scholarly journals Security Analysis of Out-of-Band Device Pairing Protocols: A Survey

2021 ◽  
Vol 2021 ◽  
pp. 1-30
Author(s):  
Sameh Khalfaoui ◽  
Jean Leneutre ◽  
Arthur Villard ◽  
Jingxuan Ma ◽  
Pascal Urien

Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communication between unidentified IoT devices that have no preshared security parameters due to the scalability requirements imposed by the ubiquitous nature of the IoT devices. In order to provide the most user-friendly IoT services, the usability assessment has become the main requirement. Thus, the complete security analysis has been replaced by a sketch of a proof to partially validate the robustness of the proposal. The few existing formal or computational security verifications on the SDP schemes have been conducted based on the assessment of a wide variety of uniquely defined security properties. Therefore, the security comparison between these protocols is not feasible and there is a lack of a unified security analysis framework to assess these pairing techniques. In this paper, we survey a selection of secure device pairing proposals that have been formally or computationally verified. We present a systematic description of the protocol assumptions, the adopted verification model, and an assessment of the verification results. In addition, we normalize the used taxonomy in order to enhance the understanding of these security validations. Furthermore, we refine the adversary capabilities on the out-of-band channel by redefining the replay capability and by introducing a new notion of delay that is dependent on the protocol structure that is more adequate for the ad hoc pairing context. Also, we propose a classification of a number of out-of-band channels based on their security properties and under our refined adversary model. Our work motivates the future SDP protocol designer to conduct a formal or a computational security assessment to allow the comparability between these pairing techniques. Furthermore, it provides a realistic abstraction of the adversary capabilities on the out-of-band channel which improves the modeling of their security characteristics in the protocol verification tools.

2013 ◽  
Vol 9 (1) ◽  
pp. 54-84 ◽  
Author(s):  
Shaik Shakeel Ahamad ◽  
V. N. Sastry ◽  
Siba K. Udgata

In this paper the authors propose a Secure Mobile Payment Framework in Multi hop Cellular Network environment (which is an integration of cellular networks and mobile ad hoc networks) using Mobile Agent technology and Digital Signature with Message Recovery (DSMR) mechanism based on ECDSA mechanism. Secure communication in Multi hop Cellular Networks is a nontrivial task because of lack of infrastructure, no prior trust relationships among nodes due to the absence of a centralized authority. Mobile Agent technology and Digital Signature with Message Recovery based on ECDSA mechanism provides secure mobile payments in Multi hop Cellular Networks. Mobile Agent technology has many benefits such as bandwidth conservation, reduction of latency, reduction of completion time, Asynchronous (disconnected) communications. Digital Signature with Message Recovery based on ECDSA eliminates the need of adopting PKI cryptosystems. The proposed protocol ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gateway, achieves Payment Secrecy, Order Secrecy, forward secrecy, prevents Double Spending, Overspending and Money laundering. The security properties of the proposed protocol have been verified successfully using BAN Logic, AVISPA and Scyther Tools and presented with results.


2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Yawei Yue ◽  
Shancang Li ◽  
Phil Legg ◽  
Fuzhong Li

Internet of Things (IoT) applications have been used in a wide variety of domains ranging from smart home, healthcare, smart energy, and Industrial 4.0. While IoT brings a number of benefits including convenience and efficiency, it also introduces a number of emerging threats. The number of IoT devices that may be connected, along with the ad hoc nature of such systems, often exacerbates the situation. Security and privacy have emerged as significant challenges for managing IoT. Recent work has demonstrated that deep learning algorithms are very efficient for conducting security analysis of IoT systems and have many advantages compared with the other methods. This paper aims to provide a thorough survey related to deep learning applications in IoT for security and privacy concerns. Our primary focus is on deep learning enhanced IoT security. First, from the view of system architecture and the methodologies used, we investigate applications of deep learning in IoT security. Second, from the security perspective of IoT systems, we analyse the suitability of deep learning to improve security. Finally, we evaluate the performance of deep learning in IoT system security.


Symmetry ◽  
2021 ◽  
Vol 13 (1) ◽  
pp. 129
Author(s):  
Badr M. Alshammari ◽  
Ramzi Guesmi ◽  
Tawfik Guesmi ◽  
Haitham Alsaif ◽  
Ahmed Alzamil

In the Internet of Things (IoT), a lot of constrained devices are interconnected. The data collected from those devices can be the target of cyberattacks. In this paper, a lightweight cryptosystem that can be efficiently implemented in highly constrained IOT devices is proposed. The algorithm is mainly based on Advanced Encryption Standard (AES) and a new chaotic S-box. Since its adoption by the IEEE 802.15.4 protocol, AES in embedded platforms have been increasingly used. The main cryptographic properties of the generated S-box have been validated. The randomness of the generated S-box has been confirmed by the NIST tests. Experimental results and security analysis demonstrated that the cryptosystem can, on the one hand, reach good encryption results and respects the limitation of the sensor’s resources, on the other hand. So the proposed solution could be reliably applied in image encryption and secure communication between networked smart objects.


Author(s):  
Amolkirat Singh ◽  
Guneet Saini

Many people lose their life and/or are injured due to accidents or unexpected events taking place on road networks. Besides traffic jams, these accidents generate a tremendous waste of time and fuel. Undoubtedly, if the vehicles are provided with timely and dynamic information related to road traffic conditions, any unexpected events or accidents, the safety and efficiency of the transportation system with respect to time, distance, fuel consumption and environmentally destructive emissions can be improved. In the field of computer and information science, Vehicular Ad hoc Network (VANET) have recently emerged as an effective tool for improving road safety through propagation of warning messages among the vehicles in the network about potential obstacles on the road ahead. VANET is a research area which is in more demand among the researchers, the automobile industries and scientists to discover about the loopholes and advantages of the vehicular networks so that efficient routing algorithms can be developed which can provide reliable and secure communication among the mobile nodes.In this paper, we propose a Groundwork Based Ad hoc On Demand Distance Vector Routing Protocol (GAODV) focus on how the Road Side Units (RSU’s) utilized in the architecture plays an important role for making the communication reliable. In the interval of finding the suitable path from source to destination the packet loss may occur and the delay also is counted if the required packet does not reach the specified destination on time. So to overcome delay, packet loss and to increase throughput GAODV approach is followed. The performance parameters in the GAODV comes out to be much better than computed in the traditional approach.


2020 ◽  
Vol 19 (3) ◽  
pp. 697-710 ◽  
Author(s):  
Arne Brusch ◽  
Ngu Nguyen ◽  
Dominik Schurmann ◽  
Stephan Sigg ◽  
Lars Wolf

Sensors ◽  
2020 ◽  
Vol 20 (22) ◽  
pp. 6546
Author(s):  
Kazi Masum Sadique ◽  
Rahim Rahmani ◽  
Paul Johannesson

The Internet of things (IoT) will accommodate several billions of devices to the Internet to enhance human society as well as to improve the quality of living. A huge number of sensors, actuators, gateways, servers, and related end-user applications will be connected to the Internet. All these entities require identities to communicate with each other. The communicating devices may have mobility and currently, the only main identity solution is IP based identity management which is not suitable for the authentication and authorization of the heterogeneous IoT devices. Sometimes devices and applications need to communicate in real-time to make decisions within very short times. Most of the recently proposed solutions for identity management are cloud-based. Those cloud-based identity management solutions are not feasible for heterogeneous IoT devices. In this paper, we have proposed an edge-fog based decentralized identity management and authentication solution for IoT devices (IoTD) and edge IoT gateways (EIoTG). We have also presented a secure communication protocol for communication between edge IoT devices and edge IoT gateways. The proposed security protocols are verified using Scyther formal verification tool, which is a popular tool for automated verification of security protocols. The proposed model is specified using the PROMELA language. SPIN model checker is used to confirm the specification of the proposed model. The results show different message flows without any error.


2019 ◽  
Vol 9 (22) ◽  
pp. 4956 ◽  
Author(s):  
Xinchao Ruan ◽  
Hang Zhang ◽  
Wei Zhao ◽  
Xiaoxue Wang ◽  
Xuan Li ◽  
...  

We investigate the optical absorption and scattering properties of four different kinds of seawater as the quantum channel. The models of discrete-modulated continuous-variable quantum key distribution (CV-QKD) in free-space seawater channel are briefly described, and the performance of the four-state protocol and the eight-state protocol in asymptotic and finite-size cases is analyzed in detail. Simulation results illustrate that the more complex is the seawater composition, the worse is the performance of the protocol. For different types of seawater channels, we can improve the performance of the protocol by selecting different optimal modulation variances and controlling the extra noise on the channel. Besides, we can find that the performance of the eight-state protocol is better than that of the four-state protocol, and there is little difference between homodyne detection and heterodyne detection. Although the secret key rate of the protocol that we propose is still relatively low and the maximum transmission distance is only a few hundred meters, the research on CV-QKD over the seawater channel is of great significance, which provides a new idea for the construction of global secure communication network.


2022 ◽  
Vol 54 (7) ◽  
pp. 1-34
Author(s):  
Sophie Dramé-Maigné ◽  
Maryline Laurent ◽  
Laurent Castillo ◽  
Hervé Ganem

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.


Sign in / Sign up

Export Citation Format

Share Document