A Review of Cryptographic Algorithms for the Internet of Things

There are various emerging areas in which profoundly constrained interconnected devices connect to accomplish specific tasks. Nowadays, internet of things (IoT) enables many low-resource and constrained devices to communicate, do computations, and make smarter decisions within a short period. However, there are many challenges and issues in such devices like power consumption, limited battery, memory space, performance, cost, and security. This chapter presents the security issues in such a constrained environment, where the traditional cryptographic algorithms cannot be used and, thus, discusses various lightweight cryptographic algorithms in detail and present a comparison between these algorithms. Further, the chapter also discusses the power awakening scheme and reference architecture in IoT for constrained device environment with a focus on research challenges, issues, and their solutions.

Encryption Principles and Techniques for the Internet of Things

This chapter explores the encryption techniques used for the internet of things (IoT). The security algorithm used for IoT should follow many constraints of an embedded system. Hence, lightweight cryptography is an optimum security solution for IoT devices. This chapter mainly describes the need for security in IoT, the concept of lightweight cryptography, and various cryptographic algorithms along with their shortcomings given IoT. This chapter also describes the principle of operation of all the above algorithms along with their security analysis. Moreover, based on the algorithm size (i.e., the required number of gate equivalent, block size, key size, throughput, and execution speed of the algorithm), the chapter reports the comparative analysis of their performance. The chapter discusses the merits and demerits of these algorithms along with their use in the IoT system.

Security in Context of the Internet of Things

The chapter discusses various security challenges in the design of the internet of things and their possible solutions. After presenting a precise introduction to the internet of things, its applications, and technologies enabling it, the chapter discusses its various architectures and models which follow with an introduction of development kits, boards, platforms, hardware, software, and devices used in the internet of things. A concise explanation and discussion on the internet of things standards and protocols with emphasis on their security is presented. Next, various possible security threats and attacks to the internet of things are presented. The subsequent sections of the chapter discuss identified security challenges at individual layers of various models along with their possible solutions. It further presents cryptographic and lightweight cryptographic primitives for the internet of things, existing use of cryptography in the internet of things protocols, security challenges, and its prospectus.

Digital Forensics in the Context of the Internet of Things

The pervasive nature of IoT, envisioned with the characteristics of diversity, heterogeneity, and complexity, is diluting the boundaries between the physical and digital worlds. IoT being widely distributed qualifies it as the breeding ground for cyber-attacks. Although remarkable work is being done to ensure security in IoT infrastructure, security vulnerabilities persist. The IoT infrastructure can either be used as a direct target in a cyber-attack or exploited as a tool to carry a cyber-attack. In either case, the security measures in IoT infrastructure is compromised. The enormous IoT data is sensitive that can act as a gold mine to both the criminals for illicit exploitation or investigators to act as digital witness. IoT forensics help the investigators to acquire intelligence from this smart infrastructure to reconstruct the historical events occurred. However, due to sophisticated IoT architecture, the digital investigators face myriad challenges in IoT-related investigations using existing investigation methodologies and, hence, demand a separate dedicated forensic framework.

Emerging Social and Legal Issues of the Internet of Things

The advent of internet represents a revolution for the contemporary era, having brought about a striking series of changes in social, institutional, political, and economic life. This ongoing revolution has spread and absorbed within itself all the problems related to its own development. Objects become recognizable and acquire intelligence in that they are able to communicate data regarding themselves and also access other information aggregated by other devices. They are able to participate in a dialogue and interact among themselves within electronic communication networks without human intervention. All objects can acquire an active role thanks to connection with the web. The associated problems, which can no longer be ignored, draw attention above all to the lack of data control, which is to the vast extent of the data collected and more generally to the security of these data. This chapter has the aim of analyzing the ways in which European legislators, and consequently also Italian representatives, have intervened in order to stem the tide of emerging issues.

A Secure Gateway Discovery Protocol Using Elliptic Curve Cryptography for Internet-Integrated MANET

Integration procedures are employed to increase and enhance computing networks and their application domain. Extensive studies towards the integration of MANET with the internet have been studied and worked towards addressing various challenges for such integration. Some idyllic mechanisms always fail due to the presence of some nasty node or other problems such as face alteration and eavesdropping. The focus of this chapter is on the design and discovery of secure gateway scheme in MANET employing trust-based security factors such as route trust and load ability. Over these, the elliptic curve cryptography is applied to achieve confidentiality, integrity, and authentication while selecting optimum gateway node that has less bandwidth, key storage space, and faster computational time. Simulation results of the security protocol through SPAN for AVISPA tool have shown encouraging results over two model checkers namely OFMC and CL-AtSe.

An Adaptive Security Framework for the Internet of Things Applications Based on the Contextual Information

With the growth of Internet of Things and user demand for personalized applications, context-aware applications are gaining popularity in current IT cyberspace. Personalized content, which can be a notification, recommendation, etc., are generated based on the contextual information such as location, temperature, and nearby objects. Furthermore, contextual information can also play an important role in security management of user or device in real time. When the context of a user or device changes, the security mechanisms should also be updated in real time for better performance and quality of service. Access to a specific resource may also be dependent upon user's/device's current context. In this chapter, the role of contextual information for IoT application security is discussed and a framework is provided which auto-updates security policy of the device based on its current context. Proposed framework makes use of machine learning algorithm to update the security policies based on the current context of the IoT device(s).

Preserving Security of Mobile Anchors Against Physical Layer Attacks

This chapter introduces a new security scheme for mobile anchors avoiding the physical layer attacks towards localization in wireless sensor networks (WSNs). In a network, anchors are made location-aware equipping them with GPS (global positioning system) receivers. Direction finding capabilities are also incorporated with smart antennas. The proposed algorithm is based on adaptive beamforming of smart array that always minimizes the probabilities of successful attacks, keeping the adversaries beyond its beam coverage. Particle swarm optimization (PSO) technique is used to compute array excitation coefficients, generating the desired pattern. Thus, anchors remain secured through pattern irregularities, deteriorating the information retrieval process even though chances of occurring adequate RSS (received signal strength)/AoA (angle of arrival) measurements may exist. Moreover, anchors are assumed to send pseudo references towards stationary nodes over private links, preserving data integrity for localization. Simulation results validate its effectiveness over the existing methods.

Secure Computation of Private Set Intersection Cardinality With Linear Complexity

PSI and its variants play a major role when the participants want to perform secret operations on their private data sets. The importance of this chapter is twofold. In the first phase, the author presents a size-hiding PSI-CA protocol followed by its authorized variant, APSI-CA, utilizing Bloom filter. All these constructions are proven to be secure in standard model with linear complexity. In the second phase, the author employs Bloom filter to design an efficient mPSI-CA protocol. It achieves fairness using offline semi-trusted third party (arbiter) unlike the most efficient existing protocols. The arbiter is semi-trusted in the sense that he does not have access to the private information of the entities while he will follow the protocol honestly. Proposed mPSI-CA is proven to be secure against malicious adversaries in the random oracle model (ROM) under the decisional Diffie-Hellman (DDH) assumption. It achieves linear complexity.

Hardware Primitives-Based Security Protocols for the Internet of Things

IoT is the enabling technology for a variety of new exciting services in a wide range of application areas including environmental monitoring, healthcare systems, energy management, transportation, and home and commercial automation. However, the low-cost and straightforward nature of IoT devices producing vast amounts of sensitive data raises many security concerns. Among the cyber threats, hardware-level threats are especially crucial for IoT systems. In particular, IoT devices are not physically protected and can easily be captured by an adversary to launch physical and side-channel attacks. This chapter introduces security protocols for IoT devices based on hardware security primitives called physically unclonable functions (PUFs). The protocols are discussed for the following major security principles: authentication and confidentiality, data provenance, and anonymity. The security analysis shows that security protocols based on hardware security primitives are not only secure against network-level threats but are also resilient against physical and side-channel attacks.