71 research outputs found
Protecting EST Payloads with OSCORE: IETF Internet Draft
draft-selander-ace-coap-est-oscore-04This document specifies public-key certificate enrollment procedures protected with lightweight application-layer security protocols suitable for Internet of Things (IoT) deployments. The protocols leverage payload formats defined in Enrollment over Secure Transport (EST) and existing IoT standards including the Constrained Application Protocol (CoAP), Concise Binary Object Representation (CBOR) and the CBOR Object Signing and Encryption (COSE) format
Industrial IoT with Crystal-Free Mote-on-Chip
International audienc
[I] Why do we find so many meteorites on the Nansen blue ice field and where else could we look?
The Tenth Symposium on Polar Science/Special session: [S] Future plan of Antarctic research: Towards phase X of the Japanese Antarctic Research Project (2022-2028) and beyond, Tue. 3 Dec. / 2F Auditorium, National Institute of Polar Researc
Extraordinary rocks from the peak ring of the Chicxulub impact crater: P-wave velocity, density, and porosity measurements from IODP/ICDP Expedition 364
Joint International Ocean Discovery Program and International Continental Scientific Drilling Program Expedition 364 drilled into the peak ring of the Chicxulub impact crater. We present P-wave velocity, density, and porosity measurements from Hole M0077A that reveal unusual physical properties of the peak-ring rocks. Across the boundary between post-impact sedimentary rock and suevite (impact melt-bearing breccia) we measure a sharp decrease in velocity and density, and an increase in porosity. Velocity, density, and porosity values for the suevite are 2900â3700 m/s, 2.06â2.37 g/cm3, and 20â35%, respectively. The thin (25 m) impact melt rock unit below the suevite has velocity measurements of 3650â4350 m/s, density measurements of 2.26â2.37 g/cm3, and porosity measurements of 19â22%. We associate the low velocity, low density, and high porosity of suevite and impact melt rock with rapid emplacement, hydrothermal alteration products, and observations of pore space, vugs, and vesicles. The uplifted granitic peak ring materials have values of 4000â4200 m/s, 2.39â2.44 g/cm3, and 8â13% for velocity, density, and porosity, respectively; these values differ significantly from typical unaltered granite which has higher velocity and density, and lower porosity. The majority of Hole M0077A peak-ring velocity, density, and porosity measurements indicate considerable rock damage, and are consistent with numerical model predictions for peak-ring formation where the lithologies present within the peak ring represent some of the most shocked and damaged rocks in an impact basin. We integrate our results with previous seismic datasets to map the suevite near the borehole. We map suevite below the Paleogene sedimentary rock in the annular trough, on the peak ring, and in the central basin, implying that, post impact, suevite covered the entire floor of the impact basin. Suevite thickness is 100â165 m on the top of the peak ring but 200 m in the central basin, suggesting that suevite flowed downslope from the collapsing central uplift during and after peak-ring formation, accumulating preferentially within the central basin
Ocean Drilling Perspectives on Meteorite Impacts
Extraterrestrial impacts that reshape the surfaces of rocky bodies are ubiquitous in the solar system. On early Earth, impact structures may have nurtured the evolution of life. More recently, a large meteorite impact off the YucatĂĄn Peninsula in Mexico at the end of the Cretaceous caused the disappearance of 75% of species known from the fossil record, including non-avian dinosaurs, and cleared the way for the dominance of mammals and the eventual evolution of humans. Understanding the fundamental processes associated with impact events is critical to understanding the history of life on Earth, and the potential for life in our solar system and beyond.
Scientific ocean drilling has generated a large amount of unique data on impact pro- cesses. In particular, the YucatĂĄn Chicxulub impact is the single largest and most sig- nificant impact event that can be studied by sampling in modern ocean basins, and marine sediment cores have been instrumental in quantifying its environmental, cli- matological, and biological effects. Drilling in the Chicxulub crater has significantly advanced our understanding of fundamental impact processes, notably the formation of peak rings in large impact craters, but these data have also raised new questions to be addressed with future drilling. Within the Chicxulub crater, the nature and thickness of the melt sheet in the central basin is unknown, and an expanded Paleocene hemipelagic section would provide insights to both the recovery of life and the climatic changes that followed the impact. Globally, new cores collected from todayâs central Pacific could directly sample the downrange ejecta of this northeast-southwest trending impact.
Extraterrestrial impacts have been controversially suggested as primary drivers for many important paleoclimatic and environmental events throughout Earth history. However, marine sediment archives collected via scientific ocean drilling and geo- chemical proxies (e.g., osmium isotopes) provide a long-term archive of major impact events in recent Earth history and show that, other than the end-Cretaceous, impacts do not appear to drive significant environmental changes
Probing the hydrothermal system of the Chicxulub impact crater
The ~180-km-diameter Chicxulub peak-ring crater and ~240-km multiring basin, produced by the impact that terminated the Cretaceous, is the largest remaining intact impact basin on Earth. International Ocean Discovery Program (IODP) and International Continental Scientific Drilling Program (ICDP) Expedition 364 drilled to a depth of 1335 m below the sea floor into the peak ring, providing a unique opportunity to study the thermal and chemical modification of Earthâs crust caused by the impact. The recovered core shows the crater hosted a spatially extensive hydrothermal system that chemically and mineralogically modified ~1.4 Ă 105 km3 of Earthâs crust, a volume more than nine times that of the Yellowstone Caldera system. Initially, high temperatures of 300° to 400°C and an independent geomagnetic polarity clock indicate the hydrothermal system was long lived, in excess of 106 years
Globally distributed iridium layer preserved within the Chicxulub impact structure
The Cretaceous-Paleogene (K-Pg) mass extinction is marked globally by elevated concentrations of iridium, emplaced by a hypervelocity impact event 66 million years ago. Here, we report new data from four independent laboratories that reveal a positive iridium anomaly within the peak-ring sequence of the Chicxulub impact structure, in drill core recovered by IODP-ICDP Expedition 364. The highest concentration of ultrafine meteoritic matter occurs in the post-impact sediments that cover the crater peak ring, just below the lowermost Danian pelagic limestone. Within years to decades after the impact event, this part of the Chicxulub impact basin returned to a relatively low-energy depositional environment, recording in unprecedented detail the recovery of life during the succeeding millennia. The iridium layer provides a key temporal horizon precisely linking Chicxulub to K-Pg boundary sections worldwide
The formation of peak rings in large impact craters
Large impacts provide a mechanism for resurfacing planets through mixing near-surface rocks with deeper material. Central peaks are formed from the dynamic uplift of rocks during crater formation. As crater size increases, central peaks transition to peak rings. Without samples, debate surrounds the mechanics of peak-ring formation and their depth of origin. Chicxulub is the only known impact structure on Earth with an unequivocal peak ring, but it is buried and only accessible through drilling. Expedition 364 sampled the Chicxulub peak ring, which we found was formed from uplifted, fractured, shocked, felsic basement rocks. The peak-ring rocks are cross-cut by dikes and shear zones and have an unusually low density and seismic velocity. Large impacts therefore generate vertical fluxes and increase porosity in planetary crust
Security for the internet of things : a bottom-up approach to the secure and standardized internet of things
La rapide expansion du marchĂ© de lâIoT a permis de relier de plus en plus de matĂ©riels bon marchĂ© Ă lâInternet. Pour bon nombre de ces objets, la sĂ©curitĂ© ne constitue pas une prioritĂ©. En raison de leursfonctionnalitĂ©s avancĂ©es de dĂ©tection et de manipulation, ces produits IoT mal sĂ©curisĂ©s mettent en dangerla vie privĂ©e et la sĂ©curitĂ© de leurs utilisateurs.Bien que lâIoT englobe des objets connectĂ©s de capacitĂ©s variables, dans ces travaux, nous nous concentronssur les Ă©quipements contraints en Ă©nergie, en ressources mĂ©moires, et Ă faible puissance de calcul.Ces restrictions limitent non seulement la possibilitĂ© de traitements, mais aussi la capacitĂ© Ă protĂ©ger lesdonnĂ©es et les utilisateurs. Afin de sĂ©curiser lâIoT, nous identifions plusieurs Ă©lĂ©ments de bases permettantde fournir des services de sĂ©curitĂ© sur lâensemble dâun Ă©quipement.LâimplĂ©mentation des mĂ©canismes de sĂ©curitĂ© au niveau matĂ©riel constitue un premier pilier pourlâIoT sĂ©curisĂ©. Diverses fonctions, telles que le dĂ©marrage sĂ©curisĂ©, lâattestation Ă distance et les mises Ă jour "over-the-air", dĂ©pendent en effet fortement de son support. Comme lâimplĂ©mentation de la sĂ©curitĂ©matĂ©rielle est souvent coĂ»teuse et ne peut ĂȘtre appliquĂ©e aux systĂšmes existants, nous Ă©tudions lâattestationpurement logicielle. Cette mĂ©thode fournit une racine de confiance aux systĂšmes distants qui ne supportentpas la sĂ©curitĂ© au niveau matĂ©riel. Dans le cadre de lâattestation Ă distance, lâidentification de lâappareilest primordiale. Une partie de ce travail est donc consacrĂ©e Ă lâĂ©tude des identificateurs physiques desdispositifs et de leur fiabilitĂ©.LâIoT sĂ©curisĂ© repose sur un deuxiĂšme Ă©lĂ©ment clĂ©: la cryptographie. Cette derniĂšre est abondammentutilisĂ©e par tous les autres mĂ©canismes de sĂ©curitĂ© et largement Ă©tudiĂ©e. Nous Ă©tudions les performancesdes algorithmes cryptographiques rĂ©cents pour les dispositifs contraints.Un troisiĂšme Ă©lĂ©ment central pour sĂ©curiser lâIoT est la capacitĂ© de la pile protocolaire Ă sĂ©curiser lescommunications. Nous montrons par exemple quâil est possible dâexploiter la tolĂ©rance du BLE Ă la dĂ©rivedâhorloge pour Ă©tablir un canal couvert. Dâautre part, il est possible de monter une attaque de dĂ©ni deservice en exploitant les phases Ă©nergivores du rĂ©seau, notamment la phase dâattache. Nous proposonsdans ces travaux un algorithme dĂ©fensif qui rĂ©duit quasiment Ă nĂ©ant les surcoĂ»ts liĂ©s Ă la connexion aurĂ©seau.Les architectures de sĂ©curitĂ© constituent le dernier pilier pour la sĂ©curitĂ© de lâIoT. Elles permettent eneffet de guider le dĂ©ploiement dâun IoT sĂ©curisĂ© Ă grande Ă©chelle. AprĂšs avoir Ă©tudiĂ© la proposition de lâIETFde schĂ©ma dâauthentification et dâautorisation pour lâIoT, nous proposons deux pistes dâamĂ©lioration de lasĂ©curitĂ©.Enfin, la mise en place dâune architecture de sĂ©curitĂ© implique le choix du protocole. Dans le contextedes rĂ©seaux contraints Ă©nergĂ©tiquement, le critĂšre dĂ©terminant sera la consommation. MĂȘme si, Ă lâavenir, lâIoT utilisera principalement le paradigme dâobjets sĂ©curisĂ©s pour protĂ©ger les donnĂ©es, tant queces derniers ne seront pas largement supportĂ©s, de nombreux produits IoT sâappuieront sur les protocolesde sĂ©curitĂ© traditionnels tels que TLS et DTLS. Câest pourquoi nous rĂ©alisons une Ă©tude de performance surla partie la plus critique de ces protocoles : lâĂ©tablissement du secret partagĂ©. Nous montrons que, mĂȘmesi le "handshake" DTLS utilise moins de paquets pour Ă©tablir le secret partagĂ©, TLS obtient des meilleursrĂ©sultats dans les rĂ©seaux avec pertes.The rapid expansion of the IoT has unleashed a tidal wave of cheap Internet-connected hardware. Formany of these products, security was merely an afterthought. Due to their advanced sensing and actuatingfunctionalities, poorly-secured IoT devices endanger the privacy and safety of their users.While the IoT contains hardware with varying capabilities, in this work, we primarily focus on the constrainedIoT. The restrictions on energy, computational power, and memory limit not only the processingcapabilities of the devices but also their capacity to protect their data and users from attacks. To secure theIoT, we need several building blocks. We structure them in a bottom-up fashion where each block providessecurity services to the next one.The first cornerstone of the secure IoT relies on hardware-enforced mechanisms. Various security features,such as secure boot, remote attestation, and over-the-air updates, rely heavily on its support. Sincehardware security is often expensive and cannot be applied to legacy systems, we alternatively discusssoftware-only attestation. It provides a trust anchor to remote systems that lack hardware support. In thesetting of remote attestation, device identification is paramount. Hence, we dedicated a part of this work tothe study of physical device identifiers and their reliability.The IoT hardware also frequently provides support for the second building block: cryptography. Itis used abundantly by all the other security mechanisms, and recently much research has focussed onlightweight cryptographic algorithms. We studied the performance of the recent lightweight cryptographicalgorithms on constrained hardware.A third core element for the security of the IoT is the capacity of its networking stack to protect the communications.We demonstrate that several optimization techniques expose vulnerabilities. For example,we show how to set up a covert channel by exploiting the tolerance of the Bluetooth LE protocol towardsthe naturally occurring clock drift. It is also possible to mount a denial-of-service attack that leverages theexpensive network join phase. As a defense, we designed an algorithm that almost completely alleviates theoverhead of network joining.The last building block we consider is security architectures for the IoT. They guide the secure integrationof the IoT with the traditional Internet. We studied the IETF proposal concerning the constrainedauthentication and authorization framework, and we propose two adaptations that aim to improve its security.Finally, the deployment of the IETF architecture heavily depends on the security of the underlying communicationprotocols. In the future, the IoT will mainly use the object security paradigm to secure datain flight. However, until these protocols are widely supported, many IoT products will rely on traditionalsecurity protocols, i.e., TLS and DTLS. For this reason, we conducted a performance study of the most criticalpart of the protocols: the handshake phase. We conclude that while the DTLS handshake uses fewerpackets to establish the shared secret, TLS outperforms DTLS in lossy networks
Sécurité pour l'internet des objets : une approche des bas en haut pour un internet des objets sécurisé et normalisé
The rapid expansion of the IoT has unleashed a tidal wave of cheap Internet-connected hardware. Formany of these products, security was merely an afterthought. Due to their advanced sensing and actuatingfunctionalities, poorly-secured IoT devices endanger the privacy and safety of their users.While the IoT contains hardware with varying capabilities, in this work, we primarily focus on the constrainedIoT. The restrictions on energy, computational power, and memory limit not only the processingcapabilities of the devices but also their capacity to protect their data and users from attacks. To secure theIoT, we need several building blocks. We structure them in a bottom-up fashion where each block providessecurity services to the next one.The first cornerstone of the secure IoT relies on hardware-enforced mechanisms. Various security features,such as secure boot, remote attestation, and over-the-air updates, rely heavily on its support. Sincehardware security is often expensive and cannot be applied to legacy systems, we alternatively discusssoftware-only attestation. It provides a trust anchor to remote systems that lack hardware support. In thesetting of remote attestation, device identification is paramount. Hence, we dedicated a part of this work tothe study of physical device identifiers and their reliability.The IoT hardware also frequently provides support for the second building block: cryptography. Itis used abundantly by all the other security mechanisms, and recently much research has focussed onlightweight cryptographic algorithms. We studied the performance of the recent lightweight cryptographicalgorithms on constrained hardware.A third core element for the security of the IoT is the capacity of its networking stack to protect the communications.We demonstrate that several optimization techniques expose vulnerabilities. For example,we show how to set up a covert channel by exploiting the tolerance of the Bluetooth LE protocol towardsthe naturally occurring clock drift. It is also possible to mount a denial-of-service attack that leverages theexpensive network join phase. As a defense, we designed an algorithm that almost completely alleviates theoverhead of network joining.The last building block we consider is security architectures for the IoT. They guide the secure integrationof the IoT with the traditional Internet. We studied the IETF proposal concerning the constrainedauthentication and authorization framework, and we propose two adaptations that aim to improve its security.Finally, the deployment of the IETF architecture heavily depends on the security of the underlying communicationprotocols. In the future, the IoT will mainly use the object security paradigm to secure datain flight. However, until these protocols are widely supported, many IoT products will rely on traditionalsecurity protocols, i.e., TLS and DTLS. For this reason, we conducted a performance study of the most criticalpart of the protocols: the handshake phase. We conclude that while the DTLS handshake uses fewerpackets to establish the shared secret, TLS outperforms DTLS in lossy networks.La rapide expansion du marchĂ© de lâIoT a permis de relier de plus en plus de matĂ©riels bon marchĂ© Ă lâInternet. Pour bon nombre de ces objets, la sĂ©curitĂ© ne constitue pas une prioritĂ©. En raison de leursfonctionnalitĂ©s avancĂ©es de dĂ©tection et de manipulation, ces produits IoT mal sĂ©curisĂ©s mettent en dangerla vie privĂ©e et la sĂ©curitĂ© de leurs utilisateurs.Bien que lâIoT englobe des objets connectĂ©s de capacitĂ©s variables, dans ces travaux, nous nous concentronssur les Ă©quipements contraints en Ă©nergie, en ressources mĂ©moires, et Ă faible puissance de calcul.Ces restrictions limitent non seulement la possibilitĂ© de traitements, mais aussi la capacitĂ© Ă protĂ©ger lesdonnĂ©es et les utilisateurs. Afin de sĂ©curiser lâIoT, nous identifions plusieurs Ă©lĂ©ments de bases permettantde fournir des services de sĂ©curitĂ© sur lâensemble dâun Ă©quipement.LâimplĂ©mentation des mĂ©canismes de sĂ©curitĂ© au niveau matĂ©riel constitue un premier pilier pourlâIoT sĂ©curisĂ©. Diverses fonctions, telles que le dĂ©marrage sĂ©curisĂ©, lâattestation Ă distance et les mises Ă jour "over-the-air", dĂ©pendent en effet fortement de son support. Comme lâimplĂ©mentation de la sĂ©curitĂ©matĂ©rielle est souvent coĂ»teuse et ne peut ĂȘtre appliquĂ©e aux systĂšmes existants, nous Ă©tudions lâattestationpurement logicielle. Cette mĂ©thode fournit une racine de confiance aux systĂšmes distants qui ne supportentpas la sĂ©curitĂ© au niveau matĂ©riel. Dans le cadre de lâattestation Ă distance, lâidentification de lâappareilest primordiale. Une partie de ce travail est donc consacrĂ©e Ă lâĂ©tude des identificateurs physiques desdispositifs et de leur fiabilitĂ©.LâIoT sĂ©curisĂ© repose sur un deuxiĂšme Ă©lĂ©ment clĂ©: la cryptographie. Cette derniĂšre est abondammentutilisĂ©e par tous les autres mĂ©canismes de sĂ©curitĂ© et largement Ă©tudiĂ©e. Nous Ă©tudions les performancesdes algorithmes cryptographiques rĂ©cents pour les dispositifs contraints.Un troisiĂšme Ă©lĂ©ment central pour sĂ©curiser lâIoT est la capacitĂ© de la pile protocolaire Ă sĂ©curiser lescommunications. Nous montrons par exemple quâil est possible dâexploiter la tolĂ©rance du BLE Ă la dĂ©rivedâhorloge pour Ă©tablir un canal couvert. Dâautre part, il est possible de monter une attaque de dĂ©ni deservice en exploitant les phases Ă©nergivores du rĂ©seau, notamment la phase dâattache. Nous proposonsdans ces travaux un algorithme dĂ©fensif qui rĂ©duit quasiment Ă nĂ©ant les surcoĂ»ts liĂ©s Ă la connexion aurĂ©seau.Les architectures de sĂ©curitĂ© constituent le dernier pilier pour la sĂ©curitĂ© de lâIoT. Elles permettent eneffet de guider le dĂ©ploiement dâun IoT sĂ©curisĂ© Ă grande Ă©chelle. AprĂšs avoir Ă©tudiĂ© la proposition de lâIETFde schĂ©ma dâauthentification et dâautorisation pour lâIoT, nous proposons deux pistes dâamĂ©lioration de lasĂ©curitĂ©.Enfin, la mise en place dâune architecture de sĂ©curitĂ© implique le choix du protocole. Dans le contextedes rĂ©seaux contraints Ă©nergĂ©tiquement, le critĂšre dĂ©terminant sera la consommation. MĂȘme si, Ă lâavenir, lâIoT utilisera principalement le paradigme dâobjets sĂ©curisĂ©s pour protĂ©ger les donnĂ©es, tant queces derniers ne seront pas largement supportĂ©s, de nombreux produits IoT sâappuieront sur les protocolesde sĂ©curitĂ© traditionnels tels que TLS et DTLS. Câest pourquoi nous rĂ©alisons une Ă©tude de performance surla partie la plus critique de ces protocoles : lâĂ©tablissement du secret partagĂ©. Nous montrons que, mĂȘmesi le "handshake" DTLS utilise moins de paquets pour Ă©tablir le secret partagĂ©, TLS obtient des meilleursrĂ©sultats dans les rĂ©seaux avec pertes
- âŠ