rTLS: Secure and Efficient TLS Session Resumption for the Internet of Things

In recent years, the Transport Layer Security (TLS) protocol has enjoyed rapid growth as a security protocol for the Internet of Things (IoT). In its newest iteration, TLS 1.3, the Internet Engineering Task Force (IETF) has standardized a zero round-trip time (0-RTT) session resumption sub-protocol, allowing clients to already transmit application data in their first message to the server, provided they have shared session resumption details in a previous handshake. Since it is common for IoT devices to transmit periodic messages to a server, this 0-RTT protocol can help in reducing bandwidth overhead. Unfortunately, the sub-protocol has been designed for the Web and is susceptible to replay attacks. In our previous work, we adapted the 0-RTT protocol to strengthen it against replay attacks, while also reducing bandwidth overhead, thus making it more suitable for IoT applications. However, we did not include a formal security analysis of the protocol. In this work, we address this and provide a formal security analysis using OFMC. Further, we have included more accurate estimates on its performance, as well as making minor adjustments to the protocol itself to reduce implementation ambiguity and improve resilience.

Download Full-text

Encryption Principles and Techniques for the Internet of Things

Cryptographic Security Solutions for the Internet of Things - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5742-5.ch002 ◽

2019 ◽

pp. 42-66

Author(s):

Kundankumar Rameshwar Saraf ◽

Malathi P. Jesudason

Keyword(s):

Internet Of Things ◽

Embedded System ◽

Security Analysis ◽

Block Size ◽

The Internet ◽

Lightweight Cryptography ◽

Execution Speed ◽

Security Algorithm ◽

Iot Devices ◽

The Internet Of Things

This chapter explores the encryption techniques used for the internet of things (IoT). The security algorithm used for IoT should follow many constraints of an embedded system. Hence, lightweight cryptography is an optimum security solution for IoT devices. This chapter mainly describes the need for security in IoT, the concept of lightweight cryptography, and various cryptographic algorithms along with their shortcomings given IoT. This chapter also describes the principle of operation of all the above algorithms along with their security analysis. Moreover, based on the algorithm size (i.e., the required number of gate equivalent, block size, key size, throughput, and execution speed of the algorithm), the chapter reports the comparative analysis of their performance. The chapter discusses the merits and demerits of these algorithms along with their use in the IoT system.

Download Full-text

Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.142 ◽

2013 ◽

Author(s):

Parikshit N. Mahalle ◽

Bayu Anggorojati ◽

Neeli R. Prasad ◽

Ramjee Prasad

Keyword(s):

Internet Of Things ◽

Access Control ◽

Secure Communication ◽

Identity Authentication ◽

Security Protocol ◽

The Internet ◽

Dos Attacks ◽

Security Vulnerabilities ◽

Iot Devices ◽

The Internet Of Things

In the last few years the Internet of Things (IoT) has seen widespreadapplication and can be found in each field. Authentication and accesscontrol are important and critical functionalities in the context of IoTto enable secure communication between devices. Mobility, dynamicnetwork topology and weak physical security of low power devices in IoTnetworks are possible sources for security vulnerabilities. It ispromising to make an authentication and access control attack resistant andlightweight in a resource constrained and distributed IoT environment.This paper presents the Identity Authentication and Capability basedAccess Control (IACAC) model with protocol evaluation and performanceanalysis. To protect IoT from man-in-the-middle, replay and denial ofservice (Dos) attacks, the concept of capability for access control isintroduced. The novelty of this model is that, it presents an integratedapproach of authentication and access control for IoT devices. Theresults of other related study have also been analyzed to validate andsupport our findings. Finally, the proposed protocol is evaluated byusing security protocol verification tool and verification results showsthat IACAC is secure against aforementioned attacks. This paper alsodiscusses performance analysis of the protocol in terms of computationaltime compared to other existing solutions. Furthermore, this paper addresseschallenges in IoT and security attacks are modelled with the use casesto give an actual view of IoT networks.

Download Full-text

Demystifying Security of LoRaWAN v1.1

10.20944/preprints201811.0531.v1 ◽

2018 ◽

Cited By ~ 1

Author(s):

Ismail Butun ◽

Nuno Pereira ◽

Mikael Gidlund

Keyword(s):

Internet Of Things ◽

Risk Analysis ◽

Security Analysis ◽

The Internet ◽

Security Risk ◽

Replay Attacks ◽

Safety Operation ◽

The Internet Of Things

LoRa and its upper layers definition LoRaWAN is one of the most promising LPWAN technologies for implementing the Internet of Things (IoT). Although being a popular technology, several works in the literature have revealed various weaknesses regarding the security of LoRaWAN v1.0 (the official 1st draft). By using all these recommendations from the academia and industry, the LoRa-Alliance has worked on the v1.0 to develop an enhanced version and provide more secure and trustable architecture. The result of these efforts ended-up with LoRaWAN v1.1, which was released on Oct 11, 2017. This manuscript aims at demystifying the security aspects and provide a comprehensive Security Risk Analysis related to latest version of LoRaWAN. Besides, it provides several remedies to the recognized vulnerabilities. To the best of authors’ knowledge, this work is one of its first kind by providing a detailed security analysis related to latest version of LoRaWAN. According to our analysis, end-device physical capture, rogue gateway and replay attacks are found to be threating for safety operation of the network. Eventually, v1.1 of LoRaWAN is found to be less vulnerable to attacks compared to v1.0, yet possesses several security implications that need to be addressed and fixed for the upcoming releases.

Download Full-text

A survey on approaches to the protection of personal data gathered by IoT devices

10.7287/peerj.preprints.26473 ◽

2018 ◽

Author(s):

Henry Tranter

Keyword(s):

Internet Of Things ◽

Personal Data ◽

The Internet ◽

Ideal Solution ◽

Security Systems ◽

Personal Lives ◽

Is Security ◽

The World ◽

Iot Devices ◽

The Internet Of Things

Security is always at the forefront of developing technologies. One can seldom go a week without hearing of a new data breach or hacking attempt from various groups around the world, often taking advantage of a simple flaw in a system’s architecture. The Internet of Things (IoT) is one of these developing technologies which may be at risk of such attacks. IoT devices are becoming more and more prevalent in everyday life. From keeping track of an individual’s health, to suggesting meals from items available in an individual’s fridge, these technologies are taking a much larger role in the personal lives of their users. With this in mind, how is security being considered in the development of these technologies? Are these devices that monitor individual’s personal lives just additional vectors for potential data theft? Throughout this survey, various approaches to the development of security systems concerning IoT devices in the home will be discussed, compared, and contrasted in the hope of providing an ideal solution to the problems this technology may produce.

Download Full-text

It’s only the beginning: Metadata Retention laws and the Internet of Things

Australian Journal of Telecommunications and the Digital Economy ◽

10.18080/jtde.v3n3.21 ◽

2015 ◽

Vol 3 (3) ◽

pp. 47-57

Author(s):

Clinton Fernandes ◽

Vijay Sivaraman

Keyword(s):

Internet Of Things ◽

The Internet ◽

Apparent Discrepancy ◽

Data Retention ◽

User Control ◽

The Law ◽

Iot Devices ◽

The Internet Of Things ◽

The Way

This article examines the implications of selected aspects of the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, which was passed by the Australian Parliament in March 2015. It shows how the new law has strengthened protections for privacy. However, focusing on the investigatory implications, it shows how the law provides a tactical advantage to investigators who pursue whistleblowers and investigative journalists. The article exposes an apparent discrepancy in the way ‘journalist’ is defined across different pieces of legislation. It argues that although legislators’ interest has been overwhelmingly focused on communications data, the explosion of data generated by the so-called Internet-of-Things (IoT) is as important or more. It shows how the sensors in selected IoT devices lead to a loss of user control and will enable non-stop, involuntary and ubiquitous monitoring of individuals. It suggests that the law will need to be amended further once legislators and investigators’ knowledge of the potential of IoT increases.

Download Full-text

Design a blockchain-based middleware layer in the Internet of Things Architecture

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.4.1.334 ◽

2020 ◽

Vol 4 (1) ◽

Author(s):

Tanweer Alam

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Smart Devices ◽

The Internet ◽

Novel Approach ◽

Generation Computing ◽

Critical Issues ◽

Iot Devices ◽

The Internet Of Things

In next-generation computing, the role of cloud, internet and smart devices will be capacious. Nowadays we all are familiar with the word smart. This word is used a number of times in our daily life. The Internet of Things (IoT) will produce remarkable different kinds of information from different resources. It can store big data in the cloud. The fog computing acts as an interface between cloud and IoT. The extension of fog in this framework works on physical things under IoT. The IoT devices are called fog nodes, they can have accessed anywhere within the range of the network. The blockchain is a novel approach to record the transactions in a sequence securely. Developing a new blockchains based middleware framework in the architecture of the Internet of Things is one of the critical issues of wireless networking where resolving such an issue would result in constant growth in the use and popularity of IoT. The proposed research creates a framework for providing the middleware framework in the internet of smart devices network for the internet of things using blockchains technology. Our main contribution links a new study that integrates blockchains to the Internet of things and provides communication security to the internet of smart devices.

Download Full-text

A survey on approaches to the protection of personal data gathered by IoT devices

10.7287/peerj.preprints.26473v2 ◽

2018 ◽

Author(s):

Henry Tranter

Keyword(s):

Internet Of Things ◽

Personal Data ◽

The Internet ◽

Ideal Solution ◽

Security Systems ◽

Personal Lives ◽

Is Security ◽

The World ◽

Iot Devices ◽

The Internet Of Things

Download Full-text

A Survey on Attacks and Defences on LoRaWAN Gateways

Advances in Computational Intelligence and Robotics - Decision Support Systems and Industrial IoT in Smart Grid, Factories, and Cities ◽

10.4018/978-1-7998-7468-3.ch002 ◽

2021 ◽

pp. 19-38

Author(s):

Olof Magnusson ◽

Rikard Teodorsson ◽

Joakim Wennerberg ◽

Stig Arne Knoph

Keyword(s):

Internet Of Things ◽

Long Range ◽

Emerging Technology ◽

The Internet ◽

Area Network ◽

Wide Area Network ◽

Replay Attacks ◽

Radio Signals ◽

Iot Devices ◽

Set Up

LoRaWAN (long-range wide-area network) is an emerging technology for the connection of internet of things (IoT) devices to the internet and can as such be an important part of decision support systems. In this technology, IoT devices are connected to the internet through gateways by using long-range radio signals. However, because LoRaWAN is an open network, anyone has the ability to connect an end device or set up a gateway. Thus, it is important that gateways are designed in such a way that their ability to be used maliciously is limited. This chapter covers relevant attacks against gateways and potential countermeasures against them. A number of different attacks were found in literature, including radio jamming, eavesdropping, replay attacks, and attacks against the implementation of what is called beacons in LoRaWAN. Countermeasures against these attacks are discussed, and a suggestion to improve the security of LoRaWAN is also included.

Download Full-text

Matching IoT Devices to the Fog Service Providers: A Mechanism Design Perspective

Sensors ◽

10.3390/s20236761 ◽

2020 ◽

Vol 20 (23) ◽

pp. 6761

Author(s):

Anjan Bandyopadhyay ◽

Vikash Kumar Singh ◽

Sajal Mukhopadhyay ◽

Ujjwal Rai ◽

Fatos Xhafa ◽

...

Keyword(s):

Internet Of Things ◽

Mechanism Design ◽

Service Providers ◽

The Internet ◽

Preference Ordering ◽

Cloud Architecture ◽

Game Theoretic ◽

Design Perspective ◽

Iot Devices ◽

The Internet Of Things

In the Internet of Things (IoT) + Fog + Cloud architecture, with the unprecedented growth of IoT devices, one of the challenging issues that needs to be tackled is to allocate Fog service providers (FSPs) to IoT devices, especially in a game-theoretic environment. Here, the issue of allocation of FSPs to the IoT devices is sifted with game-theoretic idea so that utility maximizing agents may be benign. In this scenario, we have multiple IoT devices and multiple FSPs, and the IoT devices give preference ordering over the subset of FSPs. Given such a scenario, the goal is to allocate at most one FSP to each of the IoT devices. We propose mechanisms based on the theory of mechanism design without money to allocate FSPs to the IoT devices. The proposed mechanisms have been designed in a flexible manner to address the long and short duration access of the FSPs to the IoT devices. For analytical results, we have proved the economic robustness, and probabilistic analyses have been carried out for allocation of IoT devices to the FSPs. In simulation, mechanism efficiency is laid out under different scenarios with an implementation in Python.

Download Full-text

Internet of Things (IOT) in Healthcare – Smart Health and Surveillance, Architectures, Security Analysis and Data Transfer

International Journal of Software Innovation ◽

10.4018/ijsi.2019040103 ◽

2019 ◽

Vol 7 (2) ◽

pp. 21-40 ◽

Cited By ~ 13

Author(s):

Parthasarathy Panchatcharam ◽

Vivekanandan S.

Keyword(s):

Health Care ◽

Internet Of Things ◽

Data Transfer ◽

Security Analysis ◽

Healthcare Services ◽

The Internet ◽

Quality Health Care ◽

Smart Healthcare ◽

Smart Health ◽

The Internet Of Things

Wellbeing is fundament requirement. What's more, it is human appropriate to get quality health care. These days, India is confronting numerous medical problems in light of fewer assets. This survey article displays the idea of solving health issues by utilizing a recent innovation, the Internet of Things (IOT). The Internet of Things with their developing interdisciplinary applications has changed our lives. Smart health care being one such IoT application interfaces brilliant gadgets, machines, patients, specialists, and sensors to the web. At long last, the difficulties and prospects of the improvement of IoT-based medicinal service frameworks are talked about in detail. This review additionally summarizes the security and protection worries of IoT, administrations and application of IoT and smart healthcare services that have changed the customary medicinal services framework by making healthcare administration more proficient through their applications.

Download Full-text