Change search
Link to record
Permanent link

Direct link
Publications (8 of 8) Show all publications
Karlsson, A., Hoglund, R., Wang, H., Iacovazzi, A. & Raza, S. (2024). Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoT. In: : . Paper presented at 2024 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 82-89). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoT
Show others...
2024 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Cyber Threat Intelligence (CTI) development has largely overlooked the IoT- network-connected devices like sensors. These devices’ heterogeneity, poor security, and memory and energy constraints make them prime cyber attack targets. Enhancing CTI for IoT is crucial. Currently, CTI for IoT is derived from honeypots mimicking IoT devices or extrapolated from standard computing systems. These methods are not ideal for resource-constrained devices. This study addresses this gap by introducing tinySTIX and tinyTAXII. TinySTIX is a data format designed for efficient sharing of CTI directly from resource-constrained devices. TinyTAXII is a lightweight implementation of the TAXII protocol, utilizing CoAP with OSCORE. Two implementations were assessed: one for integration into the MISP platform and the other for execution on network-connected devices running the Contiki operating system. Results demonstrated that tinySTIX reduces message size by an average of 35%, while tinyTAXII reduces packet count and session size by 85% compared to reference OpenTAXII implementations. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2024
Keywords
Cyber threat intelligence; Cyber threats; Device heterogeneities; Indicator of compromize; Intelligence sharing; Inter-net of thing; MISP; Resourceconstrained devices; STIX; TAXII; Cyber attacks
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-76025 (URN)10.1109/CSR61664.2024.10679511 (DOI)2-s2.0-85206142400 (Scopus ID)9798350375367 (ISBN)
Conference
2024 IEEE International Conference on Cyber Security and Resilience (CSR)
Funder
Swedish Foundation for Strategic Research, aSSIsTEU, Horizon 2020, 830927
Note

This work was supported in part by the Swedish Foundation for Strategic Research (SSF) project aSSIsT, and in part by the H2020 project CONCORDIA (Grant agreement 830927).

Available from: 2024-11-01 Created: 2024-11-01 Last updated: 2024-11-01Bibliographically approved
Höglund, R., Tiloca, M., Selander, G., Mattsson, J. P., Vucinic, M. & Watteyne, T. (2024). Secure Communication for the IoT: EDHOC and (Group) OSCORE Protocols. IEEE Access, 12, 49865
Open this publication in new window or tab >>Secure Communication for the IoT: EDHOC and (Group) OSCORE Protocols
Show others...
2024 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 12, p. 49865-Article in journal (Refereed) Published
Abstract [en]

Communication security of an Internet-of-Things (IoT) product depends on the variety of protocols employed throughout its lifetime. The underlying low-power radio communication technologies impose constraints on maximum transmission units and data rates. Surpassing maximum transmission unit thresholds has an important effect on the efficiency of the solution: transmitting multiple fragments over low-power IoT radio technologies is often prohibitively expensive. Furthermore, IoT communication paradigms such as one-to-many require novel solutions to support the applications executing on constrained devices. Over the last decade, the Internet Engineering Task Force (IETF) has been working through its various Working Groups on defining lightweight protocols for Internet-of-Things use cases. “Lightweight” refers to the minimal processing overhead, memory footprint and number of bytes in the air, compared to the protocol counterparts used for non-constrained devices in the Internet. This article overviews the standardization efforts in the IETF on lightweight communication security protocols. It introduces EDHOC, a key exchange protocol, OSCORE and Group OSCORE, application data protection protocols adapted for securing IoT applications. The article additionally highlights the design considerations taken into account during the design of these protocols, an aspect not present in the standards documents. Finally, we present an evaluation of these protocols in terms of the message sizes and compare with the non-constrained counterpart, the (D)TLS protocol. We demonstrate that the novel key exchange protocol EDHOC achieves ×5 reduction over DTLS 1.3 authenticated with pre-shared keys in terms of total number of bytes transmitted over the air, while keeping the benefits of authentication with asymmetric credentials.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2024
Keywords
Authentication; Internet of things; Internet protocols; Network security; Radio communication; Radio transmission; Secure communication; Signal encoding; CoAP; Communication system security; Communications security; EDHOC; Encodings; Internet engineering task forces; OSCORE; Protection; Security; Standardization
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:ri:diva-73052 (URN)10.1109/ACCESS.2024.3384095 (DOI)2-s2.0-85189629993 (Scopus ID)
Available from: 2024-04-17 Created: 2024-04-17 Last updated: 2024-05-27Bibliographically approved
Höglund, R., Tiloca, M., Bouget, S. & Raza, S. (2023). Key Update for the IoT Security Standard OSCORE. In: 2023 IEEE International Conference on Cyber Security and Resilience (CSR): . Paper presented at 2023 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE
Open this publication in new window or tab >>Key Update for the IoT Security Standard OSCORE
2023 (English)In: 2023 IEEE International Conference on Cyber Security and Resilience (CSR), IEEE , 2023Conference paper, Published paper (Refereed)
Abstract [en]

The standard Constrained Application Protocol (CoAP) is a lightweight, web-transfer protocol based on the REST paradigm and specifically suitable for constrained devices and the Internet-of-Things. Object Security for Constrained RESTful Environment (OSCORE) is a standard, lightweight security protocol that provides end-to-end protection of CoAP messages. A number of methods exist for managing keying material for OSCORE, as to its establishment and update. This paper provides a detailed comparison of such methods, in terms of their features, limitations and security properties. Also, it especially considers the new key update protocol KUDOS, for which it provides a more extended discussion about its features and mechanics, as well as a formal verification of its security properties.

Place, publisher, year, edition, pages
IEEE, 2023
National Category
Communication Systems
Identifiers
urn:nbn:se:ri:diva-67071 (URN)10.1109/csr57506.2023.10225002 (DOI)
Conference
2023 IEEE International Conference on Cyber Security and Resilience (CSR)
Note

This work was partly supported by the H2020 projectSIFIS-Home (Grant agreement 952652), the SSF projectSEC4Factory (Grant agreement RIT17-0032), and the H2020project ARCADIAN-IoT (Grant agreement 101020259).

Available from: 2023-09-21 Created: 2023-09-21 Last updated: 2023-09-21Bibliographically approved
Seitz, L., Tiloca, M., Gunnarsson, M. & Höglund, R. (2023). Secure Software Updates for IoT Based on Industry Requirements. In: Proceedings of the 9th International Conference on Information Systems Security and Privacy: . Paper presented at 9th International Conference on Information Systems Security and Privacy (pp. 698-705). SCITEPRESS - Science and Technology Publications
Open this publication in new window or tab >>Secure Software Updates for IoT Based on Industry Requirements
2023 (English)In: Proceedings of the 9th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications , 2023, p. 698-705Conference paper, Published paper (Refereed)
Abstract [en]

This paper analyzes the problem and requirements of securely distributing software updates over the Internet, to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures controlling a physical system, such as power grids and water supply systems. We present a novel approach that allows to securely distribute software updates of different types, e.g., device firmware and customer applications, and from sources of different type, e.g., device operators, device manufacturers and third-party library providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update process, while ensuring both authenticity and confidentiality of the distributed software updates.

Place, publisher, year, edition, pages
SCITEPRESS - Science and Technology Publications, 2023
National Category
Software Engineering
Identifiers
urn:nbn:se:ri:diva-67036 (URN)10.5220/0011790100003405 (DOI)978-989-758-624-8 (ISBN)
Conference
9th International Conference on Information Systems Security and Privacy
Available from: 2023-09-21 Created: 2023-09-21 Last updated: 2023-09-21Bibliographically approved
Gunnarsson, M., Malarski, K., Höglund, R. & Tiloca, M. (2022). Performance Evaluation of Group OSCORE for Secure Group Communication in the Internet of Things. ACM Transactions on Internet of Things, 3(3), Article ID 3523064.
Open this publication in new window or tab >>Performance Evaluation of Group OSCORE for Secure Group Communication in the Internet of Things
2022 (English)In: ACM Transactions on Internet of Things, ISSN 2577-6207, Vol. 3, no 3, article id 3523064Article in journal (Refereed) Published
Abstract [en]

The Constrained Application Protocol (CoAP) is a major application-layer protocol for the Internet of Things (IoT). The recently standardized security protocol Object Security for Constrained RESTful Environments (OSCORE) efficiently provides end-to-end security of CoAP messages at the application layer, also in the presence of untrusted intermediaries. At the same time, CoAP supports one-to-many communication, targeting use cases such as smart lighting and building automation, firmware update, or emergency broadcast. Securing group communication for CoAP has additional challenges. It can be done using the novel Group Object Security for Constrained RESTful Environments (Group OSCORE) security protocol, which fulfills the same security requirements of OSCORE in group communication environments. While evaluations of OSCORE are available, no studies exist on the performance of Group OSCORE on resource-constrained IoT devices.This article presents the results of our extensive performance evaluation of Group OSCORE over two popular constrained IoT platforms, namely Zolertia Zoul and TI Simplelink. We have implemented Group OSCORE for the Contiki-NG operating system and made our implementation available as open source software. We compared Group OSCORE against unprotected CoAP as well as OSCORE. To the best of our knowledge, this is the first comprehensive and experimental evaluation of Group OSCORE over real constrained IoT devices. © 2022 Copyright held by the owner/author(s).

Place, publisher, year, edition, pages
Association for Computing Machinery, 2022
Keywords
Contiki-NG, End-to-end security, group communication, Group OSCORE, Internet of Things, Firmware, Intelligent buildings, Internet protocols, Open source software, Open systems, Application layer protocols, Application protocols, Contiki, Group communications, Group object security for constrained RESTful environment, Performances evaluation, Secure group communications, Security protocols
National Category
Computer Engineering
Identifiers
urn:nbn:se:ri:diva-59900 (URN)10.1145/3523064 (DOI)2-s2.0-85134881343 (Scopus ID)
Note

Funding details: 952652; Funding details: Horizon 2020 Framework Programme, H2020; Funding details: Innovationsfonden, IFD, HI2OT; Funding details: Stiftelsen för Strategisk Forskning, SSF, RIT17-0032; Funding details: VINNOVA; Funding text 1: Martin Gunnarsson and Krzysztof Mateusz Malarski contributed equally to this research. This work was partially funded by Innovation Fund Denmark through Eureka Turbo project IoT Watch4Life and Nordic University Hub for Industrial IoT (HI2OT); the SSF project SEC4Factory under the grant RIT17-0032; VINNOVA through the Celtic-Next project CRITISEC; and the H2020 project SIFIS-Home (Grant agreement 952652). Authors’ addresses: M. Gunnarsson, RISE Cybersecurity - RISE Research Institutes of Sweden, Scheelevägen 17, Lund, Sweden; email: martin.gunnarsson@ri.se; K. M. Malarski, DTU Technical University of Denmark, Ørsteds Plads 343, Kongens Lyngby, Denmark, 2800; email: krmal@fotonik.dtu.dk; R. Höglund, RISE Cybersecurity - RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Sweden, Department of Information Technology - Uppsala University; email: rikard.hoglund@ri.se; M. Tiloca, RISE Cybersecurity - RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Sweden email: marco.tiloca@ri.se.

Available from: 2022-08-11 Created: 2022-08-11 Last updated: 2023-06-07Bibliographically approved
Tiloca, M., Höglund, R. & Al Atiiq, S. (2018). SARDOS: Self-Adaptive Reaction against Denial of Service in the Internet of Things. In: : . Paper presented at IEEE 2018 Fifth International Conference on Internet of Things: Systems, Management and Security (IoTSMS 2018) (pp. 54-61). Valencia (Spain)
Open this publication in new window or tab >>SARDOS: Self-Adaptive Reaction against Denial of Service in the Internet of Things
2018 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Denial of Service (DoS) is a common and severe security issue in computer networks. Typical DoS attacks overload servers with bogus requests, induce them to worthlessly commit resources, and even make them unable to serve legitimate clients. This is especially relevant in Internet of Things scenarios, where servers are particularly exposed and often equipped with limited resources. Although most countermeasures focus on detection and mitigation, they do not react to dynamically adapt victims' behavior, while at the same time preserving service availability. This paper presents SARDOS, a reactive security service that leverages detection mechanisms from different communication layers, and adaptively changes the operative behavior of victim servers while preserving service availability. We experimentally evaluated SARDOS with a prototype implementation running on an underclocked Raspberry Pi server. Our results show that, when running SARDOS, a server under attack displays considerably lower memory and CPU usage, while still ensuring (best-effort) fulfillment of legitimate requests.

Place, publisher, year, edition, pages
Valencia (Spain): , 2018
Keywords
Servers, Security, Protocols, Internet of Things, Reliability, Standards
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering Communication Systems Computer Systems
Identifiers
urn:nbn:se:ri:diva-36553 (URN)10.1109/IoTSMS.2018.8554819 (DOI)2-s2.0-85059987216 (Scopus ID)9781538695852 (ISBN)
Conference
IEEE 2018 Fifth International Conference on Internet of Things: Systems, Management and Security (IoTSMS 2018)
Available from: 2018-12-04 Created: 2018-12-04 Last updated: 2023-06-07Bibliographically approved
Höglund, R. & Tiloca, M. (2015). Current State of the Art in Smart Metering Security (6ed.). Kista, Sweden: Swedish Institute of Computer Science
Open this publication in new window or tab >>Current State of the Art in Smart Metering Security
2015 (English)Report (Other academic)
Abstract [en]

Power supply infrastructures are facing radical changes. The introduction of Information and Communication Technologies (ICT) into power grids will allow to automatically monitor and control the power demand and supply. This concept is generally referred to as Smart Grid, and is expected to exponentially grow during the coming years. However, ICT systems are increasingly subject to security cyber attacks, which can have a disruptive impact on the whole power grid, and put people’s safety and business interests at risk. This report covers background information on the smart grid with focus on smart metering in particular. Important aspects such as security and life-cycle management are covered. In addition, the typical smart grid components and communication protocols are surveyed.

Place, publisher, year, edition, pages
Kista, Sweden: Swedish Institute of Computer Science, 2015 Edition: 6
Series
SICS Technical Report, ISSN 1100-3154 ; 2015:03
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-24413 (URN)
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2023-06-07Bibliographically approved
Gehrmann, C., Tiloca, M. & Höglund, R. (2015). SMACK: Short Message Authentication ChecK Against Battery Exhaustion in the Internet of Things (13ed.). In: 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON): . Paper presented at 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON 2015), June 22-25, 2015, Seattle, US (pp. 274-282). , Article ID 7338326.
Open this publication in new window or tab >>SMACK: Short Message Authentication ChecK Against Battery Exhaustion in the Internet of Things
2015 (English)In: 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), 2015, 13, p. 274-282, article id 7338326Conference paper, Published paper (Refereed)
Abstract [en]

Internet of Things (IoT) commonly identifies the upcoming network society where all connectable devices will be able to communicate with one another. In addition, IoT devices are supposed to be directly connected to the Internet, and many of them are likely to be battery powered. Hence, they are particularly vulnerable to Denial of Service (DoS) attacks specifically aimed at quickly draining battery and severely reducing device lifetime. In this paper, we propose SMACK, a security service which efficiently identifies invalid messages early after their reception, by checking a short and lightweight Message Authentication Code (MAC). So doing, further useless processing on invalid messages can be avoided, thus reducing the impact of DoS attacks and preserving battery life. In particular, we provide an adaptation of SMACK for the standard Constrained Application Protocol (CoAP). Finally, we experimentally evaluate SMACK performance through our prototype implementation for the resource constrained CC2538 platform. Our results show that SMACK is efficient and affordable in terms of memory requirements, computing time, and energy consumption.

Keywords
Batteries, Energy consumption, Message authentication, Performance evaluation, Protocols
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-24349 (URN)10.1109/SAHCN.2015.7338326 (DOI)2-s2.0-84960861859 (Scopus ID)978-1-4673-7331-9 (ISBN)
Conference
12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON 2015), June 22-25, 2015, Seattle, US
Projects
SEGRID
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2023-06-07Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-9437-5764

Search in DiVA

Show all publications