1. KPsec: Secure End-to-End Communications for Multi-Hop Wireless Networks
- Author
-
Gharib, Mohammed, Owfi, Ali, Ghorbani, Soudeh, Gharib, Mohammed, Owfi, Ali, and Ghorbani, Soudeh
- Abstract
The security of cyber-physical systems, from self-driving cars to medical devices, depends on their underlying multi-hop wireless networks. Yet, the lack of trusted central infrastructures and limited nodes' resources make securing these networks challenging. Recent works on key pre-distribution schemes, where nodes communicate over encrypted overlay paths, provide an appealing solution because of their distributed, computationally light-weight nature. Alas, these schemes share a glaring security vulnerability: the two ends of every overlay link can decrypt---and potentially modify and alter---the message. Plus, the longer overlay paths impose traffic overhead and increase latency. We present a novel routing mechanism, KPsec, to address these issues. KPsec deploys multiple disjoint paths and an initial key-exchange phase to secure end-to-end communications. After the initial key-exchange phase, traffic in KPsec follows the shortest paths and, in contrast to key pre-distribution schemes, intermediate nodes cannot decrypt it. We measure the security and performance of KPsec as well as three state-of-the-art key pre-distribution schemes using a real 10-node testbed and large-scale simulations. Our experiments show that, in addition to its security benefits, KPsec results in $5-15\%$ improvement in network throughput, up to $75\%$ reduction in latency, and an order of magnitude reduction in energy consumption., Comment: 20 pages, 10 figures, 3 tables, testbed experiment, exhaustive performance evaluation
- Published
- 2019