A Lightweight and Secure IoT Remote Monitoring Mechanism Using DNS with Privacy Preservation

Jin, Yong; Tomoishi, Masahiko; Fujikawa, Kazutoshi; Kafle, Ved P.

doi:10.1109/ccnc.2019.8651860

Cited by 10 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The conventional solutions (e.g., hypertext transfer protocol secure-HTTPS) also display poor scaling problems and privacy concerns. Jin et al used DNS with privacy preservation to design a novel lightweight, secure, and remote IoT monitoring system [39]. The remote monitoring utilized the DNS protocol, whereas the communication between IoT devices and gateways still used the conventional protocols, i.e., the constrained application protocol (CoAP) and MQTT.…”

Section: Secure Iot Monitoringmentioning

confidence: 99%

A Comparative Study of Post-Quantum Cryptographic Algorithm Implementations for Secure and Efficient Energy Systems Monitoring

Satrya,

Agus,

Mnaouer

2023

Electronics

View full text Add to dashboard Cite

The Internet of Things (IoT) has assumed a pivotal role in the advancement of communication technology and in our daily lives. However, an IoT system such as a smart grid with poorly designed topology and weak security protocols might be vulnerable to cybercrimes. Exploits may arise from sensor data interception en route to the intended consumer within an IoT system. The increasing integration of electronic devices interconnected via the internet has galvanized the acceptance of this technology. Nonetheless, as the number of users of this technology surges, there must be an aligned concern to ensure that security measures are diligently enforced within IoT communication systems, such as in smart homes, smart cities, smart factories, smart hospitals, and smart grids. This research addresses security lacunae in the topology and configuration of IoT energy monitoring systems using post-quantum cryptographic techniques. We propose tailored implementations of the Rivest–Shamir–Adleman (RSA), N-th degree Truncated Polynomial Ring Units (NTRU), and a suite of cryptographic primitives based on Module Learning With Rounding (Saber) as post-quantum cryptographic candidate algorithms for IoT devices. These aim to secure publisher–subscriber end-to-end communication in energy system monitoring. Additionally, we offer a comparative analysis of these tailored implementations on low-resource devices, such as the Raspberry Pi, during data transmission using the Message Queuing Telemetry Transport (MQTT) protocol. Results indicate that the customized implementation of NTRU outperforms both SABER and RSA in terms of CPU and memory usage, while Light SABER emerges as the front-runner when considering encryption and decryption delays.

show abstract

Section: Secure Iot Monitoringmentioning

confidence: 99%

A Comparative Study of Post-Quantum Cryptographic Algorithm Implementations for Secure and Efficient Energy Systems Monitoring

Satrya,

Agus,

Mnaouer

2023

Electronics

View full text Add to dashboard Cite

show abstract

“…After the installation of the gateway and sensors, no cloud service is invoked. Access to the sensors from outside can be executed in different ways: (1) by using port forwarding; (2) by exploiting the Domain Name System (DNS) [28]; (3) by using public Message Queue Telemetry Transport (MQTT) brokers, etc. The owner of the GW is responsible for the overall management and evolution of her/his system.…”

Section: Cloud-based Iot Systemsmentioning

confidence: 99%

Assessing Insider Attacks and Privacy Leakage in Managed IoT Systems for Residential Prosumers

Marco¹,

Loia

Dehghantanha

et al. 2021

Energies

View full text Add to dashboard Cite

The transition towards the massive penetration of Renewable Energy Resources (RESs) into the electricity system requires the implementation of the Smart Grid (SG) paradigm with innovative control systems and equipment. In this new context, Distributed Energy Resources (DERs), including renewable sources and responsive loads, should be redesigned to enable aggregators to provide ancillary services. In fact, by using the Internet of Things (IoT) systems, aggregators can explore energy usage patterns from residential users, also known as prosumers and predict their services. This is undoubtedly important especially for SGs facing the presence of several RESs, where understanding the optimal match between demand and production is desirable from several points of view. However, revealing energy patterns and information can be of concern for privacy if the entire system is not properly designed. In this article, by assuming that the security of low-level communication protocols is guaranteed, we focus our attention at higher levels, in particular at the application level of managed IoT systems used by aggregators. In this regard, we provide an overview of the best practices and outline possible privacy leakages risks along with a list of correlated attacks.

show abstract

“…While some attempts were made to structure (RFC 1464) or discourage (RFC 5507) using TXT records this way, several common applications leverage them. For example, TXT records are used for various forms of email validation and spam prevention, including SPF, DKIM, and DMARC, but DNS TXT records can also be used as a way of finding contacts [4], or to monitor IoT devices [5]. Besides these legitimate use cases, malicious uses include adding large records to create more efficient DNS amplification attacks [6], or creating a command and control channel for malware [7], [8], [9], [10], [11], [12].…”

Section: Background and Related Workmentioning

confidence: 99%

TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records

Toorn

Rijswijk-Deij

Fiebig

et al. 2020

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

The DNS TXT resource record is the one with the most flexibility for its contents, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications. We are able to classify over 99.54% of all TXT records in our dataset, finding security issues including accidentally published private keys and exploit delivery attempts. We also report on our lessons learned during our large-scale, systematic analysis of TXT records.

show abstract

A Lightweight and Secure IoT Remote Monitoring Mechanism Using DNS with Privacy Preservation

Cited by 10 publications

References 6 publications

A Comparative Study of Post-Quantum Cryptographic Algorithm Implementations for Secure and Efficient Energy Systems Monitoring

A Comparative Study of Post-Quantum Cryptographic Algorithm Implementations for Secure and Efficient Energy Systems Monitoring

Assessing Insider Attacks and Privacy Leakage in Managed IoT Systems for Residential Prosumers

TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records

Contact Info

Product

Resources

About