Security mechanisms for protecting foundational services in wireless sensor networks

Recent technological advances have made it possible to develop wireless sensor networks consisting of a large number of low-cost, low-power, and multi-functional sensor nodes that communicate over short distances through wireless links. Such sensor networks are ideal candidates for a wide range of applications such as monitoring of critical infrastructures, data acquisition in hazardous environments, and military operations. This dissertation includes four studies on securing wireless sensor networks. The first study designs, implements, and evaluates TinyECC, a configurable library for Elliptic Curve Cryptography operations in wireless sensor networks. The second study identifies the security vulnerabilities in epidemic image management in all existing secure code dissemination solutions, develops lightweight techniques to address these vulnerabilities and protect the epidemic image management in wireless sensor networks, and implements a lightweight and secure image management system, Seluge-ImageMan, which works with Seluge to provide a complete and readily available solution for secure code dissemination in wireless sensor networks. Both third and fourth studies explore anti-jamming wireless communication techniques for wireless sensor networks. However, they focuses on different perspectives. The third study focuses on the anti-jamming wireless communication technique for two-way communication, while the fourth study focuses on anti-jamming broadcast communication. The third study proposes USD-FH, which uses Uncoordinated Seed Disclosure in Frequency Hopping to establish a shared secret in presence of jammers. The basic idea is to transmit each DH key establishment message using a one-time pseudo-random hopping pattern and disclose the corresponding seed in an uncoordinated manner before the actual message. Due to the large number of channels available for wireless communication, the jammers cannot control all channels at the same time. When the receiver and the sender use the same channel during seed disclosure, the receiver can get the seed. If the jammer does not listen on the same channel (and thus it does not know the hopping pattern), the receiver can receive the actual message without being jammed. Both theoretical analysis and simulation show that USD-FH is much more efficient and robust than previous solutions. The fourth study proposes Delayed Seed-Disclosure DSSS (DSD-DSSS) scheme for efficient anti-jamming broadcast communication. DSD-DSSS achieves its anti-jamming capability through randomly generating the spreading code sequence for each message using a random seed and delaying the disclosure of the seed at the end of the message. We also develop an effective protection mechanism for seed disclosure using content-based code subset selection. DSD-DSSS is superior to all previous attempts for anti-jamming spread spectrum broadcast communication without shared keys. In particular, even if a jammer possesses real-time online analysis capability and can launch reactive jamming attacks accordingly, DSD-DSSS can still defeat the jamming attacks with a very high probability. We evaluate DSD-DSSS through both theoretical analysis and a prototype implementation based on GNU Radio; our evaluation results demonstrate that DSD-DSSS is practical and have superior security properties. Although we study anti-jamming techniques in the context of wireless sensor networks, the proposed schemes, USD-FH and DSD-DSSS, are not limited to wireless sensor networks and can be applied to any wireless communication system.