Abstract
Network Security Systems are heavily anchored in the digital plane of “cyber space” and hence cannot be used effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts (i.e., escorting an intruder off the premises based on physical evidence). Embedded Sensor Networks (SNs) can be used to bridge the gap between digital and physical security planes, and thus can provide reciprocal benefit to security tasks on both planes. Toward that end, we present our experience integrating wireless networking security services into snBench (the Sensor Network workBench). snBench provides an extensible framework that enables the rapid development and automated deployment of SN applications on a shared, embedded sensing and actuation infrastructure. snBench’s extensible architecture allows an engineer to quickly integrate new sensing and response capabilities into the snBench framework, while high-level languages, compilers and execution environments allow novice SN programmers to compose SN service logic, unaware of the lower-level components on which their services rely. Concrete examples are provided to illustrate the power and potential of Wireless Security Services that span both the physical and digital plane.
This research was supported in part by a number of NSF awards, including CISE/CSR Award #0720604, ENG/EFRI Award #0735974, CISE/CNS Awards #0524477, #0952145, CNS/NeTS Award #0520166, CNS/ITR Award #0205294, CISE/EIA RI Award #0202067, and CISE/CCF Award #0820138.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
SXEs can retrieve Opcode implementations at runtime; however, support for loading new sensing devices at runtime is not currently supported. Such functionality is not difficult to support, and it is analogous to dynamically loading device drivers to support new hardware.
- 2.
Readers may readily note that this Opcode is a loaded weapon and may gasp or recoil in horror. In fact, this is not the first Opcode that requires special user privileges to ensure correct use.
- 3.
We refer the reader to [9] for a more thorough treatment of the SNAFU language and its evaluation.
- 4.
A MAC address is far from the best way to uniquely identify an attacker, as the attacker will likely use a fictitious MAC address or worse, clone a legitimate user’s MAC during an attack.
References
Adelstein, F., Alla, P., Joyce, R., Richard, G.G. III: Physically locating wireless intruders. In: ITCC ’04: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04), Washington, DC, USA, vol. 2, p. 482. IEEE Computer Society, Los Alamitos (2004)
AirDefense, Inc.: AirDefense Enterprise Product Homepage, http://www.airdefense.net/products/enterprise.php
Bahl, P., Padmanabhan, V.N.: RADAR: An in-building RF-based user location and tracking system. In: INFOCOM (2), pp. 775–784 (2000)
Bellardo, J., Savage, S.: 802.11 denial-of-service attacks: real vulnerabilities and practical solutions. In: SSYM’03: Proceedings of the 12th Conference on USENIX Security Symposium (Berkeley, CA, USA), p. 2. USENIX Association, Berkeley (2003)
Bestavros, A., Bradley, A., Kfoury, A., Ocean, M.: SNBENCH: a development and run-time platform for rapid deployment of sensor network applications. In: IEEE International Workshop on Broadband Advanced Sensor Networks (Basenets), October (2005)
Devine, C.: Aircrack-ng homepage, http://www.aircrack-ng.org/
Farshchi, J.: Wireless intrusion detection systems, http://www.securityfocus.com/infocus/1742, 2003-11-05
Kershaw, M.: Kismet (version 2007-01-r1b), http://www.kismetwireless.net/documentation.shtml
Ocean, M.J., Bestavros, A., Kfoury, A.J.: SNBENCH: programming and virtualization framework for distributed multitasking sensor networks. In: VEE ’06: Proceedings of the 2nd International Conference on Virtual Execution Environments (New York, NY, USA), pp. 89–99. ACM Press, New York (2006)
OpenWRT Project Homepage, http://openwrt.org/
Roesch, M.: Snort—lightweight intrusion detection for networks. In: LISA ’99: Proceedings of the 13th USENIX Conference on System Administration (Berkeley, CA, USA), pp. 229–238. USENIX Association, Berkeley (1999)
True, N.: Wi-viz: Wireless network environment visualization, http://devices.natetrue.com/wiviz/
Vigna, G., Valeur, F., Kemmerer, R.A.: Designing and implementing a family of intrusion detection systems. SIGSOFT Softw. Eng. Notes 28(5), 88–97 (2003)
Vandoorselaere, Y., et al.: Prelude Hybrid IDS, http://www.prelude-ids.org/
Youssef, M., Agrawala, A., Shankar, U.: WLAN Location Determination via Clustering and Probability Distributions (March 2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag London Limited
About this chapter
Cite this chapter
Bestavros, A., Ocean, M.J. (2011). Virtualization and Programming Support for Video Sensor Networks with Application to Wireless and Physical Security. In: Bhanu, B., Ravishankar, C., Roy-Chowdhury, A., Aghajan, H., Terzopoulos, D. (eds) Distributed Video Sensor Networks. Springer, London. https://doi.org/10.1007/978-0-85729-127-1_12
Download citation
DOI: https://doi.org/10.1007/978-0-85729-127-1_12
Publisher Name: Springer, London
Print ISBN: 978-0-85729-126-4
Online ISBN: 978-0-85729-127-1
eBook Packages: Computer ScienceComputer Science (R0)