• Publications
  • Influence
A key-management scheme for distributed sensor networks
A key-management scheme designed to satisfy both operational and security requirements of DSNs is presented, which relies on probabilistic key sharing among the nodes of a random graph and uses simple protocols for shared-key discovery and path-key establishment, and for key revocation, re-keying, and incremental addition of nodes. Expand
Distributed detection of node replication attacks in sensor networks
It is shown that emergent algorithms represent a promising new approach to sensor network security; moreover, the results naturally extend to other classes of networks in which nodes can be captured, replicated and re-inserted by an adversary. Expand
TrustVisor: Efficient TCB Reduction and Attestation
TrustVisor is presented, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application that has a very small code base that makes verification feasible. Expand
The Crossfire Attack
We present the Crossfire attack -- a powerful attack that degrades and often cuts off network connections to a variety of selected server targets (e.g., servers of an enterprise, a city, a state, orExpand
MiniSec: A Secure Sensor Network Communication Architecture
A publicly available implementation of MiniSec is presented, one tailored for single-source communication, and another tailored for multi-source broadcast communication, that scales to large networks. Expand
On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks
This paper proposes a framework for data-centric trust establishment: first, trust in each individual piece of data is computed; then multiple, related but possibly contradictory, data are combined; finally, their validity is inferred by a decision component based on one of several evidence evaluation techniques. Expand
On the distribution and revocation of cryptographic keys in sensor networks
An overview of key-distribution methods in sensor networks and their salient features are presented to provide context for understanding key and node revocation and define basic properties that distributed sensor-node revocation protocols must satisfy. Expand
Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure
This paper proposes AKI as a new public-key validation infrastructure, to reduce the level of trust in CAs, and proposes an architecture for key revocation of all entities through checks-and-balances. Expand
On the formal definition of separation-of-duty policies and their composition
It is concluded that the practical implementation of SoD policies requires new methods and tools for security administration, even within applications that already support RBAC, such as most database management systems. Expand
On Trust Establishment in Mobile Ad-Hoc Networks
It is argued that peer-to-peer networks are especially suitable to solve the problems of generation, distribution, and discovery of trust evidence in mobile ad-hoc networks, and the importance of evaluation metrics in trust establishment is illustrated. Expand