LMGROUP: A Lightweight Multicast Group Key Management for IoT Networks

Due to limitations of IoT networks including limited bandwidth, memory, battery, etc., secure multicast group communication has gained more attention, and to enable that a group key establishment scheme is required to share the secret key among the group members. The current group key establishment protocols were mostly designed for Wireless Sensor Network, and they require device interaction, high computation costs, or high storage on the device side. To address these drawbacks, in this paper we design LMGROUP, a lightweight and multicast group key establishment protocol for IoT networks, that is based on Elliptic Curve Integrated Encryption Scheme and HMAC verification and does not require device interaction. We also suggest an algorithm for unpredictable group member selection. Our experimental result of implementing LMGROUP indicates it has low storage, low computation, and low communication costs. Furthermore, the formal security verification indicates LMGROUP is secure and robust against different attacks

Cryptographic Key Distribution In Wireless Sensor Networks Using Bilinear Pairings

It is envisaged that the use of cheap and tiny wireless sensors will soon bring a third wave of evolution in computing systems. Billions of wireless senor nodes will provide a bridge between information systems and the physical world. Wireless nodes deployed around the globe will monitor the surrounding environment as well as gather information about the people therein. It is clear that this revolution will put security solutions to a great test. Wireless Sensor Networks (WSNs) are a challenging environment for applying security services. They differ in many aspects from traditional fixed networks, and standard cryptographic solutions cannot be used in this application space. Despite many research efforts, key distribution in WSNs still remains an open problem. Many of the proposed schemes suffer from high communication overhead and storage costs, low scalability and poor resilience against different types of attacks. The exclusive usage of simple and energy efficient symmetric cryptography primitives does not solve the security problem. On the other hand a full public key infrastructure which uses asymmetric techniques, digital signatures and certificate authorities seems to be far too complex for a constrained WSN environment. This thesis investigates a new approach to WSN security which addresses many of the shortcomings of existing mechanisms. It presents a detailed description on how to provide practical Public Key Cryptography solutions for wireless sensor networks. The contributions to the state-of-the-art are added on all levels of development beginning with the basic arithmetic operations and finishing with complete security protocols. This work includes a survey of different key distribution protocols that have been developed for WSNs, with an evaluation of their limitations. It also proposes Identity- Based Cryptography (IBC) as an ideal technique for key distribution in sensor networks. It presents the first in-depth study of the application and implementation of Pairing- Based Cryptography (PBC) to WSNs. This is followed by a presentation of the state of the art on the software implementation of Elliptic Curve Cryptography (ECC) on typical WSNplatforms. New optimized algorithms for performing multiprecision multiplication on a broad range of low-end CPUs are introduced as well. Three novel protocols for key distribution are proposed in this thesis. Two of these are intended for non-interactive key exchange in flat and clustered networks respectively. A third key distribution protocol uses Identity-Based Encryption (IBE) to secure communication within a heterogeneous sensor network. This thesis includes also a comprehensive security evaluation that shows that proposed schemes are resistant to various attacks that are specific to WSNs. This work shows that by using the newest achievements in cryptography like pairings and IBC it is possible to deliver affordable public-key cryptographic solutions and to apply a sufficient level of security for the most demanding WSN applications

Enabling FrodoKEM on Embedded Devices

FrodoKEM is a lattice-based Key Encapsulation Mechanism (KEM) based on unstructured lattices. From a security point of view this makes it a conservative option to achieve post-quantum security, hence why it is favored by several European authorities (e.g., German BSI and French ANSSI). Relying on unstructured instead of structured lattices (e.g., CRYSTALS-Kyber) comes at the cost of additional memory usage, which is particularly critical for embedded security applications such as smart cards. For example, prior FrodoKEM-640 implementations (using AES) on Cortex-M4 require more than 80 kB of stack making it impossible to run on some embedded systems. In this work, we explore several stack reduction strategies and the resulting time versus memory trade-offs. Concretely, we reduce the stack consumption of FrodoKEM by a factor 2–3× compared to the smallest known implementations with almost no impact on performance. We also present various time-memory trade-offs going as low as 8 kB for all AES parameter sets, and below 4 kB for FrodoKEM-640. By introducing a minor tweak to the FrodoKEM specifications, we additionally reduce the stack consumption down to 8 kB for all the SHAKE versions. As a result, this work enables FrodoKEM on more resource constrained embedded systems

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

IoT and Sensor Networks in Industry and Society

The exponential progress of Information and Communication Technology (ICT) is one of the main elements that fueled the acceleration of the globalization pace. Internet of Things (IoT), Artificial Intelligence (AI) and big data analytics are some of the key players of the digital transformation that is affecting every aspect of human's daily life, from environmental monitoring to healthcare systems, from production processes to social interactions. In less than 20 years, people's everyday life has been revolutionized, and concepts such as Smart Home, Smart Grid and Smart City have become familiar also to non-technical users. The integration of embedded systems, ubiquitous Internet access, and Machine-to-Machine (M2M) communications have paved the way for paradigms such as IoT and Cyber Physical Systems (CPS) to be also introduced in high-requirement environments such as those related to industrial processes, under the forms of Industrial Internet of Things (IIoT or I2oT) and Cyber-Physical Production Systems (CPPS). As a consequence, in 2011 the German High-Tech Strategy 2020 Action Plan for Germany first envisioned the concept of Industry 4.0, which is rapidly reshaping traditional industrial processes. The term refers to the promise to be the fourth industrial revolution. Indeed, the first industrial revolution was triggered by water and steam power. Electricity and assembly lines enabled mass production in the second industrial revolution. In the third industrial revolution, the introduction of control automation and Programmable Logic Controllers (PLCs) gave a boost to factory production. As opposed to the previous revolutions, Industry 4.0 takes advantage of Internet access, M2M communications, and deep learning not only to improve production efficiency but also to enable the so-called mass customization, i.e. the mass production of personalized products by means of modularized product design and flexible processes. Less than five years later, in January 2016, the Japanese 5th Science and Technology Basic Plan took a further step by introducing the concept of Super Smart Society or Society 5.0. According to this vision, in the upcoming future, scientific and technological innovation will guide our society into the next social revolution after the hunter-gatherer, agrarian, industrial, and information eras, which respectively represented the previous social revolutions. Society 5.0 is a human-centered society that fosters the simultaneous achievement of economic, environmental and social objectives, to ensure a high quality of life to all citizens. This information-enabled revolution aims to tackle today’s major challenges such as an ageing population, social inequalities, depopulation and constraints related to energy and the environment. Accordingly, the citizens will be experiencing impressive transformations into every aspect of their daily lives. This book offers an insight into the key technologies that are going to shape the future of industry and society. It is subdivided into five parts: the I Part presents a horizontal view of the main enabling technologies, whereas the II-V Parts offer a vertical perspective on four different environments. The I Part, dedicated to IoT and Sensor Network architectures, encompasses three Chapters. In Chapter 1, Peruzzi and Pozzebon analyse the literature on the subject of energy harvesting solutions for IoT monitoring systems and architectures based on Low-Power Wireless Area Networks (LPWAN). The Chapter does not limit the discussion to Long Range Wise Area Network (LoRaWAN), SigFox and Narrowband-IoT (NB-IoT) communication protocols, but it also includes other relevant solutions such as DASH7 and Long Term Evolution MAchine Type Communication (LTE-M). In Chapter 2, Hussein et al. discuss the development of an Internet of Things message protocol that supports multi-topic messaging. The Chapter further presents the implementation of a platform, which integrates the proposed communication protocol, based on Real Time Operating System. In Chapter 3, Li et al. investigate the heterogeneous task scheduling problem for data-intensive scenarios, to reduce the global task execution time, and consequently reducing data centers' energy consumption. The proposed approach aims to maximize the efficiency by comparing the cost between remote task execution and data migration. The II Part is dedicated to Industry 4.0, and includes two Chapters. In Chapter 4, Grecuccio et al. propose a solution to integrate IoT devices by leveraging a blockchain-enabled gateway based on Ethereum, so that they do not need to rely on centralized intermediaries and third-party services. As it is better explained in the paper, where the performance is evaluated in a food-chain traceability application, this solution is particularly beneficial in Industry 4.0 domains. Chapter 5, by De Fazio et al., addresses the issue of safety in workplaces by presenting a smart garment that integrates several low-power sensors to monitor environmental and biophysical parameters. This enables the detection of dangerous situations, so as to prevent or at least reduce the consequences of workers accidents. The III Part is made of two Chapters based on the topic of Smart Buildings. In Chapter 6, Petroșanu et al. review the literature about recent developments in the smart building sector, related to the use of supervised and unsupervised machine learning models of sensory data. The Chapter poses particular attention on enhanced sensing, energy efficiency, and optimal building management. In Chapter 7, Oh examines how much the education of prosumers about their energy consumption habits affects power consumption reduction and encourages energy conservation, sustainable living, and behavioral change, in residential environments. In this Chapter, energy consumption monitoring is made possible thanks to the use of smart plugs. Smart Transport is the subject of the IV Part, including three Chapters. In Chapter 8, Roveri et al. propose an approach that leverages the small world theory to control swarms of vehicles connected through Vehicle-to-Vehicle (V2V) communication protocols. Indeed, considering a queue dominated by short-range car-following dynamics, the Chapter demonstrates that safety and security are increased by the introduction of a few selected random long-range communications. In Chapter 9, Nitti et al. present a real time system to observe and analyze public transport passengers' mobility by tracking them throughout their journey on public transport vehicles. The system is based on the detection of the active Wi-Fi interfaces, through the analysis of Wi-Fi probe requests. In Chapter 10, Miler et al. discuss the development of a tool for the analysis and comparison of efficiency indicated by the integrated IT systems in the operational activities undertaken by Road Transport Enterprises (RTEs). The authors of this Chapter further provide a holistic evaluation of efficiency of telematics systems in RTE operational management. The book ends with the two Chapters of the V Part on Smart Environmental Monitoring. In Chapter 11, He et al. propose a Sea Surface Temperature Prediction (SSTP) model based on time-series similarity measure, multiple pattern learning and parameter optimization. In this strategy, the optimal parameters are determined by means of an improved Particle Swarm Optimization method. In Chapter 12, Tsipis et al. present a low-cost, WSN-based IoT system that seamlessly embeds a three-layered cloud/fog computing architecture, suitable for facilitating smart agricultural applications, especially those related to wildfire monitoring. We wish to thank all the authors that contributed to this book for their efforts. We express our gratitude to all reviewers for the volunteering support and precious feedback during the review process. We hope that this book provides valuable information and spurs meaningful discussion among researchers, engineers, businesspeople, and other experts about the role of new technologies into industry and society

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Security Evaluation of Practical Quantum Communication Systems

Modern information and communication technology (ICT), including internet, smart phones, cloud computing, global positioning system, e-commerce, e-Health, global communications and internet of things (IoT), all rely fundamentally - for identification, authentication, confidentiality and confidence - on cryptography. However, there is a high chance that most modern cryptography protocols will be annihilated upon the arrival of quantum computers. This necessitates taking steps for making the current ICT systems secure against quantum computers. The task is a huge and time-consuming task and there is a serious probability that quantum computers will arrive before it is complete. Hence, it is of utmost importance to understand the risk and start planning for the solution now. At this moment, there are two potential paths that lead to solution. One is the path of post-quantum cryptography: inventing classical cryptographic algorithms that are secure against quantum attacks. Although they are hoped to provide security against quantum attacks for most situations in practice, there is no mathematical proof to guarantee unconditional security (`unconditional security' is a technical term that means security is not dependent on a computational hardness assumption). This has driven many to choose the second path: quantum cryptography (QC). Quantum cryptography - utilizing the power of quantum mechanics - can guarantee unconditional security in theory. However, in practice, device behavior varies from the modeled behavior, leading to side-channels that can be exploited by an adversary to compromise security. Thus, practical QC systems need to be security evaluated - i.e., scrutinized and tested for possible vulnerabilities - before they are sold to customers or deployed in large scale. Unfortunately, this task has become more and more demanding as QC systems are being built in various style, variants and forms at different parts of the globe. Hence, standardization and certification of security evaluation methods are necessary. Also, a number of compatibility, connectivity and interoperability issues among the QC systems require standardization and certification which makes it an issue of highest priority. In this thesis, several areas of practical quantum communication systems were scrutinized and tested for the purpose of standardization and certification. At the source side, the calibration mechanism of the outgoing mean photon number - a critical parameter for security - was investigated. As a prototype, the pulse-energy-monitoring system (PEMS) implemented in a commercial quantum key distribution (QKD) machine was chosen and the design validity was tested. It was found that the security of PEMS was based on flawed design logic and conservative assumptions on Eve's ability. Our results pointed out the limitations of closed security standards developed inside a company and highlighted the need for developing - for security - open standards and testing methodologies in collaboration between research and industry. As my second project, I evaluated the security of the free space QKD receiver prototype designed for long-distance satellite communication. The existence of spatial-mode-efficiency-mismatch side-channel was experimentally verified and the attack feasibility was tested. The work identified a methodology for checking the spatial-mode-detector-efficiency mismatch in these types of receivers and showed a simple, implementable countermeasure to block this side-channel. Next, the feasibility of laser damage as a potential tool for eavesdropping was investigated. After testing on two different quantum communication systems, it was confirmed that laser damage has a high chance of compromising the security of a QC system. This work showed that a characterized and side-channel free system does not always mean secure; as side-channels can be created on demand. The result pointed out that the standardization and certification process must consider laser-damage related security critical issues and ensure that it is prevented. Finally, the security proof assumptions of the detector-device-independent QKD (ddiQKD) protocol - that restricted the ability of an eavesdropper - was scrutinized. By introducing several eavesdropping schemes, we showed that ddiQKD security cannot be based on post selected entanglement. Our results pointed out that testing the validity of assumptions are equally important as testing hardware for the standardization and certification process. Several other projects were undertaken including security evaluation of a QKD system against long wavelength Trojan-horse attack, certifying a countermeasure against a particular attack, analyzing the effects of finite-key-size and imperfect state preparation in a commercial QKD system, and experimental demonstration of quantum fingerprinting. All of these works are parts of an iterative process for standardization and certification that a new technology - in this case, quantum cryptography- must go through before being able to supersede the old technology - classical cryptography. I expect that after few more iterations like the ones outlined in this thesis, security of practical QC will advance to a state to be called unconditional and the technology will truly be able to win the trust to be deployed on large scale

Performance of End-to-End Secure Data Sharing

Das Teilen von Daten bildet die Grundlage für nahezu jede IT-gestützte Zusammenarbeit im geschäflichen und privaten Kontext. Typische Realisierungen der Autorisierung und der Durchsetzung von Zugrifsrechten auf den gemeinsam genutzten Daten erfordern, dass die Benutzer, die Daten miteinander teilen, hinsichtlich der Vertraulichkeit und Integrität der Daten auf Dritte vertrauen müssen. Solche Realisierungen bergen also im speziellen das Risiko, dass Daten durch einen Insider- Angrif auf den vertrauenswürdigen Dritten gefährdet werden. Mit Hilfe clientseitig ausgeführter kryptographischer Operationen können die Autorisierung und die Durchsetzung von Zugrifsrechten für beliebige Speicherdienste in weiten Teilen von den Benutzern selbst durchgeführt werden, was in einem Ende-zu-Ende-gesicherten System zum Teilen von Daten (End-to-End Secure Data Sharing, E2E-SDS) resultiert. E2E-SDS-Systeme werden jedoch nur dann von potenziellen Anwendern akzeptiert, wenn die ihnen bekannten Autorisierungsprozesse weitgehend unverändert bleiben, und die Leistungseinbußen für die Autorisierung und den Datenzugriff nicht zu gravierend sind. Das Hauptziel dieser Arbeit ist die Bewertung der Leistungseinbußen, die auf einem Benutzer-Client mit einem gegebenen E2E-SDS-Protokoll in der Realität zu erwarten sind. Für bestehende E2E-SDS-Protokolle ist das asymptotische Verhalten in Bezug auf Leistungsmetriken wie Rechenzeit oder Netzwerkverkehr in der Regel bekannt. Das asymptotische Verhalten lässt jedoch nur schwache Schlussfolgerungen auf die absolute Höhe der Leistungseinbußen zu. Neben dem E2E-SDS-Protokoll selbst hängt die reale Leistung von der eingesetzten Hardware, den Sicherheitsparametern und dem konkreten Freigabe- und Nutzungsszenario ab, also vom Freigabe- und Nutzungsverhalten der Benutzer im System. Die Bewertung der realen Leistungseinbußen bringt im wesentlichen zwei Herausforderungen mit sich: Erstens muss das zu untersuchende E2E-SDS-Protokoll unter Einbeziehung der vorgenannten Einfussfaktoren auf die Leistung modelliert werden, wobei Implementierungsdetails nach Möglichkeit im Modell einfach austauschbar sind. Zweitens müssen realistische Freigabe- und Nutzungsszenarien vorliegen, die entweder auf Beobachtungen basieren, oder mit Hilfe von Schätzungen generiert werden. Das Ziel dieser Arbeit ist die detaillierte Bewertung der realen Leistung von E2E-SDS-Protokollen. Der Fokus der Arbeit liegt auf E2E-SDS-Protokollen, die ein gruppenbasiertes Autorisationsmodell realisieren, die es also ermöglichen, Daten mit benannten Benutzergruppen zu teilen, die von beliebigen Benutzern verwaltet werden. Diese Funktion wird von weitverbreiteten verteilten Dateisystemen wie NFSv4 oder CIFS angeboten. In dieser Arbeit werden Methoden zur Bewertung der realen Leistung von E2E-SDS-Protokollen vorgestellt. Aus der Beobachtung realer Speicherdienste gewonnene Freigabe- und Nutzungsszenarien werden charakterisiert und eine Methode zur Erzeugung synthetischer Freigabe- und Nutzungsszenarien eingeführt. Unter Nutzung dieses Instrumentariums wird die Leistungsfähigkeit sowohl bestehender als auch neuartiger E2E-SDS-Protokolle evaluiert und mögliche Maßnahmen zur Verbesserung der Leistung auf Seiten des Anwenders vorgeschlagen. Um realistische Freigabe- und Nutzungsszenarien zu erhalten, wurden die Mitglieder, Aktivitäten und Berechtigungen von Benutzergruppen auf zwei produktiven Speicherdiensten beobachtet. Die daraus resultierenden Szenarien werden hinsichtlich ausgewählter Parameter charakterisiert. Für die Leistungsbewertung von E2E-SDS-Protokollen in realistischen Szenarien wurden zwei Methoden entwickelt: Die analytische Methode liefert in vielen Fällen hinreichend genaue Ergebnisse. Die simulative Methode ist erforderlich, wenn die Leistung komplexer E2E-SDS-Protokolle detailliert analysiert werden soll. Für die simulative Methode wird ein Simulationsmodell vorgestellt, das einen Vergleich von E2E-SDS-Protokollen auf einer einheitlichen Abstraktionsebene ermöglicht. Um die Performance von E2E-SDS-Protokollen auch dann bewerten zu können, wenn keine aus Beobachtungen resultierende Freigabe- und Nutzungsszenarien vorliegen, werden synthetische Szenarien erzeugt, die auf Schätzungen bestimmter Parameter des Szenarios basieren. Dazu wird ein Erzeugungsverfahren vorgestellt, das Abhängigkeiten zwischen den vorab spezifzierten Parametern berücksichtigt. Die NP-Schwere des zugrundeliegenden Problems der Erzeugung von Szenarien wird für bestimmte Kombinationen von vorab spezifzierten Parametern bewiesen. Die vorgestellten Methoden zur Leistungsbewertung werden einerseits auf E2E- SDS-Protokolle angewandt, die auf traditioneller Kryptographie basieren, die also mittels symmetrischer und asymmetrischer Kryptographie Chiffrate erzeugen, die nur mit einem einzigen Schlüssel dechifriert werden können. Andererseits werden die vorgestellten Methoden auf E2E-SDS-Protokolle angewandt, die auf Attributbasierter Verschlüsselung (Attribute-Based Encryption, ABE) basieren, mit deren Hilfe eine Gruppe von Benutzern mit nur einem einzigen Chiffrat adressiert werden kann. Die Leistungsbewertung des traditionellen E2E-SDS-Protokolls zeigt, dass in den betrachteten Nutzungs- und Nutzungsszenarien für die meisten Autorisierungsoperationen nur geringe Leistungseinbußen zu erwarten sind. Beträchtliche Leistungseinbußen sind für Benutzer zu erwarten, die Gruppenmitgliedschafen in großen benannten Benutzergruppen verwalten, d.h. Benutzergruppen mit einigen tausend oder mehr Mitgliedern. Diese Leistungseinbußen können durch die Integration eines Group Key Management-Ansatzes deutlich gesenkt werden, also eines Ansatzes, der auf eine effiziente Verteilung und Erneuerung von kryptographischen Schlüsseln innerhalb von Benutzergruppen abzielt. Ein auf ABE basierendes E2E-SDS-Protokoll wird realisiert, indem bestehende ABE- Verfahren hinsichtlich ihrer Eignung für E2E-SDS evaluiert, und das attributbasierte Autorisationsmodell eines geeigneten ABE-Verfahrens auf das gruppenbasierte Autorisationsmodell abgebildet wird. Eine Leistungsbewertung verschiedener Varianten dieser Abbildung zeigt, dass das ABE-basierte Protokoll eine etwas schlechtere Leistung als das auf traditioneller Kryptographie beruhende Protokoll bietet. Schließlich wird ein neuartiges E2E-SDS-Protokoll vorgestellt, das auf kooperative Autorisierungsoperationen verzichtet. Diese Operationen erfordern, dass die Endgeräte der Benutzer zu jedem Zeitpunkt erreichbar und bereit für die Ausführung rechenintensiver kryptographischer Operationen sind. Diese Anforderungen sind insbesondere beim Einsatz mobiler Endgeräte nicht immer sichergestellt. Ein wesentlicher Vorteil des vorgeschlagenen Protokolls liegt darin, dass es den praktischen Einsatz von Hierarchien benannter Benutzergruppen in E2E-SDS ermöglicht. Die damit verbundenen, potenziell hohen Leistungseinbußen werden detailliert ausgewertet. Weiterhin wird gezeigt, dass die Unterstützung von Gruppenhierarchien ohne kooperative Autorisierungsoperationen grundsätzlich gewisse Einschränkungen hinsichtlich der Aktualität der Zugrifsberechtigungen impliziert, was die Grenzen der Anwendbarkeit von E2E-SDS aufzeigt

Efficient and Secure Implementations of Lightweight Symmetric Cryptographic Primitives

This thesis is devoted to efficient and secure implementations of lightweight symmetric cryptographic primitives for resource-constrained devices such as wireless sensors and actuators that are typically deployed in remote locations. In this setting, cryptographic algorithms must consume few computational resources and withstand a large variety of attacks, including side-channel attacks. The first part of this thesis is concerned with efficient software implementations of lightweight symmetric algorithms on 8, 16, and 32-bit microcontrollers. A first contribution of this part is the development of FELICS, an open-source benchmarking framework that facilitates the extraction of comparative performance figures from implementations of lightweight ciphers. Using FELICS, we conducted a fair evaluation of the implementation properties of 19 lightweight block ciphers in the context of two different usage scenarios, which are representatives for common security services in the Internet of Things (IoT). This study gives new insights into the link between the structure of a cryptographic algorithm and the performance it can achieve on embedded microcontrollers. Then, we present the SPARX family of lightweight ciphers and describe the impact of software efficiency in the process of shaping three instances of the family. Finally, we evaluate the cost of the main building blocks of symmetric algorithms to determine which are the most efficient ones. The contributions of this part are particularly valuable for designers of lightweight ciphers, software and security engineers, as well as standardization organizations. In the second part of this work, we focus on side-channel attacks that exploit the power consumption or the electromagnetic emanations of embedded devices executing unprotected implementations of lightweight algorithms. First, we evaluate different selection functions in the context of Correlation Power Analysis (CPA) to infer which operations are easy to attack. Second, we show that most implementations of the AES present in popular open-source cryptographic libraries are vulnerable to side-channel attacks such as CPA, even in a network protocol scenario where the attacker has limited control of the input. Moreover, we describe an optimal algorithm for recovery of the master key using CPA attacks. Third, we perform the first electromagnetic vulnerability analysis of Thread, a networking stack designed to facilitate secure communication between IoT devices. The third part of this thesis lies in the area of side-channel countermeasures against power and electromagnetic analysis attacks. We study efficient and secure expressions that compute simple bitwise functions on Boolean shares. To this end, we describe an algorithm for efficient search of expressions that have an optimal cost in number of elementary operations. Then, we introduce optimal expressions for first-order Boolean masking of bitwise AND and OR operations. Finally, we analyze the performance of three lightweight block ciphers protected using the optimal expressions