It is desirable to store data on storage servers such as mail and file in encrypted form reduce security privacy risks. But this usually implies that one has sacrifice functionality for security. For example, if a client wishes retrieve only documents containing certain words, it was not previously known how let the server perform search answer query, without loss of confidentiality. We describe our cryptographic schemes problem searching provide proofs resulting crypto systems. Our...

Key establishment in sensor networks is a challenging problem because asymmetric key cryptosystems are unsuitable for use resource constrained nodes, and also the nodes could be physically compromised by an adversary. We present three new mechanisms using framework of pre-distributing random set keys to each node. First, q-composite scheme, we trade off unlikeliness large-scale network attack order significantly strengthen predistribution's strength against smaller-scale attacks. Second,...

As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, much research has focused on making feasible and useful, not concentrated security.

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, severe attack in networks that is particularly challenging to defend against. The possible even if attacker has not compromised any hosts, and all communication provides authenticity confidentiality. an records packets (or bits) at one location network, tunnels them (possibly selectively) another location, retransmits there into network. can form...

They are susceptible to a variety of attacks, including node capture, physical tampering, and denial service, while prompting range fundamental research challenges.

a secure on-demand routing protocol for ad hoc networks.

Security is important for many sensor network applications. A particularly harmful attack against and ad hoc networks known as the Sybil [6], where a node illegitimately claims multiple identities. This paper systematically analyzes threat posed by to wireless networks. We demonstrate that can be exceedingly detrimental functions of such routing, resource allocation, misbehavior detection, etc. establish classification different types attack, which enables us better understand threats each...

It is often appealing to assume that existing solutions can be directly applied emerging engineering domains. Unfortunately, careful investigation of the unique challenges presented by new domains exposes its idiosyncrasies, thus requiring approaches and solutions. In this paper, we argue "smart" grid, replacing incredibly successful reliable predecessor, poses a series security challenges, among others, require novel field cyber security. We will call cyber-physical The tight coupling...

Multicast stream authentication and signing is an important challenging problem. Applications include the continuous of radio TV Internet broadcasts, authenticated data distribution by satellite. The main challenges are fourfold. First, authenticity must be guaranteed even when only sender trusted. Second, scheme needs to scale potentially millions receivers. Third, streamed media can have high packet loss. Finally system efficient support fast rates. We propose two schemes, TESLA EMSS, for...

Sensor networks promise viable solutions to many monitoring problems. However, the practical deployment of sensor faces challenges imposed by real-world demands. nodes often have limited computation and communication resources battery power. Moreover, in applications sensors are deployed open environments, hence vulnerable physical attacks, potentially compromising sensor's cryptographic keys.One basic indispensable functionalities is ability answer queries over data acquired sensors. The...

Defending against distributed denial-of-service attacks is one of the hardest security problems on Internet today. One difficulty to thwart these trace source because they often use incorrect, or spoofed IP addresses disguise true origin. In this paper, we present two new schemes, advanced marking scheme and authenticated scheme, which allow victim trace-back approximate origin packets. Our techniques feature low network router overhead, support incremental deployment. contrast previous...

The low-cost, off-the-shelf hardware components in unshielded sensor-network nodes leave them vulnerable to compromise. With little effort, an adversary may capture nodes, analyze and replicate them, surreptitiously insert these replicas at strategic locations within the network. Such attacks have severe consequences; they allow corrupt network data or even disconnect significant parts of Previous node replication detection schemes depend primarily on centralized mechanisms with single...

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, severe attack in networks that is particularly challenging to defend against. The possible even if attacker has not compromised any hosts, and all communication provides authenticity confidentiality. an records packets (or bits) at one location network, tunnels them (possibly selectively) another location, retransmits there into network. can form...

An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help any infrastructure such as base stations or access points. Although many previous routing protocols have been based in part on distance vector approaches, they generally assumed trusted environment. We design and evaluate Secure Efficient Ad Distance protocol (SEAD), secure Destination-Sequenced Distance-Vector (DSDV). In order to support use with...

We expect a future where we are surrounded by embedded devices, ranging from Java-enabled cell phones to sensor networks and smart appliances. An adversary can compromise our privacy safety maliciously modifying the memory contents of these devices. In this paper, propose softWare-based attestation technique (SWATT) verify devices establish absence malicious changes contents. SWATT does not need physical access device's memory, yet provides content similar TCG or NGSCB without requiring...

We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few 250 lines of additional code. Flicker can also provide meaningful, fine-grained attestation the executed (as well its inputs and outputs) to a remote party. guarantees these properties even if BIOS, OS DMA-enabled devices are all malicious. leverages new commodity processors from AMD Intel does not require or VMM. demonstrate full implementation on platform describe our...

In an ad hoc network, mobile computers (or nodes) cooperate to forward packets for each other, allowing nodes communicate beyond their direct wireless transmission range. Many of the proposed routing protocols networks operate in on-demand fashion, as have been shown often lower overhead and faster reaction time than other types based on periodic (proactive) mechanisms. Significant attention recently has devoted developing secure ad~hoc networks, including a number protocols, that defend...

We propose SecVisor, a tiny hypervisor that ensures code integrity for commodity OS kernels. In particular, SecVisor only user-approved can execute in kernel mode over the entire system lifetime. This protects against injection attacks, such as rootkits. achieve this propertyeven an attacker who controls everything but CPU, memory controller, and chips. Further, even defend attackers with knowledge of zero-day exploits.

Sensor networks are expected to play an essential role in the upcoming age of pervasive computing. Due their constraints computation, memory, and power resources, susceptibility physical capture, use wireless communications, security is a challenge these networks. The scale deployments sensor require careful decisions trade-offs among various measures. authors discuss issues consider mechanisms achieve secure communication