Security Analysis of Out-of-Band Device Pairing Protocols: A Survey

Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communication between unidentified IoT devices that have no preshared security parameters due to the scalability requirements imposed by the ubiquitous nature of the IoT devices. In order to provide the most user-friendly IoT services, the usability assessment has become the main requirement. Thus, the complete security analysis has been replaced by a sketch of a proof to partially validate the robustness of the proposal. The few existing formal or computational security verifications on the SDP schemes have been conducted based on the assessment of a wide variety of uniquely defined security properties. Therefore, the security comparison between these protocols is not feasible and there is a lack of a unified security analysis framework to assess these pairing techniques. In this paper, we survey a selection of secure device pairing proposals that have been formally or computationally verified. We present a systematic description of the protocol assumptions, the adopted verification model, and an assessment of the verification results. In addition, we normalize the used taxonomy in order to enhance the understanding of these security validations. Furthermore, we refine the adversary capabilities on the out-of-band channel by redefining the replay capability and by introducing a new notion of delay that is dependent on the protocol structure that is more adequate for the ad hoc pairing context. Also, we propose a classification of a number of out-of-band channels based on their security properties and under our refined adversary model. Our work motivates the future SDP protocol designer to conduct a formal or a computational security assessment to allow the comparability between these pairing techniques. Furthermore, it provides a realistic abstraction of the adversary capabilities on the out-of-band channel which improves the modeling of their security characteristics in the protocol verification tools.

Download Full-text

A Secure Mobile Payment Framework in MANET Environment

International Journal of E-Business Research ◽

10.4018/jebr.2013010104 ◽

2013 ◽

Vol 9 (1) ◽

pp. 54-84 ◽

Cited By ~ 3

Author(s):

Shaik Shakeel Ahamad ◽

V. N. Sastry ◽

Siba K. Udgata

Keyword(s):

Cellular Networks ◽

Mobile Agent ◽

Digital Signature ◽

Secure Communication ◽

Ad Hoc ◽

Agent Technology ◽

Mobile Payment ◽

Message Recovery ◽

Security Properties ◽

Hoc Networks

In this paper the authors propose a Secure Mobile Payment Framework in Multi hop Cellular Network environment (which is an integration of cellular networks and mobile ad hoc networks) using Mobile Agent technology and Digital Signature with Message Recovery (DSMR) mechanism based on ECDSA mechanism. Secure communication in Multi hop Cellular Networks is a nontrivial task because of lack of infrastructure, no prior trust relationships among nodes due to the absence of a centralized authority. Mobile Agent technology and Digital Signature with Message Recovery based on ECDSA mechanism provides secure mobile payments in Multi hop Cellular Networks. Mobile Agent technology has many benefits such as bandwidth conservation, reduction of latency, reduction of completion time, Asynchronous (disconnected) communications. Digital Signature with Message Recovery based on ECDSA eliminates the need of adopting PKI cryptosystems. The proposed protocol ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, prevents Double Spending, Overspending and Money laundering. The security properties of the proposed protocol have been verified successfully using BAN Logic, AVISPA and Scyther Tools and presented with results.

Download Full-text

Deep Learning-Based Security Behaviour Analysis in IoT Environments: A Survey

Security and Communication Networks ◽

10.1155/2021/8873195 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Yawei Yue ◽

Shancang Li ◽

Phil Legg ◽

Fuzhong Li

Keyword(s):

Deep Learning ◽

Smart Home ◽

Ad Hoc ◽

Security Analysis ◽

Home Healthcare ◽

Security And Privacy ◽

Iot Security ◽

Privacy Concerns ◽

Iot Devices ◽

Primary Focus

Internet of Things (IoT) applications have been used in a wide variety of domains ranging from smart home, healthcare, smart energy, and Industrial 4.0. While IoT brings a number of benefits including convenience and efficiency, it also introduces a number of emerging threats. The number of IoT devices that may be connected, along with the ad hoc nature of such systems, often exacerbates the situation. Security and privacy have emerged as significant challenges for managing IoT. Recent work has demonstrated that deep learning algorithms are very efficient for conducting security analysis of IoT systems and have many advantages compared with the other methods. This paper aims to provide a thorough survey related to deep learning applications in IoT for security and privacy concerns. Our primary focus is on deep learning enhanced IoT security. First, from the view of system architecture and the methodologies used, we investigate applications of deep learning in IoT security. Second, from the security perspective of IoT systems, we analyse the suitability of deep learning to improve security. Finally, we evaluate the performance of deep learning in IoT system security.

Download Full-text

Implementing a Symmetric Lightweight Cryptosystem in Highly Constrained IoT Devices by Using a Chaotic S-Box

Symmetry ◽

10.3390/sym13010129 ◽

2021 ◽

Vol 13 (1) ◽

pp. 129

Author(s):

Badr M. Alshammari ◽

Ramzi Guesmi ◽

Tawfik Guesmi ◽

Haitham Alsaif ◽

Ahmed Alzamil

Keyword(s):

Secure Communication ◽

Ieee 802.15.4 ◽

Security Analysis ◽

Advanced Encryption Standard ◽

The Internet ◽

Iot Devices ◽

The One ◽

Nist Tests ◽

The Internet Of Things ◽

Constrained Devices

In the Internet of Things (IoT), a lot of constrained devices are interconnected. The data collected from those devices can be the target of cyberattacks. In this paper, a lightweight cryptosystem that can be efficiently implemented in highly constrained IOT devices is proposed. The algorithm is mainly based on Advanced Encryption Standard (AES) and a new chaotic S-box. Since its adoption by the IEEE 802.15.4 protocol, AES in embedded platforms have been increasingly used. The main cryptographic properties of the generated S-box have been validated. The randomness of the generated S-box has been confirmed by the NIST tests. Experimental results and security analysis demonstrated that the cryptosystem can, on the one hand, reach good encryption results and respects the limitation of the sensor’s resources, on the other hand. So the proposed solution could be reliably applied in image encryption and secure communication between networked smart objects.

Download Full-text

A Groundwork Based Novel Routing Protocol for Vehicular Ad hoc Networks

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v7i11.474 ◽

2017 ◽

Vol 7 (11) ◽

pp. 121

Author(s):

Amolkirat Singh ◽

Guneet Saini

Keyword(s):

Routing Protocol ◽

Packet Loss ◽

Secure Communication ◽

Vehicular Ad Hoc Networks ◽

Ad Hoc ◽

Road Traffic ◽

Traditional Approach ◽

Unexpected Events ◽

The Road ◽

On The Road

Many people lose their life and/or are injured due to accidents or unexpected events taking place on road networks. Besides traffic jams, these accidents generate a tremendous waste of time and fuel. Undoubtedly, if the vehicles are provided with timely and dynamic information related to road traffic conditions, any unexpected events or accidents, the safety and efficiency of the transportation system with respect to time, distance, fuel consumption and environmentally destructive emissions can be improved. In the field of computer and information science, Vehicular Ad hoc Network (VANET) have recently emerged as an effective tool for improving road safety through propagation of warning messages among the vehicles in the network about potential obstacles on the road ahead. VANET is a research area which is in more demand among the researchers, the automobile industries and scientists to discover about the loopholes and advantages of the vehicular networks so that efficient routing algorithms can be developed which can provide reliable and secure communication among the mobile nodes.In this paper, we propose a Groundwork Based Ad hoc On Demand Distance Vector Routing Protocol (GAODV) focus on how the Road Side Units (RSU’s) utilized in the architecture plays an important role for making the communication reliable. In the interval of finding the suitable path from source to destination the packet loss may occur and the delay also is counted if the required packet does not reach the specified destination on time. So to overcome delay, packet loss and to increase throughput GAODV approach is followed. The performance parameters in the GAODV comes out to be much better than computed in the traditional approach.

Download Full-text

Security Analysis on an Efficient and Provably Secure Authenticated Key Agreement Protocol for Fog-Based Vehicular Ad-Hoc Networks

2021 International Conference on Artificial Intelligence and Smart Systems (ICAIS) ◽

10.1109/icais50930.2021.9395790 ◽

2021 ◽

Author(s):

Salman Shamshad ◽

Mohammad S. Obaidat ◽

Minahil ◽

Muhammad Asad Saleem ◽

Usman Shamshad ◽

...

Keyword(s):

Ad Hoc Networks ◽

Key Agreement ◽

Vehicular Ad Hoc Networks ◽

Ad Hoc ◽

Security Analysis ◽

Authenticated Key Agreement ◽

Key Agreement Protocol ◽

Hoc Networks ◽

Provably Secure

Download Full-text

Security Properties of Gait for Mobile Device Pairing

IEEE Transactions on Mobile Computing ◽

10.1109/tmc.2019.2897933 ◽

2020 ◽

Vol 19 (3) ◽

pp. 697-710 ◽

Cited By ~ 5

Author(s):

Arne Brusch ◽

Ngu Nguyen ◽

Dominik Schurmann ◽

Stephan Sigg ◽

Lars Wolf

Keyword(s):

Mobile Device ◽

Security Properties ◽

Device Pairing

Download Full-text

IMSC-EIoTD: Identity Management and Secure Communication for Edge IoT Devices

Sensors ◽

10.3390/s20226546 ◽

2020 ◽

Vol 20 (22) ◽

pp. 6546

Author(s):

Kazi Masum Sadique ◽

Rahim Rahmani ◽

Paul Johannesson

Keyword(s):

Secure Communication ◽

Identity Management ◽

Security Protocols ◽

Spin Model ◽

The Internet ◽

Human Society ◽

Proposed Model ◽

Authentication And Authorization ◽

Quality Of Living ◽

Iot Devices

The Internet of things (IoT) will accommodate several billions of devices to the Internet to enhance human society as well as to improve the quality of living. A huge number of sensors, actuators, gateways, servers, and related end-user applications will be connected to the Internet. All these entities require identities to communicate with each other. The communicating devices may have mobility and currently, the only main identity solution is IP based identity management which is not suitable for the authentication and authorization of the heterogeneous IoT devices. Sometimes devices and applications need to communicate in real-time to make decisions within very short times. Most of the recently proposed solutions for identity management are cloud-based. Those cloud-based identity management solutions are not feasible for heterogeneous IoT devices. In this paper, we have proposed an edge-fog based decentralized identity management and authentication solution for IoT devices (IoTD) and edge IoT gateways (EIoTG). We have also presented a secure communication protocol for communication between edge IoT devices and edge IoT gateways. The proposed security protocols are verified using Scyther formal verification tool, which is a popular tool for automated verification of security protocols. The proposed model is specified using the PROMELA language. SPIN model checker is used to confirm the specification of the proposed model. The results show different message flows without any error.

Download Full-text

Security Analysis of Discrete-Modulated Continuous-Variable Quantum Key Distribution over Seawater Channel

Applied Sciences ◽

10.3390/app9224956 ◽

2019 ◽

Vol 9 (22) ◽

pp. 4956 ◽

Cited By ~ 2

Author(s):

Xinchao Ruan ◽

Hang Zhang ◽

Wei Zhao ◽

Xiaoxue Wang ◽

Xuan Li ◽

...

Keyword(s):

Quantum Key Distribution ◽

Secure Communication ◽

Security Analysis ◽

Finite Size ◽

Key Distribution ◽

Continuous Variable ◽

Heterodyne Detection ◽

Secret Key ◽

Transmission Distance ◽

Better Than

We investigate the optical absorption and scattering properties of four different kinds of seawater as the quantum channel. The models of discrete-modulated continuous-variable quantum key distribution (CV-QKD) in free-space seawater channel are briefly described, and the performance of the four-state protocol and the eight-state protocol in asymptotic and finite-size cases is analyzed in detail. Simulation results illustrate that the more complex is the seawater composition, the worse is the performance of the protocol. For different types of seawater channels, we can improve the performance of the protocol by selecting different optimal modulation variances and controlling the extra noise on the channel. Besides, we can find that the performance of the eight-state protocol is better than that of the four-state protocol, and there is little difference between homodyne detection and heterodyne detection. Although the secret key rate of the protocol that we propose is still relatively low and the maximum transmission distance is only a few hundred meters, the research on CV-QKD over the seawater channel is of great significance, which provides a new idea for the construction of global secure communication network.

Download Full-text

Formal Security Analysis for Ad-Hoc Networks

Electronic Notes in Theoretical Computer Science ◽

10.1016/j.entcs.2004.10.029 ◽

2006 ◽

Vol 142 ◽

pp. 195-213 ◽

Cited By ~ 9

Author(s):

Sebastian Nanz ◽

Chris Hankin

Keyword(s):

Ad Hoc Networks ◽

Ad Hoc ◽

Security Analysis ◽

Hoc Networks

Download Full-text

Centralized, Distributed, and Everything in between

ACM Computing Surveys ◽

10.1145/3465170 ◽

2022 ◽

Vol 54 (7) ◽

pp. 1-34

Author(s):

Sophie Dramé-Maigné ◽

Maryline Laurent ◽

Laurent Castillo ◽

Hervé Ganem

Keyword(s):

Access Control ◽

Future Research ◽

The Internet ◽

Research Directions ◽

Security Issues ◽

Security Properties ◽

Future Research Directions ◽

Iot Devices ◽

The Internet Of Things ◽

Security Of Iot

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Download Full-text