1,245 research outputs found

    Community-Based Security for the Internet of Things

    Full text link
    With more and more devices becoming connectable to the internet, the number of services but also a lot of threats increases dramatically. Security is often a secondary matter behind functionality and comfort, but the problem has already been recognized. Still, with many IoT devices being deployed already, security will come step-by-step and through updates, patches and new versions of apps and IoT software. While these updates can be safely retrieved from app stores, the problems kick in via jailbroken devices and with the variety of untrusted sources arising on the internet. Since hacking is typically a community effort? these days, security could be a community goal too. The challenges are manifold, and one reason for weak or absent security on IoT devices is their weak computational power. In this chapter, we discuss a community based security mechanism in which devices mutually aid each other in secure software management. We discuss game-theoretic methods of community formation and light-weight cryptographic means to accomplish authentic software deployment inside the IoT device community

    Secure Proximity-Based Identity Pairing using an Untrusted Signalling Service

    Get PDF
    New protocols such as WebRTC promise seamless in-browser peer-to-peer communications that in theory remove the need for third-party services. In practice, widespread use of Firewalls, NATS and dynamic IP addresses mean that overlay addressing or use of some fixed rendezvous point is still needed. In this paper we describe a proximity-based pairing scheme that uses a signalling service to minimise the trust requirements on the third party, achieving anonymity and avoiding the need for PKI, while still requiring only a simple asymmetric pairing protocol

    Secure Lifecycle Management for Internet of Things Devices

    Get PDF
    In recent years, IoT devices have been adopted for various uses cases including for home applications such as smart lighting and heating and cooling systems. The IoT devices are simple and constrained devices. Usually, these simple devices are paired with and managed by controller devices such as smartphones over home wireless network. The pairing protocol along with the command and control protocols between the IoT device and the smartphone are usually proprietary. Therefore, users are required to install a dedicated application to access and control each brand and type of device. LwM2M has been designed as an open standard to increase interoperability between the simple devices from different ecosystems. It can be used to secure the connection between the simple device and the controller. The LwM2M protocol uses pre-shared keys, raw public keys, and X.509 certificates for authentication. However, these authentication methods have some deployment and scalability problems, and out-of-band authentication has been suggested as an alternative. This thesis project aims to adapt the LwM2M protocol for secure device pairing and lifecycle management for Internet of Things device in such a way that it can be used with out-of-band authentication. A proof-of-concept prototype has been implemented with Raspberry Pi 3 B+ as the simple device and an Android smartphone as the controller

    Securing Communication Channels in IoT using an Android Smart Phone

    Get PDF
    In today's world, smart devices are a necessity to have, and represent an essential tool for performing daily activities. With this comes the need to secure the communication between the IoT devices in the consumer's home, to prevent attacks that may jeopardize the confidentiality and integrity of communication between the IoT devices. The life cycle of a a simple device includes a series of stages that the device undergoes: from construction and production to decommissioning. In this thesis, the Manufacturing, Bootstrapping and Factory Reset parts of IoT device's life cycle are considered, focusing on security. For example, the Controller of user's home network (e.g., user's smart phone) should bootstrap the ``right'' IoT device and the IoT device should bootstrap with the ``right'' Controller. The security is based on device credentials, such as the device certificate during the bootstrapping process, and the operational credentials that are provisioned to the IoT device from the Controller during the bootstrapping. The goal of this thesis is to achieve easy-to-use and secure procedure for setting up the IoT device into a home network, and for controlling that IoT device from an Android mobile phone (Controller). The objectives are: (1) explore the different aspects of using a smartphone as a Controller device to securely manage the life cycle of a simple device; (2) propose a system design for securely managing the life cycle of a simple device from a Controller compliant with existing standards, (e.g. Lightweight Machine to Machine (LwM2M) is an industrial standard used to manage and control industrial IoT Devices); (3) implement a proof of concept based on the system design; (4) provide a user-friendly interface for a better experience for the user by using popular bootsrapping methods such as QR code scanning; (5) discuss the choices regarding securing credentials and managing data, and achieve a good balance between usability and security during the bootstrapping process. In order to achieve those goals, the state-of-art technologies for IoT device management were studied. Then an Android application that uses LwM2M standard in consumer's home setting was specified, designed and implemented. The Android application is wrapped in a smooth user interface that allows the user a good experience when attempting to connect and control the target IoT device

    Enhancements to Secure Bootstrapping of Smart Appliances

    Get PDF
    In recent times, there has been a proliferation of smart IoT devices that make our everyday life more convenient, both at home and at work environment. Most of these smart devices are connected to cloud-based online services, and they typically reuse the existing Wi-Fi network infrastructure for Internet connectivity. Hence, it is of paramount importance to ensure that these devices establish a robust security association with the Wi-Fi networks and cloud-based servers. The initial process by which a device establishes a robust security association with the network and servers is known as secure bootstrapping. The bootstrapping process results in the derivation of security keys and other connection parameters required by the security associations. Since the smart IoT devices often possess minimal user-interface, there is a need for bootstrapping methods with which the users can effortlessly connect their smart IoT devices to the networks and services. Nimble out-of-band authentication for Extensible Authentication Protocol (EAP-NOOB) is one such secure bootstrapping method. It is a new EAP authentication method for IEEE 802.1X/EAP authentication framework. The protocol does not assume or require any pre-configured authentication credentials such as symmetric keys or certificates. In lieu, the authentication credentials along with the user’s ownership of the device are established during the bootstrapping process. The primary goal of this thesis is to study and implement the draft specification of the EAP-NOOB protocol in order to evaluate the working of EAP-NOOB in real-world scenarios. During our implementation and testing of the initial prototype for EAP-NOOB, we discovered several issues in the protocol. In this thesis, we propose a suitable solution for each of the problems identified and also, verify the solutions through implementation and testing. The main results of this thesis work are various enhancements and clarifications to the EAP-NOOB protocol specification. The results consequently aid the standardisation of the protocol at IETF. We also design and implement several additional features for EAP-NOOB to enhance the user experience

    Online at Will: A Novel Protocol for Mutual Authentication in Peer-to-Peer Networks for Patient-Centered Health Care Information Systems

    Get PDF
    Patient-centered health care information systems (PHSs) on peer-to-peer (P2P) networks promise decentralization benefits. P2P PHSs, such as decentralized personal health records or interoperable Covid-19 proximity trackers, can enhance data sovereignty and resilience to single points of failure, but the openness of P2P networks introduces new security issues. We propose a novel, simple, and secure mutual authentication protocol that supports offline access, leverages independent and stateless encryption services, and enables patients and medical professionals to establish secure connections when using P2P PHSs. Our protocol includes a virtual smart card (software-based) feature to ease integration of authentication features of emerging national health-IT infrastructures. The security evaluation shows that our protocol resists most online and offline threats while exhibiting performance comparable to traditional, albeit less secure, password-based authentication methods. Our protocol serves as foundation for the design and implementation of P2P PHSs that will make use of P2P PHSs more secure and trustworthy

    Tiqr: a novel take on two-factor authentication

    Get PDF
    Authentication is of paramount importance for all modern networked applications. The username/password paradigm is ubiquitous. This paradigm suffices for many applications that require a relatively low level of assurance about the identity of the end user, but it quickly breaks down when a stronger assertion of the user’s identity is required. Traditionally, this is where two- or multi-factor authentication comes in, providing a higher level of assurance. There is a multitude of two-factor authentication solutions available, but we feel that many solutions do not meet the needs of our community. They are invariably expensive, difficult to roll out in heterogeneous user groups (like student populations), often closed source and closed technology and have usability problems that make them hard to use. In this paper we will give an overview of the two-factor au- thentication landscape and address the issues of closed versus open solutions. We will introduce a novel open standards-based authentication technology that we have developed and released in open source. We will then provide a classification of two-factor authentication technologies, and we will finish with an overview of future work

    An Efficient Authentication Scheme for Internet of Things

    Get PDF
    The Internet of Things (IoT) is increasingly affecting human lives in multiple profound ways. “Things” have the ability to communicate, generate, transmit and store data over the network connection. During each communication between “Things”, the data transmitted is potentially vulnerable to malicious attacks, loss, distortions and interruption which impair functionality, system efficiency and user satisfaction. Additionally, inappropriate user controls can cause problems in IoT services, such as granting anonymous users access to personal resources and enable legitimate users to access resources in an illegal manner or preventing legitimate users to access resources in an authorized manner. Therefore, communications between things need to be authenticated, authorized, secured and ensured to have high privacy by applying a strong authentication protocol. The aim of this research is to enhance the authentication protocol, starting by reducing the heavy use of storage in “Things”, and eliminating unnecessary messages during authentication steps, taking into consideration the network security analysis. This research represents a security performance analysis and enhancement authentication for the IoT. The results indicate that the enhanced protocol has a positive effect on minimizing packet length and time performance in authenticating users having once obtained access to the visited location area compared with the other two protocols used for comparative purposes, with 33% increased the proposed protocol performance

    Enhancing cryptographic protection, authentication, and authorization in cellular networks: a comprehensive research study

    Get PDF
    This research article provides an extensive analysis of novel methods of cryptographic protection as well as advancements in authentication and authorization techniques within cellular networks. The aim is to explore recent literature and identify effective authentication and authorization methods, including high-speed data encryption. The significance of this study lies in the growing need for enhanced data security in scientific research. Therefore, the focus is on identifying suitable authentication and authorization schemes, including blockchain-based approaches for distributed mobile cloud computing. The research methodology includes observation, comparison, and abstraction, allowing for a comprehensive examination of advanced encryption schemes and algorithms. Topics covered in this article include multi-factor authentication, continuous authentication, identity-based cryptography for vehicle-to-vehicle (V2V) communication, secure blockchain-based authentication for fog computing, internet of things (IoT) device mutual authentication, authentication for wireless sensor networks based on blockchain, new secure authentication schemes for standard wireless telecommunications networks, and the security aspects of 4G and 5G cellular networks. Additionally, in the paper a differentiated authentication mechanism for heterogeneous 6G networks blockchain-based is discussed. The findings presented in this article hold practical value for organizations involved in scientific research and information security, particularly in encryption and protection of sensitive data
    • 

    corecore