发布求助
文献互助 智能选刊 最新文献

2015 International Workshop on Secure Internet of Things (SIoT)最新文献

筛选
英文 中文
REST-ful CoAP Message Authentication REST-ful CoAP消息身份验证
2015 International Workshop on Secure Internet of Things (SIoT) Pub Date : 2015-09-21 DOI: 10.1109/SIOT.2015.8
Hoai Viet Nguyen, Luigi Lo Iacono
{"title":"REST-ful CoAP Message Authentication","authors":"Hoai Viet Nguyen, Luigi Lo Iacono","doi":"10.1109/SIOT.2015.8","DOIUrl":"https://doi.org/10.1109/SIOT.2015.8","url":null,"abstract":"One core technology for implementing and integrating the architectural principles of REST into the Internet of Things (IoT) is CoAP, a REST-ful application protocol for constrained networks and devices. Since CoAP defaults to UDP as transport protocol, the protection of CoAP-based systems is realised by the adoption of DTLS, a transport-oriented security protocol for datagrams. This is, however, in many cases not a sufficient safeguard, since messages in distributed systems -- as obtained, e.g., by the adoption of REST -- are commonly transported via multiple intermediate components. This induces the need for message-oriented protection means supplementing transport security for IoT scenarios with high security demands.This paper approaches an important part of this requirement by introducing a REST-ful CoAP message authentication scheme. The overarching goal of this work is, though, to establish a message-oriented security layer for CoAP. Here, specific challenges are stemming from the architectural style REST and the resource-restrictiveness of IoT networks and devices. The present contribution reaches this goal for authentication by proposing a REST-ful CoAP message signature generation and verification scheme.","PeriodicalId":312831,"journal":{"name":"2015 International Workshop on Secure Internet of Things (SIoT)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127178064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Not so Smart: On Smart TV Apps 不那么聪明:在智能电视应用上
2015 International Workshop on Secure Internet of Things (SIoT) Pub Date : 2015-09-21 DOI: 10.1109/SIOT.2015.13
Marcus Niemietz, Juraj Somorovsky, Christian Mainka, Jörg Schwenk
{"title":"Not so Smart: On Smart TV Apps","authors":"Marcus Niemietz, Juraj Somorovsky, Christian Mainka, Jörg Schwenk","doi":"10.1109/SIOT.2015.13","DOIUrl":"https://doi.org/10.1109/SIOT.2015.13","url":null,"abstract":"One of the main characteristics of Smart TVs are apps. Apps extend the Smart TV behavior with various functionalities, ranging from usage of social networks or payed streaming services, to buying articles on Ebay. These actions demand usage of critical data like authentication tokens and passwords, and thus raise a question on new attack scenarios and general security of Smart TV apps. In this paper, we investigate attack models for Smart TVs and their apps, and systematically analyze security of Smart TV devices. We point out that some popular apps, including Facebook, Ebay or Watchever, send login data over unencrypted channels. Even worse, we show that an arbitrary app installed on devices of the market share leader Samsung can gain access to the credentials of a Samsung Single Sign-On account. Therefore, such an app can hijack a complete user account including all his devices like smartphones and tablets connected with it. Based on our findings, we provide recommendations that are of general importance and applicable to areas beyond Smart TVs.","PeriodicalId":312831,"journal":{"name":"2015 International Workshop on Secure Internet of Things (SIoT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114285955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
BALSA: Bluetooth Low Energy Application Layer Security Add-on BALSA:蓝牙低功耗应用层安全附加组件
2015 International Workshop on Secure Internet of Things (SIoT) Pub Date : 2015-09-21 DOI: 10.1109/SIOT.2015.12
Diego A. Ortiz-Yepes
{"title":"BALSA: Bluetooth Low Energy Application Layer Security Add-on","authors":"Diego A. Ortiz-Yepes","doi":"10.1109/SIOT.2015.12","DOIUrl":"https://doi.org/10.1109/SIOT.2015.12","url":null,"abstract":"Bluetooth Low Energy (BLE) is ideally suited to exchange information between mobile devices and Internet-of-Things (IoT) sensors. It is supported by most recent consumer mobile devices and can be integrated into sensors enabling them to exchange information in an energy-efficient manner. However, when BLE is used to access or modify sensitive sensor parameters, exchanged messages need to be suitably protected, which may not be possible with the security mechanisms defined in the BLE specification. Consequently we contribute BALSA, a set of cryptographic protocols, a BLE service and a suggested usage architecture aiming to provide a suitable level of security. In this paper we define and analyze these components and describe our proof-of-concept, which demonstrates the feasibility and benefits of BALSA.","PeriodicalId":312831,"journal":{"name":"2015 International Workshop on Secure Internet of Things (SIoT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129761457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Multiple Fault Attack on PRESENT with a Hardware Trojan Implementation in FPGA 基于FPGA硬件木马的PRESENT多故障攻击
2015 International Workshop on Secure Internet of Things (SIoT) Pub Date : 2015-09-21 DOI: 10.1109/SIOT.2015.15
J. Breier, W. He
{"title":"Multiple Fault Attack on PRESENT with a Hardware Trojan Implementation in FPGA","authors":"J. Breier, W. He","doi":"10.1109/SIOT.2015.15","DOIUrl":"https://doi.org/10.1109/SIOT.2015.15","url":null,"abstract":"Internet of Things connects lots of small constrained devices to the Internet. As in any other environment, communication security is important and cryptographic algorithms are one of many elements that we use in order to keep messages secure. It is necessary to use algorithms that do not require high computational power, lightweight ciphers are therefore an ideal candidate for this purpose. Since these devices work in various environments, it is necessary to test security of implementations of cryptographic algorithms. In this paper, we explore a possibility of attacking an ultralightweight cipher PRESENT by using a multiple fault attack. Utilizing the Differential Fault Analysis technique, we were able to recover the secret key with two faulty encryptions and an exhaustive search of 216 remaining key bits. Our attack aims at four nibbles in the penultimate round of the cipher, causing faulty output in all nibbles of the output. We also provide a practical attack scenario by exploiting Hardware Trojan (HT) technique for the proposed fault injection in a Xilinx Spartan-6 FPGA.","PeriodicalId":312831,"journal":{"name":"2015 International Workshop on Secure Internet of Things (SIoT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127944417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Secure Association for the Internet of Things 物联网安全协会
2015 International Workshop on Secure Internet of Things (SIoT) Pub Date : 2015-09-21 DOI: 10.1109/SIOT.2015.14
Almog Benin, Sivan Toledo, Eran Tromer
{"title":"Secure Association for the Internet of Things","authors":"Almog Benin, Sivan Toledo, Eran Tromer","doi":"10.1109/SIOT.2015.14","DOIUrl":"https://doi.org/10.1109/SIOT.2015.14","url":null,"abstract":"Existing standards (ZigBee and Bluetooth Low Energy) for networked low-power wireless devices do not support secure association (or pairing) of new devices into a network: their association process is vulnerable to man-in-the-middle attacks. This paper addresses three essential aspects in attaining secure association for such devices.First, we define a user-interface primitive, oblivious comparison, that allows users to approve authentic associations and abort compromised ones. This distills and generalizes several existing approve/abort mechanisms, and moreover we experimentally show that OC can be implemented using very little hardware: one LED and one switch.Second, we provide a new Message Recognition Protocol (MRP) that allows devices associated using oblivious comparison to exchange authenticated messages without the use of publickey cryptography (which exceeds the capabilities of many IoT devices). This protocol improves upon previously proposed MRPs in several respects.Third, we propose a robust definition of security for MRPs that is based on universal composability, and show that our MRP protocol satisfies this definition.","PeriodicalId":312831,"journal":{"name":"2015 International Workshop on Secure Internet of Things (SIoT)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122267060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
On the Security and Privacy of Internet of Things Architectures and Systems 物联网架构与系统的安全性与隐私性研究
2015 International Workshop on Secure Internet of Things (SIoT) Pub Date : 2015-09-21 DOI: 10.1109/SIOT.2015.9
Emmanouil Vasilomanolakis, Jörg Daubert, Manisha Luthra, E. Gazis, A. Wiesmaier, Panayotis Kikiras
{"title":"On the Security and Privacy of Internet of Things Architectures and Systems","authors":"Emmanouil Vasilomanolakis, Jörg Daubert, Manisha Luthra, E. Gazis, A. Wiesmaier, Panayotis Kikiras","doi":"10.1109/SIOT.2015.9","DOIUrl":"https://doi.org/10.1109/SIOT.2015.9","url":null,"abstract":"The Internet of Things (IoT) brings together a multitude of technologies, with a vision of creating an interconnected world. This will benefit both corporations as well as the end-users. However, a plethora of security and privacy challenges need to be addressed for the IoT to be fully realized. In this paper, we identify and discuss the properties that constitute the uniqueness of the IoT in terms of the upcoming security and privacy challenges. Furthermore, we construct requirements induced by the aforementioned properties. We survey the four most dominant IoT architectures and analyze their security and privacy components with respect to the requirements. Our analysis shows a mediocre coverage of security and privacy requirements. Finally, through our survey we identify a number of research gaps that constitute the steps ahead for future research.","PeriodicalId":312831,"journal":{"name":"2015 International Workshop on Secure Internet of Things (SIoT)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121768681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 130
Characterising and Comparing the Energy Consumption of Side Channel Attack Countermeasures and Lightweight Cryptography on Embedded Devices 嵌入式设备侧信道攻击对抗与轻量级加密的能耗表征与比较
2015 International Workshop on Secure Internet of Things (SIoT) Pub Date : 2015-09-21 DOI: 10.1109/SIOT.2015.11
D. McCann, K. Eder, E. Oswald
{"title":"Characterising and Comparing the Energy Consumption of Side Channel Attack Countermeasures and Lightweight Cryptography on Embedded Devices","authors":"D. McCann, K. Eder, E. Oswald","doi":"10.1109/SIOT.2015.11","DOIUrl":"https://doi.org/10.1109/SIOT.2015.11","url":null,"abstract":"This paper uses an Instruction Set Architecture(ISA) based statistical energy model of an ARM Cortex-M4microprocessor to evaluate the energy consumption of an implementation of AES with different side channel attack (SCA) countermeasures and an implementation of lightweight ciphers PRESENT, KLEIN and ZORRO with and without Boolean first order masking. In this way, we assess the additional energy consumption of using different SCA countermeasures and using lightweight block ciphers on 32 bit embedded devices. In addition to this, we provide a methodology for developing an ISA based energy model for cryptographic software with an accuracy of +/-5%. In addition to providing our methodology for developing this model, we also show that using variations of instructions that reduce the size of code can reduce the energy consumption by as much as 30% +/- 40% and that memory instructions reduce the predictability of our energy model.","PeriodicalId":312831,"journal":{"name":"2015 International Workshop on Secure Internet of Things (SIoT)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123401357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Smart Insiders: Exploring the Threat from Insiders Using the Internet-of-Things 聪明的内部人员:探索使用物联网的内部人员的威胁
2015 International Workshop on Secure Internet of Things (SIoT) Pub Date : 2015-09-21 DOI: 10.1109/SIOT.2015.10
Jason R. C. Nurse, Arnau Erola, Ioannis Agrafiotis, M. Goldsmith, S. Creese
{"title":"Smart Insiders: Exploring the Threat from Insiders Using the Internet-of-Things","authors":"Jason R. C. Nurse, Arnau Erola, Ioannis Agrafiotis, M. Goldsmith, S. Creese","doi":"10.1109/SIOT.2015.10","DOIUrl":"https://doi.org/10.1109/SIOT.2015.10","url":null,"abstract":"The Internet-of-Things (IoT) is set to be one of the most disruptive technology paradigms since the advent of the Internet itself. Market research company Gartner estimates that around 4.9 billion connected things will be in use in 2015, and around 25 billion by 2020. While there are substantial opportunities accompanying IoT, spanning from Healthcare to Energy, there are an equal number of concerns regarding the security and privacy of this plethora of ubiquitous devices. In this position paper we approach security and privacy in IoT from a different perspective to existing research, by considering the impact that IoT may have on the growing problem of insider threat within enterprises. Our specific aim is to explore the extent to which IoT may exacerbate the insider-threat challenge for organisations and overview the range of new and adapted attack vectors. Here, we focus especially on (personal) devices which insiders bring and use within their employer's enterprise. As a start to addressing these issues, we outline a broad research agenda to encourage further research in this area.","PeriodicalId":312831,"journal":{"name":"2015 International Workshop on Secure Internet of Things (SIoT)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122696673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信