Securing Wireless Applications and Networks
Project Objectives:
This project seeks to develop a suite of security solutions that will be targeted at the next generation of threats to be faced by computing and communication applications in future wireless networks. This project is a multi-faceted effort, aimed at addressing security needs for both the application as well as the underlying network. The proposed security protocols will be suitable for providing data confidentiality and authentication in cellular (3G), ad hoc, and WLAN networks. One component of this effort is the development of a trusted computing infrastructure for sensor applications through the design of self-monitoring and self-healing wireless networks capable of responding to denial of servce and RF jamming attacks. Further, in order to support new classes of location-based services in the future (such as ensuring that a laptop cannot be taken from a building or that a file can only be accessed inside a secure room), this project is investigating robust methodologies for determining device location and methods for enforcing security policies based on this location information. The overall goal of this project is to design a general wireless security architecture that meets the full range of future application and network needs, while also supporting the graceful migration from current security implementations.

Technology Rationale:
The rapid adoption of WLAN technologies, in conjunction with the steady development of cellular technologies, promises to provide high throughput to the user as well as ubiquitous coverage. One hurdle that threatens the introduction of new services on future wireless networks is the lack of thorough and well-defined security solutions that meet the challenges posed by wireless networks. We believe that an integrated approach to security development, which considers both network and application specific issues, is critical to facilitating the ultimate deployment of a secure, pervasive computing infrastructure. In particular, security algorithms and protocols for wireless computing must be designed to consider the resource limitations of network nodes, the mobility of network nodes, and the underlying interworking of wireless networks. Further, since wireless devices will function in open environments, these networks will quite often face natural and malicious threats. Therefore, wireless networks must be able to adapt and heal themselves in the presence of active and passive threats. Finally, with the proliferation of an underlying communication infrastructure will come increased sharing of digital content, necessitating the development of solutions that will enforce digital rights management policies.

Technical Approach:
In order to provide trusted computing and communication for the broad variety of current and future wireless networks, WINLAB has initiated several security-related research initiatives: 

• Authentication in Hierarchical Ad Hoc Networks: The analysis and development of resource-efficient authentication and key predistribution schemes for hierarchical ad hoc networks.
• Self-Healing Ad Hoc Networks: Protocol development for ad hoc networks capable of repairing themselves in the presence of faults and adversarial attacks.
• Multicast Security for Third Generation (3G) Wireless Networks: The evaluation of current multicast security solutions for the 3G network, and the development of improved group key management and authentication protocols for cellular networks.
• Secure Interworking in 4G: Authentication and provably secure protocols during mobile node migration across coexisting wireless networks with varying security policies.
• Media Rights Management: Fingerprinting and traitor tracing for the unintended leakage of multimedia content.
• Secure Localization and Location-Based Security : Robust statistical methods suitable for localizing wireless devices in the presence of malicious adversaries.
• Privacy Augmented Relaying of Information from Sensors (PARIS): New routing protocols, traffic shaping methodologies, and physical layer communication techniques that enhance the contextual privacy surrounding sensor communications.

Results to Date and Future Work Plan:
The security group within the MobiNets lab has recently developed a light-weight alternative to conventional public key certificates that is based upon symmetric cryptography and the principles of delayed key disclosure. Currently, TESLA certificates are being integrated into an authentication framework that is being developed for hierarchical ad hoc sensor networks. The 3G multicast security effort is currently developing key management schemes suitable for the proposed 3GPP multicast models. A prototype secure chat application has been developed in J2ME that will be used to test key management protocols for 3G networks. A simulation environment for studying routing protocols in sensor networks has been developed, and several new routing protocols have been proposed to enhance the privacy of sensor communications. Additionally, a project has been started to develop jamming-resistant wireless networks, and a small-scale sensor communication prototype built using the Mica platform has demonstrated the feasibility of two strategies to defend against jamming-style DoS. Finally, in order to protect the usage policies of multimedia content from attacks mounted by coalitions of adversaries, collusion-resistant multimedia fingerprinting techniques are being developed.