|Texto do anúncio
AdHoc networks composed by resource-constrained devices and WSNs can be deployed in possibly large scale and hostile surroundings. When some nodes fail, as a consequence of exhausted batteries, hardware faults or intrusion attacks, nodes cannot be immediately replaced or easily repaired. Node failure may lead to generalized network partitions, reducing the network availability, thus causing different failures at different levels from the mac-layer to the application-level data processing. The network topology and the auto-organization capabilities should tolerate node-failure to avoid such network partitions. This setting calls for solutions that are autonomously resilient to support new failure and attacker models.
** Trust establishment and intrusion tolerance
Starting from the above challenges there has been recently a considerable interest in the topic of trust establishment and intrusion tolerance techniques for such environments, as a base-strategy to ensure reliability and security conditions. Current intrusion detection and tolerant systems usually generate a large amount of false alerts and cannot fully detect novel attacks or variations of known attacks which are not captured by conventional byzantine models, as currently adopted in large scale distributed systems. In addition, all existing intrusion detection systems focus on low-level attacks or anomalies. None of them can capture the logical steps or strategies behind these attacks in malicious and selfish data-aggregation and intermediary network processing behaviors, which must be the case of large scale MANETs or WSNs.
** Secure Group-Communication and Key-Establishment Protocols
The problem of securing group-based or multicast communications and the need of new key-establishment protocols in energy-constrained network environments are also important topics to support secure and reliable AdHoc and WSNs. This prompts the development of low-cost and energy-aware key exchange and authentication protocols, relyin on symmetric key cryptography or ECC-based asymmetric cryptography. This includes "bootstrapping protocols", that enable devices to establish secure local links with their neighbors in a short time period after the network is deployed. Such mechanism must be complemented with authentication and key-exchange protocols for far nodes, which can be based on secret sharing and communication via disjoint chains of intermediaries, adapted to form different topologies according with different in-network processing settings or trust-base conditions. This vision can provide a tunable degree of intrusion tolerance, with security guarantees even if some network nodes are compromised.
Existing security mechanisms used to protect general computer and network systems are too resource-intensive to be applicable in AdHoc and WSNs. The candidate is expected to focus on developing an integrated vision of two enabling technologies for securing networks of resource-constrained devices: (1) key management and establishment based on randomized cooperative protocols and (2) intrusion tolerance techniques based on complementary pro-active byzantine models.
In this effort, the main objectives will be related with the following issues:
· Firstly, we need to revisit the adversarial models for fault and intrusion tolerance settings in large-scale topology in WSN. This includes physical capture and fake-replication attacks.
· Secondly, we need to evaluate the failure and intrusion tolerance ability of such systems, to establish a base of trust security services. This deals with the key-distribution problem, and with efficient and energy-aware secure communication infrastructure for AdHoc and WSNs.
· Third, it will be necessary to study what topologies are more efficient for tolerating failure and incorrect nodes, while optimizing energy-aware criteria, and taking into account the above adversarial models.
Based on new trust-base conditions and intrusion tolerance mechanisms, the goal will be to support randomized group-oriented key-establishment protocols for secure group-communication and in-network processing capabilities. The candidate will be is expected to collaborate with us on addressing the above issues.
The researcher to be hired is expected to investigate new intrusion tolerance approaches for securing Adhoc networks of resource-constrained devices and WSNs, with a focus on: (1) trust establishment, (2) key management, (3) secure group-oriented in-network processing and (4) integrated intrusion tolerance.
The work environment for both positions will be the Distributed Systems Group of the CITI. More information about the research environment, its members, and the current position call may be found at the CITI website: citi.di.fct.unl.pt.
Applications should include a detailed curriculum vitae, in pdf format and should be sent to:
CITI - Centro de Informatica e Tecnologias da Informação
Faculdade de Ciências e Tecnologia, Universidade Nova de Lisboa
2829-516 Caparica, Portugal
Telephone: +351 212 948 536
Fax: +351 212 948 541
The acceptance of the application and subsequent contract is dependent on the “Fundação para a Ciência e a Tecnologia” final decision