437 research outputs found
slimIoT: Scalable Lightweight Attestation Protocol For the Internet of Things
The Internet of Things (IoT) is increasingly intertwined with critical
industrial processes, yet contemporary IoT devices offer limited security
features, creating a large new attack surface. Remote attestation is a
well-known technique to detect cyber threats by remotely verifying the internal
state of a networked embedded device through a trusted entity. Multi-device
attestation has received little attention although current single-device
approaches show limited scalability in IoT applications. Though recent work has
yielded some proposals for scalable attestation, several aspects remain
unexplored, and thus more research is required. This paper presents slimIoT, a
scalable lightweight attestation protocol that is suitable for all IoT devices.
slimIoT depends on an efficient broadcast authentication scheme along with
symmetric key cryptography. It is resilient against a strong adversary with
physical access to the IoT device. Our protocol is informative in the sense
that it identifies the precise status of every device in the network. We
implement and evaluate slimIoT considering many factors. On the one hand, our
evaluation results show a low overhead in terms of memory footprint and
runtime. On the other hand, simulations demonstrate that slimIoT is scalable,
robust and highly efficient to be used in static and dynamic networks
consisting of thousands of heterogenous IoT devices.Comment: This paper has been accepted at the 2018 IEEE Conference on
Dependable and Secure Computing (DSC
Integration of Hardware Security Modules and Permissioned Blockchain in Industrial IoT Networks
Hardware Security Modules (HSM) serve as a hardware based root of trust that offers physical
protection while adding a new security layer in the system architecture. When combined with decentralized
access technologies as Blockchain, HSM offers robustness and complete reliability enabling secured end-toend
mechanisms for authenticity, authorization and integrity. This work proposes an ef cient integration of
HSM and Blockchain technologies focusing on, mainly, public-key cryptography algorithms and standards,
that result crucial in order to achieve a successful combination of the mentioned technologies to improve the
overall security in Industrial IoT systems. To prove the suitability of the proposal and the interaction of an
IoT node and a Blockchain network using HSM a proof of concept is developed. Results of time performance
analysis of the prototype reveal how promising the combination of HSMs in Blockchain environments is.Infineon Technologies AGEuropean Union's Horizon 2020 Research and Innovation Program through the Cyber Security 4.0: Protecting the Industrial Internet of Things (C4IIoT) 833828FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades B-TIC-588-UGR2
Secure Sensor Prototype Using Hardware Security Modules and Trusted Execution Environments in a Blockchain Application: Wine Logistic Use Case
The security of Industrial Internet of Things (IIoT) systems is a challenge that needs to be
addressed immediately, as the increasing use of new communication paradigms and the abundant
use of sensors opens up new opportunities to compromise these types of systems. In this sense,
technologies such as Trusted Execution Environments (TEEs) and Hardware Security Modules
(HSMs) become crucial for adding new layers of security to IIoT systems, especially to edge nodes
that incorporate sensors and perform continuous measurements. These technologies, coupled with
new communication paradigms such as Blockchain, offer a high reliability, robustness and good
interoperability between them. This paper proposes the design of a secure sensor incorporating
the above mentioned technologies—HSMs and a TEE—in a hardware device based on a dual-core
architecture. Through this combination of technologies, one of the cores collects the data extracted by
the sensors and implements the security mechanisms to guarantee the integrity of these data, while
the remaining core is responsible for sending these data through the appropriate communication
protocol. This proposed approach fits into the Blockchain networks, which act as an Oracle. Finally,
to illustrate the application of this concept, a use case applied to wine logistics is described, where
this secure sensor is integrated into a Blockchain that collects data from the storage and transport of
barrels, and a performance evaluation of the implemented prototype is providedEuropean Union’s Horizon Europe research and innovation program through the funding project
“Cognitive edge-cloud with serverless computing” (EDGELESS) under grant agreement number
101092950FEDER/Junta de Andalucia-Consejeria de Transformacion
Economica, Industria, Conocimiento y Universidades under Project B-TIC-588-UGR2
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
A survey of secure middleware for the Internet of Things
The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area
Remote attestation to ensure the security of future Internet of Things services
The Internet of Things (IoT) evolution is gradually reshaping the physical world into smart environments that involve a large number of interconnected resource-constrained devices which collect, process, and exchange enormous amount of (more or less) sensitive information. With the increasing number of interconnected IoT devices and their capabilities to control the environment, IoT systems are becoming a prominent target of sophisticated cyberattacks. To deal with the expanding attack surface, IoT systems require adequate security mechanisms to verify the reliability of IoT devices.
Remote attestation protocols have recently gained wide attention in IoT systems as valuable security mechanisms that detect the adversarial presence and guarantee the legitimate state of IoT devices. Various attestation schemes have been proposed to optimize the effectiveness and efficiency of remote attestation protocols of a single IoT device or a group of IoT devices. Nevertheless, some cyber attacks remain undetected by current attestation methods, and attestation protocols still introduce non-negligible computational overheads for resource-constrained devices.
This thesis presents the following new contributions in the area of remote attestation protocols that verify the trustworthiness of IoT devices.
First, this thesis shows the limitations of existing attestation protocols against runtime attacks which, by compromising a device, may maliciously influence the operation of other genuine devices that interact with the compromised one. To detect such an attack, this thesis introduces the service perspective in remote attestation and presents a synchronous remote attestation protocol for distributed IoT services.
Second, this thesis designs, implements and evaluates a novel remote attestation scheme that releases the constraint of synchronous interaction between devices and enables the attestation of asynchronous distributed IoT services. The proposed scheme also attests asynchronously a group of IoT devices, without interrupting the regular operations of all the devices at the same time.
Third, this thesis proposes a new approach that aims to reduce the interruption time of the regular work that remote attestation introduces in an IoT device. This approach intends to decrease the computational overhead of attestation by allowing an IoT device to securely offload the attestation process to a cloud service, which then performs attestation independently on the cloud, on behalf of the IoT device
- …