Completed Projects

New Approaches for Secure and Dependable Distributed Data Storage and Access Control in Mission-Critical Wireless Sensor Networks

This project is funded by the National Science Foundation.

PI: Wenjing Lou. $171,762, 9/1/2008~8/31/2012. Award #0831628.

The initial goal for this project is to address two important security issues in wireless sensor networks -- distributed data storage and access control. Our first research task is to tackle the security and dependability problem of distributed sensor data storage. Toward this end, we first studied the problem of how to store the sensor network data in a distributed manner while satisfying the requirements of both fault-tolerance and compromise-resilience. Straightforward solutions, such as individual storage and simple replication approaches, are usually either insecure or inefficient and hence not adequate. We investigated solutions where secret sharing and erasure coding are integrated to achieve both security and efficiency. We then moved on to dynamic data security and dependability after the initial data storage as along the time sensors may be compromised and/or behave Byzantine failures. In this case, it is critical to enable dynamic data consistency verification to ensure continuous data security. We investigated algebraic signature based schemes to address this challenge by exploiting its homomorphic property.

Our second research task is distributed data access control that ensures sensor network data can only be accessed by authorized network users. We considered the worst-case scenario in which not only sensors may be compromised, but also network users may not be fully trusted as they may also be compromised or collude for illegal data access beyond their collective access right. We proposed a fine-grained key management solution which achieves both sensor compromise-resilience and user collusion-resistance. After analyzing the state-of-the-art symmetric key cryptography (SKC) based solution and pointing out its security weakness and inadequacy for fine-grained data access control, we proposed an efficient SKC based approach to realizing relatively fine-grained user access control. To support more flexible user access structure and achieve improved security strength, we further proposed to investigate attribute based encryption (ABE) based access control schemes, which allow a highly flexible and fine-grained user access structure.

width="472"

During the course of the project, we extend our security research on compromised sensors threat model to a more general threat model - untrusted server model. With the popularity of the cloud computing, users data and applications are increasingly pushed to the cloud servers, which, from the security point of view, are untrusted third party from the users' point of view. So at the end of the project, we extend our research to the general untrusted server model and studied problems such as secure and distributed data storage and sharing on untrusted server environment, secure and effective keyword search over encrypted data, and other privacy-preserving techniques in mobile social networks.

Broadcast/Multicast Security in Multi-User Wireless Sensor Networks

This project is funded by the National Science Foundation.

PI: Wenjing Lou, co-PI: Berk Sunar. $337,200, 8/1/2007~7/31/2011. Award #0716306.

Wireless sensor networks have received tremendous attention in the past few years and have been envisioned as the key enabling technology for the future ubiquitous computing environment. To successfully realize such a vision, mechanisms that allow a large number of (mobile) users, in addition to a small number of (fixed) sink nodes, to securely and efficiently access the wireless sensor networks are indispensable.

This project is to develop security mechanisms to secure broadcast/multicast communications in a multi-user wireless sensor networks since broadcast/multicast is the most important communication type when a user attempts to access a wireless sensor network, either to retrieve desired information or to request some actions taken by some sensor/actuator nodes. More specifically, this project is focused on two major security tasks: broadcast/multicast authentication and encryption.

The first task is on multi-user broadcast authentication, which aims to provide effective, efficient, scalable, and secure broadcast authentication mechanisms that support a large number of mobile users to broadcast to a wireless sensor network anytime from anywhere in the network. Efficient cryptographic tools will be integrated with public key operations to minimize the overall computation and communication overhead and achieve higher security strength for various application scenarios. The second task is on semantics-based dynamic multicast encryption, which aims to provide a more efficient solution to handle the group membership dynamics. The idea is based on a novel semantics-based elementary group concept and efficient multicast encryption schemes that integrate energy-efficient geographical multicast routing techniques will be devised.

UPASS: An Attack-Resilient Security Architecture for Wireless Mesh Networks

This project is funded by the National Science Foundation.

PI: Wenjing Lou. $250,000, 9/15/2006~8/31/2009. Award #0626601.

Rapidly-deployable self-organizing wireless networks such as wireless LANs, mobile ad hoc networks and wireless sensor networks, particularly the convergence of such technologies, have received tremendous attention in the last few years, leading to a new type of network called wireless mesh network (WMN). WMNs have been posed as the competitive rival to the future wireless cellular technologies and provide a promising technology for ubiquitous high-speed network access, secure facility surveillance, disaster relief, public safety and homeland security. While many research efforts in WMNs have been made, security is still an untapped area. This project investigates this fundamental issue with the goal to develop a light-weight secure authentication and billing architecture, termed UPASS. UPASS features a novel user-broker-operator trust model built upon conventional certificate-based cryptography and emerging ID-based cryptography. Under this model, each user is furnished with a universal pass used to realize seamless roaming across WMN domains and gain ubiquitous secure network access. Moreover, an incontestable billing scheme is developed to facilitate the proper charging for the network usage through a lightweight real-time micropayment protocol built upon the combination of digital signature and one-way hash-chain techniques. Finally, since WMNs have been envisioned to be the most viable solutions to achieving seamless high-speed access with significantly low deployment cost, the proposed research will play a significant role in the commercialization of WMN technologies. Hence, it can have a significant impact on the telecommunications industries. The project benefits from the participation of minority faculty and students spanning undergraduate to doctoral levels across two institutions.

Power-aware / Energy-efficient Routing and Security in Wireless Sensor Networks

This project is funded by AirSprite Technologies, Inc.

PI: Wenjing Lou. $100,124, 1/1/2006~12/31/2006.

Securing Wireless Sensor Networks with Location Based Keys

This project is funded by Research Development Council, WPI.

PI: Wenjing Lou. $6,412, 7/1/2005~6/30/2006.

Performance Optimization and Cross-Layer Design of Multipath Routing in Wireless Ad Hoc Networks

This project is funded by Research Development Council, WPI.

PI: Wenjing Lou. $4,533, 7/1/2004~6/30/2005.