Oscar Garcia Morchon

Privacy in the Internet of Things: threats and challenges

The Internet of Things paradigm envisions the pervasive interconnection and cooperation of smart things over the current and future Internet infrastructure. The Internet of Things is, thus, the evolution of the Internet to cover the real world, enabling many new services that will improve peoples everyday lives, spawn new businesses, and make buildings, cities, and transport smarter. Smart things allow indeed for ubiquitous data collection or tracking, but these useful features are also examples of privacy threats that are already now limiting the success of the Internet of Things vision when not implemented correctly. These threats involve new challenges such as the pervasive privacy-aware management of personal data or methods to control or avoid ubiquitous tracking and profiling. This paper analyzes the privacy issues in the Internet of Things in detail. To this end, we first discuss the evolving features and trends in the Internet of Things with the goal of scrutinizing their privacy implications. Second, we classify and examine privacy threats in this new setting, pointing out the challenges that need to be overcome to ensure that the Internet of Things becomes a reality. Copyright

End-to-End Transport Security in the IP-Based Internet of Things

The IP-based Internet of Things refers to the interconnection of smart devices in a Low-power and Lossy Network (LLN) with the Internet by means of protocols such as 6LoWPAN or CoAP. The mechanisms to protect the LLN from attacks from the Internet and provisioning of an end-to-end (E2E) secure connection are key requirements for functionalities ranging from network access to software updates. Interconnecting such resource constrained devices with high-performance machines requires new security mechanisms that cannot be covered by already known solutions. This paper describes attacks at transport layer against the LLN launched from the Internet. It also introduces approaches to ensure E2E security between two devices located in homogeneous networks using either HTTP/TLS or CoAP/DTLS by proposing a mapping between TLS and DTLS.

ALPHA: an adaptive and lightweight protocol for hop-by-hop authentication

Wireless multi-hop networks are particularly susceptible to attacks based on flooding and the interception, tampering with, and forging of packets. Thus, reliable communication in such networks quintessentially depends on mechanisms to verify the authenticity of network traffic and the identity of communicating peers. A major challenge to achieve this functionality are the tight resource constraints of such devices as smartphones, mesh- and sensor nodes with regard to CPU, memory, and energy. Since existing approaches suffer from significant drawbacks related to functionality and efficiency, we present in this paper ALPHA, an Adaptive and Lightweight Protocol for Hop-by-hop Authentication. ALPHA establishes a verifiable notion of identity for network traffic, based on computationally cheap hash functions, enabling end-to-end as well as hop-by-hop integrity protection for unicast traffic. Our evaluation shows that ALPHA is a generic security mechanism that makes full traffic authentication and secure middlebox signaling viable in resource-constrainted multi-hop networks.

Resource-efficient security for medical body sensor networks

Key management is a fundamental service for medical body sensor network (BSN) security. It provides and manages the cryptographic keys to enable essential security services such as confidentiality, integrity and authentication. In the medical context, the design of a key management service must be consistent with the strict operational and security requirements of healthcare as well as with the resource restrictions of BSN technology. The deterministic pairwise key pre-distribution scheme (DPKPS) allows direct pairwise key establishment in sensor networks. We present a consistent key management service for hospital BSNs based on the DPKPS. We also describe a practical implementation specifically adapted to the strict resource-constraints of the popular MICAz sensor platform. Our performance analysis demonstrates that this key management service enables advanced BSN security services at an extremely low-power and low-memory cost

Efficient distributed security for wireless medical sensor networks

Wireless medical sensor networks (MSNs) enable ubiquitous health monitoring of users during their everyday life, at home or at hospital, without restricting their freedom. MSNs improve therefore userspsila wellbeing and help to quickly react during emergency situations. Security is a key requirement to guarantee safety and privacy of MSN users. However, the resource-constrained nature of the sensor nodes and the operational requirements of these networks hinder the use of traditional security methods. This paper presents a lightweight security system allowing for distributed key establishment and access control in MSNs. The heart of our system is founded on the use of polynomial-based key distribution systems. The security system enables lightweight distributed key agreement and verification of cryptographically signed information, e.g., access control roles or identifiers, on medical sensor nodes without the need of public-key cryptography or a central online trust center. As proof-of-concept, we have implemented our security system on a commercial sensor node platform. Our performance and security analysis shows the feasibility of our approach to deploy resilient and robust MSNs.

HIP Security Architecture for the IP-Based Internet of Things

The IP-based Internet of Things refers to the pervasive interactions of smart objects and people enabling new applications by means of IP protocols. An application scenario is a Smart City in which the city infrastructure, cars, and people exchange information to enable new services. IP protocols, such as IPv6, TCP and HTTP will be further complemented by IPv6 over Low power Wireless Personal Area Networks and Constrained Application Protocol currently in development in IETF. Security and privacy are a must for the IP-based IoTs in order to ensure its acceptance. However, mobility, limited bandwidth, and resource-constrained devices pose new challenges and require for a sound and efficient security architecture. In particular, dynamic association of mobile smart objects and the management of keys in large-scale networks remain an open challenge. In this context, we propose a flexible security architecture based on the Host Identity Protocol and Multimedia Internet KEYing protocols allowing for secure network association and key management. HIP - based on asymmetric-key cryptography - ensures unambiguous thing identification, mobility support, as well as a lightweight and secure method for network association. In our solution, HIP is extended with MIKEY capabilities to provide enhanced key management using polynomials, which allow to generate pair wise keys with any node based on its identity. This combination of protocols and crypto-algorithms ensures both strong security and very good performance as shown by our implementation and presents clear advantages compared with other alternatives.