Marcin Piotr Pawlowski

Optimized ECC Implementation for Secure Communication between Heterogeneous IoT Devices

The Internet of Things is integrating information systems, places, users and billions of constrained devices into one global network. This network requires secure and private means of communications. The building blocks of the Internet of Things are devices manufactured by various producers and are designed to fulfil different needs. There would be no common hardware platform that could be applied in every scenario. In such a heterogeneous environment, there is a strong need for the optimization of interoperable security. We present optimized elliptic curve Cryptography algorithms that address the security issues in the heterogeneous IoT networks. We have combined cryptographic algorithms for the NXP/Jennic 5148- and MSP430-based IoT devices and used them to created novel key negotiation protocol.

Toward a Lightweight Authentication and Authorization Framework for Smart Objects

The Internet of Things (IoT) represents the current technology revolution that is intended to transform the current environment into a more pervasive and ubiquitous world. In this emerging ecosystem, the application of standard security technologies has to cope with the inherent nature of constrained physical devices, which are seamlessly integrated into the Internet infrastructure. This work proposes a set of lightweight authentication and authorization mechanisms in order to support smart objects during their life cycle. Furthermore, such mechanisms are framed within a proposed security framework, which is compliant with the Architectural Reference Model, recently presented by the EU FP7 IoT-A project. The resulting architecture is intended to provide a holistic security approach to be leveraged in the design of novel and lightweight security protocols for IoT constrained environments.

Extending Extensible Authentication Protocol over IEEE 802.15.4 Networks

Internet into our physical world and making it present everywhere. This evolution is also raising challenges in issues such as privacy, and security. For that reason, this work is focused on the integration and lightweight adaptation of existing authentication protocols, which are able also to offer authorization and access control functionalities. In particular, this work is focused on the Extensible Authentication Protocol (EAP). EAP is widely used protocol for access control in local area networks such Wireless (802.11) and wired (802.3). This work presents an integration of the EAP frame into IEEE 802.15.4 frames, demonstrating that EAP protocol and some of its mechanisms are feasible to be applied in constrained devices, such as the devices that are populating the IoT networks.

Stafflines pattern detection using the swarm intelligence algorithm

This paper demonstrates the application of the Swarm Intelligence (SI) algorithm to recognize the specific patterns that are present in the digital images of handwritten music scores. The application introduced in this paper involves the detection of stafflines using particle swarm. The introduced solution described in this paper is a new approach to the problem, and illustrates how optimization algorithm can be modified and successfully applied in different subjects such as pattern recognition. The developed algorithm can be used as a first stage in Optical Music Recognition (OMR) that is followed by the staffline removal phase. It is worth pointing out, that contrary to most state-of-the-art algorithms, the proposed method does not require a binarization step in the preprocessing stage.

EAP for IoT: More Efficient Transport of Authentication Data -- TEPANOM Case Study

Internet of Things security has been the most challenging part of the domain. Combining strong cryptography, lifelong security with highly constrained devices under conditions of limited energy consumption and no maintenance time makes it extremely difficult task. In this paper it has been presented approach that combines authentication and bootstrapping protocol (TEPANOM) with authentication framework optimized for the IEEE 802.15.4 networks (EAP with SEAPOL adaptation layer) to achieve significant network resource usage reduction. The EAP-TEPANOM solution has achieved substantial 42% reduction in the number of transferred packets and 35% reduction of the transferred data. This results have placed as one of the most lightweight EAP methods that has been tested in this research.

Pigmented network structure detection using semi-smart adaptive filters

This paper demonstrates a method for detecting pigment based dermatoscopic structure called pigment network. This structure is used in dermatoscopy as one of the criteria in clinical evaluation of pigmented skin lesions and can indicate if a lesion is of malignant nature. For detection process we have developed an adaptive filter, inspired by Swarm Intelligence (SI) optimization algorithms. The introduced filtering method is applied in a non-linear manner, to processed dermatoscopic image of a skin lesion. The non-linear approach derives from SI algorithms, and allows selective image filtering. In the beginning of filtration process, the filters (agents) are randomly applied to sections of the image, where each of them adapts its output based on the neighborhood surrounding it. Agents share its information with other agents that are located in immediate vicinity. This is a new approach to the problem of dermatoscopic structure detection, and it is highly flexible, as it can be applied to images without the need of previous pre-processing stage. This feature is highly desirable, mainly due to the fact that in most cases of computer aided diagnostic, input images need to be pre-processed (e.g.: brightness normalization, histogram equation, contrast enhancement, color normalization) and results of this can introduce unwanted artifacts, so this step need to be verified by human. Results of applying the introduced method can be used as one of the differential structures criteria for calculating the Total Dermatoscopy Score (TDS) of the ABCD rule.

Harvesting entropy for random number generation for internet of things constrained devices using on-board sensors.

Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. In constrained devices of the Internet of Things ecosystem, high entropy random number generators are hard to achieve due to hardware limitations. For the purpose of the random number generation in constrained devices, this work proposes a solution based on the least-significant bits concatenation entropy harvesting method. As a potential source of entropy, on-board integrated sensors (i.e., temperature, humidity and two different light sensors) have been analyzed. Additionally, the costs (i.e., time and memory consumption) of the presented approach have been measured. The results obtained from the proposed method with statistical fine tuning achieved a Shannon entropy of around 7.9 bits per byte of data for temperature and humidity sensors. The results showed that sensor-based random number generators are a valuable source of entropy with very small RAM and Flash memory requirements for constrained devices of the Internet of Things.

Compact Extensible Authentication Protocol for the Internet of Things: Enabling Scalable and Efficient Security Commissioning

Internet of Things security is one of the most challenging parts of the domain. Combining strong cryptography and lifelong security with highly constrained devices under conditions of limited energy consumption and no maintenance time is extremely difficult task. This paper presents an approach that combines authentication and bootstrapping protocol (TEPANOM) with Extensible Authentication Protocol (EAP) framework optimized for the IEEE 802.15.4 networks. The solution achieves significant reduction of network resource usage. Additionally, by application of EAP header compacting approach, further network usage savings have been reached. The EAP-TEPANOM solution has achieved substantial reduction of 42% in the number of transferred packets and 35% reduction of the transferred data. By application of EAP header compaction, it has been possible to achieve up to 80% smaller EAP header. That comprises further reduction of transferred data for 3.84% for the EAP-TEPANOM method and 10% for the EAP-TLS-ECDSA based methods. The results have placed the EAP-TEPANOM method as one of the most lightweight EAP methods from ones that have been tested throughout this research, making it feasible for large scale deployments scenarios of IoT.

Maximizing the Extensible Authentication Protocol Maximum Transfer Unit to Minimize the Authenticating Data Transmission in the IEEE 802.15.4 Networks

Securing Internet of Things is currently one of the most challenging tasks standing before the research community. Finding adequate combination of strong cryptography, lightweight computation and minimalistic data transmission with scarce energy resources and no maintenance times is very hard. This paper introduces new mechanism for IEEE 802.1X authentication scheme that has been previously extended for the IEEE 802.15.4 networks. The new solution has been designed to minimize the number of transmitted packets during the authentication process through maximization of the Extensible Authentication Protocol Maximum Transfer Unit. The results have been promising for the certificate based EAP Methods with reduction of around 10% of transferred packets for the EAP-TLS-RSA based methods and around 7% for the EAP-TLS-ECDSA based methods.