scholarly journals New Method of Prime Factorisation-Based Attacks on RSA Authentication in IoT

Cryptography ◽  
2019 ◽  
Vol 3 (3) ◽  
pp. 20 ◽  
Author(s):  
Venkatraman ◽  
Overmars
Keyword(s):  
Smart Cities ◽  
Security Requirements ◽  
Resource Constrained ◽  
Euler’S Method ◽  
Binary Arithmetic ◽  
Cryptographic Keys ◽  
Authentication And Authorization ◽  
Potential Benefits ◽  
Iot Devices ◽  
And Performance

The potential benefits of the Internet of Things (IoT) are hampered by malicious interventions of attackers when the fundamental security requirements such as authentication and authorization are not sufficiently met and existing measures are unable to protect the IoT environment from data breaches. With the spectrum of IoT application domains increasing to include mobile health, smart homes and smart cities in everyday life, the consequences of an attack in the IoT network connecting billions of devices will become critical. Due to the challenges in applying existing cryptographic standards to resource constrained IoT devices, new security solutions being proposed come with a tradeoff between security and performance. While much research has focused on developing lightweight cryptographic solutions that predominantly adopt RSA (Rivest–Shamir–Adleman) authentication methods, there is a need to identify the limitations in the usage of such measures. This research paper discusses the importance of a better understanding of RSA-based lightweight cryptography and the associated vulnerabilities of the cryptographic keys that are generated using semi-primes. In this paper, we employ mathematical operations on the sum of four squares to obtain one of the prime factors of a semi-prime that could lead to the attack of the RSA keys. We consider the even sum of squares and show how a modified binary greatest common divisor (GCD) can be used to quickly recover one of the factors of a semi-prime. The method presented in this paper only uses binary arithmetic shifts that are more suitable for the resource-constrained IoT landscape. This is a further improvement on previous work based on Euler’s method which is demonstrated using an illustration that allows for the faster testing of multiple sums of squares solutions more quickly.

scholarly journals State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Sensors ◽  
2021 ◽  
Vol 21 (5) ◽  
pp. 1598
Author(s):  
Sigurd Frej Joel Jørgensen Ankergård ◽  
Edlira Dushku ◽  
Nicola Dragoni
Keyword(s):  
Internet Of Things ◽  
Smart Cities ◽  
Cyber Attacks ◽  
Resource Constrained ◽  
Remote Attestation ◽  
Comprehensive Overview ◽  
Research Issues ◽  
Advantages And Disadvantages ◽  
Iot Devices ◽  
Specialized Hardware

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

scholarly journals A systematic Study of Security Challenges and Infrastructures for Internet of Things

2018 ◽  
Vol 7 (4.36) ◽  
pp. 700
Author(s):  
N. Koteswara Rao ◽  
Gandharba Swain
Keyword(s):  
Internet Of Things ◽  
Secure Communication ◽  
Smart Cities ◽  
Security Requirements ◽  
The Internet ◽  
Security Challenges ◽  
Authentication And Authorization ◽  
New Applications ◽  
Privacy And Anonymity ◽  
The Internet Of Things

The proliferation of smart objects with capability of sensing, processing and communication has grown in recent years. In this scenario, the Internet of Things (IoT) connects these objects to the Internet and provides communication with users and devices. IoT enables a huge amount of new applications, with which academics and industries can benefit, such as smart cities, health care and automation. In this environment, compose of constrained devices, the widespread adoption of this paradigm depends of security requirements like secure communication between devices, privacy and anonymity of its users. This paper presents the main security challenges and solutions to provide authentication and authorization on the Internet of Things. 

scholarly journals Swarm-based counter UAV defense system

2021 ◽  
Vol 1 (1) ◽  
Author(s):  
Matthias R. Brust ◽  
Grégoire Danoy ◽  
Daniel H. Stolfi ◽  
Pascal Bouvry
Keyword(s):  
High Speed ◽  
Modular Design ◽  
Smart Cities ◽  
Uav Swarm ◽  
Iot Devices ◽  
And Performance ◽  
Commercial Applications ◽  
The Military ◽  
Immense Potential ◽  
Malicious Intent

AbstractUnmanned Aerial Vehicles (UAVs) have quickly become one of the promising Internet-of-Things (IoT) devices for smart cities. Thanks to their mobility, agility, and onboard sensors’ customizability, UAVs have already demonstrated immense potential for numerous commercial applications. The UAVs expansion will come at the price of a dense, high-speed and dynamic traffic prone to UAVs going rogue or deployed with malicious intent. Counter UAV systems (C-UAS) are thus required to ensure their operations are safe. Existing C-UAS, which for the majority come from the military domain, lack scalability or induce collateral damages. This paper proposes a C-UAS able to intercept and escort intruders. It relies on an autonomous defense UAV swarm, capable of self-organizing their defense formation and to intercept the malicious UAV. This fully localized and GPS-free approach follows a modular design regarding the defense phases and it uses a newly developed balanced clustering to realize the intercept- and capture-formation. The resulting networked defense UAV swarm is resilient to communication losses. Finally, a prototype UAV simulator has been implemented. Through extensive simulations, we demonstrate the feasibility and performance of our approach.

scholarly journals Group signature with time-bound keys and unforgeability of expiry time for smart cities

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Junli Fang ◽  
Tao Feng
Keyword(s):  
Smart Cities ◽  
Computational Cost ◽  
Life Cycle Management ◽  
Group Signature ◽  
Resource Constrained ◽  
Security Risks ◽  
Weakest Link ◽  
Identity Privacy ◽  
Iot Devices ◽  
Dynamic Time

AbstractInternet of Things (IoT) lays the foundation for the various applications in smart cities, yet resource-constrained IoT devices are prone to suffer from devastating cyberattacks and privacy leak threats, thus are inevitability supposed as the weakest link of the systems in smart cities. Mitigating the security risks of data and the computing limitation of edge devices, especially identity authentication and key validity management of group devices are essential for IoT system security. In order to tackle the issues of anonymity, traceability, unforgeability of expiry time as well as efficient membership revocation for life-cycle management of devices in IoT setting, we presented a dynamic time-bound group signature with unforgeability of expiry time. Unforgeability of expiry time disables a revoked signer to create a valid signature by means of associating the signing key with an expiry time. The anonymity and traceability of the proposed scheme contribute to the identity privacy of the entities and supervision for authority agency. Moreover, our proposal is feasible in the resource-constrained setting for efficient computational cost of signing and verification algorithms.

scholarly journals Swarm-based Counter UAV Defense System

2020 ◽  
Author(s):  
Matthias Brust ◽  
Grégoire Danoy ◽  
Daniel Stolfi ◽  
Pascal Bouvry
Keyword(s):  
High Speed ◽  
Modular Design ◽  
Smart Cities ◽  
Defense System ◽  
Uav Swarm ◽  
Iot Devices ◽  
And Performance ◽  
High Dynamics ◽  
The Military ◽  
Malicious Intent

Abstract Unmanned Aerial Vehicles (UAVs) have quickly become one of the promising Internet-of-Things (IoT) devices for smart cities thanks to their mobility, agility, and onboard sensors' customizability. UAVs are used in many applications expanding beyond the military to more commercial ones, ranging from monitoring, surveillance, mapping to parcel delivery. As governments plan using UAVs to build fresh economic potential for innovation, urban planners are moving forward to incorporate so-called UAV flight zones and UAV highways in their smart city design. However, the high-speed and dynamic flow of UAVs needs to be monitored to detect and, subsequently, to deal with intruders, rough drones, and UAVs with a malicious intent. Autonomous defense systems consisting of collaboratively working UAVs as a swarm will gain increasing importance, since a manually conducted defense is bound to fail due to the high dynamics involved in UAV maneuvering. This paper proposes a UAV defense system for intercepting and escorting intruders. The proposed UAV defense system consists of a defense UAV swarm, which is capable to self-organize their defense formation in the event of intruder detection, and chase the malicious UAV. Our fully localized approach follows a modular design regarding the defense phases and it uses a newly developed balanced clustering to realize the intercept- and capture-formation. The resulting networked defense UAV swarm is resilient against communication losses. Finally, a prototype UAV simulator has been implemented. Through extensive simulations, we demonstrate the feasibility and performance of our approach.

scholarly journals Privacy-aware Decentralized and Scalable Access Control Management for IoT Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 71-84 ◽  
Author(s):  
Abrar O. Alkhamisi and Fathy Alboraei Abrar O. Alkhamisi and Fathy Alboraei
Keyword(s):  
Access Control ◽  
Contextual Information ◽  
Vital Role ◽  
Control Mechanisms ◽  
Resource Constrained ◽  
Blockchain Technology ◽  
Smart Contract ◽  
Authentication And Authorization ◽  
Security Concerns ◽  
Iot Devices

In recent years, the Internet of Things (IoT) plays a vital role in our daily activities .Owing to the increased number of vulnerabilities on the IoT devices, security becomes critical in the untrustworthy IoT environment. Access control is one of the top security concerns, however, implementing the traditional access control mechanisms in the resource-constrained nature of the IoT devices is a challenging task. With the emergence of blockchain technology, several recent research works have focused on the adoption of blockchain in IoT to resolve the security concerns. Despite, integrating the blockchain in the resource-constrained IoT context is difficult. To overcome these obstacles, the proposed work presents a privacy-aware IoT security architecture to ensure the access control based on Smart contract for resource-constrained and distributed IoT devices. The design of the proposed architecture incorporates three main components such as the contextual blockchain gateway, decentralized revocation manager, and non-interactive zero-knowledge proof based validation. By modeling the contextual blockchain gateway, the proposed architecture ensures the dynamic authentication and authorization based on the contextual information and access policies. Instead of integrating the blockchain technology into resource-constrained IoT devices, the smart contract-based distributed access control system with the contextual blockchain gateway provides the scalable solution. With the association of decentralized revocation manager in the smart contract, it prevents the resource access from the unauthorized users by dynamically generating and updating the revoked user list of all the nodes in the smart contract. Moreover, the proposed architecture employs the non-interactive zeroknowledge proof cryptographic protocol to ensure the transaction privacy within the smart contract. Consequently, it maintains the trade-off between the transparency and privacy while ensuring the security for the distributed IoT environment.

scholarly journals Design of Resistor-Capacitor Physically Unclonable Function for Resource-Constrained IoT Devices

Sensors ◽  
2020 ◽  
Vol 20 (2) ◽  
pp. 404
Author(s):  
Sangjae Lee ◽  
Mi-Kyung Oh ◽  
Yousung Kang ◽  
Dooho Choi
Keyword(s):  
Small Difference ◽  
Low Cost ◽  
Resource Constrained ◽  
Active Components ◽  
Unique Identifier ◽  
Passive Components ◽  
The Past ◽  
Design Flexibility ◽  
Cryptographic Keys ◽  
Iot Devices

Keeping IoT devices secure has been a major challenge recently. One of the possible solutions to secure IoT devices is to use a physically unclonable function (PUF). A PUF is a security primitive that can generate device-specific cryptographic information by extracting the features of hardware uncertainty. Because PUF instances are very difficult to replicate even by the manufacturer, the generated bit sequence can be used as cryptographic keys or as a unique identifier for the device. Regarding the implementation of PUF, the majority of PUFs introduced over the past decade are in the form of active components and have been implemented as separate chips or embedded as a part of a chip, making it difficult to use them in low-cost IoT devices due to cost and design flexibility. One approach to easily adopt PUFs in resource-constrained IoT devices is to use passive components such as resistors and capacitors (RC) that can be configured at low cost. The main feature of this RC-based PUF is that it extracts the small difference caused by charging and discharging of RC circuits and uses it as a response. In this paper, we extend the previous research and show the possibility to secure IoT devices by using the RC-based PUF.

Bringing Security to The Smallest Embedded Systems

2017 ◽  
Author(s):  
JOSEPH YIU
Keyword(s):  
Internet Of Things ◽  
Embedded Systems ◽  
Low Cost ◽  
Security Requirements ◽  
The Internet ◽  
Security Measures ◽  
Significant Challenge ◽  
Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

scholarly journals Virtualizing AI at the Distributed Edge Towards Intelligent IoT Applications

2021 ◽  
Vol 10 (1) ◽  
pp. 13
Author(s):  
Claudia Campolo ◽  
Giacomo Genovese ◽  
Antonio Iera ◽  
Antonella Molinaro
Keyword(s):  
Resource Constraints ◽  
Smart Cities ◽  
Traditional Approach ◽  
Low Cost ◽  
Iot Applications ◽  
Software And Hardware ◽  
Iot Devices ◽  
Consumer Devices ◽  
Hardware Platforms ◽  
Smart Factories

Several Internet of Things (IoT) applications are booming which rely on advanced artificial intelligence (AI) and, in particular, machine learning (ML) algorithms to assist the users and make decisions on their behalf in a large variety of contexts, such as smart homes, smart cities, smart factories. Although the traditional approach is to deploy such compute-intensive algorithms into the centralized cloud, the recent proliferation of low-cost, AI-powered microcontrollers and consumer devices paves the way for having the intelligence pervasively spread along the cloud-to-things continuum. The take off of such a promising vision may be hurdled by the resource constraints of IoT devices and by the heterogeneity of (mostly proprietary) AI-embedded software and hardware platforms. In this paper, we propose a solution for the AI distributed deployment at the deep edge, which lays its foundation in the IoT virtualization concept. We design a virtualization layer hosted at the network edge that is in charge of the semantic description of AI-embedded IoT devices, and, hence, it can expose as well as augment their cognitive capabilities in order to feed intelligent IoT applications. The proposal has been mainly devised with the twofold aim of (i) relieving the pressure on constrained devices that are solicited by multiple parties interested in accessing their generated data and inference, and (ii) and targeting interoperability among AI-powered platforms. A Proof-of-Concept (PoC) is provided to showcase the viability and advantages of the proposed solution.

scholarly journals Location-sharing protocol for privacy protection in mobile online social networks

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Ou Ruan ◽  
Lixiao Zhang ◽  
Yuanyuan Zhang
Keyword(s):  
Social Networks ◽  
Private Information ◽  
Online Social Networks ◽  
Smart Cities ◽  
Location Based Services ◽  
Broadcast Encryption ◽  
Location Sharing ◽  
Identity Privacy ◽  
And Performance ◽  
Network Server

AbstractLocation-based services are becoming more and more popular in mobile online social networks (mOSNs) for smart cities, but users’ privacy also has aroused widespread concern, such as locations, friend sets and other private information. At present, many protocols have been proposed, but these protocols are inefficient and ignore some security risks. In the paper, we present a new location-sharing protocol, which solves two issues by using symmetric/asymmetric encryption properly. We adopt the following methods to reduce the communication and computation costs: only setting up one location server; connecting social network server and location server directly instead of through cellular towers; avoiding broadcast encryption. We introduce dummy identities to protect users’ identity privacy, and prevent location server from inferring users’ activity tracks by updating dummy identities in time. The details of security and performance analysis with related protocols show that our protocol enjoys two advantages: (1) it’s more efficient than related protocols, which greatly reduces the computation and communication costs; (2) it satisfies all security goals; however, most previous protocols only meet some security goals.

Sign in / Sign up

Export Citation Format

Share Document