The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors.
Consumer electronics manufacturers have been incorporating support for 4G/5G communication technologies into many electronic devices. Thus, highly capable Internet of Things (IoT)-ready versions of electronic devices are being purchased which will eventually replace traditional consumer electronics. With the goal of creating a smart environment, the IoT devices enable data sharing, sensing, awareness, increased control. Enabled by high-speed networks, the IoT devices function in a group setting thus compounding the attack surface leading to security and privacy concerns. This research is a study on the possibility of incorporating PUF as a basis for group key generation. The challenge here lies in identifying device features that are unique, stable, reproducible and unpredictable by an adversary. Each device generates its own identity leading to collaborative cryptographic key generation in a group setting. The research uses a comprehensive hardware testbed to demonstrate the viability of PUFs for the generation of a symmetric key through collaboration. Detailed analysis of the proposed setup and the symmetric key generation scheme has shown that the system is scalable and offers unrivalled advantages compared to conventional cryptographic implementations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.