Selected Projects
Mobility Assisted Alert Propagation in Mobile Ad Hoc Networks
The need of pervasive and ubiquitous communication requires the capacity of automatic abnormality detection and reaction mechanisms. However, there is a gap between local "intrusion detection" and network-wide "response", when malicious nodes can move arbitrarily in the network. Alert propagation is designed to bridge the gap. After alert messages are propagated across the network, network nodes can adapt their routing behavior to prevent/nullify future attacks. It is challenging to design an efficient and reliable alert propagation scheme in mobile ad hoc networks to achieve large coverage, and defend against slander attacks, where attackers sends fake alert messages to defame legitimate nodes.We present a mobility-assisted alert propagation protocol, called Mobi-Herald, to achieve large coverage. Mobi-Herald alert propagation protocol allows message carriers to forward the message in parallel from different locations, and assimilate "multi-source broadcasting". Message overhead in alert propagation is limited by "times-to-send (TTS)" parameter, which is the maximum times that an alert message carrier transmits the message to its immediate neighbors. We evaluated the performance of Mobi-Herald protocol by both theoretical analysis and simulations.
iPDA: Integrity-Protecting Private Data Aggregation
In the future people-centric wireless sensor networks (e.g. urban sensing), people are no longer only consumers of sensed data, rather people and their immediate environments are sensed and collected by base station. Also, for economic viability, a senor network may support multiple concurrent applications in multiple domains. Therefore, security (data integrity) and privacy are major concerns. In this project we built protocols, which prevent privacy deficiency of individual sensed data and detect integrity violation of aggregated data.First, we devise two privacy-preserving data aggregation schemes called Cluster-based Private Data Aggregation (CPDA) and Slice-Mix-AggRegaTe (SMART) respectively. In the CPDA scheme, sensor nodes are formed randomly into clusters. Within each cluster, our design leverages algebraic properties of polynomials to calculate the desired aggregate value. At the same time, it guarantees that no individual node knows the data values of other nodes. The intermediate aggregate values in each cluster will be further aggregated (along an aggregation tree) on their way to the data sink. In the SMART scheme, each node hides its private data by slicing it into pieces and sends data slices to different neighboring aggregation nodes. After the pieces are received, intermediate nodes calculate intermediate aggregate values and further aggregate them to the sink. In both schemes, data privacy is preserved while aggregation is carrying out. Next, we build node-disjoint aggregation trees interweaving with each other in a sensor network, and apply privacy-preserving data aggregation schemes on each individual trees. As long as the inputs to the disjoint trees are the same from each sensor node, the final aggregation results should be the same from two disjoint aggregation trees. To our best knowledge, the iPDA scheme is light-weighted in terms of computation and communication.
SMOCK: A Scalable Method of Cryptographic Key Management
There are emerging needs of secure communications in mission-critical applications over wireless ad hoc networks, including battlefield communications, emergency rescue operations, and disaster recoveries. In these applications, it is important to support secure communications in "anywhere", "anytime" and "anyhow" manner with following attributes: data integrity, authentication, confidentiality, non-repudiation, and service availability.We design a self-contained key management scheme, called SMOCK. To avoid communication overhead for authentication (e.g. certificate exchange), all necessary cryptographic keys are stored at individual nodes before they are deployed in the incident area. We adopt combinatorial design on cryptographic keys to make efficient use of storage space. Hence, the required key storage space at individual nodes can be O(log N), if network size is N. The SMOCK scheme has been implemented in TCIP project.