OLIVEIRA LAYOUT
3/24/08
2:16 PM
Page 96
SECURITY IN MOBILE AD HOC AND SENSOR NETWORKS
Secure Localization Algorithms for Wireless Sensor Networks Azzedine Boukerche, University of Ottawa Horacio A. B. F. Oliveira, University of Ottawa, Federal University of Minas Gerais, and Federal University of Amazonas Eduardo F. Nakamura, Federal University of Minas Gerais and FUCAPI Antonio A. F. Loureiro, Federal University of Minas Gerais
ABSTRACT In the military and emergency preparedness class of applications, wireless sensor networks have a number of desirable characteristics, such as being autonomous systems that can be deployed in a remote — possibly hostile — environment and can perform tasks like battlefield surveillance or enemy tracking, as well as monitor the security of military facilities. One of the main challenges in this kind of application is security. Due to their key role in WSNs and also their fragility, localization systems can be the target of an attack that could compromise the entire functioning of a WSN and lead to incorrect military plans and decision making, among other problems. In this article we show how current localization systems are vulnerable to these security attacks, and how existing techniques can be used to prevent or impede these attacks in WSNs.
INTRODUCTION
This work was partially supported by NSERC Strategic and Discovery Grants, Canada Research Chairs Program, Early Researcher Award, Ontario Distinguished Researcher Award, and by the Brazilian research council (CAPES).
96
Wireless sensor networks (WSNs) [1–3] are composed of a large number of sensor nodes that cooperate among themselves to monitor an area of interest. This type of network has become popular due to its wide applicability in many different areas, such as the environmental, medical, industrial, and military fields. In the case of military applications, WSNs have a number of desirable characteristics such as being autonomous systems that can be deployed in a remote — possibly hostile — environment and their ability to perform tasks like battlefield surveillance or enemy tracking, as well as monitor the security of military facilities. One of the main challenges in this kind of application is security. We must avoid attacks on networks located in hostile environments, as well as attacks to sensor networks that monitor the security of military facilities.
0163-6804/08/$25.00 © 2008 IEEE
Several physical properties can be monitored by a WSN: temperature, humidity, pressure, ambient light, and movement. Usually, the collected information and sensor nodes must be localized in space to identify the location of an event. This positioning is accomplished using a localization system. Localization systems are a key part of WSNs, because they not only locate events but can also be used as the base for routing, density control, tracking, and a number of other protocols. Due to their key role in WSNs, localization systems can be a target of an attack that could compromise the entire functioning of a WSN and lead to incorrect military plans and decision making, among other problems. In this article we show how current localization systems are vulnerable to these security attacks. Also, we show techniques to prevent such attacks or make them difficult to perform in WSNs. The remainder of this article is organized as follows. In the next section we briefly present an overview and definition of a secure localization system. We identify the vulnerabilities to which localization systems are exposed, and describe techniques used to eliminate these vulnerabilities. Finally, we present our conclusions and future directions for secure localization systems.
PROBLEM STATEMENT Before defining secure localization systems, we first take a look at some general concepts and definitions used in normal localization systems. From the viewpoint of localization systems, we basically have two types of nodes: regular nodes and beacons. Regular nodes, also known as unknown, free, or dumb nodes, refer to nodes in the network that have no knowledge of their position and no special hardware to acquire this information. Beacon nodes, also known as landmarks, anchors, or locators, are nodes that do not require a localization system to estimate
IEEE Communications Magazine • April 2008
Authorized licensed use limited to: National Chung Cheng University. Downloaded on January 12, 2009 at 02:31 from IEEE Xplore. Restrictions apply.
OLIVEIRA LAYOUT
3/24/08
2:16 PM
Page 97
their physical positions; in fact, they form the base of these systems. Their position is obtained by manual placement or external means such as a global positioning system (GPS). Therefore, in a localization system we want to solve the following problem: given a multihop network and a set of beacon nodes with their known positions, we want to find the position (e.g., latitude, longitude) of regular nodes based on available information. Localization systems can be divided into three distinct components (Fig. 1): • Distance/angle estimation: This component is responsible for estimating information regarding the distances and/or angles between two nodes. Recognized techniques used in this component include received signal strength indicator (RSSI), time [difference] of arrival (ToA/TDoA), number of hops, or angle of arrival (AoA). • Position computation: This component is responsible for computing the position of a node based on available information about the distances/angles and positions of reference nodes. Some techniques used to compute a position include trilateration, multilateration, or triangulation. • Localization algorithm: This is the main component of a localization system. It determines how the available information will be manipulated to enable most or all of the nodes of the WSN to estimate their positions. It is a distributed and usually multihop algorithm. Some known algorithms include the Ad Hoc Positioning System (APS) [4] and Directed Position Estimation (DPE) [1]. To be deployed in hostile environments, WSNs require a secure localization system, in which we must solve the localization problem but also must be aware that we are in the presence of compromised nodes — malicious nodes or network nodes that have been corrupted by a malicious code — and/or a compromised environment — where hostiles can change the characteristics of an environment and also could have physical access to nodes.
FRAGILITY OF CURRENT LOCALIZATION SCHEMAS Localization systems can be attacked in a number of different ways. In the last section we saw how localization systems can be divided into components and how these components are strongly connected. Any small misbehavior in any of these components can greatly affect the localization system. For instance, a malicious erroneous distance estimation can cause a position miscomputation that will be propagated to the localization algorithm and will probably cause a major localization error for the sensor nodes. Due to the strong relationship between them, any of these components can be used to attack a localization system, making these systems very fragile and hard to secure. In the next sections we discuss each component of a localization system, showing to which type of attacks each is vulnerable.
Distance estimation
Position computation
Localization systems
Localization algorithm
■ Figure 1. The division of localization systems into three distinct components.
ATTACKS ON DISTANCE/ANGLE ESTIMATION Distance estimations can be based on signal strength, time of arrival, or hop count analysis. In the first case a compromised node can send a packet with greater or reduced transmission power to make neighboring nodes think it is nearer or farther away than it really is. In the second case the transmission time of a packet can be delayed, causing problems to both ToA- and TDoA-based systems. Hop-count-based distance estimations can be confused by compromised nodes that advertise erroneously computed hop counts. In fact, since it is a multihop algorithm, hop count estimations can also be affected by attacks to the localization algorithm. In a compromised environment, both signal strength and ToA techniques can be targeted by changing the physical medium, for example, by introducing noise, obstacles, or smoke. Also, AoA-based systems can be compromised by deploying magnets in the sensor field.
ATTACKS ON POSITION COMPUTATION To compute a position, a node requires at least three distance estimations and three known positions. Any attack on distance estimations, as shown in the last section, has the main goal of affecting position computation. However, some attacks can affect position computation directly by advertising incorrect known positions. An incorrect advertised position can lead to erroneous position computation even when the distance is correctly estimated. In this case a compromised node can send not only its own packet with a wrong position, but also send additional packets as if it was a different node(s) in a different location(s). In a compromised environment a GPS signal can be jammed, making it erroneous or making it impossible for beacon nodes to estimate their positions.
ATTACKS ON THE LOCALIZATION ALGORITHM Attacks on distance estimation and position computation components are attacks specific to localization systems. However, the third component of a localization system, the localization algorithm, shares the same kind of vulnerabilities associated with other distributed systems, because it is a distributed and usually multihop algorithm. For instance, some of these attacks include sybil, replay, and wormhole.
IEEE Communications Magazine • April 2008 Authorized licensed use limited to: National Chung Cheng University. Downloaded on January 12, 2009 at 02:31 from IEEE Xplore. Restrictions apply.
97
OLIVEIRA LAYOUT
3/24/08
2:16 PM
Page 98
Beacon node
Normal node
Compromised node
14 9 12
8
(x1,y1) 6
(x1,y1)
7
6
8
8 1 6 (x1,y1) (x1,y1)
Wormhole 12 13
16
(x1,y1) 18
7
13 7
15 (a)
17
(x1,y1)
(x1,y1)
11
10
9
9 1
(b)
15
14
(c)
■ Figure 2. Attacks on localization algorithms: a) sybil; b) replay; c) wormhole.
Sybil attacks: In this type of attack a malicious node makes it appear that it is a set of different nodes and starts sending erroneous information. This erroneous information can be distance estimations, positions, number of hops, or nonexistent nodes or beacons. Figure 2a illustrates this attack when node 6 also claims to be nodes 12–15. Replay attacks: In a replay attack a compromised node stores a received packet (e.g., from a beacon node) and then resends the same packet later. Since it is a copy of the original packet, neighboring nodes incorrectly deduce that the malicious node is the node that sent the original packet (Fig. 2b). In this case, because distance estimation is performed based on the compromised node whereas the position in the packet is based on the original node, position computation is affected. Both signal strength and time-based distance estimations are affected, because the packet sent by the compromised node will have a different signal strength and different propagation time. Wormhole attacks: In this case the information received by one malicious node on one side of the network is sent and replicated by another malicious node on the other side of the network. The multihop path between these two attackers is a wormhole in the sense that a packet arriving on one side is transported and received on the other side of the network, appearing as if it came from a neighboring node. This attack is illustrated in Fig. 2c. This type of attack can greatly disrupt an insecure localization system by putting totally different and erroneous reference points in the position computations.
EXAMPLES IN CURRENT INSECURE SOLUTIONS The APS [4] is a distributed multihop localization system that computes the average size of a hop and uses this information in the multilateration process. In this localization system compromised beacon nodes can report wrong positions and a wrong average hop size, causing an erroneous position computation for the nodes. Compromised regular nodes can perform a sybil attack to act like beacons, as well as a replay or wormhole attack. In the last two cases the number of hops will be incorrect, which will cause a wrong estimation of the average size of a hop
98
and also result in an erroneous position computation for the nodes. In recursive position estimation (RPE) [3], estimated positions are broadcast to help other nodes estimate their position as well. A similar algorithm is the DPE [1], which uses a recursion with a direction. This kind of algorithm is more subject to security problems, because the miscomputation or hostile advertisement of a single wrong position will be used in the computation of another position that will in turn be used to compute another position, until all nodes have an incorrect estimation. As an example, a hostile node can perform a replay attack by replicating a received position. Neighboring nodes will estimate their distance to the hostile node while using the position in the replicated packet, which will start an error propagation that will increase at each localization round. The APIT algorithm [2] uses triangles formed by three beacon nodes, and a node decides if it is inside or outside these triangles by comparing its signal strength measurements with the measurements of its neighbors. In the presence of a wormhole, a node can always think it is outside the triangles, because it will receive packets from distant nodes that seem to be coming from neighbors.
TECHNIQUES FOR SECURE LOCALIZATION Several secure localization systems have been proposed in the last few years to provide the secure positioning of nodes in hostile and military applications of WSNs. Most of these solutions achieve security by using cryptography, detecting and blocking compromised nodes or information, making statistical decisions, or filtering the positions used in computations.
SECURITY THROUGH CRYPTOGRAPHY Most security attacks are performed by a malicious node trying to pass as an entity it is not or changing the values in data packets. These problems can be solved through cryptography by using authentication and message integrity. It is also possible to provide position confidentiality, preventing malicious nodes from gathering network information.
IEEE Communications Magazine • April 2008 Authorized licensed use limited to: National Chung Cheng University. Downloaded on January 12, 2009 at 02:31 from IEEE Xplore. Restrictions apply.
OLIVEIRA LAYOUT
3/24/08
2:16 PM
Page 99
Cryptography can be used to protect against externally deployed hostile nodes that could execute any of the attacks cited. But in the presence of compromised nodes in the local network, the attackers gain access to locally stored keys and passwords, which compromises any cryptographic system. For this reason, most secure localization algorithms use non-cryptographic security techniques, as shown in the next sections, and rely on cryptography as a second line of defense. This is the case in the HiRLoc [5], SeRLoc [6], and robust position estimation (ROPE) [7] localization algorithms, in which efficient cryptography is used to secure beacon transmissions. In SPINE [8] cryptography can be used to make an authenticated distance estimation, and it is used in [9] to assist in detection of malicious beacon nodes. In most cases it is assumed that network nodes can establish pair wise secret keys. In some works cryptography is avoided due to the limited availability of processor and memory resources in sensor nodes. But in most cases, if we require secure localization, we also require secure media access, secure data routing and transfer, secure time synchronization, and many secure algorithms, all of which could take advantage of the same stored keys and implemented cryptographic algorithms. In these cases cryptography can be a plausible solution. Also, cryptography techniques can be used to provide a layer of security for all three localization system components (distance/angle estimation, position computation, and localization algorithm) explained earlier, by providing authentication and integrity checks of the exchanged packets.
MISBEHAVIOR DETECTION AND BLOCK Where cryptography is compromised, one way to defend against an attack is to observe the behavior of nodes over time and decide whether to trust them. These techniques can be used mainly to protect the position computation component, because information gathered from untrusted nodes can simply be ignored when computing the position of nodes. Liu et al. [9] propose a set of techniques for detecting malicious beacon nodes. One technique detects malicious beacon nodes by comparing the distance estimated by using the location information provided by these beacon nodes and the distance estimated by means of the signal (e.g., RSSI, TDoA, AoA). Another technique evaluates the round-trip time (RTT) between two neighbors, based on the observation that the replay of a (malicious) beacon signal introduces extra delay. Then the base station (or sink node) uses such information about malicious beacons to reason about the suspiciousness of each beacon node and filters out malicious beacon nodes accordingly. Srinivasan et al. [10] extend the techniques proposed by Liu et al. [9] by using a continuous scale, and a reputation and trust-based mechanism. The result is the distributed reputationbased beacon trust system (DRBTS), which is a distributed security protocol for excluding malicious beacon nodes. In DRBTS each beacon node monitors its neighborhood for suspicious beacon nodes and provides information by maintaining and exchanging a neighbor-reputation
table in such a way that other sensor nodes can choose trustworthy beacons based on a voting approach.
One method to deal with malicious nodes
ROBUST POSITION COMPUTATION
is to accept that they
Another way to deal with malicious nodes is to accept that they will be present in the network and propose robust position computations that are still able to work in the presence of bogus information. This is accomplished mostly by using statistical and outlier filtering techniques. In these cases it is assumed that benign nodes outnumber malicious ones. These techniques are used to protect against (or be robust to) attacks on the position computation and distance/angle estimation components. Li et al. [11] use the principle behind the least squares data fusion technique to propose an adaptive least squares and least median squares position estimator. The idea is to use the least squares in the absence of attacks and the least median squares in the presence of attacks, because the latter alternative tolerates up to 50 percent outliers and still provides correct estimates. The authors show that the use of traditional Euclidean distance is not robust to intentional attacks against base stations and introduces robustness to fingerprinting localization by means of a median-based distance metric. Liu et al. [12] propose a method that uses minimum mean squared estimation (MMSE), which is a data fusion technique for obtaining improved estimations, and to identify and remove malicious location information. In this method sensor locations are estimated using the MMSE-based method. Then the method verifies whether the estimated location can be estimated from a set of consistent location references. If not, the most inconsistent reference is identified and removed, and the node location is estimated again. It repeats this process until all inconsistent references are discarded. The mean square error of the distance measurements is used as an inconsistency indicator. A second method proposed by Liu et al. [12] is a voting-based location estimation technique. In this method the sensor field is quantized into a grid of cells, and each reference node votes on the cells to which an unknown node may belong. Then the method selects the most voted cell(s) and uses the “center” of these cell(s) as the estimated location. Voting results can be refined interactively to improve accuracy. This method requires few resources and is suitable for current resource constrained sensor nodes.
will be present in the network and propose robust position computations that still are able to work in the presence of bogus information. This is accomplished mostly by using statistical and outlier filtering techniques.
LOCATION VERIFICATION Some proposals focus on the reliability of the final position computations rather than avoiding or detecting compromised nodes and attacks. Localization anomaly detection (LAD) [13] uses deployment knowledge, with a group-based deployment model, to check whether the computed positions of the nodes are consistent with the known model and observations. In [14] an algorithm is proposed for in-region verification in which a certain node can check whether another node really is inside the particular region in which it claims to be. The proposed protocol, called Echo, uses known physical properties of both radio frequency and ultrasound to compute distances and check whether a
IEEE Communications Magazine • April 2008 Authorized licensed use limited to: National Chung Cheng University. Downloaded on January 12, 2009 at 02:31 from IEEE Xplore. Restrictions apply.
99
OLIVEIRA LAYOUT
3/24/08
2:17 PM
Page 100
node really can be inside the claimed region. These techniques can be used to provide a layer of security for all three localization system components, because they verify only the result of the overall localization system.
SECURE AND SIMPLE ALGORITHMS Localization systems are vulnerable mostly due to the number of components available to be attacked. Another way to secure a localization system is to use simple, less dependable localization algorithms, such as GPS-free, range-free, and/or one-hop algorithms. One example is secure range-independent localization (SeRLoc) [6], in which beacon nodes are equipped with a set of higher-power directional antennas. These nodes send a packet using an asymmetric transmission that contains their position and the sector of the antenna in which the packets are sent. As it is a range-free single-hop localization algorithm, it is protected against attacks aimed at altering range measurements and against regular
compromised nodes. However, it does not protect against wormholes, which are avoided by checking network properties such as sector uniqueness and communication range. A similar technique is used in high-resolution robust localization (HiRLoc) [5], which has greater accuracy but increased computational and communication complexity. Techniques like these can be used to protect the localization algorithm component.
COMPARISON OF CURRENT SOLUTIONS In network security it is widely known that no system is totally safe. There will always be weak points, and the question is simply whether they are acceptable. In WSNs this issue becomes a little more complicated due to resource limitations. In this case, we must decide on the required level of security, which is application-dependent, and how many resources can be spent in providing the level of security. Depending on this cost-benefit analysis, we can decide which solution or security techniques will be used to secure the
Algorithm
Cryptography
Misbehavior detection
Robust position computation
Location verification
Simple algorithms
Observation
HiRLoc [5]
Encryption and authentication of beacons’ comm. Global preloaded keys.
–
–
–
Yes
Requires extra hardware (directional antennas) in beacon nodes.
SeRLoc [6]
Encryption and authentication of beacons’ comm. Global preloaded keys.
–
–
–
Yes
Requires extra hardware (sectored antennas) in beacon nodes. Doesn’t consider hostile beacons.
ROPE [7]
Encryption and authentication of beacons’ comm. Global preloaded keys.
–
–
Beacons verify distances
Yes
Requires extra hardware (directional antennas) in beacon nodes.
SPINE [8]
Symmetric or public-key cryptography for authenticated distance estimations.
–
Verifiable multilateration
–
–
Nanosec clocks. Uses ultrasound. High number of beacons.
DRBTS [10]
Encryption using a network wide group key.
Reputation and trustbased
–
–
–
Benign observations must be the majority. Dense network.
LAD [13]
–
–
–
Deployment knowledge
–
Requires deployment knowledge.
Echo [14]
–
–
–
Physical prop. of sound/RF
–
Majority benign. No hostile beacons. Uses Ultrasound.
Li et al. [11]
–
–
Robust statistical methods
–
–
Benign observations must be the majority.
Liu et al. [9]
Beacon packets are authenticated using shared pairwise keys.
Distances comp. and RTT
–
–
–
Requires redundant beacon nodes.
Liu et al. [12]
Authentication with pairwise key establishment.
–
Voting-based
–
–
Benign beacons must be the majority.
■ Table 1. Secure localization systems comparison.
100
IEEE Communications Magazine • April 2008 Authorized licensed use limited to: National Chung Cheng University. Downloaded on January 12, 2009 at 02:31 from IEEE Xplore. Restrictions apply.
OLIVEIRA LAYOUT
3/24/08
2:17 PM
Page 101
WSN. In Table 1 we compare each of the studied proposals, showing which type of security they use, and provide observations about them and their potential weaknesses. As we can see, most security proposals rely on some kind of lightweight cryptography as a second line of defense combined with other security techniques such as misbehavior detection, robust position computation, location verification, and simple algorithms combined with extra hardware.
CONCLUSIONS In this article localization systems are studied from the viewpoint of security. We show how an insecure localization system can be attacked in a number of ways to compromise the entire functioning of a WSN, and thus lead to incorrect military plans and decision making. First, we divide localization systems into three different components: distance/angle estimation, position computation, and localization algorithm. Then we describe each of these components, showing several techniques that could be used to compromise them and consequently the entire localization system when in the presence of compromised nodes and/or a compromised environment. After that, we show examples of current insecure localization systems and how easily they could be confused by the studied attacks. Finally, we show the techniques used by current secure localization systems to perform localization in the presence of hostile nodes and compromised environments.
REFERENCES [1] H. A. Oliveira et al., “Directed Position Estimation: A Recursive Localization Approach for Wireless Sensor Networks,” 14th IEEE Int’l. Conf. Comp. Commun. and Networks, San Diego, CA, Oct. 2005, pp. 557–62. [2] T. He et al., “Range-Free Localization Schemes for Large Scale Sensor Networks,” MobiCom ’03: Proc. 9th Annual Int’l. Conf. Mobile Comp. and Networking, New York: ACM Press, 2003, pp. 81–95. [3] J. Albowicz, A. Chen, and L. Zhang, “Recursive Position Estimation in Sensor Networks,” 9th Int’l. Conf. Network Protocols, Nov. 2001, pp. 35–41. [4] D. Niculescu and B. Nath, “Ad Hoc Positioning System (APS),” IEEE GLOBECOM ’01), San Antonio, TX, Nov. 2001, pp. 2926–31. [5] L. Lazos and R. Poovendran, “Hirloc: High-Resolution Robust Localization for Wireless Sensor Networks,” IEEE JSAC, vol. 24, Feb. 2006, pp. 233–46. [6] L. Lazos and R. Poovendran, “Serloc: Secure RangeIndependent Localization for Wireless Sensor Networks,” Proc. WiSe ’04, 2004, pp. 21–30. [7] L. Lazos, R. Poovendran, and S. Capkun, “Rope: Robust Position Estimation in Wireless Sensor Networks,” Proc. IPSN, Apr. 2005, pp. 324–31. [8] S. Capkun and J.-P. Hubaux, “Secure Positioning of Wireless Devices with Application to Sensor Networks,” INFOCOM ’05, Miami, FL, Mar. 2005. [9] D. Liu, P. Ning, and W. Du, “Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks,” 25th ICDCS, 2005, pp. 609–19. [10] A. Srinivasan, J. Teitelbaum, and J. Wu, “DRBTS: Distributed Reputation-Based Beacon Trust System,” 2nd IEEE DASC, 2006, pp. 277–83. [11] Z. Li et al., “Robust Statistical Methods for Securing Wireless Localization in Sensor Networks,” IPSN ’05, 2005, p. 12. [12] D. Liu, P. Ning, and W. Du, “Attack-Resistant Location Estimation in Sensor Networks,” IPSN ’05: Proc. 4th Int’l. Symp. Info. Processing in Sensor Networks, 2005, p. 13. [13] W. Du, L. Fang, and P. Ning, “Lad: Localization Anomaly Detection for Wireless Sensor Networks,” 19th IPDPS, 2005, p. 41.1. [14] N. Sastry, U. Shankar, and D. Wagner, “Secure Verification of Location Claims,” WiSe ’03, N2003, pp. 1–10.
BIOGRAPHIES ANTONIO A. F. LOUREIRO (
[email protected]) holds a B.Sc. and an M.Sc. in computer science, both from the Federal University of Minas Gerais (UFMG), and a Ph.D. in computer science from the University of British Columbia, Canada. Currently, he is an associate professor of computer science at UFMG, where he leads the research group in wireless sensor networks. His main research areas are wireless sensor networks, mobile computing, and distributed algorithms. A ZZEDINE B OUKERCHE (
[email protected]) is a full professor and holds a Canada Research chair position at the University of Ottawa. He is the founding director of the PARADISE Research Laboratory at the University of Ottawa. His current research interests include wireless ad hoc and sensor networks, wireless networks, mobile and pervasive computing, wireless multimedia, QoS service provisioning, performance evaluation and modeling of large-scale distributed systems, distributed computing, large-scale distributed interactive simulation, and parallel discrete event simulation. Prior to his current position, he held a faculty position at the University of North Texas, and worked as a senior scientist at the Simulation Sciences Division, Metron Corporation, San Diego, California. He was also employed on the faculty of the School of Computer Science, McGill University, and taught at Polytechnic of Montreal. He spent a year at the JPL/NASA-California Institute of Technology, where he contributed to a project focusing on the specification and verification of the software used to control interplanetary spacecraft operated by JPL/NASA Laboratory. He has published several research papers in his areas of interest. He was the recipient of the Best Research Paper Award at IEEE/ACM PADS ’97 and ACM MobiWac ’06, and he was the recipient of the Third National Award for Telecommunication Software 1999 for his work on a distributed security systems on mobile phone operations. He served as general chair for the 8th ACM/IEEE Symposium on Modeling, Analysis, and Simulation of Wireless and Mobile Systems and the 9th ACM/IEEE Symposium on Distributed Simulation and Real-Time Applications; program chair for ACM Workshop on QoS and Security for Wireless and Mobile Networks as well as several other conferences; and as a TPC member of numerous IEEE and ACM sponsored conferences. He served as a guest editor for the Journal of Parallel and Distributed Computing Special Issues on Routing for Mobile Ad Hoc, Wireless Communication and Mobile Computing, and Mobile Ad Hoc Networking and Computing, as well as other publications. He served as Vice General Chair for the 3rd IEEE Distributed Computing for Sensor Networks (DCOSS) Conference 2007, Program Co-Chair for the GLOBECOM 2007 and 2008 Symposium on Wireless Ad Hoc and Sensor Networks, and Finance Chair for ACM Multimedia 2008. He serves as an Associate Editor for several journals and magazines. He also serves as a steering committee chair for the ACM Modeling, Analysis and Simulation for Wireless and Mobile Systems Symposium; the ACM Workshop on Performance Evaluation of Wireless Ad Hoc, Sensor, and Ubiquitous Networks; and the IEEE/ACM Distributed Simulation and RealTime Applications Symposium (DS-RT).
In network security, it is widely known that no system is totally safe. There always will be weak points, and the question is simply whether they are acceptable. In WSNs, this issue becomes a little more complicated due to resource limitations.
EDUARDO FREIRE NAKAMURA (
[email protected]) received his Ph.D. in computer science from the Federal University of Minas Gerais, Brazil, in 2007. He is a researcher and full professor at the Center of Research and Technological Innovation, Brazil. His research interests include data/information fusion, distributed algorithms, localization algorithms, wireless ad hoc and sensor networks, and mobile and pervasive computing. He has published several papers in the area of wireless sensor networks, and served as a TPC member of the 2nd Latin American Autonomic Computing Symposium, supported by the IEEE Computer Society. HORACIO A. B. F. OLIVEIRA (
[email protected]) is currently working toward a Ph.D. degree in computer science at UFMG, Brazil, with a partial doctoral fellowship at the University of Ottawa, Canada. He holds an M.Sc. in computer science from UFMG and a B.Sc. in computer science from the Federal University of Amazonas (UFAM), Brazil. He is a professor of computer science at UFAM. His research interests include localization and synchronization algorithms, distributed algorithms, and wireless ad hoc, vehicular, and sensor networks. He is the author of several papers in the various areas of his research interests.
IEEE Communications Magazine • April 2008 Authorized licensed use limited to: National Chung Cheng University. Downloaded on January 12, 2009 at 02:31 from IEEE Xplore. Restrictions apply.
101
