2,675 research outputs found
RADIS: Remote Attestation of Distributed IoT Services
Remote attestation is a security technique through which a remote trusted
party (i.e., Verifier) checks the trustworthiness of a potentially untrusted
device (i.e., Prover). In the Internet of Things (IoT) systems, the existing
remote attestation protocols propose various approaches to detect the modified
software and physical tampering attacks. However, in an interoperable IoT
system, in which IoT devices interact autonomously among themselves, an
additional problem arises: a compromised IoT service can influence the genuine
operation of other invoked service, without changing the software of the
latter. In this paper, we propose a protocol for Remote Attestation of
Distributed IoT Services (RADIS), which verifies the trustworthiness of
distributed IoT services. Instead of attesting the complete memory content of
the entire interoperable IoT devices, RADIS attests only the services involved
in performing a certain functionality. RADIS relies on a control-flow
attestation technique to detect IoT services that perform an unexpected
operation due to their interactions with a malicious remote service. Our
experiments show the effectiveness of our protocol in validating the integrity
status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table
PROVIDE: hiding from automated network scans with proofs of identity
Network scanners are a valuable tool for researchers and administrators, however they are also used by malicious actors to identify vulnerable hosts on a network. Upon the disclosure of a security vulnerability, scans are launched within hours. These opportunistic attackers enumerate blocks of IP addresses in hope of discovering an exploitable host. Fortunately, defensive measures such as port knocking protocols (PKPs) allow a service to remain stealth to unauthorized IP addresses. The service is revealed only when a client includes a special authentication token (AT) in the IP/TCP header. However this AT is generated from a secret shared between the clients/servers and distributed manually to each endpoint. As a result, these defense measures have failed to be widely adopted by other protocols such as HTTP/S due to challenges in distributing the shared secrets. In this paper we propose a scalable solution to this problem for services accessed by domain name. We make the following observation: automated network scanners access servers by IP address, while legitimate clients access the server by name. Therefore a service should only reveal itself to clients who know its name. Based on this principal, we have created a proof of the verifier’s identity (a.k.a. PROVIDE) protocol that allows a prover (legitimate user) to convince a verifier (service) that it is knowledgeable of the verifier’s identity. We present a PROVIDE implementation using a PKP and DNS (PKP+DNS) that uses DNS TXT records to distribute identification tokens (IDT) while DNS PTR records for the service’s domain name are prohibited to prevent reverse DNS lookups. Clients are modified to make an additional DNS TXT query to obtain the IDT which is used by the PKP to generate an AT. The inclusion of an AT in the packet header, generated from the DNS TXT query, is proof the client knows the service’s identity. We analyze the effectiveness of this mechanism with respect to brute force attempts for various strength ATs and discuss practical considerations.This work has been supported by the National Science Foundation (NSF) awards #1430145, #1414119, and #1012798
Lightweight Blockchain Framework for Location-aware Peer-to-Peer Energy Trading
Peer-to-Peer (P2P) energy trading can facilitate integration of a large
number of small-scale producers and consumers into energy markets.
Decentralized management of these new market participants is challenging in
terms of market settlement, participant reputation and consideration of grid
constraints. This paper proposes a blockchain-enabled framework for P2P energy
trading among producer and consumer agents in a smart grid. A fully
decentralized market settlement mechanism is designed, which does not rely on a
centralized entity to settle the market and encourages producers and consumers
to negotiate on energy trading with their nearby agents truthfully. To this
end, the electrical distance of agents is considered in the pricing mechanism
to encourage agents to trade with their neighboring agents. In addition, a
reputation factor is considered for each agent, reflecting its past performance
in delivering the committed energy. Before starting the negotiation, agents
select their trading partners based on their preferences over the reputation
and proximity of the trading partners. An Anonymous Proof of Location (A-PoL)
algorithm is proposed that allows agents to prove their location without
revealing their real identity. The practicality of the proposed framework is
illustrated through several case studies, and its security and privacy are
analyzed in detail
Carbon Trading with Blockchain
Blockchain has the potential to accelerate the deployment of emissions
trading systems (ETS) worldwide and improve upon the efficiency of existing
systems. In this paper, we present a model for a permissioned blockchain
implementation based on the successful European Union (EU) ETS and discuss its
potential advantages over existing technology. We propose an ETS model that is
both backwards compatible and future-proof, characterised by
interconnectedness, transparency, tamper-resistance and high liquidity.
Further, we identify key challenges to implementation of a blockchain ETS, as
well as areas of future work required to enable a fully-decentralised
blockchain ETS
BANZKP: a Secure Authentication Scheme Using Zero Knowledge Proof for WBANs
-Wireless body area network(WBAN) has shown great potential in improving
healthcare quality not only for patients but also for medical staff. However,
security and privacy are still an important issue in WBANs especially in
multi-hop architectures. In this paper, we propose and present the design and
the evaluation of a secure lightweight and energy efficient authentication
scheme BANZKP based on an efficient cryptographic protocol, Zero Knowledge
Proof (ZKP) and a commitment scheme. ZKP is used to confirm the identify of the
sensor nodes, with small computational requirement, which is favorable for body
sensors given their limited resources, while the commitment scheme is used to
deal with replay attacks and hence the injection attacks by committing a
message and revealing the key later. Our scheme reduces the memory requirement
by 56.13 % compared to TinyZKP [13], the comparable alternative so far for Body
Area Networks, and uses 10 % less energy
- …