810 research outputs found
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
A Survey on Wireless Sensor Network Security
Wireless sensor networks (WSNs) have recently attracted a lot of interest in
the research community due their wide range of applications. Due to distributed
nature of these networks and their deployment in remote areas, these networks
are vulnerable to numerous security threats that can adversely affect their
proper functioning. This problem is more critical if the network is deployed
for some mission-critical applications such as in a tactical battlefield.
Random failure of nodes is also very likely in real-life deployment scenarios.
Due to resource constraints in the sensor nodes, traditional security
mechanisms with large overhead of computation and communication are infeasible
in WSNs. Security in sensor networks is, therefore, a particularly challenging
task. This paper discusses the current state of the art in security mechanisms
for WSNs. Various types of attacks are discussed and their countermeasures
presented. A brief discussion on the future direction of research in WSN
security is also included.Comment: 24 pages, 4 figures, 2 table
A Secure Key Agreement Protocol for Dynamic Group
To accomplish secure group communication, it is essential to share a unique
cryptographic key among group members. The underlying challenges to group key
agreement are scalability, efficiency, and security. In a dynamic group
environment, the rekeying process is more frequent; therefore, it is more
crucial to design an efficient group key agreement protocol. Moreover, with the
emergence of various group-based services, it is becoming common for several
multicast groups to coexist in the same network. These multicast groups may
have several shared users; a join or leave request by a single user can trigger
regeneration of multiple group keys. Under the given circumstances the rekeying
process becomes a challenging task. In this work, we propose a novel
methodology for group key agreement which exploits the state vectors of group
members. The state vector is a set of randomly generated nonce instances which
determine the logical link between group members and which empowers the group
member to generate multiple cryptographic keys independently. Using local
knowledge of a secret nonce, each member can generate and share a large number
of secure keys, indicating that SGRS inherently provides a considerable amount
of secure subgroup multicast communication using subgroup multicasting keys
derived from local state vectors. The resulting protocol is secure and
efficient in terms of both communication and computation.Comment: This article is accepted for the publication in Cluster Computing-The
Journal of Networks, Software Tools and Applications. Print ISSN 1386-7857,
Online ISSN 1573-754
Recommended from our members
A twoâstep authentication framework for Mobile ad hoc networks
The lack of fixed infrastructure in ad hoc networks causes nodes to rely more heavily on peer nodes for communication. Nevertheless, establishing trust in such a distributed environment is very difficult, since it is not straightforward for a node to determine if its peer nodes can be trusted. An additional concern in such an environment is with whether a peer node is merely relaying a message or if it is the originator of the message. In this paper, we propose an authentication approach for protecting nodes in mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using several authentication protocols are analyzed. Protocols based on zero knowledge and challenge response techniques are presented and their performance is evaluated through analysis and simulation
Contributions to Securing Software Updates in IoT
The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Efficient signature verification and key revocation using identity based cryptography
Cryptography deals with the development and evaluation of procedures for securing digital information. It is essential whenever multiple entities want to communicate safely. One task of cryptography concerns digital signatures and the verification of a signerâs legitimacy requires trustworthy authentication and authorization. This is achieved by deploying cryptographic keys. When dynamic membership behavior and identity theft come into play, revocation of keys has to be addressed. Additionally, in use cases with limited networking, computational, or storage resources, efficiency is a key requirement for any solution.
In this work we present a solution for signature verification and key revocation in constraned environments, e.g., in the Internet of Things (IoT). Where other mechanisms generate expensive overheads, we achieve revocation through a single multicast message without significant computational or storage overhead. Exploiting Identity Based Cryptography (IBC) complements the approach with efficient creation and verification of signatures.
Our solution offers a framework for transforming a suitable signature scheme to a so-called Key Updatable Signature Scheme (KUSS) in three steps. Each step defines mathematical conditions for transformation and precise security notions. Thereby, the framework allows a novel combination of efficient Identity Based Signature (IBS) schemes with revocation mechanisms originally designed for confidentiality in group communications.
Practical applicability of our framework is demonstrated by transforming four well-established IBS schemes based on Elliptic Curve Cryptography (ECC). The security of the resulting group Identity Based Signature (gIBS) schemes is carefully analyzed with techniques of Provable Security.
We design and implement a testbed for evaluating these kind of cryptographic schemes on different computing- and networking hardware, typical for constrained environments. Measurements on this testbed provide evidence that the transformations are practicable and efficient. The revocation complexity in turn is significantly reduced compared to existing solutions. Some of our new schemes even outperform the signing process of the widely used Elliptic Curve Digital Signature Algorithm (ECDSA).
The presented transformations allow future application on schemes beyond IBS or ECC. This includes use cases dealing with Post-Quantum Cryptography, where the revocation efficiency is similarly relevant. Our work provides the basis for such solutions currently under investigation.Die Kryptographie ist ein Instrument der Informationssicherheit und beschĂ€ftigt sich mit der Entwicklung und Evaluierung von Algorithmen zur Sicherung digitaler Werte. Sie ist fĂŒr die sichere Kommunikation zwischen mehreren EntitĂ€ten unerlĂ€sslich. Ein Bestandteil sind digitale Signaturen, fĂŒr deren Erstellung man kryptographische SchlĂŒssel benötigt. Bei der Verifikation muss zusĂ€tzlich die AuthentizitĂ€t und die Autorisierung des Unterzeichners gewĂ€hrleistet werden. DafĂŒr mĂŒssen SchlĂŒssel vertrauensvoll verteilt und verwaltet werden. Wenn sie in Kommunikationssystemen mit hĂ€ufig wechselnden Teilnehmern zum Einsatz kommen, mĂŒssen die SchlĂŒssel auch widerruflich sein. In AnwendungsfĂ€llen mit eingeschrĂ€nkter Netz-, Rechen- und SpeicherkapazitĂ€t ist die Effizienz ein wichtiges Kriterium.
Diese Arbeit liefert ein Rahmenwerk, mit dem SchlĂŒssel effizient widerrufen und Signaturen effizient verifiziert werden können. Dabei fokussieren wir uns auf Szenarien aus dem Bereich des Internets der Dinge (IoT, Internet of Things). Im Gegensatz zu anderen Lösungen ermöglicht unser Ansatz den Widerruf von SchlĂŒsseln mit einer einzelnen Nachricht innerhalb einer Kommunikationsgruppe. Dabei fĂ€llt nur geringer zusĂ€tzlicher Rechen- oder Speicheraufwand an. Ferner vervollstĂ€ndigt die Verwendung von IdentitĂ€tsbasierter Kryptographie (IBC, Identity Based Cryptography) unsere Lösung mit effizienter Erstellung und Verifikation der Signaturen.
HierfĂŒr liefert die Arbeit eine dreistufige mathematische Transformation von geeigneten Signaturverfahren zu sogenannten Key Updatable Signature Schemes (KUSS). Neben einer prĂ€zisen Definition der Sicherheitsziele werden fĂŒr jeden Schritt mathematische Vorbedingungen zur Transformation festgelegt. Dies ermöglicht die innovative Kombination von IdentitĂ€tsbasierten Signaturen (IBS, Identity Based Signature) mit effizienten und sicheren Mechanismen zum SchlĂŒsselaustausch, die ursprĂŒnglich fĂŒr vertrauliche Gruppenkommunikation entwickelt wurden. Wir zeigen die erfolgreiche Anwendung der Transformationen auf vier etablierten IBSVerfahren. Die ausschlieĂliche Verwendung von Verfahren auf Basis der Elliptic Curve Cryptography (ECC) erlaubt es, den geringen KapazitĂ€ten der ZielgerĂ€te gerecht zu werden. Eine Analyse aller vier sogenannten group Identity Based Signature (gIBS) Verfahren mit Techniken aus dem Forschungsgebiet der Beweisbaren Sicherheit zeigt, dass die zuvor definierten Sicherheitsziele erreicht werden.
Zur praktischen Evaluierung unserer und Ă€hnlicher kryptographischer Verfahren wird in dieser Arbeit eine Testumgebung entwickelt und mit IoT-typischen Rechen- und Netzmodulen bestĂŒckt. Hierdurch zeigt sich sowohl die praktische Anwendbarkeit der Transformationen als auch eine deutliche Reduktion der KomplexitĂ€t gegenĂŒber anderen LösungsansĂ€tzen. Einige der von uns vorgeschlagenen Verfahren unterbieten gar die Laufzeiten des meistgenutzten Elliptic Curve Digital Signature Algorithm (ECDSA) bei der Erstellung der Signaturen.
Die Systematik der Lösung erlaubt prinzipiell auch die Transformation von Verfahren jenseits von IBS und ECC. Dadurch können auch AnwendungsfĂ€lle aus dem Bereich der Post-Quanten-Kryptographie von unseren Ergebnissen profitieren. Die vorliegende Arbeit liefert die nötigen Grundlagen fĂŒr solche Erweiterungen, die aktuell diskutiert und entwickelt werden
Routing Security Issues in Wireless Sensor Networks: Attacks and Defenses
Wireless Sensor Networks (WSNs) are rapidly emerging as an important new area
in wireless and mobile computing research. Applications of WSNs are numerous
and growing, and range from indoor deployment scenarios in the home and office
to outdoor deployment scenarios in adversary's territory in a tactical
battleground (Akyildiz et al., 2002). For military environment, dispersal of
WSNs into an adversary's territory enables the detection and tracking of enemy
soldiers and vehicles. For home/office environments, indoor sensor networks
offer the ability to monitor the health of the elderly and to detect intruders
via a wireless home security system. In each of these scenarios, lives and
livelihoods may depend on the timeliness and correctness of the sensor data
obtained from dispersed sensor nodes. As a result, such WSNs must be secured to
prevent an intruder from obstructing the delivery of correct sensor data and
from forging sensor data. To address the latter problem, end-to-end data
integrity checksums and post-processing of senor data can be used to identify
forged sensor data (Estrin et al., 1999; Hu et al., 2003a; Ye et al., 2004).
The focus of this chapter is on routing security in WSNs. Most of the currently
existing routing protocols for WSNs make an optimization on the limited
capabilities of the nodes and the application-specific nature of the network,
but do not any the security aspects of the protocols. Although these protocols
have not been designed with security as a goal, it is extremely important to
analyze their security properties. When the defender has the liabilities of
insecure wireless communication, limited node capabilities, and possible
insider threats, and the adversaries can use powerful laptops with high energy
and long range communication to attack the network, designing a secure routing
protocol for WSNs is obviously a non-trivial task.Comment: 32 pages, 5 figures, 4 tables 4. arXiv admin note: substantial text
overlap with arXiv:1011.152
- âŠ