Award Abstract # 0953600
CAREER: Protecting against Layer-Violating Attacks in Wireless Networks

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: UNIVERSITY OF ILLINOIS
Initial Amendment Date: February 19, 2010
Latest Amendment Date: July 12, 2016
Award Number: 0953600
Award Instrument: Continuing Grant
Program Manager: Nina Amla
namla@nsf.gov  (703)292-7991
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: August 1, 2010
End Date: July 31, 2017 (Estimated)
Total Intended Award Amount: $475,920.00
Total Awarded Amount to Date: $475,920.00
Funds Obligated to Date: FY 2010 = $90,380.00
FY 2011 = $92,780.00
FY 2012 = $193,080.00
FY 2014 = $99,680.00
History of Investigator:
  • Yih-Chun Hu (Principal Investigator)
     yihchun@uiuc.edu
Recipient Sponsored Research Office: University of Illinois at Urbana-Champaign
 506 S WRIGHT ST
 URBANA
 IL  US  61801-3620
(217)333-2187
Sponsor Congressional District: 13
Primary Place of Performance: University of Illinois at Urbana-Champaign
 506 S WRIGHT ST
 URBANA
 IL  US  61801-3620
Primary Place of Performance
Congressional District:		 13
Unique Entity Identifier (UEI): Y8CWNJRCNN91
Parent UEI: V2PHZ2CSCH63
NSF Program(s): Special Projects - CNS,
TRUSTWORTHY COMPUTING,
Secure &Trustworthy Cyberspace
Primary Program Source: 01001011DB NSF RESEARCH & RELATED ACTIVIT
01001112DB NSF RESEARCH & RELATED ACTIVIT
01001213DB NSF RESEARCH & RELATED ACTIVIT
01001415DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 1045, 1187
Program Element Code(s): 171400, 779500, 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

The PI is developing bottom-up mechanisms for securing wireless networks against a class of "layer-violating" attacks. In a layer-violating attack, the attacker uses protocol behavior at one layer of the network stack to compromise a secure protocol at a different layer. Such layer-violating attacks often can span from the physical layer all the way to the transport layer. In the PI's approach, each layer interlocks with the higher layer, relying on the security properties guaranteed by the lower layer to provide security properties to the next higher layer, resulting in a protocol stack that is resilient to layer-violating attacks. The PI's efforts focus on four important security properties: availability against jamming, fairness, routing, and privacy.

The outcomes of this research will be:
- A protocol stack secure against jamming at all layers, ensuring a specific level of performance despite the presence of an adversarial attacker
- A protocol stack that provides fairness regardless of attacks at any layer, and specifies the types of fairness achievable against a cross-layer adversarial attacker
- A results-oriented routing protocol that provides reliable performance assurances against attacks at any layer
- A protocol stack that provides privacy across all layers of the network stack, ensuring minimal leakage of privacy-sensitive information.

The PI is also revising the introductory programming curriculum in the ECE department; one aspect of this revision is an emphasis on safe and secure code writing. The PI is also working to develop a middle-school-level curriculum to encourage underprivileged groups to pursue engineering education.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Hao Wu and Yih-Chun Hu "Location Privacy with Randomness Consistency" Proceedings on Privacy Enhancing Technologies (PETS 2016) , 2016
Jagadeesh Harshan, Sang-Yoon Chang, and Yih-Chun Hu "Insider-Attacks on Physical-Layer Group Secret-Key Generation in Wireless Networks" Proceedings of the 2017 IEEE Wireless Communications and Networking Conference , 2017
Sang-Yoon Chang, Yih-Chun Hu, and Nicola Laurenti "SimpleMAC: A Simple Wireless MAC-Layer Countermeasure to Intelligent and Insider Jammers" IEEE/ACM Transactions on Networking , v.24 , 2016 , p.1095
Sang-Yoon Chang, Yih-Chun Hu, and Nicola Laurenti "SimpleMAC: A Simple Wireless MAC-Layer Countermeasure to Intelligent and Insider Jammers" IEEE Transactions on Networking (ToN) , 2016
Taeho Lee, Christos Pappas, Adrian Perrig, Virgil Gligor, and Yih-Chun Hu "The Case for In-Network Replay Suppression" Proceedings of the 12th annual ACM Symposium on InformAtion, Computer and Communications Security , 2017 , p.862
Zhuotao Liu, Hao Jin, Yih-Chun Hu, and Michael Bailey "MiddlePolice: Toward Enforcing Destination-Defined Policies in the Middle of the Internet" Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS 2016) , 2016

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

This project has results in a number of separate areas.

In the area of MAC-aware attack mitigation, we develop a protocol that converges to optimal performance against both false reservations and MAC-aware jamming. In particular, against false reservations, we ensure that the long-term average power-spectral density is constant regardless of attacker reservations; in other words, attackers that do not use their reserved bandwidth have that bandwidth reclaimed by legitimate users. Against MAC-aware jamming, we transmit jamming-relevant information only to nodes that actively avoid reserved bandwidth-time slots. We also examined false channel reporting, where a user misreports his channel status, resulting in degraded performance for other network users.

In the area of cognitive radio, where secondary users use license bands that are unused by licensed (primary) users, we developed a new spectrum sensing technique based on Hermetian inner product which can detect primary user transmissions well below the noise floor.

In the area of health device security, we examined the claim in the literature that the electrocardiograph (ECG) signal would provide an accessible and secure key-generation source for same-body detection in body area networks. We discovered that many parts of the body do not receive ECG signals at sufficient signal strength to allow for good key generation. We developed an alternative approach, based on galvanic coupling below the action potential, to allow devices in contact with a body to share a key.

In the area of Internet security using application-layer information, we developed MiddlePolice, a cloud-based DDoS-mitigation approach that combines the in-cloud filtering of existing commercial approaches, together with a mechanism called “capabilities” in the academic approaches, to create an in-cloud, destination-driven enforcement of per-flow bandwidth allocations. MiddlePolice can enforce a wide variety of destination-specified policies with a single mechanism, and each destination can choose the traffic that it wishes to prioritize.

Finally, we developed Origin and Path Trace, which allows for per-packet hop-by-hop authentication of the origin and authentication of intermediate routers at line speed. Our key technique is the dynamically recreatable key: a key that can be created quickly at the router and shared with each source. This key can then be recreated on a per-packet basis at the router at speeds approaching a hundred gigabits on a commodity CPU.


Last Modified: 09/19/2017
Modified by: Yih-Chun Hu

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top