Tobias Heer

Security Challenges in the IP-based Internet of Things

A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.

ALPHA: an adaptive and lightweight protocol for hop-by-hop authentication

Wireless multi-hop networks are particularly susceptible to attacks based on flooding and the interception, tampering with, and forging of packets. Thus, reliable communication in such networks quintessentially depends on mechanisms to verify the authenticity of network traffic and the identity of communicating peers. A major challenge to achieve this functionality are the tight resource constraints of such devices as smartphones, mesh- and sensor nodes with regard to CPU, memory, and energy. Since existing approaches suffer from significant drawbacks related to functionality and efficiency, we present in this paper ALPHA, an Adaptive and Lightweight Protocol for Hop-by-hop Authentication. ALPHA establishes a verifiable notion of identity for network traffic, based on computationally cheap hash functions, enabling end-to-end as well as hop-by-hop integrity protection for unicast traffic. Our evaluation shows that ALPHA is a generic security mechanism that makes full traffic authentication and secure middlebox signaling viable in resource-constrainted multi-hop networks.

Establishing mobile ad-hoc networks in 802.11 infrastructure mode

Due to the widespread availability of 802.11-compliant devices, the 802.11 ad-hoc mode appears especially suited to set up mobile ad-hoc networks (MANETs). In practice, creating a MANET is challenging because typical mobile devices do not implement the configuration, routing, and name resolution functions required to operate in an ad-hoc scenario. Software restrictions on modern mobile operating systems, such as Android and iOS, even prevent mobile devices from actively participating in ad-hoc networks without circumventing vendor barriers (e.g., acquiring root access). While 802.11 infrastructure mode is not originally meant for ad-hoc establishment of multi-hop networks, it is a commodity in all 802.11-compliant devices. This availability prompts the question whether efficient ad-hoc networks can be formed by solely using 802.11 infrastructure mode. In this paper, we present an approach for 802.11 infrastructure mode ad-hoc networks in which mobile devices simultaneously function as an access point and as a station. To establish multi-hop communication across multiple infrastructure mode networks, they mesh with other access point devices. Our evaluation shows that 802.11 infrastructure ad- hoc networks even outperform 802.11 ad-hoc mode networks in terms of multi-hop throughput.

Synchronized network emulation: matching prototypes with complex simulations

Network emulation, in which real systems interact with a network simulation, is a common evaluation method in computer networking research. Until now, the simulation in charge of representing the network has been required to be real-time capable, as otherwise a time drift between the simulation and the real network devices may occur and corrupt the results. In this paper, we present our work on synchronized network emulation. By adding a central synchronization entity and by virtualizing real systems for means of control, we can build-up network emulations which contain both unmodified x86 systems and network simulations of any complexity.

Adapting distributed hash tables for mobile ad hoc networks

While unstructured P2P systems have been embraced widely in mobile ad-hoc networks (MANETs), the applicability of structured approaches like distributed hash tables (DHTs) to such settings remains controversial. Existing research delivers promising empirical results addressing the concerns about performance, complexity, and reliability, but does not analyze the principles of combining DHTs and MANETs. This paper identifies and discusses the fundamental implications of non-infrastructural networks for DHTs and analyzes solutions to these challenges

Secure Wi-Fi sharing at global scales

The proliferation of broadband Internet connections has lead to an almost pervasive coverage of densely populated areas with private wireless access points. To leverage this coverage, sharing of access points as Internet uplinks among users has first become popular in communities of individuals and has recently been adopted as a business model by several companies. However, existing implementations and proposals suffer from the security risks of directly providing Internet access to strangers. In this paper, we present the P2P Wi-Fi Internet Sharing Architecture PISA, which eliminates these risks by introducing secure tunneling, cryptographic identities, and certificates as primary security concepts. Thus, PISA offers nomadic users the same security that they expect from a wired Internet connection at home. Based on its three fundamental mechanisms, PISA achieves a flexibility which opens significant advantages over existing systems. They include user mobility, anonymity, service levels with different performance and availability characteristics, and different revenue models for operators. With this combination of key features, PISA forms an essential basis for global, seamless, and secure Wi-Fi sharing for large communities.

PISA: P2P Wi-Fi Internet Sharing Architecture

Current P2P systems employ tit-for-tat strategies, where peers only upload when they are simultaneously downloading, to avoid free riding. We derive optimal tit-for-tat strategies and obtain theoretical bounds on the performance of any P2P network employing such strategies. These are fundamental limitations that stem from peers unwillingness to cooperate without getting something in return. We show that the number of cooperating peers in a tit-for-tat strategy can, at best, grow linearly in time, as opposed to exponentially for a fully cooperative strategy. However, tit-for-tat strategies are fairer than a fully cooperative strategy. Our results show that there exists a seed capacity threshold for tit-for-tat strategies. Increasing seed capacity beyond this threshold brings significantly reduced marginal gains.

Collaborative municipal Wi-Fi networks - challenges and opportunities

Municipal Wi-Fi networks aim at providing Internet access and selected mobile network services to citizens, travelers, and civil servants. The goals of these networks are to bridge the digital divide, stimulate innovation, support economic growth, and increase city operations efficiency. While establishing such urban networks is financially challenging for municipalities, Wi-Fi-sharing communities accomplish good coverage and ubiquitous Internet access by capitalizing on the dense deployment of private access points in urban residential areas. By combining Wi-Fi communities and municipal Wi-Fi, a collaborative municipal Wi-Fi system promises cheap and ubiquitous access to mobile city services. However, the differences in intent, philosophy, and technical realization between community and municipal Wi-Fi networks prevent a straight-forward combination of both approaches. In this paper, we highlight the conceptual and technical challenges that need to be solved to create collaborative municipal Wi-Fi networks.

End-Host Authentication and Authorization for Middleboxes Based on a Cryptographic Namespace

Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replay attacks by allowing packet-forwarding middleboxes to directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing standards.

Mesh-DHT: A locality-based distributed look-up structure for Wireless Mesh Networks

Distributed Hash Tables (DHTs) offer an elegant and fully distributed solution for reliably storing and retrieving data. Wireless Mesh Networks (WMNs) envision a fully decentralized fashion, and as such require efficient decentralized mechanisms for service discovery, mobility support and data storage and retrieval. Hence, DHTs and WMNs seem to complement each other nicely and even share common traits and challenges, such as multi-path routing and dynamic membership of unreliable nodes. Existing Internet-based DHT approaches are designed to emphasize performance and stability in Internet scenarios and do not consider the special conditions in WMNs. In particular, they do not focus on the impact of the physical neighbor relations of DHT nodes and assume efficient global connectivity. In contrast, in a WMN, locality of communication is essential to avoid unnecessary multi-hop data transmissions and congestion on the wireless link. We present Mesh-DHT, an approach for building a scalable DHT in WMNs that puts special emphasis on the locality of nodes and links. We construct a stable, location-aware overlay network that enables fully distributed organization of information. By design, our DHT geometry is closely aligned to the network topology of the WMN to emphasize local communication. We show that our approach preserves locality in the overlay construction, is robust against node failure, and makes efficient use of local information. These properties make our approach scalable even in the presence of hundreds of mesh nodes.