Securing Internet-of-Things

Gong, Guang

doi:10.1007/978-3-030-18419-3_1

Cited by 6 publications

(8 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• weak/broken or inadequate authentication (e.g., single-factor authentication method using a username and password) [8,23,26,37,38]; • broken access control [23]; • Evolved Packet System Authentication and Key Agreement (EPS-AKA) protocol is vulnerable to several well-known attacks, such as man-in-the-middle (MITM) and denial of service (DoS), and suffers from the disclosure of user identity on first access to the network [39]; • 5G-AKA allows for replay attacks since authentication and synchronization failure messages are sent to the device in plain text [40]; • other messages, such as RRC (Radio Resource Control) and NAS (Non-access stratum), are sent to the device in plain text, which can generate DoS and other attacks that compromise the confidentiality, as already happens with 4G [40]; • lack of attestation to know if a device is compromised [13];…”

Section: Processmentioning

confidence: 99%

Systematic Literature Review on 5G-IoT Security Aspects

Valadares,

Will,

Sobrinho

et al. 2023

Preprint

View full text Add to dashboard Cite

The 5G technology brings many benefits already known: large connection capacity, great transmission velocities, and low latencies with high reliability. One of its core services, the massive Machine Type Communication (mMTC), theoretically allows up to one million devices connected simultaneously in a square kilometer. As the Internet of Things (IoT) devices often have very restricted resources, hampering the adoption of robust security mechanisms, they can be targets for attackers aiming to explore vulnerabilities and gain access to the 5G infrastructure. Given this concern, it is essential to know existent vulnerabilities and possible threats and solutions related to 5G-IoT, the scenarios considering IoT devices connected to 5G infrastructures. For this reason, we carried out a systematic literature review, extracting and analyzing data from 142 selected papers from conferences and journals. As the main results, we present lists with known vulnerabilities, possible threats and solutions, and some recommendations.

show abstract

Section: Processmentioning

confidence: 99%

Systematic Literature Review on 5G-IoT Security Aspects

Valadares,

Will,

Sobrinho

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Qiaoyang Zhang [25] provided a new security framework where a client and server can establish secure keys using a QR code and use them to secure the BLE channel for message transmission. Gong [26] proposed a new encryption algorithm for IoT devices that help in improving the transmission success rate. Yue Zhang et al [27] built a prototype for the SCO mode so that the SCO initiation can be properly handled by initiator.…”

Section: Related Workmentioning

confidence: 99%

An Improved Authentication Scheme for BLE Devices with no I/O Capabilities

Gupta¹,

Varshney²

2022

Preprint

View full text Add to dashboard Cite

Bluetooth Low Energy (BLE) devices have become very popular because of their Low energy consumption and hence a prolonged battery life. They are being used in smart wearable devices, smart home automation system, beacons and many more areas. BLE uses pairing mechanisms to achieve a level of peer entity authentication as well as encryption. Although, there are a set of pairing mechanisms available but BLE devices having no keyboard or display mechanism (and hence using the Just Works pairing) are still vulnerable. In this paper, we propose and implement, a light-weight digital certificate based authentication mechanism for the BLE devices making use of Just Works model. The proposed model is an add-on to the already existing pairing mechanism and therefore can be easily incorporated in the existing BLE stack. To counter the existing Man-in-The-Middle attack scenario in Just Works pairing (device spoofing), our proposed model allows the client and peripheral to make use of the popular Public Key Infrastructure (PKI) to establish peer entity authentication and a secure cryptographic tunnel for communication. We have also developed a lightweight BLE profiled digital certificate containing the bare minimum fields required for resource constrained devices, which significantly reduces the memory (about 90% reduction) and energy consumption. We have experimentally evaluated the energy consumption of the device using the proposed pairing mechanism to demonstrate that the model can be easily deployed with less changes to the power requirements of the chips. The model has been formally verified using automatic verification tool for protocol testing.

show abstract

“…The following metrics are used to evaluate the hardware implementation efficiency: 1) Gate equivalent (GE) [2], [4], [18], [27], [34], [35]: this metric measures the memory consumption and implementation size. The GE is defined as the area occupied by the semiconductor [34].…”

Section: Hardware Implementationmentioning

confidence: 99%

“…This metric measures how much physical area is required for a circuit that implements a primitive. Gong [4] noted that the physical area allocation in an LWC implementation should be less than 2000 GE. The metric can be defined with the following equation:…”

Section: Hardware Implementationmentioning

confidence: 99%

“…Devices with similar resources to standard computers can use standard cryptography primitives; however, other devices require unique designs due to various limitations. Researchers in [2]- [4] defined four design limitations associated with IoT cryptography primitives, especially in hardware implementations: memory consumption, implementation size, speed or throughput, and power or energy (Fig. 3).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Lightweight Cryptographic Hash Functions: Design Trends, Comparative Study, and Future Directions

et al. 2022

View full text Add to dashboard Cite

The emergence of the Internet of Things (IoT) has enabled billions of devices that collect large amounts of data to be connected. Therefore, IoT security has fundamental requirements. One critical aspect of IoT security is data integrity. Cryptographic hash functions are cryptographic primitives that provide data integrity services. However, due to the limitations of IoT devices, existing cryptographic hash functions are not suitable for all IoT environments. As a result, researchers have proposed various lightweight cryptographic hash function algorithms. In this paper, we discuss advanced lightweight cryptographic hash functions for highly constrained devices, categorize design trends, analyze cryptographic aspects and cryptanalytic attacks, and present a comparative analysis of different hardware and software implementations. In the final section of this paper, we highlight present research challenges and suggest future research topics related to the design of lightweight cryptographic hash functions.

show abstract

Securing Internet-of-Things

Cited by 6 publications

References 19 publications

Systematic Literature Review on 5G-IoT Security Aspects

Systematic Literature Review on 5G-IoT Security Aspects

An Improved Authentication Scheme for BLE Devices with no I/O Capabilities

Lightweight Cryptographic Hash Functions: Design Trends, Comparative Study, and Future Directions

Contact Info

Product

Resources

About