The Authentication and Authorization for ConstrainedEnvironments (ACE) framework provides fine-grainedaccess control in the Internet of Things, where devices areresource-constrained and with limited connectivity. The ACEframework defines separate profiles to specify how exactlyentities interact and what security and communication protocolsto use. This paper presents the novel ACE IPsec profile, whichspecifies how a client establishes a secure IPsec channel witha resource server, contextually using the ACE framework toenforce authorized access to remote resources. The profilemakes it possible to establish IPsec Security Associations, eitherthrough their direct provisioning or through the standardIKEv2 protocol. We provide the first Open Source implementationof the ACE IPsec profile for the Contiki OS and testit on the resource-constrained Zolertia Firefly platform. Ourexperimental performance evaluation confirms that the IPsecprofile and its operating modes are affordable and deployablealso on constrained IoT platforms.
The 6TiSCH architecture has been gaining attraction as a promising solution to ensure reliability and security for communication in applications for the Industrial Internet of Things (IIoT). While many different aspects of the architecture have been investigated in literature, an in-depth analysis of the security features included in its design is still missing. In this paper, we assess the security vulnerabilities of the 6top protocol, a core component of the 6TiSCH architecture for enabling network nodes to negotiate communication resources. Our analysis highlights two possible attacks against the 6top protocol that can impair network performance and reliability in a significant manner. To prove the feasibility of the attacks in practice, we implemented both of them on the Contiki-NG Operating System and tested their effectiveness on a simple deployment with three Zolertia RE-Mote sensor nodes. Also, we carried out a set of simulations using Cooja in order to assess their impact on larger networks. Our results show that both attacks reduce reliability in the overall network and increase energy consumption of the network nodes.
Internet of Things (IoT) commonly identifies the upcoming network society where all connectable devices will be able to communicate with one another. In addition, IoT devices are supposed to be directly connected to the Internet, and many of them are likely to be battery powered. Hence, they are particularly vulnerable to Denial of Service (DoS) attacks specifically aimed at quickly draining battery and severely reducing device lifetime. In this paper, we propose SMACK, a security service which efficiently identifies invalid messages early after their reception, by checking a short and lightweight Message Authentication Code (MAC). So doing, further useless processing on invalid messages can be avoided, thus reducing the impact of DoS attacks and preserving battery life. In particular, we provide an adaptation of SMACK for the standard Constrained Application Protocol (CoAP). Finally, we experimentally evaluate SMACK performance through our prototype implementation for the resource constrained CC2538 platform. Our results show that SMACK is efficient and affordable in terms of memory requirements, computing time, and energy consumption.
Security is getting an ever increasingly important issue in cyber-physical systems comprising autonomous systems. However, it is not possible to defend from all possible attacks for cost and performance reasons. An attack ranking is thus necessary. We propose a simulative framework that makes it possible to rank attacks according to their impact. We also describe a case study to assert its usefulness and effectiveness.
The Constrained Application Protocol (CoAP) is a standard communication protocol for resource-constrained devices in the Internet of Things (IoT). Many IoT deployments require proxies to support asynchronous communication between edge devices and the back-end. This allows (non-trusted) proxies to access sensitive parts of CoAP messages. Object Security for Constrained RESTful Environments (OSCORE) is a recent standard protocol that provides end-to-end security for CoAP messages at the application layer. Unlike the commonly used standard Datagram Transport Layer Security (DTLS), OSCORE efficiently provides selective integrity protection and encryption on different parts of CoAP messages. Thus, OSCORE enables end-to-end security through intermediary (non-trusted) proxies, while still allowing them to perform their expected services, with considerable security and privacy improvements.
To assess whether these security features consume too much of the limited resources available on a constrained device, we have implemented OSCORE (the implementation is available as open-source), and evaluated its efficiency. This paper provides a comprehensive, comparative and experimental performance evaluation of OSCORE on real resource-constrained IoT devices, using the operating system Contiki-NG as IoT software platform. In particular, we experimentally evaluated the efficiency of our OSCORE implementation on resource-constrained devices running Contiki-NG, in comparison with the DTLS implementation TinyDTLS maintained by the Eclipse Foundation. The evaluation results show that our OSCORE implementation displays moderately better performance than TinyDTLS, in terms of per-message network overhead, memory usage, message round-trip time and energy efficiency, thus providing the security improvements of OSCORE with no additional performance penalty.
The Constrained Application Protocol (CoAP) is a major application-layer protocol for the Internet of Things (IoT). The recently standardized security protocol Object Security for Constrained RESTful Environments (OSCORE) efficiently provides end-to-end security of CoAP messages at the application layer, also in the presence of untrusted intermediaries. At the same time, CoAP supports one-to-many communication, targeting use cases such as smart lighting and building automation, firmware update, or emergency broadcast. Securing group communication for CoAP has additional challenges. It can be done using the novel Group Object Security for Constrained RESTful Environments (Group OSCORE) security protocol, which fulfills the same security requirements of OSCORE in group communication environments. While evaluations of OSCORE are available, no studies exist on the performance of Group OSCORE on resource-constrained IoT devices.This article presents the results of our extensive performance evaluation of Group OSCORE over two popular constrained IoT platforms, namely Zolertia Zoul and TI Simplelink. We have implemented Group OSCORE for the Contiki-NG operating system and made our implementation available as open source software. We compared Group OSCORE against unprotected CoAP as well as OSCORE. To the best of our knowledge, this is the first comprehensive and experimental evaluation of Group OSCORE over real constrained IoT devices. © 2022 Copyright held by the owner/author(s).
Power supply infrastructures are facing radical changes. The introduction of Information and Communication Technologies (ICT) into power grids will allow to automatically monitor and control the power demand and supply. This concept is generally referred to as Smart Grid, and is expected to exponentially grow during the coming years. However, ICT systems are increasingly subject to security cyber attacks, which can have a disruptive impact on the whole power grid, and put people’s safety and business interests at risk. This report covers background information on the smart grid with focus on smart metering in particular. Important aspects such as security and life-cycle management are covered. In addition, the typical smart grid components and communication protocols are surveyed.
The standard Constrained Application Protocol (CoAP) is a lightweight, web-transfer protocol based on the REST paradigm and specifically suitable for constrained devices and the Internet-of-Things. Object Security for Constrained RESTful Environment (OSCORE) is a standard, lightweight security protocol that provides end-to-end protection of CoAP messages. A number of methods exist for managing keying material for OSCORE, as to its establishment and update. This paper provides a detailed comparison of such methods, in terms of their features, limitations and security properties. Also, it especially considers the new key update protocol KUDOS, for which it provides a more extended discussion about its features and mechanics, as well as a formal verification of its security properties.
Communication security of an Internet-of-Things (IoT) product depends on the variety of protocols employed throughout its lifetime. The underlying low-power radio communication technologies impose constraints on maximum transmission units and data rates. Surpassing maximum transmission unit thresholds has an important effect on the efficiency of the solution: transmitting multiple fragments over low-power IoT radio technologies is often prohibitively expensive. Furthermore, IoT communication paradigms such as one-to-many require novel solutions to support the applications executing on constrained devices. Over the last decade, the Internet Engineering Task Force (IETF) has been working through its various Working Groups on defining lightweight protocols for Internet-of-Things use cases. “Lightweight” refers to the minimal processing overhead, memory footprint and number of bytes in the air, compared to the protocol counterparts used for non-constrained devices in the Internet. This article overviews the standardization efforts in the IETF on lightweight communication security protocols. It introduces EDHOC, a key exchange protocol, OSCORE and Group OSCORE, application data protection protocols adapted for securing IoT applications. The article additionally highlights the design considerations taken into account during the design of these protocols, an aspect not present in the standards documents. Finally, we present an evaluation of these protocols in terms of the message sizes and compare with the non-constrained counterpart, the (D)TLS protocol. We demonstrate that the novel key exchange protocol EDHOC achieves ×5 reduction over DTLS 1.3 authenticated with pre-shared keys in terms of total number of bytes transmitted over the air, while keeping the benefits of authentication with asymmetric credentials.
Emerging fine-grained cloud resource billing creates incentives to review the software execution footprint in virtual environments. Operators can use novel virtual execution environments with ever lower overhead: from virtual machines to containers, to unikernels and serverless functions. However, the execution footprint of security mechanisms in virtualized deployments has either remained the same or even increased. In this demo, we present a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints
Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its prototype implementation. Our evaluation shows that Florwider uses up to an order of magnitude less CPU to establish a TLS session while preventing by construction some known attacks.
The standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked.
The 6TiSCH architecture defined by the IETF provides a standard solution for extending the Internet of Things (IoT) paradigm to industrial applications with stringent reliability and timeliness requirements. In this context, communication security is another crucial requirement, which is currently less investigated in the literature. In this article, we present a deep assessment of the security vulnerabilities of 6P, the protocol used for resource negotiation at the core of the 6TiSCH architecture. Specifically, we highlight two possible attacks against 6P, namely the Traffic Dispersion and the Overloading attacks. These two attacks effectively and stealthy alter the communication schedule of victim nodes and severely thwart network basic functionalities and efficiency, by specifically impacting network availability and energy consumption of victim nodes. To assess the impact of the attacks two analytical models have been defined, while, to demonstrate their feasibility, they have been implemented in Contiki-NG. The implementation has been used to quantitatively evaluate the impact of the two attacks by both simulations and measurements in a real testbed. Our results show that the impact of both attacks may be very significant. The impact, however, strongly depends on the position of the victim node(s) in the network and it is highly influenced by the dynamics of the routing protocol. We have investigated mitigation strategies to alleviate this impact and proposed an extended version of the Minimal Scheduling Function (MSF), i.e., the reference scheduling algorithm for 6TiSCH. This allows network nodes to early detect anomalies in their schedules possibly due to an Overloading attack, and thus curb the attack impact by appropriately revising their schedule.
This paper presents Group-IKEv2, a group key management protocol supporting secure group communication based on multicast IPsec. Group-IKEv2 is an adaptation of the IKEv2 protocol for the IPsec suite, and is especially designed to address internet of things (IoT) scenarios composed of resource-constrained devices. Compared to static approaches, Group-IKEv2 enables dynamic and flexible establishment of IPsec group security associations as well as group key material. Also, it integrates the management and renewal of group key material, both on a periodical fashion and upon group membership changes. We have implemented Group-IKEv2 for the Contiki OS and tested it on the OpenMote resource-constrained platform. Our experimental performance evaluation confirms that Group-IKEv2 is affordable and deployable also on constrained IoT devices.
This paper analyzes the problem and requirements of securely distributing software updates over the Internet, to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures controlling a physical system, such as power grids and water supply systems. We present a novel approach that allows to securely distribute software updates of different types, e.g., device firmware and customer applications, and from sources of different type, e.g., device operators, device manufacturers and third-party library providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update process, while ensuring both authenticity and confidentiality of the distributed software updates.
DTLS is a standardized security protocol designed to provide end-to-end secure communication among two peers, and particularly considered for the emerging Internet of Things. In order to protect group communication, the IETF is currently working on a method to secure multicast messages through the same DTLS security services. However, such an approach relies on traditional DTLS sessions to protect unicast responses to multicast messages. This increases the amount of security material stored by group members and can have a relevant impact on network performance. In this paper we propose an extension to the IETF approach which allows to efficiently protect group responses by reusing the same group key material. Our proposal does not require to establish additional DTLS sessions, thus preserving high communication performance within the group and limiting storage overhead on group members. Furthermore, we discuss a suitable key management policy to provision and renew group key material.
The MAC standard amendment IEEE 802.15.4e is designed to meet the requirements of industrial and critical applications. In particular, the Time Slotted Channel Hopping (TSCH) mode divides time into periodic, equally-sized, slotframes composed of transmission timeslots. Then, it combines timeslotted access with multi-channel and channel hopping capabilities, providing large network capacity, high reliability and predictable latency, while ensuring energy efficiency. Since every network node considers the same timeslots at each sloframe and selects physical channels according to a periodic function, TSCH produces a steady channel utilization pattern. This can be exploited by a selective jammer to entirely thwart communications of a victim node, in a way that is stealthy, effective and extremely energy efficient. This paper shows how a selective jamming attack can be successfully performed even though TSCH uses the IEEE 802.15.4e security services. Furthermore, we propose DISH, a countermeasure which randomly permutes the timeslot and channel utilization patterns at every slotframe in a consistent and completely distributed way, without requiring any additional message exchange. We have implemented DISH for the Contiki OS and tested its effectiveness onTelosB sensor nodes. Quantitative analysis for different network configurations shows that DISH effectively contrasts selective jamming with negligible performance penalty.
Time Division Multiple Access (TDMA) is often used in Wireless Sensor Networks (WSNs), especially for critical applications, as it provides high energy efficiency, guaranteed bandwidth, bounded and predictable latency, and absence of collisions. However, TDMA is vulnerable to selective jamming attacks. In TDMA transmission, slots are typically pre-allocated to sensor nodes, and each slot is used by the same node for a number of consecutive superframes. Hence, an adversary could thwart a victim node’s communication by simply jamming its slot(s). Such attack turns out to be effective, energy efficient, and extremely difficult to detect. In this paper, we present JAMMY, a distributed and dynamic solution to selective jamming in TDMA-based WSNs. Unlike traditional approaches, JAMMY changes the slot utilization pattern at every superframe, thus making it unpredictable to the adversary. JAMMY is decentralized, as sensor nodes determine the next slot utilization pattern in a distributed and autonomous way. Results from performance analysis of the proposed solution show that JAMMY introduces negligible overhead yet allows multiple nodes to join the network, in a limited number of superframes.
This paper presents GREP, a highly scalable and efficient group rekeying protocol with the following merits. First, it rekeys the group with only two messages, introducing an overhead which is small, constant, and independent of the group size. Second, GREP considers collusion as a first-class attack. Third, GREP efficiently recovers the group from a collusion attack without recourse to a total member reinitialization. The recovery cost smoothly grows with the group size, and gradually increases with the attack severity. GREP achieves these results by organizing nodes into logical subgroups and exploiting the history of node joining events. This allows GREP to establish a total ordering among subgroups and among nodes in each subgroup, so making collusion recovery highly scalable and efficient. We evaluate performance from several standpoints, and show that GREP is deployable in large-scale networks of customary, even resource constrained, platforms.
This chapter presents SEA++, a simulation framework that extends OMNeT++ and the INET Framework for evaluating the impact of security attacks on networks and applications in a flexible and user-friendly way. To this end, SEA++ relies on two fundamental building blocks. First, the user describes the attacks to be evaluated by using a high-level Attack Specification Language (ASL). In particular, only the final effects of such attacks are described, rather than their actual performance. Second, the Attack Simulation Engine (ASE) takes these high-level descriptions as input and accordingly injects attack events at runtime, by means of additional software modules that seamlessly and transparently operate with the other INET modules. This allows the user to quantitatively assess the impact of cyber/physical attacks in simulated network scenarios, and hence rank them according to their severity as a support to risk assessment and selection of countermeasures. As a further advantage, the user is not required to alter any software module or application, or to implement any adversary model for the actual execution of security attacks. Finally, this chapter also includes a step-by-step explicative example showing how to set up and use SEA++ for describing attacks and assessing their impact.
This paper presents GREP, a novel group rekeying scheme that leverages the history of join events in order to achieve efficiency and high scalability. GREP rekeys thegroup with only two broadcast messages, hence displaying an overhead which is small, constant and independent of the group size. Also, GREP efficiently recovers the group from collusion attack with no recourse to total member reinitialization. Even in the very unlikely worst case, collusion recovery displays a smooth impact on performance that gradually increases with the attack severity. We implemented GREP for the Contiki OS and tested it on different resource-constrained platforms. Our analytical and experimental evaluation confirm that GREP is efficient, highly scalable and deployable also on constrained nodes. The paper extends a previous version of this work, especially through additional security analysis, treatise of probabilities for worst case collusion, and experimental evaluation of performance.
DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution, and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.
The Datagram Transport Layer Security (DTLS) protocol is highly vulnerable to a form of denial-of-service attack (DoS), aimed at establishing a high number of invalid, half-open, secure sessions. Moreover, even when the efficient pre-shared key provisioning mode is considered, the key storage on the server side scales poorly with the number of clients. SICS Swedish ICT has designed a security architecture that efficiently addresses both issues without breaking the current standard.
Denial of Service (DoS) is a common and severe security issue in computer networks. Typical DoS attacks overload servers with bogus requests, induce them to worthlessly commit resources, and even make them unable to serve legitimate clients. This is especially relevant in Internet of Things scenarios, where servers are particularly exposed and often equipped with limited resources. Although most countermeasures focus on detection and mitigation, they do not react to dynamically adapt victims' behavior, while at the same time preserving service availability. This paper presents SARDOS, a reactive security service that leverages detection mechanisms from different communication layers, and adaptively changes the operative behavior of victim servers while preserving service availability. We experimentally evaluated SARDOS with a prototype implementation running on an underclocked Raspberry Pi server. Our results show that, when running SARDOS, a server under attack displays considerably lower memory and CPU usage, while still ensuring (best-effort) fulfillment of legitimate requests.
This article presents Axiom, a DTLS-based approach to efficiently secure multicast group communication among IoT-constrained devices. Axiom provides an adaptation of the DTLS record layer, relies on key material commonly shared among the group members, and does not require one to perform any DTLS handshake. We made a proof-of-concept implementation of Axiom based on the tinyDTLS library for the Contiki OS and used it to experimentally evaluate performance of our approach on real IoT hardware. Results show that Axiom is affordable on resource-constrained platforms and performs significantly better than related alternative approaches.
ICT is becoming a fundamental and pervasive component of critical infrastructures (CIs). Despite the advantages that it brings about, ICT also exposes CIs to a number of security attacks that can severely compromise human safety, service availability and business interests. Although it is vital to ensure an adequate level of security, it is practically infeasible to counteract all possible attacks to the maximum extent. Thus, it is important to understand attacks' impact and rank attacks according to their severity. We propose SEA++, a tool for simulative evaluation of attack impact based on the INET framework and the OMNeT++ platform. Rather than actually executing attacks, SEA++ reproduces their effects and allows to quantitatively evaluate their impact. The user describes attacks through a high-level description language and simulates their effects without any modification to the simulation platform. We show SEA++ capabilities referring to different attacks carried out against a traffic light system.
Software Defined Networking (SDN) has been recently introduced as a new communication paradigm in computer networks. By separating the control plane from the data plane and entrusting packet forwarding to straightforward switches, SDN makes it possible to deploy and run networks which are more flexible to manage and easier to configure. This paper describes a set of extensions for the INET framework, which allow researchers and network designers to simulate SDN architectures and evaluate their performance and security at design time. Together with performance evaluation and design optimization of SDN networks, our extensions enable the simulation of SDN-based anomaly detection and mitigation techniques, as well as the quantitative evaluation of cyber-physical attacks and their impact on the network and application. This work is an ongoing research activity, and we plan to propose it for an official contribution to the INET framework.