Lightweight Authentication Protocol (LAUP) for 6LoWPAN wireless sensor networks

© 2017 IEEE. 6LoWPAN networks involving wireless sensors consist of resource starving miniature sensor nodes. Since secured authentication of these resource-constrained sensors is one of the important considerations during communication, use of asymmetric key distribution scheme may not be the perfect choice to achieve secure authentication. Recent research shows that Lucky Thirteen attack has compromised Datagram Transport Layer Security (DTLS) with Cipher Block Chaining (CBC) mode for key establishment. Even though EAKES6Lo and S3K techniques for key establishment follow the symmetric key establishment method, they strongly rely on a remote server and trust anchor for secure key distribution. Our proposed Lightweight Authentication Protocol (LAUP) used a symmetric key method with no preshared keys and comprised of four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight uses freshly derived keys from existing information such as PAN ID (Personal Area Network IDentification) and device identities. We formally verified our scheme using the Scyther security protocol verification tool for authentication properties such as Aliveness, Secrecy, Non-Injective Agreement and Non-Injective Synchronization. We simulated and evaluated the proposed LAUP protocol using COOJA simulator with ContikiOS and achieved less computational time and low power consumption compared to existing authentication protocols such as the EAKES6Lo and SAKES

Systematic Review of Internet of Things Security

The Internet of Things has become a new paradigm of current communications technology that requires a deeper overview to map its application domains, advantages, and disadvantages. There have been a number of in-depth research efforts to study various aspects of IoT. However, to the best of our knowledge, there is no literature that have discussed specifically and deeply about the security and privacy aspects of IoT. To that end, this paper aims at providing a more comprehensive and systematic review of IoT security based on the survey result of the most recent literature over the past three years (2015 to 2017). We have classified IoT security research based on the research objectives, application domains, vulner-abilities/threats, countermeasures, platforms, proto-cols, and performance measurements. We have also provided some security challenges for further research

Privacy of the Internet of Things: A Systematic Literature Review

The Internet of Things’ potential for major privacy invasion is a concern. This paper reports on a systematic literature review of privacy-preserving solutions appearing in the research literature and in the media. We analysed proposed solutions in terms of the techniques they deployed and the extent to which they satisfied core privacy principles. We found that very few solutions satisfied all core privacy principles. We also identified a number of key knowledge gaps in the course of the analysis. In particular, we found that most solution providers assumed that end users would be willing to expend effort to preserve their privacy; that they would be motivated to take action to ensure that their privacy was respected. The validity of this assumption needs to be proved, since it cannot simply be assumed that people would necessarily be willing to engage with privacy-preserving solutions. We suggest this as a topic for future research

A New Trust Framework for E-Government in Cloud of Things

The concept of Cloud of Things becomes important for each e-government, facilitating its way of work, increasing its productivity and all that leading to cost savings. It will likely have a significant impact on the e-governments in the future. E-government diversity goals face many challenges. Trust is a major challenge when deploying Cloud of Things in e-government. In this paper, a new trust framework is proposed that supports trust between Internet of Things devices interconnected to the Cloud in order to support e-government services to be delivered in trusted manner. The proposed framework has been applied to a use case study to ensure the trustworthiness of the proposed framework in a real mission. The results show that the proposed trust framework is useful to ensuring a trust environment for Cloud of Things in order to continue providing and gathering data needed to provide services to users through the E-government services

Internet of Things Security Using Secondary Monitoring

In the last few years Internet of things (IoT) has become much more prevalent in everyday consumer items. However, frequently these devices have weak, outdated or non-existent security which leaves them vulnerable to cyber-attacks. In the case of IoT devices which are used to control physical items, such as an internet-enabled thermostat controlling a furnace, there is the potential to cause serious harm to property and put people in danger if control of the device is compromised. This risk is similar to that found in Industrial Control Systems (ICS). In that context, one way of reducing the risk is by implementing redundant sensors and actuators which allow the system to continue to function normally even if an attacker gains partial control of the system. This paper proposes applying a similar concept to IoT controllers to increase user awareness of the state of the physical system being controlled by implementing an independent secondary sensor which can then indicate if there is a discrepancy between what the IoT controller is reporting and the actual state of the physical device. This system is implemented with the sensor on a separate subnet from the IoT controller within the network setup. A central computer is set up to query both the sensor and the controller to verify they are both reporting the same state of the physical device. If a discrepancy is detected then the user is alerted via text message. The setup was subjected to a number of tests to verify its resiliency and reliability and although the prototype has room for improvement it worked well overall. The paper also presents a cost analysis process for determining when the system is likely to be cost effective to implement and found that in many scenarios the required reduction in risk of physical harm being done by a rogue IoT controller is sufficiently reduced to justify implementing this solution

Integrated Framework For Mobile Low Power IoT Devices

Ubiquitous object networking has sparked the concept of the Internet of Things (IoT) which defines a new era in the world of networking. The IoT principle can be addressed as one of the important strategic technologies that will positively influence the humans’ life. All the gadgets, appliances and sensors around the world will be connected together to form a smart environment, where all the entities that connected to the Internet can seamlessly share data and resources. The IoT vision allows the embedded devices, e.g. sensor nodes, to be IP-enabled nodes and interconnect with the Internet. The demand for such technique is to make these embedded nodes act as IP-based devices that communicate directly with other IP networks without unnecessary overhead and to feasibly utilize the existing infrastructure built for the Internet. In addition, controlling and monitoring these nodes is maintainable through exploiting the existed tools that already have been developed for the Internet. Exchanging the sensory measurements through the Internet with several end points in the world facilitates achieving the concept of smart environment. Realization of IoT concept needs to be addressed by standardization efforts that will shape the infrastructure of the networks. This has been achieved through the IEEE 802.15.4, 6LoWPAN and IPv6 standards. The bright side of this new technology is faced by several implications since the IoT introduces a new class of security issues, such as each node within the network is considered as a point of vulnerability where an attacker can utilize to add malicious code via accessing the nodes through the Internet or by compromising a node. On the other hand, several IoT applications comprise mobile nodes that is in turn brings new challenges to the research community due to the effect of the node mobility on the network management and performance. Another defect that degrades the network performance is the initialization stage after the node deployment step by which the nodes will be organized into the network. The recent IEEE 802.15.4 has several structural drawbacks that need to be optimized in order to efficiently fulfil the requirements of low power mobile IoT devices. This thesis addresses the aforementioned three issues, network initialization, node mobility and security management. In addition, the related literature is examined to define the set of current issues and to define the set of objectives based upon this. The first contribution is defining a new strategy to initialize the nodes into the network based on the IEEE 802.15.4 standard. A novel mesh-under cluster-based approach is proposed and implemented that efficiently initializes the nodes into clusters and achieves three objectives: low initialization cost, shortest path to the sink node, low operational cost (data forwarding). The second contribution is investigating the mobility issue within the IoT media access control (MAC) infrastructure and determining the related problems and requirements. Based on this, a novel mobility scheme is presented that facilitates node movement inside the network under the IEEE 802.15.4e time slotted channel hopping (TSCH) mode. The proposed model mitigates the problem of frequency channel hopping and slotframe issue in the TSCH mode. The next contribution in this thesis is determining the mobility impact on low latency deterministic (LLDN) network. One of the significant issues of mobility is increasing the latency and degrading packet delivery ratio (PDR). Accordingly, a novel mobility protocol is presented to tackle the mobility issue in LLDN mode and to improve network performance and lessen impact of node movement. The final contribution in this thesis is devising a new key bootstrapping scheme that fits both IEEE 802.15.4 and 6LoWPAN neighbour discovery architectures. The proposed scheme permits a group of nodes to establish the required link keys without excessive communication/computational overhead. Additionally, the scheme supports the mobile node association process by ensuring secure access control to the network and validates mobile node authenticity in order to eliminate any malicious node association. The purposed key management scheme facilitates the replacement of outdated master network keys and release the required master key in a secure manner. Finally, a modified IEEE 802.15.4 link-layer security structure is presented. The modified architecture minimizes both energy consumption and latency incurred through providing authentication/confidentiality services via the IEEE 802.15.4