| 1. |
- Aragon, Santiago, et al.
(författare)
-
ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control
- 2018
-
Konferensbidrag (refereegranskat)abstract
- The Authentication and Authorization for ConstrainedEnvironments (ACE) framework provides fine-grainedaccess control in the Internet of Things, where devices areresource-constrained and with limited connectivity. The ACEframework defines separate profiles to specify how exactlyentities interact and what security and communication protocolsto use. This paper presents the novel ACE IPsec profile, whichspecifies how a client establishes a secure IPsec channel witha resource server, contextually using the ACE framework toenforce authorized access to remote resources. The profilemakes it possible to establish IPsec Security Associations, eitherthrough their direct provisioning or through the standardIKEv2 protocol. We provide the first Open Source implementationof the ACE IPsec profile for the Contiki OS and testit on the resource-constrained Zolertia Firefly platform. Ourexperimental performance evaluation confirms that the IPsecprofile and its operating modes are affordable and deployablealso on constrained IoT platforms.
|
|
| 2. |
- Aslam, Mudassar, et al.
(författare)
-
FoNAC - An automated Fog Node Audit and Certification scheme
- 2020
-
Ingår i: Computers & security (Print). - : Elsevier Ltd. - 0167-4048 .- 1872-6208. ; 93
-
Tidskriftsartikel (refereegranskat)abstract
- Meeting the security and privacy needs for IoT data becomes equally important in the newly introduced intermediary Fog Computing layer, as it was in its former technological layer - Cloud; but the accomplishment of such security is critical and challenging. While security assurance of the fog layer devices is imperative due to their exposure to the public Internet, it becomes even more complex, than the cloud layer, as it involves a large number of heterogeneous devices deployed hierarchically. Manual audit and certification schemes are unsuitable for large number of fog nodes thereby inhibiting the involved stakeholders to use manual security assurance schemes altogether. However, scalable and feasible security assurance can be provided by introducing automated and continuous monitoring and auditing of fog nodes to ensure a trusted, updated and vulnerability free fog layer. This paper presents such an solution in the form of an automated Fog Node Audit and Certification scheme (FoNAC) which guarantees a secure fog layer through the proposed fog layer assurance mechanism. FoNAC leverages Trusted Platform Module (TPM 2.0) capabilities to evaluate/audit the platform integrity of the operating fog nodes and grants certificate to the individual node after a successful security audit. FoNAC security is also validated through its formal security analysis performed using AVISPA under Dolev-Yao intruder model. The security analysis of FoNAC shows its resistance against cyber-attacks like impersonation, replay attack, forgery, Denial of Service(DoS) and MITM attack.
|
|
| 3. |
- Aslam, Mudassar, et al.
(författare)
-
Security and trust preserving inter- and intra-cloud VM migrations
- 2020
-
Ingår i: International Journal of Network Management. - : John Wiley and Sons Ltd. - 1055-7148 .- 1099-1190.
-
Tidskriftsartikel (refereegranskat)abstract
- This paper focus on providing a secure and trustworthy solution for virtual machine (VM) migration within an existing cloud provider domain, and/or to the other federating cloud providers. The infrastructure-as-a-service (IaaS) cloud service model is mainly addressed to extend and complement the previous Trusted Computing techniques for secure VM launch and VM migration case. The VM migration solution proposed in this paper uses a Trust_Token based to guarantee that the user VMs can only be migrated and hosted on a trustworthy and/or compliant cloud platforms. The possibility to also check the compliance of the cloud platforms with the pre-defined baseline configurations makes our solution compatible with an existing widely accepted standards-based, security-focused cloud frameworks like FedRAMP. Our proposed solution can be used for both inter- and intra-cloud VM migrations. Different from previous schemes, our solution is not dependent on an active (on-line) trusted third party; that is, the trusted third party only performs the platform certification and is not involved in the actual VM migration process. We use the Tamarin solver to realize a formal security analysis of the proposed migration protocol and show that our protocol is safe under the Dolev-Yao intruder model. Finally, we show how our proposed mechanisms fulfill major security and trust requirements for secure VM migration in cloud environments.
|
|
| 4. |
|
|
| 5. |
- Bagci, Ibrahim Ethem, et al.
(författare)
-
Codo: Confidential Data Storage for Wireless Sensor Networkss
- 2012. - 6
-
Konferensbidrag (refereegranskat)abstract
- Many Wireless Sensor Networks (WSNs) are used to collect and process confidential information. Confidentiality must be ensured at all times and, for example, solutions for confidential communication, processing or storage are required. To date, the research community has addressed mainly the issue of confidential communication. Efficient solutions for cryptographically secured communication and associated key exchange in WSNs exist. Many WSN applications, however, rely heavily on available on-node storage space and therefore it is essential to ensure the confidentiality of stored data as well. In this paper we present Codo, a confidential data storage solution which balances platform, performance and security requirements. We implement Codo for the Contiki WSN operating system and evaluate its performance.
|
|
| 6. |
- Bagci, Ibrahim Ethem, et al.
(författare)
-
Combined Secure Storage and Communication for the Internet of Things
- 2013
-
Konferensbidrag (refereegranskat)abstract
- The future Internet of Things (IoT) may be based on the existing and established Internet Protocol (IP). Many IoT application scenarios will handle sensitive data. However, as security requirements for storage and communication are addressed separately, work such as key management or cryp- tographic processing is duplicated. In this paper we present a framework that allows us to combine secure storage and secure communication in the IP-based IoT. We show how data can be stored securely such that it can be delivered securely upon request without further cryptographic processing. Our prototype implementation shows that combined secure storage and communication can reduce the security-related processing on nodes by up to 71% and energy consumption by up to 32.1%.
|
|
| 7. |
- Bagci, Ibrahim Ethem, et al.
(författare)
-
Fusion: Coalesced Confidential Storage and Communication Framework for the IoT
- 2015. - 5
-
Ingår i: Security and Communication Networks. - : Wiley. - 1939-0114 .- 1939-0122. ; 9:15, s. 2656-2673
-
Tidskriftsartikel (refereegranskat)abstract
- Comprehensive security mechanisms are required for a successful implementation of the Internet of Things (IoT). Existing solutions focus mainly on securing the communication links between Internet hosts and IoT devices. However, as most IoT devices nowadays provide vast amounts of flash storage space it is as well required to consider storage security within a comprehensive security framework. Instead of developing independent security solutions for storage and communication we propose Fusion, a framework which provides coalesced confidential storage and communication. Fusion uses existing secure communication protocols for the IoT such as IPsec and DTLS and re-uses the defined communication security mechanisms within the storage component. Thus, trusted mechanisms developed for communication security are extended into the storage space. Notably, this mechanism allows us to transmit requested data directly from the file system without decrypting read data blocks and then re-encrypting these for transmission. Thus, Fusion provides benefits in terms of processing speed and energy efficiency which are important aspects for resource constrained IoT devices. The paper describes the Fusion architecture and its instantiation for IPsec and DTLS based systems. We describe Fusion’s implementation and evaluate its storage overheads, communication performance and energy consumption
|
|
| 8. |
- Boo, EunSeong, et al.
(författare)
-
Towards supporting IoT device storage and network security using DTLs
- 2019
-
Ingår i: MobiSys 2019 - Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services. - New York, NY, USA : Association for Computing Machinery, Inc. - 9781450366618 ; , s. 570-571
-
Konferensbidrag (refereegranskat)abstract
- This work presents FDTLS, a security framework that combines storage and network/communication-level security for resource limited Internet of Things (IoT) devices using Datagram Transport Layer Security (DTLS). While coalescing storage and networking security scheme can reduce redundent and unnecessary operations, we identify security- and system-level challenges that can occur when applying DTLS. FDTLS addresses these challenges by employing asymmetric key generation, a virtual peer, and header reduction-based storage optimization. Our results obtained using a Contiki-based implementation on OpenMote platforms show that compared to using storage and networking security separately, FDTLS can reduce the latency of packet transmission responses and also contribute to saving energy. © 2019 Copyright held by the owner/author(s).
|
|
| 9. |
- Eriksson, Joakim, et al.
(författare)
-
Demo abstract: accurate power profiling of sensornets with the COOJA/MSPSim simulator
- 2009. - 1
-
Konferensbidrag (refereegranskat)abstract
- Power consumption is of utmost concern in sensor networks. Researchers have several ways of measuring the power consumption of a complete sensor network, but they are typically either impractical or inaccurate. To meet the need for practical and scalable measurement of power consumption of sensor networks, we have developed a cycle-accurate simulator, called COOJA/MSPsim, that enables live power estimation of systems running on MSP430 processors. This demonstration shows the ease of use and the power measurement accuracy of COOJA/MSPsim. The demo setup consists of a small sensor network and a laptop. Beside gathering software-based power measurements from the motes, the laptop runs COOJA/MSPsim to simulate the same network. We visualize the power consumption of both the simulated and the real sensor network, and show that the simulator produces matching results.
|
|
| 10. |
|
|
