Change search
Refine search result
1 - 28 of 28
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Aragon, Santiago
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS. Technische Universität Darmstadt, Germany.
    Tiloca, Marco
    RISE - Research Institutes of Sweden, ICT, SICS.
    Maass, Max
    Technische Universität Darmstadt, Germany.
    Hollick, Matthias
    Technische Universität Darmstadt, Germany.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control2018Conference paper (Refereed)
    Abstract [en]

    The Authentication and Authorization for ConstrainedEnvironments (ACE) framework provides fine-grainedaccess control in the Internet of Things, where devices areresource-constrained and with limited connectivity. The ACEframework defines separate profiles to specify how exactlyentities interact and what security and communication protocolsto use. This paper presents the novel ACE IPsec profile, whichspecifies how a client establishes a secure IPsec channel witha resource server, contextually using the ACE framework toenforce authorized access to remote resources. The profilemakes it possible to establish IPsec Security Associations, eitherthrough their direct provisioning or through the standardIKEv2 protocol. We provide the first Open Source implementationof the ACE IPsec profile for the Contiki OS and testit on the resource-constrained Zolertia Firefly platform. Ourexperimental performance evaluation confirms that the IPsecprofile and its operating modes are affordable and deployablealso on constrained IoT platforms.

    Download full text (pdf)
    fulltext
  • 2.
    Carignani, Gioele
    et al.
    University of Pisa, Italy.
    Righetti, Francesca
    University of Pisa, Italy.
    Vallati, Carlo
    University of Pisa, Italy.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Anastasi, Giuseppe
    University of Pisa, Italy.
    Evaluation of Feasibility and Impact of Attacks Against the 6top Protocol in 6TiSCH Networks2020In: 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM), 2020, p. 68-77Conference paper (Refereed)
    Abstract [en]

    The 6TiSCH architecture has been gaining attraction as a promising solution to ensure reliability and security for communication in applications for the Industrial Internet of Things (IIoT). While many different aspects of the architecture have been investigated in literature, an in-depth analysis of the security features included in its design is still missing. In this paper, we assess the security vulnerabilities of the 6top protocol, a core component of the 6TiSCH architecture for enabling network nodes to negotiate communication resources. Our analysis highlights two possible attacks against the 6top protocol that can impair network performance and reliability in a significant manner. To prove the feasibility of the attacks in practice, we implemented both of them on the Contiki-NG Operating System and tested their effectiveness on a simple deployment with three Zolertia RE-Mote sensor nodes. Also, we carried out a set of simulations using Cooja in order to assess their impact on larger networks. Our results show that both attacks reduce reliability in the overall network and increase energy consumption of the network nodes.

  • 3.
    Gehrmann, Christian
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Tiloca, Marco
    RISE, Swedish ICT, SICS, Security Lab.
    Höglund, Rikard
    RISE, Swedish ICT, SICS.
    SMACK: Short Message Authentication ChecK Against Battery Exhaustion in the Internet of Things2015In: 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), 2015, 13, p. 274-282, article id 7338326Conference paper (Refereed)
    Abstract [en]

    Internet of Things (IoT) commonly identifies the upcoming network society where all connectable devices will be able to communicate with one another. In addition, IoT devices are supposed to be directly connected to the Internet, and many of them are likely to be battery powered. Hence, they are particularly vulnerable to Denial of Service (DoS) attacks specifically aimed at quickly draining battery and severely reducing device lifetime. In this paper, we propose SMACK, a security service which efficiently identifies invalid messages early after their reception, by checking a short and lightweight Message Authentication Code (MAC). So doing, further useless processing on invalid messages can be avoided, thus reducing the impact of DoS attacks and preserving battery life. In particular, we provide an adaptation of SMACK for the standard Constrained Application Protocol (CoAP). Finally, we experimentally evaluate SMACK performance through our prototype implementation for the resource constrained CC2538 platform. Our results show that SMACK is efficient and affordable in terms of memory requirements, computing time, and energy consumption.

    Download full text (pdf)
    FULLTEXT01
  • 4.
    Gianluca, Dini
    et al.
    University of Pisa, Italy.
    Tiloca, Marco
    RISE, Swedish ICT, SICS, Security Lab.
    A Simulation Tool for Evaluating Attack Impact in Cyber Physical Systems2014Conference paper (Refereed)
    Abstract [en]

    Security is getting an ever increasingly important issue in cyber-physical systems comprising autonomous systems. However, it is not possible to defend from all possible attacks for cost and performance reasons. An attack ranking is thus necessary. We propose a simulative framework that makes it possible to rank attacks according to their impact. We also describe a case study to assert its usefulness and effectiveness.

    Download full text (pdf)
    FULLTEXT01
  • 5.
    Gunnarsson, Martin
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science. Lund University, Sweden.
    Brorsson, Joakim
    Lund University, Sweden; Combitech AB, Sweden.
    Palombini, Francesca
    Ericsson AB, Sweden.
    Seitz, Ludwig
    Combitech AB, Sweden.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Evaluating the performance of the OSCORE security protocol in constrained IoT environments2021In: Internet of Things: Engineering Cyber Physical Human Systems, E-ISSN 2542-6605, Vol. 13, article id 100333Article in journal (Refereed)
    Abstract [en]

    The Constrained Application Protocol (CoAP) is a standard communication protocol for resource-constrained devices in the Internet of Things (IoT). Many IoT deployments require proxies to support asynchronous communication between edge devices and the back-end. This allows (non-trusted) proxies to access sensitive parts of CoAP messages. Object Security for Constrained RESTful Environments (OSCORE) is a recent standard protocol that provides end-to-end security for CoAP messages at the application layer. Unlike the commonly used standard Datagram Transport Layer Security (DTLS), OSCORE efficiently provides selective integrity protection and encryption on different parts of CoAP messages. Thus, OSCORE enables end-to-end security through intermediary (non-trusted) proxies, while still allowing them to perform their expected services, with considerable security and privacy improvements.

    To assess whether these security features consume too much of the limited resources available on a constrained device, we have implemented OSCORE (the implementation is available as open-source), and evaluated its efficiency. This paper provides a comprehensive, comparative and experimental performance evaluation of OSCORE on real resource-constrained IoT devices, using the operating system Contiki-NG as IoT software platform. In particular, we experimentally evaluated the efficiency of our OSCORE implementation on resource-constrained devices running Contiki-NG, in comparison with the DTLS implementation TinyDTLS maintained by the Eclipse Foundation. The evaluation results show that our OSCORE implementation displays moderately better performance than TinyDTLS, in terms of per-message network overhead, memory usage, message round-trip time and energy efficiency, thus providing the security improvements of OSCORE with no additional performance penalty.

  • 6.
    Gunnarsson, Martin
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Malarski, KM
    DTU Technical University of Denmark, Denmark.
    Höglund, Rikard
    RISE Research Institutes of Sweden, Digital Systems, Data Science. Uppsala University, Sweden.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Performance Evaluation of Group OSCORE for Secure Group Communication in the Internet of Things2022In: ACM Transactions on Internet of Things, ISSN 2577-6207, Vol. 3, no 3, article id 3523064Article in journal (Refereed)
    Abstract [en]

    The Constrained Application Protocol (CoAP) is a major application-layer protocol for the Internet of Things (IoT). The recently standardized security protocol Object Security for Constrained RESTful Environments (OSCORE) efficiently provides end-to-end security of CoAP messages at the application layer, also in the presence of untrusted intermediaries. At the same time, CoAP supports one-to-many communication, targeting use cases such as smart lighting and building automation, firmware update, or emergency broadcast. Securing group communication for CoAP has additional challenges. It can be done using the novel Group Object Security for Constrained RESTful Environments (Group OSCORE) security protocol, which fulfills the same security requirements of OSCORE in group communication environments. While evaluations of OSCORE are available, no studies exist on the performance of Group OSCORE on resource-constrained IoT devices.This article presents the results of our extensive performance evaluation of Group OSCORE over two popular constrained IoT platforms, namely Zolertia Zoul and TI Simplelink. We have implemented Group OSCORE for the Contiki-NG operating system and made our implementation available as open source software. We compared Group OSCORE against unprotected CoAP as well as OSCORE. To the best of our knowledge, this is the first comprehensive and experimental evaluation of Group OSCORE over real constrained IoT devices. © 2022 Copyright held by the owner/author(s).

  • 7.
    Höglund, Rikard
    et al.
    RISE, Swedish ICT, SICS.
    Tiloca, Marco
    RISE, Swedish ICT, SICS, Security Lab.
    Current State of the Art in Smart Metering Security2015Report (Other academic)
    Abstract [en]

    Power supply infrastructures are facing radical changes. The introduction of Information and Communication Technologies (ICT) into power grids will allow to automatically monitor and control the power demand and supply. This concept is generally referred to as Smart Grid, and is expected to exponentially grow during the coming years. However, ICT systems are increasingly subject to security cyber attacks, which can have a disruptive impact on the whole power grid, and put people’s safety and business interests at risk. This report covers background information on the smart grid with focus on smart metering in particular. Important aspects such as security and life-cycle management are covered. In addition, the typical smart grid components and communication protocols are surveyed.

    Download full text (pdf)
    FULLTEXT01
  • 8.
    Höglund, Rikard
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Bouget, Simon
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Raza, Shahid
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Key Update for the IoT Security Standard OSCORE2023In: 2023 IEEE International Conference on Cyber Security and Resilience (CSR), IEEE , 2023Conference paper (Refereed)
    Abstract [en]

    The standard Constrained Application Protocol (CoAP) is a lightweight, web-transfer protocol based on the REST paradigm and specifically suitable for constrained devices and the Internet-of-Things. Object Security for Constrained RESTful Environment (OSCORE) is a standard, lightweight security protocol that provides end-to-end protection of CoAP messages. A number of methods exist for managing keying material for OSCORE, as to its establishment and update. This paper provides a detailed comparison of such methods, in terms of their features, limitations and security properties. Also, it especially considers the new key update protocol KUDOS, for which it provides a more extended discussion about its features and mechanics, as well as a formal verification of its security properties.

  • 9.
    Höglund, Rikard
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Selander, Goran
    Ericsson Research, Sweden.
    Mattsson, John Preuss
    Ericsson Research, Sweden.
    Vucinic, Malisa
    Inria Paris, France.
    Watteyne, Thomas
    Inria Paris, France.
    Secure Communication for the IoT: EDHOC and (Group) OSCORE Protocols2024In: IEEE Access, E-ISSN 2169-3536, Vol. 12, p. 49865-Article in journal (Refereed)
    Abstract [en]

    Communication security of an Internet-of-Things (IoT) product depends on the variety of protocols employed throughout its lifetime. The underlying low-power radio communication technologies impose constraints on maximum transmission units and data rates. Surpassing maximum transmission unit thresholds has an important effect on the efficiency of the solution: transmitting multiple fragments over low-power IoT radio technologies is often prohibitively expensive. Furthermore, IoT communication paradigms such as one-to-many require novel solutions to support the applications executing on constrained devices. Over the last decade, the Internet Engineering Task Force (IETF) has been working through its various Working Groups on defining lightweight protocols for Internet-of-Things use cases. “Lightweight” refers to the minimal processing overhead, memory footprint and number of bytes in the air, compared to the protocol counterparts used for non-constrained devices in the Internet. This article overviews the standardization efforts in the IETF on lightweight communication security protocols. It introduces EDHOC, a key exchange protocol, OSCORE and Group OSCORE, application data protection protocols adapted for securing IoT applications. The article additionally highlights the design considerations taken into account during the design of these protocols, an aspect not present in the standards documents. Finally, we present an evaluation of these protocols in terms of the message sizes and compare with the non-constrained counterpart, the (D)TLS protocol. We demonstrate that the novel key exchange protocol EDHOC achieves ×5 reduction over DTLS 1.3 authenticated with pre-shared keys in terms of total number of bytes transmitted over the air, while keeping the benefits of authentication with asymmetric credentials.

  • 10.
    Paladi, Nicolae
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science. Lund University, Sweden.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Bideh, Pegah
    RISE Research Institutes of Sweden. Lund University, Sweden.
    Hell, Martin
    RISE Research Institutes of Sweden. Lund University, Sweden.
    On-demand Key Distribution for Cloud Networks2021In: 2021 24th Conference on Innovation in Clouds, Internet and Networks and Workshops, ICIN 2021, Institute of Electrical and Electronics Engineers Inc. , 2021, p. 80-82Conference paper (Refereed)
    Abstract [en]

    Emerging fine-grained cloud resource billing creates incentives to review the software execution footprint in virtual environments. Operators can use novel virtual execution environments with ever lower overhead: from virtual machines to containers, to unikernels and serverless functions. However, the execution footprint of security mechanisms in virtualized deployments has either remained the same or even increased. In this demo, we present a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints

  • 11.
    Paladi, Nicolae
    et al.
    RISE Research Institutes of Sweden. Lund University, Sweden.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Nikbakht Bideh, Pegah
    Lund University, Sweden.
    Hell, Mmartin
    Lund University, Sweden.
    Flowrider: Fast On-Demand Key Provisioning for Cloud Networks2021In: International Conference on Security and Privacy in Communication SystemsSecureComm 2021: Security and Privacy in Communication Networks pp 207-228, Springer Science and Business Media Deutschland GmbH , 2021, p. 207-228Conference paper (Refereed)
    Abstract [en]

    Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its prototype implementation. Our evaluation shows that Florwider uses up to an order of magnitude less CPU to establish a TLS session while preventing by construction some known attacks.

  • 12.
    Rasori, Marco
    et al.
    National Research Council, Italy.
    Saracino, Andrea
    National Research Council, Italy; Scuola Superiore Sant’Anna, Italy.
    Mori, Paolo
    National Research Council, Italy.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Using the ACE framework to enforce access and usage control with notifications of revoked access rights2024In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270Article in journal (Refereed)
    Abstract [en]

    The standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked. 

    Download full text (pdf)
    fulltext
  • 13.
    Righetti, Francesca
    et al.
    University of Pisa, Italy.
    Vallati, Carlo
    University of Pisa, Italy.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Anastasi, Giuseppe
    University of Pisa, Italy.
    Vulnerabilities of the 6P protocol for the Industrial Internet of Things: Impact analysis and mitigation2022In: Computer Communications, ISSN 0140-3664, E-ISSN 1873-703X, Vol. 194, p. 411-432Article in journal (Refereed)
    Abstract [en]

    The 6TiSCH architecture defined by the IETF provides a standard solution for extending the Internet of Things (IoT) paradigm to industrial applications with stringent reliability and timeliness requirements. In this context, communication security is another crucial requirement, which is currently less investigated in the literature. In this article, we present a deep assessment of the security vulnerabilities of 6P, the protocol used for resource negotiation at the core of the 6TiSCH architecture. Specifically, we highlight two possible attacks against 6P, namely the Traffic Dispersion and the Overloading attacks. These two attacks effectively and stealthy alter the communication schedule of victim nodes and severely thwart network basic functionalities and efficiency, by specifically impacting network availability and energy consumption of victim nodes. To assess the impact of the attacks two analytical models have been defined, while, to demonstrate their feasibility, they have been implemented in Contiki-NG. The implementation has been used to quantitatively evaluate the impact of the two attacks by both simulations and measurements in a real testbed. Our results show that the impact of both attacks may be very significant. The impact, however, strongly depends on the position of the victim node(s) in the network and it is highly influenced by the dynamics of the routing protocol. We have investigated mitigation strategies to alleviate this impact and proposed an extended version of the Minimal Scheduling Function (MSF), i.e., the reference scheduling algorithm for 6TiSCH. This allows network nodes to early detect anomalies in their schedules possibly due to an Overloading attack, and thus curb the attack impact by appropriately revising their schedule. 

    Download full text (pdf)
    fulltext
  • 14.
    Righetti, Francesca
    et al.
    University of Pisa, Italy.
    Vallati, Carlo
    University of Pisa, Italy.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Anastasi, Giuseppe
    University of Pisa, Italy.
    Vulnerabilities of the 6P protocol for the Industrial Internet of Things: Impact analysis and mitigation2022In: Computer Communications, ISSN 0140-3664, E-ISSN 1873-703X, Computer Communications, Vol. 194, p. 411-432Article in journal (Refereed)
    Abstract [en]

    The 6TiSCH architecture defined by the IETF provides a standard solution for extending the Internet of Things (IoT) paradigm to industrial applications with stringent reliability and timeliness requirements. In this context, communication security is another crucial requirement, which is currently less investigated in the literature. In this article, we present a deep assessment of the security vulnerabilities of 6P, the protocol used for resource negotiation at the core of the 6TiSCH architecture. Specifically, we highlight two possible attacks against 6P, namely the Traffic Dispersion and the Overloading attacks. These two attacks effectively and stealthy alter the communication schedule of victim nodes and severely thwart network basic functionalities and efficiency, by specifically impacting network availability and energy consumption of victim nodes. To assess the impact of the attacks two analytical models have been defined, while, to demonstrate their feasibility, they have been implemented in Contiki-NG. The implementation has been used to quantitatively evaluate the impact of the two attacks by both simulations and measurements in a real testbed. Our results show that the impact of both attacks may be very significant. The impact, however, strongly depends on the position of the victim node(s) in the network and it is highly influenced by the dynamics of the routing protocol. We have investigated mitigation strategies to alleviate this impact and proposed an extended version of the Minimal Scheduling Function (MSF), i.e., the reference scheduling algorithm for 6TiSCH. This allows network nodes to early detect anomalies in their schedules possibly due to an Overloading attack, and thus curb the attack impact by appropriately revising their schedule.

  • 15.
    Rizki, Kiki
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Lamproudi, Argyro
    RISE - Research Institutes of Sweden, ICT, SICS.
    Tiloca, Marco
    RISE - Research Institutes of Sweden, ICT, SICS.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Group-IKEv2 for multicast IPsec in the internet of things2019In: International Journal of Security and Networks (IJSN), ISSN 1747-8405, E-ISSN 1747-8413, Vol. 14, no 1, p. 10-22Article in journal (Refereed)
    Abstract [en]

    This paper presents Group-IKEv2, a group key management protocol supporting secure group communication based on multicast IPsec. Group-IKEv2 is an adaptation of the IKEv2 protocol for the IPsec suite, and is especially designed to address internet of things (IoT) scenarios composed of resource-constrained devices. Compared to static approaches, Group-IKEv2 enables dynamic and flexible establishment of IPsec group security associations as well as group key material. Also, it integrates the management and renewal of group key material, both on a periodical fashion and upon group membership changes. We have implemented Group-IKEv2 for the Contiki OS and tested it on the OpenMote resource-constrained platform. Our experimental performance evaluation confirms that Group-IKEv2 is affordable and deployable also on constrained IoT devices.

  • 16.
    Seitz, Ludwig
    et al.
    Combitech AB, Sweden.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Gunnarsson, Martin
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Höglund, Rikard
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Secure Software Updates for IoT Based on Industry Requirements2023In: Proceedings of the 9th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications , 2023, p. 698-705Conference paper (Refereed)
    Abstract [en]

    This paper analyzes the problem and requirements of securely distributing software updates over the Internet, to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures controlling a physical system, such as power grids and water supply systems. We present a novel approach that allows to securely distribute software updates of different types, e.g., device firmware and customer applications, and from sources of different type, e.g., device operators, device manufacturers and third-party library providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update process, while ensuring both authenticity and confidentiality of the distributed software updates.

  • 17.
    Tiloca, Marco
    RISE, Swedish ICT, SICS, Security Lab.
    Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication2014Conference paper (Refereed)
    Abstract [en]

    DTLS is a standardized security protocol designed to provide end-to-end secure communication among two peers, and particularly considered for the emerging Internet of Things. In order to protect group communication, the IETF is currently working on a method to secure multicast messages through the same DTLS security services. However, such an approach relies on traditional DTLS sessions to protect unicast responses to multicast messages. This increases the amount of security material stored by group members and can have a relevant impact on network performance. In this paper we propose an extension to the IETF approach which allows to efficiently protect group responses by reusing the same group key material. Our proposal does not require to establish additional DTLS sessions, thus preserving high communication performance within the group and limiting storage overhead on group members. Furthermore, we discuss a suitable key management policy to provision and renew group key material.

    Download full text (pdf)
    FULLTEXT01
  • 18.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    De Guglielmo, Domenico
    University of Pisa, Italy.
    Dini, Gianluca
    University of Pisa, Italy.
    Anastasi, Giuseppe
    University of Pisa, Italy.
    Das, Sajal K.
    Missouri University of Science and Technology, USA.
    DISH: DIstributed SHuffling against selective jamming attack in IEEE 802.15.4e TSCH networks2018In: ACM transactions on sensor networks, ISSN 1550-4867, E-ISSN 1550-4859, Vol. 15, no 1, article id a3Article in journal (Refereed)
    Abstract [en]

    The MAC standard amendment IEEE 802.15.4e is designed to meet the requirements of industrial and critical applications. In particular, the Time Slotted Channel Hopping (TSCH) mode divides time into periodic, equally-sized, slotframes composed of transmission timeslots. Then, it combines timeslotted access with multi-channel and channel hopping capabilities, providing large network capacity, high reliability and predictable latency, while ensuring energy efficiency. Since every network node considers the same timeslots at each sloframe and selects physical channels according to a periodic function, TSCH produces a steady channel utilization pattern. This can be exploited by a selective jammer to entirely thwart communications of a victim node, in a way that is stealthy, effective and extremely energy efficient. This paper shows how a selective jamming attack can be successfully performed even though TSCH uses the IEEE 802.15.4e security services. Furthermore, we propose DISH, a countermeasure which randomly permutes the timeslot and channel utilization patterns at every slotframe in a consistent and completely distributed way, without requiring any additional message exchange. We have implemented DISH for the Contiki OS and tested its effectiveness onTelosB sensor nodes. Quantitative analysis for different network configurations shows that DISH effectively contrasts selective jamming with negligible performance penalty.

    Download full text (pdf)
    DISH
  • 19.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    De Guglielmo, Domenico
    University of Pisa, Italy.
    Dini, Gianluca
    University of Pisa, Italy.
    Anastasi, Giuseppe
    University of Pisa, Italy.
    Das, Sajal Kumar
    Missouri University of Science and Technology, USA.
    JAMMY: a Distributed and Dynamic Solution to Selective Jamming Attack in TDMA WSNs2015In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 14, no 4, p. 392-405Article in journal (Refereed)
    Abstract [en]

    Time Division Multiple Access (TDMA) is often used in Wireless Sensor Networks (WSNs), especially for critical applications, as it provides high energy efficiency, guaranteed bandwidth, bounded and predictable latency, and absence of collisions. However, TDMA is vulnerable to selective jamming attacks. In TDMA transmission, slots are typically pre-allocated to sensor nodes, and each slot is used by the same node for a number of consecutive superframes. Hence, an adversary could thwart a victim node’s communication by simply jamming its slot(s). Such attack turns out to be effective, energy efficient, and extremely difficult to detect. In this paper, we present JAMMY, a distributed and dynamic solution to selective jamming in TDMA-based WSNs. Unlike traditional approaches, JAMMY changes the slot utilization pattern at every superframe, thus making it unpredictable to the adversary. JAMMY is decentralized, as sensor nodes determine the next slot utilization pattern in a distributed and autonomous way. Results from performance analysis of the proposed solution show that JAMMY introduces negligible overhead yet allows multiple nodes to join the network, in a limited number of superframes.

    Download full text (pdf)
    FULLTEXT01
  • 20.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Dini, Gianluca
    University of Pisa, Italy.
    GREP: a Group REkeying Protocol Based on Member Join History2016In: 2016 IEEE Symposium on Computers and Communication (ISCC), IEEE, 2016, 9, p. 326-333, article id 7543761Conference paper (Refereed)
    Abstract [en]

    This paper presents GREP, a highly scalable and efficient group rekeying protocol with the following merits. First, it rekeys the group with only two messages, introducing an overhead which is small, constant, and independent of the group size. Second, GREP considers collusion as a first-class attack. Third, GREP efficiently recovers the group from a collusion attack without recourse to a total member reinitialization. The recovery cost smoothly grows with the group size, and gradually increases with the attack severity. GREP achieves these results by organizing nodes into logical subgroups and exploiting the history of node joining events. This allows GREP to establish a total ordering among subgroups and among nodes in each subgroup, so making collusion recovery highly scalable and efficient. We evaluate performance from several standpoints, and show that GREP is deployable in large-scale networks of customary, even resource constrained, platforms.

    Download full text (pdf)
    fulltext
  • 21.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Dini, Gianluca
    University of Pisa, Italy.
    Racciatti, Francesco
    University of Pisa, Italy.
    Stagkopoulou, Alexandra
    RISE - Research Institutes of Sweden, ICT, SICS.
    SEA++: A Framework for Evaluating the Impact of Security Attacks in OMNeT++/INET2019In: Recent Advances in Network Simulation: The OMNeT++ Environment and its Ecosystem / [ed] A. Virdis and M. Kirsche, Springer International Publishing , 2019, p. 253-278Chapter in book (Other academic)
    Abstract [en]

    This chapter presents SEA++, a simulation framework that extends OMNeT++ and the INET Framework for evaluating the impact of security attacks on networks and applications in a flexible and user-friendly way. To this end, SEA++ relies on two fundamental building blocks. First, the user describes the attacks to be evaluated by using a high-level Attack Specification Language (ASL). In particular, only the final effects of such attacks are described, rather than their actual performance. Second, the Attack Simulation Engine (ASE) takes these high-level descriptions as input and accordingly injects attack events at runtime, by means of additional software modules that seamlessly and transparently operate with the other INET modules. This allows the user to quantitatively assess the impact of cyber/physical attacks in simulated network scenarios, and hence rank them according to their severity as a support to risk assessment and selection of countermeasures. As a further advantage, the user is not required to alter any software module or application, or to implement any adversary model for the actual execution of security attacks. Finally, this chapter also includes a step-by-step explicative example showing how to set up and use SEA++ for describing attacks and assessing their impact.

    Download full text (pdf)
    fulltext
  • 22.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    Dini, Gianluca
    University of Pisa, Italy.
    Rizki, Kiki
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    Raza, Shahid
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    Group rekeying based on member join history2020In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, Vol. 19, p. 343-381Article in journal (Refereed)
    Abstract [en]

    This paper presents GREP, a novel group rekeying scheme that leverages the history of join events in order to achieve efficiency and high scalability. GREP rekeys thegroup with only two broadcast messages, hence displaying an overhead which is small, constant and independent of the group size. Also, GREP efficiently recovers the group from collusion attack with no recourse to total member reinitialization. Even in the very unlikely worst case, collusion recovery displays a smooth impact on performance that gradually increases with the attack severity. We implemented GREP for the Contiki OS and tested it on different resource-constrained platforms. Our analytical and experimental evaluation confirm that GREP is efficient, highly scalable and deployable also on constrained nodes. The paper extends a previous version of this work, especially through additional security analysis, treatise of probabilities for worst case collusion, and experimental evaluation of performance.

  • 23.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Seitz, Ludwig
    RISE, Swedish ICT, SICS.
    On Improving Resistance to Denial of Service and Key Provisioning Scalability of the DTLS Handshake2017In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, Vol. 16, no 2, p. 173-193Article in journal (Refereed)
    Abstract [en]

    DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution, and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.

    Download full text (pdf)
    FULLTEXT01
  • 24.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Seitz, Ludwig
    RISE, Swedish ICT, SICS, Security Lab.
    Robust and Scalable DTLS Session Establishment2016In: ERCIM News, ISSN 0926-4981, E-ISSN 1564-0094, p. 31-32Article in journal (Refereed)
    Abstract [en]

    The Datagram Transport Layer Security (DTLS) protocol is highly vulnerable to a form of denial-of-service attack (DoS), aimed at establishing a high number of invalid, half-open, secure sessions. Moreover, even when the efficient pre-shared key provisioning mode is considered, the key storage on the server side scales poorly with the number of clients. SICS Swedish ICT has designed a security architecture that efficiently addresses both issues without breaking the current standard.

    Download full text (pdf)
    FULLTEXT01
  • 25.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Höglund, Rikard
    RISE - Research Institutes of Sweden, ICT, SICS.
    Al Atiiq, Syafiq
    KTH Royal Institute of Technology, Sweden.
    SARDOS: Self-Adaptive Reaction against Denial of Service in the Internet of Things2018Conference paper (Refereed)
    Abstract [en]

    Denial of Service (DoS) is a common and severe security issue in computer networks. Typical DoS attacks overload servers with bogus requests, induce them to worthlessly commit resources, and even make them unable to serve legitimate clients. This is especially relevant in Internet of Things scenarios, where servers are particularly exposed and often equipped with limited resources. Although most countermeasures focus on detection and mitigation, they do not react to dynamically adapt victims' behavior, while at the same time preserving service availability. This paper presents SARDOS, a reactive security service that leverages detection mechanisms from different communication layers, and adaptively changes the operative behavior of victim servers while preserving service availability. We experimentally evaluated SARDOS with a prototype implementation running on an underclocked Raspberry Pi server. Our results show that, when running SARDOS, a server under attack displays considerably lower memory and CPU usage, while still ensuring (best-effort) fulfillment of legitimate requests.

    Download full text (pdf)
    fulltext
  • 26.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Nikitin, Kirill
    RISE, Swedish ICT, SICS.
    Raza, Shahid
    RISE, Swedish ICT, SICS, Security Lab.
    Axiom - DTLS-based secure IoT group communication2017In: ACM Transactions on Embedded Computing Systems, ISSN 1539-9087, E-ISSN 1558-3465, Vol. 16, no 3Article in journal (Refereed)
    Abstract [en]

    This article presents Axiom, a DTLS-based approach to efficiently secure multicast group communication among IoT-constrained devices. Axiom provides an adaptation of the DTLS record layer, relies on key material commonly shared among the group members, and does not require one to perform any DTLS handshake. We made a proof-of-concept implementation of Axiom based on the tinyDTLS library for the Contiki OS and used it to experimentally evaluate performance of our approach on real IoT hardware. Results show that Axiom is affordable on resource-constrained platforms and performs significantly better than related alternative approaches.

    Download full text (pdf)
    fulltext
  • 27.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Racciatti, Francesco
    University of Pisa, Italy.
    Dini, Gianluca
    University of Pisa, Italy.
    Simulative Evaluation of Security Attacks in Networked Critical Infrastructures2015In: Computer Safety, Reliability, and Security, 2015, 7, Vol. 9338, p. 314-323Conference paper (Refereed)
    Abstract [en]

    ICT is becoming a fundamental and pervasive component of critical infrastructures (CIs). Despite the advantages that it brings about, ICT also exposes CIs to a number of security attacks that can severely compromise human safety, service availability and business interests. Although it is vital to ensure an adequate level of security, it is practically infeasible to counteract all possible attacks to the maximum extent. Thus, it is important to understand attacks' impact and rank attacks according to their severity. We propose SEA++, a tool for simulative evaluation of attack impact based on the INET framework and the OMNeT++ platform. Rather than actually executing attacks, SEA++ reproduces their effects and allows to quantitatively evaluate their impact. The user describes attacks through a high-level description language and simulates their effects without any modification to the simulation platform. We show SEA++ capabilities referring to different attacks carried out against a traffic light system.

    Download full text (pdf)
    fulltext
  • 28.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Stagkopoulou, Alexandra
    KTH Royal Institute of Technology, Sweden.
    Dini, Gianluca
    University of Pisa, Italy.
    Performance and Security Evaluation of SDN Networks in OMNeT++/INET2016In: Proceedings of the 3rd OMNeT++ Community Summit, 2016, 14Conference paper (Refereed)
    Abstract [en]

    Software Defined Networking (SDN) has been recently introduced as a new communication paradigm in computer networks. By separating the control plane from the data plane and entrusting packet forwarding to straightforward switches, SDN makes it possible to deploy and run networks which are more flexible to manage and easier to configure. This paper describes a set of extensions for the INET framework, which allow researchers and network designers to simulate SDN architectures and evaluate their performance and security at design time. Together with performance evaluation and design optimization of SDN networks, our extensions enable the simulation of SDN-based anomaly detection and mitigation techniques, as well as the quantitative evaluation of cyber-physical attacks and their impact on the network and application. This work is an ongoing research activity, and we plan to propose it for an official contribution to the INET framework.

    Download full text (pdf)
    FULLTEXT01
1 - 28 of 28
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf