Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

Cryptanalysis on Privacy-Aware Two-factor Authentication Protocol for Wireless Sensor Networks

Das first proposed two-factor authentication combining the smart card and password to resolve the security problems of wireless sensor networks (WSNs). After that, various researchers studied two-factor authentication suitable for WSNs. In user authentication protocols based on the symmetric key approach, a number of elliptic curve cryptography (ECC)-based authentication protocols have been proposed. To resolve the security and efficiency problems of ECC-based two-factor authentication protocols, Jiang et al. proposed a privacy-aware two-factor authentication protocol based on ECC for WSNs. However, this paper performs a vulnerability analysis on Jiang et al.’s authentication protocol and shows that it has security problems, such as a lack of mutual authentication, a risk of SID modification and DoS attacks, a lack of sensor anonymity, and weak ID anonymity

Automatic Ownership Change Detection for IoT devices

Considering the constant increases in Internet Of Things (IoT) smart home devices prevalence, their ownership is likely to change. This introduces novel privacy issues. Smart home devices store owner’s sensitive information, which needs to be handled securely in case of change in device ownership. Currently employed smart home devices cannot detect changes in their ownership, which raises a great number of privacy and security issues. To address this problem, we propose a system called FoundIoT for automatic detection of IoT device ownership change. FoundIoT provides a technique to detect change of ownership based on device context, which is inferred by monitoring wireless communication channels. Finally, we present a prototype implementation of FoundIoT for the proposed automatic ownership change detection technique. We show that FoundIoT achieves a satisfactory performance. The implementation is supported by a wide range of IoT devices and demonstrates a high speed (up to 1 minute 39 seconds) and 100% accuracy of ownership change detection

A Comparative Analysis of Common Threats, Vulnerabilities, Attacks and Countermeasures Within Smart Card and Wireless Sensor Network Node Technologies

O objetivo deste trabalho foi caracterizar a concentração da cadeia de serviços no município de Campos do Jordão, na formação de cadeia produtiva do turismo. A identificação do tipo de concentração permitiu posicionar essa cadeia produtiva, na contribuição do crescimento local, no desenvolvimento econômico e social, para a sugestão da implantação de um pólo de desenvolvimento em sustentabilidade. A formação da cadeia de serviço foi baseada na revisão bibliográfica, por meio dos modelos de desenvolvimento econômico e social. Os procedimentos metodológicos adotados incluem pesquisa qualitativa e quantitativa e quanto aos seus objetivos foi utilizada a metodologia exploratória, descritiva e explicativa. Com referência aos meios de investigação, utilizou-se a pesquisa documental e bibliográfica. A coleta de dados ocorreu nas entidades de classe da cidade, na associação da rede hoteleira e nos órgãos públicos locais. Com o resultado obtido, após definido os atores institucionais da concentração da cadeia de serviço e identificado o tipo da mesma na concentração da cadeia de serviço hoteleira como parte integrante da cadeia produtiva do turismo, espera-se uma mudança na maneira de pensar sobre a economia local mediante a proposta de um “Pólo de Desenvolvimento Sustentável”, destacando-se a importância da formação desta aglomeração no desenvolvimento local

IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead