14,182 research outputs found
Authorization Framework for the Internet-of-Things
This paper describes a framework that allows fine-grained
and flexible access control to connected devices with very
limited processing power and memory.
We propose a set of security and performance requirements
for this setting and derive an authorization framework distributing
processing costs between constrained devices and less constrained back-end servers while keeping message exchanges
with the constrained devices at a minimum.
As a proof of concept we present performance results from
a prototype implementing the device part of the framework
DTLS Performance in Duty-Cycled Networks
The Datagram Transport Layer Security (DTLS) protocol is the IETF standard
for securing the Internet of Things. The Constrained Application Protocol,
ZigBee IP, and Lightweight Machine-to-Machine (LWM2M) mandate its use for
securing application traffic. There has been much debate in both the
standardization and research communities on the applicability of DTLS to
constrained environments. The main concerns are the communication overhead and
latency of the DTLS handshake, and the memory footprint of a DTLS
implementation. This paper provides a thorough performance evaluation of DTLS
in different duty-cycled networks through real-world experimentation, emulation
and analysis. In particular, we measure the duration of the DTLS handshake when
using three duty cycling link-layer protocols: preamble-sampling, the IEEE
802.15.4 beacon-enabled mode and the IEEE 802.15.4e Time Slotted Channel
Hopping mode. The reported results demonstrate surprisingly poor performance of
DTLS in radio duty-cycled networks. Because a DTLS client and a server exchange
more than 10 signaling packets, the DTLS handshake takes between a handful of
seconds and several tens of seconds, with similar results for different duty
cycling protocols. Moreover, because of their limited memory, typical
constrained nodes can only maintain 3-5 simultaneous DTLS sessions, which
highlights the need for using DTLS parsimoniously.Comment: International Symposium on Personal, Indoor and Mobile Radio
Communications (PIMRC - 2015), IEEE, IEEE, 2015,
http://pimrc2015.eee.hku.hk/index.htm
SEABASS: Symmetric-keychain Encryption and Authentication for Building Automation Systems
There is an increasing security risk in Building Automation Systems (BAS) in that its communication is unprotected, resulting in the adversary having the capability to inject spurious commands to the actuators to alter the behaviour of BAS. The communication between the Human-Machine-Interface (HMI) and the controller (PLC) is vulnerable as there is no secret key being used to protect the authenticity, confidentiality and integrity of the sensor data and commands.
We propose SEABASS, a lightweight key management scheme to distribute and manage session keys between HMI and PLCs, providing a secure communication channel between any two communicating devices in BAS through a symmetric-key based hash-chain encryption and authentication of message exchange. Our scheme facilitates automatic renewal of session keys periodically based on the use of a reversed hash-chain. A prototype was implemented using the BACnet/IP communication protocol and the preliminary results show that the symmetric keychain approach is lightweight and incurs low latency
An Analysis and Enumeration of the Blockchain and Future Implications
The blockchain is a relatively new technology that has grown in interest and potential research since its inception. Blockchain technology is dominated by cryptocurrency in terms of usage. Research conducted in the past few years, however, reveals blockchain has the potential to revolutionize several different industries. The blockchain consists of three major technologies: a peer-to-peer network, a distributed database, and asymmetrically encrypted transactions. The peer-to-peer network enables a decentralized, consensus-based network structure where various nodes contribute to the overall network performance. A distributed database adds additional security and immutability to the network. The process of cryptographically securing individual transactions forms a core service of the blockchain and enables semi-anonymous user network presence
Securing Cyber-Physical Social Interactions on Wrist-worn Devices
Since ancient Greece, handshaking has been commonly practiced between two people as a friendly gesture to express trust and respect, or form a mutual agreement. In this article, we show that such physical contact can be used to bootstrap secure cyber contact between the smart devices worn by users. The key observation is that during handshaking, although belonged to two different users, the two hands involved in the shaking events are often rigidly connected, and therefore exhibit very similar motion patterns. We propose a novel key generation system, which harvests motion data during user handshaking from the wrist-worn smart devices such as smartwatches or fitness bands, and exploits the matching motion patterns to generate symmetric keys on both parties. The generated keys can be then used to establish a secure communication channel for exchanging data between devices. This provides a much more natural and user-friendly alternative for many applications, e.g., exchanging/sharing contact details, friending on social networks, or even making payments, since it doesn’t involve extra bespoke hardware, nor require the users to perform pre-defined gestures. We implement the proposed key generation system on off-the-shelf smartwatches, and extensive evaluation shows that it can reliably generate 128-bit symmetric keys just after around 1s of handshaking (with success rate >99%), and is resilient to different types of attacks including impersonate mimicking attacks, impersonate passive attacks, or eavesdropping attacks. Specifically, for real-time impersonate mimicking attacks, in our experiments, the Equal Error Rate (EER) is only 1.6% on average. We also show that the proposed key generation system can be extremely lightweight and is able to run in-situ on the resource-constrained smartwatches without incurring excessive resource consumption
- …