Change search
Refine search result
1 - 8 of 8
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Gehrmann, Christian
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Tiloca, Marco
    RISE, Swedish ICT, SICS, Security Lab.
    Höglund, Rikard
    RISE, Swedish ICT, SICS.
    SMACK: Short Message Authentication ChecK Against Battery Exhaustion in the Internet of Things2015In: 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), 2015, 13, p. 274-282, article id 7338326Conference paper (Refereed)
    Abstract [en]

    Internet of Things (IoT) commonly identifies the upcoming network society where all connectable devices will be able to communicate with one another. In addition, IoT devices are supposed to be directly connected to the Internet, and many of them are likely to be battery powered. Hence, they are particularly vulnerable to Denial of Service (DoS) attacks specifically aimed at quickly draining battery and severely reducing device lifetime. In this paper, we propose SMACK, a security service which efficiently identifies invalid messages early after their reception, by checking a short and lightweight Message Authentication Code (MAC). So doing, further useless processing on invalid messages can be avoided, thus reducing the impact of DoS attacks and preserving battery life. In particular, we provide an adaptation of SMACK for the standard Constrained Application Protocol (CoAP). Finally, we experimentally evaluate SMACK performance through our prototype implementation for the resource constrained CC2538 platform. Our results show that SMACK is efficient and affordable in terms of memory requirements, computing time, and energy consumption.

    Download full text (pdf)
    FULLTEXT01
  • 2.
    Gunnarsson, Martin
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Malarski, KM
    DTU Technical University of Denmark, Denmark.
    Höglund, Rikard
    RISE Research Institutes of Sweden, Digital Systems, Data Science. Uppsala University, Sweden.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Performance Evaluation of Group OSCORE for Secure Group Communication in the Internet of Things2022In: ACM Transactions on Internet of Things, ISSN 2577-6207, Vol. 3, no 3, article id 3523064Article in journal (Refereed)
    Abstract [en]

    The Constrained Application Protocol (CoAP) is a major application-layer protocol for the Internet of Things (IoT). The recently standardized security protocol Object Security for Constrained RESTful Environments (OSCORE) efficiently provides end-to-end security of CoAP messages at the application layer, also in the presence of untrusted intermediaries. At the same time, CoAP supports one-to-many communication, targeting use cases such as smart lighting and building automation, firmware update, or emergency broadcast. Securing group communication for CoAP has additional challenges. It can be done using the novel Group Object Security for Constrained RESTful Environments (Group OSCORE) security protocol, which fulfills the same security requirements of OSCORE in group communication environments. While evaluations of OSCORE are available, no studies exist on the performance of Group OSCORE on resource-constrained IoT devices.This article presents the results of our extensive performance evaluation of Group OSCORE over two popular constrained IoT platforms, namely Zolertia Zoul and TI Simplelink. We have implemented Group OSCORE for the Contiki-NG operating system and made our implementation available as open source software. We compared Group OSCORE against unprotected CoAP as well as OSCORE. To the best of our knowledge, this is the first comprehensive and experimental evaluation of Group OSCORE over real constrained IoT devices. © 2022 Copyright held by the owner/author(s).

  • 3.
    Höglund, Rikard
    et al.
    RISE, Swedish ICT, SICS.
    Tiloca, Marco
    RISE, Swedish ICT, SICS, Security Lab.
    Current State of the Art in Smart Metering Security2015Report (Other academic)
    Abstract [en]

    Power supply infrastructures are facing radical changes. The introduction of Information and Communication Technologies (ICT) into power grids will allow to automatically monitor and control the power demand and supply. This concept is generally referred to as Smart Grid, and is expected to exponentially grow during the coming years. However, ICT systems are increasingly subject to security cyber attacks, which can have a disruptive impact on the whole power grid, and put people’s safety and business interests at risk. This report covers background information on the smart grid with focus on smart metering in particular. Important aspects such as security and life-cycle management are covered. In addition, the typical smart grid components and communication protocols are surveyed.

    Download full text (pdf)
    FULLTEXT01
  • 4.
    Höglund, Rikard
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Bouget, Simon
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Raza, Shahid
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Key Update for the IoT Security Standard OSCORE2023In: 2023 IEEE International Conference on Cyber Security and Resilience (CSR), IEEE , 2023Conference paper (Refereed)
    Abstract [en]

    The standard Constrained Application Protocol (CoAP) is a lightweight, web-transfer protocol based on the REST paradigm and specifically suitable for constrained devices and the Internet-of-Things. Object Security for Constrained RESTful Environment (OSCORE) is a standard, lightweight security protocol that provides end-to-end protection of CoAP messages. A number of methods exist for managing keying material for OSCORE, as to its establishment and update. This paper provides a detailed comparison of such methods, in terms of their features, limitations and security properties. Also, it especially considers the new key update protocol KUDOS, for which it provides a more extended discussion about its features and mechanics, as well as a formal verification of its security properties.

  • 5.
    Höglund, Rikard
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Selander, Goran
    Ericsson Research, Sweden.
    Mattsson, John Preuss
    Ericsson Research, Sweden.
    Vucinic, Malisa
    Inria Paris, France.
    Watteyne, Thomas
    Inria Paris, France.
    Secure Communication for the IoT: EDHOC and (Group) OSCORE Protocols2024In: IEEE Access, E-ISSN 2169-3536, Vol. 12, p. 49865-Article in journal (Refereed)
    Abstract [en]

    Communication security of an Internet-of-Things (IoT) product depends on the variety of protocols employed throughout its lifetime. The underlying low-power radio communication technologies impose constraints on maximum transmission units and data rates. Surpassing maximum transmission unit thresholds has an important effect on the efficiency of the solution: transmitting multiple fragments over low-power IoT radio technologies is often prohibitively expensive. Furthermore, IoT communication paradigms such as one-to-many require novel solutions to support the applications executing on constrained devices. Over the last decade, the Internet Engineering Task Force (IETF) has been working through its various Working Groups on defining lightweight protocols for Internet-of-Things use cases. “Lightweight” refers to the minimal processing overhead, memory footprint and number of bytes in the air, compared to the protocol counterparts used for non-constrained devices in the Internet. This article overviews the standardization efforts in the IETF on lightweight communication security protocols. It introduces EDHOC, a key exchange protocol, OSCORE and Group OSCORE, application data protection protocols adapted for securing IoT applications. The article additionally highlights the design considerations taken into account during the design of these protocols, an aspect not present in the standards documents. Finally, we present an evaluation of these protocols in terms of the message sizes and compare with the non-constrained counterpart, the (D)TLS protocol. We demonstrate that the novel key exchange protocol EDHOC achieves ×5 reduction over DTLS 1.3 authenticated with pre-shared keys in terms of total number of bytes transmitted over the air, while keeping the benefits of authentication with asymmetric credentials.

  • 6.
    Karlsson, August
    et al.
    RISE Research Institutes of Sweden.
    Hoglund, Rikard
    RISE Research Institutes of Sweden, Digital Systems, Data Science. Uppsala University, Sweden.
    Wang, Han
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Iacovazzi, Alfonso
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Raza, Shahid
    RISE Research Institutes of Sweden, Digital Systems, Data Science. Mälardalen University, Sweden.
    Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoT2024Conference paper (Refereed)
    Abstract [en]

    Cyber Threat Intelligence (CTI) development has largely overlooked the IoT- network-connected devices like sensors. These devices’ heterogeneity, poor security, and memory and energy constraints make them prime cyber attack targets. Enhancing CTI for IoT is crucial. Currently, CTI for IoT is derived from honeypots mimicking IoT devices or extrapolated from standard computing systems. These methods are not ideal for resource-constrained devices. This study addresses this gap by introducing tinySTIX and tinyTAXII. TinySTIX is a data format designed for efficient sharing of CTI directly from resource-constrained devices. TinyTAXII is a lightweight implementation of the TAXII protocol, utilizing CoAP with OSCORE. Two implementations were assessed: one for integration into the MISP platform and the other for execution on network-connected devices running the Contiki operating system. Results demonstrated that tinySTIX reduces message size by an average of 35%, while tinyTAXII reduces packet count and session size by 85% compared to reference OpenTAXII implementations. 

  • 7.
    Seitz, Ludwig
    et al.
    Combitech AB, Sweden.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Gunnarsson, Martin
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Höglund, Rikard
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Secure Software Updates for IoT Based on Industry Requirements2023In: Proceedings of the 9th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications , 2023, p. 698-705Conference paper (Refereed)
    Abstract [en]

    This paper analyzes the problem and requirements of securely distributing software updates over the Internet, to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures controlling a physical system, such as power grids and water supply systems. We present a novel approach that allows to securely distribute software updates of different types, e.g., device firmware and customer applications, and from sources of different type, e.g., device operators, device manufacturers and third-party library providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update process, while ensuring both authenticity and confidentiality of the distributed software updates.

  • 8.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Höglund, Rikard
    RISE - Research Institutes of Sweden, ICT, SICS.
    Al Atiiq, Syafiq
    KTH Royal Institute of Technology, Sweden.
    SARDOS: Self-Adaptive Reaction against Denial of Service in the Internet of Things2018Conference paper (Refereed)
    Abstract [en]

    Denial of Service (DoS) is a common and severe security issue in computer networks. Typical DoS attacks overload servers with bogus requests, induce them to worthlessly commit resources, and even make them unable to serve legitimate clients. This is especially relevant in Internet of Things scenarios, where servers are particularly exposed and often equipped with limited resources. Although most countermeasures focus on detection and mitigation, they do not react to dynamically adapt victims' behavior, while at the same time preserving service availability. This paper presents SARDOS, a reactive security service that leverages detection mechanisms from different communication layers, and adaptively changes the operative behavior of victim servers while preserving service availability. We experimentally evaluated SARDOS with a prototype implementation running on an underclocked Raspberry Pi server. Our results show that, when running SARDOS, a server under attack displays considerably lower memory and CPU usage, while still ensuring (best-effort) fulfillment of legitimate requests.

    Download full text (pdf)
    fulltext
1 - 8 of 8
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf