Ensuring Accountability and Outsourced Decryption in IoT Systems using Ciphertext-Policy Attribute-Based Encryption

Attribute based cryptography enhances the chances of secure communication on large scale. There are several features of attribute based encryption which have been proposed as different protocols. Most of these are suitable for access control in large systems like cloud services. Very few protocols focus on reducing the computational overhead for lower end devices like Internet of Things sensors and actuators. Hence, it is desirable to have a mix of features in protocols for IoT architecture. Our protocol enforces accountability of different parties involved while reducing the computational overhead during decryption on miniature devices. We prove that our protocol is RCCA-secure in selective security model and achieve accountability and unlinkability

Outsourced CP-ABE with Whitebox Accountability in IoT Systems

Cryptography based on identity and attributes enhances the chance of secure communication on a large scale. Several attribute-based encryption schemes achieve different objectives when used in various protocols. Most of these are suitable for large systems like cloud services. There are a few protocols which focus on reducing the computational overhead for lower end devices like Internet of Things sensors and actuators. It is desirable to have a mix of features in protocols for IoT security architecture. We first propose a scheme to ensure accountability in CPABE scheme FAME. The protocol is proven CPA-secure with full security in random oracle model. We also prove its accountability. We also propose a hybrid protocol that enforces user accountability and outsourced decryption in IoT systems and achieve full security in replayable chosen ciphertext attack (RCCA) under random oracle model

Security protocols for mobile ubiquitous e-health systems

Mención Internacional en el título de doctorWearable and implantable medical devices constitute an already established industry nowadays. According to a recent research [113], North America is currently the most important market followed by Europe, Asia-Pacific and the rest of the world. Additionally, the same document remarks the importance of the Asia-Pacific region due to the rising ageing population and the overpopulation in that area. The most common implantable medical devices include pacemakers, defibrillators, cochlear implants, insulin pumps, and neurostimulators among others. In recent years, the proliferation of smartphones and other mobile “smart” devices with substantial computational and communication capabilities have reshaped the way wireless body area network may be implemented. In their current generation (or in a near future), all of them share a common feature: wireless communication capabilities [127]. Moreover, implantable medical devices have the ability to support and store telemetry data facilitating the remote monitoring of the patient. Medical devices can be part of a wireless body area network, operating both as sensors and as actuators and making decisions in real time. On the other hand, a new kind of devices called wearables such as smart bracelets or smart watches have been equipped with several sensors like Photoplethysmogram (PPG) to record the heart beats, accelerometers to count the steps or Global Positioning System (GPS) to geopositioning users and were originally conceived as cheap solutions to help people to improve their workout. However these devices have demonstrated to be quite useful in many healthcare environments due to a huge variety of different and low-cost medical sensors. Thus, patients can be monitored for long periods of time without interfering in their daily life and taking their vital signs constantly under control. Security and privacy issues have been described as two of the most challenging problems of implantable medical devices and, more generally, wireless body area networks [6, 47, 84, 103]. As an example, it has been demonstrated that somebody equipped with a low cost device can eavesdrop on the data exchanged between a reader and a peacemaker and may even induce a cardiac arrest [71]. Health-related data have been the focus of several attacks almost since the adoption of computers in the healthcare domain. As a recent example, in 2010 personal data from more than 26 million of veterans were stolen from the Department of Veterans Affairs’ database in the US by an employee who had access to the database [104]. The Ponemon Institute pointed out that Germany and the US spent in 2013 more than $7.56 and$11 millions, respectively, to protect personal health records from attacks. This PhD dissertation explores the security and privacy of data in healthcare environments where confidential information is measured in real time by some sensors placed in, on, or around the human body. Security and privacy in medical conditions have been widely studied by the research community, nonetheless with the recent boom of wearable devices, new security issues have arisen. The first part of this dissertation is dedicated to the introduction and to expose both the main motivation and objectives of this PhD Thesis. Additionally the contributions and the organization of this document are also presented. In the second part a recent proposal has been analysed from the security and privacy points of view. From this study, vulnerabilities concerning to full disclosure, impersonation, traceability, de-synchronization, and Denial-of-Service (DoS) attacks have been found. These attacks make the protocol infeasible to be introduced with an adequate security and sufficient privacy protection level. Finally, a new protocol named Fingerprint⁺ protocol for Internet of Thing (IoT) is presented, which is based on ISO/IEC 9798-2 and ISO/IEC 18000-6C and whose security is formally verified using BAN logic. In the third part of this dissertation, a new system based on International Standard Organization (ISO) standards and security National Institute of Standards and Technology (NIST) recommendations have been proposed. First, we present a mutual entity authentication protocol inspired on ISO/IEC 9798 Part 2. This system could be deployed in a hospital where Radio Frequency IDentification (RFID) technology may be used to prune blood-handling errors, i.e., the identities of the patients and blood bags are confirmed (authentication protocol) and after that the matching between both entities is checked (verification step). Second, a secure messaging protocol inspired on ISO/IEC 11770 Part 2 and similar to that used in electronic passports is presented. Nowadays the new generation of medical implants possess wireless connectivity. Imagine a doctor equipped with a reader aims to access the records of vital signals stored on the memory of an implant. In this scenario, the doctor (reader) and the patient (implant) are first mutually authenticated and then a secure exchange of data can be performed. The fourth part of this Thesis provides an architecture based on two cryptographic protocols, the first one is for publishing personal data in a body area network composed of different sensors whereas the second one is designed for sending commands to those sensors by guaranteeing the confidentiality and fine-grained access control to the private data. Both protocols are based on a recently proposed public cryptography paradigm named ciphertext policy attribute-based encryption scheme which is lightweight enough to be embedded into wearable devices and sensors. Contrarily to other proposals made on this field, this architecture allows sensors not only to encrypt data but also to decrypt messages generated by other devices. The fifth part presents a new decentralized attribute based encryption scheme named Decentralized Ciphertext-Policy Attribute Based Searchable Encryption that incorporates ciphertext-policy attribute-based encryption with keyword search over encrypted data. This scheme allows users to (a) encrypt their personal data collected by a Wireless Body Area Network (WBAN) according to a policy of attributes; (b) define a set of keywords to enable other users (e.g., hospital stuff) to perform encrypted search over their personal (encrypted) data; (c) securely store the encrypted data on a semi-honest server and let the semi-honest server run the (encrypted) keyword search. Note that any user can perform a keyword query on the encrypted data, however the decryption of the resulting ciphertexts is possible only for users whose attribute satisfy the policy with which the data had been encrypted. We state and prove the security of our scheme against an honest-but-curious server and a passive adversary. Finally, we implement our system on heterogeneous devices and demonstrate its efficiency and scalability. Finally, this document ends with a conclusions achieved during this PhD and a summary of the main published contributions.Los dispositivos médicos implantables como los marcapasos o las bombas de insulina fueron concebidas originalmente para controlar automáticamente ciertos parámetros biológicos y, llegado el caso, poder actuar ante comportamientos anómalos como ataques cardíacos o episodios de hipoglucemia. Recientemente, han surgido uno dispositivos llamados wearables como las pulseras cuantificadoras, los relojes inteligentes o las bandas pectorales. Estos dispositivos han sido equipados con un número de sensores con capacidad de monitorizar señales vitales como el ritmo cardíaco, los movimientos (acelerómetros) o sistemas de posicionamiento (GPS) entre otros muchas opciones, siendo además una solución asequible y accesible para todo el mundo. A pesar de que el propósito original fue la mejora del rendimiento en actividades deportivas, estos dispositivos han resultado ser de gran utilidad en entornos médicos debido a su amplia variedad de sensores. Esta tecnología puede ayudar al personal médico a realizar seguimientos personalizados, constantes y en tiempo real del comportamiento de los pacientes, sin necesidad de interferir en sus vidas cotidianas. Esta Tesis doctoral está centrada en la seguridad y privacidad en entornos médicos, donde la información es recogida en tiempo real a través de una serie de sensores que pueden estar implantados o equipados en el propio paciente. La seguridad y la privacidad en entornos médicos ha sido el foco de muchos investigadores, no obstante con el reciente auge de los wearables se han generado nuevos retos debido a que son dispositivos con fuertes restricciones de cómputo, de memoria, de tamaño o de autonomía. En la primera parte de este documento, se introduce el problema de la seguridad y la privacidad en el paradigma de Internet de las cosas y haciendo especial hincapié en los entornos médicos. La motivación así como los principales objetivos y contribuciones también forman parte de este primer capítulo introductorio. La segunda parte de esta Tesis presenta un nuevo protocolo de autenticación basado en RFID para IoT. Este capítulo analiza previamente, desde el punto de vista de la seguridad y la privacidad un protocolo publicado recientemente y, tras demostrar que carece de las medidas de seguridad suficientes, un nuevo protocolo llamado Fingerprint⁺ compatible con los estándares de seguridad definidos en el estándar ISO/IEC 9798-2 y EPC-C1G2 (equivalente al estándard ISO/IEC 18000-6C) ha sido propuesto. Un nuevo sistema basado en estándares ISO y en recomendaciones realizadas por el NIST ha sido propuesto en la tercera parte de esta Tesis. En este capítulo se presentan dos protocolos bien diferenciados, el primero de ellos consiste en un protocolo de autenticación basado en el estándar ISO/IEC 9798 Part 2. A modo de ejemplo, este protocolo puede evitar problemas de compatibilidad sanguínea, es decir, primero se confirma que el paciente es quien dice ser y que la bolsa de sangre realmente contiene sangre (proceso de autenticación). Posteriormente se comprueba que esa bolsa de sangre va a ser compatible con el paciente (proceso de verificación). El segundo de los protocolos propuestos consiste en un protocolo seguro para el intercambio de información basado en el estándar ISO/IEC 11770 Part 2 (el mismo que los pasaportes electrónicos). Siguiendo con el ejemplo médico, imaginemos que un doctor equipado con un lector de radiofrecuencia desea acceder a los datos que un dispositivo implantado en el paciente está recopilando. En este escenario tanto el lector como el implante, se deben autenticar mutuamente para poder realizar el intercambio de información de manera segura. En el cuarto capítulo, una nueva arquitectura basada en el modelo de Publish/Subscribe ha sido propuesto. Esta solución está compuesta de dos protocolos, uno para el intercambio de información en una red de área personal y otro para poder reconfigurar el comportamiento de los sensores. Ambos protocolos están diseñados para garantizar tanto la seguridad como la privacidad de todos los datos que se envían en la red. Para ello, el sistema está basado en un sistema de criptografía de clave pública llamado Attribute Based Encryption que es suficientemente ligero y versátil como para ser implementado en dispositivos con altas restricciones de cómputo y de memoria. A continuación, en el quinto capítulo se propone una solución completamente orientada a entornos médicos donde la información que los sensores obtienen de los pacientes es cifrada y almacenada en servidores públicos. Una vez en estos servidores, cualquier usuario con privilegios suficientes puede realizar búsquedas sobre datos cifrados, obtener la información y descifrarla. De manera adicional, antes de que los datos cifrados se manden a la nube, el paciente puede definir una serie de palabras claves que se enlazarán a los datos para permitir posteriormente búsquedas y así obtener la información relacionada a un tema en concreto de manera fácil y eficiente. El último capítulo de esta Tesis se muestran las principales conclusiones obtenidas así como un resumen de las contribuciones científicas publicadas durante el período doctoral.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alís.- Vocal: Jesús Garicia López de Lacall

Preserving Secrecy in Online Social Networks: Data Outsourcing, Access Control, and Secrecy Schemes

In den vergangenen Jahren haben sich Online Social Networks (OSNs) wie Facebook und Foursquare zu einer beliebten Möglichkeit der Kommunikation und des Teilens von Informationen unter Nutzern entwickelt. OSNs sind virtuelle Communitys, die Informationen über die Nutzer und die zwischen ihnen bestehenden Beziehungen, wie z.~B. Freundschaften, enthalten. Zusätzlich dazu, dass eine Interaktion der Nutzer untereinander ermöglicht wird, bieten OSNs ihren Nutzern normalerweise verschiedene Arten von Dienstleistungen an, wie z.~B. die Abfrage nach Freunden innerhalb einer bestimmten Entfernung. Um auf diese Dienstleistungen zugreifen zu können, kann es sein, dass Nutzer darum gebeten werden, in den OSN-Systemen eine Reihe von Informationen, wie z.~B. ihre physische Position, zu speichern. Da die meisten der in OSNs gespeicherten Informationen zu deren Nutzern privater Natur sind, ist es von wesentlicher Bedeutung, die Informationen vor unbefugtem Zugriff zu schützen, um Geheimhaltungsprobleme zu vermeiden. Zu diesem Zweck verwenden OSNs Zugriffskontrollsysteme. Diese Systeme haben drei Hauptkomponenten, nämlich die Zugriffskontrollrichtlinien, das Zugriffskontrollmodell und den Autorisierungsmechanismus. Die Zugriffskontrollrichtlinien ermöglichen es Nutzern zu spezifizieren, wer auf deren Ressourcen zugreifen darf. Das Zugriffskontrollmodell bietet die Syntax und Semantik, um die Zugriffskontrollrichtlinien zu formalisieren. Die formale Repräsentation der Zugriffskontrollrichtlinien in einem Zugriffskontrollmodell wird als Autorisierung bezeichnet. Der Autorisierungsmechanismus, welcher von den OSN-Anbietern verwaltet wird, setzt die Autorisierungen durch. Obwohl in der Literatur verschiedene Zugriffskontrollsysteme vorgeschlagen wurden, gibt es zwei Hauptprobleme in Bezug auf diese Systeme, die sich auf die Verbreitung von OSNs auswirken können. Das erste Problem bezieht sich auf die Flexibilität von Zugriffskontrollmodellen. Eine der größten Herausforderungen von OSNs besteht darin, das Teilen von Informationen unter ihren Nutzern zu fördern. Nutzer neigen normalerweise dazu, Informationen nur mit Nutzern zu teilen, die bestimmte Bedingungen erfüllen; andernfalls tun sie es nicht. Zu diesem Zweck sollten Zugriffskontrollsysteme den Spezifizierern der Richtlinien Flexibilität bieten, damit diese die Bedingungen bezüglich des Zugriffs auf ihre Daten ausdrücken können. Wenn Nutzer entscheiden, wer auf ihre Ressourcen zugreifen darf, hängen die Zugriffsbedingungen von sozialen Faktoren und menschlichem Verhalten ab. Studien in Fachgebieten wie der Psychologie und der Soziologie haben nachgewiesen, dass Menschen zwar ein Selbstinteresse haben, oftmals jedoch gegenseitig von dieser Haltung abweichen. Gegenseitigkeit bedeutet, dass Menschen als Antwort auf freundliche Handlungen kooperativer werden. Daher ist Gegenseitigkeit eine starke Determinante in Bezug auf menschliches Verhalten. Bestehende Zugriffsrichtlinien erfassen dieses Phänomen der Gegenseitigkeit jedoch nicht, was dazu führen kann, dass Nutzer davon abgehalten werden, Informationen zu teilen. Das zweite Problem besteht darin, dass Nutzer OSN-Anbietern dahingehend vertrauen müssen, dass sie ihre Daten schützen, wenn sie die Autorisierungen durchsetzen. Aktuelle Datenschutzverletzungen haben die Vertrauenswürdigkeit der Dienstleistungsanbieter in Frage gestellt. Scheinbar steigert der zunehmende wirtschaftliche Gewinn, der aus dem Verkauf personenbezogener Daten erzielt wird, die Versuchung der Anbieter, Betrug zu begehen. In dieser Dissertation werden Techniken und Modelle entwickelt, um auf diese zwei Probleme einzugehen. Die Arbeit ist in drei Abschnitte aufgeteilt. Der erster Beitrag behandelt das Flexibilitätsproblem von Zugriffskontrollmodellen. Hier schlagen wir die Syntax und Semantik einer neuen Art von Autorisierung vor, die als gegenseitig bezeichnet wird und es ermöglicht, wechselseitiges Verhalten zu modellieren. Gegenseitigkeit kommt im Rahmen der Zugriffskontrolle zum Zuge, wenn Personen jenen Nutzern den Zugriff auf ihre Ressourcen gewähren, die ihnen erlauben, das Gleiche zu tun. Wir verwenden standortbasierte Dienstleistungen als Beispiel für den Einsatz gegenseitiger Autorisierungen. Zu diesem Zweck schlagen wir zwei Ansätze vor, um gegenseitige Autorisierungen in diese Dienstleistungen zu integrieren. Darüber hinaus weisen wir die Stimmigkeit beider Ansätze nach und bestimmen auf dem Wege von Komplexitätsanalysen, unter welchen Bedingungen jeder Ansatz jeweils leistungsfähiger ist als der andere. Unsere zweiten und dritten Beiträge gehen aus zwei verschiedenen Blickwinkeln auf das Misstrauen von Nutzern bezüglich der Dienstleistungsanbieter ein. Unser zweiter Beitrag erörtert das Szenario, in welchem der Nutzer, d. h. die Einheit, welche Abfragen von Daten durchführen möchte, auch Eigentümer der Daten ist. Aufgrund von Ressourcenbeschränkungen möchte der Nutzer die Daten jedoch nicht allein verwalten. Er möchte dies an einen Dienstleistungsanbieter auslagern, um bei einer Abfrage einen Teil der Daten abrufen zu können, welche der Durchführung der Abfrage Genüge leisten. In diesem Fall besteht kein Bedarf an Zugriffsrichtlinien, da es einen einzelnen Nutzer gibt, der Eigentümer der Daten ist. Daher kann in diesem Szenario das Vertrauensproblem bezüglich Dienstleistungsanbietern auf die Geheimhaltung ausgelagerter Daten reduziert werden. Außerdem ist es für den Nutzer wichtig, in der Lage zu sein, eine Anpassung zwischen Geheimhaltung und Leistung vorzunehmen, da die Abfrage nutzerseitig, unter Verwendung des erhaltenen Datenabschnitts, berechnet wird und weil eine negative Korrelation zwischen Geheimhaltung und Leistung besteht. Diese Art von Szenario findet aufgrund der wirtschaftlichen und organisatorischen Vorteile von „Database-as-a-Service“ oft bei Startup-Unternehmen Anwendung. Insbesondere in diesem Bereich weisen viele Daten eine Graphstruktur auf, z.~B. Protein-Netzwerke, Straßen-Netzwerke und Stromnetz-Netzwerke. Hier schlagen wir einen Gruppierungsansatz für die sichere Auslagerung von Daten mit Graphstrukturen vor, wobei nachweisbare Geheimhaltungsgarantien geboten werden. Unser Ansatz ermöglicht es Nutzern, Anpassungen zwischen Ebenen von Geheimhaltung und Leistung vorzunehmen. Zusätzlich entwickeln wir zur Erleichterung der Planung von Abfragen ein Modell, welches das Verhalten unseres Algorithmus vorhersagen kann. Unser dritter Beitrag berücksichtigt den Fall, in dem es einem Nutzer nicht ermöglicht wird, auf Daten zuzugreifen, die zur Durchführung von Abfragen nötig sind. Die Nutzer haben jedoch Zugriff auf die Ergebnisse der Abfrage bezüglich der Daten. In diesem Szenario gibt es typischerweise mehrere Nutzer, wobei jeder einen anderen Teil der Daten besitzt, und jeder Nutzer auf Basis von spezifizierten Zugriffsrichtlinien auf Abfrageergebnisse bezüglich der Daten zugreifen kann, die anderen gehören. Dann muss der OSN-Anbieter die erforderliche Kernberechnung durchführen, und der Nutzer kann nur auf das Ergebnis von Dienstleistungen zugreifen, die vom OSN geboten werden. Für dieses Szenario entwickeln wir zwei Methoden, welche bestehende Verschlüsselungsschemata kombinieren, um es Nutzern von OSNs zu ermöglichen, Abfragen bezüglich Freunden in einer bestimmten Entfernung durchzuführen. Beide Ansätze beinhalten eine Aufhebungsfunktion und bieten Geheimhaltungsgarantien unter der Annahme geheimer Absprachen, d. h. ein Gegenspieler kann mit dem Dienstleistungsanbieter zusammenspielen. Daneben bieten wir Komplexitätsanalysen unserer Ansätze, um diese bewerten und vergleichen zu können. Unsere Analysen teilen uns mit, welcher Ansatz in jeder Einheit, die in dem System involviert ist, leistungsfähiger ist. Diese Dissertation beinhaltet eine umfassende experimentelle Analyse all unserer Ansätze auf Basis von synthetischen und realen Datensätzen, welche die Wirksamkeit unserer Methoden bestätigen

Security and Privacy in the Internet of Things

The Internet of Things (IoT) is an emerging paradigm that seamlessly integrates electronic devices with sensing and computing capability into the Internet to achieve intelligent processing and optimized controlling. In a connected world built through IoT, where interconnected devices are extending to every facet of our lives, including our homes, offices, utility infrastructures and even our bodies, we are able to do things in a way that we never before imagined. However, as IoT redefines the possibilities in environment, society and economy, creating tremendous benefits, significant security and privacy concerns arise such as personal information confidentiality, and secure communication and computation. Theoretically, when everything is connected, everything is at risk. The ubiquity of connected things gives adversaries more attack vectors and more possibilities, and thus more catastrophic consequences by cybercrimes. Therefore, it is very critical to move fast to address these rising security and privacy concerns in IoT systems before severe disasters happen. In this dissertation, we mainly address the challenges in two domains: (1) how to protect IoT devices against cyberattacks; (2) how to protect sensitive data during storage, dissemination and utilization for IoT applications. In the first part, we present how to leverage anonymous communication techniques, particularly Tor, to protect the security of IoT devices. We first propose two schemes to enhance the security of smart home by integrating Tor hidden services into IoT gateway for users with performance preference. Then, we propose a multipath-routing based architecture for Tor hidden services to enhance its resistance against traffic analysis attacks, and thus improving the protection for smart home users who desire very strong security but care less about performance. In the second part of this dissertation, we explore the solutions to protect the data for IoT applications. First, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Then, we turn our attention to the data analysis in IoT applications, which is one of the core components of IoT applications. We propose a cloud-assisted, privacy-preserving machine learning classification scheme over encrypted data for IoT devices. Our scheme is based on a three-party model coupled with a two-stage decryption Paillier-based cryptosystem, which allows a cloud server to interact with machine learning service providers (MLSPs) and conduct computation intensive classification on behalf of the resourced-constrained IoT devices in a privacy-preserving manner. Finally, we explore the problem of privacy-preserving targeted broadcast in IoT, and propose two multi-cloud-based outsourced-ABE (attribute-based encryption) schemes. They enable the receivers to partially outsource the computationally expensive decryption operations to the clouds, while preventing attributes from being disclosed

Multiple Access for Massive Machine Type Communications

The internet we have known thus far has been an internet of people, as it has connected people with one another. However, these connections are forecasted to occupy only a minuscule of future communications. The internet of tomorrow is indeed: the internet of things. The Internet of Things (IoT) promises to improve all aspects of life by connecting everything to everything. An enormous amount of effort is being exerted to turn these visions into a reality. Sensors and actuators will communicate and operate in an automated fashion with no or minimal human intervention. In the current literature, these sensors and actuators are referred to as machines, and the communication amongst these machines is referred to as Machine to Machine (M2M) communication or Machine-Type Communication (MTC). As IoT requires a seamless mode of communication that is available anywhere and anytime, wireless communications will be one of the key enabling technologies for IoT. In existing wireless cellular networks, users with data to transmit first need to request channel access. All access requests are processed by a central unit that in return either grants or denies the access request. Once granted access, users' data transmissions are non-overlapping and interference free. However, as the number of IoT devices is forecasted to be in the order of hundreds of millions, if not billions, in the near future, the access channels of existing cellular networks are predicted to suffer from severe congestion and, thus, incur unpredictable latencies in the system. On the other hand, in random access, users with data to transmit will access the channel in an uncoordinated and probabilistic fashion, thus, requiring little or no signalling overhead. However, this reduction in overhead is at the expense of reliability and efficiency due to the interference caused by contending users. In most existing random access schemes, packets are lost when they experience interference from other packets transmitted over the same resources. Moreover, most existing random access schemes are best-effort schemes with almost no Quality of Service (QoS) guarantees. In this thesis, we investigate the performance of different random access schemes in different settings to resolve the problem of the massive access of IoT devices with diverse QoS guarantees. First, we take a step towards re-designing existing random access protocols such that they are more practical and more efficient. For many years, researchers have adopted the collision channel model in random access schemes: a collision is the event of two or more users transmitting over the same time-frequency resources. In the event of a collision, all the involved data is lost, and users need to retransmit their information. However, in practice, data can be recovered even in the presence of interference provided that the power of the signal is sufficiently larger than the power of the noise and the power of the interference. Based on this, we re-define the event of collision as the event of the interference power exceeding a pre-determined threshold. We propose a new analytical framework to compute the probability of packet recovery failure inspired by error control codes on graph. We optimize the random access parameters based on evolution strategies. Our results show a significant improvement in performance in terms of reliability and efficiency. Next, we focus on supporting the heterogeneous IoT applications and accommodating their diverse latency and reliability requirements in a unified access scheme. We propose a multi-stage approach where each group of applications transmits in different stages with different probabilities. We propose a new analytical framework to compute the probability of packet recovery failure for each group in each stage. We also optimize the random access parameters using evolution strategies. Our results show that our proposed scheme can outperform coordinated access schemes of existing cellular networks when the number of users is very large. Finally, we investigate random non-orthogonal multiple access schemes that are known to achieve a higher spectrum efficiency and are known to support higher loads. In our proposed scheme, user detection and channel estimation are carried out via pilot sequences that are transmitted simultaneously with the user's data. Here, a collision event is defined as the event of two or more users selecting the same pilot sequence. All collisions are regarded as interference to the remaining users. We first study the distribution of the interference power and derive its expression. Then, we use this expression to derive simple yet accurate analytical bounds on the throughput and outage probability of the proposed scheme. We consider both joint decoding as well as successive interference cancellation. We show that the proposed scheme is especially useful in the case of short packet transmission

Decentralized Authorization with Private Delegation

Authentication and authorization systems can be found in almost every software system, and consequently affects every aspect of our lives. Despite the variety in the software that relies on authorization, the authorization subsystem itself is almost universally architected following a common pattern with unfortunate characteristics.The first of these is that there usually exists a set of centralized servers that hosts the set of users and their permissions. This results in a number of security threats, such as permitting the operator of the authorization system to view or even change the permission data for all users. Secondly, these systems do not permit federation across administrative domains, as there is no safe choice of system operator: any operator would have visibility and control in all administrative domains, which is unacceptable. Thirdly, these systems do not offer transitive delegation: when a user grants permission to another user, the permissions of the recipient are not predicated upon the permissions of the granter. This makes it very difficult to reason about permissions as the complexity of the system grows, especially in the federation across domains case where no party can have absolute visibility into all permissions.Whilst several other systems, such as financial systems (e.g. blockchains) and communication systems (e.g. Signal / WhatsApp) have recently been reinvented to incorporate decentralization and privacy, there has been little attention paid to improving the authorization systems. This work aims to address that by asking the question ``How can we construct an authorization system that supports first-class transitive delegation across administrative domains without trusting a central authority or compromising on privacy?''We survey several models for authorization and find that Graph Based Authorization, where principals are vertices in a graph and delegation between principals are edges in the graph, is capable of capturing transitive delegation as a first class primitive, whilst also retaining compatibility with existing techniques such as Discretionary Access Control or Role Based Access Control. A proof of permission in the Graph Based Authorization model is represented by a path through the graph formed from the concatenation of individual edges. Whilst prior implementations of Graph Based Authorization do not meet the decentralization or privacy-preserving goals, we find that this is not intrinsic, and can be remedied by introducing two new techniques. The first is the construction of a global storage tier that cryptographically proves its integrity, and the second is an encryption technique that preserves the privacy of attestations in global storage.The horizontally-scalable storage tier is based on a new data structure, the Unequivocable Log Derived Map, which is composed of three Merkle trees. Consistency proofs over these trees allow a server to prove that objects exist or do not exist within storage, as well as proving that the storage is append-only (no previously inserted objects have been removed). Our scheme advances prior work in this field by permitting efficient auditing that scales with the number of additions to the storage rather than scaling with the total number of stored objects. By utilizing cryptographic proofs of integrity, we force storage servers to either behave honestly, or become detected as compromised. Thus, even though the architecture is centralized for availability and performance, it is does not introduce any central authorities.The design of the storage does not ensure the privacy of the permission data stored within it. We address this through the introduction of Reverse Discoverable Encryption. This technique uses the objects representing grants of permission as a key dissemination channel, thus operating without communication between participants. By using Wildcard Key Derivation Identity Based Encryption in a non-standard way (with no central Private Key Generator) we allow for permission objects to be encrypted using the authorization policy as a key. Thus, RDE permits the recipient of some permissions to decrypt other compatible permissions granted to the grantee that could be concatenated together to form a valid proof. RDE therefore protects the privacy of permission objects in storage whilst still permitting decryption of those objects by authorized parties.We construct an implementation of these techniques, named WAVE, and evaluate its performance. We find that WAVE has similar performance to the widely used OAuth system and performs better than the equally widely used LDAP system, despite offering significantly better security properties. We present an advancement to Graph Based Authorization which efficiently represents complex authorization proofs as a compact subgraph rather than a sequence of linear paths, and present a technique for efficient discovery of such proofs.To validate our techniques and ensure their efficacy in practice, we pose an additional question: ``How can we leverage WAVE to improve the security of IoT communications?'' We present a microservice architecture that abstracts the interfaces of IoT devices to permit a uniform security policy to be applied to heterogeneous devices of similar function. This is achieved by enforcing security policy at the communication bus and using hardware abstraction microservices to adapt the interfaces that devices expose on this communication bus. We construct and evaluate an instance of this communication bus, WAVEMQ and find that, with appropriate caching, its performance is comparable to that of prior publish/subscribe information busses. We discover that by enforcing WAVE's security model in the core of the network, we gain a resistance to denial of service attacks. This is particularly valuable in the IoT context where devices are typically resource constrained or connected by a bandwidth-limited link

Efficient Security Protocols for Constrained Devices

During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it