Activity Report (2007)

Laboratory of Cryptography and systems Security (CrySyS)
Department of Telecommunications
Budapest University of Technology and Economics
www.crsysy.hu

Contents:

• Members
• Research activity
• Research themes
• Secure routing multi-hop wireless networks
• Resilient data aggregation in sensor networks
• Security of reliable transport protocols in sensor networks
• Location privacy in mobile systems
• Security in delay tolerant networks
• Mobility supporting security architectures
• Security API analysis with the spi-calculus
• Mitigation of network denial-of-service problems
• R&D projects
• UbiSecSens
• SeVeCom
• BIONETS
• DESEREC
• MobilSEC
• MIK 2.3.1
• OTKA T046664
• Publcations
• Teaching activity
• Courses
• Laboratory exercises
• Student semester projects
• Diploma projects
• Sponsors

Faculty members and senior researchers:

• István Vajda, Professor
• Levente Buttyán, Associate Professor
• Boldizsár Bencsáth, Research Fellow

PhD students:

• Gergely Ács
• László Csík
• László Dóra
• Tamás Holczer
• Péter Schaffer
• Ta Vinh Thong

Correspondant members:

• Márk Félegyházi

Research themes

Secure routing in multi-hop wireless networks

Routing is one of the most fundamental networking functions. It is known that an adversary can easily paralyze the operation of a whole network by attacking the routing protocol. Moreover, attacks against the routing protocol usually do not require a lot of resources, but alteration of a few routing messages or injection of some fake ones is sufficient to disturb the operation of the network. Hence, the problem of secure routing is very relevant.

Most of the routing protocols proposed for wireless ad hoc and sensor networks are insecure. One of the reasons is that there is no clear understanding of what secure routing should mean. In additon, tools that allow the security analysis of routing protocols are lacking.

Therefore, our goal is to develop formal models in which precise definitions of secure routing can be given, and routing protocols proposed for multi-hop wireless networks can be rigorously analyzed. Our ultimate objective is to better understand the design principles of secure routing protocols and to apply those principles for designing secure routing protocols for ad hoc and sensor networks.

Participating researchers: Gergely Ács, Levente Buttyán, István Vajda
Related projects: UbiSecSens, OTKA T046664
Related publications: AB07ht-en, AB07wsns

Resilient data aggregation in sensor networks

Sensor nodes are often unattended and easy to capture. In addition, sensors are rarely tamper resistant, therefore, the operation of captured nodes can be corrupted. A corrupted sensor node may still send authentic messages (e.g., it can use the cryptographic keys stored in it), but it may not work according to its original specifications (e.g., it may send erronous readings to the base station). It is clear that this is an undesirable situation, and one would like to detect if a node is captured and corrupted, or at least eliminate the effect of corrupted nodes.

We study the problem of node capture in the context of data aggregation in sensor networks. Our goal is to design node capture resilient data aggregation schemes that eliminate the effect of corrupted data on the aggregated value.

Participating researchers: Péter Schaffer, István Vajda, Levente Buttyán
Related projects: UbiSecSens, OTKA T046664
Related publications: BS07mass, SV07mswim

Security of reliable transport protocols in sensor networks

End-to-end reliability of communications is an important requirement in many applications of wireless sensor networks. For this reason, a number of reliable transport protocols specifically designed for wireless sensor networks have been proposed in the literature. Besides providing end-to-end reliability, some of those protocols also address the problems of fairness and congestion control, and they are all optimized for low energy consumption. However, most of those protocols completely neglect security issues. As a consequence, they ensure reliable communications and low energy consumption only in a benign environment, where packet losses and delays occur as a result of random errors in lower layers of the communication stack, but they fail in a hostile environment, where an adversary can forge or replay control packets of the protocol. More specifically, our analysis shows that control packet injection and replay can cause permanent loss of data packets, and thus, such misdeeds make the hitherto reliable protocol unreliable. In addition, even if the protocol can recover from such an attack, the recovery overhead caused by forged or replayed control packets can be large, which gives an opportunity for energy depleting attacks. As sensor nodes usually operate on batteries, which are often very difficult or even impossible to recharge or replace, energy depletion attacks can jeopardize the entire mission of the network. Besides the security analysis of the most important reliable sensor network transport protocols, we also intend to propose some general design principles to make them more resistant against malicious attacks.

Participating researchers: László Csik, Levente Buttyán
Related projects: UbiSecSens, OTKA T046664
Related publications:

Location privacy in mobile systems

One serious concern about ubiquitous computing is that it may result in breaches of privacy. In particular, the whereabouts of mobile individuals may be easily tracked by monitoring the wireless transmissions of their electronic devices that they carry with themselves. So one would like to ensure location privacy for users, while still making the services of the system available to them.

Our goal is to study the location privacy problem in various environments including traditional mobile networks and vehicular ad hoc networks, and to design appropriate privacy preserving mechanisms for these environments.

Participating researchers: Tamás Holczer, Levente Buttyán, István Vajda
Related projects: SeVeCom, MIK 2.3.1, OTKA T046664
Related publications: BHV07esas, ABHV07tspuc

Security in delay tolerant networks

In a delay tolerant network, the nodes carry the packets while they are moving, and forwards the packets to the nodes in their vicinity in an opportunistic manner. Due to node mobility, the wireless links between the nodes are usually short-lived. Furthermore, nodes are usually constrained in terms of energy supply, memory, CPU, and available bandwidth.

In this context, we study three problems:

• The operation of the system depends on the willingness of the nodes to cooperate, thus, we study what stimulates the nodes to download, carry, and forward messages for the benefit of other nodes.
• Attackers may inject SPAM messages into the system. The consequence can be that the whole system suffers a performance degradation, and the nodes spend their energy to handle useless messages.
• By observing what a node downloads from other nodes, an attacker can figure out the interest profile of the user. In addition, the attacker can track the user physical location. Thus, there are serious privacy problems to be solved.

Participating researchers: László Dóra, Levente Buttyán, Márk Félegyházi, István Vajda
Related projects: BIONETS, OTKA T046664
Related publications: BDFV07aoc

Mobility supporting security architectures

Enabling mobility is one of the key features of today's wireless networks. In order to provide services to mobile users anywhere at any time, network operators will deploy wireless access networks based on various technologies (e.g., WiFi, UMTS, etc.). Users are expecting to be able to dynamically choose among these technologies and use the most appropriate one for their purposes. We study what this dynamicity of user requirements and heterogeneity of technologies mean for the security architecture. Our goal is to develop a security architecture that supports user mobility in a heterogeneous wireless environment. We also study the security requirements of modern services targeting mobile users, such as location based services and m-commerce services, and we intend to develop appropriate security mechansisms for them.

Participating researchers: László Dóra, Levente Buttyán, István Vajda
Related projects: MIK 2.3.1, MobilSEC
Related publications: BBD07wicon

Security API analysis with the spi-calculus

API level vulnerabilities of hardware security modules represent a serious threat, thus, discovering and patching security holes in APIs are important. We argue and illustrate that the application of formal verification methods is a promising approach for API analysis. In particular, we propose an API verification method based on process algebra. The proposed method seems to be extremely well-suited for API analysis as it allows for the straightforward modelling of the API, the precise definition of the security requirements, and the rigorous verification of the security properties offered by the API. We use our method to analyze the HSM API designed in the context of the SeVeCom Project.

Participating researchers: Ta Vinh Thong, Levente Buttyán
Related projects: SeVeCom, OTKA T046664
Related publications: BT07ht, T07tdk

Mitigating network denial-of-service problems

Today, e-mail viruses generate 40-60% of the total Internet e-mail traffic. These viruses infect millions of computers, and by doing so, they enable identity theft, spamming, etc. Anti-virus softwares have not solved the problem of Internet viruses yet. In particular, they do not stop the rapid propagation of new viruses. A system approach seems to be necessary to achieve a better protection.

We are developing a general architecture consisting of some small, collaborative components allowing the following:

• the identification of virus sources (owners of infected computers, virus writers), rapid response to unknown viruses, and collection of descriptive information about the propagation (through statistics);
• the elimination of false "virus alert" e-mail messages (where the sender is valid) without eliminating virus alerts to valid senders;
• the protection against directory harvest attacks aiming at obtaining valid e-mail addresses typically for spamming purposes;
• the protection against more generic forms of DoS attacks using network traffic analysis;
• the protection of SMTP servers against DoS attacks (false notifications, rapid virus propagation or direct attack).

Participating researchers: Boldizsár Bencsáth, István Vajda
Related projects: DESEREC
Related publications: BV07ijns, BR07cts

R&D projects

UbiSec&Sens

• name: Ubiquitous Sensing and Security in the European Homeland
• duration: 2006--2008
• funded by: EU (026820)
• type: STREP
• fund: ~190K EUR
• info: http://www.ist-ubisecsens.org

Wireless Sensor Networks (WSN)s are an exciting development with very large potential to have a significant beneficial impact on every aspect of our lives while generating huge opportunities for European industry. What is needed to kick off the development and exploitation of WSNs is an architecture for medium and large scale wireless sensor networks integrating comprehensive security capabilities right form the concept stage. This would support the rapid development of sensor networks and would open up the application domain for commercial activities.

UbiSec&Sens intends to solve this by providing a comprehensive architecture for medium and large scale wireless sensor networks with the full level of security that will make them trusted and secure for all applications. In addition, UbiSec&Sens will provide a complete tool box of security aware components which, together with the UbiSec&Sens radically new design cycle for secure sensor networks, will enable the rapid development of trusted sensor network applications.

The UbiSec&Sens approach is to use three representative WSN scenarios to iteratively determine solutions for the key WSN issues of scalability, security, reliability, self-healing and robustness. This will also give a clearer understanding of the real-world WSN requirements and limitations as well as identifying how to achieve a successful rollout of WSNs.

The results of UbiSec&Sens are a necessary step to progress the field of security and communication research in Europe and, as well as advancing the competitiveness of the European industry, they assist the European Commission to develop more comprehensive programs for innovative socially and economically beneficial sensor applications to be part of future research programs after 2007.

SeVeCom

• name: Secure Vehicle Communications
• duration: 2006--2008
• funded by: EU (027795)
• type: STREP
• fund: ~210K EUR
• info: http://www.sevecom.org

Vehicular communications (VC) and inter-vehicular communications (IVC) bring the promise of improved road safety and optimised road traffic through co-operative systems applications. To this end, a number of initiatives have been launched, such as the Car-2-Car consortium in Europe, or the DSRC in North America. A prerequisite for the successful deployment of vehicular communications is to make them secure. For example, it is essential to make sure that life-critical information cannot be modified by an attacker; it should also protect as far as possible the privacy of the drivers and passengers. The specific operational environment (moving vehicles, sporadic connectivity, ...) makes the problem very novel and challenging.

SeVeCom addresses security of future vehicle communication networks, including both the security and privacy of inter-vehicular and vehicle-infrastructure communication. Its objective is to define the security architecture of such networks, as well as to propose a roadmap for progressive deployment of security functions in these networks.

SeVeCom will focus on communications specific to road traffic. This includes messages related to traffic information, anonymous safety-related messages, and liability-related messages. The following research and innovation work is foreseen:

• Identification of the variety of threats: attacker�s model and potential vulnerabilities; in particular, study of attacks against the radio channel and transferred data, but also against the vehicle itself through internal attacks, e.g., against TCU (Telematics Control Unit), ECU (Electronic Control Unit) and the internal control bus.
• Specification of an architecture and of security mechanisms which provide the right level of protection. It will address issues such as the apparent contradiction between liability and privacy, or the extent to which a vehicle can check the consistency of claims made by other vehicles. The following topics will be fully addressed: Key and identity management, Secure communication protocols (including secure routing), Tamper proof device and decision on crypto-system, Privacy. The following topics will be investigated in preparation of further work: Intrusion Detection, Data consistency, Secure positioning, Secure user interface.
• The definition of cryptographic primitives which take into account the specific operational environment. The challenge is to address (1) the variety of threats, (2) the sporadic connectivity created by moving vehicles and the resulting real-time constraints, (3) the low-cost requirements of embedded systems in vehicles. These primitives will be adaptations of existing cryptosystems to the VC environment.

BIONETS

• name: Biologically Inspired Networks and Services
• duration: 2006--2008
• funded by: EU (027748)
• type: IP
• fund:
• info: http://www.bionets.org

The motivation for BIONETS comes from emerging trends towards pervasive computing and communication environments, where myriads of networked devices with very different features will enhance our five senses, our communication and tool manipulation capabilities. The complexity of such environments will not be far from that of biological organisms, ecosystems, and socio-economic communities.

Traditional communication approaches are ineffective in this context, since they fail to address several new features: a huge number of nodes including low-cost sensing/identifying devices, a wide heterogeneity in node capabilities, high node mobility, the management complexity, the possibility of exploiting spare node resources.

BIONETS aims at a novel approach able to address these challenges. Nature and society exhibit many instances of systems in which large populations are able to reach efficient equilibrium states and to develop effective collaboration and survival strategies, able to work in the absence of central control and to exploit local interactions. BIONETS seeks inspiration from these systems to provide a fully integrated network and service environment that scales to large amounts of heterogeneous devices, and that is able to adapt and evolve in an autonomic way.

The goal of BIONETS is to provide a biologically-inspired open networking paradigm for the creation, dissemination, execution, and evolution of autonomic services able to adapt to the surrounding environment and user needs, to evolve without direct human supervision, and able to deal with large-scale networks of heterogeneous nodes ranging from small, cheap devices to more complex network nodes. In order to achieve this goal, the project will design and implement a new communication architecture and service framework inspired by nature, and optimised for maximum adaptation to society.

DESEREC

• name: Dependable security by enhanced reconfigurability
• duration: 2006--2008
• funded by: EU (026600)
• type: IP
• fund:
• info: http://www.deserec.org

Most of European critical activities rely on networked Information Systems, highly interconnected. The performance of such Information Systems could be jeopardized by incidents of various kinds. A multi-disciplinary approach is compulsory to leverage their dependability by an alliance of three approaches:

• Modelling and simulation: DESEREC devises and develops innovative approaches and tools to design, model, simulate, and plan ICT-based critical infrastructures to dramatically improve their resilience.
• Detection: DESEREC integrates various kinds of detection mechanism to ensure a fast detection of severe incidents but also to be able to detect incidents based on a complex combination of unrelated events or to an abnormal behaviour of the system.
• Response: DESEREC provides a framework for computer-aided and automated counter-measures initiatives in order to respond in a quick and appropriate way to a large range of incident to mitigate the threats to the dependability and rapidly thwarts the problem. Re-configuration of Information Systems is the utmost mechanism for their survivability.

These three features respond both to attacks from the outside (e.g., aiming at Intrusion or Denial of Service), and to intrinsic failures, whatever is the origin (hardware failure, software fault, environment).

The DESEREC framework includes three response loops working on 3 different timings:

• A few seconds to locally respond to a severe and well characterised incident and to launch emergency curative procedures to avoid the escalation process or dramatic damage.
• Some minutes to detect a very complex problem and to allow time to adapt the system through computer aided reactions.
• Some hours to model a new configuration of the information system optimised for a new situation.

The DESEREC approach, framework, and tools apply to critical information and communication systems in order to improve their resilience and their depndability.

MobilSEC

• name: Strong user and device authentication in a mobile environment
• duration: 2006--2007
• funded by: NKTH (Jedlik program, 2-023-2005)
• fund: ~80M Ft

The general objective of the MobilSEC project is to develop new user authentication mechanisms that provide stronger security than the traditional username/password approach, but still do not require special hardware such as smart cards or other physical security tokens. The authentication methods that are developed in the project should also support mobile users, and they should also ensure privacy for the users as much as possible.

MIK 2.3.1

• name: Mobility supporting security architectures
• duration: 2005--2008
• funded by: NKTH (???)
• fund: ~30M Ft
• info: http://www.mik.bme.hu

This is project No 2.3.1 of the Mobile Innovation Center (MIK). The general objective of the project is to study the relationship between mobility (users, devices, and services) and security. In particular, the project is concerned with the following problems:

• Design issues of mobility supporting security architectures
• Security of mobile applications and services
• Location privacy of mobile users

OTKA T046664

• name: Security and Privacy in Ubiquitous Computing
• duration: 2004--2007
• funded by: OTKA (T046664)
• fund: 8.622M Ft

The vision of ubiquitous computing is to surround people with all kinds of embedded computing devices that could assist them in their everyday activity and make their life easier. In order to take full advantage of this new paradigm, it is expected that these devices will form networks through which they can communicate with each other and reach existing computing infrastructures such as the Internet. Besides its potential advantages, the ubiquitous computing paradigm also raises several problems related to security and privacy. Broadly speaking, these problems can be divided into two classes: First, there are traditional security and privacy problems that also arise in a ubiquitous computing environment (e.g., authenication, integrity protection, availability, anonymity), but these must be solved under fundemantally different conditions and assumptions. Second, there are brand new security and privacy problems that arise due to the very nature of the ubiquitous computing environment. An example for the latter is the problem of cooperation among potentially selfish mobile nodes.

The research topics we are dealing with in this project are the following:

• Security of wireless ad hoc networks (including sensor networks, vehicuar networks, and delay tolerant networks)
• Security and privacy in RFID systems
• Applications of personal security tokens (e.g., smart cards)
• Development of formal security models in which the proposed security and privacy protecting mechanisms can be evaluated

Publications in 2007

Our teaching activities are mainly related to the base course called Information Security and to the Special on Security of Information and Communication Systems.

Courses given in 2007

• Information Security (BMEVIHI4363) (~350 students)
• Coding Techniques (BMEVIHIA209) (~200 students)
• Network Security Protocols (BMEVIHI4372) (~40 students)
• Secure Electronic Commerce (BMEVIHI5316) (~40 students)
• Information Security (Selye János University, Révkomárom) (~20 students)
• Data Security (BME, foreign language programme) (~10 students)

Laboratory exercises in 2007

• Network protocol analysis by sniffing (part of BMEVIHI4401)
• Access control in operating systems (part of BMEVIHI4401)
• Smart cards I (ISO 7816 file system and commands) (part of BMEVIHI5317)
• Smart cards II (Java card programming) (part of BMEVIHI5317)
• PKI and SSL (part of BMEVIHI5317)

Student semester projects in 2007

• Gossip City (Csoma Péter, Csanádi László, 2007 fall, supervisor: Dóra László)
• Secure routing protocols for wireless mesh networks (Szili Dávid, 2007 fall, supervisor: Buttyán Levente)
• Security of reliable transport protocols in sensor networks (Tutsek Bálint, 2007 fall, supervisor: Csik László)
• Extensions to the PANEL protocol (Nguyen Thi Thoang Phuong, 2007 fall, supervisor: Buttyán Levente)
• Aggregator node election protocols (Faddi Attila, 2007 spring and fall, supervisor: Schaffer Péter)
• Secure routing in sensor networks (Juhász Zoltán, 2007 spring and fall, supervisor: Ács Gergely)
• Authentication protocol supporting fast handover in a WLAN environment (Komáromy Dániel, 2007 spring and fall, supervisor: Dóra László)
• Electronic business administration system (Biczók Ádám, 2007 spring and fall, supervisor: Berta István Zsolt)
• Elektronikus számlázási rendszer tervezése (Kovács Gábor, 2007 tavasz és ősz, konzulens: Berta István Zsolt)
• Analysis of the Nagios system (Herczig András, 2007 fall, supervisor: Bencsáth Boldizsár)
• Formal analysis of security APIs (Ta Vinh Thong, 2007 spring, supervisor: Buttyán Levente)
• Privacy in e-Health systems (Gyöngyösi Péter, 2007 spring, supervisor: Buttyán Levente)
• Design and implementation of graphical password schemes (Gráczer Ferenc, Papp Gergely, 2007 spring and fall, supervisor: Buttyán Levente)

Diploma projects in 2007

• Distributed Authentication Protocol in a RADIUS environment for WiFi Networks (Bohák András, 2007 spring, supervisor: Buttyán Levente)
• Design and analysis of a secure link-state routing protocol for wireless sensor networks (Nyárády Márton, 2007 spring, supervisor: Buttyán Levente)
• Analysis of Key Exchange Protocols in the Strand Spaces Model (Stoll Péter, 2007 spring, supervisor: Buttyán Levente)
• Electronic Billing Portal (Szeli Ferenc, 2007 spring, supervisor: Buttyán Levente)
• Implementation of the HMAC-SHA1 algorithm in the TinyOS environment (Varga Zoltán, 2007 spring, supervisor: Buttyán Levente)
• Implementation of cryptographic primitives in the TinyOS environment (Kiss Ádám, 2007 fall, supervisor: Buttyán Levente)
• Security issues in Mobile IPv6 (Sztanyik Bence, 2007 fall, supervisor: Buttyán Levente)
• Security API analysis with the spi-calculus (Ta Vinh Thong, 2007 fall, supervisor: Buttyán Levente)

In 2007, the following institutions and companies supported our work:

• EU FP6 (027748, 026600, 026820, 027795)
• NKTH (2-023-2005, MIK)
• OTKA (T046664)
• Ericsson (through the HSN Lab)
• Microsec Ltd.