Göran Selander

Authorization framework for the Internet-of-Things

This paper describes a framework that allows fine-grained and flexible access control to connected devices with very limited processing power and memory. We propose a set of security and performance requirements for this setting and derive an authorization framework distributing processing costs between constrained devices and less constrained back-end servers while keeping message exchanges with the constrained devices at a minimum. As a proof of concept we present performance results from a prototype implementing the device part of the framework.

S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things

DTLS is becoming the de facto standard for communication security in the Internet of Things (IoT). In order to run the DTLS protocol, one needs to establish keys between the communicating devices. The default method of key establishment requires X.509 certificates and a Public Key Infrastructure, an approach which is often too resource consuming for small IoT devices. DTLS also supports the use of preshared keys and raw public keys. These modes are more lightweight, but they are not scalable to a large number of devices.

New paradigms for access control in constrained environments

The Internet of Things (IoT) is here, more than 10 billion units are already connected and five times more devices are expected to be deployed in the next five years. Technological standarization and the management and fostering of rapid innovation by governments are among the main challenges of the IoT. However, security and privacy are the key to make the IoT reliable and trusted. Security mechanisms for the IoT should provide features such as scalability, interoperability and lightness. This paper addresses authentication and access control in the frame of the IoT. It presents Physical Unclonable Functions (PUF), which can provide cheap, secure, tamper-proof secret keys to authentify constrained M2M devices. To be successfully used in the IoT context, this technology needs to be embedded in a standardized identity and access management framework. On the other hand, Embedded Subscriber Identity Module (eSIM) can provide cellular connectivity with scalability, interoperability and standard compliant security protocols. The paper discusses an authorization scheme for a constrained resource server taking advantage of PUF and eSIM features. Concrete IoT uses cases are discussed (SCADA and building automation).

Ambient Network Attachment

The efficiency of network attachment plays a crucial role in the performance of accessing services in new environments. As an example, when a moving network is changing its location relative to attachment points, the detection of the candidate access networks along with their properties and security relationships needs to be carefully managed. This paper presents the framework and mechanisms for network attachment of Ambient Networks. Different steps required for optimizing the network attachment procedure are studied, and a secure network attachment protocol is proposed.

Privacy in machine-to-machine communications A state-of-the-art survey

With the rapid deployment of M2M services, countless smart “things” with sensing and communication capabilities are collecting data about the physical world we live in. These data can be used by various service providers to make their services more customized with high quality. On the other hand the availability of personal information raises serious concerns over individual privacy. In order to prevent unauthorized identification, localization and tracking of humans and things, privacy preserving mechanisms must be an integral part of M2M based systems. This survey gives an overview of existing approaches to information privacy, focusing on technical solutions.

Secure and efficient LBIST for feedback shift register-based cryptographic systems

Cryptographic methods are used to protect confidential information against unauthorised modification or disclo-sure. Cryptographic algorithms providing high assurance exist, e.g. AES. However, many open problems related to assuring security of a hardware implementation of a cryptographic algorithm remain. Security of a hardware implementation can be compromised by a random fault or a deliberate attack. The traditional testing methods are good at detecting random faults, but they do not provide adequate protection against malicious alterations of a circuit known as hardware Trojans. For example, a recent attack on Intels Ivy Bridge processor demonstrated that the traditional Logic Built-In Self-Test (LBIST) may fail even the simple case of stuck-at fault type of Trojans. In this paper, we present a novel LBIST method for Feedback Shift Register (FSR)-based cryptographic systems which can detect such Trojans. The specific properties of FSR-based cryptographic systems allow us to reach 100% single stuck-at fault coverage with a small set of deterministic tests. The test execution time of the proposed method is at least two orders of magnitude shorter than the one of the pseudo-random pattern-based LBIST. Our results enable an efficient protection of FSR-based cryptographic systems from random and malicious stuck-at faults.

Message Authentication Based on Cryptographically Secure CRC without Polynomial Irreducibility Test

In this paper, we present a message authentication scheme based on cryptographically secure cyclic redundancy check (CRC). Similarly to previously proposed cryptographically secure CRCs, the presented one detects both random and malicious errors without increasing bandwidth. The main difference from previous approaches is that we use random instead of irreducible generator polynomials. This eliminates the need for irreducibility tests. We provide a detailed quantitative analysis of the achieved security as a function of message and CRC sizes. The results show that the presented scheme is particularly suitable for the authentication of short messages.

Decentralized Access Control Management for Network Configuration

Configuration management is of great importance for network operators and service providers today. Sharing of resources between business parties with conflicting interests is a reality and raises many issues with respect to configuration management. One issue is access control to configuration data. A network operator or service provider needs appropriate tools, not only to control its networked resources, but also to specify how this control should be exercised. We propose an access control model for the IETF NETCONF network configuration protocol, based on the OASIS XACML access control standard, which allows a flexible and fine-grained control for NETCONF commands. Our approach does not require any additions to the NETCONF protocol and is independent of the configuration’s data-model. Furthermore our approach can easily be extended to cover new NETCONF functionality.

Lightweight Message Authentication for Constrained Devices

Message Authentication Codes (MACs) used in todays wireless communication standards may not be able to satisfy resource limitations of simpler 5G radio types and use cases such as machine type communications. As a possible solution, we present a lightweight message authentication scheme based on the cyclic redundancy check (CRC). It has been previously shown that a CRC with an irreducible generator polynomial as the key is an ϵ-almost XOR-universal (AXU) hash function with ϵ = (m + n)/2n-1, where m is the message size and n is the CRC size. While the computation of n-bit CRCs can be efficiently implemented in hardware using linear feedback shift registers, generating random degree-n irreducible polynomials is computationally expensive for large n. We propose using a product of k irreducible polynomials whose degrees sum up to n as a generator polynomial for an n-bit CRC and show that the resulting hash functions are ϵ-AXU with ϵ = (m + n)k/2n-k. The presented message authentication scheme can be seen as providing a trade-off between security and implementation efficiency.

A random access procedure based on tunable puzzles

In a radio network, a denial-of-service attack or an attach storm after a temporary outage may cause severe access network overload. Unavailability of radio network services for its subscribing users causes dissatisfaction among the users and should be prevented. The problem is likely to become even more acute with the growth of Internet-of-Things applications that are expected to support critical infrastructure. In this paper, we present a new random access procedure based on tunable puzzles. Tunable puzzles provide the means to balance the load on the access network, prioritize certain devices, and localize radio resources for subsequent transmissions. By tuning the difficulty of puzzles, a base station can control the period of time before a device can send its next message. The prioritization by means of puzzles creates considerably less extra load on the base station compared to other alternatives, e.g. by using authentication. Encoding of radio resources in the puzzle solution enables a more efficient use of communication and processing resources. In addition, it gives malicious devices no incentive to guess the solution, since any solution other than the intended one fails to convey the information enabling the device to proceed further.