251 research outputs found
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Contributions to Securing Software Updates in IoT
The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate
IETF standardization in the field of the Internet of Things (IoT): a survey
Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there have been many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. In this paper, we will briefly review the history of integrating constrained devices into the Internet, followed by an extensive overview of IETF standardization work in the 6LoWPAN, ROLL and CoRE working groups. This is complemented with a broad overview of related research results that illustrate how this work can be extended or used to tackle other problems and with a discussion on open issues and challenges. As such the aim of this paper is twofold: apart from giving readers solid insights in IETF standardization work on the Internet of Things, it also aims to encourage readers to further explore the world of Internet-connected objects, pointing to future research opportunities
IoT Content Object Security with OSCORE and NDN: A First Experimental Comparison
The emerging Internet of Things (IoT) challenges the end-to-end transport of
the Internet by low power lossy links and gateways that perform protocol
translations. Protocols such as CoAP or MQTT-SN are degraded by the overhead of
DTLS sessions, which in common deployment protect content transfer only up to
the gateway. To preserve content security end-to-end via gateways and proxies,
the IETF recently developed Object Security for Constrained RESTful
Environments (OSCORE), which extends CoAP with content object security features
commonly known from Information Centric Networks (ICN).
This paper presents a comparative analysis of protocol stacks that protect
request-response transactions. We measure protocol performances of CoAP over
DTLS, OSCORE, and the information-centric Named Data Networking (NDN) protocol
on a large-scale IoT testbed in single- and multi-hop scenarios. Our findings
indicate that (a) OSCORE improves on CoAP over DTLS in error-prone wireless
regimes due to omitting the overhead of maintaining security sessions at
endpoints, and (b) NDN attains superior robustness and reliability due to its
intrinsic network caches and hop-wise retransmissions
End-to-end security in embedded system for modern mobile communication technologies
Modern mobile electronic devices such as smartphones or cell phones can now be used for distant devices such as technical systems to monitor and control. While surveillance systems do not require high standards navigating about the time of transfer of the displayed data. More real-time data are needed for a remote mobile robot transfer. Therefore, it has investigated and measured not only the possibilities of employing mobile devices. But also, the supported data transmission channels, such as UMTS, GSM, Wireless LAN, and Bluetooth. The remotecontrol system is used in many applications such as smart homes, cities, smart hospitals, etc., but it must be today updated to ensure fast-changing technology. Extensive coverage, remote control, and reliable operation in realtime in the deployment of wireless security knowledge. The home automation control system delivers significant features together with a user-friendly interface. A secure remote-based end-to-end security system NTMobile, a technique that enables NAT to provide transverse and encrypted communication from end to end. This confirmed that evaluating the performance of the system in the ECHONET lite compatible smartphone ecosystem. This gives flexibility in configuring time-sensitive industrial networks and enables them to be secured. A safe and reliable remote-control system is also conceivable under the privacy of the user
- …