Assessing Security Risks with the Internet of Things

For my honors thesis I have decided to study the security risks associated with the Internet of Things (IoT) and possible ways to secure them. I will focus on how corporate, and individuals use IoT devices and the security risks that come with their implementation. In my research, I found out that IoT gadgets tend to go unnoticed as a checkpoint for vulnerability. For example, often personal IoT devices tend to have the default username and password issued from the factory that a hacker could easily find through Google. IoT devices need security just as much as computers or servers to keep the security, confidentiality, and availability of data in the right hands

Novel Cryptographic Authentication Mechanisms for Supply Chains and OpenStack

In this dissertation, first, we studied the Radio-Frequency Identification (RFID) tag authentication problem in supply chains. RFID tags have been widely used as a low-cost wireless method for detecting counterfeit product injection in supply chains. We open a new direction toward solving this problem by using the Non-Volatile Memory (NVM) of recent RFID tags. We propose a method based on this direction that significantly improves the availability of the system and costs less. In our method, we introduce the notion of Software Unclonability, which is a kind of one-time MAC for authenticating random inputs. Also, we introduce three lightweight constructions that are software unclonable. Second, we focus on OpenStack that is a prestigious open-source cloud platform. OpenStack takes advantage of some tokening mechanisms to establish trust between its modules and users. It turns out that when an adversary captures user tokens by exploiting a bug in a module, he gets extreme power on behalf of users. Here, we propose a novel tokening mechanism that ties commands to tokens and enables OpenStack to support short life tokens while it keeps the performance up

Lightweight and Practical Anonymous Authentication Protocol for RFID systems using physically unclonable functions

Radio frequency identification (RFID) has been considered one of the imperative requirements for implementation of Internet-of-Things applications. It helps to solve the identification issues of the things in a cost-effective manner, but RFID systems often suffer from various security and privacy issues. To solve those issues for RFID systems, many schemes have been recently proposed by using the cryptographic primitive, called physically uncloneable functions (PUFs), which can ensure a tamper-evident feature. However, to the best of our knowledge, none of them has succeeded to address the problem of privacy preservation with the resistance of DoS attacks in a practical way. For instance, existing schemes need to rely on exhaustive search operations to identify a tag, and also suffer from several security and privacy related issues. Furthermore, a tag needs to store some security credentials (e.g., secret shared keys), which may cause several issues such as loss of forward and backward secrecy and large storage costs. Therefore, in this paper, we first propose a lightweight privacy-preserving authentication protocol for the RFID system by considering the ideal PUF environment. Subsequently, we introduce an enhanced protocol which can support the noisy PUF environment. It is argued that both of our protocols can overcome the limitations of existing schemes, and further ensure more security properties. By analyzing the performance, we have shown that the proposed solutions are secure, efficient, practical, and effective for the resource-constraint RFID tag

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

Certification of IoT elements using the blockchain

[Abstract]: The non-fungible tokens have been widely used to prove ownership of art and gaming collectibles and used as utility tokens. The use of this tokens in this work is to represent the ownership of the internet of things devices from the manufacturing phase, in the distributed and decentralized public ledger. This physical devices will have attached a token that represent them in the blockchain and the possession of an owner by an unique identifier. Hence, the devices are identified by their public blockchain address and their token that associates them to their owner. Besides, this address allow the Internet of Things devices to participate in the network and establish a shared secret between owner and device. This work, proposes to use the physical unclonable functions to establish a noose between the physical world and the blockchain by deriving the private key of the blockchain address from the physical unclonable functions response. This link is difficult to tamper and can be traced during the lifetime of the token. Moreover, there is no need of using a security module or similar to store the key since the physical unclonable functions response is generated each the private key is needed so that it not stored in a non volatile memory. Once we have the shared secret this are used to cipher the certificates that will be deployed by the owner of the devices on a decentralized storage blockchain like FileCoin or the InterPlanetary File System. This certificates are used to communicate with other devices using standard protocols like Transport Layer Security or Datagram Transport Layer Security. An API called Powergate, is part of the infrastructure of certification of the Internet of Things elements, providing communication with the decentralized storage blockchains.[Resumo]: Os tokens non funxibles utlízanse amplamente para demostrar a propiedade de obxectos de colección de arte e xogos e utilizanse como ”utility tokens”. O uso destes tokens neste traballo é para representar na rede distribuído e descentralizado que é a blockchain, a propiedade dos dispositivos Internet of Things desde o mesmo momento da súa creación, é dicir. durante o proceso de manufactura. A estes dispositivos físicos achégaselles un token que os identifica na blockchain e permite representar a posesión dun propietario mediante un identificador único. Polo tanto, os dispositivos identifícanse pola súa dirección pública na cadea de bloques e o seu token é o que os asocia ao seu propietario. Ademais, esta dirección permite aos dispositivos da Internet of Things participar na rede e establecer un secreto compartido entre propietario e dispositivo. Este traballo, propón utilizar as funcións físicas non clonables para establecer un lazo entre o mundo físico e a blockchain derivando a clave privada da dirección do blockchain a partir da resposta das funcións físicas non clonables. Este vínculo é difícil de manipular e pode ser rastrexado durante a vida do token. Ademais, non é necesario utilizar un módulo de seguridade ou similar para almacenar a clave, xa que a resposta da función física non clonable é xerada durante o proceso de arranque e é guardada nunha memoria non volátil. Unha vez que teñamos o secreto compartido, este utilizarase para cifrar os certificados que serán despregados polo propietario dos dispositivos nunha blockchain de almacenamento descentralizado como FileCoin ou InterPlanetary File System. Estes certificados utilizaranse para comunicarse con outros dispositivos utilizando protocolos estándar como son Datagram Transport Layer Security y Transport Layer Security. Unha API compoñerá a infraestrutura de certificación dos elementos do Internet of Things proporcionando comunicación coas blockchains de almacenamento descentralizadas.Traballo fin de grao (UDC.FIC). Enxeñaría Informática. Curso 2021/202

A Survey on Cryptography Key Management Schemes for Smart Grid

A Smart grid is a modern electricity delivery system. It is an integration of energy systems and other necessary elements including traditional upgrades and new grid technologies with renewable generation and increased consumer storage. It uses information and communication technology (ICT) to operate, monitor and control data between the generation source and the end user. Smart grids have duplex power flow and communication to achieve high efficiency, reliability, environmental, economics, security and safety standards. However, along with unique facilities, smart grids face security challenges such as access control, connectivity, fault tolerance, privacy, and other security issues. Cyber-attacks, in the recent past, on critical infrastructure including smart grids have highlighted security as a major requirement for smart grids. Therefore, cryptography and key management are necessary for smart grids to become secure and realizable. Key management schemes are processes of key organizational frameworks, distribution, generation, refresh and key storage policies. Currently, several secure schemes, related to key management for smart grid have been proposed to achieve end-to-end secure communication. This paper presents a comprehensive survey and discussion on the current state of the key management of smart grids

Proof-of-PUF enabled blockchain: concurrent data and device security for internet-of-energy

A detailed review on the technological aspects of Blockchain and Physical Unclonable Functions (PUFs) is presented in this article. It stipulates an emerging concept of Blockchain that integrates hardware security primitives via PUFs to solve bandwidth, integration, scalability, latency, and energy requirements for the Internet-of-Energy (IoE) systems. This hybrid approach, hereinafter termed as PUFChain, provides device and data provenance which records data origins, history of data generation and processing, and clone-proof device identification and authentication, thus possible to track the sources and reasons of any cyber attack. In addition to this, we review the key areas of design, development, and implementation, which will give us the insight on seamless integration with legacy IoE systems, reliability, cyber resilience, and future research challenges

Evaluation of PUF and QKD integration techniques as root of trust in communication systems

Quantum Cryptography could be the next key technology in terms of secure communication, but, as with every new technology, it presents problems that need to be solved in order to become a reality in daily life. This work discusses the integration of Physical Unclonable Functions (PUFs) as a solution for the authentication of the endpoints in quantum communication protocols. The use of PUF constructions would allow the authentication of devices without the need of relying on third parties, and support switched trustworthy quantum communication channels; two unseen features in Quantum Key Distribution (QKD) until now. We analyze in detail PUF integration within the BB84 protocol, as it is the foundation for all QKD protocols, and two proposals for an authentication scheme are made, depending on the connection characteristics of the communication endpoints and the distance between them. These proposals are then generalized for other types of QKD protocol. Moreover, different types of PUF are analyzed to conclude which ones are the most suitable for our purpose.La Criptografía Cuántica podría ser la próxima tecnología clave en relación a la seguridad de las comunicaciones pero, como toda nueva tecnología, presenta problemas que deben ser resueltos antes de llegar a ser una realidad en el día a día. Este trabajo discute la integración de Funciones Físicas No-Clonables (PUFs, por sus siglas en inglés) como solución a la autenticación de los extremos en un protocolo de comunicación cuántica. El uso de PUFs permitiría la autenticación de dispositivos sin necesidad de depender de terceros, además de abrir la posibilidad a la conmutación de canales de comunicación cuántica; dos características nunca vistas en la Distribución Cuántica de Claves (QKD, por sus siglas en inglés) hasta ahora. Se analiza en detalle la integración de PUFs en el protocolo BB84, ya que es la base de todos los protocolos de QKD, y se proponen dos esquemas de autenticación distintos, atendiendo a las características de los extremos de la comunicación y la distancia entre ellos. Después, estas propuestas se generalizan para el resto de protocolos de QKD. Además, se estudian distintos tipos de PUF con el objeto de encontrar la más adecuada para nuestro propósito.Universidad de Sevilla. Grado en Físic