Developments in the computer and communication technology have brought a new dimension to the Information Age. Real-time exchange of information regardless of location and distance has greatly increased both the pace of business and the number of ways in which we communicate. The widespread availability and transmission of such information demands new approaches in cryptography. The objective is to build secure and reliable networks out of less secure and less reliable resource constrained devices. Our work spans the range from theoretical cryptography to applications; including significant research efforts in development of new cryptographic primitives, cryptanalysis, and applications from wireless and ad-hoc (sensor) networks to delay-tolerant (DTN) and space-time networks.

Multivariate Public Key Cryptography

It is very desirable to have practical cryptosystems based on problems other than the handful of NP-hard assumptions (the difficulty of the discrete logarithm and factorization) currently in use. This way we would be in a safer state against possibilities such as the emergence of an efficient algorithm for factoring or computing discrete logs. Therefore, the prohibitive cases of common security solutions for resource limited devices, on the one hand, and the need for cryptosystems based on other NP-hard problems, on the other, motivated us to propose cryptosystems using paraunitary transforms. Our research at Georgia Tech has shown that multivariate cryptography based on paraunitary transforms over finite fields promises a framework for new approaches to cryptography (which relies on the NP-hard problem of solving systems of polynomial equations). This framework has combined the ease of analysis and low computational complexity of paraunitary transforms with the security of multivariate cryptography to obtain a new paraunitary public-key scheme that is particularly realizable on constrained devices. Such a framework has great potential to provide secure and efficient solutions to other problems such as digital signatures, and hash functions.

Wavelet Block/Stream Cipher

The growth of the computing technology has stimulated phenomenal development in pervasive computing. However, pervasive computing has pervasive problems. The widespread availability and transmission of information makes security and privacy as one of the most crucial issues of today's networks. Strong encryption systems are crucial in stopping hackers from listening to cellular voice and stealing credit card numbers, medical records, and other sensitive information from networks.Our team effort is aimed at developing new symmetric key primitives that are particularly suitable for handheld and resource constrained devices (PDA's, two-way paging, sensors, etc.). In the design of security for resource limited devices, we must consider their low power, strict processing requirements and storage limitations. We present a new private key cryptosystem based on the finite-field wavelet. The encryption and decryption are performed by the synthesis and analysis banks of the nonlinear finite-field wavelet transform, whose filter coefficients are determined by the keys of the users. The proposed cryptographic system can operate in either stream-cipher or block-cipher modes depending on whether the filter banks perform linear or circular convolution. The proposed block cipher system has a key length of 16 symbols (128 bits) and an input block size of 30 symbols (240 bits) from GF(256). Our results suggest that the wavelet block cipher has comparable computational complexity to AES and approximately half the complexity of DES. The security is tied to the length of the wavelet basis function and to the nonlinearity within the wavelet transform. We study the security of the wavelet cryptosystem in response to classical attacks and those specific to this algorithm, particularly those which use variations of divide and conquer, interpolation attack, and discrete Fourier transform techniques.

Random Key Pre-Distribution

Key management is critical in establishing pairwise keys necessary for confidentiality. However, key management is difficult due to the ad-hoc nature, random deployment, intermittent connectivity, and resource limitations of the sensor nodes. The most suitable key agreement scheme is key pre-distribution for sensor networks, where some key information is placed in the nodes prior to node deployment. Recently, a number of random key pre-distribution schemes have been proposed, wherein each node before deployment is loaded by a subset of a large key pool. A shared-key discovery phase takes place during the initialization in the operation environment where every node discovers its neighbors within the wireless communication range with which it shares a key. A link exists between two nodes only if they share a key (from their stored key ring). If a link exists between two nodes, all communication on that link is secured by link encryption. This key pre-distribution scheme is extremely simple and apt for sensor-node computation and communication limitations. In this work, we propose a multivariate key pre-distribution scheme to provide the link security. We also provide a new, more accurate model and a framework in which many properties (such as connectivity, latency, average path length) of the random key management scheme and networking of sensors can be studied. Using this framework, we then study malicious attacks and optimize the scheme to minimize the threats of these attacks.

Data Authenticity and Availability

Compared to traditional networks, ad-hoc wireless sensor/actuator networks pose new challenges in designing security services. They are more vulnerable to various types of intrusions and malicious attacks due to the constraints of nodes, the lack of infrastructure and multihop data transfer. In these types of networks, an adversary can simply compromise one or more sensor nodes, and then use them as an insider to mount several types of attacks. The major attacks that we will focus in this research are false data injection, data drop, and noise injection. The required security services which prevent the above attacks are data/sender authentication and data availability. We study both unicast and multicast scenarios. We take a random coding approach to jointly solve for packet authentication and availability.