Papers by Angelo Capossele
Toward trusted open data and services
Internet Technology Letters
Low-Cost Standard Signatures for Energy-Harvesting Wireless Sensor Networks
ACM Transactions on Embedded Computing Systems
This work is motivated by a general question: can micro-scale energy-harvesting techniques be exp... more This work is motivated by a general question: can micro-scale energy-harvesting techniques be exploited to support low-cost standard security solutions on resource-constrained devices? We focus on guaranteeing integrity and authentication in Internet of Things (IoT) and Wireless Sensor Network (WSN) applications. In this article, we propose techniques to make ECDSA signatures low cost and implementable on resource-constrained devices. By combining precomputation techniques and energy-harvesting capabilities of modern sensor nodes, we achieve significant improvement over prior works. In addition, we show that the cost of ECDSA signatures can be reduced by up to a factor 10 by using harvesting-aware optimizations.
R-Carp
Proceedings of the 10th International Conference on Underwater Networks & Systems - WUWNET '15, 2015
Toward trusted open data and services
Internet Technology Letters
In this paper we introduce R-CARP, a reputation based
channel aware routing protocol for underwat... more In this paper we introduce R-CARP, a reputation based
channel aware routing protocol for underwater acoustic sensor networks (UASNs). While many routing protocols have
been proposed for UASNs, solutions to secure routing protocols from attacks such as sinkhole attack and selective forwarding are still overlooked. These routing attacks can dramatically disrupt network performance, especially in some
application scenarios such as homeland security and critical
infrastructure monitoring, where a high reliability on message delivery is required. Designing secure and reliable protocols for UASNs is particularly challenging due to acoustic modems unique characteristics such as low bandwidth and bit rate, high propagation delays and high energy consumption when in transmit mode. The aim of this work is therefore to propose R-CARP, a secure and reliable routing protocol tailored to such communication constrained environment. R-CARP is an improved version of CARP, the
channel aware routing protocol presented in [5], enriched
with a reputation based mechanism to contrast malicious
node behavior. To secure R-CARP we employ BLS, a short
digital signature algorithm, exploiting its aggregation property to reduce the additional communication overhead. By means of simulation based performance evaluation, we show that, under attack, R-CARP is effective at bypassing malicious nodes and outperforms CARP in terms of packet delivery ratio (PDR) and energy per bit (EPB) by a factor of
up to 2, at the cost of a slight increment in terms of latency.
In this paper we introduce SecFUN, a security framework for underwater acoustic sensor networks (... more In this paper we introduce SecFUN, a security framework for underwater acoustic sensor networks (UASNs). Despite the increasing interest on UASNs, solutions to secure protocols from the network layer up to the application layer are still overlooked. The aim of this work is therefore manyfold. We first discuss common threats and countermeasures for UASNs. Then, we select the most effective cryptographic primitives to build our security framework (SecFUN). We show that SecFUN is flexible and configurable with different features and security levels to satisfy UASN deployment security requirements. SecFUN provides data confidentiality, integrity, authentication and non-repudiation by exploiting as building blocks AES in the Galois Counter Mode (GCM) and short digital signature algorithms. As a proof of concept of the proposed approach, we extend the implementation of the Channel-Aware Routing Protocol (CARP) to support the proposed cryptographic primitives. Finally, we run a performance evaluation of our proposed secure version of CARP in terms of the overall energy consumption and latency, employing GCM and the state of the art in short digital signature schemes such as ZSS, BLS and Quartz. Results show that a flexible and full-fledged security solution tailored to meet the requirements of UASNs can be provided at reasonable costs.
This paper proposes a Key Management Protocol for mo-
bile and industrial Internet of Things syst... more This paper proposes a Key Management Protocol for mo-
bile and industrial Internet of Things systems, targeting, at
the same time, robust key negotiation, lightweight node au-
thentication, fast re-keying, and efficient protection against
replay attacks. The proposed approach pragmatically lever-
ages widely accepted Elliptic Curve Cryptography construc-
tions, specifically the (Elliptic Curve) “Fixed” Diffie Hellman
key exchange and the (Elliptic Curve) Qu-Vanstone implicit
certificates. Our value added is their suitable integration
into a security protocol exchange, designed at layer 2, in the
802.15.4 protocol stack, which permits to i) avoid Elliptic
Point multiplications upon rekeying of previously paired de-
vices, and ii) support mutual authentication while securing
the protocol exchange. To prove its viability, the proposed
Key Management Protocol has been implemented and as-
sessed on severely constrained devices. As expected, but
made explicit and quantified by our experimental perfor-
mance evaluation, the usage of implicit certificates in con-
junction with an optimized message exchange yields impres-
sive gains in terms of airtime consumption with respect to
state of the art schemes.
The growing number of applications based on Internet of Things (IoT) technologies is pushing towa... more The growing number of applications based on Internet of Things (IoT) technologies is pushing towards standardized protocol stacks for machine-to-machine (M2M) communication and the adoption of standard-based security solutions, such as the Datagram Transport Layer Security (DTLS). Despite the huge diffusion of DTLS, there is a lack of optimized implementations tailored to resource constrained devices. High energy consumption and long delays of current implementations limit their effective usage in real-life deployments. The aim of this paper is to explain how to integrate the DTLS protocol inside the Constrained Application Protocol (CoAP), exploiting Elliptic Curve Cryptography (ECC) optimizations and minimizing ROM occupancy. We have implemented our solution on an off-the-shelf mote platform and evaluated its performance. Results show that our ECC optimizations outperform priors scalar multiplication in state of the art for class 1 mote platforms, and improve network lifetime by a factor of up to 6.5 with respect to a standard-based not optimized implementation.
Effective pre-computation techniques have been proposed almost 15 years ago for trimming the cost... more Effective pre-computation techniques have been proposed almost 15 years ago for trimming the cost of modular
exponentiations at the basis of several standard signature and
key management schemes, such as the (Elliptic Curve) Digital
Signature Algorithm or Diffie-Hellman key exchange. Despite
their promises, the actual application of such techniques in the
wireless sensor security arena has been apparently overlooked,
and most of the research effort has rather focused on the
identification of alternative
lightweight
constructions. However,
modern sensor are equipped with relatively large flash memories
which make memory consumption a less critical requirement,
and emerging energy harvesting technologies provide occasional
energy peaks which could be exploited for anticipating otherwise
costly computational tasks. These trends push for a reconsideration of pre-computation techniques, which are explored in this
paper as follows: (1) we further optimize prior pre-computation
techniques by exploiting more recent results on Cayley graph
expanders, (2) we implement an ECDSA scheme relying on
pre-computations over two different wireless sensor node platforms (TelosB and MICA2), and (3) we experimentally assess
the relevant performance and energy costs. In the traditional
scenario of wireless sensor networks without energy harvesting,
our prototype ECDSA implementation, despite still not fully
optimized, outperforms prior work by almost 50%, and achieves
an efficiency superior to NTRU signatures, natural candidates for
low-power devices. Finally, (4) we quantitatively discuss ways to
exploit harvested energy peaks to further improve efficiency.
This work is motivated by a general question: can energy harvesting capabilities embedded in mode... more This work is motivated by a general question: can energy harvesting capabilities embedded in modern sensor nodes be exploited so as to support security
mechanisms which otherwise would be too demanding and hardly viable?
More specifically, in this work we focus on the support of extremely powerful,
but complex, fine-grained data-centric access control mechanisms based on
multi-authority Ciphertext Policy Attribute Based Encryption (CP-ABE).
By integrating access control policies into the (encrypted) data, such mechanisms do not require any server-based access control infrastructure and are
thus highly desirable in many wireless sensor network scenarios. However,
as concretely shown by a proof-of-concept implementation first carried out
in this paper on TelosB and MicaZ motes, computational complexity and
energy toll of state-of-the-art multi-authority CP-ABE schemes are still critical. We thus show how to mitigate the relatively large energy consumption
of the CP-ABE cryptographic operations by proposing
AGREE
(Access
control for GREEn wireless sensor networks), a framework which exploits
energy harvesting opportunities to pre-compute and cache suitably chosen
CP-ABE-encrypted keys, so as to minimize the need to perform CP-ABE
encryptions when no energy from harvesting is available. We assess the performance of
AGREE
by means of simulation and actual implementation,
and by validating its operation with real-world energy-harvesting traces collected indoors by Telos B motes equipped with photovoltaic cells, as well as
publicly available traces of radiant light energy. Our results show that complex security mechanisms may become significantly less demanding when
implemented so as to take advantage of energy harvesting opportunities.
Despite recent improvements of the capabilities of Wireless
Sensor Networks (WSN) nodes, network ... more Despite recent improvements of the capabilities of Wireless
Sensor Networks (WSN) nodes, network protocol support
for key management is still lagging behind. While in traditional networks well known protocol suites (e.g., IPsec IKE
and the TLS handshake), are commonly used for flexible negotiation of the cryptographic and key exchange protocols,
to the best of our knowledge no similar support has been
provided for the same operation in WSNs. The goal of this
paper is therefore threefold. We discuss the design of a flex-
ible security negotiation protocol for WSNs, and we suggest
to adapt TLS handshake ideas to obtain maximum flexibility. We design and implement a security association set up
protocol, tailored to the resource constraints and limits of
WSN nodes. Finally, we run an experimental assessment of
this protocol operations in support of RSA key transport,
Elliptic Curve Diffie-Hellman key agreement, and Identity
Based Encryption key agreement.
Conferences and Workshops by Angelo Capossele
IEEE SECON 2016
Wake-up-radio-based sensing systems make use of radio-triggering techniques and ultra-low power w... more Wake-up-radio-based sensing systems make use of radio-triggering techniques and ultra-low power wake-up receivers (WuRs) to enable on-demand asynchronous network wake ups. Thanks to this, they have the potential to achieve low latency data collection at minimum energy cost, thus meeting the challenging lifetime and quality-of-service demands of emerging Internet of Things (IoT) and Wireless Sensor Networks (WSNs) applications. However, the fact that nodes can be remotely activated on-demand makes wake-up-radio-based networks vulnerable to energy exhausting attacks. In this paper, with a focus on practical implementation and validation, we present a full-fledged solution to counteract Denial-of-Sleep (DoS) attacks to wake-up-radio-based sensing systems. A core component of our proposed solution is a key exchange protocol based on Elliptic Curve Cryptography (the Fully Hashed MQV protocol), which we use in conjunction with implicit certificates.
Uploads
Papers by Angelo Capossele
channel aware routing protocol for underwater acoustic sensor networks (UASNs). While many routing protocols have
been proposed for UASNs, solutions to secure routing protocols from attacks such as sinkhole attack and selective forwarding are still overlooked. These routing attacks can dramatically disrupt network performance, especially in some
application scenarios such as homeland security and critical
infrastructure monitoring, where a high reliability on message delivery is required. Designing secure and reliable protocols for UASNs is particularly challenging due to acoustic modems unique characteristics such as low bandwidth and bit rate, high propagation delays and high energy consumption when in transmit mode. The aim of this work is therefore to propose R-CARP, a secure and reliable routing protocol tailored to such communication constrained environment. R-CARP is an improved version of CARP, the
channel aware routing protocol presented in [5], enriched
with a reputation based mechanism to contrast malicious
node behavior. To secure R-CARP we employ BLS, a short
digital signature algorithm, exploiting its aggregation property to reduce the additional communication overhead. By means of simulation based performance evaluation, we show that, under attack, R-CARP is effective at bypassing malicious nodes and outperforms CARP in terms of packet delivery ratio (PDR) and energy per bit (EPB) by a factor of
up to 2, at the cost of a slight increment in terms of latency.
bile and industrial Internet of Things systems, targeting, at
the same time, robust key negotiation, lightweight node au-
thentication, fast re-keying, and efficient protection against
replay attacks. The proposed approach pragmatically lever-
ages widely accepted Elliptic Curve Cryptography construc-
tions, specifically the (Elliptic Curve) “Fixed” Diffie Hellman
key exchange and the (Elliptic Curve) Qu-Vanstone implicit
certificates. Our value added is their suitable integration
into a security protocol exchange, designed at layer 2, in the
802.15.4 protocol stack, which permits to i) avoid Elliptic
Point multiplications upon rekeying of previously paired de-
vices, and ii) support mutual authentication while securing
the protocol exchange. To prove its viability, the proposed
Key Management Protocol has been implemented and as-
sessed on severely constrained devices. As expected, but
made explicit and quantified by our experimental perfor-
mance evaluation, the usage of implicit certificates in con-
junction with an optimized message exchange yields impres-
sive gains in terms of airtime consumption with respect to
state of the art schemes.
exponentiations at the basis of several standard signature and
key management schemes, such as the (Elliptic Curve) Digital
Signature Algorithm or Diffie-Hellman key exchange. Despite
their promises, the actual application of such techniques in the
wireless sensor security arena has been apparently overlooked,
and most of the research effort has rather focused on the
identification of alternative
lightweight
constructions. However,
modern sensor are equipped with relatively large flash memories
which make memory consumption a less critical requirement,
and emerging energy harvesting technologies provide occasional
energy peaks which could be exploited for anticipating otherwise
costly computational tasks. These trends push for a reconsideration of pre-computation techniques, which are explored in this
paper as follows: (1) we further optimize prior pre-computation
techniques by exploiting more recent results on Cayley graph
expanders, (2) we implement an ECDSA scheme relying on
pre-computations over two different wireless sensor node platforms (TelosB and MICA2), and (3) we experimentally assess
the relevant performance and energy costs. In the traditional
scenario of wireless sensor networks without energy harvesting,
our prototype ECDSA implementation, despite still not fully
optimized, outperforms prior work by almost 50%, and achieves
an efficiency superior to NTRU signatures, natural candidates for
low-power devices. Finally, (4) we quantitatively discuss ways to
exploit harvested energy peaks to further improve efficiency.
mechanisms which otherwise would be too demanding and hardly viable?
More specifically, in this work we focus on the support of extremely powerful,
but complex, fine-grained data-centric access control mechanisms based on
multi-authority Ciphertext Policy Attribute Based Encryption (CP-ABE).
By integrating access control policies into the (encrypted) data, such mechanisms do not require any server-based access control infrastructure and are
thus highly desirable in many wireless sensor network scenarios. However,
as concretely shown by a proof-of-concept implementation first carried out
in this paper on TelosB and MicaZ motes, computational complexity and
energy toll of state-of-the-art multi-authority CP-ABE schemes are still critical. We thus show how to mitigate the relatively large energy consumption
of the CP-ABE cryptographic operations by proposing
AGREE
(Access
control for GREEn wireless sensor networks), a framework which exploits
energy harvesting opportunities to pre-compute and cache suitably chosen
CP-ABE-encrypted keys, so as to minimize the need to perform CP-ABE
encryptions when no energy from harvesting is available. We assess the performance of
AGREE
by means of simulation and actual implementation,
and by validating its operation with real-world energy-harvesting traces collected indoors by Telos B motes equipped with photovoltaic cells, as well as
publicly available traces of radiant light energy. Our results show that complex security mechanisms may become significantly less demanding when
implemented so as to take advantage of energy harvesting opportunities.
Sensor Networks (WSN) nodes, network protocol support
for key management is still lagging behind. While in traditional networks well known protocol suites (e.g., IPsec IKE
and the TLS handshake), are commonly used for flexible negotiation of the cryptographic and key exchange protocols,
to the best of our knowledge no similar support has been
provided for the same operation in WSNs. The goal of this
paper is therefore threefold. We discuss the design of a flex-
ible security negotiation protocol for WSNs, and we suggest
to adapt TLS handshake ideas to obtain maximum flexibility. We design and implement a security association set up
protocol, tailored to the resource constraints and limits of
WSN nodes. Finally, we run an experimental assessment of
this protocol operations in support of RSA key transport,
Elliptic Curve Diffie-Hellman key agreement, and Identity
Based Encryption key agreement.
Conferences and Workshops by Angelo Capossele