Malware Tolerant (Mesh-)Networks

  • Michael DenzelEmail author
  • Mark Dermot Ryan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11124)


Mesh networks, like e.g. smart-homes, are networks where every node has routing capabilities. These networks are usually flat, which means that one compromised device can potentially overtake the whole infrastructure, especially considering clone attacks.

To counter attacks, we propose a network architecture which enhances flat networks, especially mesh networks, with isolation and automatic containment of malicious devices. Our approach consists of unprivileged devices, clustered into groups, and privileged “bridge” devices which can cooperatively apply filter rules like a distributed firewall. Since there is no ultimate authority (not even bridges) to control the whole network, our approach has no single point-of-failure – so-called intrusion or malware tolerance. That means, attacks on a single device will not compromise the whole infrastructure and are tolerated. Previous research on mesh networks [3, 8, 9, 10] relied on a single point-of-failure and is, thus, not intrusion or malware tolerant.

Our architecture is dynamic in the sense that bridge devices can change, misbehaving devices can be isolated by outvoting them, and cryptographic keys evolve. This effectively turns the entire network into a moving target.

We used the protocol verifier ProVerif to prove the security properties of our network architecture.


Mesh network Malware tolerance Self-management Network security 


  1. 1.
    Amir, Y., Kim, Y., Nita-Rotaru, C., Tsudik, G.: On the performance of group key agreement protocols. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(3), 457–488 (2004)CrossRefGoogle Scholar
  2. 2.
    Bessani, A.N., Sousa, P., Correia, M., Neves, N.F., Verissimo, P.: The crutial way of critical infrastructure protection. IEEE Secur. Priv. 6(6), 44–51 (2008)CrossRefGoogle Scholar
  3. 3.
    Bokareva, T., Bulusu, N., Jha, S.: SASHA: toward a self-healing hybrid sensor network architecture. In: The Second IEEE Workshop on Embedded Networked Sensors, pp. 71–78. Citeseer (2005)Google Scholar
  4. 4.
    Boneh, D., Ding, X., Tsudik, G.: Identity-based mediated RSA. In: 3rd Workshop on Information Security Application [5]Google Scholar
  5. 5.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: USENIX Security Symposium (2001)Google Scholar
  6. 6.
    Davis, D.: Defective sign & encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML. In: USENIX Annual Technical Conf., General Track, pp. 65–78 (2001)Google Scholar
  7. 7.
    Denzel, M., Ryan, M., Ritter, E.: A malware-tolerant, self-healing industrial control system framework. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 46–60. Springer, Cham (2017). Scholar
  8. 8.
    Di Pietro, R., Ma, D., Soriente, C., Tsudik, G.: POSH: proactive co-operative self-healing in unattended wireless sensor networks. In: IEEE Symposium on Reliable Distributed Systems, pp. 185–194. IEEE (2008)Google Scholar
  9. 9.
    Di Pietro, R., Mancini, L.V., Soriente, C., Spognardi, A., Tsudik, G.: Playing hide-and-seek with a focused mobile adversary in unattended wireless sensor networks. Ad Hoc Netw. 7(8), 1463–1475 (2009)CrossRefGoogle Scholar
  10. 10.
    Diop, A., Qi, Y., Wang, Q.: Efficient group key management using symmetric key and threshold cryptography for cluster based wireless sensor networks. Int. J. Comput. Netw. Inf. Secur. 6(8), 9 (2014)Google Scholar
  11. 11.
    Dodis, Y., Franklin, M., Katz, J., Miyaji, A., Yung, M.: Intrusion-resilient public-key encryption. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 19–32. Springer, Heidelberg (2003). Scholar
  12. 12.
    Dodis, Y., Franklin, M., Katz, J., Miyaji, A., Yung, M.: A generic construction for intrusion-resilient public-key encryption. In: Cryptographers’ Track at the RSA Conference [11], pp. 81–988Google Scholar
  13. 13.
    Franklin, M.: A survey of key evolving cryptosystems. Int. J. Secur. Netw. 1(1–2), 46–53 (2006)CrossRefGoogle Scholar
  14. 14.
    Hu, Y.C., Perrig, A.: A survey of secure wireless ad hoc routing. IEEE Secur. Priv. 2(3), 28–39 (2004)CrossRefGoogle Scholar
  15. 15.
    Itkis, G.: Intrusion-resilient signatures: generic constructions, or defeating strong adversary with minimal assumptions. In: International Conference on Security in Communication Networks [16], pp. 102–118Google Scholar
  16. 16.
    Itkis, G., Reyzin, L.: Sibir: signer-base intrusion-resilient signatures. Adv. Cryptol.-Crypto 2002, 101–116 (2002)zbMATHGoogle Scholar
  17. 17.
    Parno, B., Perrig, A., Gligor, V.: Distributed detection of node replication attacks in sensor networks. In: IEEE Symposium on Security and Privacy, pp. 49–63. IEEE (2005)Google Scholar
  18. 18.
    Sousa, P., Bessani, A.N., Correia, M., Neves, N.F., Verissimo, P.: Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Trans. Parallel Distrib. Syst. 21(4), 452–465 (2010)CrossRefGoogle Scholar
  19. 19.
    Veríssimo, P.E., Neves, N.F., Correia, M.P.: Intrusion-tolerant architectures: concepts and design. In: de Lemos, R., Gacek, C., Romanovsky, A. (eds.) WADS 2002. LNCS, vol. 2677, pp. 3–36. Springer, Heidelberg (2003). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.University of BirminghamBirminghamUK

Personalised recommendations