IoTLogBlock: Recording Off-line Transactions of Low-Power IoT Devices Using a Blockchain

For any distributed system, and especially for the\ua0Internet of Things, recording interactions between devices is\ua0essential. At first glance, blockchains seem to be suitable for\ua0storing these interactions, as they allow multiple parties to share\ua0a distributed ledger. However, at a closer look, blockchains require heavy computations, large memory capacity, and alwayson communication to the cloud; these are three properties that\ua0are challenging for IoT devices with limited resources.In this paper, we present IoTLogBlock to address these challenges. IoTLogBlock connects resource-constrained IoT devices\ua0to the blockchain, and it consists of three building blocks jointly\ua0enabling recording transactions: a lightweight contract signing\ua0protocol, a blockchain network, and a smart contract. The\ua0contract signing protocol allows devices to interact locally to\ua0perform transactions, even if no communication to the cloud\ua0and the blockchain exists at that moment. At a later time, devices\ua0forward the stored transactions to the blockchain, where a smart\ua0contract ultimately verifies the transactions.We evaluate our design on low-power devices and quantify\ua0the performance in terms of memory, computation, and energy\ua0consumption. Our results show that a constrained device can\ua0create and sign a transaction within 3 s on average. Finally, we\ua0expose the devices to network scenarios with edge connections\ua0ranging from 10 s to over 2 h

A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol

We propose a formal model of rational exchange and exchange protocols in general, which is based on game theory. In this model, an exchange protocol is represented as a set of strategies in a game that is played by the protocol parties and the network that they use to communicate with each other. Within this model, we give a formal definition for rational exchange and various other properties of exchange protocols, including fairness. In particular, rational exchange is defined in terms of a Nash equilibrium in the protocol game. We also study the relationship between rational and fair exchange, and prove that fairness implies rationality, but not vice versa. Finally, we illustrate the usage of our formal model for the analysis of existing rational exchange protocols by analyzing a protocol proposed by Syverson. We show that the protocol is rational only under the assumption that the network is reliable

Enhancing Trust in Devices and Transactions of the Internet of Things

With the rise of the Internet of Things (IoT), billions of smart embedded devices will interact frequently.These interactions will produce billions of transactions.With IoT, users can utilize their phones, home appliances, wearables, or any other wireless embedded device to conduct transactions.For example, a smart car and a parking lot can utilize their sensors to negotiate the fees of a parking spot.The success of IoT applications highly depends on the ability of wireless embedded devices to cope with a large number of transactions.However, these devices face significant constraints in terms of memory, computation, and energy capacity.With our work, we target the challenges of accurately recording IoT transactions from resource-constrained devices. We identify three domain-problems: a) malicious software modification, b) non-repudiation of IoT transactions, and c) inability of IoT transactions to include sensors readings and actuators.The motivation comes from two key factors.First, with Internet connectivity, IoT devices are exposed to cyber-attacks.Internet connectivity makes it possible for malicious users to find ways to connect and modify the software of a device.Second, we need to store transactions from IoT devices that are owned or operated by different stakeholders.The thesis includes three papers. In the first paper, we perform an empirical evaluation of Secure Boot on embedded devices.In the second paper, we propose IoTLogBlock, an architecture to record off-line transactions of IoT devices.In the third paper, we propose TinyEVM, an architecture to execute off-chain smart contracts on IoT devices with an ability to include sensor readings and actuators as part of IoT transactions

Security analysis of an e-commerce solution

The escalation in the number of people with access to the Internet has fuelled the growth of e-commerce transactions. In order to stimulate this growth in e-commerce, the adoption of new business models will be required. In this thesis, we propose the idea of bringing the multi-level marketing business model into the e-commerce world. For e-commerce applications to take advantage of the business potential in this business model, some challenging security problems need to be resolved. Our proposed protocol provides a method for fair exchange of valuable items between multiple-parties in accordance with the multi-level marketing business model. It also provides the required security services needed to increase the overall customers' trust in e-commerce, and hence increase the rate of committed online transactions. These security services include content assurance, confidentiality, fair exchange and non-repudiation. The above security services are usually attained through the use of cryptography. For example, digital rights management systems deliver e-goods in an encrypted format. As these e-goods are decrypted before being presented to the end user, cryptographic keys may appear in the memory which leaves it vulnerable to memory disclosure attacks. In the second part of this thesis, we investigate a set of memory disclosure attacks which may compromise the confidentiality of cryptographic keys. We demonstrate that the threat of these attacks is real by exposing the secret private keys of several cryptographic algorithms used by different cryptographic implementations of the Java Cryptographic Extension (JCE

Design and evaluation of information flow signature for secure computation of applications

This thesis presents an architectural solution that provides secure and reliable execution of an application that computes critical data, in spite of potential hardware and software vulnerabilities. The technique does not require source code of or specifications about the malicious library function(s) called during execution of an application. The solution is based on the concept of Information Flow Signatures (IFS). The technique uses both a model-checker-based symbolic fault injection analysis tool called SymPLFIED to generate an IFS for an application or operating system, and runtime signature checking at the level of hardware to protect the integrity of critical data. The runtime checking is implemented in the IFS module. Reliable computation of data is ensured by the critical value re-computation (CVR) module. Prototype implementation of the signature checking and reliability module on a soft processor within an FPGA incurs no performance overhead and about 12% chip area overhead. The security module itself incurs about 7.5% chip area overhead. Performance evaluations indicate that the IFS module incurs as little as 3-4% overhead compared to 88-100% overhead when the runtime checking is implemented as a part of software. Preliminary testing indicates that the technique can provide 100% coverage for insider attacks that manifest as memory corruption and change the architectural state of the processor. Hence the IFS and CVR implementation offers a flexible, low-overhead, high-coverage method for ensuring reliable and secure computing

Protocols de seguretat amb terceres parts

Les solucions proposades en els articles científics sobre els intercanvis electrònics entre dues parts sovint involucren terceres parts (TTPs) per resoldre i simplificar el problema, però els usuaris hi han de dipositar una certa confiança. Ara bé, la confiança no és garantia ferma del compliment dels requisits de seguretat. Per això, molts usuaris són reticents a dipositar confiança en entitats remotes, fet que en dificulta l’ús. Aquí mostram com, a partir d’un determinat protocol de seguretat, podem aconseguir que la TTP involucrada sigui verificable. Construïm un entorn de confiança dins del protocol per mitjà del subministrament d’evidències sobre cada una de les operacions de la TTP (definim i introduïm la verificabilitat on-line de la TTP). Aconseguim això gràcies a la detecció, l’anàlisi i la classificació de cada una de les accions de la TTP. Aportam unes orientacions de disseny que faciliten la introducció de TTPs verificables dins dels protocols