Ändra sökning
Avgränsa sökresultatet
1 - 48 av 48
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Träffar per sida
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
Markera
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Aragon, Santiago
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS. Technische Universität Darmstadt, Germany.
    Tiloca, Marco
    RISE - Research Institutes of Sweden, ICT, SICS.
    Maass, Max
    Technische Universität Darmstadt, Germany.
    Hollick, Matthias
    Technische Universität Darmstadt, Germany.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control2018Konferensbidrag (Refereegranskat)
    Abstract [en]

    The Authentication and Authorization for ConstrainedEnvironments (ACE) framework provides fine-grainedaccess control in the Internet of Things, where devices areresource-constrained and with limited connectivity. The ACEframework defines separate profiles to specify how exactlyentities interact and what security and communication protocolsto use. This paper presents the novel ACE IPsec profile, whichspecifies how a client establishes a secure IPsec channel witha resource server, contextually using the ACE framework toenforce authorized access to remote resources. The profilemakes it possible to establish IPsec Security Associations, eitherthrough their direct provisioning or through the standardIKEv2 protocol. We provide the first Open Source implementationof the ACE IPsec profile for the Contiki OS and testit on the resource-constrained Zolertia Firefly platform. Ourexperimental performance evaluation confirms that the IPsecprofile and its operating modes are affordable and deployablealso on constrained IoT platforms.

  • 2. Bagci, Ibrahim Ethem
    et al.
    Pourmirza, Mohammad Reza
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Roedig, Utz
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Codo: Confidential Data Storage for Wireless Sensor Networkss2012Konferensbidrag (Refereegranskat)
    Abstract [en]

    Many Wireless Sensor Networks (WSNs) are used to collect and process confidential information. Confidentiality must be ensured at all times and, for example, solutions for confidential communication, processing or storage are required. To date, the research community has addressed mainly the issue of confidential communication. Efficient solutions for cryptographically secured communication and associated key exchange in WSNs exist. Many WSN applications, however, rely heavily on available on-node storage space and therefore it is essential to ensure the confidentiality of stored data as well. In this paper we present Codo, a confidential data storage solution which balances platform, performance and security requirements. We implement Codo for the Contiki WSN operating system and evaluate its performance.

  • 3. Bagci, Ibrahim Ethem
    et al.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Chung, Tony
    Roedig, Utz
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Combined Secure Storage and Communication for the Internet of Things2013Konferensbidrag (Refereegranskat)
  • 4.
    Bagci, Ibrahim Ethem
    et al.
    Lancaster University, UK.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Roedig, Utz
    Lancaster University, UK.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory. Uppsala University, Sweden.
    Fusion: Coalesced Confidential Storage and Communication Framework for the IoT2015Ingår i: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, Vol. 9, nr 15, s. 2656-2673Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Comprehensive security mechanisms are required for a successful implementation of the Internet of Things (IoT). Existing solutions focus mainly on securing the communication links between Internet hosts and IoT devices. However, as most IoT devices nowadays provide vast amounts of flash storage space it is as well required to consider storage security within a comprehensive security framework. Instead of developing independent security solutions for storage and communication we propose Fusion, a framework which provides coalesced confidential storage and communication. Fusion uses existing secure communication protocols for the IoT such as IPsec and DTLS and re-uses the defined communication security mechanisms within the storage component. Thus, trusted mechanisms developed for communication security are extended into the storage space. Notably, this mechanism allows us to transmit requested data directly from the file system without decrypting read data blocks and then re-encrypting these for transmission. Thus, Fusion provides benefits in terms of processing speed and energy efficiency which are important aspects for resource constrained IoT devices. The paper describes the Fusion architecture and its instantiation for IPsec and DTLS based systems. We describe Fusion’s implementation and evaluate its storage overheads, communication performance and energy consumption

  • 5.
    Boo, EunSeong
    et al.
    Ajou University, South Korea.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Höglund, Joel
    RISE - Research Institutes of Sweden, ICT, SICS.
    Ko, JeongGil
    Ajou University, South Korea.
    Towards supporting IoT device storage and network security using DTLs2019Ingår i: MobiSys 2019 - Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services, Association for Computing Machinery, Inc , 2019, s. 570-571Konferensbidrag (Refereegranskat)
    Abstract [en]

    This work presents FDTLS, a security framework that combines storage and network/communication-level security for resource limited Internet of Things (IoT) devices using Datagram Transport Layer Security (DTLS). While coalescing storage and networking security scheme can reduce redundent and unnecessary operations, we identify security- and system-level challenges that can occur when applying DTLS. FDTLS addresses these challenges by employing asymmetric key generation, a virtual peer, and header reduction-based storage optimization. Our results obtained using a Contiki-based implementation on OpenMote platforms show that compared to using storage and networking security separately, FDTLS can reduce the latency of packet transmission responses and also contribute to saving energy. © 2019 Copyright held by the owner/author(s).

  • 6.
    Eriksson, Joakim
    et al.
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Österlind, Fredrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Finne, Niclas
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Tsiftes, Nicolas
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Dunkels, Adam
    RISE - Research Institutes of Sweden, ICT, SICS.
    Demo abstract: accurate power profiling of sensornets with the COOJA/MSPSim simulator2009Konferensbidrag (Refereegranskat)
    Abstract [en]

    Power consumption is of utmost concern in sensor networks. Researchers have several ways of measuring the power consumption of a complete sensor network, but they are typically either impractical or inaccurate. To meet the need for practical and scalable measurement of power consumption of sensor networks, we have developed a cycle-accurate simulator, called COOJA/MSPsim, that enables live power estimation of systems running on MSP430 processors. This demonstration shows the ease of use and the power measurement accuracy of COOJA/MSPsim. The demo setup consists of a small sensor network and a laptop. Beside gathering software-based power measurements from the motes, the laptop runs COOJA/MSPsim to simulate the same network. We visualize the power consumption of both the simulated and the real sensor network, and show that the simulator produces matching results.

  • 7.
    Forsby, Filip
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS. KTH Royal Institute of Technology, Sweden.
    Furuhed, Martin
    Technology Nexus Secured Business Solutions, Sweden.
    Papadimitratos, Panos
    KTH Royal Institute of Technology, Sweden.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Lightweight X.509 Digital Certificates for the Internet of Things2018Ingår i: Lect. Notes Inst. Comput. Sci. Soc. Informatics Telecommun. Eng., 2018, s. 123-133Konferensbidrag (Refereegranskat)
    Abstract [en]

    X.509 is the de facto digital certificate standard used in building the Public Key Infrastructure (PKI) on the Internet. However, traditional X.509 certificates are too heavy for battery powered or energy harvesting Internet of Things (IoT) devices where it is crucial that energy consumption and memory footprints are as minimal as possible. In this paper we propose, implement, and evaluate a lightweight digital certificate for resource-constrained IoT devices. We develop an X.509 profile for IoT including only the fields necessary for IoT devices, without compromising the certificate security. Furthermore, we also propose compression of the X.509 profiled fields using the contemporary CBOR encoding scheme. Most importantly, our solutions are compatible with the existing X.509 standard, meaning that our profiled and compressed X.509 certificates for IoT can be enrolled, verified and revoked without requiring modification in the existing X.509 standard and PKI implementations. We implement our solution in the Contiki OS and perform evaluation of our profiled and compressed certificates on a state-of-the-art IoT hardware.

  • 8.
    He, Zhitao
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS. Assa Abloy AB, Sweden.
    Furuhed, Martin
    Technology Nexus Secured, Sweden .
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Indraj: Digital certificate enrollment for battery-powered wireless devices2019Ingår i: WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery, Inc , 2019, s. 117-127Konferensbidrag (Refereegranskat)
    Abstract [en]

    A public key infrastructure (PKI) has been widely deployed and well tested on the Internet. However, this standard practice of delivering scalable security has not yet been extended to the rapidly growing Internet of Things (IoT). Thanks to vendor hardware support and standardization of resource-efficient communication protocols, asymmetric cryptography is no longer unfeasible on small devices. To migrate IoT from poorly scalable, pair-wise symmetric encryption to PKI, a major obstacle remains: how do we certify the public keys of billions of small devices without manual checks or complex logistics? The process of certifying a public key in form of a digital certificate is called enrollment. In this paper, we design an enrollment protocol, called Indraj, to automate enrollment of certificate-based digital identities on resource-constrained IoT devices. Reusing the semantics of the Enrollment over Secure Transport (EST) protocol designed for Internet hosts, Indraj optimizes resource usage by leveraging an IoT stack consisting of Constrained Application Protocol (CoAP), Datagram Transport Layer Security (DTLS) and IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN).We evaluate our implementation on a low power 32-bit MCU, showing the feasibility of our protocol in terms of latency, power consumption and memory usage. Asymmetric cryptography enabled by automatic certificate enrollment will finally turn IoT devices into well behaved, first-class citizens on the Internet.

  • 9.
    Hewage, Kasun
    et al.
    Uppsala University, Sweden.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Voigt, Thiemo
    Uppsala University, Sweden.
    Protecting Glossy-based Wireless Networks from Packet Injection Attacks2017Konferensbidrag (Refereegranskat)
    Abstract [en]

    Glossy is a flooding-based communication primitive for low-power wireless networks that leverages constructive interference to achieve high reliability. The Low-power Wireless Bus (LWB) uses Glossy to abstract an entire wireless network into a shared bus like topology. As Glossy is not designed as a secure communication protocol, Glossy and hence LWB are vulnerable to unauthorised eavesdropping and packet injection attacks. In this paper, we propose several security mechanisms to protect Glossy and LWB communication and evaluate their effectiveness in real-world settings. The evaluation of the proposed security mechanisms shows that we can confine the effect of the packet injection attacks on Glossy networks into single hop nodes from the attacker

  • 10.
    Hewage, Kasun
    et al.
    Uppsala University, Sweden.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Gomez, F.
    An Experimental Study of Attacks on the Availability of Glossy2014Ingår i: Computers & electrical engineering, ISSN 0045-7906, E-ISSN 1879-0755, s. 115-125Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Glossy is a reliable and low latency flooding mechanism designed primarily for distributed communication in wireless sensor networks (WSN). Glossy achieves its superior performance over tree-based wireless sensor networks by exploiting identical concurrent transmissions. WSNs are subject to wireless attacks aimed to disrupt the legitimate network operations. Real-world deployments require security and the current Glossy implementation has no built-in security mechanisms. In this paper, we explore the effectiveness of several attacks that attempt to break constructive interference in Glossy. Our results show that Glossy is quite robust to approaches where attackers do not respect the timing constraints necessary to create constructive interference. Changing the packet content, however, has a severe effect on the packet reception rate that is even more detrimental than other physical layer denial-of-service attacks such as jamming. We also discuss potential countermeasures to address these security threats and vulnerabilities.

  • 11.
    Hummen, René
    et al.
    RWTH Aachen University, Germany.
    Shafagh, Hossein
    RISE., Swedish ICT, SICS.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Wehrle, Klaus
    RWTH Aachen University, Germany.
    Delegation-based Authentication and Authorization for the IP-based Internet of Things2014Konferensbidrag (Refereegranskat)
    Abstract [en]

    IP technology for resource-constrained devices enables transparent end-to-end connections between a vast variety of devices and services in the Internet of Things (IoT). To protect these connections, several variants of traditional IP security protocols have recently been proposed for standardization, most notably the DTLS protocol. In this paper, we identify significant resource requirements for the DTLS handshake when employing public-key cryptography for peer authentication and key agreement purposes. These overheads particularly hamper secure communication for memory-constrained devices. To alleviate these limitations, we propose a delegation architecture that offloads the expensive DTLS connection establishment to a delegation server. By handing over the established security context to the constrained device, our delegation architecture significantly reduces the resource requirements of DTLS-protected communication for constrained devices. Additionally, our delegation architecture naturally provides authorization functionality when leveraging the central role of the delegation server in the initial connection establishment. Hence, in this paper, we present a comprehensive, yet compact solution for authentication, authorization, and secure data transmission in the IP-based IoT. The evaluation results show that compared to a public-key-based DTLS handshake our delegation architecture reduces the memory overhead by 64 %, computations by 97 %, network transmissions by 68 %.

  • 12. Hummen, René
    et al.
    Ziegeldorf, Jan H.
    Shafagh, Hossein
    RISE., Swedish ICT, SICS.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Wehrle, Klaus
    Towards Viable Certificate-based Authentication for the Web of Things2013Konferensbidrag (Refereegranskat)
  • 13.
    Kwon, Hyuksang
    et al.
    Ajou University, South Korea.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Ko, JeongGil
    Ajou University, South Korea.
    POSTER: On compressing pki certificates for resource limited internet of things devices2018Ingår i: ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, 2018, s. 837-839Konferensbidrag (Refereegranskat)
    Abstract [en]

    Certificate-based Public Key Infrastructure (PKI) schemes are used to authenticate the identity of distinct nodes on the Internet. Using certificates for the Internet of Things (IoT) can allow many privacy sensitive applications to be trusted over the larger Internet architecture. However, since IoT devices are typically resource limited, full sized PKI certificates are not suitable for use in the IoT domain. This work outlines our approach in compressing standards-compliant X.509 certificates so that their sizes are reduced and can be effectively used on IoT nodes. Our scheme combines the use of Concise Binary Object Representation (CBOR) and also a scheme that compresses all data that can be implicitly inferenced within the IoT sub-network. Our scheme shows a certificate compression rate of up to ∼30%, which allows effective energy reduction when using X.509-based certificates on IoT platforms. .

  • 14.
    Misra, Prasant
    et al.
    RISE., Swedish ICT, SICS.
    Mottola, Luca
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Duquennoy, Simon
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Tsiftes, Nicolas
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Höglund, Joel
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services2013Ingår i: Journal of the Indian Institute of Science, ISSN 0970-4140, Vol. 93, s. 441-462Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings.

  • 15.
    Misra, Prasant
    et al.
    RISE., Swedish ICT, SICS. Indian Institute of Science, India.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Rajaraman, Vasanth
    Indian Institute of Science, India.
    Warrior, Jay
    Indian Institute of Science, India.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory. Uppsala University, Sweden.
    Security Challenges in Indoor Location Sensing using Bluetooth LE Broadcast2015Ingår i: EWSN 2015: Poster/Demo Session, 2015, 7, s. 11-12Konferensbidrag (Refereegranskat)
    Abstract [en]

    As we consider a new generation of Internet of Things and Humans (IoTH) applications that place humans at the epicenter of the control system the need to gather information from the immediate vicinity, in addition to global clues, is gaining importance. The loosely coupled Bluetooth Low Energy (BLE) data collection framework enables a new way of architecting IoTH systems where resource constrained BLE advertisers broadcast events, and devices inevitably carried by humans (such as smartphones) implicitly gather such notifications. While such a mechanism significantly alleviates data scavenging, it introduces serious limitations in terms of operational security. In this work, we show the applicability of BLE broadcast advertisements for indoor location sensing (as part of an IoTH application) and demonstrate an attack on the same system. Based on this preliminary case study, we discuss other security implications on BLE broadcasting.

  • 16.
    Peyrard, Alexandre
    et al.
    IMT Lille Douai, France.
    Kosmatov, Nikolai
    CEA, France.
    Duquennoy, Simon
    RISE - Research Institutes of Sweden, ICT, SICS.
    Lille, Inria
    Nord Europe, France.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Towards Formal Verification of Contiki: Analysis of the AES-CCM* Modules with Frama-C2018Ingår i: Proceedings of the 2018 International Conference on Embedded Wireless Systems and Networks, 2018, s. 264-269Konferensbidrag (Övrigt vetenskapligt)
    Abstract [en]

    The number of IoT (Internet of Things) applications is rapidly increasing and allows embedded devices today to be massively connected to the Internet. This raises software security questions. This paper demonstrates the usage of formal verification to increase the security of Contiki OS, a popular open-source operating system for IoT. We present a case study on deductive verification of encryption-decryption modules of Contiki (namely, AES--CCM*) using Frama-C, a software analysis platform for C code.

  • 17.
    Peyrard, Alexandre
    et al.
    IMT Lille Douai, France.
    Kosmatov, Nikolai
    CEA, France.
    Duquennoy, Simon
    RISE - Research Institutes of Sweden, ICT, SICS. nria Lille, France.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Towards Formal Verification of Contiki OS: Analysis of the AES-CCM* Modules with Frama-C2018Ingår i: Proceedings of the Workshop on Recent advances in secure management of data and resources in the IoT (RED-IOT), February 14-16, 2018, Madrid, Spain, 2018Konferensbidrag (Refereegranskat)
    Abstract [en]

    The number of Internet of Things (IoT) applications israpidly increasing and allows embedded devices today tobe massively connected to the Internet. This raises softwaresecurity questions. This paper demonstrates the usageof formal verification to increase the security of Contiki,a popular open-source operating system for the IoT. Wepresent a case study on deductive verification of encryptiondecryptionmodules of Contiki (namely, AES–CCM*) usingFrama-C, a software analysis platform for C code.

  • 18.
    Piñol Piñol, Oriol
    et al.
    Yanzi Networks AB, Sweden.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Eriksson, Joakim
    RISE., Swedish ICT, SICS, Computer Systems Laboratory. Yanzi Networks AB, Sweden.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    BSD-based ECC for the Contiki OS2015Ingår i: EWSN 2015: Posters and Demos, 2015, 6, s. 15-16Konferensbidrag (Refereegranskat)
    Abstract [en]

    Security has arisen as an important issue for the Internet of Things (IoT). Efficient ways to provide secure communication between devices and sensors is crucial for the IoT devices, which are becoming more and more used and spread in a variety of fields. In this context, Elliptic Curve Cryptography (ECC) is considered as a strong candidate to provide security while being able to be functional in an environment with strong requirements and limitations such as wireless sensor networks (WSN). Furthermore, it is a valid candidate to be used in industry solutions.

    In this demo we show a real use case of Elliptic Curve Cryptography for key establishment in combination with symmetric AES encryption. The demo will show the use of a BSD-licensed ECC library for the Contiki OS running on Yanzi Networks Contiki-based nodes that will securely communicate with a Yanzi Gateway.

  • 19.
    Piñol Piñol, Oriol
    et al.
    Yanzi Networks AB, Sweden.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Eriksson, Joakim
    RISE., Swedish ICT, SICS, Computer Systems Laboratory. Yanzi Networks AB, Sweden.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory. Uppsala University, Sweden.
    BSD-based Elliptic Curve Cryptography for the Open Internet of Things2015Ingår i: 2015 7th International Conference on New Technologies, Mobility and Security (NTMS), 2015, 6, artikel-id 7266475Konferensbidrag (Refereegranskat)
    Abstract [en]

    The Internet of Things (IoT) is the interconnection of everyday physical objects with the Internet and their representation in the digital world. Due to the connectivity of physical objects with the untrusted Internet, security has become an important pillar for the success of IoT-based services. Things in the IoT are resource-constrained devices with limited processing and storage capabilities. Often, these things are battery powered and connected through lossy wireless links. Therefore, lightweight and efficient ways of providing secure communication in the IoT are needed. In this context, Elliptic Curve Cryptography (ECC) is considered as a strong candidate to provide security in the IoT while being able to function in constrained environments. In this paper we present a lightweight implementation and evaluation of ECC for the Contiki OS. For fast, secure and cost-effective mass development of IoT-based services by different vendors, it is important that the IoT protocols are implemented and released as open source and open licensed. To the best of our knowledge our ECC is the first lightweight BSD-licensed ECC for the IoT devices. We show the feasibility of our implementation by a thorough performance analysis using several implementations and optimization algorithms. Moreover, we evaluate it on a real IoT hardware platform.

  • 20.
    Raza, Shahid
    RISE., Swedish ICT, SICS. Department of Computer Science and Engineering.
    Lightweight Security Solutions for the Internet of Things2013Doktorsavhandling, monografi (Övrigt vetenskapligt)
    Abstract [en]

    The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart objects or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT. The IoT requires multi-faceted security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are ex- posed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important. This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes. The experimental evaluation of the different solutions shows that the resource- constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption.

  • 21.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Secure Communication in WirelessHART and its Integration with Legacy HART2010Rapport (Övrigt vetenskapligt)
    Abstract [en]

    The WirelessHART is a new standard for Industrial Process Automation and Control, formally released in September 2007. WirelessHART specifications are very well organized in all aspects except security as there are no separate specifications that document security requirements, the security is limited and spread throughout the WirelessHART specifications, and it is hard to understand the employed security without reading all the core specifications. This report will provide a comprehensive overview of WirelessHART security, the provided security mechanisms will be analyzed against the possible threats and the solutions will be proposed for the identified shortcomings. The report work also comprises of the ways to integrate the WirelessHART network with the legacy HART network. Different integration options are provided and each differs with the kind of legacy HART network already in use. A secure way of integrating HART and WirelessHART is also proposed by enhancing the capabilities of Adapters and connecting them with the HART Masters rather than slave devices. Finally the architecture of such a Security Manager will be proposed which will be capable of securing the entire WirelessHART network. A comprehensive and secure key management system is proposed which is capable of random key generation, secure key storage and retrieval, secure and automatic key renewal, timely key revocation, and efficient key distribution.

  • 22.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Chung, Tony
    Duquennoy, Simon
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Yazar, Dogan
    RISE., Swedish ICT, SICS.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    Securing Internet of Things with Lightweight IPsec2010Rapport (Övrigt vetenskapligt)
    Abstract [en]

    Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. In some cases it may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between an IP enabled sensor nodes and a device on traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec on Contiki. Our extension supports both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms.

  • 23.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Dini, Gianluca
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Gidlund, Mikael
    Secure Key Renewal in WirelessHART2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    WirelessHART is a wireless extension to the HART protocol. Even though WirelessHART is designed to be a secure protocol, the loopholes in the key management system makes it vulnerable to security threats. The broadcast approach for key renewal mechanisms in WirelessHART is not secure enough to be used in sensitive industrial automation environments where breach of security may result in catastrophic results. Also, key distribution with unicast communication with each device requires O(n) rekeying messages, where n is the size of the network. In this paper we provide a secure and scalable key renewal protocol for WirelessHART that reduces the communication overhead to O(logn). Our protocol requires far less messages than the conventional unicast approach.

  • 24.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Duquennoy, Simon
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Chung, Tony
    Yazar, Dogan
    RISE., Swedish ICT, SICS.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    Securing Communication in 6LoWPAN with Compressed IPsec2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. It may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec. Our extension supports both IPsec’s Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms.

  • 25.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Duquennoy, Simon
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Höglund, Joel
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Secure Communication for the Internet of Things: A Comparison of Link-Layer Security and IPsec for 6LoWPAN2012Ingår i: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The future Internet is an IPv6 network interconnecting traditional computers and a large number of smart objects. This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operation. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. In the traditional Internet, IPsec is the established and tested way of securing networks. It is therefore reasonable to explore the option of using IPsec as a security mechanism for the IoT. Smart objects are generally added to the Internet using IPv6 over Low-power Wireless Personal Area Networks (6LoWPAN), which defines IP communication for resource-constrained networks. Thus, to provide security for the IoT based on the trusted and tested IPsec mechanism, it is necessary to define an IPsec extension of 6LoWPAN. In this paper, we present such a 6LoWPAN/IPsec extension and show the viability of this approach. We describe our 6LoWPAN/IPsec implementation, which we evaluate and compare with our implementation of IEEE 802.15.4 link-layer security. We also show that it is possible to reuse crypto hardware within existing IEEE 802.15.4 transceivers for 6LoWPAN/IPsec. The evaluation results show that IPsec is a feasible option for securing the IoT in terms of packet size, energy consumption, memory usage, and processing time. Furthermore, we demonstrate that in contrast to common belief, IPsec scales better than link-layer security as the data size and the number of hops grow, resulting in time and energy savings. Copyright © 2012 John Wiley & Sons, Ltd.

  • 26.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Duquennoy, Simon
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    Demo Abstract: Securing Communication in 6LoWPAN with Compressed IPsec2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    With the inception of IPv6 it is possible to assign a unique ID to each device on planet. Recently, wireless sensor networks and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Real-world deployments of WSN demand secure communication. The receiver should be able to verify that sensor data is generated by trusted nodes and/or it may also be necessary to encrypt sensor data in transit. Available IPv6 protocol stacks can use IPsec to secure data exchanges. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this demo we will show the usage of our implemented lightweight IPsec. We will show how IPsec ensures end-to-end security between an IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of a 6LoWPAN extension for IPsec. This demo complements the full paper that will appear in the parent conference, DCOSS’11.

  • 27.
    Raza, Shahid
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Helgason, Tomas
    RISE - Research Institutes of Sweden, ICT, SICS.
    Papadimitratos, Panos
    KTH Royal Institute of Technology, Sweden.
    Voigt, Thiemo
    Uppsala University, Sweden.
    SecureSense: End-to-end secure communication architecture for the cloud-connected Internet of Things2017Ingår i: Future generations computer systems, ISSN 0167-739X, E-ISSN 1872-7115, Vol. 77, nr Dec, s. 40-51Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Constrained Application Protocol (CoAP) has become the de-facto web standard for the IoT. Unlike traditional wireless sensor networks, Internet-connected smart thing deployments require security. CoAP mandates the use of the Datagram TLS (DTLS) protocol as the underlying secure communication protocol. In this paper we implement DTLS-protected secure CoAP for both resource-constrained IoT devices and a cloud backend and evaluate all three security modes (pre-shared key, raw-public key, and certificate-based) of CoAP in a real cloud-connected IoT setup. We extend SicsthSense– a cloud platform for the IoT– with secure CoAP capabilities, and compliment a DTLS implementation for resource-constrained IoT devices with raw-public key and certificate-based asymmetric cryptography. To the best of our knowledge, this is the first effort toward providing end-to-end secure communication between resource-constrained smart things and cloud back-ends which supports all three security modes of CoAP both on the client side and the server side. SecureSense– our End-to-End (E2E) secure communication architecture for the IoT– consists of all standard-based protocols, and implementation of these protocols are open source and BSD-licensed. The SecureSense evaluation benchmarks and open source and open license implementation make it possible for future IoT product and service providers to account for security overhead while using all standardized protocols and while ensuring interoperability among different vendors. The core contributions of this paper are: (i) a complete implementation for CoAP security modes for E2E IoT security, (ii) IoT security and communication protocols for a cloud platform for the IoT, and (iii) detailed experimental evaluation and benchmarking of E2E security between a network of smart things and a cloud platform. © 2017 Elsevier B.V.

  • 28.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Keppitiyagama, Chamath
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Security and Privacy in the IPv6-Connected Internet of Things2015Ingår i: Securing Cyber-Physical Systems, CRC Press , 2015, 6Kapitel i bok, del av antologi (Refereegranskat)
  • 29.
    Raza, Shahid
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Magnusson, Runar M.
    RISE - Research Institutes of Sweden, ICT, SICS.
    TinyIKE: Lightweight IKEv2 for Internet of Things2019Ingår i: IEEE Internet of Things Journal, ISSN 2327-4662, Vol. 6, nr 1, s. 856-866, artikel-id 8424816Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    There is unanimous consensus that cyber security in the IoT is necessary. In cyber security, key establishment is one of the toughest problems. It is even more challenging in resource-constrained but Internet-connected IoT devices that use low-power wireless communication. A number of IoT communication protocols define cryptographic mechanisms for confidentiality and integrity services but do not specify key management. For example, IEEE 802.15.4, RPL, and object security all rely on external key management protocols. Due to the lack of automatic key management support, IoT devices either end up using pre-shared keys or no security at all. In this paper we overcome these challenges and present TinyIKE, a lightweight adaptation of IKEv2 for the IoT. Using TinyIKE, we solve the key establishment problem for multiple IoT protocols using a single IKEv2-based solution. We implement TinyIKE for resource-constrained IoT devices that run the Contiki OS. The TinyIKE implementation supports full certificate-based IKEv2 that uses Elliptic Curve Cryptography (ECC). In order to ensure the feasibility of TinyIKE in the IoT, we perform an extensive evaluation of TinyIKE using a setup consisting of real IoT hardware.

  • 30.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Misra, Prasant
    RISE., Swedish ICT, SICS. Indian Institute of Science, India.
    He, Zhitao
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Bluetooth Smart: An Enabling Technology for the Internet of Things2015Ingår i: 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), 2015, 6, s. 155-162, artikel-id 7347955Konferensbidrag (Refereegranskat)
    Abstract [en]

    The past couple of years have seen a heightened interest in the Internet of Things (IoT), transcending industry, academia and government. As with new ideas that hold immense potential, the optimism of IoT has also exaggerated the underlying technologies well before they can mature into a sustainable ecosystem. While 6LoWPAN has emerged as a disruptive technology that brings IP capability to networks of resource constrained devices, a suitable radio technology for this device class is still debatable. In the recent past, Bluetooth Low Energy (LE) - a subset of the Bluetooth v4.0 stack - has surfaced as an appealing alternative that provides a low-power and loosely coupled mechanism for sensor data collection with ubiquitous units (e.g., smartphones and tablets). When Bluetooth 4.0 was first released, it was not targeted for IP-connected devices but for communication between two neighboring peers. However, the latest release of Bluetooth 4.2 offers features that makes Bluetooth LE a competitive candidate among the available low-power communication technologies in the IoT space. In this paper, we discuss the novel features of Bluetooth LE and its applicability in 6LoWPAN networks. We also highlight important research questions and pointers for potential improvement for its greater impact.

  • 31.
    Raza, Shahid
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Misra, Prasant
    TATA Consultancy Services Ltd, India .
    He, Zhitao
    RISE - Research Institutes of Sweden, ICT, SICS.
    Voigt, Thiemo
    RISE - Research Institutes of Sweden, ICT, SICS. Uppsala University, Sweden.
    Building the Internet of Things with Bluetooth Smart2017Ingår i: Ad hoc networks, ISSN 1570-8705, E-ISSN 1570-8713, Vol. 57, s. 19-31Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The Internet of Things, or the IoT, is an emerging, disruptive technology that enables physical devices to communicate across disparate networks. IP has been the de facto standard for seamless interconnectivity in the traditional Internet; and piggybacking on the success of IP, 6LoWPAN has been the first standardized technology to realize it for networks of resource-constrained devices. In the recent past Bluetooth Low Energy (BLE) a.k.a Bluetooth Smart - a subset of the Bluetooth v4.0 and the latest v4.2 stack, has surfaced as an appealing alternative, with many competing advantages over available low-power communication technologies in the IoT space such as IEEE 802.15.4. However, BLE is a closed standard and lacks open hardware and firmware support, something that hinders innovation and development in this field. In this article, we aim to overcome some of the constraints in BLE's core building blocks by making three contributions: first, we present the design of a new open hardware platform for BLE; second, we provide a Contiki O.S. port for the new platform; and third, we identify research challenges and opportunities in 6LoWPAN-connected Bluetooth Smart. We believe that the knowledge and insights will facilitate IoT innovations based on this promising technology

  • 32.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Seitz, Ludwig
    RISE., Swedish ICT, SICS.
    Sytenkov, Denis
    RISE., Swedish ICT, SICS.
    Selander, Göran
    Ericsson, Sweden.
    S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things2016Ingår i: IEEE Transactions on Automation Science and Engineering, ISSN 1545-5955, E-ISSN 1558-3783, Vol. 13, nr 3, s. 1270-1280Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    DTLS is becoming the de facto standard for communication security in the Internet of Things (IoT). In order to run the DTLS protocol, one needs to establish keys between the communicating devices. The default method of key establishment requires X.509 certificates and a Public Key Infrastructure, an approach which is often too resource consuming for small IoT devices. DTLS also supports the use of preshared keys and raw public keys. These modes are more lightweight, but they are not scalable to a large number of devices.

  • 33.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Shafagh, Hossein
    RISE., Swedish ICT, SICS.
    Hewage, Kasun
    Hummen, René
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Lithe: Lightweight Secure CoAP for the Internet of Things2013Ingår i: IEEE Sensors Journal, Vol. 13, s. 3711-3720Artikel i tidskrift (Refereegranskat)
  • 34.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Slabbert, Adriaan
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Landernäs, Krister
    Security Considerations for the WirelessHART Protocol2009Konferensbidrag (Refereegranskat)
    Abstract [en]

    WirelessHART is a secure and reliable communication standard for industrial process automation. The WirelessHART specifications are well organized in all aspects except security: there are no separate specifications of security requirements or features. Rather, security mechanisms are described throughout the documentation. This hinders implementation of the standard and development of applications since it requires close knowledge of all the core specifications on the part of the developer. In this paper we provide a comprehensive overview of WirelessHART security: we analyze the provided security mechanisms against well known threats in the wireless medium, and propose recommendations to mitigate shortcomings. Furthermore, we elucidate the specifications of the Security Manager, its placement in the network, and interaction with the Network Manager.

  • 35.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Trabalza, Daniele
    RISE., Swedish ICT, SICS.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    6LoWPAN Compressed DTLS for CoAP2012Konferensbidrag (Refereegranskat)
    Abstract [en]

    Real deployments of the IoT require security. CoAP is being standardized as an application layer protocol for the Internet of Things (IoT). CoAP proposes to use DTLS to provide end-to-end security to protect the IoT. DTLS is a heavyweight protocol and its headers are too long to fit in a single IEEE 802.15.4 MTU. 6LoWPAN provides header compression mechanisms to reduce the size of upper layer headers. 6LoWPAN header compression mechanisms can be used to compress the security headers as well. In this paper we propose 6LoWPAN header compression for DTLS. We link our compressed DTLS with the 6LoWPAN standard using standardized mechanisms. We show that our proposed DTLS compression significantly reduces the number of additional security bits. For example, only for the DTLS Record header that is added in every DTLS packet, the number of additional security bits can be reduced by 62\%. Our compressed-DTLS is the first lightweight 6LoWPAN extension for DTLS.

  • 36.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Interconnecting WirelessHART and Legacy HART Networks2010Konferensbidrag (Refereegranskat)
    Abstract [en]

    WirelessHART is a novel standardized wireless sensor network protocol for industrial process automation. The WirelessHART protocol is designed with the aim to complement the HART protocol by providing wireless extension to it. However, due to the different Physical and Data-link layers the two protocols are not directly interoperable. WirelessHART is based on IEEE 802.15.4 mesh networks whereas HART is a 4-20mA analog wired protocol. Keeping in view the huge installations of HART networks throughout the world we feel the need to integrate HART and WirelessHART networks as the WirelessHART standard does not specify the means to securely connect the two networks. In this paper we provide different options to integrate WirelessHART and legacy HART networks. We start integrating the two networks using the Gateway. However, the Gateway based integrations are sometimes not feasible and are insecure. The main contribution of this paper is that we provide a novel and comparatively secure solution to interconnect WirelessHART networks with HART networks. We specify and design a new WirelessHART Integrator that extends the capabilities of the WirelessHART Adapter and provides integration at the network level rather than at the device level only. We also analyze and compare our solution with the Gateway and Adapter based solutions.

  • 37.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    CONET, UK.
    6LoWPAN Extension for IPsec2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    Real-world deployments of wireless sensor networks (WSNs) require secure communication. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. We propose a 6LoWPAN extension for IPsec. Our extension supports both IPsec’s Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt, and check the integrity of messages using standardized and established IPv6 mechanisms.

  • 38.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Slabbert, Adriaan
    Landernäs, Krister
    Design and Implementation of a Security Manager for WirelessHART Networks2009Konferensbidrag (Refereegranskat)
    Abstract [en]

    WirelessHART is the first open standard for Wireless Sensor Networks designed specifically for industrial process automation and control systems. WirelessHART is a secure protocol; however, it relies on a Security Manager for the management of the security keys and the authentication of new devices. The WirelessHART standard does not provide specifications and design of the Security Manager. Also, the security specifications in the standard are not well organized and are dispersed throughout the standard. The lack of Security Manager design and ambiguous security specifications impede implementation of the standard since it requires close knowledge of all the core specifications on the part of the developer. In this paper we provide the detailed specifications, design, and implementation of the Security Manager for the WirelessHART standard. We evaluate our Security Manager against different cryptographic algorithms and measure the latency between the Network Manager and the Security Manager. Our evaluation shows that the proposed Security Manager meets the WirelessHART requirements. Our analysis shows that the provided Security Manager is capable of securing both the wireless and wired part of the WirelessHART network.

  • 39.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Vilhelm, Juvik
    RISE., Swedish ICT, SICS.
    Lightweight IKEv2: A Key Management Solution for both Compressed IPsec and IEEE 802.15.4 Security2012Konferensbidrag (Refereegranskat)
  • 40.
    Raza, Shahid
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Wallgren, Linus
    RISE., Swedish ICT, SICS.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    SVELTE: Real-time Intrusion Detection in the Internet of Things2013Ingår i: Ad Hoc Networks (Elsevier), Vol. 11, s. 2661-2674Artikel i tidskrift (Refereegranskat)
  • 41.
    Rizki, Kiki
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Lamproudi, Argyro
    RISE - Research Institutes of Sweden, ICT, SICS.
    Tiloca, Marco
    RISE - Research Institutes of Sweden, ICT, SICS.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Group-IKEv2 for multicast IPsec in the internet of things2019Ingår i: International Journal of Security and Networks (IJSN), ISSN 1747-8405, E-ISSN 1747-8413, Vol. 14, nr 1, s. 10-22Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This paper presents Group-IKEv2, a group key management protocol supporting secure group communication based on multicast IPsec. Group-IKEv2 is an adaptation of the IKEv2 protocol for the IPsec suite, and is especially designed to address internet of things (IoT) scenarios composed of resource-constrained devices. Compared to static approaches, Group-IKEv2 enables dynamic and flexible establishment of IPsec group security associations as well as group key material. Also, it integrates the management and renewal of group key material, both on a periodical fashion and upon group membership changes. We have implemented Group-IKEv2 for the Contiki OS and tested it on the OpenMote resource-constrained platform. Our experimental performance evaluation confirms that Group-IKEv2 is affordable and deployable also on constrained IoT devices.

  • 42.
    Sedrati, Anaas
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS. INPT, Morocco.
    Abdelraheem, Mohamed Ahmed
    RISE - Research Institutes of Sweden, ICT, SICS.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Blockchain and IoT: Mind the Gap2018Ingår i: Lect. Notes Inst. Comput. Sci. Soc. Informatics Telecommun. Eng., 2018, s. 113-122Konferensbidrag (Refereegranskat)
    Abstract [en]

    Blockchain, the core technology behind the first decentralized cryptocurrency, Bitcoin, has been recently proposed as a promising solution to create a viable decentralized network of Internet of Things (IoT) with good security and privacy properties. This survey investigates the currently proposed Blockchain-IoT solutions and examines their suitability for IoT devices.

  • 43.
    Shreenivas, Dharmini
    et al.
    Ericsson AB, Sweden.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Voigt, Thiemo
    RISE - Research Institutes of Sweden, ICT, SICS.
    Intrusion Detection in the RPL-connected 6LoWPAN Networks2017Ingår i: IoTPTS '17: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Securit, ACM Press, 2017, s. 31-38Konferensbidrag (Refereegranskat)
    Abstract [en]

    The interconnectivity of 6LoWPAN networks with the Internet raises serious security concerns, as constrained 6LoWPAN devices are accessible anywhere from the untrusted global Internet. Also, 6LoWPAN devices are mostly deployed in unattended environments, hence easy to capture and clone. Despite that state of the art crypto solutions provide information security, IPv6 enabled smart objects are vulnerable to attacks from outside and inside 6LoWPAN networks that are aimed to disrupt networks. This paper attempts to identify intrusions aimed to disrupt the Routing Protocol for Low-Power and Lossy Networks (RPL).In order to improve the security within 6LoWPAN networks, we extend SVELTE, an intrusion detection system for the Internet of Things, with an intrusion detection module that uses the ETX (Expected Transmissions) metric. In RPL, ETX is a link reliability metric and monitoring the ETX value can prevent an intruder from actively engaging 6LoWPAN nodes in malicious activities. We also propose geographic hints to identify malicious nodes that conduct attacks against ETX-based networks. We implement these extensions in the Contiki OS and evaluate them using the Cooja simulator.

  • 44.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Dini, Gianluca
    University of Pisa, Italy.
    Rizki, Kiki
    RISE - Research Institutes of Sweden, ICT, SICS.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Group rekeying based on member join history2019Ingår i: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This paper presents GREP, a novel group rekeying scheme that leverages the history of join events in order to achieve efficiency and high scalability. GREP rekeys the group with only two broadcast messages, hence displaying an overhead which is small, constant and independent of the group size. Also, GREP efficiently recovers the group from collusion attack with no recourse to total member reinitialization. Even in the very unlikely worst case, collusion recovery displays a smooth impact on performance that gradually increases with the attack severity. We implemented GREP for the Contiki OS and tested it on different resource-constrained platforms. Our analytical and experimental evaluation confirms that GREP is efficient, highly scalable and deployable also on constrained nodes. The paper extends a previous version of this work, especially through additional security analysis, treatise of probabilities for worst case collusion, and experimental evaluation of performance.

  • 45.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Dini, Gianluca
    University of Pisa, Italy.
    Rizki, Kiki
    RISE - Research Institutes of Sweden, ICT, SICS.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Group rekeying based on member join history2019Ingår i: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This paper presents GREP, a novel group rekeying scheme that leverages the history of join events in order to achieve efficiency and high scalability. GREP rekeys thegroup with only two broadcast messages, hence displaying an overhead which is small, constant and independent of the group size. Also, GREP efficiently recovers the group from collusion attack with no recourse to total member reinitialization. Even in the very unlikely worst case, collusion recovery displays a smooth impact on performance that gradually increases with the attack severity. We implemented GREP for the Contiki OS and tested it on different resource-constrained platforms. Our analytical and experimental evaluation confirm that GREP is efficient, highly scalable and deployable also on constrained nodes. The paper extends a previous version of this work, especially through additional security analysis, treatise of probabilities for worst case collusion, and experimental evaluation of performance.

  • 46.
    Tiloca, Marco
    et al.
    RISE., Swedish ICT, SICS, Security Lab.
    Nikitin, Kirill
    RISE., Swedish ICT, SICS.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Axiom - DTLS-based secure IoT group communication2017Ingår i: ACM Transactions on Embedded Computing Systems, ISSN 1539-9087, E-ISSN 1558-3465, Vol. 16, nr 3Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This article presents Axiom, a DTLS-based approach to efficiently secure multicast group communication among IoT-constrained devices. Axiom provides an adaptation of the DTLS record layer, relies on key material commonly shared among the group members, and does not require one to perform any DTLS handshake. We made a proof-of-concept implementation of Axiom based on the tinyDTLS library for the Contiki OS and used it to experimentally evaluate performance of our approach on real IoT hardware. Results show that Axiom is affordable on resource-constrained platforms and performs significantly better than related alternative approaches.

  • 47.
    Trabalza, Daniele
    et al.
    RISE., Swedish ICT, SICS.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    INDIGO: Secure CoAP for Smartphones- Enabling E2E Secure Communication in the 6IoT2013Konferensbidrag (Refereegranskat)
  • 48.
    Wallgren, Linus
    et al.
    RISE., Swedish ICT, SICS.
    Raza, Shahid
    RISE., Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE., Swedish ICT, SICS, Computer Systems Laboratory.
    Routing Attacks and Countermeasures in the RPL-based Internet of Things2013Ingår i: International Journal of Distributed Sensor Networks, ISSN 1550-1329, E-ISSN 1550-1477Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The Routing Protocol for Low-Power and Lossy Networks (RPL) is a novel routing protocol standardized for constrained environments such as 6LoWPAN networks. Providing security in IPv6/RPL connected 6LoWPANs is challenging be- cause the devices are connected to the untrusted Internet, are resource constrained, the communica- tion links are lossy, and the devices use a set of novel IoT technologies such as RPL, 6LoWPAN, and CoAP/CoAPs. In this paper we provide a comprehensive analysis of IoT technologies and their new security capabilities that can be exploited by attackers or IDSs. One of the major contributions in this paper is our implementation and demonstration of well-known routing attacks against 6LoWPAN networks running RPL as a routing protocol. We implement these attacks in the RPL imple- mentation in the Contiki operating system and demonstrate these attacks in the Cooja simulator. Furthermore, we highlight novel security features in the IPv6 protocol and exemplify the use of these features for intrusion detection in the IoT, by implementing a lightweight heartbeat protocol.

1 - 48 av 48
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.35.7