Networking Group Content: RESTful Multiparty Access to a Data-centric Web of Things

Content replication to many destinations is a common use case in the Internet of Things (IoT). The deployment of IP multicast has proven inefficient, though, due to its lack of layer-2 support by common IoT radio technologies and its synchronous end-to-end transmission, which is highly susceptible to interference. Information-centric networking (ICN) introduced hop-wise multi-party dissemination of cacheable content, which has proven valuable in particular for low-power lossy networking regimes. Even NDN, however, the most prominent ICN protocol, suffers from a lack of deployment. In this paper, we explore how multiparty content distribution in an information-centric Web of Things (WoT) can be built on CoAP. We augment the CoAP proxy by request aggregation and response replication functions, which together with proxy caches enable asynchronous group communication. In a further step, we integrate content object security with OSCORE into the CoAP multicast proxy system, which enables ubiquitous caching of certified authentic content. In our evaluation, we compare NDN with different deployment models of CoAP, including our data-centric approach in realistic testbed experiments. Our findings indicate that multiparty content distribution based on CoAP proxies performs equally well as NDN, while remaining fully compatible with the established IoT protocol world of CoAP on the Internet

Security and privacy issues of physical objects in the IoT: Challenges and opportunities

In the Internet of Things (IoT), security and privacy issues of physical objects are crucial to the related applications. In order to clarify the complicated security and privacy issues, the life cycle of a physical object is divided into three stages of pre-working, in-working, and post-working. On this basis, a physical object-based security architecture for the IoT is put forward. According to the security architecture, security and privacy requirements and related protecting technologies for physical objects in different working stages are analyzed in detail. Considering the development of IoT technologies, potential security and privacy challenges that IoT objects may face in the pervasive computing environment are summarized. At the same time, possible directions for dealing with these challenges are also pointed out

HERMES: Scalable, Secure, and Privacy-Enhancing Vehicle Access System

We propose HERMES, a scalable, secure, and privacy-enhancing system for users to share and access vehicles. HERMES securely outsources operations of vehicle access token generation to a set of untrusted servers. It builds on an earlier proposal, namely SePCAR [1], and extends the system design for improved efficiency and scalability. To cater to system and user needs for secure and private computations, HERMES utilizes and combines several cryptographic primitives with secure multiparty computation efficiently. It conceals secret keys of vehicles and transaction details from the servers, including vehicle booking details, access token information, and user and vehicle identities. It also provides user accountability in case of disputes. Besides, we provide semantic security analysis and prove that HERMES meets its security and privacy requirements. Last but not least, we demonstrate that HERMES is efficient and, in contrast to SePCAR, scales to a large number of users and vehicles, making it practical for real-world deployments. We build our evaluations with two different multiparty computation protocols: HtMAC-MiMC and CBC-MAC-AES. Our results demonstrate that HERMES with HtMAC-MiMC requires only approx 1,83 ms for generating an access token for a single-vehicle owner and approx 11,9 ms for a large branch of rental companies with over a thousand vehicles. It handles 546 and 84 access token generations per second, respectively. This results in HERMES being 696 (with HtMAC-MiMC) and 42 (with CBC-MAC-AES) times faster compared to in SePCAR for a single-vehicle owner access token generation. Furthermore, we show that HERMES is practical on the vehicle side, too, as access token operations performed on a prototype vehicle on-board unit take only approx 62,087 ms

An ICMetric based multiparty communication framework

Cryptographic algorithms have always relied on stored keys for the provision of security services. Since these keys are stored on a system this makes them prone to attack. Efforts to increase the key size makes brute forcing difficult but does not eliminate key theft. This thesis proposes a comprehensive security framework for groups of devices. The research makes four major contributions to improve the security of devices in the multiparty environment. The proposed framework uses the novel Integrated Circuit Metric (ICMetric) technology which proposes utilizing measurable properties and features of a device to create a device identification. This device identification called the ICMetric is used to create cryptographic keys which are then used in the designed cryptosystems. The first contribution of the thesis is the creation of an ICMetric using sensors found in modern smart devices. The research explores both explicit and implicit features which can be used to generate of an ICMetric. The second contribution of this research is the creation of a group ICMetric which is computed using the device ICMetric. The computation of the device ICMetric is a particular challenge as it has to be computed without violating the properties of the ICMetric technology. The third contribution is the demonstration that an ICMetric can be used for the creation of symmetric key. The fourth contribution of this research is an efficient RSA based asymmetric key generation scheme for the multiparty environment. Designing a system using widely accepted cryptographic primitives does not guarantee a secure system therefore the security of proposed schemes has been studied under the standard model. The schemes presented in this thesis attempt to improve the security of devices in the group environment. The schemes demonstrate that key theft deterrent technologies can be incorporated into cryptographic schemes to offer higher levels of security and privacy

A Method for Securing Symmetric Keys for Internet of Things Enabled Distributed Data Systems

This study introduces an innovative method for securing symmetric keys in Internet of Things (IoT)-enabled distributed data systems, focusing on enhancing data security while optimizing encryption and decryption times. Through a comprehensive analysis of various encryption algorithms—TEA, XTEA, BLOCK TEA (XXTEA), and the proposed NTSA algorithm—across different key sizes and file sizes, we aim to demonstrate the significant improvements our method offers over existing techniques. Our research meticulously evaluated the performance of these algorithms, employing random variations to encryption and decryption times to simulate real-world variability and assess the algorithms' efficiency and security robustness. The findings reveal that the NTSA algorithm, in particular, showcases superior performance, offering an approximate improvement of 10% to 15% in encryption and decryption times over traditional methods such as TEA and XTEA, and an even more considerable enhancement compared to BLOCK TEA (XXTEA). The key contribution of this study lies in its provision of a secure, efficient framework for symmetric key encryption in IoT-enabled distributed environments. By optimizing key size and algorithm selection, our method not only secures data against potential cyber threats but also ensures high-speed data processing—a critical requirement in the IoT domain where the volume of data transactions and the need for real-time processing are ever-increasing. The proposed method significantly advances the field of data security in distributed systems, especially within the context of the burgeoning IoT landscape. It underscores the importance of algorithmic efficiency and strategic key management in bolstering the security and performance of modern digital ecosystems

Dynamic Multiparty Authentication of Data Analytics Services within Cloud Environments

Business analytics processes are often composed from orchestrated, collaborating services, which are consumed by users from multiple cloud systems (in different security realms), which need to be engaged dynamically at runtime. If heterogeneous cloud systems located in different security realms do not have direct authentication relationships, then it is a considerable technical challenge to enable secure collaboration. In order to address this security challenge, a new authentication framework is required to establish trust amongst business analytics service instances and users by distributing a common session secret to all participants of a session. We address this challenge by designing and implementing a secure multiparty authentication framework for dynamic interaction, for the scenario where members of different security realms express a need to access orchestrated services. This novel framework exploits the relationship of trust between session members in different security realms, to enable a user to obtain security credentials that access cloud resources in a remote realm. The mechanism assists cloud session users to authenticate their session membership, thereby improving the performance of authentication processes within multiparty sessions. We see applicability of this framework beyond multiple cloud infrastructure, to that of any scenario where multiple security realms has the potential to exist, such as the emerging Internet of Things (IoT).Comment: Submitted to the 20th IEEE International Conference on High Performance Computing and Communications 2018 (HPCC2018), 28-30 June 2018, Exeter, U