Journal of Information Assurance and Security Secure and Trusted innetwork Data Processing - PDF document

536 views
Uploaded On 2014-12-03

Journal of Information Assurance and Security Secure and Trusted innetwork Data Processing - PPT Presentation

Maurice Donat 06250 Mougins France Emailnamesurnamesapcom Abstract Innetwork data processing in wireless sensor net works WSN is a rapidly emerging research topic The dis tributed processing could have several advantages for wireless sensor networks ID: 20127

Maurice Donat 06250 Mougins

Link:

Copy

Embed:

<iframe width="560" height="315" src="https://www.docslides.com/embed/20127" frameborder="0" allowfullscreen></iframe>

Download Presentation from below link

Download Pdf The PPT/PDF document "Journal of Information Assurance and Sec..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

190Sorniotti,Gomez,WronaandOdoricoapproachistoachievehop-by-hopencryptionandintegrityprotection.However,nodescanbecapturedandthedisclo-sureoftheirkeymaterialcanleadtothedisclosureofrawdataandpartialresults,ormaliciousmodicationofdata.Inparticular,thepackagingofsensornodescanalsobeaf-fectedbythelow-costrequirements,notallowingfortamper-resistantdevices:hence,nodesmaybecapturedandtheirsecretmaterialcanbedisclosedtoanattacker.Toovercomethisproblem,techniquesareproposed,thatexploitend-to-endencryptioninconjunctionwithparticularkeydistribu-tionmechanisms,homomorphicencryptionschemesorpubliccryptographicschemes.Nevertheless,inordertomakesen-sornetworkseconomicallyviable,sensordevicesarelimitedintheirenergy,computationandcommunicationcapabilities;hencetheseschemeshavetotakeintoaccountthetechnicalandeconomicconstraints.Oncedatahasbeensensedandpossiblyprocessedbynodes,itmustbedeliveredtodatasinks,i.e.nodesthatareresponsibleforgatheringdataandpassingittoapplicationgateways.Applicationgatewaysarenodesthatareresponsi-bletodeliverdatatotherealpointofexploitation.Thesinknodesandgatewaysmaysuerconstitutesinglepointoffail-ure,giventhattheyarenormallymuchlessnumerousthanwirelessnodes.Sinksandgateways,beingtheeventualdes-tinationofdata,arealsotheperfectpointofattackinordertogetaccesstodata,modifyitorsupplyfalsedata.Coun-termeasurestosuchattacksincludemutualauthenticationofthegatewayandthenodes,ensuringthatboththegatewayisentitledtoreceivedataandthatthedataissentbylegitimatenodes.HigherlayersofaWSNdeploymentincludeamiddlewarelayerandanapplicationlayer.Inadditiontoprovidingim-portantfunctionalservice,WSNcanbeseenalsoasasourceofexternalriskstothemiddlewareandapplications,asnet-worklayercanbeusedasmeanstoattackthem.Astraight-forwardexamplecanbetheusageofacapturedsensornodetosupplyaparticularlycraftedinputtothemiddlewarelayer,inordertoexploitsoftwarevulnerabilitiessuchasbuerover- ows.Cross-layersecurityconsiderationsinWSNareoftenre-latedtothelimitedresourcesofsensornodesintermsofen-ergy,computationandcommunicationcapabilities.Wewanttostresshowever,thatthismightnotalwaysbetrue:indeedWSNscanalsobedeployedinscenariosthatjustifymorepowerfulnodes,e.g.inautomotive.Iflimitedresourcesisthecase,theneverylayercanbeexposedtoover-consumptionattacks.Suchdenialofserviceattacksdonotnecessarilyjustfocusondepletionofbatteries,butalsoofmemoryorcom-putationalresources.Thedepletionattacksnormallyaimatrequestingahugeamountofnon-legitimateworkbythesen-sornodesinsothattherearenoresourcesleftforlegitimaterequests.OtherriskscanbecategorizedasgeneralrisksassociatedwiththeusageofWSNs.Oneofthemistheso-calledfunc-tioncreep.Afunctioncreepiswhatoccurswhenanitem,process,orproceduredesignedforaspecicpurposeendsupservinganotherpurposeforwhichitwasneverplannedtoperform.Forinstance,anubiquitouslydeployedWSNscanallowsecretsurveillance,whichwasnotplannedasoneoftheintendedusages.Theprotectionagainstsuchthreatisnotstraightforwardsincesurveillancecantakemanydierentforms.Moreover,thecountermeasurescanrequireanimple-mentationandenforcementoflegalmechanismsandnotjusttechnicalsolutions.3TrustChallengesinWirelessSensorNetworkSensornodesusedintypicalWSNarenottamper-resistantdevices(63),mostlyduetothecostandpowerconstraints.Weakphysicalsecurityprotectionimpliesthatanattackercanrelativelyeasycaptureandanalyzenodesorintroducenewmaliciousnodes.Whenanodeiscompromised,allthecryptographicmaterialisdisclosedtotheattacker.Thisma-terialistypicallyusedforencryptionandauthenticationofexchangedsensordata.Bycapturingthecryptographicma-terial,theattackercangeneratenewmaliciouscodeinclud-ingpropercryptographicmechanisms.Theattackercanalsodisseminateforgedsensordatainaproperlyencryptedandauthenticatedmanner.HisobjectiveisoftentodisruptthenormalbehavioroftheWSNandcompromisein-networkdataprocessing.Dependingonhisstrategy,theattackercanin- uencein-networkdataprocessinginlong-termorinshortterm.Inthecaseoflong-termattacks,theattackercanaimatskewingin-networkdataprocessingwithoutbeingdetected.ItpermitshimtocontroltheWSNbehavior,andtoin uenceapplicationdecisionsbasedonin-networkdataprocessing.Inthecaseofshorttermattacks,theattackermightnotcareaboutbeingdetected,andaimatmakingtheWSNinopera-ble.Analternativeapproachtotheproblemofcompromisednodesconsistsofevaluatingtrustworthinessofsensordata.Whencollectingoraggregatingsensordata,weaimatcom-putingthedistancebetweentherealandthedeliveredsensorvalue.Thisdistanceisrelatedtosensorcharacteristics(e.g.accuracy,qualityofservice,resiliencetofailure),itsrepu-tationintheWSN,andthesensordatavalueitself.Fewapproacheshavebeenalreadyproposedintheliteraturefordeterminingthetrustworthinessofin-networkprocessingofsensordata.ThoseapproacheswillbediscussedinSection6.In-networkevaluationoftrustworthinessofsensordataisbased,e.g.,onprobabilitytheory.Thetrustinformationcanthusbeusedinordertodetermineifthesensordatashouldbeskippedorbeusedforfurtherdataprocessing.Unfortu-nately,thescalabilityofthoseapproachesisstillquestionable.Actually,theeciencyofthoseapproachesistightlyrelatedtothenumberofnodesinvolvedintheWSN.4SecurityandTrustPrimitivesInthissectionwewillintroducethebasicsecurityandtrustprimitivesthatareneededtoachievesecureandtrustedin-networkdataprocessing.SomeofthecommoncryptographicschemesarenotsuitableforWSNenvironmentduetothepar-ticularcharacteristicsofWSNs.Forinstance,limitedenergysupplycallsforusageoftheshortestpossiblekeysrequiredinordertoachievetheadequatelevelofsecurity.Thelackoftamper-resistancecallsformechanismswherethecaptureofintermediatenodesdoesnotallowtodiscloseallsensordata,orformechanismsfordeterminingthetrustworthinessofsensordata.TherstprimitivethatweintroduceisEllipticCurveCryp-tography(ECC).Ellipticcurvecryptographyisanapproachtopublickeycryptographybasedonthealgebraicstructureof 192Sorniotti,Gomez,WronaandOdoricoonaMICAznoderunningTinyOS.Theobtainedaverageex-ecutiontimetocomputeapairingwas30.21s.Thecostscon-cerningRAMandROM ashmemorywere1831and18384bytes,respectively.Guraetal.in(26)documentedtheirex-perimentswithanAtmelATmega128at8MHz.TheymadeacomparisonbetweenECCandRSAonthis8-bitCPUinordertoevaluatetheexecutiontimeandthememorycostfordierentoperationswiththesetwoapproaches.Theyveri-edthata160-bitECCpointmultiplicationrequiresaroundhalfofthememoryspaceandasimilarexecutiontimeofaRSA-1024operation.TherelativeperformanceadvantageofECCpointmultiplicationoverRSAmodularexponentiationincreaseswiththedecreaseintheprocessorwordsizeandtheincreaseinthekeysize.ThetwomainparametersthatareusedtocharacterizeanECCsystemarethekeysizeandthesecuritymultiplier.Con-cerningthekeysize,formostPBCschemes(includingIBE)securityrequirementscanbesatisedbychoosingitequalto160bits.However,inWSNthesystemsecurityrequirementsareoftenrelaxed(51)inordertoincreaseeciency.Thisisoftenpossiblebecauseoftherelativelyshortsystemlifetime,especiallywhenthegoalisnottoprotecteachnodeindi-vidually,butthenetworkoperationasawhole.ThelargestbrokenEllipticCurveDiscreteLogarithmicProblemyethad109bitskeysizeovertheniteeldF(2109)andittook17months(13)tobreakit.Instead,thelargestbrokenDis-creteLogarithmicProblemyethad160digitskeysize(33).Therefore,itseemsthateven128bitsECCkeysizeisabletosecuresensitiveinformationinsensornetworks.Forexample,in(3)acurveoverF(2113)waschosenasitoersabout16timesmoresecuritythan109bits,whichseemsenoughsecurityfortodayshardware.Batinaetal.(2)assumedintheirworkthatECCoverF(2131)providesagoodlevelofsecurityfortheirapplication.Thekeysizeisnottheonlyimportantparameter.Infact,duringthecreationofthesystemonecanchooseaspecicvalueofK,alsocalledthesecuritymultiplierK.ThevalueofKiscrucialasallthepairingscomputationsareactuallygoingtobeperformedinE(Fpk),withEbeinganellipticcurvestudiedoverFpk.ApairingcanbecomputedecientlyifKissmall.Super-singularcurvesareaparticularkindofcurves,whichimposeasmallnumberofpossiblegroupstructuresanddependonthenumberofpointsintheE(Fpk).Supersingularcurves,althoughinthepastusedtobeavoidedincryptographybe-causetheyaremorevulnerabletosomespecicattacks,letthesecuritymultiplierbeK6.Itisknownfrom(60)that,withK=2,1024bitsniteeldisroughlyequivalentto512bitsonthecorrespondingellipticcurve.IfK=3,itisequivalentto340bits.IfKbecomesbig,theratioisnotthesame:1024bitssecurityonniteeldisnotequivalentto51bitsecurityonellipticcurves,itisratherequivalentto160bits.Fornon-supersingularcurves,Kcouldbegreater(10K50).Ifthesecurityparameterislargeitisgoodfromasecuritypointofview,becauseitisdirectlyproportionaltothesystemlevelofsecurity,butthecomputationwillbehard.ThechoiceofKthusdependsonthesetwoproperties.4.2PrivacyhomomorphismAprivacyhomomorphismisafamilyoffunctions(ek;dk;; ),suchthatdk( (ek(m1);:::;ek(mr)))=(m1;:::;mr)foreachkeykinsomekeyspaceandforanyminsomemessagespace.Privacyhomomorphisms(PH)wererstintroducedin(54).TheauthorsalreadynoticedthatifagivenPHallowstoevaluatethepredicateandallowsanattackertogenerateencryptedversionsofconstants,thentheschemedoesnotprovidecondentiality,asabinarysearchstrategycaneasilyrevealtheencryptedvalue.Althoughtheschemesproposedin(54)werebrokenin(7),PHshavebeensincethenanim-portantresearchtopic.ThetwomostcommonvariationsofPHsaretheadditivePHandthemultiplicativePH.Thelatterprovidestheprop-ertyek(m1m2)=ek(m1)ek(m2):WellknownexamplesofmultiplicativePHsareRSAandthediscretelogarithmElGamal.AdditivePHsprovidetheprop-ertyek(m1+m2)=ek(m1)ek(m2)andareusefulsincetheycanbeusedtocalculate,e.g.,theaveragevalue.Arstverysimplefamilyofprivacyhomomorphismsaresimplevariationsoftheone-timepadscheme.Anexampleofsuchschemeisek(x)=(x+k)modnThesecurityofsuchschemereliesontheonetimeuseofthekeyandnisapubliclyknownvalue.Althoughthisschemeisprovablysecure,itshouldbecomplementedwithmechanismstocreateasecurekeystreamthatmustbeusedonlyonce.ThisfamilyofPHschemesallowsthecomputationofthesumofencryptedvalues.AlargesubgroupofPHcryptographicalgorithmsisbasedonhighdegreeresiduosity(50).TheseschemesprovidetheadditivePH,butneedverylongkeysthatinturnimplylargemessagesandcomputationeort.In(5)thepropertiesofnitebilineargroupswithcompositeorderareusedinordertoconstructanewschemethatallowstocomputeasinglemultiplicationontheencrypteddata,alongwithanarbitrarynumberofsums.AsymmetricPHschemewithboththeadditiveandthemultiplicativePHproperty,whichmakesitanalgebraicPH,wasintroducedin(18).Itisasymmetricalgorithmthatrequiresthesamesecretkeyforencryptionanddecryption.Theschemegeneratesavectorofdintegersthatsumuptothecleartextvalue;theseintegersarethenmultipliedbythesecretkey,risentoallthepowersintheinterval[1;d].Theag-gregationisperformedwithakeythatcanbepubliclyknown.Thesamesecretkeymustbedistributedtoeverynodeinthenetwork.Themessagesizeisproportionaltotheparameterd,sothatford�100,themessagesbecomeverylarge.Thisschemehasbeenbrokenin(15),whereithasbeenshownthatitispossibletobreaktheschemegivend+1knownplaintexts:weunderlinethatthisassumptioncanbeeasilymetinaWSNsetting,wereitispossibletodeployafakesen-sorthatmeasuresthesamevalueofarightfuloneandinthesametimeeavesdroptheencryptedmessagegeneratedbythe SecureandTrustedin-networkDataProcessinginWirelessSensorNetworks:aSurvey195impossibletocheckifanotherentitydoes.Thesetrepresen-tationisconstructedsolvingasystemoflinearDiophantineequationsusingtheChineseReminderTheorem.In(6)theauthorsproposeamechanismbasedonHiddenVectorEncryption(HVE).ByusingHVEapublickeysystemsupportingqueriesonencrypteddatacanproducetokensfortestinganysupportedquerypredicate.Thetokenletsany-onetestthepredicateonagivenciphertextwithoutlearninganyotherinformationabouttheplaintext.Theproposedso-lutionallowsforcomparisonsandsubsetqueriesaswellasconjunctiveversionsofthesepredicates.6Trustedin-networkdataaggregationAsexplainedinSection3,compromisednodesrepresentabigthreattothesecurityofin-networkdataprocessing.Thechal-lengearisesfromthefactthatsensornodesoftenneedtobelow-costtojustifytheirdeployment,whichmakesitveryhardtosatisfytamper-resistancerequirements.Anattackercouldgaincontroloverasensornodeinastealthywayinordertogeneratefaultydataortoalterthedataprocessing.Thus,onceanodeiscompromised,thesecretmaterialcontainedwithiniscompletelyexposedandusablebytheattacker.Inordertocopewithsuchthreat,afewtrustframeworkshavebeenproposedintheliteraturetodetectbogussensordata.Thisimpliesatrustevaluationofsensordataatacquisitionandaggregationtime:trustreferstothereliabilityandaccu-racyofsensedinformationanditisrelatedtothequalityofthedeliveredsensordata.6.1SensorNodeFailureDetectionWithinaWSN,sensornodesarepronetodierentkindoffailures,suchascrash,omission,timing,valueandarbitraryfailures(61).Crashandomissionimplynoresponsefromthesensortothedataquery.Timingreferstotimeoutduringtheprocessingarequest.Valuefailuredealswithdeliveringincorrectvalueduetomalfunctioningorcompromisedsen-sornodes.Finally,arbitraryfailuresincludeallthetypesoffailuresthatcannotbeclassiedinpreviouslydescribedcat-egories.Forexample,Byzantinefailures(38,35)describeatypeofarbitraryfailuresthatareingeneralcausedbyamali-ciousservicethatnotonlybehaveserroneously,butalsofailstobehaveconsistentlywheninteractingwithotherservicesandapplications.Insensornodefailuredetection,weidentifyself-diagnosis(28)andgroupdetection(36,17,25,42)approaches.Withself-diagnosis,eachnodesdetectitsownfailure,e.g.,basedonbatteryexhaustion.Ingroupdetection,eachnodeinthesameareaissupposedtodeliverasimilarinformation.Agoodex-ampleistemperaturemeasurementinaroom.LetusassumeaWSNapplicationtomeasurethetemperatureinaroom:takingtheaveragevalueprovidedbydierentthermometersinthesameroommakesitpossibletoresistattacksandtoproducesensordatawhichispotentiallymoretrustworthyasthenumberofcontributorsincreases(37).Suchanaiveap-proachhoweverraisesthefollowingissue:ifthetemperaturevaluescollectedare(10;10;11;50),wegetanaverageofover20.Itisobviousthatthelastvalueisawrongone,andthereportedtemperatureshouldbe10.Theusageofanappro-priatestatisticalmethod,e.g.,median,allowsustodetectthat50isanoutlier,andlabelsthesensornodedeliveringthisvalueasunreliable.Nevertheless,thisapproachrequiresalargenumberofsensornodesproducingthesametypeofmeasurements.6.2ReputationSystemTrustworthinessisoftendescribedastheexpectationofco-operativebehavior(22).Itsevaluationisusuallybasedonpreviousexperienceswiththesameparty.Thusanentitycanestablishtrustinitscommunicationpartnerbasedonthelatter'sreputation(58).Themathematicalfoundationsforreputationmanagementarerootedinstatisticsandprobabil-ity(55).Reputationisdenedastheperceptionthatanentityhasofanother'sintentions.Furthermore,reputationisbasedonacollectionofevidenceofgoodandbadbehaviorundertakenbyotherentities.In(22),theauthorsintegratetoolsfromdierentdomainssuchaseconomics,statistics,dataanalysisandcryptographyinordertoestablishtrustworthinessofsensornodes.ThisapproachcapitalizesonBayesianformulationofreputationrepresentation,updates,integrationandtrustevolution.TheauthorsproposeaReputationbasedFrameworkforSensorNetwork(RFSN),whichcancopewithbadmouthingandballotstungattacks.Fortheformer,theauthorsignoreallbadreputationinformationaboutothersnodes,andkeeponlythegoodreputationinformation.Forthelatter,theauthorsproposetointegratethereputationonanodewhenupdatingitsownreputationinformationabouttheothernodes.Thusinthisapproach,onlygoodbehavingnodescangetaccesstoothersnodesinformation.In(9),theauthorsalsoproposeareputationsystembasedonBayesianapproach.Theyclearlydistinguishthereputa-tionfromtrustinsensornodes.Theformerrepresentstheopinionformedbyanodeonanothernodeinasensornet-work.Thelatterrepresentstheopinionformedbyanodeabouthowhonestanothernodeisinthereputationsystem.Inthisapproach,eachnodeisinchargeofmaintainingitsreputationandtrustratingonthenodeofitsinterest(e.g.theonesthatitisinteractingwith).Inaddition,reputationsystems(8,43),originallydesignedforad-hocnetworks,arehardlyapplicabletoWSNduetoresourcerestrictiononsen-sornodes.Inallthoseapproaches,authenticationofsensornodesisrequired.Inordertobindareputationtoasensornode,eachnodehastoauthenticateitself.Moreover,thistypeofapproachdoesnotproposeanysolutionregardingthedeter-minationofreputationfortherstinteractions,whenintro-ducinganewnodeinthesensornetwork.Finally,approachesbasedonreputationsystemaretime-expensive,sincetheyre-quirealotofinteractionbetweensensornodesbeforeestab-lishingastabletrustrelationship.6.3TrustBasedFrameworkWedistinguishbetweenreputationandtrust.Reputationisbasedonpastexperienceswithagivenentity,whereastrustisnotrestrictedtothis.Trustenablestoencompassobjectiveandsubjectivecharacteristicsonanentity.Reputationispartofthesubjectivecharacteristicswhichpermitstodeterminetrust,butnottheonlyone.Thegoaloftrustbasedframeworkforwirelesssensornetworksistoestablishtrustinallsensornodesbasedontheexpectationthattheywilldelivernon-compromiseddata. SecureandTrustedin-networkDataProcessinginWirelessSensorNetworks:aSurvey197[9]SonjaBucheggerandJean-YvesLeBoudec.ArobustreputationsystemforP2Pandmobilead-hocnetworks.InProceedingsoftheSecondWorkshopontheEconomicsofPeer-to-PeerSystems,2004.[10]BusinessWeek.21ideasforthe21stcentury.BusinessWeek,pp78-167,1999.[11]D.W.Carman,P.S.Kruus,andB.J.Matt.Constraintsandapproachesfordistributedsensornetworksecurity.TechnicalReport00-010,NetworkAssociatesInc.,2000.[12]ClaudeCastelluccia,EinarMykletun,andGeneTsudik.Ecientaggregationofencrypteddatainwirelesssensornetworks.InProceedingsoftheSecondAnnualInter-nationalConferenceonMobileandUbiquitousSystems:NetworkingandServices(MobiQuitous),pages109{117,2005.[13]Certicom.Certicomannouncesellipticcurvecryp-tosystemchallengewinner(pressrelease),1997.http://www.certicom.com.[14]HaowenChan,AdrianPerrig,andDawnSong.Securehierarchicalin-networkaggregationinsensornetworks.InProceedingsoftheACMConferenceonComputerandCommunicationsSecurity,pages278{287,2006.[15]JungHeeCheon,Woo-HwanKim,andHyunSooNam.Known-plaintextcryptanalysisoftheDomingo-Ferreral-gebraicprivacyhomomorphismscheme.Inf.Process.Lett.,97(3):118{123,2006.[16]Chee-YeeChongandS.P.Kumar.Sensornetworks:evolution,opportunities,andchallenges.ProceedingsoftheIEEE,91(8):1247{1256,2003.[17]M.Ding,D.Chen,K.Xing,andX.Cheng.Localizedfault-toleranteventboundarydetectioninsensornet-works.InProceedingsofthe24thAnnualJointConfer-enceoftheIEEEComputerandCommunicationsSoci-eties(INFOCOM),2005.[18]JosepDomingo-Ferrer.Aprovablysecureadditiveandmultiplicativeprivacyhomomorphism.InProceedingsofthe5thInternationalConferenceonInformationSecu-rity(ISC),pages471{483,2002.[19]ElenaFasolo,MicheleRossi,JorgWidmer,andMicheleZorzi.In-networkaggregationtechniquesforwirelesssensornetworks:Asurvey.IEEECommunicationMag-azine,April2007.[20]GerhardFrey,MichaelMuller,andHans-GeorgRuck.TheTatepairingandthediscretelogarithmappliedtoellipticcurvecryptosystems.IEEETransactionsonIn-formationTheory,45(5):1717{1719,1999.[21]StevenD.Galbraith,KeithHarrison,andDavidSoldera.ImplementingtheTatepairing.InANTS-V:Proceed-ingsofthe5thInternationalSymposiumonAlgorith-micNumberTheory,pages324{337,London,UK,2002.Springer-Verlag.[22]SaurabhGaneriwalandManiB.Srivastava.Reputation-basedframeworkforhighintegritysensornetworks.InSASN'04:Proceedingsofthe2ndACMworkshoponSecurityofadhocandsensornetworks,pages66{77,NewYork,NY,USA,2004.ACM.[23]PierrickGaudry,FlorianHess,andNigelP.Smart.Con-structiveanddestructivefacetsofWeildescentonellipticcurves.J.Cryptology,15(1):19{46,2002.[24]JohannGroschadl.TinySA:Asecurityarchitectureforwirelesssensornetworks(extendedabstract).InProceed-ingsofthe2ndInternationalConferenceonEmergingNetworkingExperimentsandTechnologies(CoNEXT).ACMPress,2006.[25]G.GuptaandM.Younis.Fault-tolerantclusteringofwirelesssensornetworks.InProceedingsofthe24thAn-nualJointConferenceoftheIEEEComputerandCom-municationsSocieties(INFOCOM),2005.[26]NilsGura,ArunPatel,ArvinderpalWander,HansEberle,andSheuelingChangShantz.ComparingellipticcurvecryptographyandRSAon8-bitCPUs.InProceed-ingsoftheWorkshoponCryptographicHardwareandEmbeddedSystems(CHES),pages119{132,2004.[27]DarrelHankerson,AlfredJ.Menezes,andScottVan-stone.GuidetoEllipticCurveCryptography.Springer-Verlag,2003.[28]S.HarteandA.Rahman.Faulttoleranceinsensornet-worksusingself-diagnosingsensornodes.InIEEEIn-ternationalWorkshoponIntelligentEnviromnent,2005.[29]AlirezaHodjatandIngridVerbauwhede.Theenergycostofsecretsinad-hocnetworks(shortpaper).InProceed-ingsoftheIEEECASWorkshoponWirelessCommu-nicationandNetworking,2002.[30]R.IsmailandA.Josang.Thebetareputationsystem.InProceedingsofthe15thBledConferenceonElectronicCommerce,2002.[31]RobertJohnson,DavidMolnar,DawnXiaodongSong,andDavidWagner.Homomorphicsignatureschemes.InCT-RSA'02:ProceedingsoftheTheCryptographer'sTrackattheRSAConferenceonTopicsinCryptology,pages244{262,London,UK,2002.Springer-Verlag.[32]AudunJsang.Alogicforuncertainprobabilities.Int.J.Uncertain.FuzzinessKnowl.-BasedSyst.,9(3):279{311,2001.[33]T.Kleinjung.DiscretelogarithmsinGF(p)|160dig-its.Nabble-NumberTheoryforumandmailinglistarchive.http://www.nabble.com/Discrete-logarithms-in-GF(p)|{160-digits-t3175622.html.[34]NealKoblitz.Ellipticcurvecryptosystems.MathematicsofComputation,48:203{209,1987.[35]Chiu-YuenKoo.Broadcastinradionetworkstolerat-ingByzantineadversarialbehavior.InPODC'04:Pro-ceedingsofthetwenty-thirdannualACMsymposiumonPrinciplesofdistributedcomputing,pages275{282,NewYork,NY,USA,2004.ACMPress.[36]B.KrishnamachariandS.Iyengar.DistributedBayesianalgorithmsforfault-toleranteventregiondetectioninwirelesssensornetworks.IEEETransactionsonCom-puters,53(3):241{250,2004.[37]SvenLachmund,ThomasWalter,LaurentBussard,Lau-rentGomez,andEddyOlk.Context-awareaccesscon-trol.InProceedingsofthe3rdAnnualInternationalCon- SecureandTrustedin-networkDataProcessinginWirelessSensorNetworks:aSurvey199andTrustsince2001.HereceivedhisengineerdegreeincomputersciencefromEcoleSuperieureenSciencesInforma-tiques,SophiaAntipolis,Francein1999.HiscurrentresearchinterestslieintheareaofsecureintegrationofWirelessSen-sorNetworksintobusinessapplicationandtrustedin-networkdataaggregationandreasoning.KonradWrona(kwrona@ieee.org)Dr.-Ing.KonradWronaiscurrentlyaPrincipalInvestigatoratSAPResearchLabinSophiaAntipolis,France.Hehasovertenyearsofworkexpe-rienceinanindustrial(SAPResearchandEricssonResearch)andinanacademic(RWTHAachenUniversity,MediaLabEurope,andRutgersUniversity)researchanddevelopmentenvironment.HehasearnedhisM.Eng.inTelecommunica-tionsfromWarsawUniversityofTechnology,Polandin1998,andhisPh.D.inElectricalEngineeringfromRWTHAachenUniversity,Germanyin2005.Heisanauthorandaco-authorofovertwentypublications,aswellasaco-inventorofseveralpatents.Theareasofhisprofessionalinterestsincludesecu-rityincommunicationnetworks,wirelessandmobileappli-cations,distributedsystems,applicationsofsensornetworks,andelectroniccommerce.LorenzoOdoricoisanInternatSAPLabsFranceintheDepartmentofSecurityandTrust,whereheiscurrentlywrit-inghisMasterThesis.HereceivedhisBScinComputerSci-encefromPolitecnicodiTorino,Italyin2005,andheex-pectshisMasterinNetworkingandDistributedSystemfromEcolePolytechniquedel'UniversitedeNice-SophiaAntipo-lis,Francein2007,andhisMScinComputerSciencefromPolitecnicodiTorino,Italyin2008.Hiscurrentresearchin-terestslieinthesecurityofWirelessSensorNetworks.