Dr. Gergely Ács

Assistant Professor

acs (at) crysys.hu

web: www.crysys.hu/~acs/
twitter: @gergelyacs
office: I.E. 430
tel: +36 1 463 2080
fax: +36 1 463 3263

Current courses | Student projects | Publications

Short Bio

Gergely ÁCS received the M.Sc. and Ph.D. degree in Computer Science from the Budapest University of Technology and Economics (BME), where he conducted research in the Laboratory of Cryptography and System Security (CrySyS). Currently, he is an assistant professor at Budapest University of Technology and Economics (BME), in Hungary. Before that, he was a post-doc and then research engineer in Privatics Team at INRIA, in France. His general research interests include data privacy and security.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Security and Privacy: an Economic Approach (in English) (VIHIAV34)

Information security is as much an economic problem as it is technical. Even given flawless cryptographic protocols and the availability of perfectly secure software, the misaligned economic incentives of different stakeholders in a system often result in a (very) sub-optimal security level. By guiding you through the jungle of asymmetric information, interdependent security, correlated risk and other concepts characteristic for system security, this elective course will enable you to make better decisions in risk management, security investment and policy design on a system level. Furthermore, the course touches upon the economic aspects of data privacy, an emerging area of interest for users and companies in the big data era.

Security in Machine Learning (VIHIAV45)

Adversarial examples are inputs to machine learning models that an attacker has intentionally designed to cause the model to make a mistake. Such an example is when the input image clearly pictures a school bus, but the model identifies it as an ostrich. This course provides a detailed overview of the security of machine learning systems. It focuses on attack and defense techniques and the theoretical background mainly of adversarial examples.

Privacy-Preserving Technologies (VIHIAV35)

The sharing and explotation of the ever-growing data about individuals raise serious privacy concerns these days. Is it possible to derive (socially or individually) useful information about people from this Big Data without revealing personal information?
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the European General Data Protection Regulation (GDPR).

Student Project Proposals

Security and Privacy in/with Machine Learning

Machine Learning (Artificial Intelligence) has become undisputedly popular in recent years. The number of security critical applications of machine learning has been steadily increasing over the years (self-driving cars, user authentication, decision support, profiling, risk assessment, etc.). However, there are still many open privacy and security problems of machine learning. Students can work on the following topics:

Publications

2021

Privacy of Aggregated Mobility Data

G. Ács, Sz. Lestyán, G. Biczók

Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg., Springer, 2021.

Bibtex | PDF | Link

@inproceedings {
   author = {Gergely Ács, Szilvia Lestyan, Gergely Biczók},
   title = {Privacy of Aggregated Mobility Data},
   booktitle = {Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg.},
   publisher = {Springer},
   year = {2021},
   howpublished = "\url{https://doi.org/10.1007/978-3-642-27739-9_1575-1}"
}

Abstract

2019

Automatic Driver Identification from In-Vehicle Network Logs

M. Remeli, Sz. Lestyán, G. Ács, G. Biczók

22th IEEE Intelligent Transportation Systems Conference (ITSC), IEEE, 2019.

Bibtex | Link

@inproceedings {
   author = {Mina Remeli, Szilvia Lestyan, Gergely Ács, Gergely Biczók},
   title = {Automatic Driver Identification from In-Vehicle Network Logs},
   booktitle = {22th IEEE Intelligent Transportation Systems Conference (ITSC)},
   publisher = {IEEE},
   year = {2019},
   howpublished = "\url{https://arxiv.org/pdf/1911.09508.pdf}"
}

Abstract

Differential Inference Testing: A Practical Approach to Evaluate Sanitizations of Datasets

C. Palamidessi, C. Castelluccia, G. Ács, A. Kassem

International Workshop on Privacy Engineering (IWPE), IEEE, 2019.

Bibtex | Abstract

@inproceedings {
   author = {Catuscia Palamidessi, Claude Castelluccia, Gergely Ács, Ali Kassem},
   title = {Differential Inference Testing: A Practical Approach to Evaluate Sanitizations of Datasets},
   booktitle = {International Workshop on Privacy Engineering (IWPE)},
   publisher = {IEEE},
   year = {2019}
}

Abstract

In order to protect individuals privacy, data have to be well-sanitized before sharing them, i.e. one has to remove any personal information before data sharing. However, it is not always clear when data shall be deemed well-sanitized. In this paper, we argue that the evaluation of sanitized data should be based on whether the data allows the inference of sensitive information that is specific to an individual in the dataset, instead of being centered around the concept of re-identification as regulations usually suggest. Our intent is not to accurately predict any sensitive attribute but rather to measure the impact of a single record on the inference of sensitive information. We demonstrate our approach by sanitizing two real datasets in different privacy models and evaluate/compare each sanitized dataset in our framework.

Extracting vehicle sensor signals from CAN logs for driver re-identification

Sz. Lestyán, G. Ács, G. Biczók, Zs. Szalay

5th International Conference on Information Security and Privacy (ICISSP 2019), SCITEPRESS, 2019, shortlisted for Best Student Paper Award.

Bibtex | Abstract

@inproceedings {
   author = {Szilvia Lestyan, Gergely Ács, Gergely Biczók, Zsolt Szalay},
   title = {Extracting vehicle sensor signals from CAN logs for driver re-identification},
   booktitle = {5th International Conference on Information Security and Privacy (ICISSP 2019)},
   publisher = {SCITEPRESS},
   year = {2019},
   note = {shortlisted for Best Student Paper Award}
}

Abstract

Data is the new oil for the car industry. Cars generate data about how they are used and who’s behind the wheel which gives rise to a novel way of profiling individuals. Several prior works have successfully demonstrated the feasibility of driver re-identification using the in-vehicle network data captured on the vehicle’s CAN bus. However, all of them used signals (e.g., velocity, brake pedal or accelerator position) that have already been extracted from the CAN log which is itself not a straightforward process. Indeed, car manufacturers intentionally do not reveal the exact signal location within CAN logs. Nevertheless, we show that signals can be efficiently extracted from CAN logs using machine learning techniques. We exploit that signals have several distinguishing statistical features which can be learnt and effectively used to identify them across different vehicles, that is, to quasi ”reverse-engineer” the CAN protocol. We also demonstrate that the extracted signals can be successfully used to re-identify individuals in a dataset of 33 drivers. Therefore, hiding signal locations in CAN logs per se does not prevent them to be regarded as personal data of drivers.

2018

Differentially Private Mixture of Generative Neural Networks

G. Ács, L. Melis, C. Castelluccia, E. De Cristofaro

IEEE Transactions on Knowledge and Data Engineering, 2018.

Bibtex | Abstract | Link

@article {
   author = {Gergely Ács, Luca Melis, Claude Castelluccia, Emiliano De Cristofaro},
   title = {Differentially Private Mixture of Generative Neural Networks},
   journal = {IEEE Transactions on Knowledge and Data Engineering},
   year = {2018},
   howpublished = "\url{https://arxiv.org/pdf/1709.04514.pdf}"
}

Abstract

Generative models are used in a wide range of applications building on large amounts of contextually rich information. Due to possible privacy violations of the individuals whose data is used to train these models, however, publishing or sharing generative models is not always viable. In this paper, we present a novel technique for privately releasing generative models and entire high-dimensional datasets produced by these models. We model the generator distribution of the training data with a mixture of k generative neural networks. These are trained together and collectively learn the generator distribution of a dataset. Data is divided into k clusters, using a novel differentially private kernel k-means, then each cluster is given to separate generative neural networks, such as Restricted Boltzmann Machines or Variational Autoencoders, which are trained only on their own cluster using differentially private gradient descent. We evaluate our approach using the MNIST dataset, as well as call detail records and transit datasets, showing that it produces realistic synthetic samples, which can also be used to accurately compute arbitrary number of counting queries.

Privacy-Preserving Release of Spatio-Temporal Density

G. Ács, G. Biczók, C. Castelluccia

A. Gkoulalas-Divanis and Claudio Bettini (Eds.), Handbook of Mobile Data Privacy, pp. 307-335, Springer, 2018.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács, Gergely Biczók, Claude Castelluccia},
   editor = {A. Gkoulalas-Divanis and Claudio Bettini (Eds.)},
   title = {Privacy-Preserving Release of Spatio-Temporal Density},
   chapter = {Handbook of Mobile Data Privacy},
   pages = {307-335},
   publisher = {Springer},
   year = {2018}
}

Abstract

In today’s digital society, increasing amounts of contextually rich spatio-temporal information are collected and used, e.g., for knowledge-based decision making, research purposes, optimizing operational phases of city management, planning infrastructure networks, or developing timetables for public transportation with an increasingly autonomous vehicle fleet. At the same time, however, publishing or sharing spatio-temporal data, even in aggregated form, is not always viable owing to the danger of violating individuals’ privacy, along with the related legal and ethical repercussions. In this chapter, we review some fundamental approaches for anonymizing and releasing spatio-temporal density, i.e., the number of individuals visiting a given set of locations as a function of time. These approaches follow different privacy models providing different privacy guarantees as well as accuracy of the released anonymized data. We demonstrate some sanitization (anonymization) techniques with provable privacy guarantees by releasing the spatio-temporal density of Paris, in France. We conclude that, in order to achieve meaningful accuracy, the sanitization process has to be carefully customized to the application and public characteristics of the spatio-temporal data.

2017

Differentially Private Mixture of Generative Neural Networks

E. De Cristofaro, C. Castelluccia, L. Melis, G. Ács

IEEE International Conference on Data Mining (ICDM), IEEE, 2017.

Bibtex

@inproceedings {
   author = {Emiliano De Cristofaro, Claude Castelluccia, Luca Melis, Gergely Ács},
   title = {Differentially Private Mixture of Generative Neural Networks},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

Privacy-Aware Caching in Information-Centric Networking

C. Wood, G. Tsudik, C. Ghali, P. Gasti, M. Conti, G. Ács

IEEE Transactions on Dependable Computing (TDSC), 2017.

Bibtex

@article {
   author = {Christopher Wood, Gene Tsudik, Cesar Ghali, Paulo Gasti, Mauro Conti, Gergely Ács},
   title = {Privacy-Aware Caching in Information-Centric Networking},
   journal = {IEEE Transactions on Dependable Computing (TDSC)},
   year = {2017}
}

Abstract

2016

Near-Optimal Fingerprinting with Constraints

C. Castelluccia, G. Ács, G. Gy. Gulyás

PET Symposium, ACM, 2016.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács, Gábor György Gulyás},
   title = {Near-Optimal Fingerprinting with Constraints},
   booktitle = {PET Symposium},
   publisher = {ACM},
   year = {2016}
}

Abstract

2015

On the Unicity of Smartphone Applications

C. Castelluccia, G. Ács, J. P. Achara

ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2015.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács, Jagdish Prasad Achara},
   title = {On the Unicity of Smartphone Applications},
   booktitle = {ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2015}
}

Abstract

Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)

C. Castelluccia, J. P. Achara, G. Ács

IEEE International Conference on Big Data (Big Data), IEEE, 2015.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Jagdish Prasad Achara, Gergely Ács},
   title = {Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)},
   booktitle = {IEEE International Conference on Big Data (Big Data)},
   publisher = {IEEE},
   year = {2015}
}

Abstract

2014

A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris

C. Castelluccia, G. Ács

The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), ACM, 2014.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács},
   title = {A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris},
   booktitle = {The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)},
   publisher = {ACM},
   year = {2014}
}

Abstract

Retargeting Without Tracking

C. Castelluccia, G. Ács, M.-D. Tran

INRIA, 2014.

Bibtex

@techreport {
   author = {Claude Castelluccia, Gergely Ács, Minh-Dung Tran},
   title = {Retargeting Without Tracking},
   institution = {INRIA},
   year = {2014}
}

Abstract

2013

Cache Privacy in Named-Data Networking

G. Tsudik, C. Ghali, P. Gasti, M. Conti, G. Ács

The 33rd International Conference on Distributed Computing Systems (ICDCS), IEEE, 2013.

Bibtex

@inproceedings {
   author = {Gene Tsudik, Cesar Ghali, Paulo Gasti, Mauro Conti, Gergely Ács},
   title = {Cache Privacy in Named-Data Networking},
   booktitle = {The 33rd International Conference on Distributed Computing Systems (ICDCS)},
   publisher = {IEEE},
   year = {2013}
}

Abstract

2012

Differentially Private Histogram Publishing through Lossy Compression

C. Castelluccia, R. Chen, G. Ács

IEEE International Conference on Data Mining (ICDM), IEEE, 2012.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Rui Chen, Gergely Ács},
   title = {Differentially Private Histogram Publishing through Lossy Compression},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

Differentially Private Sequential Data Publication via Variable-Length N-Grams

C. Castelluccia, G. Ács, R. Chen

In 19th ACM Conference on Computer and Communications Security (CCS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács, Rui Chen},
   title = {Differentially Private Sequential Data Publication via Variable-Length N-Grams},
   booktitle = {In 19th ACM Conference on Computer and Communications Security (CCS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

You Are What You Like! Information Leakage Through Users Interests

M. Ali Kaafar, G. Ács, A. Chaabane

In 19th Annual Network & Distributed System Security Symposium (NDSS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Mohamed Ali Kaafar, Gergely Ács, Abdelberi Chaabane},
   title = {You Are What You Like! Information Leakage Through Users Interests},
   booktitle = {In 19th Annual Network & Distributed System Security Symposium (NDSS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

2011

I have a DREAM! (DiffeRentially privatE smArt Metering)

C. Castelluccia, G. Ács

The 13th Information Hiding Conference (IH), Springer, 2011.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács},
   title = {I have a DREAM! (DiffeRentially privatE smArt Metering)},
   booktitle = {The 13th Information Hiding Conference (IH)},
   publisher = {Springer},
   year = {2011}
}

Abstract

Protecting against Physical Resource Monitoring

W. Lecat, C. Castelluccia, G. Ács

The 10th ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2011.

Bibtex

@inproceedings {
   author = {William Lecat, Claude Castelluccia, Gergely Ács},
   title = {Protecting against Physical Resource Monitoring},
   booktitle = {The 10th ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2011}
}

Abstract

2010

Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks

L. Dóra, L. Buttyán, G. Ács

In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10), Montreal, Canada, June 14-17, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {László DÓRA, Levente Buttyán, Gergely Ács},
   title = {Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks},
   booktitle = {In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10)},
   address = {Montreal, Canada},
   month = {June 14-17},
   year = {2010}
}

Abstract

In this paper, we address the problem of detecting misbehaving routers in wireless mesh networks and avoiding them when selecting routes. We assume that link-state routing is used, and we essentially propose a reputation system, where trusted gateway nodes compute Node Trust Values for the routers, which are fed back into the system and used in the route selection procedure. The computation of the Node Trust Values is based on packet counters maintained in association with each route and reported to the gateways by the routers in a regular manner. The feedback mechanism is based on limited scope flooding. The received Node Trust Values concerning a given router are aggregated, and the aggregate trust value of the router determines the probability with which that router is kept in the topology graph used for route computation. Hence, less trusted routers are excluded from the topology graph with higher probability, while the route selection still runs on a weighted graph (where the weights are determined by the announced link qualities), and it does not need to be changed. We evaluated the performance of our solution by means of simulations. The results show that our proposed mechanism can detect misbehaving routers reliably, and thanks to the feedback and the exclusion of the accused nodes from the route selection, we can decrease the number of packets dropped due to router misbehavior considerably. At the same time, our mechanism only slightly increases the average route length.

2007

Secure Routing in Wireless Sensor Networks

G. Ács, L. Buttyán

in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press, 2007.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács, Levente Buttyán},
   title = {Secure Routing in Wireless Sensor Networks},
   publisher = {in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press},
   year = {2007}
}

Abstract

In this chapter, we study how sensor network routing protocols can be secured. First, we describe the adversary model, the objectives of attacks against routing, as well as the different attack methods that may be used in wireless sensor networks. All these are illustrated by example attacks on well-known sensor network routing protocols. Then, we describe various countermeasures that can be used in sensor networks to secure the routing protocols. These include link layer security measures, secure neighbor discovery techniques, authenticated broadcast algorithms, and multi-path routing techniques. Finally, we illustrate the application of some of these countermeasures by presenting and explaining the operation of some secured sensor network routing protocols.

The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks

I. Vajda, L. Buttyán, G. Ács

October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA, Levente Buttyán, Gergely Ács},
   title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
   editor = {October 8-11},
   booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
   organization = {IEEE Press},
   address = {Pisa, Italy},
   year = {2007}
}

Abstract

In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.

2006

A taxonomy of routing protocols for wireless sensor networks

L. Buttyán, G. Ács

Híradástechnika, December, 2006.

Bibtex | Abstract

@article {
   author = {Levente Buttyán, Gergely Ács},
   title = {A taxonomy of routing protocols for wireless sensor networks},
   journal = {Híradástechnika},
   month = {December},
   year = {2006}
}

Abstract

Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.

Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06), October, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks},
   booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06)},
   month = {October},
   year = {2006}
}

Abstract

The literature is very broad considering routing protocols in wireless sensor networks (WSNs). However, security of these routing protocols has fallen beyond the scope so far. Routing is a fundamental functionality in wireless networks, thus hostile interventions aiming to disrupt and degrade the routing service have a serious impact on the overall operation of the entire network. In order to analyze the security of routing protocols in a precise and rigorous way, we propose a formal framework encompassing the definition of an adversary model as well as the "general" definition of secure routingin sensor networks. Both definitions take into account the feasible goals and capabilities of an adversary in sensor environments and the variety of sensor routing protocols. In spirit, our formal model is based on the simulation paradigm that is a successfully used technique to prove the security of various cryptographic protocols. However, we also highlight some differences between our model and other models that have been proposed for wired or wireless networks. Finally, we illustrate the practical usage of our model by presenting the formal description of a simple attack against an authenticated routing protocol, which is based on the well-known TinyOS routing.

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

I. Vajda, L. Buttyán, G. Ács

IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.

Bibtex | Abstract

@article {
   author = {István VAJDA, Levente Buttyán, Gergely Ács},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {5},
   number = {11},
   year = {2006}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.

Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban

L. Buttyán, G. Ács

Híradástecnika, November, 2006.

Bibtex | Abstract

@article {
   author = {Levente Buttyán, Gergely Ács},
   title = {Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban},
   journal = {Híradástecnika},
   month = {November},
   year = {2006}
}

Abstract

A szenzorhálózatok változatos alkalmazásai különbözõ követelményeket támasztanak az útvonalválasztó protokollokkal szemben. A különbözõ követelményeknek köszönhetõen igen sok javasolt protokoll található az irodalomban. Ebben a cikkben rendszerezzük ezeket a vonalválasztó protokollokat, és minden családból bemutatunk egy prominens képviselõt. A cikk újdonsága a rendszerezéshez használt szempontrendszer, mely a protokollok eddigieknél részletesebb taxonómiáját eredményezi.

2005

Ad hoc útvonalválasztó protokollok bizonyított biztonsága

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, March, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Ad hoc útvonalválasztó protokollok bizonyított biztonsága},
   journal = {Híradástechnika},
   month = {March},
   year = {2005}
}

Keywords

ad hoc hálózatok, forrás alapú ad hoc útvonalválasztás, biztonságos útvonalválasztás, bizonyított biztonság, szimulációs paradigma

Abstract

Ebben a cikkben egy olyan formális módszert mutatunk be, amivel a vezeték nélküli ad hoc hálózatok számára javasolt, igény szerinti, forrás alapú útvonalválasztó protokollokat (on-demand source routing) lehet biztonsági szempontból elemezni. A módszer alapját a szimulációs paradigma adja, mely egy jól ismert, általános eljárás kriptográfiai protokollok biztonságának bizonyítására. A cikkben bemutatjuk a szimulációs paradigma adaptációját ad hoc útvonalválasztó protokollokra. Formálisan megfogalmazzuk, hogy mit értünk biztonságos útvonalválasztás alatt, melyhez felhasználjuk a statisztikai megkülönböztethetetlenség fogalmát. A módszer gyakorlati alkalmazását egy példán keresztül szemléltetjük, melyben röviden ismertetjük az endairA útvonalválasztó protokoll mûködését, és bebizonyítjuk, hogy a protokoll biztonságos az általunk definiált modellben.

Provable Security for Ad Hoc Routing Protocols

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, June, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Provable Security for Ad Hoc Routing Protocols},
   journal = {Híradástechnika},
   month = {June},
   year = {2005}
}

Keywords

ad hoc networks, on-demand ad hoc source routing, secure ad hoc routing, provable security, simulation paradigm

Abstract

In this article we present a new formal framework that can be used for analyzing the ecurity of on-demand source routing protocols proposed for wireless mobile ad hoc networks. Our approach is based on the simulation paradigm which is a well-known and general procedure to prove the security of cryptographic protocols. We give the formal definition of secure ad hoc routing in a precise and rigorous manner using the concept of statistical indistinguishability. We present an ad hoc source routing protocol, called endairA, and we illustrate the usage of our approach by proving that this protocol is secure in our model.

Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks},
   booktitle = {In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005},
   year = {2005}
}

Abstract

In this paper, we propose a framework for the security analysis of on-demand, distance vector routing protocols for ad hoc networks, such as AODV, SAODV, and ARAN. The proposed approach is an adaptation of the simulation paradigm that is used extensively for the analysis of cryptographic algorithms and protocols, and it provides a rigorous method for proving that a given routing protocol is secure. We demonstrate the approach by representing known and new attacks on SAODV in our framework, and by proving that ARAN is secure in our model.

2004

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

http://eprint.iacr.org/ under report number 2004/159., March, 2004.

Bibtex | Abstract

@techreport {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   institution = {http://eprint.iacr.org/ under report number 2004/159.},
   month = {March},
   year = {2004}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers, and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols have mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined, and routing protocols for mobile ad hoc networks can be analyzed rigorously. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the usage of our framework by proving that it is secure in our model.