Prototipo de cifrador de flujo en línea en tiempo real mediante salsa20 en plataformas arduino uno para transmisión de audio

El manejo de información ha sido siempre una necesidad a través de la historia de la humanidad, pero solo fue recientemente que la cantidad de información producida por los humanos rebasó límites que cualquiera hubiera imaginado, esto se debió al vertiginoso avance de los sistemas de información y plataformas computacionales, lo que dificultó el manejo de dicha información y obligó a los científicos e intelectuales de diversos campos a buscar métodos para optimizar y mejorar las herramientas existentes. La electrónica fue la que propició tal desarrollo al incrementar las capacidades de procesamiento, almacenamiento y transmisión de información, y diariamente se producen incrementos de estas capacidades Este crecimiento en las características de los equipos computacionales ayudaron al desarrollo de incontables campos del conocimiento, pero también se hicieron evidentes muchos inconvenientes de la era de la información, siendo la seguridad uno de los más apremiantes. para dar solución a estos problemas la optimización y adaptación de algoritmos a nuevos sistemas computacionales se ha convertido en una de las opciones más viables y que más partido saca de los constantes avances tecnológicos ya que mediante pequeños cambios conceptuales y lógicos, se aumenta la velocidad por varios factores, lo que representa una ventaja ya que no son necesarias modificaciones en el hardware, reduciendo costos y aumentando la seguridad

Analysing the Security Aspects of IoT using Blockchain and Cryptographic Algorithms

Technological advancement is a never-ending field that shows its evolution from time to time. In 1832, with the invention of the electromagnetic telegraph, the era of the Internet of Things (IoT) began. Within the time of 190 years, this technological domain has revolutionized IoT and made it omnipresent. However, with this evolved and omnipresent nature of IoT, many drawbacks, privacy, interoperability, and security issues have also been generated. These different concerns should be tackled with some newer technologies rather than the conventional ones as somehow, they are only the generator of those issues. Outdated Security could be an appropriate issue of IoT along with the centralized point of failure. It also possesses more concerns and challenges to tackle. On the other side, there is a visible solution to address the challenges of IoT in this developing domain of technology. The visible approach is Blockchain which acted as the backbone in securing Bitcoin in 2008, which was created by the pseudo group named Satoshi Nakamoto. Blockchain has evolved from Blockchain 1.0 to Blockchain 4.0 as the latest one depicts its amalgamation with another component of Industry 4.0 i.e., Artificial Intelligence (AI). AI will give the ability to think logically and like humans. In addition to this SMART solution, there is also an advanced cryptographical technique known as the Elliptic Curve Digital Signature Algorithm (ECDSA) which can enhance the security spectrum of IoT if applied appropriately. This paper produces a vision to enhance and optimize the security of IoT using a network peer-to-peer technology Blockchain along with advanced cryptography

Pseudo-Random Bit Generator Using Chaotic Seed for Cryptographic Algorithm in Data Protection of Electric Power Consumption

Cryptographic algorithms have played an important role in information security for protecting privacy. The literature provides evidence that many types of chaotic cryptosystems have been proposed. These chaotic systems encode information to obviate its orbital instability and ergodicity. In this work, a pseudo-random cryptographic generator algorithm with a symmetric key, based on chaotic functions, is proposed. Moreover, the algorithm exploits dynamic simplicity and synchronization to generate encryption sub-keys using unpredictable seeds, extracted from a chaotic zone, in order to increase their level of randomness. Also, it is applied to a simulated electrical energy consumption signal and implemented on a prototype, using low hardware resources, to measure physical variables; hence, the unpredictability degree was statistically analyzed using the resulting cryptogram. It is shown that the pseudo-random sequences produced by the cryptographic key generator have acceptable properties with respect to randomness, which are validated in this paper using National Institute of Standards and Technology (NIST) statistical tests. To complement the evaluation of the encrypted data, the Lena image is coded and its metrics are compared with those reported in the literature, yielding some useful results

GENERACIÓN DE SERIES PSEUDORANDOM PARA CIFRAR DATOS DE CONSUMO DE ENERGÍA ELÉCTRICA (PSEUDORANDOM SERIES GENERATION TO ENCRYPT ELECTRICAL ENERGY CONSUMPTION DATA)

Resumen En este artículo se presenta la implementación de un prototipo para el cifrado de datos usando un criptosistema de clave simétrica que cifra los datos mediante la aplicación de generadores eficientes de secuencias pseudoaleatorias que aprovechan el comportamiento caótico de una ecuación logística, es diseñado para generar flujo de claves aplicadas al cifrado/descifrado de una señal de consumo de energía eléctrica. El objetivo del cifrado es el de proporcionar privacidad y confidencialidad al usuario de sus datos de medición en el marco de redes eléctricas inteligentes. Se realizan pruebas experimentales utilizando una señal de energía eléctrica real, los resultados obtenidos demuestran que el proceso de cifrado/descifrado no afectará la eficiencia de codificación, manteniendo una tasa de bits y un bajo consumo de recursos computacionales. Para validar los resultados, éstos se someten a un análisis de seguridad basado en valoración estadística del NIST (Instituto Nacional de Normas y Tecnología), pruebas que son superadas, lo que indica, que la información o los datos quedan criptográficamente protegidos. Se hace una comparación entre resultados simulados y Reales. Palabras Clave: Criptografía, ecuación logística, pseudoaleatorio, seguridad. Abstract Implementation of a prototype for data encryption using a symmetric key cryptosystem is presented in this paper, data are encrypted by applying efficient generators of pseudo-random sequences that take advantage of the chaotic behavior of a logistic equation and it is designed to generate flow of keys applied to the encryption/decryption of an electrical energy consumption signal. The purpose of encryption is to provide privacy and confidentiality to the user of his measurement data within the framework of smart grids. Experimental tests are carried out using a real electrical energy signal, the results obtained show that the encryption / decryption process will not affect the encoding efficiency, maintaining a low bit rate and low consumption of computational resources. To validate the results, they are subjected to a security analysis based on statistical evaluation from the NIST (National Institute of Standards and Technology), tests that are passed, which indicates that the information or data is cryptographically protected. A comparison is made between simulated and real results. Keywords: Cryptography, logistic equation, Pseudo-random, security

A Scoping Study on Lightweight Cryptography Reviews in IoT

The efforts in designing and developing lightweight cryptography (LWC) started a decade ago. Many scholarly studies in literature report the enhancement of conventional cryptographic algorithms and the development of new algorithms. This significant number of studies resulted in the rise of many review studies on LWC in IoT. Due to the vast number of review studies on LWC in IoT, it is not known what the studies cover and how extensive the review studies are. Therefore, this article aimed to bridge the gap in the review studies by conducting a systematic scoping study. It analyzed the existing review articles on LWC in IoT to discover the extensiveness of the reviews and the topics covered. The results of the study suggested that many review studies are classified as overview-types of review focusing on generic LWC.  Further, the topics of the reviews mainly focused on symmetric block cryptography, while limited reviews were found on asymmetric-key and hash in LWC. The outcomes of this study revealed that the reviews in LWC in IoT are still in their premature stage and researchers are encouraged to explore by conducting review studies in the less-attended areas. An extensive review of studies that cover these two topics is deemed necessary to establish a balance of scholarly works in LWC for IoT and encourage more empirical research in the area

Encryption by Heart (EbH)-Using ECG for time-invariant symmetric key generation

Wearable devices are a part of Internet-of-Things (IoT) that may offer valuable data of their porting user. This paper explores the use of ElectroCardioGram (ECG) records to encrypt user data. Previous attempts have shown that ECG can be taken as a basis for key generation. However, these approaches do not consider time-invariant keys. This feature enables using these so-created keys for symmetrically encrypting data (e.g. smartphone pictures), enabling their decryption using the key derived from the current ECG readings. This paper addresses this challenge by proposing EbH, a mechanism for persistent key generation based on ECG. EbH produces seeds from which encryption keys are generated. Experimental results over 24 h for 199 users show that EbH, under certain settings, can produce permanent seeds (thus time-invariant keys) computed on-the-fly and different for each user up to 95.97% of users produce unique keys. In addition, EbH can be tuned to produce seeds of different length (up to 300 bits) and with variable min-entropy (up to 93.51). All this supports the workability of EbH in a real setting. (C) 2017 Elsevier B.V. All rights reserved.Funding: This work was supported by the MINECO grants TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and TIN2016-79095-C2-2-R (SMOG-DEV); by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks), which is co-funded by European Funds (FEDER); and by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid, Spain (J. M. de Fuentes and L. Gonzalez-Manzano grants). Data used for this research was provided by the Telemetric and ECG Warehouse (THEW) of University of Rochester, NY

SEGURANÇA EM INTERNET DAS COISAS: UM SURVEY DE SOLUÇÕES LIGHTWEIGHT

A conexão intermitente de dispositivos, máquinas e sensores em cenários com inteligência computacionais conectados à internet tem se tornado cada vez mais presente. A essa integração, dá-se o nome de Internet das Coisas (Internet of Things – IoT). Esse novo paradigma traz desafios de segurança, principalmente pela heterogeneidade e a quantidade de dispositivos com baixo poder computacional presentes nesse cenário. Propostas de segurança tradicionais não são viáveis nestes cenários e novas soluções são então necessárias. Surgem então as soluções lightweight. Entende-se por lightweight todas as técnicas, arquiteturas e esquemas de segurança consideradas “leves” em termos de consumo de recursos e adaptáveis a diferentes dispositivos. Neste trabalho é analisado o atual cenário de segurança lightweight em redes IoT, por meio de uma revisão e classificação da Literatura. São apresentadas propostas de algoritmos de criptografia baseadas em credenciais, uso da nuvem para autenticação, redução de latência, de consumo de energia e de perda de pacotes, entre outras vantagens. É pretendido assim, contribuir com o avanço das pesquisas em segurança em Internet das Coisas, apresentando as tecnologias de segurança “leves” em IoT, os desafios, os desenvolvimentos recentes, as questões em aberto e também os pontos futuros de pesquisa

Expressive policy based authorization model for resource-constrained device sensors.

Los capítulos II, III y IV están sujetos a confidencialidad por el autor 92 p.Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that expose services that can adapt to user behavior or be managed with the goal of achieving higher productivity, often in multistakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Given that, strong security in general and access control in particular is a must.However, tightness, feasibility and usability of existing access control models do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In fact, (1) traditional access control solutions are not feasible in all constrained devices due their big impact on the performance although they provide the highest effectiveness by means of tightness and flexibility. (2) Recent access control solutions designed for constrained devices can be implemented only in not so constrained ones and lack policy expressiveness in the local authorization enforcement. (3) Access control solutions currently feasible in the most severely constrained devices have been based on authentication and very coarse grained and static policies, scale badly, and lack a feasible policy based access control solution aware of local context of sensors.Therefore, there is a need for a suitable End-to-End (E2E) access control model to provide fine grained authorization services in service oriented open scenarios, where operation and management access is by nature dynamic and that integrate massively deployed constrained but manageable sensors. Precisely, the main contribution of this thesis is the specification of such a highly expressive E2E access control model suitable for all sensors including the most severely constrained ones. Concretely, the proposed E2E access control model consists of three main foundations. (1) A hybrid architecture, which combines advantages of both centralized and distributed architectures to enable multi-step authorization. Fine granularity of the enforcement is enabled by (2) an efficient policy language and codification, which are specifically defined to gain expressiveness in the authorization policies and to ensure viability in very-constrained devices. The policy language definition enables both to make granting decisions based on local context conditions, and to react accordingly to the requests by the execution of additional tasks defined as obligations.The policy evaluation and enforcement is performed not only during the security association establishment but also afterward, while such security association is in use. Moreover, this novel model provides also control over access behavior, since iterative re-evaluation of the policy is enabled during each individual resource access.Finally, (3) the establishment of an E2E security association between two mutually authenticated peers through a security protocol named Hidra. Such Hidra protocol, based on symmetric key cryptography, relies on the hybrid three-party architecture to enable multi-step authorization as well as the instant provisioning of a dynamic security policy in the sensors. Hidra also enables delegated accounting and audit trail. Proposed access control features cope with tightness, feasibility and both dimensions of usability such as scalability and manageability, which are the key unsolved challenges in the foreseen open and dynamic scenarios enabled by IoT. Related to efficiency, the high compression factor of the proposed policy codification and the optimized Hidra security protocol relying on a symmetric cryptographic schema enable the feasibility as it is demonstrated by the validation assessment. Specifically, the security evaluation and both the analytical and experimental performance evaluation demonstrate the feasibility and adequacy of the proposed protocol and access control model.Concretely, the security validation consists of the assessment that the Hidra security protocol meets the security goals of mutual strong authentication, fine-grained authorization, confidentiality and integrity of secret data and accounting. The security analysis of Hidra conveys on the one hand, how the design aspects of the message exchange contribute to the resilience against potential attacks. On the other hand, a formal security validation supported by a software tool named AVISPA ensures the absence of flaws and the correctness of the design of Hidra.The performance validation is based on an analytical performance evaluation and a test-bed implementation of the proposed access control model for the most severely constrained devices. The key performance factor is the length of the policy instance, since it impacts proportionally on the three critical parameters such as the delay, energy consumption, memory footprint and therefore, on the feasibility.Attending to the obtained performance measures, it can be concluded that the proposed policy language keeps such balance since it enables expressive policy instances but always under limited length values. Additionally, the proposed policy codification improves notably the performance of the protocol since it results in the best policy length compression factor compared with currently existing and adopted standards.Therefore, the assessed access control model is the first approach to bring to severely constrained devices a similar expressiveness level for enforcement and accounting as in current Internet. The positive performance evaluation concludes the feasibility and suitability of this access control model, which notably rises the security features on severely constrained devices for the incoming smart scenarios.Additionally, there is no comparable impact assessment of policy expressiveness of any other access control model. That is, the presented analysis models as well as results might be a reference for further analysis and benchmarkingGaur egun darabilzkigun hainbeste gailutan mikroprozesadoreak daude txertatuta, eragiten duten prozesuan neurketak egin eta logika baten ondorioz ekiteko. Horretarako, bai sentsoreak eta baita aktuadoreak erabiltzen dira (hemendik aurrera, komunitatean onartuta dagoenez, sentsoreak esango diegu nahiz eta erabilpen biak izan). Orain arteko erabilpen zabalenetako konekzio motak, banaka edota sare lokaletan konekatuta izan dira. Era honetan, sentsoreak elkarlanean elkarreri eraginez edota zerbitzari nagusi baten agindupean, erakunde baten prozesuak ahalbideratu eta hobetzeko erabili izan dira.Internet of Things (IoT) deritzonak, sentsoreak dituzten gailuak Internet sarearen bidez konektatu eta prozesu zabalagoak eta eraginkorragoak ahalbidetzen ditu. Smartcity, Smartgrid, Smartfactory eta bestelako smart adimendun ekosistemak, gaur egun dauden eta datozen komunikaziorako teknologien aukerak baliatuz, erabilpen berriak ahalbideratu eta eragina areagotzea dute helburu.Era honetan, ekosistema hauek zabalak dira, eremu ezberdinetako erakundeek hartzen dute parte, eta berariazko sentsoreak dituzten gailuen kopurua izugarri handia da. Sentsoreak beraz, berariazkoak, merkeak eta txikiak dira, eta orain arteko lehenengo erabilpen nagusia, magnitude fisikoren bat neurtzea eta neurketa hauek zerbitzari zentralizatu batera bidaltzea izan da. Hau da, inguruan gertatzen direnak neurtu, eta zerbitzari jakin bati neurrien datuak aldiro aldiro edota atari baten baldintzapean igorri. Zerbitzariak logika aplikatu eta sistema osoa adimendun moduan jardungo du. Jokabide honetan, aurretik ezagunak diren entitateen arteko komunikazioen segurtasuna bermatzearen kexka, nahiz eta Internetetik pasatu, hein onargarri batean ebatzita dago gaur egun.Baina adimendun ekosistema aurreratuak sentsoreengandik beste jokabide bat ere aurreikusten dute. Sentsoreek eurekin harremanak izateko moduko zerbitzuak ere eskaintzen dituzte. Erakunde baten prozesuetan, beste jatorri bateko erakundeekin elkarlanean, jokabide honen erabilpen nagusiak bi dira. Batetik, prozesuan parte hartzen duen erabiltzaileak (eta jabeak izan beharrik ez duenak) inguruarekin harremanak izan litzake, eta bere ekintzetan gailuak bere berezitasunetara egokitzearen beharrizana izan litzake. Bestetik, sentsoreen jarduera eta mantenimendua zaintzen duten teknikariek, beroriek egokitzeko zerbitzuen beharrizana izan dezakete.Holako harremanak, sentsoreen eta erabiltzaileen kokalekua zehaztugabea izanik, kasu askotan Internet bidez eta zuzenak (end-to-end) izatea aurreikusten da. Hau da, sentsore txiki asko daude handik hemendik sistemaren adimena ahalbidetuz, eta harreman zuzenetarako zerbitzu ñimiñoak eskainiz. Batetik, zerbitzu zuzena, errazagoa eta eraginkorragoa dena, bestetik erronkak ere baditu. Izan ere, sentsoreak hain txikiak izanik, ezin dituzte gaur egungo protokolo eta mekanismo estandarak gauzatu. Beraz, sare mailatik eta aplikazio mailarainoko berariazko protokoloak sortzen ari dira.Tamalez, protokolo hauek arinak izatea dute helburu eta segurtasuna ez dute behar den moduan aztertu eta gauzatzen. Eta egon badaude berariazko sarbide kontrolerako ereduak baina baliabideen urritasuna dela eta, ez dira ez zorrotzak ez kudeagarriak. Are gehiago, Gartnerren arabera, erabilpen aurreratuetan inbertsioa gaur egun mugatzen duen traba Nagusia segurtasunarekiko mesfidantza da.Eta hauxe da erronka eta tesi honek landu duen gaia: batetik sentsoreak hain txikiak izanik, eta baliabideak hain urriak (10kB RAM, 100 kB Flash eta bateriak, sentsore txikienetarikoetan), eta bestetik Internet sarea hain zabala eta arriskutsua izanik, segurtasuna areagotuko duen sarbide zuzenaren kontrolerako eredu zorrotz, arin eta kudeagarri berri bat zehaztu eta bere erabilgarritasuna aztertu

A Comprehensive Survey of Modern Symmetric Cryptographic Solutions for Resource Constrained Environments

Modern cryptographic algorithms play an irreplaceable role in data communication systems for various areas of applications. These algorithms are the backbone of data protection and secrecy for highly sensitive and classified data. The selection of a suitable crypto-algorithm will dynamically affect the lifespan and performance of a device in terms of battery-life, hardware memory, computation latency and communication bandwidth. In the current developments of the resource constrained environments, the trend is shifting towards lightweight algorithmic hardware designs. To select a suitable cryptographic algorithm for an application or an environment, the understandings of both the algorithmic requirements in terms of hardware and the specifications of the development platform intended has to be established. However, there are numerous ciphers in the literature that has various functionality, specifications and strength. Moreover, there are numerous literatures that cover the trend and specifications of security solutions in hardware constrained environment, employing known cryptographic algorithms. In this paper, we present a comprehensive survey of modern symmetric cryptographic solutions used in resource constrained environment (RCE), including literatures from the area of wireless sensor network (WSN), radio frequency identification (RFID), wireless identification and sensing platform (WISP) and other resource constrained platforms. This paper aims to provide a survey of the ciphers that were used in the past, and what are the ciphers that are currently active, and their respective specifications and applications in the area of modern world RCEs. On top of that, descriptive summaries of (a total of 100 symmetric ciphers) modern block ciphers (38), involution ciphers (6), lightweight block ciphers (28) and stream ciphers (28) are included and discussed, and an overview of the current contributions of various literatures, comparison and analysis of modern ciphers from the hardware and software perspective are also discussed