173 research outputs found
Assessing Security Risks with the Internet of Things
For my honors thesis I have decided to study the security risks associated with the Internet of Things (IoT) and possible ways to secure them. I will focus on how corporate, and individuals use IoT devices and the security risks that come with their implementation. In my research, I found out that IoT gadgets tend to go unnoticed as a checkpoint for vulnerability. For example, often personal IoT devices tend to have the default username and password issued from the factory that a hacker could easily find through Google. IoT devices need security just as much as computers or servers to keep the security, confidentiality, and availability of data in the right hands
Novel Cryptographic Authentication Mechanisms for Supply Chains and OpenStack
In this dissertation, first, we studied the Radio-Frequency Identification (RFID) tag authentication problem in supply chains. RFID tags have been widely used as a low-cost wireless method for detecting counterfeit product injection in supply chains. We open a new direction toward solving this problem by using the Non-Volatile Memory (NVM) of recent RFID tags. We propose a method based on this direction that significantly improves the availability of the system and costs less. In our method, we introduce the notion of Software Unclonability, which is a kind of one-time MAC for authenticating random inputs. Also, we introduce three lightweight constructions that are software unclonable. Second, we focus on OpenStack that is a prestigious open-source cloud platform. OpenStack takes advantage of some tokening mechanisms to establish trust between its modules and users. It turns out that when an adversary captures user tokens by exploiting a bug in a module, he gets extreme power on behalf of users. Here, we propose a novel tokening mechanism that ties commands to tokens and enables OpenStack to support short life tokens while it keeps the performance up
Lightweight and Practical Anonymous Authentication Protocol for RFID systems using physically unclonable functions
Radio frequency identification (RFID) has been considered one of the imperative requirements for implementation of Internet-of-Things applications. It helps to solve the identification issues of the things in a cost-effective manner, but RFID systems often suffer from various security and privacy issues. To solve those issues for RFID systems, many schemes have been recently proposed by using the cryptographic primitive, called physically uncloneable functions (PUFs), which can ensure a tamper-evident feature. However, to the best of our knowledge, none of them has succeeded to address the problem of privacy preservation with the resistance of DoS attacks in a practical way. For instance, existing schemes need to rely on exhaustive search operations to identify a tag, and also suffer from several security and privacy related issues. Furthermore, a tag needs to store some security credentials (e.g., secret shared keys), which may cause several issues such as loss of forward and backward secrecy and large storage costs. Therefore, in this paper, we first propose a lightweight privacy-preserving authentication protocol for the RFID system by considering the ideal PUF environment. Subsequently, we introduce an enhanced protocol which can support the noisy PUF environment. It is argued that both of our protocols can overcome the limitations of existing schemes, and further ensure more security properties. By analyzing the performance, we have shown that the proposed solutions are secure, efficient, practical, and effective for the resource-constraint RFID tag
On the Security of the Automatic Dependent Surveillance-Broadcast Protocol
Automatic dependent surveillance-broadcast (ADS-B) is the communications
protocol currently being rolled out as part of next generation air
transportation systems. As the heart of modern air traffic control, it will
play an essential role in the protection of two billion passengers per year,
besides being crucial to many other interest groups in aviation. The inherent
lack of security measures in the ADS-B protocol has long been a topic in both
the aviation circles and in the academic community. Due to recently published
proof-of-concept attacks, the topic is becoming ever more pressing, especially
with the deadline for mandatory implementation in most airspaces fast
approaching.
This survey first summarizes the attacks and problems that have been reported
in relation to ADS-B security. Thereafter, it surveys both the theoretical and
practical efforts which have been previously conducted concerning these issues,
including possible countermeasures. In addition, the survey seeks to go beyond
the current state of the art and gives a detailed assessment of security
measures which have been developed more generally for related wireless networks
such as sensor networks and vehicular ad hoc networks, including a taxonomy of
all considered approaches.Comment: Survey, 22 Pages, 21 Figure
Certification of IoT elements using the blockchain
[Abstract]: The non-fungible tokens have been widely used to prove ownership of art and gaming collectibles
and used as utility tokens. The use of this tokens in this work is to represent the
ownership of the internet of things devices from the manufacturing phase, in the distributed
and decentralized public ledger. This physical devices will have attached a token that represent
them in the blockchain and the possession of an owner by an unique identifier. Hence,
the devices are identified by their public blockchain address and their token that associates
them to their owner. Besides, this address allow the Internet of Things devices to participate
in the network and establish a shared secret between owner and device. This work, proposes
to use the physical unclonable functions to establish a noose between the physical world
and the blockchain by deriving the private key of the blockchain address from the physical
unclonable functions response. This link is difficult to tamper and can be traced during the
lifetime of the token. Moreover, there is no need of using a security module or similar to
store the key since the physical unclonable functions response is generated each the private
key is needed so that it not stored in a non volatile memory. Once we have the shared secret
this are used to cipher the certificates that will be deployed by the owner of the devices on
a decentralized storage blockchain like FileCoin or the InterPlanetary File System. This certificates
are used to communicate with other devices using standard protocols like Transport
Layer Security or Datagram Transport Layer Security. An API called Powergate, is part of the
infrastructure of certification of the Internet of Things elements, providing communication
with the decentralized storage blockchains.[Resumo]: Os tokens non funxibles utlízanse amplamente para demostrar a propiedade de obxectos
de colección de arte e xogos e utilizanse como ”utility tokens”. O uso destes tokens neste traballo
é para representar na rede distribuído e descentralizado que é a blockchain, a propiedade
dos dispositivos Internet of Things desde o mesmo momento da súa creación, é dicir. durante
o proceso de manufactura. A estes dispositivos físicos achégaselles un token que os identifica
na blockchain e permite representar a posesión dun propietario mediante un identificador
único. Polo tanto, os dispositivos identifícanse pola súa dirección pública na cadea de bloques
e o seu token é o que os asocia ao seu propietario. Ademais, esta dirección permite aos
dispositivos da Internet of Things participar na rede e establecer un secreto compartido entre
propietario e dispositivo. Este traballo, propón utilizar as funcións físicas non clonables para
establecer un lazo entre o mundo físico e a blockchain derivando a clave privada da dirección
do blockchain a partir da resposta das funcións físicas non clonables. Este vínculo é difícil de
manipular e pode ser rastrexado durante a vida do token. Ademais, non é necesario utilizar
un módulo de seguridade ou similar para almacenar a clave, xa que a resposta da función
física non clonable é xerada durante o proceso de arranque e é guardada nunha memoria non
volátil. Unha vez que teñamos o secreto compartido, este utilizarase para cifrar os certificados
que serán despregados polo propietario dos dispositivos nunha blockchain de almacenamento
descentralizado como FileCoin ou InterPlanetary File System. Estes certificados utilizaranse
para comunicarse con outros dispositivos utilizando protocolos estándar como son Datagram
Transport Layer Security y Transport Layer Security. Unha API compoñerá a infraestrutura
de certificación dos elementos do Internet of Things proporcionando comunicación coas
blockchains de almacenamento descentralizadas.Traballo fin de grao (UDC.FIC). Enxeñaría Informática. Curso 2021/202
A Survey on Cryptography Key Management Schemes for Smart Grid
A Smart grid is a modern electricity delivery system. It is an integration of energy systems and other necessary elements including traditional upgrades and new grid technologies with renewable generation and increased consumer storage. It uses information and communication technology (ICT) to operate, monitor and control data between the generation source and the end user. Smart grids have duplex power flow and communication to achieve high efficiency, reliability, environmental, economics, security and safety standards. However, along with unique facilities, smart grids face security challenges such as access control, connectivity, fault tolerance, privacy, and other security issues. Cyber-attacks, in the recent past, on critical infrastructure including smart grids have highlighted security as a major requirement for smart grids. Therefore, cryptography and key management are necessary for smart grids to become secure and realizable. Key management schemes are processes of key organizational frameworks, distribution, generation, refresh and key storage policies. Currently, several secure schemes, related to key management for smart grid have been proposed to achieve end-to-end secure communication. This paper presents a comprehensive survey and discussion on the current state of the key management of smart grids
Proof-of-PUF enabled blockchain: concurrent data and device security for internet-of-energy
A detailed review on the technological aspects of Blockchain and Physical Unclonable Functions (PUFs) is presented in this article. It stipulates an emerging concept of Blockchain that integrates hardware security primitives via PUFs to solve bandwidth, integration, scalability, latency, and energy requirements for the Internet-of-Energy (IoE) systems. This hybrid approach, hereinafter termed as PUFChain, provides device and data provenance which records data origins, history of data generation and processing, and clone-proof device identification and authentication, thus possible to track the sources and reasons of any cyber attack. In addition to this, we review the key areas of design, development, and implementation, which will give us the insight on seamless integration with legacy IoE systems, reliability, cyber resilience, and future research challenges
Evaluation of PUF and QKD integration techniques as root of trust in communication systems
Quantum Cryptography could be the next key technology in terms of secure communication, but, as with every new technology, it presents problems that need to be solved in
order to become a reality in daily life. This work discusses the integration of Physical Unclonable Functions (PUFs) as a solution for the authentication of the endpoints in quantum
communication protocols. The use of PUF constructions would allow the authentication
of devices without the need of relying on third parties, and support switched trustworthy quantum communication channels; two unseen features in Quantum Key Distribution
(QKD) until now. We analyze in detail PUF integration within the BB84 protocol, as it
is the foundation for all QKD protocols, and two proposals for an authentication scheme
are made, depending on the connection characteristics of the communication endpoints
and the distance between them. These proposals are then generalized for other types of
QKD protocol. Moreover, different types of PUF are analyzed to conclude which ones are
the most suitable for our purpose.La Criptografía Cuántica podría ser la próxima tecnología clave en relación a la seguridad
de las comunicaciones pero, como toda nueva tecnología, presenta problemas que deben
ser resueltos antes de llegar a ser una realidad en el día a día. Este trabajo discute
la integración de Funciones Físicas No-Clonables (PUFs, por sus siglas en inglés) como
solución a la autenticación de los extremos en un protocolo de comunicación cuántica.
El uso de PUFs permitiría la autenticación de dispositivos sin necesidad de depender de
terceros, además de abrir la posibilidad a la conmutación de canales de comunicación
cuántica; dos características nunca vistas en la Distribución Cuántica de Claves (QKD,
por sus siglas en inglés) hasta ahora. Se analiza en detalle la integración de PUFs en el
protocolo BB84, ya que es la base de todos los protocolos de QKD, y se proponen dos
esquemas de autenticación distintos, atendiendo a las características de los extremos de
la comunicación y la distancia entre ellos. Después, estas propuestas se generalizan para
el resto de protocolos de QKD. Además, se estudian distintos tipos de PUF con el objeto
de encontrar la más adecuada para nuestro propósito.Universidad de Sevilla. Grado en Físic
- …