Security and Privacy in Heterogeneous Wireless and Mobile Networks: Challenges and Solutions

The rapid advances in wireless communications and networking have given rise to a number of emerging heterogeneous wireless and mobile networks along with novel networking paradigms, including wireless sensor networks, mobile crowdsourcing, and mobile social networking. While offering promising solutions to a wide range of new applications, their widespread adoption and large-scale deployment are often hindered by people’s concerns about the security, user privacy, or both. In this dissertation, we aim to address a number of challenging security and privacy issues in heterogeneous wireless and mobile networks in an attempt to foster their widespread adoption. Our contributions are mainly fivefold. First, we introduce a novel secure and loss-resilient code dissemination scheme for wireless sensor networks deployed in hostile and harsh environments. Second, we devise a novel scheme to enable mobile users to detect any inauthentic or unsound location-based top-k query result returned by an untrusted location-based service providers. Third, we develop a novel verifiable privacypreserving aggregation scheme for people-centric mobile sensing systems. Fourth, we present a suite of privacy-preserving profile matching protocols for proximity-based mobile social networking, which can support a wide range of matching metrics with different privacy levels. Last, we present a secure combination scheme for crowdsourcing-based cooperative spectrum sensing systems that can enable robust primary user detection even when malicious cognitive radio users constitute the majority.

[1]  Suman Nath,et al.  SenseWeb: An Infrastructure for Shared Sensing , 2007, IEEE MultiMedia.

[2]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[3]  Larry J. Greenstein,et al.  ALDO: An Anomaly Detection Framework for Dynamic Spectrum Access Networks , 2009, IEEE INFOCOM 2009.

[4]  L. B. Milstein,et al.  Theory of Spread-Spectrum Communications - A Tutorial , 1982, IEEE Transactions on Communications.

[5]  Dong Nguyen,et al.  Wireless Broadcast Using Network Coding , 2009, IEEE Transactions on Vehicular Technology.

[6]  Deborah Estrin,et al.  Network System Challenges in Selective Sharing and Verification for Personal, Social, and Urban-Scale Sensing Applications , 2006, HotNets.

[7]  Qun Li,et al.  Verifiable Privacy-Preserving Range Query in Sensor Networks , 2006 .

[8]  Tarek F. Abdelzaher,et al.  PoolView: stream privacy for grassroots participatory sensing , 2008, SenSys '08.

[9]  David Wetherall,et al.  Toward trustworthy mobile sensing , 2010, HotMobile '10.

[10]  Ali H. Sayed,et al.  Cooperative Sensing via Sequential Detection , 2010, IEEE Transactions on Signal Processing.

[11]  Dirk Westhoff,et al.  Concealed Data Aggregation for Reverse Multicast Traffic in Sensor Networks: Encryption, Key Distribution, and Routing Adaptation , 2006, IEEE Transactions on Mobile Computing.

[12]  Marco Gruteser,et al.  ParkNet: drive-by sensing of road-side parking statistics , 2010, MobiSys '10.

[13]  Dawn Xiaodong Song,et al.  Secure hierarchical in-network aggregation in sensor networks , 2006, CCS '06.

[14]  Ming Li,et al.  Vulnerability and protection for distributed consensus-based spectrum sensing in cognitive radio networks , 2012, 2012 Proceedings IEEE INFOCOM.

[15]  Rui Zhang,et al.  LR-Seluge: Loss-Resilient and Secure Code Dissemination in Wireless Sensor Networks , 2011, 2011 31st International Conference on Distributed Computing Systems.

[16]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[17]  James A. Landay,et al.  UbiGreen: investigating a mobile tool for tracking and supporting green transportation habits , 2009, CHI.

[18]  Sushil Jajodia,et al.  LEAP - efficient security mechanisms for large-scale distributed sensor networks , 2003, SenSys.

[19]  Brian,et al.  VENETA: Serverless Friend-of-Friend Detection in Mobile Social Networking , 2008 .

[20]  Mikhail J. Atallah,et al.  A secure protocol for computing dot-products in clustered and distributed environments , 2002, Proceedings International Conference on Parallel Processing.

[21]  Danijela Cabric,et al.  Reputation-based cooperative spectrum sensing with trusted nodes assistance , 2010, IEEE Communications Letters.

[22]  Wensheng Zhang,et al.  Confidentiality Protection for Distributed Sensor Data Aggregation , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[23]  Xiaohui Liang,et al.  A Secure Handshake Scheme with Symptoms-Matching for mHealthcare Social Network , 2011, Mob. Networks Appl..

[24]  David Starobinski,et al.  Spot Pricing of Secondary Spectrum Usage in Wireless Cellular Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[25]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[26]  John Zic,et al.  Secure Multihop Network Programming with Multiple One-Way Key Chains , 2008, IEEE Transactions on Mobile Computing.

[27]  Binbin Chen,et al.  Secure Aggregation with Malicious Node Revocation in Sensor Networks , 2011, 2011 31st International Conference on Distributed Computing Systems.

[28]  Huaxiong Wang,et al.  Distributed Private Matching and Set Operations , 2008, ISPEC.

[29]  Rui Zhang,et al.  Secure Range Queries in Tiered Sensor Networks , 2009, IEEE INFOCOM 2009.

[30]  Peter C. Mason,et al.  Defense against spectrum sensing data falsification attacks in mobile ad hoc networks with cognitive radios , 2009, MILCOM 2009 - 2009 IEEE Military Communications Conference.

[31]  Bo Sheng,et al.  Verifiable Privacy-Preserving Range Query in Two-Tiered Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[32]  Man Lung Yiu,et al.  Authentication of moving kNN queries , 2011, 2011 IEEE 27th International Conference on Data Engineering.

[33]  Carl A. Gunter,et al.  Secure Collaborative Sensing for Crowd Sourcing Spectrum Data in White Space Networks , 2010, 2010 IEEE Symposium on New Frontiers in Dynamic Spectrum (DySPAN).

[34]  P. Vishvapathi,et al.  Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data , 2022 .

[35]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[36]  Peng Ning,et al.  Seluge: Secure and DoS-Resistant Code Dissemination in Wireless Sensor Networks , 2008, 2008 International Conference on Information Processing in Sensor Networks (ipsn 2008).

[37]  Preben E. Mogensen,et al.  Experimental analysis of the joint statistical properties of azimuth spread, delay spread, and shadow fading , 2002, IEEE J. Sel. Areas Commun..

[38]  Wei Zhan Embedded Operating System Based on the Wireless Sensor Networks-TinyOS , 2010 .

[39]  John A. Stankovic,et al.  Online Coding for Reliable Data Transfer in Lossy Wireless Sensor Networks , 2009, DCOSS.

[40]  Wensheng Zhang,et al.  GP 2 S: Generic Privacy-Preservation Solutions for Approximate Aggregation of Sensor Data ∗ , 2008 .

[41]  Wenliang Du,et al.  Protocols for Secure Remote Database Access with Approximate Matching , 2001, E-Commerce Security and Privacy.

[42]  Ali Farhadi,et al.  Using Classification to Protect the Integrity of Spectrum Measurements in White Space Networks , 2011, NDSS.

[43]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[44]  Jeffrey H. Reed,et al.  Defense against Primary User Emulation Attacks in Cognitive Radio Networks , 2008, IEEE Journal on Selected Areas in Communications.

[45]  Minho Shin,et al.  Anonysense: privacy-aware people-centric sensing , 2008, MobiSys '08.

[46]  Kang G. Shin,et al.  Detection of Small-Scale Primary Users in Cognitive Radio Networks , 2011, IEEE Journal on Selected Areas in Communications.

[47]  Xue Liu,et al.  PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[48]  Peng Ning,et al.  Authenticating Primary Users' Signals in Cognitive Radio Networks via Integrated Cryptographic and Wireless Link Signatures , 2010, 2010 IEEE Symposium on Security and Privacy.

[49]  Kyriakos Mouratidis,et al.  Scalable Verification for Outsourced Dynamic Databases , 2009, Proc. VLDB Endow..

[50]  Alec Wolman,et al.  I am a sensor, and I approve this message , 2010, HotMobile '10.

[51]  Cong Wang,et al.  Secure Ranked Keyword Search over Encrypted Cloud Data , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[52]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[53]  Kian-Lee Tan,et al.  Verifying Completeness of Relational Query Answers from Online Servers , 2008, TSEC.

[54]  C. Cordeiro,et al.  Spectrum agile radios: utilization and sensing architectures , 2005, First IEEE International Symposium on New Frontiers in Dynamic Spectrum Access Networks, 2005. DySPAN 2005..

[55]  Majid Khabbazian,et al.  Secure Cooperative Sensing Techniques for Cognitive Radio Systems , 2008, 2008 IEEE International Conference on Communications.

[56]  Bart Goethals,et al.  On Private Scalar Product Computation for Privacy-Preserving Data Mining , 2004, ICISC.

[57]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[58]  Xinwen Fu,et al.  The Digital Marauder's Map: A New Threat to Location Privacy , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[59]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[60]  Carl A. Gunter,et al.  Reliable telemetry in white spaces using remote attestation , 2011, ACSAC '11.

[61]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[62]  Gene Tsudik,et al.  Authentication of Outsourced Databases Using Signature Aggregation and Chaining , 2006, DASFAA.

[63]  Michael Mitzenmacher,et al.  Digital fountains: a survey and look forward , 2004, Information Theory Workshop.

[64]  Wenliang Du,et al.  Privacy-preserving collaborative filtering using randomized perturbation techniques , 2003, Third IEEE International Conference on Data Mining.

[65]  David E. Culler,et al.  The dynamic behavior of a data dissemination protocol for network programming at scale , 2004, SenSys '04.

[66]  Rui Zhang,et al.  Verifiable Fine-Grained Top-k Queries in Tiered Sensor Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[67]  Yuguang Fang,et al.  ARSA: An Attack-Resilient Security Architecture for Multihop Wireless Mesh Networks , 2006, IEEE Journal on Selected Areas in Communications.

[68]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[69]  Anthony Vetro,et al.  Privacy-preserving approximation of L1 distance for multimedia applications , 2010, 2010 IEEE International Conference on Multimedia and Expo.

[70]  Ari Juels,et al.  $evwu Dfw , 1998 .

[71]  Kaigui Bian,et al.  Robust Distributed Spectrum Sensing in Cognitive Radio Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[72]  Sencun Zhu,et al.  SDAP: a secure hop-by-Hop data aggregation protocol for sensor networks , 2006, MobiHoc '06.

[73]  Eric Paulos,et al.  Urban probes: encountering our emerging urban atmospheres , 2005, CHI.

[74]  Kang G. Shin,et al.  Attack-tolerant distributed sensing for dynamic spectrum access networks , 2009, 2009 17th IEEE International Conference on Network Protocols.

[75]  Bo Sheng,et al.  WM-ECC: an Elliptic Curve Cryptography Suite on Sensor Motes , 2007 .

[76]  Yin Zhang,et al.  Secure friend discovery in mobile social networks , 2011, 2011 Proceedings IEEE INFOCOM.

[77]  Rui Zhang,et al.  JR-SND: Jamming-Resilient Secure Neighbor Discovery in Mobile Ad Hoc Networks , 2011, 2011 31st International Conference on Distributed Computing Systems.

[78]  Leonidas J. Guibas,et al.  Mobiscopes for Human Spaces , 2007, IEEE Pervasive Computing.

[79]  M.M. Buddhikot,et al.  A case for coordinated dynamic spectrum access in cellular networks , 2005, First IEEE International Symposium on New Frontiers in Dynamic Spectrum Access Networks, 2005. DySPAN 2005..

[80]  Dawn Xiaodong Song,et al.  SIA: secure information aggregation in sensor networks , 2003, SenSys '03.

[81]  Mischa Schwartz,et al.  Mobile Wireless Communications: Access and scheduling techniques in cellular systems , 2004 .

[82]  Jürgen Scheible,et al.  Combining Web, Mobile Phones and Public Displays in Large-Scale: Manhattan Story Mashup , 2007, Pervasive.

[83]  Zhu Han,et al.  Catch Me if You Can: An Abnormality Detection Approach for Collaborative Spectrum Sensing in Cognitive Radio Networks , 2010, IEEE Transactions on Wireless Communications.

[84]  Kyriakos Mouratidis,et al.  Efficient verification of shortest path search via authenticated hints , 2010, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[85]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[86]  R.N. Murty,et al.  CitySense: An Urban-Scale Wireless Sensor Network and Testbed , 2008, 2008 IEEE Conference on Technologies for Homeland Security.

[87]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2008, TNET.

[88]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[89]  Stephen J. Shellhammer,et al.  Performance of power detector sensors of DTV signals in IEEE 802.22 WRANs , 2006, TAPAS '06.

[90]  Ian F. Akyildiz,et al.  Cooperative spectrum sensing in cognitive radio networks: A survey , 2011, Phys. Commun..

[91]  Claudio Soriente,et al.  Short paper: PEPSI---privacy-enhanced participatory sensing infrastructure , 2011, WiSec '11.

[92]  Peter Palfrader,et al.  Mixmaster protocol --- version 2 , 2000 .

[93]  David E. Culler,et al.  TOSSIM: accurate and scalable simulation of entire TinyOS applications , 2003, SenSys '03.

[94]  Indranil Gupta,et al.  AdapCode: Adaptive Network Coding for Code Updates in Wireless Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[95]  Lei Yang,et al.  Enforcing dynamic spectrum access with spectrum permits , 2012, 2012 IEEE International Symposium on Dynamic Spectrum Access Networks.

[96]  Aggelos Kiayias,et al.  Privacy-Preserving Information Markets for Computing Statistical Data , 2009, Financial Cryptography.

[97]  Yang Zhang,et al.  CarTel: a distributed mobile sensor computing system , 2006, SenSys '06.

[98]  Emiliano De Cristofaro,et al.  Practical Private Set Intersection Protocols with Linear Complexity , 2010, Financial Cryptography.

[99]  Dawn Xiaodong Song,et al.  Privacy-Preserving Set Operations , 2005, CRYPTO.

[100]  Rui Zhang,et al.  Secure multidimensional range queries in sensor networks , 2009, MobiHoc '09.

[101]  David Starobinski,et al.  Rateless Deluge: Over-the-Air Programming of Wireless Sensor Networks Using Random Linear Codes , 2008, 2008 International Conference on Information Processing in Sensor Networks (ipsn 2008).

[102]  Dirk Westhoff,et al.  CDA: concealed data aggregation for reverse multicast traffic in wireless sensor networks , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[103]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[104]  Wei Pan,et al.  SoundSense: scalable sound sensing for people-centric applications on mobile phones , 2009, MobiSys '09.

[105]  Claudio Soriente,et al.  PEPSI: Privacy-Enhanced Participatory Sensing Infrastructure. , 2011, ACM WiSec 2011.

[106]  Shriram K. Vasudevan,et al.  Sybil Guard: Defending Against Sybil Attacks via Social Networks , 2010 .

[107]  Landon P. Cox,et al.  YouProve: authenticity and fidelity in mobile sensing , 2011, SenSys.

[108]  Sivan Toledo,et al.  VTrack: accurate, energy-aware road traffic delay estimation using mobile phones , 2009, SenSys '09.

[109]  Valérie Gay,et al.  Personal Heart Monitoring and Rehabilitation System using Smart Phones , 2006, 2006 International Conference on Mobile Business.

[110]  Emiliano Miluzzo,et al.  People-centric urban sensing , 2006, WICON '06.

[111]  Deborah Estrin,et al.  A Remote Code Update Mechanism for Wireless Sensor Networks , 2003 .

[112]  Rajeev Gandhi,et al.  Sluice: Secure Dissemination of Code Updates in Sensor Networks , 2006, ICDCS.

[113]  Sushil Jajodia,et al.  Attack-resilient hierarchical data aggregation in sensor networks , 2006, SASN '06.

[114]  Haifeng Yu,et al.  Secure and highly-available aggregation queries in large-scale sensor networks via set sampling , 2009, 2009 International Conference on Information Processing in Sensor Networks.

[115]  Yin Yang,et al.  Spatial Outsourcing for Location-based Services , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[116]  Peng Ning,et al.  Mitigating DoS attacks against broadcast authentication in wireless sensor networks , 2008, TOSN.

[117]  Wenliang Du,et al.  Privacy-preserving cooperative statistical analysis , 2001, Seventeenth Annual Computer Security Applications Conference.

[118]  John Zic,et al.  A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networks , 2009, WiSec '09.

[119]  Guiling Wang,et al.  Reconciling privacy preservation and intrusion detection in sensory data aggregation , 2011, 2011 Proceedings IEEE INFOCOM.

[120]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[121]  Wen Hu,et al.  Towards trustworthy participatory sensing , 2009 .

[122]  Anant Sahai,et al.  SNR Walls for Signal Detection , 2008, IEEE Journal of Selected Topics in Signal Processing.

[123]  Alex X. Liu,et al.  SafeQ: Secure and Efficient Query Processing in Sensor Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[124]  Dirk Westhoff,et al.  A ROM-friendly secure code update mechanism for WSNs using a stateful-verifier τ-time signature scheme , 2009, WiSec '09.

[125]  J. Andel Sequential Analysis , 2022, The SAGE Encyclopedia of Research Design.

[126]  Sushil Jajodia,et al.  Securely computing an approximate median in wireless sensor networks , 2008, SecureComm.

[127]  Haixun Wang,et al.  Query Integrity Assurance of Location-Based Services Accessing Outsourced Spatial Databases , 2009, SSTD.

[128]  Yuguang Fang,et al.  Securing Mobile Ad Hoc Networks with Certificateless Public Keys , 2006, IEEE Transactions on Dependable and Secure Computing.

[129]  David B. Dunson,et al.  Bayesian Data Analysis , 2010 .

[130]  Yongdae Kim,et al.  Efficient Cryptographic Primitives for Private Data Mining , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[131]  Dina Katabi,et al.  Secure In-Band Wireless Pairing , 2011, USENIX Security Symposium.

[132]  Ming Li,et al.  FindU: Privacy-preserving personal profile matching in mobile social networks , 2011, 2011 Proceedings IEEE INFOCOM.

[133]  Shivakant Mishra,et al.  Secure code distribution in dynamically programmable wireless sensor networks , 2006, 2006 5th International Conference on Information Processing in Sensor Networks.

[134]  Hugo Krawczyk,et al.  Untraceable mobility or how to travel incognito , 1999, Comput. Networks.

[135]  Yuguang Fang,et al.  A Fine-Grained Reputation System for Reliable Service Selection in Peer-to-Peer Networks , 2007, IEEE Transactions on Parallel and Distributed Systems.

[136]  Michele Zorzi,et al.  SYNAPSE: A Network Reprogramming Protocol for Wireless Sensor Networks Using Fountain Codes , 2008, 2008 5th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[137]  Apu Kapadia,et al.  Opportunistic sensing: Security challenges for the new paradigm , 2009, 2009 First International Communication Systems and Networks and Workshops.

[138]  C. Castelluccia,et al.  Efficient aggregation of encrypted data in wireless sensor networks , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

[139]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks , 2010, IEEE/ACM Trans. Netw..

[140]  David E. Culler,et al.  Securing the Deluge network programming system , 2006, 2006 5th International Conference on Information Processing in Sensor Networks.