On Communication Privacy in the Internet of Things

We tackle the problem of privacy breaching in IPv6 Low power Wireless Personal Area Networks (6LoWPAN)-based Internet of Things (IoT) networks where an attacker may be able to identify the communicating entities. We propose three contributions which are: (i) survey: we thoroughly expose the prime focus of the existing solutions on communication identifiers privacy in 6LoWPANs, clarifying the important information about: at which layer the solutions operate, based on which protocol, against which attack, for which application, based on simulations or real prototypes, which sensitive information or communication identifiers are protected, which Privacy-Preserving Technique (PPT) is used, and how long is the duration of the protection against privacy attacks. (ii) uOTA: based on the One Time Address (OTA) approach proposed for the traditional Internet, with a focus on low complexity, memory footprint, and energy consumption, uOTA uses just one IPv6 address to send or to receive one packet. (iii) ACFI which is based on: (1) anonymizing both IP and MAC addresses, as well as port number at the source host, using a random pseudonyming scheme, and (2) anonymizing the IP address and port number of the destination host, using a Tor-like network. We analysed the effect of the Tor entry node location on the performance of our solution in three different scenarios: the Tor entry node is located (a) inside the 6LoWPAN, (b) at the 6LBR gateway, or (c) completely outside the 6LoWPAN. Using Cooja simulator, we showed that our solutions (uOTA and ACFI) outperformed stateof-the-art solutions by making it more difficult to identify communication flows by improving the anonymity and unlinkability of the communicating entities without significantly affecting energy consumption, communication delay, and network bandwidth

Exploring Data Security and Privacy Issues in Internet of Things Based on Five-Layer Architecture

Data Security and privacy is one of the serious issues in internet-based computing like cloud computing, mobile computing and Internet of Things (IoT). This security and privacy become manifolded in IoT because of diversified technologies and the interaction of Cyber Physical Systems (CPS) used in IoT. IoTs are being adapted in academics and in many organizations without fully protecting their assets and also without realizing that the traditional security solutions cannot be applied to IoT environment. This paper explores a comprehensive survey of IoT architectures, communication technologies and the security and privacy issues of them for a new researcher in IoT. This paper also suggests methods to thwart the security and privacy issues in the different layers of IoT architecture

Extended Abstracts of the Fourth Privacy Enhancing Technologies Convention (PET-CON 2009.1)

PET-CON, the Privacy Enhancing Technologies Convention, is a forum for researchers, students, developers, and other interested people to discuss novel research, current development and techniques in the area of Privacy Enhancing Technologies. PET-CON was first conceived in June 2007 at the 7th International PET Symposium in Ottawa, Canada. The idea was to set up a bi-annual convention in or nearby Germany to be able to meet more often than only once a year at some major conference

Strengthening the Anonymity of Anonymous Communication Systems

In this work, we examine why a popular anonymity network, Tor, is vulnerable to timing side-channel attacks. We explore removing this vulnerability from Tor without sacrificing its low-latency which is important for usability. We find that Tor is vulnerable because inter-packet delays propagate along the network path from the source to the destination. This provides an easily detected signature. We explore techniques for making the timing signature either expensive or impossible to detect. If each packet took a unique, disjoint path from source to destination the inter-packet delay signature would be undetectable. Jitter and latency would change packet arrival orders. This is impractical since the overhead for constructing these circuits would be prohibitive. We scaled this idea back to reflect how the BitTorrent protocol creates a large number of possible paths from a small number of nodes. We form a fully connected network with the source, destination, and a small number of nodes. The number of paths through this network from source to destination grows quickly with the addition of each node. Paths do not have to include every node, so the delay of each path is different. By transmitting consecutive packets on different paths, the network delays will mask the inter-packet delay signature

Practical privacy enhancing technologies for mobile systems

Mobile computers and handheld devices can be used today to connect to services available on the Internet. One of the predominant technologies in this respect for wireless Internet connection is the IEEE 802.11 family of WLAN standards. In many countries, WLAN access can be considered ubiquitous; there is a hotspot available almost anywhere. Unfortunately, the convenience provided by wireless Internet access has many privacy tradeoffs that are not obvious to mobile computer users. In this thesis, we investigate the lack of privacy of mobile computer users, and propose practical enhancements to increase the privacy of these users. We show how explicit information related to the users' identity leaks on all layers of the protocol stack. Even before an IP address is configured, the mobile computer may have already leaked their affiliation and other details to the local network as the WLAN interface openly broadcasts the networks that the user has visited. Free services that require authentication or provide personalization, such as online social networks, instant messengers, or web stores, all leak the user's identity. All this information, and much more, is available to a local passive observer using a mobile computer. In addition to a systematic analysis of privacy leaks, we have proposed four complementary privacy protection mechanisms. The main design guidelines for the mechanisms have been deployability and the introduction of minimal changes to user experience. More specifically, we mitigate privacy problems introduced by the standard WLAN access point discovery by designing a privacy-preserving access-point discovery protocol, show how a mobility management protocol can be used to protect privacy, and how leaks on all layers of the stack can be reduced by network location awareness and protocol stack virtualization. These practical technologies can be used in designing a privacy-preserving mobile system or can be retrofitted to current systems

SECURITY AND PRIVACY ISSUES IN MOBILE NETWORKS, DIFFICULTIES AND SOLUTIONS

Mobile communication is playing a vital role in the daily life for the last two decades; in turn its fields gained the research attention, which led to the introduction of new technologies, services and applications. These new added facilities aimed to ease the connectivity and reachability; on the other hand, many security and privacy concerns were not taken into consideration. This opened the door for the malicious activities to threaten the deployed systems and caused vulnerabilities for users, translated in the loss of valuable data and major privacy invasions. Recently, many attempts have been carried out to handle these concerns, such as improving systems’ security and implementing different privacy enhancing mechanisms. This research addresses these problems and provides a mean to preserve privacy in particular. In this research, a detailed description and analysis of the current security and privacy situation in the deployed systems is given. As a result, the existing shortages within these systems are pointed out, to be mitigated in development. Finally a privacy preserving prototype model is proposed. This research has been conducted as an extensive literature review about the most relevant references and researches in the field, using the descriptive and evaluative research methodologies. The main security models, parameters, modules and protocols are presented, also a detailed description of privacy and its related arguments, dimensions and factors is given. The findings include that mobile networks’ security along with users are vulnerable due to the weaknesses of the key exchange procedures, the difficulties that face possession, repudiation, standardization, compatibility drawbacks and lack of configurability. It also includes the need to implement new mechanisms to protect security and preserve privacy, which include public key cryptography, HIP servers, IPSec, TLS, NAT and DTLS-SRTP. Last but not least, it shows that privacy is not absolute and it has many conflicts, also privacy requires sophisticated systems, which increase the load and cost of the system.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

A Taxonomy for and Analysis of Anonymous Communications Networks

Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserves privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enhance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing well-established anonymous networking protocols. These expand the classical definition of anonymity and capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of-the-art anonymity metrics is provided. This significantly aids an entity’s ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based mathematical model is created to characterize how an adversary reasons with knowledge to degrade anonymity. This offers multiple anonymity property representations and well-defined logical proofs to ensure the accuracy and correctness of current and future anonymous network protocol design