Dr. Gergely Ács

Assistant Professor

acs (at) crysys.hu

web: www.crysys.hu/~acs/
twitter: @gergelyacs
office: I.E. 430
tel: +36 1 463 2080
fax: +36 1 463 3263

Current courses | Student projects | Publications

Short Bio

Gergely ÁCS received the M.Sc. and Ph.D. degree in Computer Science from the Budapest University of Technology and Economics (BME), where he conducted research in the Laboratory of Cryptography and System Security (CrySyS). Currently, he is an assistant professor at Budapest University of Technology and Economics (BME), in Hungary. Before that, he was a post-doc and then research engineer in Privatics Team at INRIA, in France. His general research interests include data privacy and security.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Security in Machine Learning (VIHIAV45)

Adversarial examples are inputs to machine learning models that an attacker has intentionally designed to cause the model to make a mistake. Such an example is when the input image clearly pictures a school bus, but the model identifies it as an ostrich. This course provides a detailed overview of the security of machine learning systems. It focuses on attack and defense techniques and the theoretical background mainly of adversarial examples.

Privacy-Preserving Technologies (VIHIAV35)

The sharing and explotation of the ever-growing data about individuals raise serious privacy concerns these days. Is it possible to derive (socially or individually) useful information about people from this Big Data without revealing personal information?
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the European General Data Protection Regulation (GDPR).

Student Project Proposals

Security and Privacy in/with Machine Learning

Machine Learning (Artificial Intelligence) has become undisputedly popular in recent years. The number of security critical applications of machine learning has been steadily increasing over the years (self-driving cars, user authentication, decision support, profiling, risk assessment, etc.). However, there are still many open privacy and security problems of machine learning. Students can work on the following topics:

Required skills: none
Preferred skills: basic programming skills (e.g., python), machine learning (not required)

Publications

2022

In search of lost utility: private location data

Sz. Lestyán, G. Ács, G. Biczók

Privacy Enhancing Technologies Symposium (PETS), 2022.

Bibtex | Abstract | PDF | Link

@conference {
   author = {Szilvia Lestyan, Gergely Ács, Gergely Biczók},
   title = {In search of lost utility: private location data},
   booktitle = {Privacy Enhancing Technologies Symposium (PETS)},
   year = {2022},
   howpublished = "\url{https://arxiv.org/pdf/2008.01665.pdf}"
}

Keywords

Location data anonymization, Differential Privacy, Generative Models

Abstract

The unavailability of training data is a permanent source of much frustration in research, especially when it is due to privacy concerns. This is particularly true for location data since previous techniques all suffer from the inherent sparseness and high dimensionality of location trajectories which render most techniques impractical, resulting in unrealistic traces and unscalable methods. Moreover, time information of location visits is usually dropped, or its resolution is drastically reduced. In this paper we present a novel technique for privately releasing a composite generative model and whole high-dimensional location datasets with detailed time information. To generate high-fidelity synthetic data, we leverage several peculiarities of vehicular mobility such as its language-like characteristics ("you should know a location by the company it keeps") or how humans plan their trips from one point to the other. We model the generator distribution of the dataset by first constructing a variational autoencoder to generate the source and destination locations, and the corresponding timing of trajectories. Next, we compute transition probabilities between locations with a feed forward network, and build a transition graph from the output of this model, which approximates the distribution of all paths between the source and destination (at a given time). Finally, a path is sampled from this distribution with a Markov Chain Monte Carlo method. The generated synthetic dataset is highly realistic, scalable, provides good utility and, nonetheless, provably private. We evaluate our model against two state-of-the-art methods and three real-life datasets demonstrating the benefits of our approach.

SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices

D. Papp, G. Ács, R. Nagy, L. Buttyán

International Conference on Internet of Things, Big Data and Security (IoTBDS), 2022.

Bibtex | Abstract | PDF

@conference {
   author = {Dorottya Papp, Gergely Ács, Roland Nagy, Levente Buttyán},
   title = {SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices},
   booktitle = {International Conference on Internet of Things, Big Data and Security (IoTBDS)},
   year = {2022}
}

Keywords

IoT, embedded systems, malware detection, machine learning

Abstract

Embedded devices are increasingly connected to the Internet to provide new and innovative applications in many domains. However, these devices can also contain security vulnerabilities, which allow attackers to compromise them using malware. In this paper, we present SIMBIoTA-ML, a light-weight antivirus solution that enables embedded IoT devices to take advantage of machine learning-based malware detection. We show that SIMBIoTA-ML can respect the resource constraints of embedded IoT devices, and it has a true positive malware detection rate of ca. 95%, while having a low false positive detection rate at the same time. In addition, the detection process of SIMBIoTA-ML has a near-constant running time, which allows IoT developers to better estimate the delay introduced by scanning a file for malware, a property that is advantageous in real-time applications, notably in the domain of cyber-physical systems.

2021

Compression Boosts Differentially Private Federated Learning

R. Kerkouche, G. Ács, C. Castelluccia, P. Geneves

IEEE European Symposium on Security and Privacy (Euro S&P), 2021, IEEE, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Raouf Kerkouche, Gergely Ács, Claude Castelluccia, Pierre Geneves},
   title = {Compression Boosts Differentially Private Federated Learning},
   booktitle = {IEEE European Symposium on Security and Privacy (Euro S&P), 2021},
   publisher = {IEEE},
   year = {2021}
}

Abstract

Federated Learning allows distributed entities to train a common model collaboratively without sharing their own data. Although it prevents data collection and aggre- gation by exchanging only parameter updates, it remains vulnerable to various inference and reconstruction attacks where a malicious entity can learn private information about the participants’ training data from the captured gradients. Differential Privacy is used to obtain theoretically sound privacy guarantees against such inference attacks by noising the exchanged update vectors. However, the added noise is proportional to the model size which can be very large with modern neural networks. This can result in poor model quality. In this paper, compressive sensing is used to reduce the model size and hence increase model quality without sacrificing privacy. We show experimentally, using 2 datasets, that our privacy-preserving proposal can reduce the communication costs by up to 95% with only a negligible performance penalty compared to traditional non-private federated learning schemes.

Constrained Differentially Private Federated Learning for Low-bandwidth Devices

R. Kerkouche, G. Ács, C. Castelluccia, P. Geneves

Conference on Uncertainty in Artificial Intellgience (UAI), 2021, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Raouf Kerkouche, Gergely Ács, Claude Castelluccia, Pierre Geneves},
   title = {Constrained Differentially Private Federated Learning for Low-bandwidth Devices},
   booktitle = {Conference on Uncertainty in Artificial Intellgience (UAI), 2021},
   year = {2021}
}

Abstract

Federated learning becomes a prominent approach when different entities want to learn collaboratively a common model without sharing their training data. However, Federated learning has two main drawbacks. First, it is quite bandwidth inefficient as it involves a lot of message exchanges between the aggregating server and the participating enti- ties. This bandwidth and corresponding processing costs could be prohibitive if the participating enti- ties are, for example, mobile devices. Furthermore, although federated learning improves privacy by not sharing data, recent attacks have shown that it still leaks information about the training data. This paper presents a novel privacy-preserving fed- erated learning scheme. The proposed scheme pro- vides theoretical privacy guarantees, as it is based on Differential Privacy. Furthermore, it optimizes the model accuracy by constraining the model learning phase on few selected weights. Finally, as shown experimentally, it reduces the upstream and downstream bandwidth by up to 99.9% compared to standard federated learning, making it practical for mobile systems.

Measuring Contributions in Privacy-Preserving Federated Learning

G. Ács, G. Biczók, B. Pejo

ERCIM NEWS, vol. 126, 2021, pp. 35-36.

Bibtex | Abstract | Link

@article {
   author = {Gergely Ács, Gergely Biczók, Balazs Pejo},
   title = {Measuring Contributions in Privacy-Preserving Federated Learning},
   journal = {ERCIM NEWS},
   volume = {126},
   year = {2021},
   pages = {35-36},
   howpublished = "\url{https://ercim-news.ercim.eu/en126/special/measuring-contributions-in-privacy-preserving-federated-learning}"
}

Abstract

How vital is each participant’s contribution to a collaboratively trained machine learning model? This is a challenging question to answer, especially if the learning is carried out in a privacy-preserving manner with the aim of concealing individual actions.

Privacy of Aggregated Mobility Data

G. Ács, Sz. Lestyán, G. Biczók

Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg., Springer, 2021.

Bibtex | PDF | Link

@inproceedings {
   author = {Gergely Ács, Szilvia Lestyan, Gergely Biczók},
   title = {Privacy of Aggregated Mobility Data},
   booktitle = {Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg.},
   publisher = {Springer},
   year = {2021},
   howpublished = "\url{https://doi.org/10.1007/978-3-642-27739-9_1575-1}"
}

Abstract

Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction

R. Kerkouche, G. Ács, C. Castelluccia, P. Geneves

ACM Conference on Health, Inference, and Learning (CHIL), 2021, ACM, 2021.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Raouf Kerkouche, Gergely Ács, Claude Castelluccia, Pierre Geneves},
   title = {Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction},
   booktitle = {ACM Conference on Health, Inference, and Learning (CHIL), 2021},
   publisher = {ACM},
   year = {2021}
}

Abstract

Machine Learning, and in particular Federated Machine Learning, opens new perspectives in terms of medical research and patient care. Although Federated Machine Learning improves over central- ized Machine Learning in terms of privacy, it does not provide prov- able privacy guarantees. Furthermore, Federated Machine Learning is quite expensive in term of bandwidth consumption as it requires participant nodes to regularly exchange large updates. This pa- per proposes a bandwidth-efficient privacy-preserving Federated Learning that provides theoretical privacy guarantees based on Differential Privacy. We experimentally evaluate our proposal for in-hospital mortality prediction using a real dataset, containing Electronic Health Records of about one million patients. Our re- sults suggest that strong and provable patient-level privacy can be enforced at the expense of only a moderate loss of prediction accuracy.

2019

Automatic Driver Identification from In-Vehicle Network Logs

M. Remeli, Sz. Lestyán, G. Ács, G. Biczók

22th IEEE Intelligent Transportation Systems Conference (ITSC), IEEE, 2019.

Bibtex | Link

@inproceedings {
   author = {Mina Remeli, Szilvia Lestyan, Gergely Ács, Gergely Biczók},
   title = {Automatic Driver Identification from In-Vehicle Network Logs},
   booktitle = {22th IEEE Intelligent Transportation Systems Conference (ITSC)},
   publisher = {IEEE},
   year = {2019},
   howpublished = "\url{https://arxiv.org/pdf/1911.09508.pdf}"
}

Abstract

Differential Inference Testing: A Practical Approach to Evaluate Sanitizations of Datasets

C. Palamidessi, C. Castelluccia, G. Ács, A. Kassem

International Workshop on Privacy Engineering (IWPE), IEEE, 2019.

Bibtex | Abstract

@inproceedings {
   author = {Catuscia Palamidessi, Claude Castelluccia, Gergely Ács, Ali Kassem},
   title = {Differential Inference Testing: A Practical Approach to Evaluate Sanitizations of Datasets},
   booktitle = {International Workshop on Privacy Engineering (IWPE)},
   publisher = {IEEE},
   year = {2019}
}

Abstract

In order to protect individuals privacy, data have to be well-sanitized before sharing them, i.e. one has to remove any personal information before data sharing. However, it is not always clear when data shall be deemed well-sanitized. In this paper, we argue that the evaluation of sanitized data should be based on whether the data allows the inference of sensitive information that is specific to an individual in the dataset, instead of being centered around the concept of re-identification as regulations usually suggest. Our intent is not to accurately predict any sensitive attribute but rather to measure the impact of a single record on the inference of sensitive information. We demonstrate our approach by sanitizing two real datasets in different privacy models and evaluate/compare each sanitized dataset in our framework.

Extracting vehicle sensor signals from CAN logs for driver re-identification

Sz. Lestyán, G. Ács, G. Biczók, Zs. Szalay

5th International Conference on Information Security and Privacy (ICISSP 2019), SCITEPRESS, 2019, shortlisted for Best Student Paper Award.

Bibtex | Abstract

@inproceedings {
   author = {Szilvia Lestyan, Gergely Ács, Gergely Biczók, Zsolt Szalay},
   title = {Extracting vehicle sensor signals from CAN logs for driver re-identification},
   booktitle = {5th International Conference on Information Security and Privacy (ICISSP 2019)},
   publisher = {SCITEPRESS},
   year = {2019},
   note = {shortlisted for Best Student Paper Award}
}

Abstract

Data is the new oil for the car industry. Cars generate data about how they are used and who’s behind the wheel which gives rise to a novel way of profiling individuals. Several prior works have successfully demonstrated the feasibility of driver re-identification using the in-vehicle network data captured on the vehicle’s CAN bus. However, all of them used signals (e.g., velocity, brake pedal or accelerator position) that have already been extracted from the CAN log which is itself not a straightforward process. Indeed, car manufacturers intentionally do not reveal the exact signal location within CAN logs. Nevertheless, we show that signals can be efficiently extracted from CAN logs using machine learning techniques. We exploit that signals have several distinguishing statistical features which can be learnt and effectively used to identify them across different vehicles, that is, to quasi ”reverse-engineer” the CAN protocol. We also demonstrate that the extracted signals can be successfully used to re-identify individuals in a dataset of 33 drivers. Therefore, hiding signal locations in CAN logs per se does not prevent them to be regarded as personal data of drivers.

2018

Differentially Private Mixture of Generative Neural Networks

G. Ács, L. Melis, C. Castelluccia, E. De Cristofaro

IEEE Transactions on Knowledge and Data Engineering, 2018.

Bibtex | Abstract | Link

@article {
   author = {Gergely Ács, Luca Melis, Claude Castelluccia, Emiliano De Cristofaro},
   title = {Differentially Private Mixture of Generative Neural Networks},
   journal = {IEEE Transactions on Knowledge and Data Engineering},
   year = {2018},
   howpublished = "\url{https://arxiv.org/pdf/1709.04514.pdf}"
}

Abstract

Generative models are used in a wide range of applications building on large amounts of contextually rich information. Due to possible privacy violations of the individuals whose data is used to train these models, however, publishing or sharing generative models is not always viable. In this paper, we present a novel technique for privately releasing generative models and entire high-dimensional datasets produced by these models. We model the generator distribution of the training data with a mixture of k generative neural networks. These are trained together and collectively learn the generator distribution of a dataset. Data is divided into k clusters, using a novel differentially private kernel k-means, then each cluster is given to separate generative neural networks, such as Restricted Boltzmann Machines or Variational Autoencoders, which are trained only on their own cluster using differentially private gradient descent. We evaluate our approach using the MNIST dataset, as well as call detail records and transit datasets, showing that it produces realistic synthetic samples, which can also be used to accurately compute arbitrary number of counting queries.

Privacy-Preserving Release of Spatio-Temporal Density

G. Ács, G. Biczók, C. Castelluccia

A. Gkoulalas-Divanis and Claudio Bettini (Eds.), Handbook of Mobile Data Privacy, pp. 307-335, Springer, 2018.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács, Gergely Biczók, Claude Castelluccia},
   editor = {A. Gkoulalas-Divanis and Claudio Bettini (Eds.)},
   title = {Privacy-Preserving Release of Spatio-Temporal Density},
   chapter = {Handbook of Mobile Data Privacy},
   pages = {307-335},
   publisher = {Springer},
   year = {2018}
}

Abstract

In today’s digital society, increasing amounts of contextually rich spatio-temporal information are collected and used, e.g., for knowledge-based decision making, research purposes, optimizing operational phases of city management, planning infrastructure networks, or developing timetables for public transportation with an increasingly autonomous vehicle fleet. At the same time, however, publishing or sharing spatio-temporal data, even in aggregated form, is not always viable owing to the danger of violating individuals’ privacy, along with the related legal and ethical repercussions. In this chapter, we review some fundamental approaches for anonymizing and releasing spatio-temporal density, i.e., the number of individuals visiting a given set of locations as a function of time. These approaches follow different privacy models providing different privacy guarantees as well as accuracy of the released anonymized data. We demonstrate some sanitization (anonymization) techniques with provable privacy guarantees by releasing the spatio-temporal density of Paris, in France. We conclude that, in order to achieve meaningful accuracy, the sanitization process has to be carefully customized to the application and public characteristics of the spatio-temporal data.

2017

Differentially Private Mixture of Generative Neural Networks

E. De Cristofaro, C. Castelluccia, L. Melis, G. Ács

IEEE International Conference on Data Mining (ICDM), IEEE, 2017.

Bibtex

@inproceedings {
   author = {Emiliano De Cristofaro, Claude Castelluccia, Luca Melis, Gergely Ács},
   title = {Differentially Private Mixture of Generative Neural Networks},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2017}
}

Abstract

Privacy-Aware Caching in Information-Centric Networking

C. Wood, G. Tsudik, C. Ghali, P. Gasti, M. Conti, G. Ács

IEEE Transactions on Dependable Computing (TDSC), 2017.

Bibtex

@article {
   author = {Christopher Wood, Gene Tsudik, Cesar Ghali, Paulo Gasti, Mauro Conti, Gergely Ács},
   title = {Privacy-Aware Caching in Information-Centric Networking},
   journal = {IEEE Transactions on Dependable Computing (TDSC)},
   year = {2017}
}

Abstract

2016

Near-Optimal Fingerprinting with Constraints

C. Castelluccia, G. Ács, G. Gy. Gulyás

PET Symposium, ACM, 2016.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács, Gábor György Gulyás},
   title = {Near-Optimal Fingerprinting with Constraints},
   booktitle = {PET Symposium},
   publisher = {ACM},
   year = {2016}
}

Abstract

2015

On the Unicity of Smartphone Applications

C. Castelluccia, G. Ács, J. P. Achara

ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2015.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács, Jagdish Prasad Achara},
   title = {On the Unicity of Smartphone Applications},
   booktitle = {ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2015}
}

Abstract

Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)

C. Castelluccia, J. P. Achara, G. Ács

IEEE International Conference on Big Data (Big Data), IEEE, 2015.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Jagdish Prasad Achara, Gergely Ács},
   title = {Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)},
   booktitle = {IEEE International Conference on Big Data (Big Data)},
   publisher = {IEEE},
   year = {2015}
}

Abstract

2014

A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris

C. Castelluccia, G. Ács

The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), ACM, 2014.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács},
   title = {A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris},
   booktitle = {The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)},
   publisher = {ACM},
   year = {2014}
}

Abstract

Retargeting Without Tracking

C. Castelluccia, G. Ács, M.-D. Tran

INRIA, 2014.

Bibtex

@techreport {
   author = {Claude Castelluccia, Gergely Ács, Minh-Dung Tran},
   title = {Retargeting Without Tracking},
   institution = {INRIA},
   year = {2014}
}

Abstract

2013

Cache Privacy in Named-Data Networking

G. Tsudik, C. Ghali, P. Gasti, M. Conti, G. Ács

The 33rd International Conference on Distributed Computing Systems (ICDCS), IEEE, 2013.

Bibtex

@inproceedings {
   author = {Gene Tsudik, Cesar Ghali, Paulo Gasti, Mauro Conti, Gergely Ács},
   title = {Cache Privacy in Named-Data Networking},
   booktitle = {The 33rd International Conference on Distributed Computing Systems (ICDCS)},
   publisher = {IEEE},
   year = {2013}
}

Abstract

2012

Differentially Private Histogram Publishing through Lossy Compression

C. Castelluccia, R. Chen, G. Ács

IEEE International Conference on Data Mining (ICDM), IEEE, 2012.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Rui Chen, Gergely Ács},
   title = {Differentially Private Histogram Publishing through Lossy Compression},
   booktitle = {IEEE International Conference on Data Mining (ICDM)},
   publisher = {IEEE},
   year = {2012}
}

Abstract

Differentially Private Sequential Data Publication via Variable-Length N-Grams

C. Castelluccia, G. Ács, R. Chen

In 19th ACM Conference on Computer and Communications Security (CCS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács, Rui Chen},
   title = {Differentially Private Sequential Data Publication via Variable-Length N-Grams},
   booktitle = {In 19th ACM Conference on Computer and Communications Security (CCS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

You Are What You Like! Information Leakage Through Users Interests

M. Ali Kaafar, G. Ács, A. Chaabane

In 19th Annual Network & Distributed System Security Symposium (NDSS), ACM, 2012.

Bibtex

@inproceedings {
   author = {Mohamed Ali Kaafar, Gergely Ács, Abdelberi Chaabane},
   title = {You Are What You Like! Information Leakage Through Users Interests},
   booktitle = {In 19th Annual Network & Distributed System Security Symposium (NDSS)},
   publisher = {ACM},
   year = {2012}
}

Abstract

2011

I have a DREAM! (DiffeRentially privatE smArt Metering)

C. Castelluccia, G. Ács

The 13th Information Hiding Conference (IH), Springer, 2011.

Bibtex

@inproceedings {
   author = {Claude Castelluccia, Gergely Ács},
   title = {I have a DREAM! (DiffeRentially privatE smArt Metering)},
   booktitle = {The 13th Information Hiding Conference (IH)},
   publisher = {Springer},
   year = {2011}
}

Abstract

Protecting against Physical Resource Monitoring

W. Lecat, C. Castelluccia, G. Ács

The 10th ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2011.

Bibtex

@inproceedings {
   author = {William Lecat, Claude Castelluccia, Gergely Ács},
   title = {Protecting against Physical Resource Monitoring},
   booktitle = {The 10th ACM Workshop on Privacy in the Electronic Society (WPES)},
   publisher = {ACM},
   year = {2011}
}

Abstract

2010

Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks

L. Dóra, L. Buttyán, G. Ács

In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10), Montreal, Canada, June 14-17, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {László DÓRA, Levente Buttyán, Gergely Ács},
   title = {Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks},
   booktitle = {In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10)},
   address = {Montreal, Canada},
   month = {June 14-17},
   year = {2010}
}

Abstract

In this paper, we address the problem of detecting misbehaving routers in wireless mesh networks and avoiding them when selecting routes. We assume that link-state routing is used, and we essentially propose a reputation system, where trusted gateway nodes compute Node Trust Values for the routers, which are fed back into the system and used in the route selection procedure. The computation of the Node Trust Values is based on packet counters maintained in association with each route and reported to the gateways by the routers in a regular manner. The feedback mechanism is based on limited scope flooding. The received Node Trust Values concerning a given router are aggregated, and the aggregate trust value of the router determines the probability with which that router is kept in the topology graph used for route computation. Hence, less trusted routers are excluded from the topology graph with higher probability, while the route selection still runs on a weighted graph (where the weights are determined by the announced link qualities), and it does not need to be changed. We evaluated the performance of our solution by means of simulations. The results show that our proposed mechanism can detect misbehaving routers reliably, and thanks to the feedback and the exclusion of the accused nodes from the route selection, we can decrease the number of packets dropped due to router misbehavior considerably. At the same time, our mechanism only slightly increases the average route length.

2007

Secure Routing in Wireless Sensor Networks

G. Ács, L. Buttyán

in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press, 2007.

Bibtex | Abstract

@inbook {
   author = {Gergely Ács, Levente Buttyán},
   title = {Secure Routing in Wireless Sensor Networks},
   publisher = {in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press},
   year = {2007}
}

Abstract

In this chapter, we study how sensor network routing protocols can be secured. First, we describe the adversary model, the objectives of attacks against routing, as well as the different attack methods that may be used in wireless sensor networks. All these are illustrated by example attacks on well-known sensor network routing protocols. Then, we describe various countermeasures that can be used in sensor networks to secure the routing protocols. These include link layer security measures, secure neighbor discovery techniques, authenticated broadcast algorithms, and multi-path routing techniques. Finally, we illustrate the application of some of these countermeasures by presenting and explaining the operation of some secured sensor network routing protocols.

The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks

I. Vajda, L. Buttyán, G. Ács

October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {István VAJDA, Levente Buttyán, Gergely Ács},
   title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
   editor = {October 8-11},
   booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
   organization = {IEEE Press},
   address = {Pisa, Italy},
   year = {2007}
}

Abstract

In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.

2006

A taxonomy of routing protocols for wireless sensor networks

L. Buttyán, G. Ács

Híradástechnika, December, 2006.

Bibtex | Abstract

@article {
   author = {Levente Buttyán, Gergely Ács},
   title = {A taxonomy of routing protocols for wireless sensor networks},
   journal = {Híradástechnika},
   month = {December},
   year = {2006}
}

Abstract

Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.

Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06), October, 2006.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks},
   booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06)},
   month = {October},
   year = {2006}
}

Abstract

The literature is very broad considering routing protocols in wireless sensor networks (WSNs). However, security of these routing protocols has fallen beyond the scope so far. Routing is a fundamental functionality in wireless networks, thus hostile interventions aiming to disrupt and degrade the routing service have a serious impact on the overall operation of the entire network. In order to analyze the security of routing protocols in a precise and rigorous way, we propose a formal framework encompassing the definition of an adversary model as well as the "general" definition of secure routingin sensor networks. Both definitions take into account the feasible goals and capabilities of an adversary in sensor environments and the variety of sensor routing protocols. In spirit, our formal model is based on the simulation paradigm that is a successfully used technique to prove the security of various cryptographic protocols. However, we also highlight some differences between our model and other models that have been proposed for wired or wireless networks. Finally, we illustrate the practical usage of our model by presenting the formal description of a simple attack against an authenticated routing protocol, which is based on the well-known TinyOS routing.

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

I. Vajda, L. Buttyán, G. Ács

IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.

Bibtex | Abstract

@article {
   author = {István VAJDA, Levente Buttyán, Gergely Ács},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   journal = {IEEE Transactions on Mobile Computing},
   volume = {5},
   number = {11},
   year = {2006}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.

Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban

L. Buttyán, G. Ács

Híradástecnika, November, 2006.

Bibtex | Abstract

@article {
   author = {Levente Buttyán, Gergely Ács},
   title = {Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban},
   journal = {Híradástecnika},
   month = {November},
   year = {2006}
}

Abstract

A szenzorhálózatok változatos alkalmazásai különbözõ követelményeket támasztanak az útvonalválasztó protokollokkal szemben. A különbözõ követelményeknek köszönhetõen igen sok javasolt protokoll található az irodalomban. Ebben a cikkben rendszerezzük ezeket a vonalválasztó protokollokat, és minden családból bemutatunk egy prominens képviselõt. A cikk újdonsága a rendszerezéshez használt szempontrendszer, mely a protokollok eddigieknél részletesebb taxonómiáját eredményezi.

2005

Ad hoc útvonalválasztó protokollok bizonyított biztonsága

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, March, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Ad hoc útvonalválasztó protokollok bizonyított biztonsága},
   journal = {Híradástechnika},
   month = {March},
   year = {2005}
}

Keywords

ad hoc hálózatok, forrás alapú ad hoc útvonalválasztás, biztonságos útvonalválasztás, bizonyított biztonság, szimulációs paradigma

Abstract

Ebben a cikkben egy olyan formális módszert mutatunk be, amivel a vezeték nélküli ad hoc hálózatok számára javasolt, igény szerinti, forrás alapú útvonalválasztó protokollokat (on-demand source routing) lehet biztonsági szempontból elemezni. A módszer alapját a szimulációs paradigma adja, mely egy jól ismert, általános eljárás kriptográfiai protokollok biztonságának bizonyítására. A cikkben bemutatjuk a szimulációs paradigma adaptációját ad hoc útvonalválasztó protokollokra. Formálisan megfogalmazzuk, hogy mit értünk biztonságos útvonalválasztás alatt, melyhez felhasználjuk a statisztikai megkülönböztethetetlenség fogalmát. A módszer gyakorlati alkalmazását egy példán keresztül szemléltetjük, melyben röviden ismertetjük az endairA útvonalválasztó protokoll mûködését, és bebizonyítjuk, hogy a protokoll biztonságos az általunk definiált modellben.

Provable Security for Ad Hoc Routing Protocols

G. Ács, L. Buttyán, I. Vajda

Híradástechnika, June, 2005.

Bibtex | Abstract

@article {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Provable Security for Ad Hoc Routing Protocols},
   journal = {Híradástechnika},
   month = {June},
   year = {2005}
}

Keywords

ad hoc networks, on-demand ad hoc source routing, secure ad hoc routing, provable security, simulation paradigm

Abstract

In this article we present a new formal framework that can be used for analyzing the ecurity of on-demand source routing protocols proposed for wireless mobile ad hoc networks. Our approach is based on the simulation paradigm which is a well-known and general procedure to prove the security of cryptographic protocols. We give the formal definition of secure ad hoc routing in a precise and rigorous manner using the concept of statistical indistinguishability. We present an ad hoc source routing protocol, called endairA, and we illustrate the usage of our approach by proving that this protocol is secure in our model.

Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks},
   booktitle = {In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005},
   year = {2005}
}

Abstract

In this paper, we propose a framework for the security analysis of on-demand, distance vector routing protocols for ad hoc networks, such as AODV, SAODV, and ARAN. The proposed approach is an adaptation of the simulation paradigm that is used extensively for the analysis of cryptographic algorithms and protocols, and it provides a rigorous method for proving that a given routing protocol is secure. We demonstrate the approach by representing known and new attacks on SAODV in our framework, and by proving that ARAN is secure in our model.

2004

Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks

G. Ács, L. Buttyán, I. Vajda

http://eprint.iacr.org/ under report number 2004/159., March, 2004.

Bibtex | Abstract

@techreport {
   author = {Gergely Ács, Levente Buttyán, István VAJDA},
   title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
   institution = {http://eprint.iacr.org/ under report number 2004/159.},
   month = {March},
   year = {2004}
}

Keywords

Mobile ad hoc networks, secure routing, provable security

Abstract

Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers, and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols have mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined, and routing protocols for mobile ad hoc networks can be analyzed rigorously. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the usage of our framework by proving that it is secure in our model.