Skip to main content
SpringerLink
Log in

Towards Provable Security for Ubiquitous Applications

  • Conference paper
Information Security and Privacy (ACISP 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4058))

Included in the following conference series:

Abstract

The emergence of computing environments where smart devices are embedded pervasively in the physical world has made possible many interesting applications and has triggered several new research areas. Mobile ad hoc networks (MANET), sensor networks and radio frequency identification (RFID) systems are all examples of such pervasive systems. Operating on an open medium and lacking a fixed infrastructure, these systems suffer from critical security vulnerabilities for which few satisfactory current solutions exist, particularly with respect to availability and denial-of-service. In addition, most of the extant knowledge in network security and cryptography cannot be readily transferred to the newer settings which involve weaker devices and less structured networks.

In this paper we investigate the security of pervasive systems and focus on availability issues in malicious environments. We articulate a formal security framework that is tuned for the analysis of protocols for constrained systems and show how this can be used with applications that involve MANET and RFID systems. In our approach we shall use optimistic protocols for which the overhead is minimal when the adversary is passive. When the adversary is active, depending on the application, the additional cost is either used to trace malicious behavior or born by non-constrained components of the system. Our goal is to design mechanisms that will support self-healing and promote a fault-free system state, or a stable system state, in the presence of a Byzantine adversary.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: Proc. of the ACM Conf. on Computer and Communication Security (ACM CCS 2005), pp. 92–101. ACM Press, New York (2005)

    Chapter  Google Scholar 

  2. Awerbuch, B., Holmer, D., Nita-Rotaru, C., Rubens, H.: An On-Demand Secure Routing Protocol Resilient to Byzantine Failures. In: ACM Workshop on Wireless Security – WiSe 2002 (2002)

    Google Scholar 

  3. Beaver, D.: Foundations of secure interactive computing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 377–391. Springer, Heidelberg (1992)

    Google Scholar 

  4. Beaver, D.: Secure multi-party protocols and zero-knowledge proof systems tolerating a faulty minority. Journal of Cryptology 4(2), 75–122 (1991)

    Article  MATH  Google Scholar 

  5. Beaver, D., Goldwasser, S.: Multiparty computation with faulty majority. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 589–590. Springer, Heidelberg (1990)

    Google Scholar 

  6. Belding-Royer, E.M., Toh, C.-K.: A review of current routing protocols for ad-hoc mobile wireless networks. In: IEEE Personal Communications Magazine, pp. 46–55 (1991)

    Google Scholar 

  7. Burmester, M., van Le, T.: Secure Multipath Communication in Mobile Ad hoc Networks. In: Proc. International Conference on Information Technology Coding and Computing, pp. 405–409 (2004)

    Google Scholar 

  8. Burmester, M., Van Le, T., Yasinsac, A.: Adaptive gossip protocols: managing security and redundancy in dense ad hoc networks. Journal of Ad hoc Networks 4(3), 504–515 (2006)

    Google Scholar 

  9. Chatmon, C., Van Le, T., Burmester, M.: Anonymous authentication with RFID devices. FSU Technical Report: TR-060112, Available at: http://www.sait.fsu.edu/research/rfid/index.shtml

  10. Canetti, R.: Studies in Secure Multiparty Computation and Applications. Ph. D. thesis, Weizmann Institute of Science, Rehovot 76100, Israel (June 1995)

    Google Scholar 

  11. Canetti, R.: Security and composition of multi-party cryptographic protocols. Journal of Cryptology 13(1), 143–202 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  12. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. of Foundations of Comp. Sci. (FOCS 2001), pp. 136–145 (2001)

    Google Scholar 

  13. Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 19. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Canetti, R., Herzog, J.: Universally Composable Symbolic Analysis of Cryptographic Protocols (The case of encryption-based mutual authentication and key exchange). In E-print Technical Report # 2004/334, International Association for Cryptological Research (2004), Available at: http://eprint.iacr.org/2004/334

  15. Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels (extended asbatrct). In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 337. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  16. Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-Party Secure Computation. In: Proc. of the ACM Symposim on Theory of Computing, vol. 34, pp. 494–503. ACM Press, New York (2002)

    Google Scholar 

  17. Douceur, J.R.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, p. 251. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  18. Ford, L.R., Fulkerson, D.R.: Flows in Networks. Princeton University Press, Princeton, NJ (1962)

    MATH  Google Scholar 

  19. Gilbert, H., Rodshaw, M., Sibert, H.: An Active Attack Against HB+ – A Provably Secure Lightweight Authentication Protocol. In: PerSec 2004, Full paper available in E-print Technical Report # 2005/237, International Association for Cryptological Research (March 2004), Available at: http://eprint.iacr.org/2005/237.pdf

  20. Hirt, M., Maurer, U.: Player Simulation and General Adversary Structures in Perfect Multiparty Computation. Journal of Cryptology 13(1), 31–60 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  21. Hofheinz, D., Müller-Quade, J., Steinwandt, R.: Initiator-Resilient Universally Composable Key Exchange. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 61–84. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  22. Hopper, N.J., Blum, M.: Secure Human Identification Protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 52. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  23. Hu, Y.-C., Johnson, D.B., Perrig, A.: Ariadne: A Secure On-Demand Routing protocol for Ad Hoc Networks. In: Proc. of the ACM Annual Intern. Conf. on Mobile Computing and Networking (MobiCom 2002), ACM Press, New York (2002)

    Google Scholar 

  24. Hu, Y.-C., Johnson, D.B., Perrig, A.: SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks. In: Proc. 4th IEEE Workshop on Mobile Computing Systems & Applications (WMCSA 2002), IEEE, Calicoon, NY (2002)

    Google Scholar 

  25. Hu, Y.-C., Perrig, A., Johnson, D.B.: Rushing attacks and defense in wireless ad hoc network routing protocols. In: Proc. of WiSe 2003, pp. 30–40 (2003)

    Google Scholar 

  26. Johnson, D.B., Maltz, D.A.: Dynamic Source Routing in Ad-Hoc Wireless Networks. In: Imielinski, T., Korth, H. (eds.) Mobile Computing, pp. 152–181. Kluwer Academic Publisher, Dordrecht (1996)

    Google Scholar 

  27. Juels, A., Weis, S.A.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)

    Google Scholar 

  28. Katz, J., Shin, J.S.: Parallel and Concurrent Security of the HB and HB +  Protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  29. Laud, P.: Formal analysis of crypto protocols: Secrecy types for a simulatable cryptographic library. In: Proc. of the 12th ACM Conf. on Computer and Communications Security (ACM CCS 2005), pp. 26–35. ACM Press, New York (2005)

    Chapter  Google Scholar 

  30. Papadimitratos, P., Haas, Z.H.: Secure Routing for Mobile Ad hoc Networks. Mobile Computing and Communications Review 6(4) (2002)

    Google Scholar 

  31. Perkins, C.E., Bhagwat, P.: Highly Dynamic Destination-Sequenced Distance-Vector Routing for Mobile Computers. Computer Communications Review, 224–244 (1994)

    Google Scholar 

  32. Perkins, C.E., Royer, E.M.: Ad hoc on-demand distance vector routing. In: Proc. of the IEEE Workshop on Mobile Computing Systems and Applications, pp. 90–100 (1999)

    Google Scholar 

  33. Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: Proc. of the ACM Conf. on Computer and Communications Security (ACM CCS 2000), pp. 245–254. ACM Press, New York (2000)

    Chapter  Google Scholar 

  34. Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proc. of the IEEE Security and Privacy Symposium (S & P 2001), pp. 184–200 (2001)

    Google Scholar 

  35. Oren, Y., Shamir, A.: Power Analysis of RFID Tags. In: Invited talk, RSA Conference, Cryptographer’s Track (RSA-CT 2006), Available at: http://www.wisdom.weizmann.ac.il/~yossio/rfid

  36. Menezes, A.J., van Oorschot, P.C., Vanscott, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    Book  Google Scholar 

  37. Tsudik, G.: YA-TRAP: Yet another trivial rfid authentication protocol. In: International Conference on Pervasive Computing and Communications (2006)

    Google Scholar 

  38. Zapata, M.G.: Secure Ad hoc On-Demand Vector (SAODV) Routing. IETF Internet Draft (Work in Progress), Available at: http://www.potaroo.net/ietf/all-ids/draft-guerrero-manet-saodv-00.txt

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Florida State University, Tallahassee, Florida, 32306-4530

    Mike Burmester, Tri Van Le & Breno de Medeiros

Authors
  1. Mike Burmester
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tri Van Le
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Breno de Medeiros
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology, Deakin University,  

    Lynn Margaret Batten

  2. Department of Computer Science, University of Calgary, T2N 1N4, Calgary,  

    Reihaneh Safavi-Naini

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Burmester, M., Van Le, T., de Medeiros, B. (2006). Towards Provable Security for Ubiquitous Applications. In: Batten, L.M., Safavi-Naini, R. (eds) Information Security and Privacy. ACISP 2006. Lecture Notes in Computer Science, vol 4058. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11780656_25

Download citation

  • DOI: https://doi.org/10.1007/11780656_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35458-1

  • Online ISBN: 978-3-540-35459-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation