Dr. Tamás Holczer

Assistant Professor

holczer (at) crysys.hu

web: www.crysys.hu/members/tholczer/
office: I.E. 419
tel: +36 1 463 2047
fax: +36 1 463 3263

Current courses | Student projects | Publications

Short Bio

Tamás HOLCZER was born in 1981 in Budapest. He received the Ph.D. degree in Computer Science from the Budapest University of Technology and Economics (BME) in 2013. Since 2013 he has been working as an assistant professor in the Laboratory of Cryptography and System Security (CrySyS), Department of Telecommunications, Budapest University of Technology and Economics.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Network Security (VIHIMB00)

This course gives a detailed introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations, and allow them to assess security risks, understand threats and vulnerabilities, select and integrate appropriate security solutions, and to design new security mechanisms. The course also serves as a basis for obatining skills in penetration testing and ethical hacking of networks.

Administering Security in Computer Networks (VIHIAV14)

This is an elective lab exercise course where students learn how to securely operate a network using mainly Cisco networking equipment.

Student Project Proposals

ICS honeypot rendszer fejlesztése

Kritikus infrastruktúráink alapját sokszor ipari automatizálási és folyamatirányítási (ICS/SCADA) rendszerek alkotják, melyek egyre nagyobb mértékben rendelkeznek külső hálózati kapcsolatokkal, esetleg Internet felőli eléréssel, ezért ki vannak téve a kibertér felől érkező támadásoknak. Egyelőre azonban ezek a támadások ritkák, és nincs elég tapasztalatunk a támadási módszereket és eszközöket illetően. Az ezzel kapcsolatos információgyűjtés egy lehetséges eszköze egy honeypot rendszer, mely kívülről valós ICS/SCADA rendszernek tűnik, ám valójában egy csapda, melyben megfigyelhető a támadó tevékenyésge.

PLC csapdagép fejlesztés

Kritikus infrastruktúráink alapját sokszor ipari automatizálási és folyamatirányítási (ICS/SCADA) rendszerek alkotják, melyek egyre nagyobb mértékben rendelkeznek külső hálózati kapcsolatokkal, esetleg Internet felőli eléréssel, ezért ki vannak téve a kibertér felől érkező támadásoknak. Fontos tehát az ICS/SCADA rendszerek biztonsága, ám az ismert biztonsági megoldások nem mindig alkalmazhatók a speciális ICS/SCADA környezetben, ahol a rendelkezésreállás és a megbízhatóság elsődleges szempontok.

Grafikus támadáselemző szoftver fejlesztése

Egyre több számítógépes hálózatot ér támadás, amire válaszul nem elég a megelőzésre koncentrálni, hanem fel kell készülni az esetleges támadások utólagos elemzésére is. Ezt támogatandó érdemes a teljes hálózati forgalmat lementeni, és egy ideig tárolni.

Járművek infotainment rendszerének sérülékenység vizsgálata

A napjainkban eladásra kerülő gépjárművek információs és szórakoztató része egyre bonyolultabb. Az infotainment rendszerek bonyolultsága már elérte egy személyi számítógép szintjét, sőt, sok szempontból már személyi számítógépként viselkednek (hasonló hardvert használnak, operációs rendszert futtatnak stb.). Ez a nagy bonyolultság persze a hibák előfordulásának a valószínűségét is növeli.

Publications

2016

Intrusion detection in Cyber Physical Systems Based on Process Modelling

A. Gazdag, T. Holczer, Gy. Miru

Proceedings of 16th European Conference on Cyber Warfare & Security, Academic conferences, 2016.

Bibtex | Abstract

@inproceedings {
   author = {András Gazdag, Tamas Holczer, Gyorgy Miru},
   title = {Intrusion detection in Cyber Physical Systems Based on Process Modelling},
   booktitle = {Proceedings of 16th European Conference on Cyber Warfare & Security},
   publisher = {Academic conferences},
   year = {2016}
}

Abstract

Cyber physical systems (CPS) are used to control chemical processes, and can be found in manufacturing, civil infrastructure, energy industry, transportation and in many more places. There is one common characteristic in these areas, their operation is critical as a malfunction can potential be life-threatening. In the past, an attack against the cyber part of the systems can lead to physical consequences. The first well known attack against a CPS was Stuxnet in 2010. It is challenging to develop countermeasures in this field without endangering the normal operation of the underlying system. In our research, our goal was to detect attacks without interfering with the cyber physical systems in any way. This can be realized by an anomaly detection system using passive network monitoring. Our approach is based on analysing the state of the physical process by interpreting the communication between the control system and the supervisory system. This state can be compared to a model based prediction of the system, which can serve as a solid base for intrusion detection. In order to realize our intrusion detection system, a testbed was built based on widely used Siemens PLCs. Our implementation consists of three main parts. The first task is to understand the network communication in order to gain information about the controlled process. This was realized by analysing and deeply understanding the publicly undocumented Siemens management protocol. The resulting protocol parser was integrated into the widely-used Bro network security monitoring framework. Gathering information about the process state for a prolonged time creates time series. With these time series, as the second step, statistical models of the physical process can be built to predict future states. As the final step, the new states of the physical process can be compared with the predicted states. Significant differences can be considered as an indicator of compromise.

2015

ROSCO: Repository of signed code

D. Papp, B. Kócsó, T. Holczer, L. Buttyán, B. Bencsáth

Virus Bulletin, 2015.

Bibtex | PDF

@conference {
   author = {Dorottya Papp, Balázs Kócsó, Tamas Holczer, Levente BUTTYÁN, Boldizsár Bencsáth},
   title = {ROSCO: Repository of signed code},
   booktitle = {Virus Bulletin},
   year = {2015}
}

Abstract

The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems

T. Holczer, M. Felegyhazi, L. Buttyán

Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, IAEA, 2015.

Bibtex

@inproceedings {
   author = {Tamas Holczer, Mark Felegyhazi, Levente BUTTYÁN},
   title = {The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems},
   booktitle = {Proceedings of International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange},
   publisher = {IAEA},
   year = {2015}
}

Abstract

2014

Adatbányászat az informatikai biztonságban

K Szücs, T. Holczer, A. Kiss

INFODIDACT konferencia, 2014, Webdidaktika Alapítvány, ISBN: 9789631206272.

Bibtex

@conference {
   author = {Szücs Katalin, Tamas Holczer, Attila Kiss},
   title = {Adatbányászat az informatikai biztonságban},
   booktitle = { INFODIDACT konferencia},
   year = {2014},
   publisher = {Webdidaktika Alapítvány},
   note = {ISBN: 9789631206272}
}

Abstract

CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp

D. Buza, F. Juhasz, Gy. Miru, M. Felegyhazi, T. Holczer

Kiss Natália Nagy Bálint Németh István Péter (Eds), Tudományos terek, pp. 9-20, DUF Press, 2014, ISBN: 9789632870755.

Bibtex

@inbook {
   author = {Daniel Buza, Ferenc Juhasz, Gyorgy Miru, Mark Felegyhazi, Tamas Holczer},
   editor = {Kiss Natália Nagy Bálint Németh István Péter (Eds)},
   title = {CryPLH: Intelligens ipari rendszerek célzott támadások elleni védelme PLC honeyp},
   chapter = {Tudományos terek},
   pages = {9-20},
   publisher = {DUF Press},
   year = {2014},
   note = {ISBN: 9789632870755}
}

Abstract

CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot

D. Buza, F. Juhasz, Gy. Miru, M. Felegyhazi, T. Holczer

in Proceedings of SmartGridSec 2014, February 26, 2014.

Bibtex | Abstract | PDF

@article {
   author = {Daniel Buza, Ferenc Juhasz, Gyorgy Miru, Mark Felegyhazi, Tamas Holczer},
   title = {CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot},
   journal = {in Proceedings of SmartGridSec 2014},
   month = {February 26},
   year = {2014}
}

Keywords

PLC honeypot, critical infrastructures, advanced threat monitoring, industrial control systems security

Abstract

Smart grids consist of suppliers, consumers, and other parts. The main suppliers are normally supervised by industrial control sys- tems. These systems rely on programmable logic controllers (PLCs) to control industrial processes and communicate with the supervisory sys- tem. Until recently, industrial operators relied on the assumption that these PLCs are isolated from the online world and hence cannot be the target of attacks. Recent events, such as the infamous Stuxnet attack [15] directed the attention of the security and control system community to the vulnerabilities of control system elements, such as PLCs. In this paper, we design and implement the Crysys PLC honeypot (CryPLH) system to detect targeted attacks against industrial control systems. This PLC honeypot can be implemented as part of a larger security monitoring system. Our honeypot implementation improves upon existing solutions in several aspects: most importantly in level of interaction and ease of configuration. Results of an evaluation show that our honeypot is largely indistinguishable from a real device from the attacker’s perspective. As a collateral of our analysis, we were able to identify some security issues in the real PLC device we tested and implemented specific firewall rules to protect the device from targeted attacks.

2012

Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey

P. Schaffer, K. Farkas, Á. Horváth, T. Holczer, L. Buttyán

accepted for publication in Elsevier Computer Networks, 2012.

Bibtex | Abstract

@article {
   author = {Peter Schaffer, Károly Farkas, Ádám Horváth, Tamas Holczer, Levente BUTTYÁN},
   title = {Secure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey},
   journal = {accepted for publication in Elsevier Computer Networks},
   year = {2012}
}

Abstract

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and increase network lifetime, nodes are often grouped into disjoint clusters. However, secure and reliable clustering, which is critical in WSNs deployed in hostile environments, has gained modest attention so far or has been limited only to fault tolerance. In this paper, we review the state-of-the-art of clustering protocols inWSNs with special emphasis on security and reliability issues. First, we define the taxonomy of security and reliability for cluster head election and clustering in WSNs. Then, we describe and analyze the most relevant secure and reliable clustering protocols. Finally, we propose countermeasures against typical attacks and show how they improve the discussed protocols.

Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks

L. Buttyán, T. Holczer

IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN), IEEE, June, 2012.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer},
   title = {Traffic Analysis Attacks and Countermeasures in Wireless Body Area Sensor Networks},
   booktitle = {IEEE Workshop on Data Security and Privacy in Wireless Networks (D-SPAN)},
   publisher = {IEEE},
   month = {June},
   year = {2012}
}

Abstract

In this paper, we study the problem of traffic analysis attacks in wireless body area sensor networks. When these networks are used in health-care for remote patient monitoring, traffic analysis can reveal the type of medical sensors mounted on the patient, and this information may be used to infer the patient’s health problems. We show that simple signal processing methods can be used effectively for performing traffic analysis attacks and identifying the sensor types in a rather weak adversary model. We then investigate possible traffic obfuscation mechanisms aiming at hiding the regular patterns in the observable wireless traffic. Among the investigated countermeasures, traffic shaping, a mechanism that introduces carefully chosen delays for message transmissions, appears to be the best choice, as it achieves close to optimal protection and incurs no overhead.

2011

Anonymous Aggregator Election and Data Aggregation in Wireless Sensor Networks

T. Holczer, L. Buttyán

International Journal of Distributed Sensor Networks, 2011, pp. 1-18, Article ID 828414.

Bibtex | Abstract | PDF

@article {
   author = {Tamas Holczer, Levente BUTTYÁN},
   title = {Anonymous Aggregator Election and Data Aggregation in Wireless Sensor Networks},
   journal = {International Journal of Distributed Sensor Networks},
   year = {2011},
   pages = {1-18},
   note = {Article ID 828414}
}

Abstract

In mission critical cyber-physical systems, dependability is an important requirement at all layers of the system architecture. In this paper, we propose protocols that increase the dependability of wireless sensor networks, which are potentially useful building blocks in cyber physical systems. More specifically, we propose two private aggregator node election protocols, a private data aggregation protocol, and a corresponding private query protocol for sensor networks that allow for secure in-network data aggregation by making it difficult for an adversary to identify and then physically disable the designated aggregator nodes. Our advanced protocols resist strong adversaries that can physically compromise some nodes.

VeRA - Version Number and Rank Authentication in RPL

A. Dvir, T. Holczer, L. Buttyán

7th IEEE International Workshop on Wireless and Sensor Networks Security, IEEE, Valencia, Spain, October 17-22, 2011, pp. 709 - 714.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Amit Dvir, Tamas Holczer, Levente BUTTYÁN},
   title = {VeRA - Version Number and Rank Authentication in RPL},
   booktitle = {7th IEEE International Workshop on Wireless and Sensor Networks Security},
   publisher = {IEEE},
   address = {Valencia, Spain},
   month = {October 17-22},
   year = {2011},
   pages = {709 - 714}
}

Abstract

Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of con-strained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes’ batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values.

2010

Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks

L. Dóra, T. Holczer

In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010, Pisa, Italy, February 22-23, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {László DÓRA, Tamas Holczer},
   title = {Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks},
   booktitle = {In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010},
   address = {Pisa, Italy},
   month = {February 22-23},
   year = {2010}
}

Abstract

A delay-tolerant network is a mobile ad hoc network where the message dissemination is based on the store-carry-and-forward principle. This principle raises new aspects of the privacy problem. In particular, an attacker can build a user profile and trace the nodes based on this profile even if the message exchange protocol provides anonymity. In this paper, an attacker model is presented and some proposed attackers are implemented. We analyze the efficiency of both the attacks and the proposed defense mechanism, called Hide-and-Lie Strategy. We show that without any defense mechanism, the nodes are traceable, but with the Hide-and-Lie Strategy, the success probability of an attacker can be made equal to the success probability of the simple guessing. Furthermore, in some scenarios, the Hide-and-Lie Strategy increases the message delivery ratio. The number of downloaded messages and the maximal memory size required to apply the proposed privacy defense mechanism is also investigated.

Perfectly Anonymous Data Aggregation in Wireless Sensor Networks

L. Buttyán, T. Holczer

Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010), IEEE, San Francisco, November 8-12, 2010.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer},
   title = {Perfectly Anonymous Data Aggregation in Wireless Sensor Networks},
   booktitle = {Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010)},
   publisher = {IEEE},
   address = {San Francisco},
   month = {November 8-12},
   year = {2010}
}

Abstract

Clustering and data aggregation in wireless sensor networks improves scalability, and helps the efficient use of scarce resources. Yet, these mechanisms also introduce some security issues; in particular, aggregator nodes become attractive targets of physical destruction and jamming attacks. In order to mitigate this problem, we propose a new private aggregator node election protocol that hides the identity of the elected aggregator nodes both from external eavesdroppers and from compromised nodes participating in the protocol. We also propose a private data aggregation protocol and a corresponding private query protocol which allows the aggregators to collect sensor readings and respond to queries of the base station, respectively, without revealing any useful information about their identity to external eavesdroppers and to compromised nodes.

2009

Private Cluster Head Election in Wireless Sensor Networks

L. Buttyán, T. Holczer

Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09), IEEE, IEEE, Macau SAR, PRC, October 12 , 2009, pp. 1048-1053.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer},
   title = {Private Cluster Head Election in Wireless Sensor Networks},
   booktitle = {Proceedings of the Fifth IEEE International Workshop on Wireless and Sensor Networks Security (WSNS'09)},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Macau SAR, PRC},
   month = {October 12 },
   year = {2009},
   pages = {1048-1053}
}

Abstract

Clustering is a useful mechanism in wireless sensor networks that helps to cope with scalability problems and, if combined with in-network data aggregation, may increase the energy efficiency of the network. At the same time, by assigning a special role to the cluster head nodes, clustering makes the network more vulnerable to attacks. In particular, disabling a cluster head by physical destruction or jamming may render the entire cluster inoperable temporarily until the problem is detected and a new cluster head is elected. Hence, the cluster head nodes may be attractive targets of attacks, and one would like to make it difficult for an adversary to identify them. The adversary can try to identify the cluster head nodes in various ways, including the observation of the cluster head election process itself and the analysis of the traffic patterns after the termination of the cluster head election. In this paper, we focus on the former problem, which we call the private cluster head election problem. This problem has been neglected so far, and as a consequence, existing cluster head election protocols leak too much information making the identification of the elected cluster head nodes easy even for a passive external observer. We propose the first private cluster head election protocol for wireless sensor networks that is designed to hide the identity of the elected cluster head nodes from an adversary that can observe the execution of the protocol.

Secure Vehicle Communication (SeVeCom)

T. Holczer, P. Ardelean, N. Asaj, S. Cosenza, M. Müter, A. Held, B. Wiedersheim, P. Papadimitratos, F. Kargl, D. D. Cock

Demonstration. Mobisys, June, 2009.

Bibtex | PDF

@misc {
   author = {Tamas Holczer, Petra Ardelean, Naim Asaj, Stefano Cosenza, Michael Müter, Albert Held, Björn Wiedersheim, Panagiotis Papadimitratos, Frank Kargl, Danny De Cock},
   title = {Secure Vehicle Communication (SeVeCom)},
   howpublished = {Demonstration. Mobisys},
   month = {June},
   year = {2009}
}

Keywords

vehicular ad hoc network, security, privacy

Abstract

SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs

L. Buttyán, T. Holczer, A. Weimerskirch, W. Whyte

Proceedings of the IEEE Vehicular Networking Conference, IEEE, IEEE, Tokyo, Japan, October 28-29, 2009, pp. 1-8.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, Andre Weimerskirch, William Whyte},
   title = {SLOW: A Practical Pseudonym Changing Scheme for Location Privacy in VANETs},
   booktitle = {Proceedings of the IEEE Vehicular Networking Conference},
   organization = {IEEE},
   publisher = {IEEE},
   address = {Tokyo, Japan},
   month = {October 28-29},
   year = {2009},
   pages = {1-8}
}

Abstract

Untraceability of vehicles is an important requirement in future vehicle communications systems. Unfortunately, heartbeat messages used by many safety applications provide a constant stream of location data, and without any protection measures, they make tracking of vehicles easy even for a passive eavesdropper. One commonly known solution is to transmit heartbeats under pseudonyms that are changed regularly in order to obfuscate the trajectory of vehicles. However, this approach is effective only if some silent period is kept during the pseudonym change and several vehicles change their pseudonyms nearly at the same time and at the same location. Unlike previous works that proposed explicit synchronization between a group of vehicles and/or required pseudonym change in a designated physical area (i.e., a static mix zone), we propose a much simpler approach that does not need any explicit cooperation between vehicles and any infrastructure support. Our basic idea is that vehicles should not transmit heartbeat messages when their speed drops below a given threshold, say 30 km/h, and they should change pseudonym during each such silent period. This ensures that vehicles stopping at traffic lights or moving slowly in a traffic jam will all refrain from transmitting heartbeats and change their pseudonyms nearly at the same time and location. Thus, our scheme ensures both silent periods and synchronized pseudonym change in time and space, but it does so in an implicit way. We also argue that the risk of a fatal accident at a slow speed is low, and therefore, our scheme does not seriously impact safety-of- life. In addition, refraining from sending heartbeat messages when moving at low speed also relieves vehicles of the burden of verifying a potentially large amount of digital signatures, and thus, makes it possible to implement vehicle communications with less expensive equipments.

2008

Secure vehicular communication systems: design and architecture

P. Papadimitratos, A. Kung, F. Kargl, Z. Ma, M. Raya, J. Freudiger, E. Schoch, T. Holczer, L. Buttyán, J. P. Hubaux

IEEE Communications Magazine, vol. 46, no. 11, November, 2008, pp. 100-109.

Bibtex | Abstract | PDF

@article {
   author = {Panagiotis Papadimitratos, Antonio Kung, Frank Kargl, Zhendong Ma, Maxim Raya, Julien Freudiger, Elmar Schoch, Tamas Holczer, Levente BUTTYÁN, Jean-Pierre Hubaux},
   title = {Secure vehicular communication systems: design and architecture},
   journal = {IEEE Communications Magazine},
   volume = {46},
   number = {11},
   month = {November},
   year = {2008},
   pages = {100-109}
}

Abstract

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.

2007

Group-Based Private Authentication

G. Avoine, L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007), IEEE, Helsinki, Finland, Jun 18 , 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Gildas Avoine, Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {Group-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007)},
   publisher = {IEEE},
   address = {Helsinki, Finland},
   month = {Jun 18 },
   year = {2007}
}

Abstract

We propose a novel authentication scheme that ensures privacy of the provers. Our scheme is based on symmetric-key cryptography, and therefore, it is well-suited to resource constrained applications in large scale environments. A typical example for such an application is an RFID system, where the provers are low-cost RFID tags, and the number of the tags can potentially be very large. We analyze the proposed scheme and show that it is superior to the well-known key-tree based approach for private authentication both in terms of privacy and efficiency.

On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007), Springer, Cambridge, UK, July 2-3, , 2007.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs},
   booktitle = {In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007)},
   publisher = {Springer},
   address = {Cambridge, UK},
   month = {July 2-3, },
   year = {2007}
}

Abstract

The promise of vehicular communications is to make road traffic safer and more efficient. However, besides the expected benefits, vehicular communications also introduce some privacy risk by making it easier to track the physical location of vehicles. One approach to solve this problem is that the vehicles use pseudonyms that they change with some frequency. In this paper, we study the effectiveness of this approach.We define a model based on the concept of the mix zone, characterize the tracking strategy of the adversary in this model, and introduce a metric to quantify the level of privacy enjoyed by the vehicles. We also report on the results of an extensive simulation where we used our model to determine the level of privacy achieved in realistic scenarios. In particular, in our simulation, we used a rather complex road map, generated traffic with realistic parameters, and varied the strength of the adversary by varying the number of her monitoring points. Our simulation results provide detailed information about the relationship between the strength of the adversary and the level of privacy achieved by changing pseudonyms.

2006

Optimal Key-Trees for Tree-Based Private Authentication

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), June, 2006, Springer.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {Optimal Key-Trees for Tree-Based Private Authentication},
   booktitle = {In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET)},
   month = {June},
   year = {2006},
   note = {Springer}
}

Abstract

Key-tree based private authentication has been proposed by Molnar and Wagner as a neat way to efficiently solve the problem of privacy preserving authentication based on symmetric key cryptography. However, in the key-tree based approach, the level of privacy provided by the system to its members may decrease considerably if some members are compromised. In this paper, we analyze this problem, and show that careful design of the tree can help to minimize this loss of privacy. First, we introduce a benchmark metric for measuring the resistance of the system to a single compromised member. This metric is based on the well-known concept of anonymity sets. Then, we show how the parameters of the key-tree should be chosen in order to maximize the system's resistance to single member compromise under some constraints on the authentication delay. In the general case, when any member can be compromised, we give a lower bound on the level of privacy provided by the system. We also present some simulation results that show that this lower bound is quite sharp. The results of this paper can be directly used by system designers to construct optimal key-trees in practice; indeed, we consider this as the main contribution of our work.

Providing Location Privacy in Automated Fare Collection Systems

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece, June, 2006.

Bibtex | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, István VAJDA},
   title = {Providing Location Privacy in Automated Fare Collection Systems},
   booktitle = {In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece},
   month = {June},
   year = {2006}
}

Abstract

2005

Spontaneous Cooperation in Multi-domain Sensor Networks

L. Buttyán, T. Holczer, P. Schaffer

In Proceedings of the 2nd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS), Springer, Visegrád, Hungary, July, 2005.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Levente BUTTYÁN, Tamas Holczer, Peter Schaffer},
   title = {Spontaneous Cooperation in Multi-domain Sensor Networks},
   booktitle = {In Proceedings of the 2nd European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS)},
   publisher = {Springer},
   address = {Visegrád, Hungary},
   month = {July},
   year = {2005}
}

Abstract

Sensor networks are large scale networks consisting of several nodes and some base stations. The nodes are monitoring the environment and send their measurement data towards the base stations possibly via multiple hops. Since the nodes are often battery powered, an important design criterion for sensor networks is the maximization of their lifetime. In this paper, we consider multi-domain sensor networks, by which we mean a set of sensor networks that co-exist at the same physical location but run by different authorities. In this setting, the lifetime of all networks can be increased if the nodes cooperate and also forward packets originating from foreign domains. There is a risk, however, that a selfish network takes advantage of the cooperativeness of the other networks and exploits them. We study this problem in a game theoretic setting, and show that, in most cases, there is a Nash equilibrium in the system, in which at least one of the strategies is cooperative, even without introducing any external incentives (e.g., payments).

2004

Incentives for Cooperation in Multi-hop Wireless Networks

L. Buttyán, T. Holczer, P. Schaffer

Híradástechnika, vol. LIX, no. 3, March, 2004, pp. 30--34, (in Hungarian).

Bibtex | Abstract | PDF

@article {
   author = {Levente BUTTYÁN, Tamas Holczer, Peter Schaffer},
   title = {Incentives for Cooperation in Multi-hop Wireless Networks},
   journal = {Híradástechnika},
   volume = {LIX},
   number = {3},
   month = {March},
   year = {2004},
   pages = {30--34},
   note = {(in Hungarian)}
}

Abstract

Cikkünkben bevezetjük a kooperációra való ösztönzés problémáját, ami tipikus problémaként jelentkezik a többugrásos vezetéknélküli hálózatokban. Röviden áttekintjük a nem-kooperatív viselkedési fajtákat, és a kooperációra ösztönzõ mechanizmusok típusait. Végül összefoglaljuk két általunk javasolt ösztönzõ mechanizmus fõbb elemeit, ötleteit.