Intrusion resilience for unattended devices

In this thesis, we focus on unattended devices (sensors) operating in hostile environments. Securing data accumulated on such devices presents some unique challenges. Once a device is compromised, its data and all secrets can be learned by the adversary. Moreover, if the adversary is mobile, once it releases a compromised device, the device remains "infected'' in the sense that the adversary knows (or can compute) its future secrets. We investigate distributed intrusion-resilient techniques that allow previously compromised devices to gradually recover security.;Our main motivation stems from unattended wireless sensor networks (UWSNs). In a UWSN setting, there is no constantly resent centralized data collection point, i.e., a sink. Instead, UWSN nodes accumulate sensed data until it can be off-loaded to an itinerant sink. The unattended nature of the UWSN makes it an attractive target for mobile adversaries that aim to learn, erase or modify potentially valuable data collected by sensors.;We construct several novel cryptographic primitives and design protocols to provide sensors with self-defense capabilities and the UWSN with the ability to heal itself. We also show how to extend our results to secure logging and intrusion-resilient remote storage.;The main research contributions of this thesis are summarized as follows: (1) New Adversary Model for UWSNs. We argue the adversary model used in prior sensor network security research is not suitable for UWSNs. We propose a new adversary model which takes into account special features of UWSNs and present security challenges that UWSNs face under this model. (2) Forward Secure Sequential Aggregate (FssAgg) Authentication. To authenticate accumulated data on unattended sensors which do not network, we propose the notion of FssAgg authentication which simultaneously achieves forward security and storage/communication efficiency. We construct one MAC scheme and three signature schemes and prove their security. (3) Cooperative Self-healing in UWSNs. To allow sensors to re-gain secrecy of data even after being compromised, we propose two self-healing schemes. In our solutions, sensors help each other to recover secure state. Since the cure comes from peer sensors, the network exhibits an emergent self-healing property. Extensive analysis and simulation results demonstrate the effectiveness of our solutions. (4) A New Approach to Secure Logging. Our analysis shows that existing secure logging systems fail to provide forward secure stream integrity required by secure audit logs. We propose new secure logging schemes which not only provide forward secure stream integrity but also avoid some structural limitations of prior schemes, based on the notion of fssAgg authentication. We also investigate the concept of immutability in the context of FssAgg authentication and extend FssAgg authentication schemes to be immutable to allow finer grained verification of log entries.