E-Mail Alert

Add your e-mail address to receive forthcoming issues of this journal:

Journal Browser

Journal Browser

Special Issue "Security, Trust and Privacy for Sensor Networks"

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Sensor Networks".

Deadline for manuscript submissions: closed (30 April 2018).

Special Issue Editors

Guest Editor
Assoc. Prof. Dr. Ilsun You

Department of Information Security Engineering, Soonchunhyang University, 22 Soonchunhyang-ro, Shinchang-myeon, Asan-si 31538, Choongchungnam-do, Korea
Website 1 | Website 2 | E-Mail
Interests: 5G security, IoT security, authentication and authorization
Co-Guest Editor
Prof. Dr. Francesco Palmieri

Department of Computer Science, University of Salerno, Via Giovanni Paolo II 132, 84084 Fisciano (SA), Italy
Website | E-Mail
Interests: Wireless and wireline networking protocols; Network architectures; IoT; Routing algorithms; Network and communications security; distributed systems security; applied cryptography

Special Issue Information

Dear Colleagues,

The current era is modeling every object into a computing entity as well as making a way for billions of devices demanding connectivity at the same time. With a large number of connections and every object with computing facilities, intrusions and threats are likely to increase. Due to the ease of access and availability to all, “Internet of Things (IoT)” has a huge impact on everyone. However, preservation of information and sensitive data is one of the biggest challenges in these networks. Thus, focusing on the aspect of trust, privacy, and security of sensors in our surroundings, it is necessary to provide solid as well as evident solutions as countermeasures against threats in sensor networks. There is a huge gap between the existing solutions and the actual operations of different sensors in the real world; thus, it becomes important to address the security challenges associated with sensor networks by providing novel strategies, frameworks, architectures, and middleware. Further, accessing different levels of vulnerabilities and understanding different dimensions of threats are of much importance.

This special issue aims to bring together the current state-of-the-art research and future directions for the security, privacy, and trust in sensor networks. For such a goal, we cordially invite researchers and engineers from both academia and industry to submit their original and novel work for inclusion in this special issue. Tutorial or survey papers are also welcome. In addition, this special issue will include the extended versions of the best papers, which will be presented at the 2nd International Symposium on Mobile Internet Security (MobiSec'17, http://isyou.info/conf/mobisec17/).

The topics related to this special issue include, but are not limited to:

  • Secure architecture and models for sensor networks
  • Security issues and protocols for sensor networks
  • Security threats, models, and countermeasures for sensor networks
  • Access control and authentication for sensor networks
  • Privacy, trust, and reliability for sensor networks
  • Risk/threat assessment and management for sensor networks
  • Intrusion detection techniques for sensor networks
  • Availability, recovery and auditing for sensor networks
  • Mobility management and handover security for sensor networks
  • IoT security and privacy issues
  • Network security for IoT
  • Software security for IoT
  • Threat intelligence for IoT
  • Vehicular-sensor network security
  • Others and emerging new topics

Associate Prof. Dr. Ilsun You
Associate Prof. Dr. Francesco Palmieri
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1800 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Sensor Networks
  • Access control
  • Authentication
  • Security
  • Privacy
  • Trust
  • IoT Security

Published Papers (22 papers)

View options order results:
result details:
Displaying articles 1-22
Export citation of selected articles as:

Research

Open AccessArticle
A PUF- and Biometric-Based Lightweight Hardware Solution to Increase Security at Sensor Nodes
Sensors 2018, 18(8), 2429; https://doi.org/10.3390/s18082429
Received: 9 July 2018 / Revised: 23 July 2018 / Accepted: 24 July 2018 / Published: 26 July 2018
Cited by 3 | PDF Full-text (3633 KB) | HTML Full-text | XML Full-text
Abstract
Security is essential in sensor nodes which acquire and transmit sensitive data. However, the constraints of processing, memory and power consumption are very high in these nodes. Cryptographic algorithms based on symmetric key are very suitable for them. The drawback is that secure [...] Read more.
Security is essential in sensor nodes which acquire and transmit sensitive data. However, the constraints of processing, memory and power consumption are very high in these nodes. Cryptographic algorithms based on symmetric key are very suitable for them. The drawback is that secure storage of secret keys is required. In this work, a low-cost solution is presented to obfuscate secret keys with Physically Unclonable Functions (PUFs), which exploit the hardware identity of the node. In addition, a lightweight fingerprint recognition solution is proposed, which can be implemented in low-cost sensor nodes. Since biometric data of individuals are sensitive, they are also obfuscated with PUFs. Both solutions allow authenticating the origin of the sensed data with a proposed dual-factor authentication protocol. One factor is the unique physical identity of the trusted sensor node that measures them. The other factor is the physical presence of the legitimate individual in charge of authorizing their transmission. Experimental results are included to prove how the proposed PUF-based solution can be implemented with the SRAMs of commercial Bluetooth Low Energy (BLE) chips which belong to the communication module of the sensor node. Implementation results show how the proposed fingerprint recognition based on the novel texture-based feature named QFingerMap16 (QFM) can be implemented fully inside a low-cost sensor node. Robustness, security and privacy issues at the proposed sensor nodes are discussed and analyzed with experimental results from PUFs and fingerprints taken from public and standard databases. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Strategic Location-Based Random Routing for Source Location Privacy in Wireless Sensor Networks
Sensors 2018, 18(7), 2291; https://doi.org/10.3390/s18072291
Received: 29 May 2018 / Revised: 4 July 2018 / Accepted: 13 July 2018 / Published: 15 July 2018
Cited by 5 | PDF Full-text (3530 KB) | HTML Full-text | XML Full-text
Abstract
Wireless sensor networks (WSNs) are deployed in sensitive applications, such as in military and asset monitoring. In these applications, it is important to ensure good source location privacy. This is owing to the open nature of WSNs and the easiness of an adversary [...] Read more.
Wireless sensor networks (WSNs) are deployed in sensitive applications, such as in military and asset monitoring. In these applications, it is important to ensure good source location privacy. This is owing to the open nature of WSNs and the easiness of an adversary to eavesdrop on sensor communication and back trace the location of the source node. This paper proposes a scheme to preserve the source location privacy based on random routing techniques. To achieve high privacy, packets are randomly routed from the source to the sink node through strategically positioned mediate or diversion nodes. The random selection of mediate or diversion nodes is location-based. Depending on the location of the source node, packets are forwarded through different regions of the network. The proposed scheme guarantees that successive packets are routed through very different routing paths and adversaries find it confusing to back trace them to the source node location. Simulation results demonstrate that the proposed scheme effectively confuses the adversary and provides higher source location privacy to outperform other routing-based source location privacy schemes. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Design and Implementation of a Central-Controllable and Secure Multicast System Based on Universal Identifier Network
Sensors 2018, 18(7), 2135; https://doi.org/10.3390/s18072135
Received: 28 April 2018 / Revised: 25 June 2018 / Accepted: 29 June 2018 / Published: 3 July 2018
Cited by 1 | PDF Full-text (907 KB) | HTML Full-text | XML Full-text
Abstract
With the rapid increase of network users and services, the breadth and depth of Internet have greatly changed. The mismatch between current network requirements and original network architecture design has spurred the evolution or revolution of Internet to remedy this gap. Lots of [...] Read more.
With the rapid increase of network users and services, the breadth and depth of Internet have greatly changed. The mismatch between current network requirements and original network architecture design has spurred the evolution or revolution of Internet to remedy this gap. Lots of research projects on future network architecture have been launched, in which Universal Identifier Network (UIN) architecture that is based on the identifier/location separation, access/core separation and control/forwarding separation can provide better mobility, security and reliability. On the other hand, the demand of group communication has increased due to the fine-grained network services and successive booming of new applications such as IoT (Internet of Things). Most of current multicast schemes are based on the open group model with open group membership (multicast only care the multicast group state, not the group member) and open access to send/receive multicast data, which are beneficial to multicast routing for its simplification. However, the open group membership makes the group member management difficult to be realized, and open access may result in lots of security vulnerabilities such as Denial of service (DoS), eavesdropping and masquerading, which make deployment more difficult. Therefore, in this paper we propose a Central-Controllable and Secure Multicast (CCSM) system based on the UIN architecture, and redesign the multicast service procedures including registration, join/leave, multicast routing construction and update with objective to achieve better mobility support, security, scalability and controllable. More specifically, we design a new group management scheme to perform the multicast members join/leave with authentication and a central-controllable multicast routing scheme to provide a secure way to set up multicast entries on routers. The CCSM inherits the characteristics of UIN in terms of mobility and security, and it can provide the centralized multicast routing computation and distributes the multicast routing into forwarders. We compare CCSM with Protocol Independent Multicast-Sparse Mode (PIM-SM), and the results show that CCSM reduces the multicast join delay, and performs better than PIM-SM in term of reconstruction cost under low multicast density. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Self-Controllable Secure Location Sharing for Trajectory-Based Message Delivery on Cloud-Assisted VANETs
Sensors 2018, 18(7), 2112; https://doi.org/10.3390/s18072112
Received: 30 April 2018 / Revised: 25 June 2018 / Accepted: 29 June 2018 / Published: 1 July 2018
Cited by 1 | PDF Full-text (772 KB) | HTML Full-text | XML Full-text
Abstract
In vehicular ad hoc networks, trajectory-based message delivery is a message forwarding strategy that utilizes the vehicle’s preferred driving routes information to deliver messages to the moving vehicles with the help of roadside units. For the purpose of supporting trajectory-based message delivery to [...] Read more.
In vehicular ad hoc networks, trajectory-based message delivery is a message forwarding strategy that utilizes the vehicle’s preferred driving routes information to deliver messages to the moving vehicles with the help of roadside units. For the purpose of supporting trajectory-based message delivery to a moving vehicle, the driving locations of the vehicle need to be shared with message senders. However, from a security perspective, vehicle users do not want their driving locations to be exposed to others except their desired senders for location privacy preservation. Therefore, in this paper, we propose a secure location-sharing system to allow a vehicle user (or driver) to share his/her driving trajectory information with roadside units authorized by the user. To design the proposed system, we put a central service manager which maintains vehicle trajectory data and acts as a broker between vehicles and roadside units to share the trajectory data on the cloud. Nevertheless, we make the trajectory data be hidden from not only unauthorized entities but also the service manager by taking advantage of a proxy re-encryption scheme. Hence, a vehicle can control that only the roadside units designated by the vehicle can access the trajectory data of the vehicle. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
A Smart Collaborative Routing Protocol for Reliable Data Diffusion in IoT Scenarios
Sensors 2018, 18(6), 1926; https://doi.org/10.3390/s18061926
Received: 30 April 2018 / Revised: 30 May 2018 / Accepted: 3 June 2018 / Published: 13 June 2018
Cited by 10 | PDF Full-text (2825 KB) | HTML Full-text | XML Full-text
Abstract
It is knotty for current routing protocols to meet the needs of reliable data diffusion during the Internet of Things (IoT) deployments. Due to the random placement, limited resources and unattended features of existing sensor nodes, the wireless transmissions are easily exposed to [...] Read more.
It is knotty for current routing protocols to meet the needs of reliable data diffusion during the Internet of Things (IoT) deployments. Due to the random placement, limited resources and unattended features of existing sensor nodes, the wireless transmissions are easily exposed to unauthorized users, which becomes a vulnerable area for various malicious attacks, such as wormhole and Sybil attacks. However, the scheme based on geographic location is a suitable candidate to defend against them. This paper is inspired to propose a smart collaborative routing protocol, Geographic energy aware routing and Inspecting Node (GIN), for guaranteeing the reliability of data exchanging. The proposed protocol integrates the directed diffusion routing, Greedy Perimeter Stateless Routing (GPSR), and the inspecting node mechanism. We first discuss current wireless routing protocols from three diverse perspectives (improving transmission rate, shortening transmission range and reducing transmission consumption). Then, the details of GIN, including the model establishment and implementation processes, are presented by means of the theoretical analysis. Through leveraging the game theory, the inspecting node is elected to monitor the network behaviors. Thirdly, we evaluate the network performances, in terms of transmission delay, packet loss ratio, and throughput, between GIN and three traditional schemes (i.e., Flooding, GPSR, and GEAR). The simulation results illustrate that the proposed protocol is able to outperform the others. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach
Sensors 2018, 18(6), 1833; https://doi.org/10.3390/s18061833
Received: 19 April 2018 / Revised: 31 May 2018 / Accepted: 1 June 2018 / Published: 5 June 2018
Cited by 5 | PDF Full-text (805 KB) | HTML Full-text | XML Full-text
Abstract
Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless [...] Read more.
Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie–Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Power Consumption and Calculation Requirement Analysis of AES for WSN IoT
Sensors 2018, 18(6), 1675; https://doi.org/10.3390/s18061675
Received: 30 April 2018 / Revised: 16 May 2018 / Accepted: 19 May 2018 / Published: 23 May 2018
Cited by 1 | PDF Full-text (1853 KB) | HTML Full-text | XML Full-text
Abstract
Because of the ubiquity of Internet of Things (IoT) devices, the power consumption and security of IoT systems have become very important issues. Advanced Encryption Standard (AES) is a block cipher algorithm is commonly used in IoT devices. In this paper, the power [...] Read more.
Because of the ubiquity of Internet of Things (IoT) devices, the power consumption and security of IoT systems have become very important issues. Advanced Encryption Standard (AES) is a block cipher algorithm is commonly used in IoT devices. In this paper, the power consumption and cryptographic calculation requirement for different payload lengths and AES encryption types are analyzed. These types include software-based AES-CB, hardware-based AES-ECB (Electronic Codebook Mode), and hardware-based AES-CCM (Counter with CBC-MAC Mode). The calculation requirement and power consumption for these AES encryption types are measured on the Texas Instruments LAUNCHXL-CC1310 platform. The experimental results show that the hardware-based AES performs better than the software-based AES in terms of power consumption and calculation cycle requirements. In addition, in terms of AES mode selection, the AES-CCM-MIC64 mode may be a better choice if the IoT device is considering security, encryption calculation requirement, and low power consumption at the same time. However, if the IoT device is pursuing lower power and the payload length is generally less than 16 bytes, then AES-ECB could be considered. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Analyzing Cyber-Physical Threats on Robotic Platforms
Sensors 2018, 18(5), 1643; https://doi.org/10.3390/s18051643
Received: 19 April 2018 / Revised: 9 May 2018 / Accepted: 18 May 2018 / Published: 21 May 2018
Cited by 3 | PDF Full-text (694 KB) | HTML Full-text | XML Full-text | Supplementary Files
Abstract
Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking [...] Read more.
Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
PCPA: A Practical Certificateless Conditional Privacy Preserving Authentication Scheme for Vehicular Ad Hoc Networks
Sensors 2018, 18(5), 1573; https://doi.org/10.3390/s18051573
Received: 16 April 2018 / Revised: 8 May 2018 / Accepted: 12 May 2018 / Published: 15 May 2018
Cited by 6 | PDF Full-text (1481 KB) | HTML Full-text | XML Full-text
Abstract
Vehicle ad hoc networks (VANETs) is a promising network scenario for greatly improving traffic efficiency and safety, in which smart vehicles can communicate with other vehicles or roadside units. For the availability of VANETs, it is very important to deal with the security [...] Read more.
Vehicle ad hoc networks (VANETs) is a promising network scenario for greatly improving traffic efficiency and safety, in which smart vehicles can communicate with other vehicles or roadside units. For the availability of VANETs, it is very important to deal with the security and privacy problems for VANETs. In this paper, based on certificateless cryptography and elliptic curve cryptography, we present a certificateless signature with message recovery (CLS-MR), which we believe are of independent interest. Then, a practical certificateless conditional privacy preserving authentication (PCPA) scheme is proposed by incorporating the proposed CLS-MR scheme. Furthermore, the security analysis shows that PCPA satisfies all security and privacy requirements. The evaluation results indicate that PCPA achieves low computation and communication costs because there is no need to use the bilinear pairing and map-to-point hash operations. Moreover, extensive simulations show that PCPA is feasible and achieves prominent performances in terms of message delay and message loss ratio, and thus is more suitable for the deployment and adoption of VANETs. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Secure and Usable User-in-a-Context Continuous Authentication in Smartphones Leveraging Non-Assisted Sensors
Sensors 2018, 18(4), 1219; https://doi.org/10.3390/s18041219
Received: 26 February 2018 / Revised: 5 April 2018 / Accepted: 11 April 2018 / Published: 16 April 2018
Cited by 3 | PDF Full-text (904 KB) | HTML Full-text | XML Full-text
Abstract
Smartphones are equipped with a set of sensors that describe the environment (e.g., GPS, noise, etc.) and their current status and usage (e.g., battery consumption, accelerometer readings, etc.). Several works have already addressed how to leverage such data for user-in-a-context continuous authentication, i.e., [...] Read more.
Smartphones are equipped with a set of sensors that describe the environment (e.g., GPS, noise, etc.) and their current status and usage (e.g., battery consumption, accelerometer readings, etc.). Several works have already addressed how to leverage such data for user-in-a-context continuous authentication, i.e., determining if the porting user is the authorized one and resides in his regular physical environment. This can be useful for an early reaction against robbery or impersonation. However, most previous works depend on assisted sensors, i.e., they rely upon immutable elements (e.g., cell towers, satellites, magnetism), thus being ineffective in their absence. Moreover, they focus on accuracy aspects, neglecting usability ones. For this purpose, in this paper, we explore the use of four non-assisted sensors, namely battery, transmitted data, ambient light and noise. Our approach leverages data stream mining techniques and offers a tunable security-usability trade-off. We assess the accuracy, immediacy, usability and readiness of the proposal. Results on 50 users over 24 months show that battery readings alone achieve 97.05% of accuracy and 81.35% for audio, light and battery all together. Moreover, when usability is at stake, robbery is detected in 100 s for the case of battery and in 250 s when audio, light and battery are applied. Remarkably, these figures are obtained with moderate training and storage needs, thus making the approach suitable for current devices. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information
Sensors 2018, 18(3), 878; https://doi.org/10.3390/s18030878
Received: 31 January 2018 / Revised: 4 March 2018 / Accepted: 13 March 2018 / Published: 15 March 2018
Cited by 1 | PDF Full-text (1200 KB) | HTML Full-text | XML Full-text
Abstract
With the development of the Internet-of-Things (IoT), wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly [...] Read more.
With the development of the Internet-of-Things (IoT), wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly attack target access points to crush the wireless network. In this paper, we propose a novel Sybil attack detection based on Channel State Information (CSI). This detection algorithm can tell whether the static devices are Sybil attackers by combining a self-adaptive multiple signal classification algorithm with the Received Signal Strength Indicator (RSSI). Moreover, we develop a novel tracing scheme to cluster the channel characteristics of mobile devices and detect dynamic attackers that change their channel characteristics in an error area. Finally, we experiment on mobile and commercial WiFi devices. Our algorithm can effectively distinguish the Sybil devices. The experimental results show that our Sybil attack detection system achieves high accuracy for both static and dynamic scenarios. Therefore, combining the phase and similarity of channel features, the multi-dimensional analysis of CSI can effectively detect Sybil nodes and improve the security of wireless networks. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function
Sensors 2018, 18(3), 760; https://doi.org/10.3390/s18030760
Received: 9 January 2018 / Revised: 19 February 2018 / Accepted: 22 February 2018 / Published: 2 March 2018
Cited by 5 | PDF Full-text (1057 KB) | HTML Full-text | XML Full-text
Abstract
With the fast development of the Internet of Things, Radio Frequency Identification (RFID) has been widely applied into many areas. Nevertheless, security problems of the RFID technology are also gradually exposed, when it provides life convenience. In particular, the appearance of a large [...] Read more.
With the fast development of the Internet of Things, Radio Frequency Identification (RFID) has been widely applied into many areas. Nevertheless, security problems of the RFID technology are also gradually exposed, when it provides life convenience. In particular, the appearance of a large number of fake and counterfeit goods has caused massive loss for both producers and customers, for which the clone tag is a serious security threat. If attackers acquire the complete information of a tag, they can then obtain the unique identifier of the tag by some technological means. In general, because there is no extra identifier of a tag, it is difficult to distinguish an original tag and its clone one. Once the legal tag data is obtained, attackers can be able to clone this tag. Therefore, this paper shows an efficient RFID mutual verification protocol. This protocol is based on the Physical Unclonable Function (PUF) and the lightweight cryptography to achieve efficient verification of a single tag. The protocol includes three process: tag recognition, mutual verification and update. The tag recognition is that the reader recognizes the tag; mutual verification is that the reader and tag mutually verify the authenticity of each other; update is supposed to maintain the latest secret key for the following verification. Analysis results show that this protocol has a good balance between performance and security. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
SmartVeh: Secure and Efficient Message Access Control and Authentication for Vehicular Cloud Computing
Sensors 2018, 18(2), 666; https://doi.org/10.3390/s18020666
Received: 2 January 2018 / Revised: 4 February 2018 / Accepted: 15 February 2018 / Published: 24 February 2018
Cited by 3 | PDF Full-text (1399 KB) | HTML Full-text | XML Full-text
Abstract
With the growing number of vehicles and popularity of various services in vehicular cloud computing (VCC), message exchanging among vehicles under traffic conditions and in emergency situations is one of the most pressing demands, and has attracted significant attention. However, it is an [...] Read more.
With the growing number of vehicles and popularity of various services in vehicular cloud computing (VCC), message exchanging among vehicles under traffic conditions and in emergency situations is one of the most pressing demands, and has attracted significant attention. However, it is an important challenge to authenticate the legitimate sources of broadcast messages and achieve fine-grained message access control. In this work, we propose SmartVeh, a secure and efficient message access control and authentication scheme in VCC. A hierarchical, attribute-based encryption technique is utilized to achieve fine-grained and flexible message sharing, which ensures that vehicles whose persistent or dynamic attributes satisfy the access policies can access the broadcast message with equipped on-board units (OBUs). Message authentication is enforced by integrating an attribute-based signature, which achieves message authentication and maintains the anonymity of the vehicles. In order to reduce the computations of the OBUs in the vehicles, we outsource the heavy computations of encryption, decryption and signing to a cloud server and road-side units. The theoretical analysis and simulation results reveal that our secure and efficient scheme is suitable for VCC. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Sensor Compromise Detection in Multiple-Target Tracking Systems
Sensors 2018, 18(2), 638; https://doi.org/10.3390/s18020638
Received: 30 December 2017 / Revised: 14 February 2018 / Accepted: 17 February 2018 / Published: 21 February 2018
Cited by 1 | PDF Full-text (1049 KB) | HTML Full-text | XML Full-text
Abstract
Tracking multiple targets using a single estimator is a problem that is commonly approached within a trusted framework. There are many weaknesses that an adversary can exploit if it gains control over the sensors. Because the number of targets that the estimator has [...] Read more.
Tracking multiple targets using a single estimator is a problem that is commonly approached within a trusted framework. There are many weaknesses that an adversary can exploit if it gains control over the sensors. Because the number of targets that the estimator has to track is not known with anticipation, an adversary could cause a loss of information or a degradation in the tracking precision. Other concerns include the introduction of false targets, which would result in a waste of computational and material resources, depending on the application. In this work, we study the problem of detecting compromised or faulty sensors in a multiple-target tracker, starting with the single-sensor case and then considering the multiple-sensor scenario. We propose an algorithm to detect a variety of attacks in the multiple-sensor case, via the application of finite set statistics (FISST), one-class classifiers and hypothesis testing using nonparametric techniques. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
IoT-Forensics Meets Privacy: Towards Cooperative Digital Investigations
Sensors 2018, 18(2), 492; https://doi.org/10.3390/s18020492
Received: 28 December 2017 / Revised: 25 January 2018 / Accepted: 4 February 2018 / Published: 7 February 2018
Cited by 6 | PDF Full-text (14818 KB) | HTML Full-text | XML Full-text
Abstract
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, [...] Read more.
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Secure Indoor Localization Based on Extracting Trusted Fingerprint
Sensors 2018, 18(2), 469; https://doi.org/10.3390/s18020469
Received: 3 January 2018 / Revised: 25 January 2018 / Accepted: 29 January 2018 / Published: 5 February 2018
Cited by 3 | PDF Full-text (3680 KB) | HTML Full-text | XML Full-text
Abstract
Indoor localization based on WiFi has attracted a lot of research effort because of the widespread application of WiFi. Fingerprinting techniques have received much attention due to their simplicity and compatibility with existing hardware. However, existing fingerprinting localization algorithms may not resist abnormal [...] Read more.
Indoor localization based on WiFi has attracted a lot of research effort because of the widespread application of WiFi. Fingerprinting techniques have received much attention due to their simplicity and compatibility with existing hardware. However, existing fingerprinting localization algorithms may not resist abnormal received signal strength indication (RSSI), such as unexpected environmental changes, impaired access points (APs) or the introduction of new APs. Traditional fingerprinting algorithms do not consider the problem of new APs and impaired APs in the environment when using RSSI. In this paper, we propose a secure fingerprinting localization (SFL) method that is robust to variable environments, impaired APs and the introduction of new APs. In the offline phase, a voting mechanism and a fingerprint database update method are proposed. We use the mutual cooperation between reference anchor nodes to update the fingerprint database, which can reduce the interference caused by the user measurement data. We analyze the standard deviation of RSSI, mobilize the reference points in the database to vote on APs and then calculate the trust factors of APs based on the voting results. In the online phase, we first make a judgment about the new APs and the broken APs, then extract the secure fingerprints according to the trusted factors of APs and obtain the localization results by using the trusted fingerprints. In the experiment section, we demonstrate the proposed method and find that the proposed strategy can resist abnormal RSSI and can improve the localization accuracy effectively compared with the existing fingerprinting localization algorithms. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
A Compact and Low Power RO PUF with High Resilience to the EM Side-Channel Attack and the SVM Modelling Attack of Wireless Sensor Networks
Sensors 2018, 18(2), 322; https://doi.org/10.3390/s18020322
Received: 9 December 2017 / Revised: 14 January 2018 / Accepted: 20 January 2018 / Published: 23 January 2018
Cited by 6 | PDF Full-text (808 KB) | HTML Full-text | XML Full-text
Abstract
Authentication is a crucial security service for the wireless sensor networks (WSNs) in versatile domains. The deployment of WSN devices in the untrusted open environment and the resource-constrained nature make the on-chip authentication an open challenge. The strong physical unclonable function (PUF) came [...] Read more.
Authentication is a crucial security service for the wireless sensor networks (WSNs) in versatile domains. The deployment of WSN devices in the untrusted open environment and the resource-constrained nature make the on-chip authentication an open challenge. The strong physical unclonable function (PUF) came in handy as light-weight authentication security primitive. In this paper, we present the first ring oscillator (RO) based strong physical unclonable function (PUF) with high resilience to both the electromagnetic (EM) side-channel attack and the support vector machine (SVM) modelling attack. By employing an RO based PUF architecture with the current starved inverter as the delay cell, the oscillation power is significantly reduced to minimize the emitted EM signal, leading to greatly enhanced immunity to the EM side-channel analysis attack. In addition, featuring superior reconfigurability due to the conspicuously simplified circuitries, the proposed implementation is capable of withstanding the SVM modelling attack by generating and comparing a large number of RO frequency pairs. The reported experimental results validate the prototype of a 9-stage RO PUF fabricated using standard 65 nm complementary-metal-oxide-semiconductor (CMOS) process. Operating at the supply voltage of 1.2 V and the frequency of 100 KHz, the fabricated RO PUF occupies a compact silicon area of 250 μ m 2 and consumes a power as low as 5.16 μ W per challenge-response pair (CRP). Furthermore, the uniqueness and the worst-case reliability are measured to be 50.17% and 98.30% for the working temperature range of −40∼120 C and the supply voltage variation of ±2%, respectively. Thus, the proposed PUF is applicable for the low power, low cost and secure WSN communications. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks
Sensors 2018, 18(1), 251; https://doi.org/10.3390/s18010251
Received: 12 December 2017 / Revised: 4 January 2018 / Accepted: 12 January 2018 / Published: 16 January 2018
Cited by 1 | PDF Full-text (829 KB) | HTML Full-text | XML Full-text
Abstract
Security is a critical challenge for the effective expansion of all new emerging applications in the Internet of Things paradigm. Therefore, it is necessary to define and implement different mechanisms for guaranteeing security and privacy of data interchanged within the multiple wireless sensor [...] Read more.
Security is a critical challenge for the effective expansion of all new emerging applications in the Internet of Things paradigm. Therefore, it is necessary to define and implement different mechanisms for guaranteeing security and privacy of data interchanged within the multiple wireless sensor networks being part of the Internet of Things. However, in this context, low power and low area are required, limiting the resources available for security and thus hindering the implementation of adequate security protocols. Group keys can save resources and communications bandwidth, but should be combined with public key cryptography to be really secure. In this paper, a compact and unified co-processor for enabling Elliptic Curve Cryptography along to Advanced Encryption Standard with low area requirements and Group-Key support is presented. The designed co-processor allows securing wireless sensor networks with independence of the communications protocols used. With an area occupancy of only 2101 LUTs over Spartan 6 devices from Xilinx, it requires 15% less area while achieving near 490% better performance when compared to cryptoprocessors with similar features in the literature. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks
Sensors 2017, 17(12), 2946; https://doi.org/10.3390/s17122946
Received: 11 November 2017 / Revised: 1 December 2017 / Accepted: 4 December 2017 / Published: 19 December 2017
Cited by 8 | PDF Full-text (980 KB) | HTML Full-text | XML Full-text
Abstract
As an essential part of Internet of Things (IoT), wireless sensor networks (WSNs) have touched every aspect of our lives, such as health monitoring, environmental monitoring and traffic monitoring. However, due to its openness, wireless sensor networks are vulnerable to various security threats. [...] Read more.
As an essential part of Internet of Things (IoT), wireless sensor networks (WSNs) have touched every aspect of our lives, such as health monitoring, environmental monitoring and traffic monitoring. However, due to its openness, wireless sensor networks are vulnerable to various security threats. User authentication, as the first fundamental step to protect systems from various attacks, has attracted much attention. Numerous user authentication protocols armed with formal proof are springing up. Recently, two biometric-based schemes were proposed with confidence to be resistant to the known attacks including offline dictionary attack, impersonation attack and so on. However, after a scrutinization of these two schemes, we found them not secure enough as claimed, and then demonstrated that these schemes suffer from various attacks, such as offline dictionary attack, impersonation attack, no user anonymity, no forward secrecy, etc. Furthermore, we proposed an enhanced scheme to overcome the identified weaknesses, and proved its security via Burrows–Abadi–Needham (BAN) logic and the heuristic analysis. Finally, we compared our scheme with other related schemes, and the results showed the superiority of our scheme. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Graphical abstract

Open AccessArticle
A Lightweight Anonymous Authentication Protocol with Perfect Forward Secrecy for Wireless Sensor Networks
Sensors 2017, 17(11), 2681; https://doi.org/10.3390/s17112681
Received: 27 September 2017 / Revised: 13 November 2017 / Accepted: 16 November 2017 / Published: 21 November 2017
Cited by 5 | PDF Full-text (1890 KB) | HTML Full-text | XML Full-text
Abstract
Due to their frequent use in unattended and hostile deployment environments, the security in wireless sensor networks (WSNs) has attracted much interest in the past two decades. However, it remains a challenge to design a lightweight authentication protocol for WSNs because the designers [...] Read more.
Due to their frequent use in unattended and hostile deployment environments, the security in wireless sensor networks (WSNs) has attracted much interest in the past two decades. However, it remains a challenge to design a lightweight authentication protocol for WSNs because the designers are confronted with a series of desirable security requirements, e.g., user anonymity, perfect forward secrecy, resistance to de-synchronization attack. Recently, the authors presented two authentication schemes that attempt to provide user anonymity and to resist various known attacks. Unfortunately, in this work we shall show that user anonymity of the two schemes is achieved at the price of an impractical search operation—the gateway node may search for every possible value. Besides this defect, they are also prone to smart card loss attacks and have no provision for perfect forward secrecy. As our main contribution, a lightweight anonymous authentication scheme with perfect forward secrecy is designed, and what we believe the most interesting feature is that user anonymity, perfect forward secrecy, and resistance to de-synchronization attack can be achieved at the same time. As far as we know, it is extremely difficult to meet these security features simultaneously only using the lightweight operations, such as symmetric encryption/decryption and hash functions. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
A CoAP-Based Network Access Authentication Service for Low-Power Wide Area Networks: LO-CoAP-EAP
Sensors 2017, 17(11), 2646; https://doi.org/10.3390/s17112646
Received: 26 September 2017 / Revised: 3 November 2017 / Accepted: 13 November 2017 / Published: 17 November 2017
Cited by 6 | PDF Full-text (1176 KB) | HTML Full-text | XML Full-text
Abstract
The Internet-of-Things (IoT) landscape is expanding with new radio technologies. In addition to the Low-Rate Wireless Personal Area Network (LR-WPAN), the recent set of technologies conforming the so-called Low-Power Wide Area Networks (LP-WAN) offers long-range communications, allowing one to send small pieces of [...] Read more.
The Internet-of-Things (IoT) landscape is expanding with new radio technologies. In addition to the Low-Rate Wireless Personal Area Network (LR-WPAN), the recent set of technologies conforming the so-called Low-Power Wide Area Networks (LP-WAN) offers long-range communications, allowing one to send small pieces of information at a reduced energy cost, which promotes the creation of new IoT applications and services. However, LP-WAN technologies pose new challenges since they have strong limitations in the available bandwidth. In general, a first step prior to a smart object being able to gain access to the network is the process of network access authentication. It involves authentication, authorization and key management operations. This process is of vital importance for operators to control network resources. However, proposals for managing network access authentication in LP-WAN are tailored to the specifics of each technology, which could introduce interoperability problems in the future. In this sense, little effort has been put so far into providing a wireless-independent solution for network access authentication in the area of LP-WAN. To fill this gap, we propose a service named Low-Overhead CoAP-EAP (LO-CoAP-EAP), which is based on previous work designed for LR-WPAN. LO-CoAP-EAP integrates the use of Authentication, Authorization and Accounting (AAA) infrastructures and the Extensible Authentication Protocol (EAP) protocol. For this integration, we use the Constrained Application Protocol (CoAP) to design a network authentication service independent of the type of LP-WAN technology. LO-CoAP-EAP represents a trade-off between flexibility, wireless technology independence, scalability and performance in LP-WAN. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Open AccessArticle
An Anti-Electromagnetic Attack PUF Based on a Configurable Ring Oscillator for Wireless Sensor Networks
Sensors 2017, 17(9), 2118; https://doi.org/10.3390/s17092118
Received: 2 August 2017 / Revised: 24 August 2017 / Accepted: 11 September 2017 / Published: 15 September 2017
Cited by 3 | PDF Full-text (2875 KB) | HTML Full-text | XML Full-text
Abstract
Wireless sensor networks (WSNs) are an emerging technology employed in some crucial applications. However, limited resources and physical exposure to attackers make security a challenging issue for a WSN. Ring oscillator-based physical unclonable function (RO PUF) is a potential option to protect the [...] Read more.
Wireless sensor networks (WSNs) are an emerging technology employed in some crucial applications. However, limited resources and physical exposure to attackers make security a challenging issue for a WSN. Ring oscillator-based physical unclonable function (RO PUF) is a potential option to protect the security of sensor nodes because it is able to generate random responses efficiently for a key extraction mechanism, which prevents the non-volatile memory from storing secret keys. In order to deploy RO PUF in a WSN, hardware efficiency, randomness, uniqueness, and reliability should be taken into account. Besides, the resistance to electromagnetic (EM) analysis attack is important to guarantee the security of RO PUF itself. In this paper, we propose a novel architecture of configurable RO PUF based on exclusive-or (XOR) gates. First, it dramatically increases the hardware efficiency compared with other types of RO PUFs. Second, it mitigates the vulnerability to EM analysis attack by placing the adjacent RO arrays in accordance with the cosine wave and sine wave so that the frequency of each RO cannot be detected. We implement our proposal in XINLINX A-7 field programmable gate arrays (FPGAs) and conduct a set of experiments to evaluate the quality of the responses. The results show that responses pass the National Institute of Standards and Technology (NIST) statistical test and have good uniqueness and reliability under different environments. Therefore, the proposed configurable RO PUF is suitable to establish a key extraction mechanism in a WSN. Full article
(This article belongs to the Special Issue Security, Trust and Privacy for Sensor Networks)
Figures

Figure 1

Sensors EISSN 1424-8220 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top