Five Significant Publications

[2] Issa Khalil, Saurabh Bagchi, and Ness B. Shroff, “LITEWORP: A Lightweight Countermeasure for the Wormhole Attack in Multihop Wireless Networks,” International Conference on Dependable Systems and Networks (DSN), pp. 612-621, Yokohama, Japan, June 28 - July 1, 2005. (Acceptance rate: 24/115 = 20.9%)

[ Paper in pdf ]

Problem Statement: We were looking at the security problem in wireless networks, specifically targeted to multi-hop wireless networks. This was important in the realm of ad hoc and sensor networks and has seen a resurgence of interest with embedded devices that form parts of the cyber physical systems that are supposed to surround us. The open nature of the wireless communication, the fast deployment practices, and the fact that these networks are deployed in areas that are not physically secured, make them vulnerable to a wide range of security attacks against both control and data traffic. These attacks could involve eavesdropping, message tampering, or identity spoofing, that have been addressed by customized cryptographic primitives in the wired domain. Alternately, the attacks may be targeted to the control or the data traffic in wireless networks, such as the blackhole attack and the rushing attack. Since many multihop wireless environments are resourceconstrained (e.g., bandwidth, power, or processing), providing detection and countermeasures to such attacks often turn out to be more challenging than in wired networks. Many of the attacks could be launched without compromising the cryptographic protocols or accessing the keys.

Contribution of Paper: This paper unveiled the concept of behavior-based detection, which is based on observing patterns in the behavior of neighboring nodes and flagging anomalous patterns. The notion of behavior is related to communication activities such as forwarding packets or non-communication activities such as reporting sensed data. A fundamental primitive of behavior-based detection is Local Monitoring, which was also developed in this paper. This primitive has subsequently been used in academia and industry for wireless security protocols. For systems where consensus is important, the node detecting the attack through local monitoring initiates a distributed protocol to disseminate the alarm. Our work led to a patent, cited now in tens of other patents, founding of a startup company from our lab (SensorHound), and a commercial offering of a long-running (2005-15) secure metropolitan-wide wireless network in South Bend, Indiana.