APPROVAL SHEET TitleofDissertation: AHolisticApproachtoSecureSensorNetworks NameofCandidate: SasikanthAvancha DoctorofPhilosophy,2005 DissertationandAbstractApproved: Dr.AnupamJoshi Professor DepartmentofComputerScienceand ElectricalEngineering DateApproved: CURRICULUM VITAE Name: SasikanthAvancha. PermanentAddress: 4776DraytonGreen,BaltimoreMD21227. Degreeanddatetobeconferred: DoctorofPhilosophy,2005. DateofBirth: February8,1972. PlaceofBirth: Chennai,India. Collegiateinstitutionsattended: (cid:0) UniversityVisvesvarayaCollegeofEngineering, BachelorofEngineering,ComputerScience&Engineering,1994. (cid:0) UniversityofMaryland,BaltimoreCounty, MasterofScience,ComputerScience,2002. (cid:0) UniversityofMaryland,BaltimoreCounty, DoctorofPhilosophy,ComputerScience,2005. Major: ComputerScience. Professionalpublications: (cid:0) S.Avancha,J.Undercoffer,A.JoshiandJ.Pinkston,SecurityforWirelessSensorNetworks,Chapter 12inWirelessSensorNetworks(C.S.Raghavendra,K.M.SivalingamandT.Znatieds.),May2004. (cid:0) S.Avancha,D.Chakraborty,F.PerichandA.Joshi,DataandServicesforMobileComputing, PracticalHandbookofInternetComputing,(MunindarSinghed.),CRCPress,November2004. (cid:0) S.Avancha,J.Undercoffer,A.JoshiandJ.Pinkston,SecureSensorNetworksforPerimeter Protection,ComputerNetworks(Elsevier),Vol.43,No.4,November2003. (cid:0) S.Avancha,P.D’Souza,F.Perich,A.JoshiandY.Yesha,P2PM-CommerceinPervasive Environments,ACMSIGecomExchanges,Vol.3,No.4,January2003. (cid:0) S.Avancha,V.Korolev,A.Joshi,T.FininandY.Yesha,OnExperimentswithaTransportProtocolfor PervasiveComputingEnvironments,ComputerNetworks(Elsevier),Vol. 40,No.4,November2002. (cid:0) L.Kagal,V.Korolev,S.Avancha,A.Joshi,T.FininandY.Yesha,Centaurus:AnInfrastructurefor ServiceManagementinUbiquitousComputing,WirelessNetworks(Kluwer),Volume8,No.6, November2002. (cid:0) T.Finin,A.Joshi,L.Kagal,O.Ratsimor,S.Avancha,V.Korolev,H.Chen,F.PerichandR.Scott Cost,IntelligentAgentsforMobileandEmbeddedDevices,InternationalJournalofCooperative InformationSystems,Vol. 11,Nos.3&4,Sept./Dec.2002. (cid:0) S.Avancha,A.JoshiandT.Finin,EnhancedServiceDiscoveryinBluetooth,IEEEComputer,Vol. 35, No.6,June2002. (cid:0) S.Avancha,C.Patel,A.Joshi,Ontology-drivenAdaptiveSensorNetworks,InProc.TheFirstAnnual InternationalConferenceonMobileandUbiquitousSystems:NetworkingandServices,August2004. (cid:0) F.Perich,S.Avancha,D.Chakraborty,A.JoshiandY.Yesha,Pro(cid:2)leDrivenDataManagementin PervasiveEnvironments,InProc.13thInternationalWorkshoponDatabaseandExpertSystems Applications,September2002. (cid:0) B.Bethala,A.Joshi,D.Phatak,S.AvanchaandT.Goff,SimulationofaCommonAccessPointfor Bluetooth,802.11andWiredLANs,InProc.InternationalConferenceonParallelandDistributed ProcessingTechniquesandApplications,June2002. (cid:0) S.Avancha,D.Chakraborty,H.Chen,L.Kagal,F.Perich,T.FininandA.Joshi,IssuesinData ManagementforPervasiveEnvironments,InProc.NSFWorkshoponContextAwareMobile DatabaseManagement(CAMM),January2002. (cid:0) D.Chakraborty,F.Perich,S.AvanchaandA.Joshi,AnAgentDiscoveryArchitectureusingRonin andDReggie,InProc.1stGSFC/JPLWorkshoponRadicalAgentConcepts(WRAC),January2002. (cid:0) D.Chakraborty,F.Perich,S.AvanchaandA.Joshi,DReggie:SemanticServiceDiscoveryfor M-CommerceApplications,InProc.WorkshoponReliableandSecureApplicationsinMobile Environments,inconjunctionwith20thSymposiumonReliableDistributedSystems,October2001. (cid:0) S.Avancha,V.KorolevandA.Joshi,TransportProtocolsinWirelessNetworks,InProc.10thIEEE InternationalConferenceonComputerCommunicationsandNetworks,September2001. (cid:0) S.Avancha,D.Chakraborty,D.Gada,T.KamdarandA.Joshi,FastandEf(cid:2)cientHandoffScheme usingForwardingPointersandHierarchicalForeignAgents,InProc.ConferenceonDesignand ModelingofWirelessNetworks,ITCom,August2001. (cid:0) S.Avancha,J.Undercoffer,A.JoshiandJ.Pinkston,AClusteringApproachtoSecureSensor Networks,UMBCTechnicalReportTR-CS-04-01,January2004 (cid:0) S.Avancha,A.JoshiandJ.Pinkston,OnSelf-OrganizationandSecurityinDistributedWireless SensorNetworks,UMBCTechnicalReportTR-CS-04-03,April2004 (cid:0) S.Avancha,A.JoshiandJ.Pinkston,SWANS:AFrameworkforAdaptiveWirelessSensorNetworks, UMBCTechnicalReportTR-CS-05-01,March2005 Professionalpositionsheld: (cid:0) GraduateResearchAssistant(August2000-Present). DepartmentofComputerScienceandElectricalEngineering,UniversityofMaryland,Baltimore County (cid:0) GraduateResearchIntern(February2002-May2002). FujitsuLabsofAmerica,Inc. (cid:0) GraduateResearchAssistant(August1999-August2000). DepartmentofDiagnosticRadiology,UniversityofMarylandSchoolofMedicine (cid:0) SeniorSoftwareEngineer(September1997-July1997). PeritusSoftwareServices,Inc. (cid:0) SystemsEngineer(February1996-September1997). BFLSoftwareLtd.,Bangalore,India (cid:0) ProjectAssistant(November1994-February1996). IndianInstituteofScience,Bangalore ABSTRACT TitleofDissertation: AHolisticApproachtoSecure SensorNetworks SasikanthAvancha,DoctorofPhilosophy,2005 Dissertationdirectedby: Dr.AnupamJoshi Professor DepartmentofComputerScienceand ElectricalEngineering Wirelesssensornetworks(WSNs) formauniqueclass ofadhocnetworksconsisting ofheterogeneous but highly resource-constraineddevices that can sense their environment and report sensed data to desig- natednodesinthenetwork. We presenta holisticapproachtoimprovetheperformanceofwireless sensor networkswithrespecttosecurity,longevityandconnectivityunderchangingenvironmentalconditions. Our approachis two-fold: Wehavecreatedaframeworkforadaptabilitythatdetects,classi(cid:2)es andrespondsto environmentalvariations affectingWSN performance. We have also designedsecuritymechanisms in our frameworktodemonstrateWSNadaptations.Oursecuritymechanismscanbeusedasbasicbuildingblocks inWSNdesigns. TheadaptabilityframeworkisgenericandensuresthatWSNscanrespondtoavarietyof changesinenvironmentalconditions,suchas variationsrelatedtosecurityandnetworktopology,affecting theirperformance. Wehavedesignedatwo-tieradaptabilitycomponent,SWANS,usingaprincipled,ontologicalapproach toensurebothlocalandglobalresponsestoenvironmentalvariations. Localresponsesaregeneratedbyin- dividualsensornodes. Atnodelevel,SWANSmonitorsasetoftwenty-onelow-levelparameters(including thoseassociatedwithsecureWSNestablishment)andemploysalocalknowledgebasetocomputethenode’s logical state. It employsa set of rules determine the most appropriateresponsecorrespondingto a logical state. At networklevelSWANS combinessensor nodestate informationwith user-de(cid:2)nedconstraintsand sensordata.Itemploysanetwork-levelknowledgebasetocomputethenetwork’slogicalstateandgeneratea globalresponsetotheobservedenvironmentalvariation.ExperimentalevaluationsshowthatWSNsemploy- ingSWANSaremoresecure,livelongerandhavebetterconnectivitythantheirnon-adaptivecounterparts. Wealsodesignedasetofthreesecurityprotocolsuites,SONETS,thatsecuresaWSNagainstdifferent classesofadversaries. P-SONETSisacentralizedprotocolsuitethatsecuresWSNsdeployedtoestablisha perimeteraroundhighvalueassetsagainstadversarieswhoseektobreachtheperimeterandattacktheasset. C-SONETSisascalablecentralizedprotocolsuitecontaininganoveltopologydiscoveryandkeysetuppro- tocoltothwartadversarieswithglobalpresenceintheareaofinterestcapableofattackingtheWSNbefore, duringandafteritsformation. D-SONETSisadistributedprotocolsuitethatensuresrapidestablishmentof asecureWSNfornon-criticalapplicationsinwhichadversarypresenceislocal. Experimentalevaluationsof P-SONETS,C-SONETSandD-SONETSshowtheirfeasibilitytotheassociatedapplicationclassandtheir abilitytothwartadversariescorrespondingtoeachclass. A Holistic Approach to Secure Sensor Networks by SasikanthAvancha DissertationsubmittedtotheFacultyoftheGraduateSchool oftheUniversityofMarylandinpartialful(cid:2)llment oftherequirementsforthedegreeof DoctorofPhilosophy 2005 In memory of my mother ii First, I would like to thank and acknowledge my brother Ravikanth and my father for their constant encouragementandsupportduringthisendeavor. IwouldalsoliketothankAnupamJoshi,myadviser,for hisguidanceandsupport.Mycommitteemembers,TimFinin,JohnPinkston,KrishnaSivalingam,Jonathan Agre and Prathima Agrawal have my heartfelt thanks for their priceless intellectual contributions. To my friendsandcolleagues: JeffreyL.Undercoffer,FilipPerich,DipanjanChakrabortyandVladimirKorolev(cid:150) ourcollaborativeeffortshelpedshapeideasinthisresearch. iii