Secure Platform Over Wireless Sensor Networks

Homeland security and monitoring of critical infrastructures, such as buildings, bridges, nuclear power plants, aircrafts, etc., represent challenging application domains for modern networking technologies. In this context Wireless Sensor Networks (WSNs) are gaining interest as a fundamental component of an advanced platform that embeds pervasive monitoring, networking and processing. Indeed, recent literature has addressed the perspectives of WSNs for monitoring structural and functional health of industrial plants, e.g. in (Akyildiz, et al., 2002; Bai et al., 2004; Barbaran et al., 2007; Cho et al., 2008; Flammini et al., 2008; Kim et al., 2007): nevertheless, we can observe that the dominating paradigm is to exploit WSNs features in terms of a “network of small sensors”, while almost unexplored is the more advanced paradigm of “networked smart sensors” and the underlying opportunity to actually support autonomous (anomaly) detection processes. A large body of specialized literature deals with this topic and several ad-hoc solutions can be found. On the contrary, we try to develop a different approach in this context: resorting to security mechanisms that are made available in traditional networks can provide a suitable and reliable framework, while smart adaptations are targeted to meet tight resource constraints and possible performance degradation.


Introduction
H o m e l a n d s e c u r i t y a n d m o n i t o r i n g o f c r i t i c a l infrastructures, such as buildings, bridges, nuclear power plants, aircrafts, etc., represent challenging application domains for modern networking technologies.In this context Wireless Sensor Networks (WSNs) are gaining interest as a fundamental component of an advanced platform that embeds pervasive monitoring, networking and processing.Indeed, recent literature has addressed the perspectives of WSNs for monitoring structural and functional health of industrial plants, e.g. in (Akyildiz, et al., 2002;Bai et al., 2004;Barbaràn et al., 2007;Cho et al., 2008;Flammini et al., 2008;Kim et al., 2007): nevertheless, we can observe that the dominating paradigm is to exploit WSNs features in terms of a "network of small sensors", while almost unexplored is the more advanced paradigm of "networked smart sensors" and the underlying opportunity to actually support autonomous (anomaly) detection processes.A large body of specialized literature deals with this topic and several ad-hoc solutions can be found.On the contrary, we try to develop a different approach in this context: resorting to security mechanisms that are made available in traditional networks can provide a suitable and reliable framework, while smart adaptations are targeted to meet tight resource constraints and possible performance degradation.
Therefore we argue to demonstrate experimentally that, under certain limitations, a WSN can operate as a functionally "autonomous entity" not only for sensing operations.Despite the hard constraints on HW and the computation limitations, a WSN node is not just a sensing device (such as a magnetic contact or an infrared source): it is indeed a smart microdevice equipped with CPU and memory and is able to perform some autonomous data preprocessing, coding and transmission.Moreover the peculiar feature of a WSN with respect to a traditional sensor network is not to rely on fixed devices and cabling: nevertheless this comes at the cost of the availability of the so-called "ad-hoc" network properties (e.g. a sophisticated topology rearrangement mechanism is mandatory to achieve fault tolerance) as well as peer-to-peer frameworks, which imply enhanced protocol complexity and further computational and memory resource.
However, if proper design approaches (Pugliese et al., 2009;Sangiovanni-Vincentelli & Martin, 2001) are adopted, also the provision of fundamental security services (Hu et al., 2004;Law et al., 2005) can be pursued, which is a fundamental step towards the development of WSNs in critical applications; indeed the typical WSN deployment scenarios depicted above are highly exposed to physical capture or signal interception by external attackers much more than traditional sensors, which can be monitored by an extra-surveillance service.

Secure platform functions
Fig. 1 shows the main functional blocks of the proposed Secure Platform: apart from the block providing the typical middleware services (MW Services) and shared memory, other specific services (in this case security-oriented) are implemented as customizations of specific SW component and provided to the AEE via different APIs.It is very important to note that the "secure platform approach" offers a promising guideline to design and implement "integrated security" over WSN in a "application-oriented" approach which is aligned to the current SW development paradigms over resource constrained devices (Gay, 2003;Kliazovich, 2009;Sangiovanni-Vincentelli & Martin, 2001).In this case at least two functional blocks are provided: the cryptography module, which implements ECTAKS (Elliptic Curve-based Topology Authenticated Key Scheme), and the intrusion detection module, which implements WIDS (Weak process model-based Intrusion Detection System): the former one represents a novel contribution that enhances the capabilities of the approach in (Pugliese & Santucci, 2008) by exploiting the advanced security features of elliptic curves, while the latter one integrates the developments proposed in (Pugliese et al., 2008(Pugliese et al., , 2009)).

Application Execution Environment (AEE
TinyECC module (Liu, 2008) represents the ECC security package in WSN as it natively integrated with TinyOS (TinyOS, n.d.), the widely used operating system over WSN: ECTAKS, as we will show in next sections, rely on TinyECC security services to encrypt / decrypt messages.
Next sections, Sec. 3 and Sec. 4, deal with ECTAKS and WIDS modules respectively as well as with security and cost evaluations; however further details, especially about the mathematical proofs of theorems and computation expressions, can be found in (Pugliese et al., 2008(Pugliese et al., , 2009;;Pugliese & Santucci, 2008).

Motivations
In traditional networks such as the Internet, Public Key Cryptography (PKC) has been the enabling technology underlying many security services and protocols (e.g., SSL, IPsec).However, in WSNs PKC has not been widely adopted due to the resource constraints on sensor platforms, in particular the limited battery power and storage capacity.There has been intensive research aimed at developing techniques that can bypass PKC operations in sensor network applications.For example, there has been a substantial amount of research on random key pre-distribution for pair-wise key establishment, e.g.(Eschenauer & Gligor, 2002).However, these alternative approaches do not offer the same degree of security or functionality of PKC.For instance, none of the random key pre-distribution schemes can guarantee key establishment between any two nodes and tolerate arbitrary node compromises at the same time.Pair-wise key establishment can always be achieved, e.g. by resorting to the Diffie-Hellman key exchange protocol (Diffie & Hellman, 1976) without suffering from the node compromise problem and without requiring time synchronization.
Thus, it is desirable to explore the application of PKC on resource constrained sensor platforms (Malan, 2004;Menezes, 1996).Elliptic Curve Cryptography (ECC) has been the top choice among various PKC options due to its fast computation, small key size, and compact signatures: for example, to provide equivalent security to 1024-bit RSA, an ECC scheme only needs 160 bits on various parameters, such as 160-bit finite field operations and 160-bit key size (Gura et al., 2004).TinyECC, targeted at TinyOS, includes almost all known optimizations for ECC operations.
Taking into account the above considerations, we will show how the "hybrid" topologybased authentication logic (Topology Authenticated Key Scheme, TAKS) we proposed in (Pugliese & Santucci, 2008) can be enhanced using an ECC-based vector algebra (and, therefore, we now denote as ECTAKS) and be compatible with TinyECC.

EC Extensions to vector algebra over GF
Before starting with ECTAKS description, it is necessary to introduce some new algebraic tools and, specifically, the extension to elliptic curves of vector algebra over GF(q).Let () E GF q be a finite field and let  and also an element denoted O called the "point at infinity": the point at infinity is the point of intersection where the y-axis and the line at infinity (the collection of points on the projective plane for which z=0) meet.The elements over (() ) E EG Fq , or the point in E, are denoted #E which results to be a function of E q .An elliptic curve E can be made into an Abelian group by defining an additive operation on its points (Koblitz, 1987).As the elements of a group can be generated starting from a base element, or generator, by successive multiplications with scalars, we introduce a supplementary field GF(q) with # qE  , (therefore q is function of E q ) and, as in TAKS, qN  where N represents the total number of nodes in the network (Pugliese & Santucci, 2008).It is important to note that ECTAK results to be a point on E. Let V be a vector space over GF(q) with the generic element vV  represented through the 3pla (,,) x y z vvv with ,, x y z vvv  GF(q), let E V be a vector space over E with the generic element in VVV with 123 ,, VVV E; let P, Q be points in E. We will denote elements in V as "scalar vectors" because their components are scalars in GF(q), and elements in E V as "point vectors" because their components are points in E. ECC algebra introduces the "scalar by point product" (the operator symbol is usually omitted) which coincides with the addition of a point by itself many times the value of the scalar.
ECC vector algebra introduces two new operators: the "scalar vector by point product" (denoted by the symbol  ) and the "scalar vector by point vector product" (denoted by the symbol  ).Identity elements are 0( ) GF q  , 0( 0 , 0 , 0 )V  and (,, The operator "scalar vector by point product" is a function formally represented as : (,,)(, ,) It is straightforward to show that The following identity () () where the operator • denotes the usual scalar product between two vectors of scalars.

The scheme
Along what done for TAKS, ECTAKS is pair-wise, deterministic, shared keys are not predistributed but instead generated starting from partial key components.It exploits the impracticability in solving the Elliptic Curve Discrete Logarithm Problem (EDLP), the analogous of the discrete logarithm problem (DLP) applied to integers on GF(q) (Menezes et al., 1996).
Let V be a vector space over GF(q), E V be a vector space over E, () f be a function defined on GF(q) and () F defined on E satisfying the following requirements: According to Kerkhoff's principle, the explicit expressions for both () f and (.) G are public.Fig. 2 reports the conceptual representation of the proposed scheme.

SS=EC-TAK
Node n j is authenticated?
Node n j is authenticated?

SS=EC-TAK j
with mM  an arbitrary predefined vector over GF(q): this information is secret b.Let () bB G F q  be an arbitrary predefined scalar in B but not generator of GF(q): this information is secret c.Let cC V  be an arbitrary predefined vector over GF(q): this information is secret . This definition for () , where  is the mod q product (commutative) operator.Hereinafter the symbol  will be omitted e.Let li k , l j k KL V  (this information is private) LTV are defined to be co-planar to m and j a if j n is an admissible neighbor of node i n , or is "topology authenticated" (this information is be a random scalars in GF(q) generated by i n and j n respectively (this information is secret) i. Let Setting where setting now 1 k  in the definition of () f : () According to Kerkhoff's principle, the explicit expressions for l k and t K are public. and then ECTAK is a symmetric key defined as follows: Proof.The proof is straightforward: putting (10) into (13), exploiting the vector algebra property     '' '' asa saa   and the property (9) then Putting ( 11) into ( 14), exploiting the property ()( ) Putting ( 12) into ( 16) and ( 17), the expression (15) is obtained in both cases and the proof is completed.Q.E.D.

Security and cost analysis
We will show how ECTAKS can enhance the security level provided by TAKS: the relevant questions and related answers are as follows: 1. Which is the entropy per binit associated to ECTAK?ECTAK entropy per binit is 1  which is the same result for TAKS (Pugliese & Santucci, 2008) as uncertainty about Kk P   is the same as it is about t k being P a known point.
2. How much complex is the inverse problem to break ECTAKS (security level in a single node)?For the EDLP over E to be intractable, it is important to select an appropriate E (it must be a non-supersingular curve) and E q such that #E is divisible by a large prime or such that E q is itself a large prime.Most significantly, no index-calculus-type algorithms are known for EDLP as for the DLP (Menezes et al., 1996).For this reason, the EDLP is believed to be much harder than DLP in that no subexponential-time general-purpose algorithm is known.
The cost is measured in terms of computational time.We assume to employ 128 bit ECTAK keys (i.e.
128 2 q  ): it can be shown that (15) can be computed through 60000 16bit operations (additions and products).If MicaZ motes are employed (8-bit processor MPR2400 @ 7.4 MHz), and assuming 10 clock cycles / operation, the cost in terms of computation time for the calculation of a 128-bit ECTAK is estimated to be about 80 ms.

Motivations
The further security service component in our Secure Platform is the intrusion detection logic (IDS).Its main function is to identify abnormal network activity that differs from the expected behavior (Kaplantzis, 2004;Karlof & Wagner, 2003;Roosta et al., 2006;Sharma et al., 2010).We will show how a light state-based anomaly-based detection logic can be suited to be implemented over WSN (Ioannis et al., 2007;Jangra et al., 2011;Kalita & Kar, 2009).

www.intechopen.com
Smart nodes are typically provided with mechanisms to identify changes in system parameters or anomalous exchange of information: such data can be used as relevant observations to predict the hidden state of the system and infer whether it is under attack.An Hidden Markov Model (HMM), see e.g.(Ephraim & Merhav, 2002), is a doubly stochastic finite state machine with an underlying stochastic process that represents the real state of the system: the real state of the system is hidden but indirectly observable through another stochastic process that produces a sequence of observable events.The relationships between hidden states and observable data are stochastic as well as the transitions between states.HMMs (Doumit & Agrawal, 2003;Rabiner & Juang, 1986) have been widely used in network-based IDS for wired systems (Al-Subaie & Zulkernine, 2006; Khanna & Liu, 2006;Luk et al., 2007;Sheng & Cybenko, 2005;Yin et al., 2003) as well as for modeling Internet traffic (Dainotti et al., 2008).The Baum-Welch algorithm as likelihood criterion and technique for parameter estimation in HMM is extensively used in (Doumit & Agrawal, 2003) but some training data should be available and still result expensive in terms of computational and memory costs.Some conventional intrusion detection systems perform cross-correlation and aggregation of data, e.g. by analyzing fluctuation in sensor readings (Loo, 2005) or by detecting abnormal traffic patterns (Law, 2005).In general, the application of traditional IDSs to sensor networks is challenging as they require intense computation capability or too limited to a restricted number of threats.The implementation of an effective IDS over a WSN leads to the problem of finding a trade-off between the capability of identifying threats (i.e. with a bounded false alarm rate), the complexity of the algorithms and memory usage (Baker & Prasanna, 2005;Bhatnagar et al., 2010;Jiang, 2005;Kumari et al., 2010).
Our contribution proposes a novel network-layer anomaly detection logic over WSN exploits the Weak Process Models (WPM) and is here simply denoted as WIDS (WPM-based Intrusion Detection System): WPM are a non-parametric version of HMM, wherein state transition probabilities are reduced to rules of reachability in a graph representing the abnormal behaviors (Jiang, 2005).The estimation of a threat in the case of weak processes is greatly simplified and less demanding for resources.The most probable state sequence generated by the Viterbi algorithm (Forney, 1973) for HMM becomes the possible state sequence generated by simplified estimation algorithms for WPM.The intensity of the attack is evaluated by introducing a threat score, a likelihood criterion based on weighting states and transitions (Pugliese et al., 2008).

The scheme
As stated before, if WPM are used to model behavior, the algorithm to estimate the possible state sequences (instead of the most probable ones) is much easier than Viterbi estimator (Forney, 1973).But this comes at a cost: due to the cut of lower probabilities (approximated to zero) the expressiveness in WPM could be reduced with respect to HMM and false negatives can increase.However, it has been shown that adding a certain number of further states to WPM, expressiveness could be recovered (Pugliese et al., 2008).Indeed a sort of "state explosion" can require added memory for storage but the binary matrices describing WPM are very low dense (sparse matrix) and some algebraic tricks can be adopted.Given the choice of WPM as behavior model, the question becomes: which behavior should be modeled?Our solution is based on two basic ideas: first, the adoption of an anomaly-based IDS and, second, a "hierarchical" model for abnormal behaviors.However, even anomalybased detection algorithms are of lower complexity than misuse-based ones, the problem to model a behaviour still remains (Debar et al., 1999): usually the question is approached by defining different regions in the observation space associated to different system behaviors.
Further we apply a "state classification", i.e. we associate each defined region to a specific sub-set (class) of WPM states (not single states) according to WPM topology.State classification can reduce false negatives and false positives in anomaly detection because different state traces (therefore different behavior patterns) contain the same information leading to a useful redundancy.In (Pugliese et al., 2008(Pugliese et al., , 2009) ) we introduced two classes: LPA (Low Potential Attack) and HPA (High Potential Attack).
Definition 1.Low Potential Attack, LPA.An attack is defined in a "low potentially dangerous" state (or in a LPA state) if the threat is estimated to be in state j x which is at least 2 hops to the final state.
Definition 2. High Potential Attack, HPA.An attack is defined in a "high potentially dangerous" state (or in a HPA state) if the threat is estimated to be in state j x which is 1 hop to the final state.
WIDS identifies any observable event correlated to a threat by applying a set of anomaly rules to the incoming traffic.An example of anomaly can be the event of a node receiving multiple "setup" messages in a short time, or two "topologically far" nodes (i.e.nodes whose path length is >>1 hop) to receive similar message sequences.We will show how attacks can be classified into low and high potential attacks according to specific states in the corresponding WPM-based threat model.Alarms are issued as soon as one or more high potential attacks are detected.Considered threats are "hello flooding" and the generalized version of "sinkhole" and "wormhole": we will show that any possible attack against WSN network layer protocols can be derived from these models.The security performance analysis will be carried out by computing the probability of false positives and negatives.However, WPMs technique introduces the following drawback: as very low state transition probabilities are reduced (approximated) to zero, it results an increase of false negatives as some (hazardous) sequences could be classified as not possible when instead in a probabilistic model would be achievable.The number of false negatives decreases if we add states (Pugliese et al., 2008) but the drawback is a larger memory requirement.As it will be shown in the dedicated sections, Boolean matrices that describe the models are sparse and can be compacted for faster computation.The intensity of the attack is evaluated by introducing a threat score, a likelihood criterion based on weighting states and transitions.Intrusions and violations are classified into low potential attacks (LPA) and high potential attacks (HPA) depending on their distance from the state corresponding to a successful attack.When at least one HPA occurs, an alarm is issued.Moreover we introduce a score mechanism to weight state sequences where LPA and HPA contribute differently so that it becomes possible to derive how many LPA and / or HPA states have been experimented.

Definition 3. Threat Score s at Observation Step k [
It is a weighting mechanism we apply to states and transitions in a given WPM.Weights are represented by a square nn  matrix (we denote "Score Matrix" S) whose elements are defined as follows (n is the number of states in the WPM): ij s is the score assigned to the transition from j x to i x and jj s is the score assigned to the state j x .In (Pugliese et al., 2008) it has been shown that where k hpa n and k lpa n are the number of HPA and LPA states that the system is supposed to have reached up to observation step k, and L, H are values to be assigned depending on LPA and HPA state topology in WPM graph (Pugliese et al., 2008) respectively.Last we introduce the concept of Anomaly Rule, the logic filter applied to incoming signaling messages, which gives two possible results: "no anomalies", resulting in the message being processed further, or "anomaly detected" resulting in a "threat observable".
The main objective of IDS is to detect attacks coming from insider intruders, i.e.only combinations of "hello flooding", "sinkhole" and "wormhole" threats (Debar et al., 1999;Roosta et al., 2006;Singh et al. 2010;Whitman & Mattord, 2011).These attacks are based on well-formed messages generated by authenticated nodes where control information is chosen to generate malicious network topologies.IDS monitoring domain is restricted to observables associated to any combination of these threats (we denote the Aggregated Threat Model).
In summary the process can be stated through the following steps: 1) Analyze the behaviour of the threat; 2) Derive the Anomaly Rules; 3) Derive the WPM-based threat model and 4) Assign weights to WPM states and transitions.WPM-based models for single threats are shown in (Pugliese et al., 2008).Following these steps, we obtain the WPM aggregated model in Fig. 3

Security and cost analysis
The security analysis will verify the effectiveness of the proposed IDS in terms of probabilities of false negatives and false positives.We introduce the false-negative rate ( neg P ) which represents the rate that the detection algorithm is not able to identify an existing threat (alarm mis-detections), and the false-positive rate ( pos P ) which represents the rate that the detection algorithm identifies undue threats (false alarm detections).
Definition 3. WPM Memory Length, WML.It is the length of the state sequence trace considered for alarms detection.
Test for alarm mis-detections (False Negatives).We will compute the false negatives probability neg P by applying "ad-hoc" observables sequences to WPM model in Fig. 3 originated by "hello flooding", "sinkhole" and "wormhole" randomly aggregated.The symbol * means "no observable related to this threat".According to the previous considerations, we preliminarily note that:  There are no observable sharing between "hello flooding" and "sinkhole" or "wormhole";  Observables for "sinkhole" are also observables for "wormhole" but not vice-versa.
Simulations results are graphically reported in Fig. 4 where dark grey bars refer to scores produced by individual threat models and light grey bars refer to aggregated threat models.
As expected the same outputs from both models are obtained only for threats not sharing any observable (Fig. 4 a) while different outputs are obtained for threats, as "sinkhole" and "wormhole", sharing at least one observable (Fig. 4 b).
Test for false alarm detections (False Positives).Not well-defined Anomaly Rules can produce "undecided" threat observables which lead to potential false positives, hence 0 pos P  .False positives are structurally zeroed if no "undecided" threat observables are associated to HPA states.Two approaches can be adopted: 1. Insert further states associated to truly "threat observables into WPM paths where states associated to "undecided" threat observables are leaves: this approach can decrease the probability for false positives ( 0 pos P  ) because the joint probability to reach the leaf state can be very low in long paths; however a drawback is that long paths could reduce the system reactivity to threats.19), (20) are applied 2. Introduce a further class of states associated to "undecided" threat observables: this approach cannot decrease the probability for false positives, but "ad-hoc" lighter countermeasures can be applied to nodes where alarms from "undecided" observables are generated (e.g.node quarantine rather than link release).
The cost is measured in terms of computational time.If n are the states in the Aggregated Threat Model, we can derive that the upper bound complexity in the computation of scores and alarms is (CROSSBOW, n.d.) are employed (8-bit processor ATMega128L @ 7.4 MHz), and assuming 20 clock cycles per arithmetic / logic operation, the average computation time per 32-bit operation is  3 s.If IMOTE motes (MEMSIC, n.d.) are employed (32-bit processor PXA271Xscale@{312, 416} MHz), and assuming 5 clock cycles per arithmetic / logic operation, the average computation time per 32-bit operation is  0.03 s (assuming 300 MHz for the clock).Suppose the case 10 n  and 100 WML  . For MICA2 the estimated computation time is 200  ms, for IMOTE 2  ms. www.intechopen.com

Secure platform design
The adopted architectural design (Roman et al., 2006) will be cross-layered (Kliazovich et al., 2009) and platform-based (Sangiovanni-Vincentelli & Martin, 2001).Cross-layer (CL) results in the interplay between network layer (topology management and routing protocol) and presentation layer (mobile agent based execution environment for distributed monitoring applications): applied to security, an important benefit of CL mechanism is the exploitation of the interplay between different security measures in different layers to provide an enforced security service to applications.Platform-based design (PBD) results in the availability of a software platform where the internal structure is composed by "interconnected" SW components, which represent abstractions of the wired hardware components.Achievements of research goals are sought by taking care of the following major topics: selection of the right layers in the architectural design (a middleware layer is an essential component), application of the platform-oriented concepts for service mappings between layers, enhancement of the middleware layer with security services offered by lower layers entities and, on top, the creation of a flexible AEE by means of agents.
Fig. 5 depicts WIDS functional blocks: the Threat Model (TM) block implements the WPMbased model for abnormal system behavior and the Anomaly Detection Logic (ADL) block implements detection and alarm generation functions.The Intrusion Reaction Logic (IRL) schedules the intervention priority toward the compromised nodes according to specific criteria (defense strategy); IRLA applies the countermeasures against attacks to compromised nodes, including node isolations (quarantine), key revocations, link release or inclusions in black lists / grey lists (Roman et al., 2006).

Mobile agent-based middleware
A key characteristic of mobile agent-based middleware is that any host in the network is allowed a high degree of flexibility to possess any mixture of code, resources, and processors.Its processing capabilities can be combined with local resources.Code (in the form of mobile agents) is not tied to a single host but it is available throughout the network .Moreover, the mobile agent paradigm supports data-centric applications because the implementation code can migrate towards data no matter about node addressing (Hadim & Nader, 2006).Therefore in a mobile-agent application execution environment (Szumel et al., 2005), each agent implements a sub-set of application components which can be proactively aggregated through agent mobility (code mobility across the network).Among the agentbased middleware solutions available from literature, we will refer to AGILLA (Fok et al., 2006), developed at the Washington University in St. Louis.There are different motivations for this choice.Some of these are listed in the following:  it is developed using NesC (Gay et al., 2003) (Fok et al., 2006).Code migration is implemented by moving or cloning an agent from one node to another.Migration can be strong or weak dependently if the current execution state is ported on the other node or not.When an agent moves, it carries its code and, if strong move, also state and resumes executing on the new node.When it clones, it copies its code and, if strong clone, state to another node and resumes executing on both the old and new nodes.Multi-hop migration is handled by the middleware and is transparent to the user.It is important to remember that AGILLA can initially deploy a network without any application installed: agents that implement the application can later be injected, actually reprogramming the network.
From the function decomposition shown in Fig. 5, the mapping between WIDS functions and SW components and mobile agents is shown in Fig. 6: ADL and TM blocks are mapped into SW components while IRL and IRLA blocks into a mobile agent, which is denoted by Intrusion Reaction Agent (IRA).SW components are indicated with smoothed squares.This design allows the optimal allocation and code distribution for those functions that should not be implemented anywhere.

Enhancements to AGILLA middleware
Current version of AGILLA foresees that only the AGILLA Manager can read and write into the Neighbor List and only the AGILLA Manager and Mobile Agents can read and write into Tuple Space.
As stated before, Neighbors List contains the location of all one-hop neighbors but topology authentication provided in ECTAKS should update this list with admissible neighbors only: therefore it would be preferred if ECTAKS could read and write into the Neighbor List as the AGILLA Manager does.
Moreover, WIDS should read and write into Tuple Space in order to manage IRA agents mobility according to the functional mapping shown in Fig. 6.These enhancements have been designed as NesC stubs (Gay et al., 2003) embedded into AGILLA code (Pugliese et al., 2009).Fig. 7 schematically represents this added interfaces as bold arrows.
The first issue that has been actually addressed is related to the interface with the Communication Unit.In particular, the first enhancement made to AGILLA has been to add some basic mechanisms to let the agents able to retrieve some information about the radio traffic from the nodes.More in detail:  the node-resident part of the middleware has been modified in order to allow the evaluation of some indicators, customizable by the designer, based on the analysis of the radio traffic  the interface of the middleware towards the agents has been modified to allow an agent to retrieve the value of such indicators by pushing them on its stack.The demo application (Fig. 9) is then based on a sample WSN composed of 4 MicaZ nodes and a MIB510 board (connected to a PC) where 3 Agilla agents are injected for monitoring purposes.Such agents exploit the proposed middleware extensions and the Agilla reaction mechanism while moving on the WSN.The final goal is to detect the nodes that present one or more radio traffic indicators out of standard value (i.e. in this case the agents checks for a number of received packets larger than a defined threshold).The agents developed for such a purpose, called TupleOut, Dynamic and Alarm, are described in the following.TupleOut is a static agent, virtually present on each node to be monitored, that access to the radio traffic indicators evaluated by the node-side middleware, checks for anomalous values and insert a proper tuple on the tuple space of the node to signal an eventual alarm.In the proposed example the agents injected on node #1 checks for a number of received packets larger than 5 and, when the condition met, it inserts the alarm tuple on the Tuple Space of node #1 (Fig. 10).Dynamic is a dynamic (strong move in the whole WSN nodes) agent that looks for alarm tuples in the nodes tuple spaces.It exploits a template-based match by type reaction (Fig. 11) to detect an alarm tuple and then to eventually send to the Alarm agent the alarmed node ID.Finally, the Alarm agent is a static one that resides in the base station of the WSN (node #0).It receives alarm signals and alarmed node IDs and manages them.In the example, it simply displays by means of the leds the alarmed node ID and sends also such an information to the connected PC.

Compliance to trusted computing paradigm
As a further aspect in performance assessment and evolution perspectives, it is worth noting that the proposed platform can be compliant to the trusted computing guidelines (TCG, n.d.).Nevertheless, some attention should be paid in the mapping process of roles and functions defined in (TCG Best Practice Committee, 2011) to the underlying technology and application scenario of our Secure Platform: as stated in the Introduction, the main service supported and enabled by the Secure Platform consists in monitoring structural and functional health of industrial plants, which indeed can be configured as an "industrial" service.An item-by-item preliminar analysis of compliance to TCG paradigm has lead to the following results.


Security: security modules embedded into the proposed platform can achieve controlled access to some critical secured data (e.g.monitoring measurements).They also provide reliable measurements and reports of the system's security properties through the ciphered mobile code transfer mechanism among sensor nodes.The reporting mechanism can be fully kept under the owner's control through proprietary format messages feedbacks. Privacy: data mainly refer to physical quantities related to the industrial plant under in the considered application scenario.Detection data and observable results are transmitted and stored in ciphered mode among Tuple Spaces and the random nature of some one-shot cryptographic parameters (see Sec. 3.3 h) enhance service confidentiality and reliability, so that the system can be reasonably made compliant to all relevant guidelines, laws, and regulations applicable to this case. Interoperability: the adoption of both a platform-based design and a cross-layered architecture configures primitives, interfaces and protocols as building blocks of the platform model; therefore, the conformance to TCG specifications [TCG WG, 2007] can be achieved when compatible with resource limitations of the underlying WSN.


Portability of data: it does not completely apply in the considered application scenario, as the definition of alarms and observables is based on limited temporal sequences which are gradually overwritten in each Tuple Space. Controllability: the analysis of this item requests some clarifications about the role of "owner" and "user": in the considered application scenario, for security and safety reasons, the owner of the platform necessarily coincides with the owner of the system under monitoring and the "user" can ultimately be represented by a specialized operator.User-related information is not present in the system and it never affects service operations, the relationship owner -user thus being strictly hierarchical: therefore, some sub-items cannot apply (e.g. the user be able to reliably disable the TCG functionality in a way that does not violate the owner's policy).


Ease-of-use: usually specialized SW applications (installed at user premises) devoted to post-processing and decision support are comprehensible and usable by specialized trained personnel.

Conclusions and perspectives
In this chapter we have proposed novel contributions about definition of cryptography and anomaly detection rules in wireless sensor networks and their implementation in a crosslayered framework design that we denote "Secure Platform".Security functions are executed autonomously by nodes in the network without any support from outside (like servers or database).The proposed schemes have been validated using MATLAB simulations and a prototype implementation through mobile agents supported by a MicaZ wireless sensor network.This work is a partial achievement of the internal project WINSOME (WIreless sensor Network-based Secure system fOr structural integrity Monitoring and AlErting) at DEWS, whose target is to develop a cross-layer secure framework for advanced monitoring and alerting applications.
Current work is concerned with several developments.One objective is to extend WIDS to detect anomalies in data message content and signaling as well: in this frame bayesian analysis and decision techniques (e.g. the Dempster-Shafer theory) have been successfully 120 applied in traditional networks where resource availability is not a problem, but in WSNs it might be a big issue.Current research, jointly done with our research partners, deals with this topic and we are extending the Weak Process Models approach to this case and to derive new "threat observables" in WIDS.Another important issue is to consider monitoring as a component in a control process where correlated actuations on the environment can be performed.This vision implies the integration of Hybrid System Control (Di Benedetto et al., 2009) items into the service platform.Another issue consists in the definition of the defense strategy in IDS: rather than listing the possible countermeasures, the question is about how to schedule the priorities in case of multiple interventions on the network.A multi-constraints (hazardousness and distribution of the estimated threat vs. available resources) optimization problem can be a solution.
Finally, from a signal processing and communication viewpoint, some efforts have been already devoted to optimize the information flow on WSNs: the existing correlation among measurement information taken from "contiguous" sensing units should be exploited to increase coding efficiency without losses (the Slepian-Wolf coding theory).
Fig. 1.Secure Platform Architecture  and PE  be respectively an elliptic curve E and a point in E both compliant to security requirements in(Certicom Research Standards, n.d.)  (this information is public).

Fig. 10 .
Fig. 10.TupleOut Agent Therefore ECTAK defines the Shared Secret (SS) which is a mandatory common information shared by parties to encrypt and decrypt messages in standard ECC schemes, such as ECDSA, ECDH, ECIES implemented in TinyECC.
ECTAKS Fig. 2. Conceptual representation of the proposed cryptographic scheme Node j n broadcasts j PUKC and, among the others, node i n receives it and starts the authentication procedure by executing the verification function () G with inputs i LTV and j PUKC : if the result is the point at infinity O then node j n has been successfully authenticated by node i n and i ECTAK is generated.The same steps are performed by node j n and, in case of successful authentication, j n be a nodes pair.The following definitions are assumed: a.Let A V  , MV  .Elements in A are defined as follows: , Tuple Space and a Neighbors List, both maintained on each node by the middleware services.A Tuple Space is shared by local agents and is remotely accessible and offers a decoupled style of communication where one agent can insert a tuple, another can later read or remove it using pattern matching via a template.The Neighbors List is on every node and contains the location of all one-hop neighbors.Local agents can access it by executing special instructions.The agent architecture is described in