110 research outputs found
Authentication techniques in smart grid: a systematic review
Smart Grid (SG) provides enhancement to existing grids with two-way communication between the utility, sensors, and consumers, by deploying smart sensors to monitor and manage power consumption. However due to the vulnerability of SG, secure component authenticity necessitates robust authentication approaches relative to limited resource availability (i.e. in terms of memory and computational power). SG communication entails optimum efficiency of authentication approaches to avoid any extraneous burden. This systematic review analyses 27 papers on SG authentication techniques and their effectiveness in mitigating certain attacks. This provides a basis for the design and use of optimized SG authentication approaches
An Efficient Authentication Protocol for Smart Grid Communication Based on On-Chip-Error-Correcting Physical Unclonable Function
Security has become a main concern for the smart grid to move from research
and development to industry. The concept of security has usually referred to
resistance to threats by an active or passive attacker. However, since smart
meters (SMs) are often placed in unprotected areas, physical security has
become one of the important security goals in the smart grid. Physical
unclonable functions (PUFs) have been largely utilized for ensuring physical
security in recent years, though their reliability has remained a major problem
to be practically used in cryptographic applications. Although fuzzy extractors
have been considered as a solution to solve the reliability problem of PUFs,
they put a considerable computational cost to the resource-constrained SMs. To
that end, we first propose an on-chip-error-correcting (OCEC) PUF that
efficiently generates stable digits for the authentication process. Afterward,
we introduce a lightweight authentication protocol between the SMs and
neighborhood gateway (NG) based on the proposed PUF. The provable security
analysis shows that not only the proposed protocol can stand secure in the
Canetti-Krawczyk (CK) adversary model but also provides additional security
features. Also, the performance evaluation demonstrates the significant
improvement of the proposed scheme in comparison with the state-of-the-art
A sensor node soC architecture for extremely autonomous wireless sensor networks
Tese de Doutoramento em Engenharia Eletrónica e de Computadores (PDEEC) (especialidade em Informática Industrial e Sistemas Embebidos)The Internet of Things (IoT) is revolutionizing the Internet of the future and the
way new smart objects and people are being connected into the world. Its pervasive
computing and communication technologies connect myriads of smart devices, presented
at our everyday things and surrounding objects. Big players in the industry
forecast, by 2020, around 50 billion of smart devices connected in a multitude of scenarios
and heterogeneous applications, sharing data over a true worldwide network.
This will represent a trillion dollar market that everyone wants to take a share.
In a world where everything is being connected, device security and device interoperability
are a paramount. From the sensor to the cloud, this triggers several
technological issues towards connectivity, interoperability and security requirements
on IoT devices. However, fulfilling such requirements is not straightforward. While
the connectivity exposes the device to the Internet, which also raises several security
issues, deploying a standardized communication stack on the endpoint device
in the network edge, highly increases the data exchanged over the network. Moreover,
handling such ever-growing amount of data on resource-constrained devices,
truly affects the performance and the energy consumption. Addressing such issues
requires new technological and architectural approaches to help find solutions to
leverage an accelerated, secure and energy-aware IoT end-device communication.
Throughout this thesis, the developed artifacts triggered the achievement of important
findings that demonstrate: (1) how heterogeneous architectures are nowadays
a perfect solution to deploy endpoint devices in scenarios where not only (heavy
processing) application-specific operations are required, but also network-related capabilities
are major concerns; (2) how accelerating network-related tasks result in a
more efficient device resources utilization, which combining better performance and
increased availability, contributed to an improved overall energy utilization; (3) how
device and data security can benefit from modern heterogeneous architectures that
rely on secure hardware platforms, which are also able to provide security-related
acceleration hardware; (4) how a domain-specific language eases the co-design and
customization of a secure and accelerated IoT endpoint device at the network edge.Internet of Things (IoT) é o conceito que está a revolucionar a Internet do futuro
e a forma como coisas, processos e pessoas se conectam e se relacionam numa infraestrutura
de rede global que interligará, num futuro próximo, um vasto número de
dispositivos inteligentes e de utilização diária. Com uma grande aposta no mercado
IoT por parte dos grandes líderes na industria, algumas visões otimistas preveem
para 2020 mais de 50 mil milhões de dispositivos ligados na periferia da rede, partilhando
grandes volumes de dados importantes através da Internet, representando
um mercado multimilionário com imensas oportunidades de negócio.
Num mundo interligado de dispositivos, a interoperabilidade e a segurança é uma
preocupação crescente. Tal preocupação exige inúmeros esforços na exploração de
novas soluções, quer a nível tecnológico quer a nível arquitetural, que visem impulsionar
o desenvolvimento de dispositivos embebidos com maiores capacidades de
desempenho, segurança e eficiência energética, não só apenas do dispositivo em si,
mas também das camadas e protocolos de rede associados. Apesar da integração
de pilhas de comunicação e de protocolos standard das camadas de rede solucionar
problemas associados à conectividade e a interoperabilidade, adiciona a sobrecarga
inerente dos protocolos de comunicação e do crescente volume de dados partilhados
entre os dispositivos e a Internet, afetando severamente o desempenho e a disponibilidade
do mesmo, refletindo-se num maior consumo energético global.
As soluções apresentadas nesta tese permitiram obter resultados que demonstram:
(1) a viabilidade de soluções heterogéneas no desenvolvimento de dispositivos IoT,
onde não só tarefas inerentes à aplicação podem ser aceleradas, mas também tarefas
relacionadas com a comunicação do dispositivo; (2) os benefícios da aceleração de
tarefas e protocolos da pilha de rede, que se traduz num melhor desempenho do
dispositivo e aumento da disponibilidade do mesmo, contribuindo para uma melhor
eficiência energética; (3) que plataformas de hardware modernas oferecem mecanismos
de segurança que podem ser utilizados não apenas em prol da segurança do
dispositivo, mas também nas capacidades de comunicação do mesmo; (4) que o desenvolvimento
de uma linguagem de domínio específico permite de forma mais eficaz
e eficiente o desenvolvimento e configuração de dispositivos IoT inteligentes.This thesis was supported by a PhD scholarship from Fundação para a Ciência e Tecnologia, SFRH/BD/90162/201
Deploying RIOT operating system on a reconfigurable Internet of Things end-device
Dissertação de mestrado integrado em Engenharia Eletrónica Industrial e ComputadoresThe Internet of Everything (IoE) is enabling the connection of an infinity of
physical objects to the Internet, and has the potential to connect every single
existing object in the world. This empowers a market with endless opportunities
where the big players are forecasting, by 2020, more than 50 billion connected
devices, representing an 8 trillion USD market.
The IoE is a broad concept that comprises several technological areas and will
certainly, include more in the future. Some of those already existing fields are the
Internet of Energy related with the connectivity of electrical power grids, Internet
of Medical Things (IoMT), for instance, enables patient monitoring, Internet of
Industrial Things (IoIT), which is dedicated to industrial plants, and the Internet
of Things (IoT) that focus on the connection of everyday objects (e.g. home
appliances, wearables, transports, buildings, etc.) to the Internet.
The diversity of scenarios where IoT can be deployed, and consequently the
different constraints associated to each device, leads to a heterogeneous network
composed by several communication technologies and protocols co-existing on the
same physical space. Therefore, the key requirements of an IoT network are
the connectivity and the interoperability between devices. Such requirement is
achieved by the adoption of standard protocols and a well-defined lightweight network
stack. Due to the adoption of a standard network stack, the data processed
and transmitted between devices tends to increase. Because most of the devices
connected are resource constrained, i.e., low memory, low processing capabilities,
available energy, the communication can severally decrease the device’s performance.
Hereupon, to tackle such issues without sacrificing other important requirements,
this dissertation aims to deploy an operating system (OS) for IoT, the
RIOT-OS, while providing a study on how network-related tasks can benefit from
hardware accelerators (deployed on reconfigurable technology), specially designed
to process and filter packets received by an IoT device.O conceito Internet of Everything (IoE) permite a conexão de uma infinidade
de objetos à Internet e tem o potencial de conectar todos os objetos existentes no
mundo. Favorecendo assim o aparecimento de novos mercados e infinitas possibilidades,
em que os grandes intervenientes destes mercados preveem até 2020 a
conexão de mais de 50 mil milhões de dispositivos, representando um mercado de
8 mil milhões de dólares.
IoE é um amplo conceito que inclui várias áreas tecnológicas e irá certamente
incluir mais no futuro. Algumas das áreas já existentes são: a Internet of Energy
relacionada com a conexão de redes de transporte e distribuição de energia à
Internet; Internet of Medical Things (IoMT), que possibilita a monotorização de
pacientes; Internet of Industrial Things (IoIT), dedicada a instalações industriais
e a Internet of Things (IoT), que foca na conexão de objetos do dia-a-dia (e.g.
eletrodomésticos, wearables, transportes, edifícios, etc.) à Internet.
A diversidade de cenários à qual IoT pode ser aplicado, e consequentemente,
as diferentes restrições aplicadas a cada dispositivo, levam à criação de uma rede
heterogénea composto por diversas tecnologias de comunicação e protocolos a coexistir
no mesmo espaço físico. Desta forma, os requisitos chave aplicados às redes
IoT são a conectividade e interoperabilidade entre dispositivos. Estes requisitos
são atingidos com a adoção de protocolos standard e pilhas de comunicação bem
definidas. Com a adoção de pilhas de comunicação standard, a informação processada
e transmitida entre dispostos tende a aumentar. Visto que a maioria dos
dispositivos conectados possuem escaços recursos, i.e., memória reduzida, baixa
capacidade de processamento, pouca energia disponível, o aumento da capacidade
de comunicação pode degradar o desempenho destes dispositivos.
Posto isto, para lidar com estes problemas e sem sacrificar outros requisitos importantes,
esta dissertação pretende fazer o porting de um sistema operativo IoT,
o RIOT, para uma solução reconfigurável, o CUTE mote. O principal objetivo
consiste na realização de um estudo sobre os benefícios que as tarefas relacionadas
com as camadas de rede podem ter ao serem executadas em hardware via aceleradores
dedicados. Estes aceleradores são especialmente projetados para processar
e filtrar pacotes de dados provenientes de uma interface radio em redes IoT periféricas
Efficient signature verification and key revocation using identity based cryptography
Cryptography deals with the development and evaluation of procedures for securing digital information. It is essential whenever multiple entities want to communicate safely. One task of cryptography concerns digital signatures and the verification of a signer’s legitimacy requires trustworthy authentication and authorization. This is achieved by deploying cryptographic keys. When dynamic membership behavior and identity theft come into play, revocation of keys has to be addressed. Additionally, in use cases with limited networking, computational, or storage resources, efficiency is a key requirement for any solution.
In this work we present a solution for signature verification and key revocation in constraned environments, e.g., in the Internet of Things (IoT). Where other mechanisms generate expensive overheads, we achieve revocation through a single multicast message without significant computational or storage overhead. Exploiting Identity Based Cryptography (IBC) complements the approach with efficient creation and verification of signatures.
Our solution offers a framework for transforming a suitable signature scheme to a so-called Key Updatable Signature Scheme (KUSS) in three steps. Each step defines mathematical conditions for transformation and precise security notions. Thereby, the framework allows a novel combination of efficient Identity Based Signature (IBS) schemes with revocation mechanisms originally designed for confidentiality in group communications.
Practical applicability of our framework is demonstrated by transforming four well-established IBS schemes based on Elliptic Curve Cryptography (ECC). The security of the resulting group Identity Based Signature (gIBS) schemes is carefully analyzed with techniques of Provable Security.
We design and implement a testbed for evaluating these kind of cryptographic schemes on different computing- and networking hardware, typical for constrained environments. Measurements on this testbed provide evidence that the transformations are practicable and efficient. The revocation complexity in turn is significantly reduced compared to existing solutions. Some of our new schemes even outperform the signing process of the widely used Elliptic Curve Digital Signature Algorithm (ECDSA).
The presented transformations allow future application on schemes beyond IBS or ECC. This includes use cases dealing with Post-Quantum Cryptography, where the revocation efficiency is similarly relevant. Our work provides the basis for such solutions currently under investigation.Die Kryptographie ist ein Instrument der Informationssicherheit und beschäftigt sich mit der Entwicklung und Evaluierung von Algorithmen zur Sicherung digitaler Werte. Sie ist für die sichere Kommunikation zwischen mehreren Entitäten unerlässlich. Ein Bestandteil sind digitale Signaturen, für deren Erstellung man kryptographische Schlüssel benötigt. Bei der Verifikation muss zusätzlich die Authentizität und die Autorisierung des Unterzeichners gewährleistet werden. Dafür müssen Schlüssel vertrauensvoll verteilt und verwaltet werden. Wenn sie in Kommunikationssystemen mit häufig wechselnden Teilnehmern zum Einsatz kommen, müssen die Schlüssel auch widerruflich sein. In Anwendungsfällen mit eingeschränkter Netz-, Rechen- und Speicherkapazität ist die Effizienz ein wichtiges Kriterium.
Diese Arbeit liefert ein Rahmenwerk, mit dem Schlüssel effizient widerrufen und Signaturen effizient verifiziert werden können. Dabei fokussieren wir uns auf Szenarien aus dem Bereich des Internets der Dinge (IoT, Internet of Things). Im Gegensatz zu anderen Lösungen ermöglicht unser Ansatz den Widerruf von Schlüsseln mit einer einzelnen Nachricht innerhalb einer Kommunikationsgruppe. Dabei fällt nur geringer zusätzlicher Rechen- oder Speicheraufwand an. Ferner vervollständigt die Verwendung von Identitätsbasierter Kryptographie (IBC, Identity Based Cryptography) unsere Lösung mit effizienter Erstellung und Verifikation der Signaturen.
Hierfür liefert die Arbeit eine dreistufige mathematische Transformation von geeigneten Signaturverfahren zu sogenannten Key Updatable Signature Schemes (KUSS). Neben einer präzisen Definition der Sicherheitsziele werden für jeden Schritt mathematische Vorbedingungen zur Transformation festgelegt. Dies ermöglicht die innovative Kombination von Identitätsbasierten Signaturen (IBS, Identity Based Signature) mit effizienten und sicheren Mechanismen zum Schlüsselaustausch, die ursprünglich für vertrauliche Gruppenkommunikation entwickelt wurden. Wir zeigen die erfolgreiche Anwendung der Transformationen auf vier etablierten IBSVerfahren. Die ausschließliche Verwendung von Verfahren auf Basis der Elliptic Curve Cryptography (ECC) erlaubt es, den geringen Kapazitäten der Zielgeräte gerecht zu werden. Eine Analyse aller vier sogenannten group Identity Based Signature (gIBS) Verfahren mit Techniken aus dem Forschungsgebiet der Beweisbaren Sicherheit zeigt, dass die zuvor definierten Sicherheitsziele erreicht werden.
Zur praktischen Evaluierung unserer und ähnlicher kryptographischer Verfahren wird in dieser Arbeit eine Testumgebung entwickelt und mit IoT-typischen Rechen- und Netzmodulen bestückt. Hierdurch zeigt sich sowohl die praktische Anwendbarkeit der Transformationen als auch eine deutliche Reduktion der Komplexität gegenüber anderen Lösungsansätzen. Einige der von uns vorgeschlagenen Verfahren unterbieten gar die Laufzeiten des meistgenutzten Elliptic Curve Digital Signature Algorithm (ECDSA) bei der Erstellung der Signaturen.
Die Systematik der Lösung erlaubt prinzipiell auch die Transformation von Verfahren jenseits von IBS und ECC. Dadurch können auch Anwendungsfälle aus dem Bereich der Post-Quanten-Kryptographie von unseren Ergebnissen profitieren. Die vorliegende Arbeit liefert die nötigen Grundlagen für solche Erweiterungen, die aktuell diskutiert und entwickelt werden
Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions
Traditional power grids are being transformed into Smart Grids (SGs) to
address the issues in existing power system due to uni-directional information
flow, energy wastage, growing energy demand, reliability and security. SGs
offer bi-directional energy flow between service providers and consumers,
involving power generation, transmission, distribution and utilization systems.
SGs employ various devices for the monitoring, analysis and control of the
grid, deployed at power plants, distribution centers and in consumers' premises
in a very large number. Hence, an SG requires connectivity, automation and the
tracking of such devices. This is achieved with the help of Internet of Things
(IoT). IoT helps SG systems to support various network functions throughout the
generation, transmission, distribution and consumption of energy by
incorporating IoT devices (such as sensors, actuators and smart meters), as
well as by providing the connectivity, automation and tracking for such
devices. In this paper, we provide a comprehensive survey on IoT-aided SG
systems, which includes the existing architectures, applications and prototypes
of IoT-aided SG systems. This survey also highlights the open issues,
challenges and future research directions for IoT-aided SG systems
Embedded computing systems design: architectural and application perspectives
Questo elaborato affronta varie problematiche legate alla progettazione e all'implementazione dei moderni sistemi embedded di computing, ponendo in rilevo, e talvolta in contrapposizione, le sfide che emergono all'avanzare della tecnologia ed i requisiti che invece emergono a livello applicativo, derivanti dalle necessità degli utenti finali e dai trend di mercato.
La discussione sarà articolata tenendo conto di due punti di vista: la progettazione hardware e la loro applicazione a livello di sistema.
A livello hardware saranno affrontati nel dettaglio i problemi di interconnettività on-chip. Aspetto che riguarda la parallelizzazione del calcolo, ma anche l'integrazione di funzionalità eterogenee. Sarà quindi discussa un'architettura d'interconnessione denominata Network-on-Chip (NoC). La soluzione proposta è in grado di supportare funzionalità avanzate di networking direttamente in hardware, consentendo tuttavia di raggiungere sempre un compromesso ottimale tra prestazioni in termini di traffico e requisiti di implementazioni a seconda dell'applicazione specifica. Nella discussione di questa tematica, verrà posto l'accento sul problema della configurabilità dei blocchi che compongono una NoC. Quello della configurabilità, è un problema sempre più sentito nella progettazione dei sistemi complessi, nei quali si cerca di sviluppare delle funzionalità, anche molto evolute, ma che siano semplicemente riutilizzabili. A tale scopo sarà introdotta una nuova metodologia, denominata Metacoding che consiste nell'astrarre i problemi di configurabilità attraverso linguaggi di programmazione di alto livello. Sulla base del metacoding verrà anche proposto un flusso di design automatico in grado di semplificare la progettazione e la configurazione di una NoC da parte del designer di rete.
Come anticipato, la discussione si sposterà poi a livello di sistema, per affrontare la progettazione di tali sistemi dal punto di vista applicativo, focalizzando l'attenzione in particolare sulle applicazioni di monitoraggio remoto. A tal riguardo saranno studiati nel dettaglio tutti gli aspetti che riguardano la progettazione di un sistema per il monitoraggio di pazienti affetti da scompenso cardiaco cronico. Si partirà dalla definizione dei requisiti, che, come spesso accade a questo livello, derivano principalmente dai bisogni dell'utente finale, nel nostro caso medici e pazienti. Verranno discusse le problematiche di acquisizione, elaborazione e gestione delle misure. Il sistema proposto introduce vari aspetti innovativi tra i quali il concetto di protocollo operativo e l'elevata interoperabilità offerta. In ultima analisi, verranno riportati i risultati relativi alla sperimentazione del sistema implementato.
Infine, il tema del monitoraggio remoto sarà concluso con lo studio delle reti di distribuzione elettrica intelligenti: le Smart Grid, cercando di fare uno studio dello stato dell'arte del settore, proponendo un'architettura di Home Area Network (HAN) e suggerendone una possibile implementazione attraverso Commercial Off the Shelf (COTS)
- …