Biomimetic Metamorphic Framework for Security in Resource-Constrained Wireless Networks

Abstract

Contemporary mobile devices are being increasingly integrated with technologies such as RFID (radio frequency identification) and WBAN (wireless body area networks) that enable object identification and sensing in the Internet of Things (IoT). These technologies facilitate many applications such as efficient management of users' health, remote monitoring and asset tracking. Communication in these applications is mainly wireless, making it critical to ensure security. Important elements of security include data encryption, key management and authentication. Although sophisticated cryptography is the straightforward solution to achieve security goals, some IoT entities are limited in their ability to perform the necessary computations, owing to trade-offs between managing available resources and keeping them cost-effective. The primary objective of this thesis is to propose a new metamorphic multi-algorithm framework for security in resource-constrained wireless networks. Our proposals draw inspiration from biological/natural systems and chaos theory to achieve security through unpredictability. While the state-of-the-art is focused on employing standard cryptographic techniques and customizing them for lightweight applications, our framework facilitates security through a dynamic, context-dependent choice of one of the algorithms for key management and authentication. Three new algorithms, which emphasize dynamic key management and unpredictability, are proposed as part of our framework. These are standalone algorithms that could be employed in resource-constrained networks either independently for generating keys and authentication parameters, or as part of the framework to increase the overall uncertainty, and consequently, security. We analyze and assess each constituent algorithm and the possible framework configurations to verify that the choice of algorithms are at random, the keys generated remain unpredictable, and the resource utilization is low. We use a proof of concept implementation to generate keys and analyze them to assess algorithm choices, use Sorensen's Similarity Index (SSI) and NIST (National Institute of Standards and Technology) Statistical Test Suite to assess key sequence unpredictability and randomness, respectively, and use hardware implementation to assess resource utilization. Results encourage use of our framework and individual algorithms in resource-constrained applications, and its generic design implies that it can be extended and adapted for use in other non-resource-constrained application environments as well.