Secure wireless sensor networks building blocks and applications /

by Song, Hui.

Sensor networks are ideal candidates for a wide range of applications, such as monitoring of critical infrastructures, data acquisition in hazardous environments, and military operations. It is necessary to guarantee the security and resilience of sensor networks (as well as their applications) as they become more and more popular. Despite many security schemes have been proposed to protect building blocks such as routing and key management, some other building blocks (e.g., mobile sink and time synchronization) are largely ignored. The objective of this thesis is developing security building blocks for sensor networks as well as designing secured sensor network applications. The thesis makes the following three contributions. The first contribution is the provision of a secured mobile sink building block. In sensor network applications, mobile sinks are often granted with privileges such as accessing and revoking sensors. If they are compromised, the abusing of the privileges may bring down or result in the compromise of the entire sensor network. This thesis describes how to grant mobile sinks with only the minimum required privileges, based on the principle of least privilege, and how to quickly revoke their privileges when they are compromised. Simulations and real implementation (using Mica2 motes) have been conducted and shown that the proposed approaches are secure, efficient, and practical. Secondly, this thesis furnishes a secured time synchronization building block. The existing time synchronization schemes for sensor networks were not designed with security in mind and are vulnerable to many malicious attacks. This thesis is focused on a specific attack using which an attacker can deliberately delay the transmission of time synchronization messages to interfere the time synchronization process between sensors. This attack cannot be addressed by traditional cryptographic techniques. Two approaches have been proposed to detect and accommodate this attack. The first approach uses a statistical method to detect and iii remove the outliers (i.e., malicious time synchronization data introduced by the attack), and the second approach uses a time transformation technique to derive the threshold for outlier filtering. Simulations demonstrate that even mild attacks (e.g., introducing only 10 millisecond delay) can be detected effectively (e.g., with 100 percent detection rate and zero percent false positive rate). The third contribution of this thesis is the design, implementation and evaluation of a sensor-network–based vehicle anti-theft system called SVATS. In this system, vehicles are equipped with sensors and sensor networks are automatically formed in parking lots, which actively monitor and identify possible vehicle thefts by detecting unauthorized vehicle movement. When an unauthorized movement is detected, an alert will be reported to a base station in the parking area, which sends warning messages to the security office or car owner. All the messages in the system are secured to mitigate malicious attacks. A prototype based on Mica2 motes is deployed to test the design, which shows that SVATS can detect vehicle theft in four to nine seconds. iv