Jani Suomalainen

Security associations in personal networks: a comparative analysis

Introducing a new device to a network or to another device is one of the most security critical phases of communication in personal networks. There have been several different proposals to make this process of associating devices both easy-to-use and secure. Some of them have been adapted by emerging standard specifications. In this paper, we first present a taxonomy of protocols for creating security associations in personal networks. We then make use of this taxonomy in surveying and comparing association models proposed in several emerging standards. We also identify new potential attack scenarios.

Standards for security associations in personal networks: a comparative analysis

Introducing a new device to a network or to another device is one of the most security critical phases of communication in personal networks. It is particularly challenging to make this process of associating devices easy-to-use, secure and inexpensive at the same time. A cornerstone of this process is key establishment. In this paper, we first present a taxonomy of protocols for key establishment in personal networks as well as describe and analyse specific protocols. We then use this taxonomy in surveying and comparing association models proposed in several emerging standards from security, usability and implementability perspectives.

Secure information sharing between heterogeneous embedded devices

Smart spaces are dynamic environments for sharing information e.g. in personal, building, or public networks. Key challenges for smart spaces include security and interoperability between heterogeneous devices, from high-end PCs to embedded gadgets and sensors. We propose a novel security architecture, which enables heterogeneous devices to share data in controlled manner. Centralized information brokering device is used to measure security level of published information. These measurements are then used to authorize information access. Hence, the architecture enables devices to share information with the same security level even when these devices do not have interoperable security protocols. We propose policy configuration and deployment models, which are feasible and usable with embedded devices. We also describe our practical experiences from implementing the proposed security solution for smart spaces.

Architecture and Knowledge-Driven Self-Adaptive Security in Smart Space

Dynamic and heterogeneous smart spaces cause challenges for security because it is impossible to anticipate all the possible changes at design-time. Self-adaptive security is an applicable solution for this challenge. This paper presents an architectural approach for security adaptation in smart spaces. The approach combines an adaptation loop, Information Security Measuring Ontology (ISMO) and a smart space security-control model. The adaptation loop includes phases to monitor, analyze, plan and execute changes in the smart space. The ISMO offers input knowledge for the adaptation loop and the security-control model enforces dynamic access control policies. The approach is novel because it defines the whole adaptation loop and knowledge required in each phase of the adaptation. The contributions are validated as a part of the smart space pilot implementation. The approach offers reusable and extensible means to achieve adaptive security in smart spaces and up-to-date access control for devices that appear in the space. Hence, the approach supports the work of smart space application developers.

Smartphone assisted security pairings for the Internet of Things

World-wide connectivity of all kinds of embedded devices and computers - the Internet of Things (IoT) - is opening new opportunities for everyday applications. However, connecting networked devices with limited user-interaction capabilities and interfaces securely to remote Internet services is challenging. Existing solutions for security pairing, based e.g. on passwords, trusted certification authorities, or physical connection, are not feasible when devices have long distance and have not interfaces for inputting passwords or secrets keys. This paper analyzes approaches for pairing these interface restricted devices. We explore challenges in device pairing in IoT and possibilities to use smartphones as mediators to establish security associations easily. We contribute by analyzing how user-friendly security establishment approaches - out-of-band or unauthenticated location-based pairing - can be applied in situations where a counterparty is far away or has incompatible interfaces.

Security Solutions for Smart Spaces

Smart spaces enable heterogeneous devices to cooperate dynamically in various environments. They can be used, for instance, in personal, home, office or public networks to share information between devices ranging from sensors and embedded gadgets to PCs, servers, mobile phones and entertainment electronics. However, before smart spaces can be used in multi-user environments they must provide feasible solutions for access control and privacy as well as for authenticity and confidentiality of communication. In this paper, we will describe security and access control mechanisms within our own implementation of Semantic Information Broker, RIBS.

Flexible security deployment in smart spaces

Smart spaces, which utilize publish and subscribe architectures as well as semantic information, promise to ease cooperation of heterogeneous devices. To make smart spaces feasible for open multi-user environments we must provide easy-to-use security solutions. In this paper, we focus on security deployment issues, particularly to credential establishment and configuration of access control. The paper concentrates on challenges caused by heterogeneity of devices as well as dynamic nature of users, authorities, and security policies. To address these issues, the paper describes how credentials can be deployed in Smart Space architecture and how access control policies can be generated using available semantic information. Finally, the paper describes security implementations for a Semantic Information Broker and for Device Interconnect Protocol.

Enhancing Privacy of Information Brokering in Smart Districts by Adaptive Pseudonymization

District-wide real-time information sharing provides new opportunities to optimize infrastructures and, for example, the energy consumption of smart cities. However, information collection introduces new privacy threats that must be addressed. Existing anonymization solutions are not sufficient for the brokering of streaming real-time measurements. Advanced adversaries may utilize information available from different sources and correlation analyses to reveal a measurements actual source. We analyze security and privacy requirements and design a privacy-enhancing architecture for an information brokering platform. We propose an adaptive pseudonymization framework to make privacy attacks harder and to gain real-time awareness of the robustness of the privacy protection of platforms. Finally, we present an initial evaluation of the proposal using real-world energy consumption measurements.

Security risks in the short-range communication of ubiquitous application

Recently, various applications applying ubiquitous computing have appeared. For instance, health applications have benefited from information and services, which are available from various sensors and medical devices in the surrounding environment. These applications utilize different wireless communication technologies in order to achieve a good connectivity, which is essential in ubiquitous computing. Weak security in wireless networks may ruin the security of the whole application. Hence, it is vital to realize threats, possible vulnerabilities and security assumptions made in these technologies. In this paper, we study Bluetooth, ZigBee and NFC from the security point of view in ubiquitous health applications. In the study, we emphasize security aspects starting from the physical communication layer.

Evaluating the Efficiency of Physical and Cryptographic Security Solutions for Quantum Immune IoT

The threat of quantum-computer-assisted cryptanalysis is forcing the security community to develop new types of security protocols. These solutions must be secure against classical and post-quantum cryptanalysis techniques as well as feasible for all kinds of devices, including energy-restricted Internet of Things (IoT) devices. The quantum immunity can be implemented in the cryptographic layer, e.g., by using recent lattice-based key exchange algorithms NewHope or Frodo, or in the physical layer of wireless communication, by utilizing eavesdropping-resistant secrecy coding techniques. In this study, we explore and compare the feasibility and energy efficiency of selected cryptographic layer and physical layer approaches by applying an evaluation approach that is based on simulation and modeling. In particular, we consider NewHope and Frodo key exchange algorithms as well as novel physical layer secrecy coding approach that is based on polar codes. The results reveal that our proposed physical layer implementation is very competitive with respect to the cryptographic solutions, particularly in short-range wireless communication. We also observed that the total energy consumption is unequally divided between transmitting and receiving devices in all the studied approaches. This may be an advantage when designing security architectures for energy-restricted devices.