1,320 research outputs found
SEABASS: Symmetric-keychain Encryption and Authentication for Building Automation Systems
There is an increasing security risk in Building Automation Systems (BAS) in that its communication is unprotected, resulting in the adversary having the capability to inject spurious commands to the actuators to alter the behaviour of BAS. The communication between the Human-Machine-Interface (HMI) and the controller (PLC) is vulnerable as there is no secret key being used to protect the authenticity, confidentiality and integrity of the sensor data and commands.
We propose SEABASS, a lightweight key management scheme to distribute and manage session keys between HMI and PLCs, providing a secure communication channel between any two communicating devices in BAS through a symmetric-key based hash-chain encryption and authentication of message exchange. Our scheme facilitates automatic renewal of session keys periodically based on the use of a reversed hash-chain. A prototype was implemented using the BACnet/IP communication protocol and the preliminary results show that the symmetric keychain approach is lightweight and incurs low latency
Authentication techniques in smart grid: a systematic review
Smart Grid (SG) provides enhancement to existing grids with two-way communication between the utility, sensors, and consumers, by deploying smart sensors to monitor and manage power consumption. However due to the vulnerability of SG, secure component authenticity necessitates robust authentication approaches relative to limited resource availability (i.e. in terms of memory and computational power). SG communication entails optimum efficiency of authentication approaches to avoid any extraneous burden. This systematic review analyses 27 papers on SG authentication techniques and their effectiveness in mitigating certain attacks. This provides a basis for the design and use of optimized SG authentication approaches
Securing Internet of Things with Lightweight IPsec
Real-world deployments of wireless sensor networks (WSNs) require
secure communication. It is important that a receiver is able to verify that sensor
data was generated by trusted nodes. In some cases it may also be necessary
to encrypt sensor data in transit. Recently, WSNs and traditional IP networks
are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol
stacks can use IPsec to secure data exchange. Thus, it is desirable to extend
6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is
beneficial to use IPsec because the existing end-points on the Internet do not
need to be modified to communicate securely with the WSN. Moreover, using
IPsec, true end-to-end security is implemented and the need for a trustworthy
gateway is removed.
In this paper we provide End-to-End (E2E) secure communication between
an IP enabled sensor nodes and a device on traditional Internet. This is the
first compressed lightweight design, implementation, and evaluation of 6LoWPAN
extension for IPsec on Contiki. Our extension supports both IPsec's Authentication
Header (AH) and Encapsulation Security Payload (ESP). Thus,
communication endpoints are able to authenticate, encrypt and check the integrity
of messages using standardized and established IPv6 mechanisms
An Efficient Authentication Protocol for Smart Grid Communication Based on On-Chip-Error-Correcting Physical Unclonable Function
Security has become a main concern for the smart grid to move from research
and development to industry. The concept of security has usually referred to
resistance to threats by an active or passive attacker. However, since smart
meters (SMs) are often placed in unprotected areas, physical security has
become one of the important security goals in the smart grid. Physical
unclonable functions (PUFs) have been largely utilized for ensuring physical
security in recent years, though their reliability has remained a major problem
to be practically used in cryptographic applications. Although fuzzy extractors
have been considered as a solution to solve the reliability problem of PUFs,
they put a considerable computational cost to the resource-constrained SMs. To
that end, we first propose an on-chip-error-correcting (OCEC) PUF that
efficiently generates stable digits for the authentication process. Afterward,
we introduce a lightweight authentication protocol between the SMs and
neighborhood gateway (NG) based on the proposed PUF. The provable security
analysis shows that not only the proposed protocol can stand secure in the
Canetti-Krawczyk (CK) adversary model but also provides additional security
features. Also, the performance evaluation demonstrates the significant
improvement of the proposed scheme in comparison with the state-of-the-art
PROPOSED LIGHTWEIGHT PROTOCOL FOR IOT AUTHENTICATION
The Internet of Things (IoT) alludes to interestingly identifiable items (things) which can communicate with differentquestions through the worldwide framework of remote/wired Internet. The correspondence system among an expansive number of assetobliged gadgets that produce substantial volumes of information affects the security and protection of the included items. In thispaper, we propose a lightweight protocol for IoT authentication which based on two algorithms LA1 and RA1 which is used forauthentication and generating session key that is used for encryption
Hardware Mechanisms for Efficient Memory System Security
The security of a computer system hinges on the trustworthiness of the operating system and the hardware, as applications rely on them to protect code and data. As a result, multiple protections for safeguarding the hardware and OS from attacks are being continuously proposed and deployed. These defenses, however, are far from ideal as they only provide partial protection, require complex hardware and software stacks, or incur high overheads. This dissertation presents hardware mechanisms for efficiently providing strong protections against an array of attacks on the memory hardware and the operating system’s code and data.
In the first part of this dissertation, we analyze and optimize protections targeted at defending memory hardware from physical attacks. We begin by showing that, contrary to popular belief, current DDR3 and DDR4 memory systems that employ memory scrambling are still susceptible to cold boot attacks (where the DRAM is frozen to give it sufficient retention time and is then re-read by an attacker after reboot to extract sensitive data). We then describe how memory scramblers in modern memory controllers can be transparently replaced by strong stream ciphers without impacting performance.
We also demonstrate how the large storage overheads associated with authenticated memory encryption schemes (which enable tamper-proof storage in off-chip memories) can be reduced by leveraging compact integer encodings and error-correcting code (ECC) DRAMs – without forgoing the error detection and correction capabilities of ECC DRAMs.
The second part of this dissertation presents Neverland: a low-overhead, hardware-assisted, memory protection scheme that safeguards the operating system from rootkits and kernel-mode malware. Once the system is done booting, Neverland’s hardware takes away the operating system’s ability to overwrite certain configuration registers, as well as portions of its own physical address space that contain kernel code and security-critical data. Furthermore, it prohibits the CPU from fetching privileged code from any memory region lying outside the physical addresses assigned to the OS kernel and drivers. This combination of protections makes it extremely hard for an attacker to tamper with the kernel or introduce new privileged code into the system – even in the presence of software vulnerabilities. Neverland enables operating systems to reduce their attack surface without having to rely on complex integrity monitoring software or hardware.
The hardware mechanisms we present in this dissertation provide building blocks for constructing a secure computing base while incurring lower overheads than existing protections.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/147604/1/salessaf_1.pd
A Multi-Factor Homomorphic Encryption based Method for Authenticated Access to IoT Devices
Authentication is the first defence mechanism in many electronic systems,
including Internet of Things (IoT) applications, as it is essential for other
security services such as intrusion detection. As existing authentication
solutions proposed for IoT environments do not provide multi-level
authentication assurance, particularly for device-to-device authentication
scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and
Interaction based Authentication) framework to facilitate multi-factor
authentication of devices in device-to-device and device-to-multiDevice
interactions. In this paper, we extend the framework to address group
authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group
Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access
(HGA) protocol. The protocols use a combination of symmetric and asymmetric
cryptographic primitives to facilitate multifactor group authentication. The
informal analysis and formal security verification show that the protocols
satisfy the desirable security requirements and are secure against
authentication attacks
- …