags that generate noise on the public channel between the reader and the queried tag, such that an eavesdropper cannot differentiate the messages sent by the queried tag from the ones sent by the noisy tag. Consequently, she is unable to identify the secret bits that are sent to the reader. Afterwards, the secret shared by the reader and the tag can be used to launch a secure channel in order to protect communications against eavedroppers, or it can be used to refresh securely tags' identifiers, as proposed in Molnar and Wagner's solution suited to libraries.