Dr. Gergely Ács

Assistant Professor

acs (at) crysys.hu

web: www.crysys.hu/~acs/
office: I.E. 430
tel: +36 1 463 2080
fax: +36 1 463 3263

Current courses | Student projects | Publications

Short Bio

Gergely ÁCS gergej ɑ:tʃ received the M.Sc. and Ph.D. degree in Computer Science from the Budapest University of Technology and Economics (BME), where he conducted research in the Laboratory of Cryptography and System Security (CrySyS). Currently, he is an assistant professor at Budapest University of Technology and Economics (BME), in Hungary. Before that, he was a post-doc and then research engineer in Privatics Team at INRIA, in France. His general research interests include data privacy and security.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Student Project Proposals

Adatvédelem és biztonság gépi tanulásban

A mesterséges intelligencia és gépi tanulás térnyerése vitathatatlan. Az automatizált döntéseket alkalmazó rendszerek száma rohamosan növekszik (önjáró autók, egészségügyi alkalmazások, felhasználói hitelesítés, döntéstámogatás, profilozás, stb.). Például egy ilyen gépi modell megjósolhatja betegek halálozását a tünetegyüttesből, vagy a hitelképességet demográfiai és egyéb személyes adatokból, vagy fehérjék és kémiai anyagok reakcióképességét gyógyszerfejlesztés céljából korábbi adatokból. Ugyanakkor az ilyen rendszerek adatvédelmi és biztonsági problémái jelentősek, szerteágazóak, és megoldatlanok [1]. A hallgatók az alábbi témákon dolgozhatnak.

Elvárás: munkára való hajlandóság, gépi tanulás ismerete előny de nem feltétel
[1] Attacks against machine learning — an overview
[2] Model Inversion Attacks
[3] Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning
[4] Unique in the Crowd: The privacy bounds of human mobility
[5] A személyes adat és a GDPR
[6] Az aggregált adat és a GDPR
[7] Membership Inference Attacks Against Machine Learning Models
[8] Machine Learning Models that Remember Too Much

Publications

2019

Extracting vehicle sensor signals from CAN logs for driver re-identification

Sz. Lestyán, G. Ács, G. Biczók, Zs. Szalay

5th International Conference on Information Security and Privacy (ICISSP 2019), SCITEPRESS, 2019.

Bibtex | Abstract

@inproceedings {
   author = {Szilvia Lestyan, Gergely Ács, Gergely Biczók, Zsolt Szalay},
   title = {Extracting vehicle sensor signals from CAN logs for driver re-identification},
   booktitle = {5th International Conference on Information Security and Privacy (ICISSP 2019)},
   publisher = {SCITEPRESS},
   year = {2019}
}

Abstract

Data is the new oil for the car industry. Cars generate data about how they are used and who’s behind the wheel which gives rise to a novel way of profiling individuals. Several prior works have successfully demonstrated the feasibility of driver re-identification using the in-vehicle network data captured on the vehicle’s CAN bus. However, all of them used signals (e.g., velocity, brake pedal or accelerator position) that have already been extracted from the CAN log which is itself not a straightforward process. Indeed, car manufacturers intentionally do not reveal the exact signal location within CAN logs. Nevertheless, we show that signals can be efficiently extracted from CAN logs using machine learning techniques. We exploit that signals have several distinguishing statistical features which can be learnt and effectively used to identify them across different vehicles, that is, to quasi ”reverse-engineer” the CAN protocol. We also demonstrate that the extracted signals can be successfully used to re-identify individuals in a dataset of 33 drivers. Therefore, hiding signal locations in CAN logs per se does not prevent them to be regarded as personal data of drivers.

2018

Privacy-Preserving Release of Spatio-Temporal Density

G. Ács, G. Biczók, C. Castelluccia

A. Gkoulalas-Divanis and Claudio Bettini (Eds.), Handbook of Mobile Data Privacy, pp. 307-335, Springer, 2018.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács, Gergely Biczók, Claude Castelluccia},
   editor = {A. Gkoulalas-Divanis and Claudio Bettini (Eds.)},
   title = {Privacy-Preserving Release of Spatio-Temporal Density},
   chapter = {Handbook of Mobile Data Privacy},
   pages = {307-335},
   publisher = {Springer},
   year = {2018}
}

Abstract

In today’s digital society, increasing amounts of contextually rich spatio-temporal information are collected and used, e.g., for knowledge-based decision making, research purposes, optimizing operational phases of city management, planning infrastructure networks, or developing timetables for public transportation with an increasingly autonomous vehicle fleet. At the same time, however, publishing or sharing spatio-temporal data, even in aggregated form, is not always viable owing to the danger of violating individuals’ privacy, along with the related legal and ethical repercussions. In this chapter, we review some fundamental approaches for anonymizing and releasing spatio-temporal density, i.e., the number of individuals visiting a given set of locations as a function of time. These approaches follow different privacy models providing different privacy guarantees as well as accuracy of the released anonymized data. We demonstrate some sanitization (anonymization) techniques with provable privacy guarantees by releasing the spatio-temporal density of Paris, in France. We conclude that, in order to achieve meaningful accuracy, the sanitization process has to be carefully customized to the application and public characteristics of the spatio-temporal data.

2017

Differentially Private Mixture of Generative Neural Networks

G. Ács, L. Melis, C. Castelluccia, E. De Cristofaro

IEEE International Conference on Data Mining (ICDM), IEEE, 2017.

Bibtex

@inproceedings {
   author = {Gergely Ács, Luca Melis, Claude Castelluccia, Emiliano De Cristofaro},
   title = {Differentially Private Mixture of Generative Neural Networks},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

Privacy-Aware Caching in Information-Centric Networking

G. Ács, M. Conti, P. Gasti, C. Ghali, G. Tsudik, C. Wood

IEEE Transactions on Dependable Computing (TDSC), 2017.

Bibtex

@article {
   author = {Gergely Ács, Mauro Conti, Paulo Gasti, Cesar Ghali, Gene Tsudik, Christopher Wood},
   title = {Privacy-Aware Caching in Information-Centric Networking},
   journal = {IEEE Transactions on Dependable Computing (TDSC)},
   year = {2017}
}

Abstract

2016

Near-Optimal Fingerprinting with Constraints

G. Gy. Gulyás, G. Ács, C. Castelluccia

PET Symposium, ACM, 2016.

Bibtex

@inproceedings {
   author = {Gábor György Gulyás, Gergely Ács, Claude Castelluccia},
   title = {Near-Optimal Fingerprinting with Constraints},
   booktitle = {PET Symposium},
   publisher = {ACM},
   year = {2016}
}

Abstract

2015

On the Unicity of Smartphone Applications

J. P. Achara, G. Ács, C. Castelluccia

ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2015.

Bibtex

@inproceedings {
   author = {Jagdish Prasad Achara, Gergely Ács, Claude Castelluccia},
   title = {On the Unicity of Smartphone Applications},
   booktitle = {ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2015}
}

Abstract

Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)

G. Ács, J. P. Achara, C. Castelluccia

IEEE International Conference on Big Data (Big Data), IEEE, 2015.

Bibtex

@inproceedings {
   author = {Gergely Ács, Jagdish Prasad Achara, Claude Castelluccia},
   title = {Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)},
   booktitle = {IEEE International Conference on Big Data (Big Data)},
   publisher = {IEEE},
   year = {2015}
}

Abstract

2014

A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris

G. Ács, C. Castelluccia

The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), ACM, 2014.

Bibtex

@inproceedings {
   author = {Gergely Ács, Claude Castelluccia},
   title = {A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris},
   booktitle = {The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)},
   publisher = {ACM},
   year = {2014}
}

Abstract

Retargeting Without Tracking

M.-D. Tran, G. Ács, C. Castelluccia

INRIA, 2014.

Bibtex

@techreport {
   author = {Minh-Dung Tran, Gergely Ács, Claude Castelluccia},
   title = {Retargeting Without Tracking},
   institution = {INRIA},
   year = {2014}
}

Abstract

2013

Cache Privacy in Named-Data Networking

G. Ács, M. Conti, P. Gasti, C. Ghali, G. Tsudik

The 33rd International Conference on Distributed Computing Systems (ICDCS), IEEE, 2013.

Bibtex

@inproceedings {
   author = {Gergely Ács, Mauro Conti, Paulo Gasti, Cesar Ghali, Gene Tsudik},
   title = {Cache Privacy in Named-Data Networking},
   booktitle = {The 33rd International Conference on Distributed Computing Systems (ICDCS)},
   publisher = {IEEE},
   year = {2013}
}

Abstract

2012

Differentially Private Histogram Publishing through Lossy Compression

G. Ács, R. Chen, C. Castelluccia

IEEE International Conference on Data Mining (ICDM), IEEE, 2012.

Bibtex

@inproceedings {
   author = {Gergely Ács, Rui Chen, Claude Castelluccia},
   title = {Differentially Private Histogram Publishing through Lossy Compression},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

Differentially Private Sequential Data Publication via Variable-Length N-Grams

R. Chen, G. Ács, C. Castelluccia

In 19th ACM Conference on Computer and Communications Security (CCS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Rui Chen, Gergely Ács, Claude Castelluccia},
   title = {Differentially Private Sequential Data Publication via Variable-Length N-Grams},
   booktitle = {In 19th ACM Conference on Computer and Communications Security (CCS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

You Are What You Like! Information Leakage Through Users Interests

A. Chaabane, G. Ács, M. Ali Kaafar

In 19th Annual Network & Distributed System Security Symposium (NDSS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Abdelberi Chaabane, Gergely Ács, Mohamed Ali Kaafar},
   title = {You Are What You Like! Information Leakage Through Users Interests},
   booktitle = {In 19th Annual Network & Distributed System Security Symposium (NDSS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

2011

I have a DREAM! (DiffeRentially privatE smArt Metering)

G. Ács, C. Castelluccia

The 13th Information Hiding Conference (IH), Springer, 2011.

Bibtex

@inproceedings {
   author = {Gergely Ács, Claude Castelluccia},
   title = {I have a DREAM! (DiffeRentially privatE smArt Metering)},
   booktitle = {The 13th Information Hiding Conference (IH)},
   publisher = {Springer},
   year = {2011}
}

Abstract

Protecting against Physical Resource Monitoring

G. Ács, C. Castelluccia, W. Lecat

The 10th ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2011.

Bibtex

@inproceedings {
   author = {Gergely Ács, Claude Castelluccia, William Lecat},
   title = {Protecting against Physical Resource Monitoring},
   booktitle = {The 10th ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2011}
}

Abstract

2010

Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks

G. Ács, L. Buttyán, L. Dóra

In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10), Montreal, Canada, June 14-17, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, László DÓRA},
   title = {Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks},
   booktitle = {In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10)},
   address = {Montreal, Canada},
   month = {June 14-17},
   year = {2010}
}

Abstract

In this paper, we address the problem of detecting misbehaving routers in wireless mesh networks and avoiding them when selecting routes. We assume that link-state routing is used, and we essentially propose a reputation system, where trusted gateway nodes compute Node Trust Values for the routers, which are fed back into the system and used in the route selection procedure. The computation of the Node Trust Values is based on packet counters maintained in association with each route and reported to the gateways by the routers in a regular manner. The feedback mechanism is based on limited scope flooding. The received Node Trust Values concerning a given router are aggregated, and the aggregate trust value of the router determines the probability with which that router is kept in the topology graph used for route computation. Hence, less trusted routers are excluded from the topology graph with higher probability, while the route selection still runs on a weighted graph (where the weights are determined by the announced link qualities), and it does not need to be changed. We evaluated the performance of our solution by means of simulations. The results show that our proposed mechanism can detect misbehaving routers reliably, and thanks to the feedback and the exclusion of the accused nodes from the route selection, we can decrease the number of packets dropped due to router misbehavior considerably. At the same time, our mechanism only slightly increases the average route length.

2007

Secure Routing in Wireless Sensor Networks

G. Ács, L. Buttyán

in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press, 2007.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács, Levente BUTTYÁN},
   title = {Secure Routing in Wireless Sensor Networks},
   publisher = {in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press},
   year = {2007}
}

Abstract

In this chapter, we study how sensor network routing protocols can be secured. First, we describe the adversary model, the objectives of attacks against routing, as well as the different attack methods that may be used in wireless sensor networks. All these are illustrated by example attacks on well-known sensor network routing protocols. Then, we describe various countermeasures that can be used in sensor networks to secure the routing protocols. These include link layer security measures, secure neighbor discovery techniques, authenticated broadcast algorithms, and multi-path routing techniques. Finally, we illustrate the application of some of these countermeasures by presenting and explaining the operation of some secured sensor network routing protocols.

The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks

G. Ács, L. Buttyán, I. Vajda

October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
   editor = {October 8-11},
   booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
   organization = {IEEE Press},
   address = {Pisa, Italy},
   year = {2007}
}

Abstract

In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.

2006

A taxonomy of routing protocols for wireless sensor networks

G. Ács, L. Buttyán

Híradástechnika, December, 2006.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN},
   title = {A taxonomy of routing protocols for wireless sensor networks},
   journal = {Híradástechnika},
   month = {December},
   year = {2006}
}

Abstract

Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.

Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06), October, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks},
   booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06)},
   month = {October},
   year = {2006}
}

Abstract

The literature is very broad considering routing protocols in wireless sensor networks (WSNs). However, security of these routing protocols has fallen beyond the scope so far. Routing is a fundamental functionality in wireless networks, thus hostile interventions aiming to disrupt and degrade the routing service have a serious impact on the overall operation of the entire network. In order to analyze the security of routing protocols in a precise and rigorous way, we propose a formal framework encompassing the definition of an adversary model as well as the "general" definition of secure routingin sensor networks. Both definitions take into account the feasible goals and capabilities of an adversary in sensor environments and the variety of sensor routing protocols. In spirit, our formal model is based on the simulation paradigm that is a successfully used technique to prove the security of various cryptographic protocols. However, we also highlight some differences between our model and other models that have been proposed for wired or wireless networks. Finally, we illustrate the practical usage of our model by presenting the formal description of a simple attack against an authenticated routing protocol, which is based on the well-known TinyOS routing.

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {5},
   number = {11},
   year = {2006}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.

Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban

G. Ács, L. Buttyán

Híradástecnika, November, 2006.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN},
   title = {Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban},
   journal = {Híradástecnika},
   month = {November},
   year = {2006}
}

Abstract

A szenzorhálózatok változatos alkalmazásai különbözõ követelményeket támasztanak az útvonalválasztó protokollokkal szemben. A különbözõ követelményeknek köszönhetõen igen sok javasolt protokoll található az irodalomban. Ebben a cikkben rendszerezzük ezeket a vonalválasztó protokollokat, és minden családból bemutatunk egy prominens képviselõt. A cikk újdonsága a rendszerezéshez használt szempontrendszer, mely a protokollok eddigieknél részletesebb taxonómiáját eredményezi.

2005

Ad hoc útvonalválasztó protokollok bizonyított biztonsága

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, March, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Ad hoc útvonalválasztó protokollok bizonyított biztonsága},
   journal = {Híradástechnika},
   month = {March},
   year = {2005}
}

Keywords

ad hoc hálózatok, forrás alapú ad hoc útvonalválasztás, biztonságos útvonalválasztás, bizonyított biztonság, szimulációs paradigma

Abstract

Ebben a cikkben egy olyan formális módszert mutatunk be, amivel a vezeték nélküli ad hoc hálózatok számára javasolt, igény szerinti, forrás alapú útvonalválasztó protokollokat (on-demand source routing) lehet biztonsági szempontból elemezni. A módszer alapját a szimulációs paradigma adja, mely egy jól ismert, általános eljárás kriptográfiai protokollok biztonságának bizonyítására. A cikkben bemutatjuk a szimulációs paradigma adaptációját ad hoc útvonalválasztó protokollokra. Formálisan megfogalmazzuk, hogy mit értünk biztonságos útvonalválasztás alatt, melyhez felhasználjuk a statisztikai megkülönböztethetetlenség fogalmát. A módszer gyakorlati alkalmazását egy példán keresztül szemléltetjük, melyben röviden ismertetjük az endairA útvonalválasztó protokoll mûködését, és bebizonyítjuk, hogy a protokoll biztonságos az általunk definiált modellben.

Provable Security for Ad Hoc Routing Protocols

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, June, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provable Security for Ad Hoc Routing Protocols},
   journal = {Híradástechnika},
   month = {June},
   year = {2005}
}

Keywords

ad hoc networks, on-demand ad hoc source routing, secure ad hoc routing, provable security, simulation paradigm

Abstract

In this article we present a new formal framework that can be used for analyzing the ecurity of on-demand source routing protocols proposed for wireless mobile ad hoc networks. Our approach is based on the simulation paradigm which is a well-known and general procedure to prove the security of cryptographic protocols. We give the formal definition of secure ad hoc routing in a precise and rigorous manner using the concept of statistical indistinguishability. We present an ad hoc source routing protocol, called endairA, and we illustrate the usage of our approach by proving that this protocol is secure in our model.

Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks},
   booktitle = {In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005},
   year = {2005}
}

Abstract

In this paper, we propose a framework for the security analysis of on-demand, distance vector routing protocols for ad hoc networks, such as AODV, SAODV, and ARAN. The proposed approach is an adaptation of the simulation paradigm that is used extensively for the analysis of cryptographic algorithms and protocols, and it provides a rigorous method for proving that a given routing protocol is secure. We demonstrate the approach by representing known and new attacks on SAODV in our framework, and by proving that ARAN is secure in our model.

2004

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

http://eprint.iacr.org/ under report number 2004/159., March, 2004.

Bibtex | Abstract

@techreport {
   author = {Gergely Ács, Levente BUTTYÁN, István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   institution = {http://eprint.iacr.org/ under report number 2004/159.},
   month = {March},
   year = {2004}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers, and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols have mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined, and routing protocols for mobile ad hoc networks can be analyzed rigorously. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the usage of our framework by proving that it is secure in our model.