Secure and efficient data extraction for ubiquitous computing applications

Ubiquitous computing creates a world where computers have blended seamlessly into our physical environment. In this world, a computer is no longer a monitor-and-keyboard setup, but everyday objects such as our clothing and furniture. Unlike current computer systems, most ubiquitous computing systems are built using small, embedded devices with limited computational, storage and communication abilities. A common requirement for many ubiquitous computing applications is to utilize the data from these small devices to perform more complex tasks. For critical applications such as healthcare or medical related applications, there is a need to ensure that only authorized users have timely access to the data found in the small device. In this dissertation, we study the problem of how to securely and efficiently extract data from small devices.;Our research considers two categories of small devices that are commonly used in ubiquitous computing, battery powered sensors and battery free RFID tags. Sensors are more powerful devices equipped with storage and sensing capabilities that are limited by battery power, whereas tags are less powerful devices with limited functionalities, but have the advantage of being operable without battery power. We also consider two types of data access patterns, local and remote access. In local data access, the application will query the tag or the sensor directly for the data, while in remote access, the data is already aggregated at a remote location and the application will query the remote location for the necessary information, The difference between local and remote access is that in local access, the tag or sensor only needs to authenticate the application before releasing the data, but in remote access, the small device may have to perform additional processing to ensure that the data remains secure after being collected. In this dissertation, we present secure and efficient local data access solutions for a single RFID tag, multiple RFID tags, and a single sensor, and remote data access solutions for both RFID tag and sensor

Game-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags

The term Internet of Things (IoT) expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and the privacy of a new RFID authentication protocol proposed by Shi et al. in 2014. We prove that although Shi et al. have tried to present a secure and untraceable authentication protocol, their protocol still suffers from several security and privacy weaknesses which make it vulnerable to various security and privacy attacks. We present our privacy analysis based on a well-known formal privacy model which is presented by Ouafi and Phan in 2008. Moreover, to stop such attacks on the protocol and increase the performance of Shi et al.’s scheme, we present some modifications and propound an improved version of the protocol. Finally, the security and the privacy of the proposed protocol were analyzed against various attacks

Improved Internet Security Protocols Using Cryptographic One-Way Hash Chains

In this dissertation, new approaches that utilize the one-way cryptographic hash functions in designing improved network security protocols are investigated. The proposed approaches are designed to be scalable and easy to implement in modern technology. The first contribution explores session cookies with emphasis on the threat of session hijacking attacks resulting from session cookie theft or sniffing. In the proposed scheme, these cookies are replaced by easily computed authentication credentials using Lamport\u27s well-known one-time passwords. The basic idea in this scheme revolves around utilizing sparse caching units, where authentication credentials pertaining to cookies are stored and fetched once needed, thereby, mitigating computational overhead generally associated with one-way hash constructions. The second and third proposed schemes rely on dividing the one-way hash construction into a hierarchical two-tier construction. Each tier component is responsible for some aspect of authentication generated by using two different hash functions. By utilizing different cryptographic hash functions arranged in two tiers, the hierarchical two-tier protocol (our second contribution) gives significant performance improvement over previously proposed solutions for securing Internet cookies. Through indexing authentication credentials by their position within the hash chain in a multi-dimensional chain, the third contribution achieves improved performance. In the fourth proposed scheme, an attempt is made to apply the one-way hash construction to achieve user and broadcast authentication in wireless sensor networks. Due to known energy and memory constraints, the one-way hash scheme is modified to mitigate computational overhead so it can be easily applied in this particular setting. The fifth scheme tries to reap the benefits of the sparse cache-supported scheme and the hierarchical scheme. The resulting hybrid approach achieves efficient performance at the lowest cost of caching possible. In the sixth proposal, an authentication scheme tailored for the multi-server single sign-on (SSO) environment is presented. The scheme utilizes the one-way hash construction in a Merkle Hash Tree and a hash calendar to avoid impersonation and session hijacking attacks. The scheme also explores the optimal configuration of the one-way hash chain in this particular environment. All the proposed protocols are validated by extensive experimental analyses. These analyses are obtained by running simulations depicting the many scenarios envisioned. Additionally, these simulations are supported by relevant analytical models derived by mathematical formulas taking into consideration the environment under investigation

Efficient Authentication, Node Clone Detection, and Secure Data Aggregation for Sensor Networks

Sensor networks are innovative wireless networks consisting of a large number of low-cost, resource-constrained sensor nodes that collect, process, and transmit data in a distributed and collaborative way. There are numerous applications for wireless sensor networks, and security is vital for many of them. However, sensor nodes suffer from many constraints, including low computation capability, small memory, limited energy resources, susceptibility to physical capture, and the lack of infrastructure, all of which impose formidable security challenges and call for innovative approaches. In this thesis, we present our research results on three important aspects of securing sensor networks: lightweight entity authentication, distributed node clone detection, and secure data aggregation. As the technical core of our lightweight authentication proposals, a special type of circulant matrix named circulant-P2 matrix is introduced. We prove the linear independence of matrix vectors, present efficient algorithms on matrix operations, and explore other important properties. By combining circulant-P2 matrix with the learning parity with noise problem, we develop two one-way authentication protocols: the innovative LCMQ protocol, which is provably secure against all probabilistic polynomial-time attacks and provides remarkable performance on almost all metrics except one mild requirement for the verifier's computational capacity, and the HB$^C$ protocol, which utilizes the conventional HB-like authentication structure to preserve the bit-operation only computation requirement for both participants and consumes less key storage than previous HB-like protocols without sacrificing other performance. Moreover, two enhancement mechanisms are provided to protect the HB-like protocols from known attacks and to improve performance. For both protocols, practical parameters for different security levels are recommended. In addition, we build a framework to extend enhanced HB-like protocols to mutual authentication in a communication-efficient fashion. Node clone attack, that is, the attempt by adversaries to add one or more nodes to the network by cloning captured nodes, imposes a severe threat to wireless sensor networks. To cope with it, we propose two distributed detection protocols with difference tradeoffs on network conditions and performance. The first one is based on distributed hash table, by which a fully decentralized, key-based caching and checking system is constructed to deterministically catch cloned nodes in general sensor networks. The protocol performance of efficient storage consumption and high security level is theoretically deducted through a probability model, and the resulting equations, with necessary adjustments for real application, are supported by the simulations. The other is the randomly directed exploration protocol, which presents notable communication performance and minimal storage consumption by an elegant probabilistic directed forwarding technique along with random initial direction and border determination. The extensive experimental results uphold the protocol design and show its efficiency on communication overhead and satisfactory detection probability. Data aggregation is an inherent requirement for many sensor network applications, but designing secure mechanisms for data aggregation is very challenging because the aggregation nature that requires intermediate nodes to process and change messages, and the security objective to prevent malicious manipulation, conflict with each other to a great extent. To fulfill different challenges of secure data aggregation, we present two types of approaches. The first is to provide cryptographic integrity mechanisms for general data aggregation. Based on recent developments of homomorphic primitives, we propose three integrity schemes: a concrete homomorphic MAC construction, homomorphic hash plus aggregate MAC, and homomorphic hash with identity-based aggregate signature, which provide different tradeoffs on security assumption, communication payload, and computation cost. The other is a substantial data aggregation scheme that is suitable for a specific and popular class of aggregation applications, embedded with built-in security techniques that effectively defeat outside and inside attacks. Its foundation is a new data structure---secure Bloom filter, which combines HMAC with Bloom filter. The secure Bloom filter is naturally compatible with aggregation and has reliable security properties. We systematically analyze the scheme's performance and run extensive simulations on different network scenarios for evaluation. The simulation results demonstrate that the scheme presents good performance on security, communication cost, and balance

AICPA\u27s top technologies 2004

https://egrove.olemiss.edu/aicpa_guides/1588/thumbnail.jp

Federated Sensor Network architectural design for the Internet of Things (IoT)

An information technology that can combine the physical world and virtual world is desired. The Internet of Things (IoT) is a concept system that uses Radio Frequency Identification (RFID), WSN and barcode scanners to sense and to detect physical objects and events. This information is shared with people on the Internet. With the announcement of the Smarter Planet concept by IBM, the problem of how to share this data was raised. However, the original design of WSN aims to provide environment monitoring and control within a small scale local network. It cannot meet the demands of the IoT because there is a lack of multi-connection functionality with other WSNs and upper level applications. As various standards of WSNs provide information for different purposes, a hybrid system that gives a complete answer by combining all of them could be promising for future IoT applications. This thesis is on the subject of `Federated Sensor Network' design and architectural development for the Internet of Things. A Federated Sensor Network (FSN) is a system that integrates WSNs and the Internet. Currently, methods of integrating WSNs and the Internet can follow one of three main directions: a Front-End Proxy solution, a Gateway solution or a TCP/IP Overlay solution. Architectures based on the ideas from all three directions are presented in this thesis; this forms a comprehensive body of research on possible Federated Sensor Network architecture designs. In addition, a fully compatible technology for the sensor network application, namely the Sensor Model Language (SensorML), has been reviewed and embedded into our FSN systems. The IoT as a new concept is also comprehensively described and the major technical issues discussed. Finally, a case study of the IoT in logistic management for emergency response is given. Proposed FSN architectures based on the Gateway solution are demonstrated through hardware implementation and lab tests. A demonstration of the 6LoWPAN enabled federated sensor network based on the TCP/IP Overlay solution presents a good result for the iNET localization and tracking project. All the tests of the designs have verified feasibility and achieve the target of the IoT concept

Perspectives and approaches for the internet of things

Dissertação para obtenção do Grau de Mestre em Engenharia Electrotécnica e de ComputadoresThis thesis was developed based on a scenario in which a CEO of a certain company asked the author to conduct an exploratory work evaluating the potential opportunities and limitations of this emerging area described as the future of the Internet, the Internet of Things (IoT). The objective is thus to provide the reader with a wide view of the vital points for the implementation and exploitation of the IoT, a technology that promises to deliver a new and wider range of applications to the society. In this subject there is a need to gather and organize information produced by several researchers and contributors. Due to the fact of being a new area and researchers work independently of each other, the work is scattered and inconsistencies can be found among different projects and publications. As such, in a first stage some definitions are provided and an attempt to clarify concepts is made. To support and emphasize the exponential growth of IoT, a brief historical overview is provided to the reader. This overview is based on the new trends and expectations that arise every day through news, potential businesses and also in important tools such as Google Trends. Several examples of applications in the context of the IoT, illustrate the benefits, not only in terms of society, but also for business opportunities, safety, and well-being. The main areas of interest to achieve the IoT such as: hardware, software, modeling, methods of connection, security and integration are studied in this work, in order to provide some insight into current strong and weak points. As the Internet of Things become a matter of large interest, various research groups are active in exploring and organizing projects in this area. Some of these projects, namely the ones considered the most important, are also presented in this thesis. Taking into account the facts surrounding this new technology, it becomes quite important to bring them together, clarifying them and trying to open new perspectives for further studies and improvements. Finally, in order to allow a practical evaluation of the technology, a prototype is developed around the connection of an intelligent object – a small mobile robot – to the Internet. A set of conclusions and future work directions are then presented which take into account the findings of the bibliographic analysis as well as the acquired experience with the implementation of the prototype

IoT Crawler with Behavior Analyzer at Fog layer for Detecting Malicious Nodes

The limitations in terms of power and processing in IoT (Internet of Things) nodes make nodes an easy prey for malicious attacks, thus threatening business and industry. Detecting malicious nodes before they trigger an attack is highly recommended. The paper introduces a special purpose IoT crawler that works as an inspector to catch malicious nodes. This crawler is deployed in the Fog layer to inherit its capabilities, and to be an intermediate connection between the things and the cloud computing nodes. The crawler collects data streams from IoT nodes, upon a priority criterion. A behavior analyzer, with a machine learning core, detects malicious nodes according to the extracted node behavior from the crawler collected data streams. The performance of the behavior analyzer was investigated using three machine learning algorithms: Adaboost, Random forest and Extra tree. The behavior analyzer produces better testing accuracy, for the tested data, when using Extra tree compared to Adaboost and Random forest; it achieved 98.3% testing accuracy with Extra tree