%PDF-1.4 % 3 0 obj << /pgfprgb [/Pattern /DeviceRGB] >> endobj 4 0 obj << /S /GoTo /D (section*.4) >> endobj 7 0 obj (List of Figures) endobj 8 0 obj << /S /GoTo /D (section*.6) >> endobj 11 0 obj (List of Tables) endobj 12 0 obj << /S /GoTo /D (section*.7) >> endobj 15 0 obj (Glossary) endobj 16 0 obj << /S /GoTo /D (chapter.1) >> endobj 19 0 obj (1 Introduction) endobj 20 0 obj << /S /GoTo /D (section.1.1) >> endobj 23 0 obj (1.1 Wireless sensor networks) endobj 24 0 obj << /S /GoTo /D (subsection.1.1.1) >> endobj 27 0 obj (1.1.1 Execution model) endobj 28 0 obj << /S /GoTo /D (subsection.1.1.2) >> endobj 31 0 obj (1.1.2 Characteristics) endobj 32 0 obj << /S /GoTo /D (subsection.1.1.3) >> endobj 35 0 obj (1.1.3 Classification) endobj 36 0 obj << /S /GoTo /D (subsection.1.1.4) >> endobj 39 0 obj (1.1.4 Applications) endobj 40 0 obj << /S /GoTo /D (section.1.2) >> endobj 43 0 obj (1.2 Remote programming) endobj 44 0 obj << /S /GoTo /D (subsection.1.2.1) >> endobj 47 0 obj (1.2.1 Execution model) endobj 48 0 obj << /S /GoTo /D (subsection.1.2.2) >> endobj 51 0 obj (1.2.2 Classification) endobj 52 0 obj << /S /GoTo /D (subsubsection.1.2.2.1) >> endobj 55 0 obj (1.2.2.1 Methods for reducing communication cost) endobj 56 0 obj << /S /GoTo /D (subsubsection.1.2.2.2) >> endobj 59 0 obj (1.2.2.2 Methods for improving dissemination efficiency) endobj 60 0 obj << /S /GoTo /D (subsubsection.1.2.2.3) >> endobj 63 0 obj (1.2.2.3 Methods for improving performance) endobj 64 0 obj << /S /GoTo /D (subsection.1.2.3) >> endobj 67 0 obj (1.2.3 Applications) endobj 68 0 obj << /S /GoTo /D (section.1.3) >> endobj 71 0 obj (1.3 Secure remote programming) endobj 72 0 obj << /S /GoTo /D (subsection.1.3.1) >> endobj 75 0 obj (1.3.1 Security requirements) endobj 76 0 obj << /S /GoTo /D (subsubsection.1.3.1.1) >> endobj 79 0 obj (1.3.1.1 Attacks on the communication channel) endobj 80 0 obj << /S /GoTo /D (subsubsection.1.3.1.2) >> endobj 83 0 obj (1.3.1.2 Attacks on the sensor nodes) endobj 84 0 obj << /S /GoTo /D (subsection.1.3.2) >> endobj 87 0 obj (1.3.2 Implementation requirements) endobj 88 0 obj << /S /GoTo /D (section.1.4) >> endobj 91 0 obj (1.4 Contributions of this thesis) endobj 92 0 obj << /S /GoTo /D (chapter.2) >> endobj 95 0 obj (2 Materials \046 Methods and Impacts to Design) endobj 96 0 obj << /S /GoTo /D (section.2.1) >> endobj 99 0 obj (2.1 Hardware platform) endobj 100 0 obj << /S /GoTo /D (subsection.2.1.1) >> endobj 103 0 obj (2.1.1 General characteristics) endobj 104 0 obj << /S /GoTo /D (subsection.2.1.2) >> endobj 107 0 obj (2.1.2 Implementation hardware) endobj 108 0 obj << /S /GoTo /D (section.2.2) >> endobj 111 0 obj (2.2 Software platform) endobj 112 0 obj << /S /GoTo /D (subsection.2.2.1) >> endobj 115 0 obj (2.2.1 General characteristics) endobj 116 0 obj << /S /GoTo /D (subsection.2.2.2) >> endobj 119 0 obj (2.2.2 Implementation software) endobj 120 0 obj << /S /GoTo /D (section.2.3) >> endobj 123 0 obj (2.3 Impact of resource constraints to design) endobj 124 0 obj << /S /GoTo /D (subsection.2.3.1) >> endobj 127 0 obj (2.3.1 General approaches for dealing with resource constraints) endobj 128 0 obj << /S /GoTo /D (subsubsection.2.3.1.1) >> endobj 131 0 obj (2.3.1.1 Choice of programming style) endobj 132 0 obj << /S /GoTo /D (subsubsection.2.3.1.2) >> endobj 135 0 obj (2.3.1.2 Choice of algorithms) endobj 136 0 obj << /S /GoTo /D (subsection.2.3.2) >> endobj 139 0 obj (2.3.2 Efficient implementation) endobj 140 0 obj << /S /GoTo /D (subsection.2.3.3) >> endobj 143 0 obj (2.3.3 Design choices in this thesis) endobj 144 0 obj << /S /GoTo /D (chapter.3) >> endobj 147 0 obj (3 Security Models and Requirements Analysis) endobj 148 0 obj << /S /GoTo /D (section.3.1) >> endobj 151 0 obj (3.1 Threat model vs Attacker model) endobj 152 0 obj << /S /GoTo /D (section.3.2) >> endobj 155 0 obj (3.2 General approaches) endobj 156 0 obj << /S /GoTo /D (subsection.3.2.1) >> endobj 159 0 obj (3.2.1 Threat modeling) endobj 160 0 obj << /S /GoTo /D (subsection.3.2.2) >> endobj 163 0 obj (3.2.2 Attacker modeling) endobj 164 0 obj << /S /GoTo /D (subsection.3.2.3) >> endobj 167 0 obj (3.2.3 Identifying security goals and parameters) endobj 168 0 obj << /S /GoTo /D (section.3.3) >> endobj 171 0 obj (3.3 Remote programming scenario) endobj 172 0 obj << /S /GoTo /D (subsection.3.3.1) >> endobj 175 0 obj (3.3.1 Threat modeling) endobj 176 0 obj << /S /GoTo /D (subsection.3.3.2) >> endobj 179 0 obj (3.3.2 Attacker modeling) endobj 180 0 obj << /S /GoTo /D (subsection.3.3.3) >> endobj 183 0 obj (3.3.3 Identifying security goals and parameters) endobj 184 0 obj << /S /GoTo /D (section.3.4) >> endobj 187 0 obj (3.4 Scope of the thesis) endobj 188 0 obj << /S /GoTo /D (chapter.4) >> endobj 191 0 obj (4 Cryptographic Primitives and Code Size optimized Toolbox) endobj 192 0 obj << /S /GoTo /D (section.4.1) >> endobj 195 0 obj (4.1 Hash functions) endobj 196 0 obj << /S /GoTo /D (subsection.4.1.1) >> endobj 199 0 obj (4.1.1 Properties and requirements) endobj 200 0 obj << /S /GoTo /D (subsection.4.1.2) >> endobj 203 0 obj (4.1.2 Construction of hash functions) endobj 204 0 obj << /S /GoTo /D (subsection.4.1.3) >> endobj 207 0 obj (4.1.3 Construction choices for optimized code size) endobj 208 0 obj << /S /GoTo /D (subsubsection.4.1.3.1) >> endobj 211 0 obj (4.1.3.1 Impacts of block ciphers on design) endobj 212 0 obj << /S /GoTo /D (subsubsection.4.1.3.2) >> endobj 215 0 obj (4.1.3.2 Comparisons and design decisions) endobj 216 0 obj << /S /GoTo /D (section.4.2) >> endobj 219 0 obj (4.2 Message authentication codes \(MACs\)) endobj 220 0 obj << /S /GoTo /D (subsection.4.2.1) >> endobj 223 0 obj (4.2.1 Properties and requirements) endobj 224 0 obj << /S /GoTo /D (subsection.4.2.2) >> endobj 227 0 obj (4.2.2 Construction of MACs) endobj 228 0 obj << /S /GoTo /D (subsection.4.2.3) >> endobj 231 0 obj (4.2.3 Construction choices for optimized code size) endobj 232 0 obj << /S /GoTo /D (subsubsection.4.2.3.1) >> endobj 235 0 obj (4.2.3.1 Impacts of block ciphers on design) endobj 236 0 obj << /S /GoTo /D (subsubsection.4.2.3.2) >> endobj 239 0 obj (4.2.3.2 Comparisons and design decisions) endobj 240 0 obj << /S /GoTo /D (section.4.3) >> endobj 243 0 obj (4.3 Digital signatures) endobj 244 0 obj << /S /GoTo /D (subsection.4.3.1) >> endobj 247 0 obj (4.3.1 Properties and requirements) endobj 248 0 obj << /S /GoTo /D (subsection.4.3.2) >> endobj 251 0 obj (4.3.2 Construction of digital signatures and design decisions) endobj 252 0 obj << /S /GoTo /D (section.4.4) >> endobj 255 0 obj (4.4 A T-time signature for remote programming mechanisms) endobj 256 0 obj << /S /GoTo /D (subsection.4.4.1) >> endobj 259 0 obj (4.4.1 Preliminaries) endobj 260 0 obj << /S /GoTo /D (subsection.4.4.2) >> endobj 263 0 obj (4.4.2 Proposed signature scheme) endobj 264 0 obj << /S /GoTo /D (subsection.4.4.3) >> endobj 267 0 obj (4.4.3 Security evaluation) endobj 268 0 obj << /S /GoTo /D (subsection.4.4.4) >> endobj 271 0 obj (4.4.4 Performance evaluation) endobj 272 0 obj << /S /GoTo /D (chapter.5) >> endobj 275 0 obj (5 Broadcast Authentication Schemes and Design Choices) endobj 276 0 obj << /S /GoTo /D (section.5.1) >> endobj 279 0 obj (5.1 Preliminaries and assumptions) endobj 280 0 obj << /S /GoTo /D (section.5.2) >> endobj 283 0 obj (5.2 Taxonomy of the broadcast authentication schemes) endobj 284 0 obj << /S /GoTo /D (section.5.3) >> endobj 287 0 obj (5.3 Evaluation of the existing schemes) endobj 288 0 obj << /S /GoTo /D (subsection.5.3.1) >> endobj 291 0 obj (5.3.1 Schemes without non-repudiation of origin) endobj 292 0 obj << /S /GoTo /D (subsubsection.5.3.1.1) >> endobj 295 0 obj (5.3.1.1 Perfectly secure schemes) endobj 296 0 obj << /S /GoTo /D (subsubsection.5.3.1.2) >> endobj 299 0 obj (5.3.1.2 Computationally secure schemes) endobj 300 0 obj << /S /GoTo /D (subsection.5.3.2) >> endobj 303 0 obj (5.3.2 Schemes with non-repudiation of origin) endobj 304 0 obj << /S /GoTo /D (subsubsection.5.3.2.1) >> endobj 307 0 obj (5.3.2.1 Schemes based on signature propagation) endobj 308 0 obj << /S /GoTo /D (subsubsection.5.3.2.2) >> endobj 311 0 obj (5.3.2.2 Schemes based on signature dispersal) endobj 312 0 obj << /S /GoTo /D (section.5.4) >> endobj 315 0 obj (5.4 Design decisions) endobj 316 0 obj << /S /GoTo /D (chapter.6) >> endobj 319 0 obj (6 Authenticating Software Updates for Remote Programming) endobj 320 0 obj << /S /GoTo /D (section.6.1) >> endobj 323 0 obj (6.1 Preliminaries and assumptions) endobj 324 0 obj << /S /GoTo /D (section.6.2) >> endobj 327 0 obj (6.2 Proposed approach) endobj 328 0 obj << /S /GoTo /D (subsection.6.2.1) >> endobj 331 0 obj (6.2.1 Key generation and distribution) endobj 332 0 obj << /S /GoTo /D (subsection.6.2.2) >> endobj 335 0 obj (6.2.2 Authentication) endobj 336 0 obj << /S /GoTo /D (subsection.6.2.3) >> endobj 339 0 obj (6.2.3 Verification) endobj 340 0 obj << /S /GoTo /D (subsection.6.2.4) >> endobj 343 0 obj (6.2.4 Remarks and improvements) endobj 344 0 obj << /S /GoTo /D (section.6.3) >> endobj 347 0 obj (6.3 Security evaluation) endobj 348 0 obj << /S /GoTo /D (subsection.6.3.1) >> endobj 351 0 obj (6.3.1 Authenticity) endobj 352 0 obj << /S /GoTo /D (subsection.6.3.2) >> endobj 355 0 obj (6.3.2 Integrity) endobj 356 0 obj << /S /GoTo /D (subsection.6.3.3) >> endobj 359 0 obj (6.3.3 DoS resilience) endobj 360 0 obj << /S /GoTo /D (section.6.4) >> endobj 363 0 obj (6.4 Overhead analysis) endobj 364 0 obj << /S /GoTo /D (subsection.6.4.1) >> endobj 367 0 obj (6.4.1 Communication overhead) endobj 368 0 obj << /S /GoTo /D (subsection.6.4.2) >> endobj 371 0 obj (6.4.2 Storage overhead) endobj 372 0 obj << /S /GoTo /D (subsection.6.4.3) >> endobj 375 0 obj (6.4.3 Computation overhead) endobj 376 0 obj << /S /GoTo /D (section.6.5) >> endobj 379 0 obj (6.5 Choice of security parameters) endobj 380 0 obj << /S /GoTo /D (section.6.6) >> endobj 383 0 obj (6.6 Prototype implementation) endobj 384 0 obj << /S /GoTo /D (section.6.7) >> endobj 387 0 obj (6.7 Comparison with the previous approaches) endobj 388 0 obj << /S /GoTo /D (subsection.6.7.1) >> endobj 391 0 obj (6.7.1 Code size) endobj 392 0 obj << /S /GoTo /D (subsection.6.7.2) >> endobj 395 0 obj (6.7.2 Communication overhead) endobj 396 0 obj << /S /GoTo /D (subsection.6.7.3) >> endobj 399 0 obj (6.7.3 Computation overhead) endobj 400 0 obj << /S /GoTo /D (subsection.6.7.4) >> endobj 403 0 obj (6.7.4 Storage overhead) endobj 404 0 obj << /S /GoTo /D (section.6.8) >> endobj 407 0 obj (6.8 Conclusion) endobj 408 0 obj << /S /GoTo /D (chapter.7) >> endobj 411 0 obj (7 Authenticating Software Updates encoded with Fountain Codes) endobj 412 0 obj << /S /GoTo /D (section.7.1) >> endobj 415 0 obj (7.1 Preliminaries and assumptions) endobj 416 0 obj << /S /GoTo /D (section.7.2) >> endobj 419 0 obj (7.2 LT codes) endobj 420 0 obj << /S /GoTo /D (section.7.3) >> endobj 423 0 obj (7.3 Security challenges) endobj 424 0 obj << /S /GoTo /D (subsection.7.3.1) >> endobj 427 0 obj (7.3.1 Error propagation attacks \(poisoning attacks\)) endobj 428 0 obj << /S /GoTo /D (subsection.7.3.2) >> endobj 431 0 obj (7.3.2 Crippled decoding \(coefficient vector attacks\)) endobj 432 0 obj << /S /GoTo /D (section.7.4) >> endobj 435 0 obj (7.4 Security enhancements for remote programming) endobj 436 0 obj << /S /GoTo /D (subsection.7.4.1) >> endobj 439 0 obj (7.4.1 Mitigating poisoning attacks) endobj 440 0 obj << /S /GoTo /D (subsection.7.4.2) >> endobj 443 0 obj (7.4.2 Mitigating coefficient vector attacks) endobj 444 0 obj << /S /GoTo /D (section.7.5) >> endobj 447 0 obj (7.5 Overhead analysis) endobj 448 0 obj << /S /GoTo /D (subsection.7.5.1) >> endobj 451 0 obj (7.5.1 Parameter selection for simulations) endobj 452 0 obj << /S /GoTo /D (subsection.7.5.2) >> endobj 455 0 obj (7.5.2 Communication overhead) endobj 456 0 obj << /S /GoTo /D (subsection.7.5.3) >> endobj 459 0 obj (7.5.3 Storage overhead) endobj 460 0 obj << /S /GoTo /D (section.7.6) >> endobj 463 0 obj (7.6 Conclusion) endobj 464 0 obj << /S /GoTo /D (chapter.8) >> endobj 467 0 obj (8 Confidentiality Protection of Software Updates) endobj 468 0 obj << /S /GoTo /D (section.8.1) >> endobj 471 0 obj (8.1 Confidentiality protection) endobj 472 0 obj << /S /GoTo /D (section.8.2) >> endobj 475 0 obj (8.2 The approach) endobj 476 0 obj << /S /GoTo /D (subsection.8.2.1) >> endobj 479 0 obj (8.2.1 Design choices) endobj 480 0 obj << /S /GoTo /D (subsection.8.2.2) >> endobj 483 0 obj (8.2.2 Software update encryption and decryption) endobj 484 0 obj << /S /GoTo /D (section.8.3) >> endobj 487 0 obj (8.3 Security analysis) endobj 488 0 obj << /S /GoTo /D (section.8.4) >> endobj 491 0 obj (8.4 Case study: Secure Synapse++) endobj 492 0 obj << /S /GoTo /D (section.8.5) >> endobj 495 0 obj (8.5 Prototype implementation and performance analyze) endobj 496 0 obj << /S /GoTo /D (subsection.8.5.1) >> endobj 499 0 obj (8.5.1 Prototype implementation) endobj 500 0 obj << /S /GoTo /D (subsection.8.5.2) >> endobj 503 0 obj (8.5.2 Performance evaluation) endobj 504 0 obj << /S /GoTo /D (section.8.6) >> endobj 507 0 obj (8.6 Conclusion) endobj 508 0 obj << /S /GoTo /D (chapter.9) >> endobj 511 0 obj (9 Conclusion and Future Work) endobj 512 0 obj << /S /GoTo /D (section*.256) >> endobj 515 0 obj (References) endobj 516 0 obj << /S /GoTo /D [517 0 R /Fit ] >> endobj 520 0 obj << /Length 510 /Filter /FlateDecode >> stream xڅ0E{K#DL恬)Z #$HG.i$;s~ܼHͭ'"JR8ɵ.Hy$c81LYC}h ׯnY~"9G2e+:V]5 ߚ0q)Њ\iV01%1DB҅\Z9ƒ{nGfCztyF#`Ȃnc[Xq]kУ>n""Fq $wVrv1[$-y`\9TÊtǜs;2sZMbP2#,9p({ۗjz pFݜ;h0KW!͂ȕFJ.Qݬ}'U"^;1/VuZ-8ִOgj(3xuRcfy[FIqu&!dz(K?Wm[n_ endstream endobj 517 0 obj << /Type /Page /Contents 520 0 R /Resources 519 0 R /MediaBox [0 0 595.276 841.89] /Parent 525 0 R /Annots [ 518 0 R ] >> endobj 518 0 obj << /Type /Annot /Border[0 0 1]/H/I/C[0 1 1] /Rect [248.63 207.057 391.433 221.802] /Subtype/Link/A<> >> endobj 521 0 obj << /D [517 0 R /XYZ 113.52 768.055 null] >> endobj 522 0 obj << /D [517 0 R /XYZ 114.52 699.659 null] >> endobj 519 0 obj << /ColorSpace 3 0 R /Pattern 2 0 R /ExtGState 1 0 R /Font << /F17 523 0 R /F19 524 0 R >> /ProcSet [ /PDF /Text ] >> endobj 528 0 obj << /Length 117 /Filter /FlateDecode >> stream x= `<ō$*MV:Y|}p IZ(J+`|OkBgϏQ;p,WҐ3ͲlCD endstream endobj 527 0 obj << /Type /Page /Contents 528 0 R /Resources 526 0 R /MediaBox [0 0 595.276 841.89] /Parent 525 0 R >> endobj 529 0 obj << /D [527 0 R /XYZ 71 768.055 null] >> endobj 526 0 obj << /ColorSpace 3 0 R /Pattern 2 0 R /ExtGState 1 0 R /Font << /F15 530 0 R >> /ProcSet [ /PDF /Text ] >> endobj 533 0 obj << /Length 278 /Filter /FlateDecode >> stream xڕ?O0w!g#*E*"1)qnW')#={~lA-{g8N$t뎭 q%)xN4SSuhUPԀ%, VH?v܇YC_Oy8˗_*1AUP*c_qa0yMiK o,2ahv$Sm#z^ Ox_dzQTEN'\ e8Š0#$V[EZ۶R7Mwm endstream endobj 532 0 obj << /Type /Page /Contents 533 0 R /Resources 531 0 R /MediaBox [0 0 595.276 841.89] /Parent 525 0 R >> endobj 534 0 obj << /D [532 0 R /XYZ 113.52 768.055 null] >> endobj 531 0 obj << /ColorSpace 3 0 R /Pattern 2 0 R /ExtGState 1 0 R /Font << /F15 530 0 R >> /ProcSet [ /PDF /Text ] >> endobj 537 0 obj << /Length 19 /Filter /FlateDecode >> stream x3PHW0Pp2A c( endstream endobj 536 0 obj << /Type /Page /Contents 537 0 R /Resources 535 0 R /MediaBox [0 0 595.276 841.89] /Parent 525 0 R >> endobj 538 0 obj << /D [536 0 R /XYZ 71 768.055 null] >> endobj 535 0 obj << /ColorSpace 3 0 R /Pattern 2 0 R /ExtGState 1 0 R /ProcSet [ /PDF ] >> endobj 541 0 obj << /Length 252 /Filter /FlateDecode >> stream xڝQMO0WFrh&i[ol hڡC꿧Avw@/ywZ 7zi+ mbsee emQq߽>̹:!|)OIC"pKI5q,r<,ZUd%Y8LMy孶SIuթPUm&&KL|33<2Ck[aujyń \v*W Hm/90o endstream endobj 540 0 obj << /Type /Page /Contents 541 0 R /Resources 539 0 R /MediaBox [0 0 595.276 841.89] /Parent 525 0 R >> endobj 542 0 obj << /D [540 0 R /XYZ 113.52 768.055 null] >> endobj 539 0 obj << /ColorSpace 3 0 R /Pattern 2 0 R /ExtGState 1 0 R /Font << /F22 543 0 R >> /ProcSet [ /PDF /Text ] >> endobj 546 0 obj << /Length 19 /Filter /FlateDecode >> stream x3PHW0Pp2A c( endstream endobj 545 0 obj << /Type /Page /Contents 546 0 R /Resources 544 0 R /MediaBox [0 0 595.276 841.89] /Parent 525 0 R >> endobj 547 0 obj << /D [545 0 R /XYZ 71 768.055 null] >> endobj 544 0 obj << /ColorSpace 3 0 R /Pattern 2 0 R /ExtGState 1 0 R /ProcSet [ /PDF ] >> endobj 550 0 obj << /Length 1547 /Filter /FlateDecode >> stream x}Wɒ6+tTY W-q2YTŪ!CA\dDzII @l5p˛ݛ|$ƫa&*W۸iW?<ުo7:HAM4$eZgMmEߺzN<8hUӘ6htI5Nd]EDПNӹ^sިZD}6-'Q)DjTb6 8x6VפRuVq4ۏ"f?!ڈdwQgـQCpd N8hO쵓5Qa2@Ϧ?H]wᅔkciJn2gܨ({Y2JI9Z50o+4OkҋH>uz2dɫk#c1m)KU+#kd9`b#ybŌb֠_ ]%9i\L7i