682 research outputs found
Networking Group Content: RESTful Multiparty Access to a Data-centric Web of Things
Content replication to many destinations is a common use case in the Internet
of Things (IoT). The deployment of IP multicast has proven inefficient, though,
due to its lack of layer-2 support by common IoT radio technologies and its
synchronous end-to-end transmission, which is highly susceptible to
interference. Information-centric networking (ICN) introduced hop-wise
multi-party dissemination of cacheable content, which has proven valuable in
particular for low-power lossy networking regimes. Even NDN, however, the most
prominent ICN protocol, suffers from a lack of deployment.
In this paper, we explore how multiparty content distribution in an
information-centric Web of Things (WoT) can be built on CoAP. We augment the
CoAP proxy by request aggregation and response replication functions, which
together with proxy caches enable asynchronous group communication. In a
further step, we integrate content object security with OSCORE into the CoAP
multicast proxy system, which enables ubiquitous caching of certified authentic
content. In our evaluation, we compare NDN with different deployment models of
CoAP, including our data-centric approach in realistic testbed experiments. Our
findings indicate that multiparty content distribution based on CoAP proxies
performs equally well as NDN, while remaining fully compatible with the
established IoT protocol world of CoAP on the Internet
Security and privacy issues of physical objects in the IoT: Challenges and opportunities
In the Internet of Things (IoT), security and privacy issues of physical objects are crucial to the related applications. In order to clarify the complicated security and privacy issues, the life cycle of a physical object is divided into three stages of pre-working, in-working, and post-working. On this basis, a physical object-based security architecture for the IoT is put forward. According to the security architecture, security and privacy requirements and related protecting technologies for physical objects in different working stages are analyzed in detail. Considering the development of IoT technologies, potential security and privacy challenges that IoT objects may face in the pervasive computing environment are summarized. At the same time, possible directions for dealing with these challenges are also pointed out
HERMES: Scalable, Secure, and Privacy-Enhancing Vehicle Access System
We propose HERMES, a scalable, secure, and privacy-enhancing system for users
to share and access vehicles. HERMES securely outsources operations of vehicle
access token generation to a set of untrusted servers. It builds on an earlier
proposal, namely SePCAR [1], and extends the system design for improved
efficiency and scalability. To cater to system and user needs for secure and
private computations, HERMES utilizes and combines several cryptographic
primitives with secure multiparty computation efficiently. It conceals secret
keys of vehicles and transaction details from the servers, including vehicle
booking details, access token information, and user and vehicle identities. It
also provides user accountability in case of disputes. Besides, we provide
semantic security analysis and prove that HERMES meets its security and privacy
requirements. Last but not least, we demonstrate that HERMES is efficient and,
in contrast to SePCAR, scales to a large number of users and vehicles, making
it practical for real-world deployments. We build our evaluations with two
different multiparty computation protocols: HtMAC-MiMC and CBC-MAC-AES. Our
results demonstrate that HERMES with HtMAC-MiMC requires only approx 1,83 ms
for generating an access token for a single-vehicle owner and approx 11,9 ms
for a large branch of rental companies with over a thousand vehicles. It
handles 546 and 84 access token generations per second, respectively. This
results in HERMES being 696 (with HtMAC-MiMC) and 42 (with CBC-MAC-AES) times
faster compared to in SePCAR for a single-vehicle owner access token
generation. Furthermore, we show that HERMES is practical on the vehicle side,
too, as access token operations performed on a prototype vehicle on-board unit
take only approx 62,087 ms
An ICMetric based multiparty communication framework
Cryptographic algorithms have always relied on stored keys for the provision of security services. Since these keys are stored on a system this makes them prone to attack. Efforts to increase the key size makes brute forcing difficult but does not eliminate key theft.
This thesis proposes a comprehensive security framework for groups of devices. The research makes four major contributions to improve the security of devices in the multiparty environment. The proposed framework uses the novel Integrated Circuit Metric (ICMetric) technology which proposes utilizing measurable properties and features of a device to create a device identification. This device identification called the ICMetric is used to create cryptographic keys which are then used in the designed cryptosystems.
The first contribution of the thesis is the creation of an ICMetric using sensors found in modern smart devices. The research explores both explicit and implicit features which can be used to generate of an ICMetric.
The second contribution of this research is the creation of a group ICMetric which is computed using the device ICMetric. The computation of the device ICMetric is a particular challenge as it has to be computed without violating the properties of the ICMetric technology.
The third contribution is the demonstration that an ICMetric can be used for the creation of symmetric key. The fourth contribution of this research is an efficient RSA based asymmetric key generation scheme for the multiparty environment.
Designing a system using widely accepted cryptographic primitives does not guarantee a secure system therefore the security of proposed schemes has been studied under the standard model. The schemes presented in this thesis attempt to improve the security of devices in the group environment. The schemes demonstrate that key theft deterrent technologies can be incorporated into cryptographic schemes to offer higher levels of security and privacy
A Method for Securing Symmetric Keys for Internet of Things Enabled Distributed Data Systems
This study introduces an innovative method for securing symmetric keys in Internet of Things (IoT)-enabled distributed data systems, focusing on enhancing data security while optimizing encryption and decryption times. Through a comprehensive analysis of various encryption algorithms—TEA, XTEA, BLOCK TEA (XXTEA), and the proposed NTSA algorithm—across different key sizes and file sizes, we aim to demonstrate the significant improvements our method offers over existing techniques. Our research meticulously evaluated the performance of these algorithms, employing random variations to encryption and decryption times to simulate real-world variability and assess the algorithms' efficiency and security robustness. The findings reveal that the NTSA algorithm, in particular, showcases superior performance, offering an approximate improvement of 10% to 15% in encryption and decryption times over traditional methods such as TEA and XTEA, and an even more considerable enhancement compared to BLOCK TEA (XXTEA). The key contribution of this study lies in its provision of a secure, efficient framework for symmetric key encryption in IoT-enabled distributed environments. By optimizing key size and algorithm selection, our method not only secures data against potential cyber threats but also ensures high-speed data processing—a critical requirement in the IoT domain where the volume of data transactions and the need for real-time processing are ever-increasing. The proposed method significantly advances the field of data security in distributed systems, especially within the context of the burgeoning IoT landscape. It underscores the importance of algorithmic efficiency and strategic key management in bolstering the security and performance of modern digital ecosystems
Dynamic Multiparty Authentication of Data Analytics Services within Cloud Environments
Business analytics processes are often composed from orchestrated,
collaborating services, which are consumed by users from multiple cloud systems
(in different security realms), which need to be engaged dynamically at
runtime. If heterogeneous cloud systems located in different security realms do
not have direct authentication relationships, then it is a considerable
technical challenge to enable secure collaboration. In order to address this
security challenge, a new authentication framework is required to establish
trust amongst business analytics service instances and users by distributing a
common session secret to all participants of a session. We address this
challenge by designing and implementing a secure multiparty authentication
framework for dynamic interaction, for the scenario where members of different
security realms express a need to access orchestrated services. This novel
framework exploits the relationship of trust between session members in
different security realms, to enable a user to obtain security credentials that
access cloud resources in a remote realm. The mechanism assists cloud session
users to authenticate their session membership, thereby improving the
performance of authentication processes within multiparty sessions. We see
applicability of this framework beyond multiple cloud infrastructure, to that
of any scenario where multiple security realms has the potential to exist, such
as the emerging Internet of Things (IoT).Comment: Submitted to the 20th IEEE International Conference on High
Performance Computing and Communications 2018 (HPCC2018), 28-30 June 2018,
Exeter, U
- …