39 research outputs found
SECURE TEXT ENCRYPTION FOR IOT COMMUNICATION USING AFFINE CIPHER AND DIFFIE-HELLMAN KEY DISTRIBUTION ON ARDUINO ATMEGA2560 IOT DEVICES
In an Internet of Things (IoT) system, devices connected to the system exchange data. The data contains sensitive information about the connected devices in the system so it needs to be protected. Without security, the data in the IoT system can be easily retrieved. One way to prevent this is by implementing cryptography. Cryptography is a technique for protecting information by using encryption so that only the sender and receiver can see the contents of the information contained therein. The implementation of cryptography on IoT devices must consider the capabilities of IoT devices because in general IoT devices have limited processing capabilities compared to computer devices. Therefore, the selection of encryption algorithms needs to be adjusted to the computational capabilities of IoT devices. In this research, the affine cipher cryptography algorithm and Diffie-hellman key distribution algorithm are applied to the arduino atmega2560 IoT device. The purpose of this research is to increase the security of the IoT system by implementing cryptography. The method used in this research involves setting up a sequence of encryption and decryption steps using an affine cipher and diffie-hellman algorithms. Furthermore, these algorithms were implemented on an Arduino IoT device. Finally, the decryption time based on the number of characters and the avalanche test were tested. The results showed that on average, Arduino can perform decryption using affine cipher and diffie-hellman algorithms in 0.07 milliseconds per character. The avalanche test produced an average percentage of 45.51% from five trials
IoTSan: Fortifying the Safety of IoT Systems
Today's IoT systems include event-driven smart applications (apps) that
interact with sensors and actuators. A problem specific to IoT systems is that
buggy apps, unforeseen bad app interactions, or device/communication failures,
can cause unsafe and dangerous physical states. Detecting flaws that lead to
such states, requires a holistic view of installed apps, component devices,
their configurations, and more importantly, how they interact. In this paper,
we design IoTSan, a novel practical system that uses model checking as a
building block to reveal "interaction-level" flaws by identifying events that
can lead the system to unsafe states. In building IoTSan, we design novel
techniques tailored to IoT systems, to alleviate the state explosion associated
with model checking. IoTSan also automatically translates IoT apps into a
format amenable to model checking. Finally, to understand the root cause of a
detected vulnerability, we design an attribution mechanism to identify
problematic and potentially malicious apps. We evaluate IoTSan on the Samsung
SmartThings platform. From 76 manually configured systems, IoTSan detects 147
vulnerabilities. We also evaluate IoTSan with malicious SmartThings apps from a
previous effort. IoTSan detects the potential safety violations and also
effectively attributes these apps as malicious.Comment: Proc. of the 14th ACM CoNEXT, 201
SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps
Ministry of Education, Singapore under its Academic Research Funding Tier
Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study
The combination of smart home platforms and automation apps introduces much
convenience to smart home users. However, this also brings the potential for
privacy leakage. If a smart home platform is permitted to collect all the
events of a user day and night, then the platform will learn the behavior
patterns of this user before long. In this paper, we investigate how IFTTT, one
of the most popular smart home platforms, has the capability of monitoring the
daily life of a user in a variety of ways that are hardly noticeable. Moreover,
we propose multiple ideas for mitigating privacy leakages, which altogether
forms a Filter-and-Fuzz (F&F) process: first, it filters out events unneeded by
the IFTTT platform; then, it fuzzes the values and frequencies of the remaining
events. We evaluate the F&F process, and the results show that the proposed
solution makes IFTTT unable to recognize any of the user's behavior patterns
A Principled Approach to Securing IoT Apps
IoT apps are becoming increasingly popular as they allow users to manage their digital lives by connecting otherwise unconnected devices and services: cyberphysical “things” such as smart homes, cars, or fitness armbands, to online services such as Google or Dropbox, to social networks such as Facebook or Twitter. IoT apps rely on end-user programming, such that anyone with an active account on the platform can create and publish apps, with the majority of apps being created by third parties.We demonstrate that the most popular IoT app platforms are susceptible to attacks by malicious app makers and suggest short and longterm countermeasures for securing the apps. For short-term protection we rely on access\ua0control and suggest the apps to be classified either as exclusively private or exclusively public, disallowing in this way information from private sources to flow to public sinks.For longterm protection we rely on a principled approach for designing information flow controls. Following these principles we define projected security, a variant of noninterference that captures the attacker’s view of an app, and design two mechanisms for enforcing it. A static enforcement based on a flow-sensitive type system may be used by the platform to statically analyze the apps before being published on the app store. This enforcement covers leaks stemming from both explicit and implicit flows, but is not expressive enough to address timing attacks. Hence we design a second enforcement based on a dynamic monitor that covers the timing channels as well