Christopher Huth

Securing systems on the Internet of Things via physical properties of devices and communications

The Internet of Things (IoT) is an emerging trend that generates many new challenges in security and privacy through the interconnect of ubiquitous devices and services over the Internet. Depending on the device and its strict constraints in the IoT, one often needs to refrain from implementing costly public key cryptography to solve the key distribution problem. In this context, Physical Unclonable Functions (PUF) have been identified as a promising replacement that uses already present physical properties of the device. For encryption and authentication services, we combine this technology with Physical Key Generation (PKG) over wireless communication that leverages physical properties of the communications channel. Note that PKG uses same or similar components as PUFs, rendering the combination of both cheap compared to common public-key cryptography such as RSA or ECC. To the best of our knowledge, this is the first approach to combine both technologies to provide confidentiality and authenticity of devices for a lightweight key distribution mechanism. To demonstrate the validity and usefulness of our approach, we derive a generalized architecture for smart home systems and adopt our approach to this scenario.

Secure software update and IP protection for untrusted devices in the Internet of Things via physically unclonable functions

We are on the brink of a new era, the Internet of Things. Security threats will rise with an increasing number of devices, since typical sensor nodes refrain from resource intense, seasoned security measures. Hence, we have to assume that sensor nodes will receive software updates more frequently. Particularly IP providers in the emerging market of specialized software will want their software protected during an update process. We propose a novel protocol by integrating different trust establishing techniques, to allow secure software updates on nodes already infected with malware. In short, a device has to prove the erasure of its memory within a time constraint and a physically unclonable function binds the newly downloaded software IP to the target platform. We surveyed several commercial smart home systems and analysed the security of our protocol. Compared to existing solutions, our protocol offers stronger IP protection under a more powerful attacker model, while the implementation costs are comparable to those of the existing protocols.

Information reconciliation schemes in physical-layer security

Information reconciliation is an essential part of physical-layer based key agreement. It enables the equalization of similar, but disagreeing channel observations of respective communicating parties. Due to a broad variety of underlying mathematical constructions and a large parameter space, there is a lack of systematic classification of the individual schemes. To address this issue, we present an extensive survey of existing protocols. Furthermore, we derive a generalized layer model for information reconciliation, show how existing approaches map to this model and how it supports future research work in this field.

MEMS Gyroscopes as Physical Unclonable Functions

A key requirement for most security solutions is to provide secure cryptographic key storage in a way that will easily scale in the age of the Internet of Things. In this paper, we focus on providing such a solution based on Physical Unclonable Functions (PUFs). To this end, we focus on microelectromechanical systems (MEMS)-based gyroscopes and show via wafer-level measurements and simulations, that it is feasible to use the physical and electrical properties of these sensors for cryptographic key generation. After identifying the most promising features, we propose a novel quantization scheme to extract bit strings from the MEMS analog measurements. We provide upper and lower bounds for the minimum entropy of the derived bit strings and fully analyze the intra- and inter-class distributions across the operation range of the MEMS device. We complement these measurements via Monte-Carlo simulations based on the distributions of the parameters measured on actual devices. We also propose and evaluate a complete cryptographic key generation chain based on fuzzy extractors. We derive a full entropy 128-bit key using the obtained min-entropy estimates, requiring 1219 bits of helper data with an (authentication) failure probability of 4 . 10-7. In addition, we propose a dedicated MEMS-PUF design, which is superior to our measured sensor, in terms of chip area, quality and quantity of key seed features.

Secure and Private, yet Lightweight, Authentication for the IoT via PUF and CBKA

The Internet of Things IoT is boon and bane. It offers great potential for new business models and ecosystems, but raises major security and privacy concerns. Because many IoT systems collect, process, and store personal data, a secure and privacy-preserving identity management is of utmost significance. Yet, strong resource limitations of IoT devices render resource-hungry public-key cryptography infeasible. Additionally, the security model of IoT enforces solutions to work under memory-leakage attacks. Existing constructions address either the privacy issue or the lightweightness, but not both. Our work contributes towards bridging this gap by combining physically unclonable functions PUFs and channel-based key agreement CBKA: i We show a flaw in a PUF-based authentication protocol, when outsider chosen perturbation security cannot be guaranteed. ii We present a solution to this flaw by introducing CBKA with an improved definition. iii We propose a provably secure and lightweight authentication protocol by combining PUFs and CBKA.

Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks

Increased connectivity increases the attack vector. This also applies to connected vehicles in which vulnerabilities not only threaten digital values but also humans and the environment. Typically, attackers try to exploit the Controller Area Network (CAN) bus, which is the most widely used standard for internal vehicle communication. Once an Electronic Control Unit (ECU) connected to the CAN bus is compromised, attackers can manipulate messages at will. The missing sender authentication by design of the CAN bus enables adversarial access to vehicle functions with severe consequences. In order to address this problem, we propose Scission, an Intrusion Detection System (IDS) which uses fingerprints extracted from CAN frames, enabling the identification of sending ECUs. Scission utilizes physical characteristics from analog values of CAN frames to assess whether it was sent by the legitimate ECU. In addition, to detect comprised ECUs, the proposed system is able to recognize attacks from unmonitored and additional devices. We show that Scission is able to identify the sender with an average probability of 99.85%, during the evaluation on two series production cars and a prototype setup. Due to the robust design of the system, the evaluation shows that all false positives were prevented. Compared to previous approaches, we have significantly reduced hardware costs and increased identification rates, which enables a broad application of this technology.

Securing Systems With Indispensable Entropy: LWE-Based Lossless Computational Fuzzy Extractor for the Internet of Things

With the advent of the Internet of Things, lightweight devices necessitate secure and cost-efficient key storage. Since traditional secure key storage is expensive, novel solutions have been developed based on the idea of deriving the key from noisy entropy sources. Such sources when combined with fuzzy extractors allow cryptographically strong key derivation. Information theoretic fuzzy extractors require large amounts of input entropy to account for entropy loss in the key extraction process. It has been shown by Fuller et al. (ASIACRYPT’13) that the entropy loss can be reduced if the requirement is relaxed to computational security based on the hardness of the Learning with Errors problem. Using this computational fuzzy extractor, we show how to construct a device-server authentication system providing outsider chosen perturbation security and pre-application robustness. We present the first implementation of a lossless computational fuzzy extractor, where the entropy of the source equals the entropy of the key on a constrained device. The implementation needs only 1.45 KB of SRAM and 9.8 KB of Flash memory on an 8-b microcontroller. Furthermore, we also show how a device-server authentication system can be constructed and efficiently implemented in our system. We compare our implementation to existing work in terms of security, while achieving no entropy loss.

On the Fingerprinting of Electronic Control Units Using Physical Characteristics in Controller Area Networks

More and more connected features, like up-to-date maps or car-to-car communication, are added to our vehicles. Besides comfort and environmental benefits, those connections also enable attackers to cause high damages, as Miller and Valasek had shown with their remote hack of a Jeep Cherokee [MV15]. The exploited vulnerability caused a recall of 1.4 million vehicles. Such attacks are possible since no security mechanisms and no sender information are present in the Controller Area Network. Unfortunately, classical cryptographic algorithms cannot be added easily, due to its small payload size. A promising opportunity to increase security is to exploit physical information included in the received messages by extracting fingerprints. These allow to identify the sender of received messages, what can enhance detection or prevention of attacks. In the following, we impart the needed background and give an overview of the two known approaches to expand the Controller Area Network with sender identification.

On the Energy Cost of Channel Based Key Agreement

Besides security, energy consumption is a major concern for devices in the Internet of Things (IoT). We compare the energy consumption of two key agreement schemes -- Channel-Based Key Agreement (CBKA) and Elliptic Curve Diffie-Hellman (ECDH) -- in the IoT setting, using Wi-Fi as wireless communication interface. While ECDH is a well-studied protocol, CBKA has received attention only in recent years. Several publications proposed CBKA as a low-energy alternative to ECDH, but they did not address the energy cost of communication. For a fair comparison, we implemented the schemes on a 32-bit ARM Cortex M3-based IoT platform and measured the respective energy consumption for computation and communication. Our results show that the limiting factor for CBKA over Wi-Fi is the energy cost of communication, in particular the cost of acquiring the Received Signal Strength Indicator (RSSI) values. Even in an optimal scenario, CBKA must not measure more than ca. 300 RSSI values to be more energy efficient than ECDH. This is at most 1/5 of RSSI values required by CBKA implementations reported in the literature. As an optimization, we present a refined CBKA protocol which can save up to 25% of the energy compared to existing protocols by exploiting inherent data exchanges for entropy extraction.