610 research outputs found
Reconfigurable Security: Edge Computing-based Framework for IoT
In various scenarios, achieving security between IoT devices is challenging
since the devices may have different dedicated communication standards,
resource constraints as well as various applications. In this article, we first
provide requirements and existing solutions for IoT security. We then introduce
a new reconfigurable security framework based on edge computing, which utilizes
a near-user edge device, i.e., security agent, to simplify key management and
offload the computational costs of security algorithms at IoT devices. This
framework is designed to overcome the challenges including high computation
costs, low flexibility in key management, and low compatibility in deploying
new security algorithms in IoT, especially when adopting advanced cryptographic
primitives. We also provide the design principles of the reconfigurable
security framework, the exemplary security protocols for anonymous
authentication and secure data access control, and the performance analysis in
terms of feasibility and usability. The reconfigurable security framework paves
a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication
Fast Authentication in Heterogeneous Wireless Networks
The growing diffusion of wireless devices is leading to an increasing demand for mobility and security. At the same time, most applications can only tolerate short breaks in the data flow, so that it is a challenge to find out mobility and authentication methods able to cope with these constraints. This paper aims to propose an authentication scheme which significantly shortens the authentication latency and that can be deployed in a variety of wireless environments ranging from common Wireless LANs (WLANs) to satellite-based access networks
Secure Device Bootstrapping with the Nimble Out of Band Authentication Protocol
The smart personal and business appliances which form the Internet of Things are expected to become ubiquitous and to make our daily life more convenient. Most of these devices are connected though wireless networks to cloud-based online services. However, such devices may be vulnerable to various attacks which could compromise the usersā security and privacy and even cause physical harm. Therefore, securing the network connection for the devices is of utmost importance. In order to secure the network connections, the devices need to be configured with the necessary keys and other connection parameters. There is not yet any widely adopted generic solution for this secure bootstrapping. One proposed solution is out-of-band (OOB) authentication with a protocol called EAP-NOOB, which is a new method for the EAP and IEEE 802.1X authentication framework.
The goal of this thesis is to build a prototype of the EAP-NOOB protocol and deploy the prototype to test it with the real-world scenarios. The protocol requires no a-priori information either about the device or the user is necessary for the bootstrapping. Instead, the userās ownership of the device is established during the bootstrapping process. The protocol was implemented both by adding support for the new EAP method into existing open-source software, the commonly used WPA_Supplicant and Hostapd packages. We also implemented a web interface for the back-end authentication server, which works in tandem with the AAA server, and out-of-band channels based on dynamic QR codes and NFC tags.
We used the prototype to test and demonstrate the EAP-NOOB protocol, including its usability and authentication latency. The bootstrapping procedure can be completed in less than a minute in most cases. The main results of the project are the EAP-NOOB implementation and various improvements and clarifications to the protocol specification. These results are an essential part of the protocol standardization process at IETF
Enhancements to Secure Bootstrapping of Smart Appliances
In recent times, there has been a proliferation of smart IoT devices that make our everyday life more convenient, both at home and at work environment. Most of these smart devices are connected to cloud-based online services, and they typically reuse the existing Wi-Fi network infrastructure for Internet connectivity. Hence, it is of paramount importance to ensure that these devices establish a robust security association with the Wi-Fi networks and cloud-based servers. The initial process by which a device establishes a robust security association with the network and servers is known as secure bootstrapping. The bootstrapping process results in the derivation of security keys and other connection parameters required by the security associations. Since the smart IoT devices often possess minimal user-interface, there is a need for bootstrapping methods with which the users can effortlessly connect their smart IoT devices to the networks and services. Nimble out-of-band authentication for Extensible Authentication Protocol (EAP-NOOB) is one such secure bootstrapping method. It is a new EAP authentication method for IEEE 802.1X/EAP authentication framework. The protocol does not assume or require any pre-configured authentication credentials such as symmetric keys or certificates. In lieu, the authentication credentials along with the userās ownership of the device are established during the bootstrapping process.
The primary goal of this thesis is to study and implement the draft specification of the EAP-NOOB protocol in order to evaluate the working of EAP-NOOB in real-world scenarios. During our implementation and testing of the initial prototype for EAP-NOOB, we discovered several issues in the protocol. In this thesis, we propose a suitable solution for each of the problems identified and also, verify the solutions through implementation and testing. The main results of this thesis work are various enhancements and clarifications to the EAP-NOOB protocol specification. The results consequently aid the standardisation of the protocol at IETF. We also design and implement several additional features for EAP-NOOB to enhance the user experience
A New Scheme of Group-based AKA for Machine Type Communication over LTE Networks
Machine Type Communication (MTC) is considered as one of the most important approaches to the future of mobile communication has attracted more and more attention. To reach the safety of MTC, applications in networks must meet the low power consumption requirements of devices and mass transmission device. When a large number of MTC devices get connected to the network, each MTC device must implement an independent access authentication process according to the 3GPP standard, which will cause serious traffic congestion in the Long Term Evolution (LTE) network. In this article, we propose a new group access authentication scheme, by which a huge number of MTC devices can be simultaneously authenticated by the network and establish an independent session key with the network respectively. Experimental results show that the proposed scheme can achieve robust security and avoid signaling overload on LTE network
A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends
This paper examines the security vulnerabilities and threats imposed by the
inherent open nature of wireless communications and to devise efficient defense
mechanisms for improving the wireless network security. We first summarize the
security requirements of wireless networks, including their authenticity,
confidentiality, integrity and availability issues. Next, a comprehensive
overview of security attacks encountered in wireless networks is presented in
view of the network protocol architecture, where the potential security threats
are discussed at each protocol layer. We also provide a survey of the existing
security protocols and algorithms that are adopted in the existing wireless
network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term
evolution (LTE) systems. Then, we discuss the state-of-the-art in
physical-layer security, which is an emerging technique of securing the open
communications environment against eavesdropping attacks at the physical layer.
We also introduce the family of various jamming attacks and their
counter-measures, including the constant jammer, intermittent jammer, reactive
jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the
integration of physical-layer security into existing authentication and
cryptography mechanisms for further securing wireless networks. Finally, some
technical challenges which remain unresolved at the time of writing are
summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201
- ā¦