Dr. Gergely Ács
Assistant Professor
acs (at) crysys.hu
web: www.crysys.hu/~acs/
office: I.E. 430
tel: +36 1 463 2080
fax: +36 1 463 3263
Current courses | Student projects | Publications
Short Bio
Gergely ÁCS gergej ɑ:tʃ received the M.Sc. and Ph.D. degree in Computer Science from the Budapest University of Technology and Economics (BME), where he conducted research in the Laboratory of Cryptography and System Security (CrySyS). Currently, he is an assistant professor at Budapest University of Technology and Economics (BME), in Hungary. Before that, he was a post-doc and then research engineer in Privatics Team at INRIA, in France. His general research interests include data privacy and security.
Current Courses
IT Security (VIHIAC01)
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
IT Security (in English) (VIHIAC01)
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
Privacy-Preserving Technologies (VIHIAV35)
The sharing and explotation of the ever-growing data about individuals raise serious privacy concerns these
days. Is it possible to derive (socially or individually) useful information about people from this Big Data
without revealing personal information?
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web
tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the
essential (technical) background knowledge needed to identify and protect personal data. These skills are
becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive
data, and are also required by the upcoming European General Data Protection Regulation (GDPR).
Student Project Proposals
Személyes adatok visszafejtése
Számos cég/szervezet/kormány oszt meg egymással adatokat, amelyek vagy "anonimizáltak" vagy aggregált
(statisztikai) adatok. Sajnos az adatok megfelelő anonimizációja nehéz, és gyakran anonimnak vélt adatokból
konkrét személyek adatai visszafejthetők [1] [2].
Hasonlóan, aggregált adatokból is visszafejthetők személyes adatok, ha túl sok aggregált adatot adunk ki, vagy
az adat jellege lehetővé teszi konkrét személyek adatainak visszafejtését [3]
A kérdés gyakorlati fontosságát a közelgő általános európai adatvédelmi rendelet (GDPR) adja, ami előírja az
adatok megfelelő anonimizációját.
A hallgató feladata támadások tervezése és implementációja amelyekkel anonimizált illetve aggregált adatok
személyes jellegét lehet tesztelni (vagyis, hogy konkrét személyek adatai nem visszafejthetők belőlük, és így
többé nem minősülnek-e személyes adatoknak).
A projektben van lehetőség egy létező rendszer (AirCloak [4]) bug bounty programjában részt venni (
https://aircloak.com/downloads/Aircloak-Challenge.pdf)
Elvárás: programozási hajlandóság
[1]
bits.blogs.nytimes.com/2010/03/12/netflix-cancels-contest-plans-and-settles-suit/
[2] blog.crysys.hu/2017/07/628/
[3] blog.crysys.hu/2017/08/gdpr2/
[4] Aircloak challenge
Data Protection Impact Assessment (DPIA) keretrendszer fejlesztése
A 2018 májusában érvénybe lépő általános európai adatvédelmi rendelet (GDPR) [1] előírja, hogy a személyes adatokat
kezelő cégeknek hatásanalízist (Data Protection Impact Assessment) kell készíteniük, amiben elemzik a személyes adatokat érhető
magas kockázatú fenyegetettségeket (adatlopás, de-anonimizáció, inferencia, stb.) és azokat megfelelően kezelik (pl. adatok rejtjelezése, access control,
felhasználók megfelelő informálása és beleegyezés kérése, anonimizáció, stb.) valamint ezek kockázatcsökkentő hatásának mérése.
Ezt kérés esetén be kell tudni mutatni bármely európai adatvédelmi
hivatalnak (magyarországon a NAIH [2]), máskülönben a cégnek súlyos bírságot kell fizetnie. A nagy igény ellenére olyan rendszer
nem érhető el széles körben, ami támogatja a jogi és technikai megfelelőség vizsgálatát egyaránt.
A hallgató feladatai (hallgatónként 1-2 feladat választható):
- front-end fejlesztése egy, a CrySyS laborban fejlesztett keretrendszerhez (web-programozás)
- adat személyességének/érzékenységének mérése és implementációja
- jogi megfelelőségi teszt implementációja
- hatásanalízis automatizálása gépi tanulással (machine learning)
- egy létező keretrendszer magyarítása [3]
[1] GDPR
[2] NAIH honlapja
[3]
CNIL DPIA tool
Érzékeny adatok inferenciája
Napjainkban sok felhasználó osztja meg a személyes adatát harmadik féllel (cég/kormány/szervezetek), anélkül,
hogy tudnák érzékeny adatot osztanak meg.
Honnan tudná valaki, hogy a saját áramfogyasztásából kitalálható a vallása, vagy a lakóhelyéből esetleg a
pénzügyi helyzete esetleg rassza?
Az ilyen "rejtett" információk felfedése diszkriminációra adhat okot.
A hallgató feladata bizonyos adat (pl. fotók, elektromos fogyasztás, GPS adatok, stb.) érzékeny jellegének
automatikus felfedése publikusan elérhető tudásbázist felhasználva (pl. Wikipedia); annak mérése, hogy a
megosztandó adat szemantikailag mennyire hasonló érzékeny információk csoportjaihoz (pl. vallás, szexuális
beállítottság, pénzügyi adatok, egészségügyi adatok, stb.)
Elvárás: programozási hajlandóság
Fairness problémák gépi tanulásban
A mesterséges intelligencia és gépi tanulás térnyerése vitathatatlan.
Az automatizált döntéseket alkalmazó rendszerek száma rohamosan
növekszik (önjáró autók, egészségügyi alkalmazások, felhasználói
hitelesítés, döntéstámogatás, profilozás, stb.). Ugyanakkor az ilyen
rendszerek adatvédelmi és biztonsági problémái jelentősek,
szerteágazók, és megoldatlanok.
A fairness problémák többnyire a
tanulási halmazokban már jelenlevő alulreprezentáltság és előítéletek
(bias) okozzák [1][2]. Például sok tanulási adatban
felülreprezentáltak bizonyos embercsoportok, rasszok, ami miatt a
modell emberek bizonyos csoportjára pontosabban működik mint másokra.
Valóban, sok arcfelismerő rendszer színesbőrűekre pontatlanabb mint
fehérekre, hasonlóan a hitelképesség automatikus felmérése során
hátrányba kerülhetnek a színesbőrűek ha a tanulási adat szerint sok
színesbőrű nem fizette vissza a hitelét a múltban. Kérdés, hogy
építhető-e olyan modell, ami "immunis" a tanulási adathalmazban
található alulreprezentáltságra és előítéletekre.
A hallgató
feladata a különböző fairness fogalmak áttekintése és rendszerezése,
illetve egy választott tanulási algoritmus implementálása valamely
fairness garanciával.
Elvárás: irodalomkutatás és/vagy programozási hajlandóság
[1] www.bbc.com/news/technology-39533308
[2] www.theguardian.com/technology/2017/apr/13/ai-programs-exhibit-racist-and-sexist-biases-research-reveals
Publications
2017
Differentially Private Mixture of Generative Neural Networks
G. Ács, L. Melis, C. Castelluccia, E. De Cristofaro
IEEE International Conference on Data Mining (ICDM), IEEE, 2017.
@inproceedings {
author = {Gergely Ács, Luca Melis, Claude Castelluccia, Emiliano De Cristofaro},
title = {Differentially Private Mixture of Generative Neural Networks},
booktitle = {IEEE International Conference on Data Mining (ICDM)},
publisher = {IEEE},
year = {2017}
}
Abstract
Privacy-Aware Caching in Information-Centric Networking
G. Ács, M. Conti, P. Gasti, C. Ghali, G. Tsudik, C. Wood
IEEE Transactions on Dependable Computing (TDSC), 2017.
@article {
author = {Gergely Ács, Mauro Conti, Paulo Gasti, Cesar Ghali, Gene Tsudik, Christopher Wood},
title = {Privacy-Aware Caching in Information-Centric Networking},
journal = {IEEE Transactions on Dependable Computing (TDSC)},
year = {2017}
}
Abstract
2016
Near-Optimal Fingerprinting with Constraints
G. Gy. Gulyás, G. Ács, C. Castelluccia
PET Symposium, ACM, 2016.
@inproceedings {
author = {Gábor György Gulyás, Gergely Ács, Claude Castelluccia},
title = {Near-Optimal Fingerprinting with Constraints},
booktitle = {PET Symposium},
publisher = {ACM},
year = {2016}
}
Abstract
2015
On the Unicity of Smartphone Applications
J. P. Achara, G. Ács, C. Castelluccia
ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2015.
@inproceedings {
author = {Jagdish Prasad Achara, Gergely Ács, Claude Castelluccia},
title = {On the Unicity of Smartphone Applications},
booktitle = {ACM Workshop on Privacy in the Electronic Society (WPES)},
publisher = {ACM},
year = {2015}
}
Abstract
Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)
G. Ács, J. P. Achara, C. Castelluccia
IEEE International Conference on Big Data (Big Data), IEEE, 2015.
@inproceedings {
author = {Gergely Ács, Jagdish Prasad Achara, Claude Castelluccia},
title = {Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)},
booktitle = {IEEE International Conference on Big Data (Big Data)},
publisher = {IEEE},
year = {2015}
}
Abstract
2014
A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris
G. Ács, C. Castelluccia
The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), ACM, 2014.
@inproceedings {
author = {Gergely Ács, Claude Castelluccia},
title = {A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris},
booktitle = {The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)},
publisher = {ACM},
year = {2014}
}
Abstract
Retargeting Without Tracking
M.-D. Tran, G. Ács, C. Castelluccia
INRIA, 2014.
@techreport {
author = {Minh-Dung Tran, Gergely Ács, Claude Castelluccia},
title = {Retargeting Without Tracking},
institution = {INRIA},
year = {2014}
}
Abstract
2013
Cache Privacy in Named-Data Networking
G. Ács, M. Conti, P. Gasti, C. Ghali, G. Tsudik
The 33rd International Conference on Distributed Computing Systems (ICDCS), IEEE, 2013.
@inproceedings {
author = {Gergely Ács, Mauro Conti, Paulo Gasti, Cesar Ghali, Gene Tsudik},
title = {Cache Privacy in Named-Data Networking},
booktitle = {The 33rd International Conference on Distributed Computing Systems (ICDCS)},
publisher = {IEEE},
year = {2013}
}
Abstract
2012
Differentially Private Histogram Publishing through Lossy Compression
G. Ács, R. Chen, C. Castelluccia
IEEE International Conference on Data Mining (ICDM), IEEE, 2012.
@inproceedings {
author = {Gergely Ács, Rui Chen, Claude Castelluccia},
title = {Differentially Private Histogram Publishing through Lossy Compression},
booktitle = {IEEE International Conference on Data Mining (ICDM)},
publisher = {IEEE},
year = {2012}
}
Abstract
Differentially Private Sequential Data Publication via Variable-Length N-Grams
R. Chen, G. Ács, C. Castelluccia
In 19th ACM Conference on Computer and Communications Security (CCS), ACM, 2012.
@inproceedings {
author = {Rui Chen, Gergely Ács, Claude Castelluccia},
title = {Differentially Private Sequential Data Publication via Variable-Length N-Grams},
booktitle = {In 19th ACM Conference on Computer and Communications Security (CCS)},
publisher = {ACM},
year = {2012}
}
Abstract
You Are What You Like! Information Leakage Through Users Interests
A. Chaabane, G. Ács, M. Ali Kaafar
In 19th Annual Network & Distributed System Security Symposium (NDSS), ACM, 2012.
@inproceedings {
author = {Abdelberi Chaabane, Gergely Ács, Mohamed Ali Kaafar},
title = {You Are What You Like! Information Leakage Through Users Interests},
booktitle = {In 19th Annual Network & Distributed System Security Symposium (NDSS)},
publisher = {ACM},
year = {2012}
}
Abstract
2011
I have a DREAM! (DiffeRentially privatE smArt Metering)
G. Ács, C. Castelluccia
The 13th Information Hiding Conference (IH), Springer, 2011.
@inproceedings {
author = {Gergely Ács, Claude Castelluccia},
title = {I have a DREAM! (DiffeRentially privatE smArt Metering)},
booktitle = {The 13th Information Hiding Conference (IH)},
publisher = {Springer},
year = {2011}
}
Abstract
Protecting against Physical Resource Monitoring
G. Ács, C. Castelluccia, W. Lecat
The 10th ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2011.
@inproceedings {
author = {Gergely Ács, Claude Castelluccia, William Lecat},
title = {Protecting against Physical Resource Monitoring},
booktitle = {The 10th ACM Workshop on Privacy in the Electronic Society (WPES)},
publisher = {ACM},
year = {2011}
}
Abstract
2010
Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks
G. Ács, L. Buttyán, L. Dóra
In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10), Montreal, Canada, June 14-17, 2010.
@inproceedings {
author = {Gergely Ács, Levente BUTTYÁN, László DÓRA},
title = {Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks},
booktitle = {In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10)},
address = {Montreal, Canada},
month = {June 14-17},
year = {2010}
}
Abstract
In this paper, we address the problem of detecting misbehaving routers in wireless mesh networks and avoiding them when selecting routes. We assume that link-state routing is used, and we essentially propose a reputation system, where trusted gateway nodes compute Node Trust Values for the routers, which are fed back into the system and used in the route selection procedure. The computation of the Node Trust Values is based on packet counters maintained in association with each route and reported to the gateways by the routers in a regular manner. The feedback mechanism is based on limited scope flooding. The received Node Trust Values concerning a given router are aggregated, and the aggregate trust value of the router determines the probability with which that router is kept in the topology graph used for route computation. Hence, less trusted routers are excluded from the topology graph with higher probability, while the route selection still runs on a weighted graph (where the weights are determined by the announced link qualities), and it does not need to be changed. We evaluated the performance of our solution by means of simulations. The results show that our proposed mechanism can detect misbehaving routers reliably, and thanks to the feedback and the exclusion of the accused nodes from the route selection, we can decrease the number of packets dropped due to router misbehavior considerably. At the same time, our mechanism only slightly increases the average route length.2007
Secure Routing in Wireless Sensor Networks
G. Ács, L. Buttyán
in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press, 2007.
@inbook {
author = {Gergely Ács, Levente BUTTYÁN},
title = {Secure Routing in Wireless Sensor Networks},
publisher = {in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press},
year = {2007}
}
Abstract
In this chapter, we study how sensor network routing protocols can be secured. First, we describe the adversary model, the objectives of attacks against routing, as well as the different attack methods that may be used in wireless sensor networks. All these are illustrated by example attacks on well-known sensor network routing protocols. Then, we describe various countermeasures that can be used in sensor networks to secure the routing protocols. These include link layer security measures, secure neighbor discovery techniques, authenticated broadcast algorithms, and multi-path routing techniques. Finally, we illustrate the application of some of these countermeasures by presenting and explaining the operation of some secured sensor network routing protocols.The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks
G. Ács, L. Buttyán, I. Vajda
October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.
@inproceedings {
author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
editor = {October 8-11},
booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
organization = {IEEE Press},
address = {Pisa, Italy},
year = {2007}
}
Abstract
In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.2006
A taxonomy of routing protocols for wireless sensor networks
G. Ács, L. Buttyán
Híradástechnika, December, 2006.
@article {
author = {Gergely Ács, Levente BUTTYÁN},
title = {A taxonomy of routing protocols for wireless sensor networks},
journal = {Híradástechnika},
month = {December},
year = {2006}
}
Abstract
Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks
G. Ács, L. Buttyán, I. Vajda
In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06), October, 2006.
@inproceedings {
author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
title = {Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks},
booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06)},
month = {October},
year = {2006}
}
Abstract
The literature is very broad considering routing protocols in wireless sensor networks (WSNs). However, security of these routing protocols has fallen beyond the scope so far. Routing is a fundamental functionality in wireless networks, thus hostile interventions aiming to disrupt and degrade the routing service have a serious impact on the overall operation of the entire network. In order to analyze the security of routing protocols in a precise and rigorous way, we propose a formal framework encompassing the definition of an adversary model as well as the "general" definition of secure routingin sensor networks. Both definitions take into account the feasible goals and capabilities of an adversary in sensor environments and the variety of sensor routing protocols. In spirit, our formal model is based on the simulation paradigm that is a successfully used technique to prove the security of various cryptographic protocols. However, we also highlight some differences between our model and other models that have been proposed for wired or wireless networks. Finally, we illustrate the practical usage of our model by presenting the formal description of a simple attack against an authenticated routing protocol, which is based on the well-known TinyOS routing.Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks
G. Ács, L. Buttyán, I. Vajda
IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.
@article {
author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
journal = {IEEE Transactions on Mobile Computing},
volume = {5},
number = {11},
year = {2006}
}
Keywords
Mobile ad hoc networks, secure routing, provable securityAbstract
Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban
G. Ács, L. Buttyán
Híradástecnika, November, 2006.
@article {
author = {Gergely Ács, Levente BUTTYÁN},
title = {Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban},
journal = {Híradástecnika},
month = {November},
year = {2006}
}
Abstract
A szenzorhálózatok változatos alkalmazásai különbözõ követelményeket támasztanak az útvonalválasztó protokollokkal szemben. A különbözõ követelményeknek köszönhetõen igen sok javasolt protokoll található az irodalomban. Ebben a cikkben rendszerezzük ezeket a vonalválasztó protokollokat, és minden családból bemutatunk egy prominens képviselõt. A cikk újdonsága a rendszerezéshez használt szempontrendszer, mely a protokollok eddigieknél részletesebb taxonómiáját eredményezi.2005
Ad hoc útvonalválasztó protokollok bizonyított biztonsága
G. Ács, L. Buttyán, I. Vajda
Híradástechnika, March, 2005.
@article {
author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
title = {Ad hoc útvonalválasztó protokollok bizonyított biztonsága},
journal = {Híradástechnika},
month = {March},
year = {2005}
}
Keywords
ad hoc hálózatok, forrás alapú ad hoc útvonalválasztás, biztonságos útvonalválasztás, bizonyított biztonság, szimulációs paradigmaAbstract
Ebben a cikkben egy olyan formális módszert mutatunk be, amivel a vezeték nélküli ad hoc hálózatok számára javasolt, igény szerinti, forrás alapú útvonalválasztó protokollokat (on-demand source routing) lehet biztonsági szempontból elemezni. A módszer alapját a szimulációs paradigma adja, mely egy jól ismert, általános eljárás kriptográfiai protokollok biztonságának bizonyítására. A cikkben bemutatjuk a szimulációs paradigma adaptációját ad hoc útvonalválasztó protokollokra. Formálisan megfogalmazzuk, hogy mit értünk biztonságos útvonalválasztás alatt, melyhez felhasználjuk a statisztikai megkülönböztethetetlenség fogalmát. A módszer gyakorlati alkalmazását egy példán keresztül szemléltetjük, melyben röviden ismertetjük az endairA útvonalválasztó protokoll mûködését, és bebizonyítjuk, hogy a protokoll biztonságos az általunk definiált modellben.Provable Security for Ad Hoc Routing Protocols
G. Ács, L. Buttyán, I. Vajda
Híradástechnika, June, 2005.
@article {
author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
title = {Provable Security for Ad Hoc Routing Protocols},
journal = {Híradástechnika},
month = {June},
year = {2005}
}
Keywords
ad hoc networks, on-demand ad hoc source routing, secure ad hoc routing, provable security, simulation paradigmAbstract
In this article we present a new formal framework that can be used for analyzing the ecurity of on-demand source routing protocols proposed for wireless mobile ad hoc networks. Our approach is based on the simulation paradigm which is a well-known and general procedure to prove the security of cryptographic protocols. We give the formal definition of secure ad hoc routing in a precise and rigorous manner using the concept of statistical indistinguishability. We present an ad hoc source routing protocol, called endairA, and we illustrate the usage of our approach by proving that this protocol is secure in our model.Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks
G. Ács, L. Buttyán, I. Vajda
In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005, 2005.
@inproceedings {
author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
title = {Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks},
booktitle = {In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005},
year = {2005}
}
Abstract
In this paper, we propose a framework for the security analysis of on-demand, distance vector routing protocols for ad hoc networks, such as AODV, SAODV, and ARAN. The proposed approach is an adaptation of the simulation paradigm that is used extensively for the analysis of cryptographic algorithms and protocols, and it provides a rigorous method for proving that a given routing protocol is secure. We demonstrate the approach by representing known and new attacks on SAODV in our framework, and by proving that ARAN is secure in our model.2004
Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks
G. Ács, L. Buttyán, I. Vajda
http://eprint.iacr.org/ under report number 2004/159., March, 2004.
@techreport {
author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
institution = {http://eprint.iacr.org/ under report number 2004/159.},
month = {March},
year = {2004}
}