Abstract not found

Secure communications in wireless sensor networks operating under adversarial conditions require providing pairwise (symmetric) keys to sensor nodes. In large scale deployment scenarios, there is no priory knowledge of post deployment network configuration since nodes may be randomly scattered over a hostile territory. Thus, shared keys must be distributed before deployment to provide each node a key-chain. For large sensor networks it is infeasible to store a unique key for all other nodes in the key-chain of a sensor node. Consequently, for secure communication either two nodes have a key in common in their key-chains and they have a wireless link between them, or there is a path, called key-path, among these two nodes where each pair of neighboring nodes on this path have a key in common. Length of the key-path is the key factor for efficiency of the design. This paper presents novel deterministic and hybrid approaches

A one-way hashing algorithm is a deterministic algorithm that compresses an arbitrary long message into a value of specified length. The output value represents the fingerprint or digest of the message. A cryptographically useful property of a one-way hashing algorithm is that it is infeasible to find two distinct messages that have the same fingerprint. This paper proposes a one-way hashing algorithm called HAVAL. HAVAL compresses a message of arbitrary length into a fingerprint of 128, 160, 192, 224 or 256 bits. In addition, HAVAL has a parameter that controls the number of passes a message block (of 1024 bits) is processed. A message block can be processed in 3, 4 or 5 passes. By combining output length with pass, we can provide fifteen (15) choices for practical applications where different levels of security are required. The algorithm is very efficient and particularly suited for 32-bit computers which predominate the current workstation market. Experiments show that HAVAL is 60%...

this paper is to evaluate the key distribution solutions. Depending on application types, it is possible to discuss: (i) network architectures such as distributed or hierarchical, (ii) communication styles such as pair-wise (unicast), group-wise (multicast) or network-wise (broadcast), (iii) security requirements such as authentication, confidentiality or integrity, and (iv) keying requirements such as pre-distributed or dynamically generated pair-wise, group-wise or network-wise keys. In this paper, we provide a comparative survey, and taxonomy of solutions. It may not be always possible to give strict quantitative comparisons; however, there are certain metrics, as described in the next section, that can be used to evaluate the solutions. The structure of the paper is as follows: in Section 2 common terms and definitions are given, in Section 3 network models are defined, in Section 4 security vulnerabilities and requirements are discussed, in Sections 5 and 6 key distribution solutions are evaluated, and finally in Section 7 we provide summary and discussions

We explore new techniques for the use of cryptographic puzzles as a countermeasure to Denial-of-Service (DoS) attacks.

. This paper investigates security proofs for protocols that employ asymmetric (public-key) techniques to solve two problems: entity authentication and authenticated key transport. A formal model is provided, and a definition of the goals within this model is supplied. Two protocols are presented and proven secure within this framework, given the existence of certain cryptographic primitives. The practical implementation of these protocols is discussed. We emphasize the relevance of these theoretical results to the security of systems used in practice. In particular, our results imply the security of some protocols standardized by ISO [15, 16] and NIST [20] in the model proposed. This work is heavily influenced by the work of Bellare and Rogaway [1, 5], who demonstrate proven secure protocols for these problems using symmetric cryptosystems. Our paper is an extension of their work to the public-key setting. 1 Introduction The key transport problem is stated as follows: one entity wis...

This technical point will prevent the reader from suspecting any measure-theoretic fallacy.

Typically routing is either scalable but inflexible, such as current Internet routing, or flexible but unscalable, such as source routing with with per-flow route discovery. In this paper we argue that to achieve both flexibility and scalability, customized routing should be offered as a service by thirdparty providers. The logical separation of routing from forwarding allows different route selection mechanisms to coexist and to evolve over time as routing requirements change. 1

We present Brahms, an algorithm for sampling random nodes in a large dynamic system prone to malicious behavior. Brahms stores small membership views at each node, and yet overcomes Byzantine attacks by a linear portion of the system. Brahms is composed of two components. The first one is a resilient gossip-based membership protocol. The second one uses a novel memory-efficient approach for uniform sampling from a possibly biased stream of ids that traverse the node. We evaluate Brahms using rigorous analysis, backed by simulations, which show that our theoretical model captures the protocol’s essentials. We study two representative attacks, and show that with high probability, an attacker cannot create a partition between correct nodes. We further prove that each node’s sample converges to a uniform one over time. To our knowledge, no such properties were proven for gossip protocols in the past.

Abstract — Client puzzles have been proposed in a number of protocols as a mechanism for mitigating the effects of distributed denial of service (DDoS) attacks. In order to provide protection against simultaneous attacks across a wide range of applications and protocols, however, such puzzles must be placed at a layer common to all of them; the network layer. Placing puzzles at the IP layer fundamentally changes the service paradigm of the Internet, allowing any device within the network to push load back onto those it is servicing. An advantage of network layer puzzles over previous puzzle mechanisms is that they can be applied to all traffic from malicious clients, making it possible to defend against arbitrary attacks as well as making previously voluntary mechanisms mandatory. In this paper, we outline goals which must be met for puzzles to be deployed effectively at the network layer. We then describe the design, implementation, and evaluation of a system that meets these goals by supporting efficient, fine-grained control of puzzles at the network layer. In particular, we describe modifications to existing puzzle protocols that allow them to work at the network layer, a hint-based hash-reversal puzzle that allows for the generation and verification of fine-grained puzzles at line speed in the fast path of high-speed routers, and aniptables implementation that supports transparent deployment at arbitrary locations in the network. I.