Internet Of Things Lightweight Embedded Security

Transcription

Internet Of Things Lightweight Embedded Security
!
—
!
"#$ %&
"+
'())*()&
%,
Proceeding of International Conference on Internet of Things, Next Generation Network and Cloud Computing 2016.
Internet of Things: Lightweight Embedded Security
Mahendra Balkrishna Salunke
Bhavini Anand Shah
Department of Computer Engineering, Pimpri Chinchwad College of Engineering & Research, Ravet, Pune.
msalunke@gmail.com
ABSTRACT
Embedded Systems (ES) are used in various applications
ranging from personal digital assistants to disk controllers and
home thermostats to microwave regulators, e-textiles; wireless
sensor nodes; home automation; automobile etc. Due to various
inherent & application-specific characteristics of ESs, the task of
guaranteeing security becomes most complex part, which comes
in picture while handling the confidentiality, integrity and
availability facets of their applications and the data they handle.
Also, ES applications often feature direct interaction with the
physical world, being responsible for essential, time-critical
applications, where a delay or a speed-up of even a fraction of a
second in system’s response or reaction could have terrible
consequences. Next-generation ES services, like the ones
pertaining to the Internet of Things (IoT), may require the
integration of multiple administrative domains. Ensuring
interoperability is a challenging task as each domain is having
its own security requirements and constraints. Wireless devices
used in IoT undergo various stages of manufacturing known as
product development life cycle. Various stages involved are
conceptualizing, design, prototype, testing, standardizing,
manufacturing, pre-keying, commissioning, and operational. In
product development life cycle, ‘commissioning’ stage is more
appropriate for deploying the proposed solution of lightweight
embedded security. Lightweight Cryptography (LWC) is the
process of algorithmic designs and implementations best suited
for deployment in devices like RFIDs, sensor nodes, contactless
smartcards, mobile devices etc. In this paper we surveyed
various research papers on lightweight embedded security for
IoT, to understand the challenges and to identify various thrust
areas for researchers in it.
bashah18@gmail.com
and easy through a digital environment which is sensitive,
adaptive and responsive to human needs. To create an IoT,
computing platforms are expected to be embedded within the
physical components and people. These embedded computing
platforms, enables wide range of applications like implantable and
wearable medical devices, smart homes/buildings, smart grids,
brain-machine interface, intelligent automobile & transportation
system, physical infrastructure monitoring, smart meters and
many more. Figure 1 shows various components of IoT.
Fig 1: Components of IoT
Due to heterogeneity of components and their availability
anywhere through a single workstation, an IoT becomes
ubiquitous in nature.
Keywords
2. SECURITY ISSUES OF IOT:
IoT, Embedded Security, Cryptography, ubiquitous computing
Unfortunately, the explosion in devices and connectivity creates
a much larger attack surface, opening up new opportunities for
malicious people and entities. Unless significant attention is paid
to security, the Internet of Things could well be turned into an
Internet of “Things to be Hacked!” [1]
1. INTRODUCTION TO INTERNET OF
THINGS (IOT):
IoT consists of billions of tiny devices, people, services, several
digital devices and other physical objects to form a collaborative
computing environment to extend the communication and
networking services anytime and anywhere. Components of IoT
are having capability to flawlessly connect, interact and
exchange information among them to make our lives simpler
ISSN: 0975 – 8887
Various attacks on IoT devices, which are to be highlighted, are
summarized in the following diagram [2]
Department of Computer Engineering, SKNCOE, Pune
Page 57
Proceeding of International Conference on Internet of Things, Next Generation Network and Cloud Computing 2016.
Fig 2: Attacks on IoT Devices
Physical attacks: In this type of attack, access to the
device is required which can be done by different
means like purchase, rent etc. Objective of the
attacker may be interception i.e. accessing protected
information, interruption i.e. generating faults,
modification i.e. making changes in the original
design and fabrication i.e. develop clone of the
system.
ii) Side channel attacks: In this type of attack, physical
access to the device is not required. As all devices
generates EMI which can be monitored and used to
retrieve the secret information. The emissions
generated by devices can be used to determine the
timing information, power consumption pattern and
many more.
iii) Environmental attacks: This type of threat or attack
on devices is related to the environment they operate
in.
iv) Cryptanalysis attacks: These types of attacks are
related to encryption devices, which are used to
break the encryption by focusing on ciphertext.
Cipher-text attack, Known-plain text attack, Chosenplain text attack, Man-in-the-middle attack and many
more are the examples of these types of attacks.
v) Software attacks: These types of attacks are
generated by injecting malicious code in the system,
which exploits vulnerabilities in the operating system
or application software, procure access to system
internals, and disrupt its normal functioning [2].
i)
ISSN: 0975 – 8887
Viruses and Trojan horses are the common software
attacks.
vi) Network attacks: Wireless communication systems
are vulnerable to network security attacks due to
broadcast nature of the transmission medium [3].
Monitor and Eavesdropping, DoS attack, Traffic
analysis, Node supervision, Node Capture, False
node, Routing attacks etc. are the various examples
of network attacks
3. RELATED WORK
Devices connected in IoT are more interdependent, pervasive
and critical to our day to day life and safety. As these devices
are resource constrained, in terms of power, processing
capability etc, they cannot afford to have more sophisticated
hardware security mechanisms, due to which these devices are
more open for attacks. [4] suggested TrustLite security
architecture for flexible, hardware-enforced isolation of software
modules. The mechanism proposed is used for secure exception
handling and communication between protected modules
enabling flawless interoperability with untrusted operating
systems and tasks. The range of protection provided by
TrustLite is from protected firmware runtime to advanced
functionality such as attestation and trusted execution of
userspace tasks.
In [5], the suggested solution is based on bit permutation
instruction group operation (GRP). S-box of PRESENT is used
with confusion property added. The suggested cryptosystem
Department of Computer Engineering, SKNCOE, Pune
Page 58
Proceeding of International Conference on Internet of Things, Next Generation Network and Cloud Computing 2016.
consist of GRP and S-box of PRESENT, designed and
implemented using 32-bit processor LPC2129. The strength of
block cipher is increased by bit permutation instructions which
allow them to perform any arbitrary permutations efficiently
with ‘log (n)’ steps as compared to ‘n’. By adding GRP, in
addition to increased cryptographic strength to the cipher, the
memory requirement and power consumption is also reduced.
The solution is designed with permutation box (P-box) by using
GRP for 128 and 64 bit block size [5]. Linear and differential
cryptanalysis of P-box of GRP indicates that it is resistant to
attacks like brute force attacks.
privacy are addressed in [6]. The proposed solution uses sensor
Physical Unclonable Functions (PUFs) to address the challenge
of data provenance and integrity, sensor PUFs & PUFs for
identity management, PUFs & hardware performance counters
for trust management.
Four key challenges in designing a secure IoT viz. data
management, identity management, trust management, and
4. EVALUATION OF RELATED WORK:
Author Paper
Theme
Issues addressed
Lightweight
Cryptography
Merits/Demerits
Patrick Koeberl
et al. [4]
Generalized
memory
protection
scheme
Isolating secure applications,
providing Trusted execution,
OS interoperability & secure
peripheral access
Programmed in
software.
Supports update of software &
security policy in the field
Gaurav Bansod
et al. [5]
A hybrid
cryptosystem
Added cryptographic strength
to the cipher, reduced memory
requirements & power
consumption
Combination of
S-box of
PRESENT and Pbox of GRP.
Shows good resistance to linear
as well as differential attacks.
Arun
Kanuparthi et
al. [6]
Designing a
secure IoT
Data management, identity
management, trust
management,
Lightweight
encryption
algorithm not
suggested
Embedded and hardware
Security solution to design a
secure IoT.
and privacy
A. Bogdanov et
al. [7]
Ultra-lightweight
block cipher
Security & hardware efficiency
1570 GE area
occupied by
PRESENT-80
Improvement in power
consumption and area occupied
is essential for IoT devices.
Feldhofer et al.
[8]
An AES
hardware
implementation
Security and privacy of RFID
systems
3595 GE area
occupied
Improvement in power
consumption and area occupied
is essential for IoT devices.
ISSN: 0975 – 8887
Department of Computer Engineering, SKNCOE, Pune
Page 59
Proceeding of International Conference on Internet of Things, Next Generation Network and Cloud Computing 2016.
5. GAP ANALYSIS
1) Isolated work on requirements of embedded
security
2) There is no converged solution
3) Solution is not lightweight in order to be deployed
on resource constrained IoT devices.
4) The proposed embedded security solution is not
attack resistant
6. CONCLUSION
By comparing various embedded security solutions,
we realized that there is a need of a security system for
various resource constrained tiny devices. More
research work is required to implement lightweight
embedded security for these devices.
[9] Arijit Ukil, Jaydip Sen, Sripad Koilakonda:
“Embedded Security for Internet of Things”, IEEE
2011.
[10] Dimitrios N. Serpanos, Artemios G. Voyiatzis:
“Security Challenges in Embedded Systems” ACM
Transactions on Embedded Computing Systems, Vol.
12, No. 1s, Article 66, Publication date: March 2013.
[11] Christof Paar “Constructive and Destructive
Aspects of Embedded Security in the Internet of
Things”, CCS’13 November 2013 ACM.
[12] Konstantinos Fysarakis George Hatzivasilis,
Konstantinos Rantos, Alexandros Papanikolaou and
Charalampos Manifavas “Embedded Systems Security
Challenges”, MeSe CCS 2014.
7. REFERENCES
[1] Mehran Mozaffari Kermani, Meng Zhang, Anand
Raghunathan and Niraj K. Jha: “Emerging Frontiers in
Embedded Security”, 2013 26th International
Conference on VLSI Design and the 12th International
Conference on Embedded Systems.
[2] Srivaths Ravi, Anand Raghunathan, Paul Kocher,
Sunil Hattangady: “Security in Embedded Systems:
Design Challenges” ACM Transactions on Embedded
Computing Systems, Vol. 3, No. 3, August 2004.
[13] Romain Vaslin, Guy Gogniat, Jean-Philippe
Diguet, Eduardo Wanderley, Russell Tessier, Wayne
Burleson: “A security approach for off-chip memory
in
embedded
microprocessor
systems”,
Microprocessors and Microsystems 33 (2009) Journal,
Elsevier.
[14] Masanobu Katagi and Shiho Moriai:
“Lightweight Cryptography for the Internet of
Things”,
https://www.iab.org/wp-content/IABuploads/2011/03/Kaftan.pdf.
[3] Sachin Babar, Antonietta Stango, Neeli Prasad,
Jaydip Sen, Ramjee Prasad: “Proposed Embedded
Security for Internet of Things (IoT)”, IEEE 2011.
[4] Patrick Koeberl, Steffen Schulz, Ahmad-Reza
Sadeghi, Vijay Varadharajan: “TrustLite: A Security
Architecture for Tiny Embedded Devices”, ACM
EuroSys’14, April 13-16, 2014.
[5] Gaurav Bansod Nishchal Raval, and Narayan
Pisharoty: “Implementation of a New Lightweight
Encryption Design for Embedded Security” IEEE
Transactions on Information Forensics And Security,
Vol. 10, NO. 1, JANUARY 2015.
[6] Arun Kanuparthi, Ramesh Karri, Sateesh
Addepalli: “Hardware and Embedded Security in the
Context of Internet of Things”, ACM 2013.
[7] A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar,
A. Poschmann, M.J.B. Robshaw, Y. Seurin, C.
Vikkelsoe: “PRESENT: An Ultra-Lightweight Block
Cipher”, CHES 2007. LNCS 4727, pp. 450–466.
Springer, Heidelberg (2007).
[8] Feldhofer, M., Dominikus, S., Wolkerstorfer, J.:
Strong Authentication for RFID Systems Using the
AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.)
CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer,
Heidelberg (2004).
ISSN: 0975 – 8887
Department of Computer Engineering, SKNCOE, Pune
Page 60