Santiago Aragon scite author profile

Santiago Aragon

2Publications

13Citation Statements Received

36Citation Statements Given

How they've been cited

How they cite others

Affiliations

Technical University of Darmstadt, Instituto Tecnológico Autónomo de México

Publications

Order By: Most citations

ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control

Aragon

Tiloca

Maaß

et al. 2018

View full text Add to dashboard Cite

The Authentication and Authorization for Constrained Environments (ACE) framework provides fine-grained access control in the Internet of Things, where devices are resource-constrained and with limited connectivity. The ACE framework defines separate profiles to specify how exactly entities interact and what security and communication protocols to use. This paper presents the novel ACE IPsec profile, which specifies how a client establishes a secure IPsec channel with a resource server, contextually using the ACE framework to enforce authorized access to remote resources. The profile makes it possible to establish IPsec Security Associations, either through their direct provisioning or through the standard IKEv2 protocol. We provide the first Open Source implementation of the ACE IPsec profile for the Contiki OS and test it on the resource-constrained Zolertia Firefly platform. Our experimental performance evaluation confirms that the IPsec profile and its operating modes are affordable and deployable also on constrained IoT platforms.

show abstract

SDR-Based Network Impersonation Attack in GSM-Compatible Networks

Aragon

Kuhlmann

Villa³

2015

View full text Add to dashboard Cite

Despite the rapid change in cellular technologies, Mobile Network Operators (MNOs) keep a high percentage of their deployed infrastructure using Global System for Mobile communications (GSM) technologies. With about 3.5 billion subscribers, GSM remains as the de facto standard for cellular communications. However, the security criteria envisioned 30 years ago, when the standard was designed, are no longer sufficient to ensure the security and privacy of the users. Furthermore, even with the newest fourth generation (4G) cellular technologies starting to be deployed, these networks could never achieve strong security guarantees because the MNOs keep backwardscompatibility given the huge amount of GSM subscribers. In this paper, we present and describe the tools and necessary steps to perform an active attack against a GSM-compatible network, by exploiting the GSM protocol lack of mutual authentication between the subscribers and the network. The attack consists of a so-called man-in-the-middle attack implementation. By using Software Defined Radio (SDR), open-source libraries and opensource hardware, we setup a fake GSM base station to impersonate the network and therefore eavesdrop any communications that are being routed through it and extract information from their victims. Finally, we point out some implications of the protocol vulnerabilities and how these can not be mitigated in the short term since 4G deployments will take long time to entirely replace the current GSM infrastructure.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Santiago Aragon

ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control

SDR-Based Network Impersonation Attack in GSM-Compatible Networks

Contact Info

Product

Resources

About