새로운 무인증서 공개키 배포 방법과 경량 보안 연결 방법

학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2017. 2. 권태경.Authenticating the other endpoint and protecting the data communication are the basic and important ways of secure communication. As the penetration of the Internet to the everyday life is getting accelerated, e.g. Internet of Things (IoT), the demand of secure communications increases. However, the aforementioned two ways have been threatened due to the problems of the Public Key Infrastructure (PKI) and the constrained resources of IoT devices. Therefore, this dissertation focuses on enhancing authentication regarding public key distribution and data protection considering resource-limited IoT devices. First, the current PKI has problems like certificate revocations and fraudulent certificates. To address such issues, we propose TwinPeaks, which is a new infrastructure to distribute public keys of named entities online. TwinPeaks leverages certificateless public key cryptography (CL-PKC), which we extend to make the public key of an entity depend on any combination of its networking parametersthus TwinPeaks can mitigate spoofing attacks systematically. TwinPeaks needs public key servers, which constitute a hierarchical tree like Domain Name System (DNS). For each parent-child link in the tree, the parent and the child interact in such a way that every named entity has its own public/secret key pair. TwinPeaks removes certificates and hence has no revocation overhead. Instead, each named entity should keep/update its IP address and public key up-to-date in its DNS server and key server, respectively. TwinPeaks also achieves scalable distribution of public keys since public keys can be cached long term without elevating security risks. Next, the IoT will be the norm in the foreseeable future. However, the security problem in the Internet will be worsened in IoT services considering the constrained resources of IoT devices. We propose a delegation-based DTLS/TLS framework (D2TLS) for cloud-based IoT services. D2TLS aims to achieve mutual authentication and to lower the burden of setting up secure connections significantly while keeping the private keys of IoT devices secret. Leveraging the session resumption in the DTLS/TLS standard and introducing a security agent, D2TLS achieves these goals with the modifications only within the IoT domain. That is, cloud and PKI systems need no change to deploy D2TLS. Numerical results show that D2TLS can achieve better performance in terms of delay and energy consumption than making a DTLS/TLS connection in standalone mode.1. Introduction 1 1.1 Motivation 1 1.2 Research Contributions 2 1.3 Organization of Dissertation 3 2 TwinPeaks: A New Approach for Certificateless Public Key Distribution 4 2.1 Introduction 4 2.2 Design Rationale 6 2.3 Certificateless Public Key Cryptography (CL-PKC) 8 2.4 How TwinPeaks Works 10 2.4.1 TwinPeaks Overview 11 2.4.2 CL-PKC extension 14 2.4.3 Public Key Update 16 2.4.4 Public Key Caching 17 2.4.5 Deployment: Islands & TLS Variant 18 2.5 Security Analysis 19 2.5.1 Threat Analysis 19 2.5.2 Certificateless Validation of a Public Key 21 2.6 Evaluation 22 2.6.1 Qualitative Comparison 22 2.6.2 Quantitative Comparison 23 2.6.3 Numerical Results 27 2.7 Discussions 33 2.8 Related Work 36 3 D2TLS: Delegation-based DTLS for Cloud-based IoT Services 38 3.1 Introduction 38 3.2 Related Work 41 3.3 Measurement of IoT Products 43 3.3.1 Smart Home Monitoring System 43 3.3.2 Smart Watch 48 3.4 Delegation-based DTLS (D2TLS) 51 3.4.1 D2TLS Framework 53 3.4.2 End-to-End Secure Connection 55 3.5 Security Considerations 56 3.6 Evaluation 59 3.6.1 Evaluation Environments 59 3.6.2 Delay 61 3.6.3 Energy Consumption 63 3.6.4 Code Size and Memory Requirements 65 3.6.5 Expected Session Overhead varying Frequency and Lifetime of a Session 66 3.7 Discussion 68 3.7.1 IoT device as a Server 68 3.7.2 Hardware-assisted IoT Security 69 4 Conclusion 71 Bibliography 73 초록 79Docto

TLS/PKI Challenges and certificate pinning techniques for IoT and M2M secure communications

Transport Layer Security is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on Public Key Infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, the article provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current Certificate Pinning solutions in order to illustrate the potential problems that should be addressed

Attacking DoH and ECH: Does Server Name Encryption Protect Users’ Privacy?

Privacy on the Internet has become a priority, and several efforts have been devoted to limit the leakage of personal information. Domain names, both in the TLS Client Hello and DNS traffic, are among the last pieces of information still visible to an observer in the network. The Encrypted Client Hello extension for TLS, DNS over HTTPS or over QUIC protocols aim to further increase network confidentiality by encrypting the domain names of the visited servers. In this article, we check whether an attacker able to passively observe the traffic of users could still recover the domain name of websites they visit even if names are encrypted. By relying on large-scale network traces, we show that simplistic features and off-the-shelf machine learning models are sufficient to achieve surprisingly high precision and recall when recovering encrypted domain names. We consider three attack scenarios, i.e., recovering the per-flow name, rebuilding the set of visited websites by a user, and checking which users visit a given target website. We next evaluate the efficacy of padding-based mitigation, finding that all three attacks are still effective, despite resources wasted with padding. We conclude that current proposals for domain encryption may produce a false sense of privacy, and more robust techniques should be envisioned to offer protection to end users

Performance evaluation of CoAP and MQTT with security support for IoT environments

World is living an overwhelming explosion of smart devices: electronic gadgets, appliances, meters, cars, sensors, camera and even traffic lights, that are connected to the Internet to extend their capabilities, constituting what is known as Internet of Things (IoT). In these environments, the application layer is decisive for the quality of the connection, which has dependencies to the transport layer, mainly when secure communications are used. This paper analyses the performance offered by these two most popular protocols for the application layer: Constrained Application Protocol (CoAP) and Message Queue Telemetry Transport (MQTT). This analysis aims to examine the features and capabilities of the two protocols and to determine their feasibility to operate under constrained devices taking into account security support and diverse network conditions, unlike the previous works. Since IoT devices typically show battery constraints, the analysis is focused on bandwidth and CPU use, using realistic network scenarios, since this use translates to power consumption.This work was supported in part by the Ministry of Economy and Competitiveness (Spain) under the project MAGOS (TEC2017-84197-C4-1-R) and by the Comunidad de Madrid (Spain) under the projects: CYNAMON (P2018/TCS-4566), co-financed by European Structural Funds (ESF and FEDER), and the Multiannual Agreement with UC3M in the line of Excellence of University Professors (EPUC3M21), in the context of the V PRICIT (Regional Programme of Research and Technological Innovation)

Fast Session Resumption in DTLS for Mobile Communications

DTLS is a protocol that provides security guarantees to Internet communications. It can operate on top of both TCP and UDP transport protocols. Thus, it is particularly suited for peer-to-peer and distributed multimedia applications. The same holds if the endpoints are mobile devices. In this scenario, mechanisms are needed to surmount possible network disconnections, often arising due to the mobility or the scarce resources of devices, that can jeopardize the quality of the communications. Session resumption is thus a main issue to deal with. To this aim, we propose a fast reconnection scheme that employs non-connected sockets to quickly resume DTLS communication sessions. The proposed scheme is assessed in a performance evaluation that confirms its viability.Comment: Proceedings of the IEEE Consumer Communications and Networking Conference 2020 (CCNC 2020