Internet Of Things Lightweight Embedded Security
Transcription
Internet Of Things Lightweight Embedded Security
! — ! "#$ %& "+ '())*()& %, Proceeding of International Conference on Internet of Things, Next Generation Network and Cloud Computing 2016. Internet of Things: Lightweight Embedded Security Mahendra Balkrishna Salunke Bhavini Anand Shah Department of Computer Engineering, Pimpri Chinchwad College of Engineering & Research, Ravet, Pune. msalunke@gmail.com ABSTRACT Embedded Systems (ES) are used in various applications ranging from personal digital assistants to disk controllers and home thermostats to microwave regulators, e-textiles; wireless sensor nodes; home automation; automobile etc. Due to various inherent & application-specific characteristics of ESs, the task of guaranteeing security becomes most complex part, which comes in picture while handling the confidentiality, integrity and availability facets of their applications and the data they handle. Also, ES applications often feature direct interaction with the physical world, being responsible for essential, time-critical applications, where a delay or a speed-up of even a fraction of a second in system’s response or reaction could have terrible consequences. Next-generation ES services, like the ones pertaining to the Internet of Things (IoT), may require the integration of multiple administrative domains. Ensuring interoperability is a challenging task as each domain is having its own security requirements and constraints. Wireless devices used in IoT undergo various stages of manufacturing known as product development life cycle. Various stages involved are conceptualizing, design, prototype, testing, standardizing, manufacturing, pre-keying, commissioning, and operational. In product development life cycle, ‘commissioning’ stage is more appropriate for deploying the proposed solution of lightweight embedded security. Lightweight Cryptography (LWC) is the process of algorithmic designs and implementations best suited for deployment in devices like RFIDs, sensor nodes, contactless smartcards, mobile devices etc. In this paper we surveyed various research papers on lightweight embedded security for IoT, to understand the challenges and to identify various thrust areas for researchers in it. bashah18@gmail.com and easy through a digital environment which is sensitive, adaptive and responsive to human needs. To create an IoT, computing platforms are expected to be embedded within the physical components and people. These embedded computing platforms, enables wide range of applications like implantable and wearable medical devices, smart homes/buildings, smart grids, brain-machine interface, intelligent automobile & transportation system, physical infrastructure monitoring, smart meters and many more. Figure 1 shows various components of IoT. Fig 1: Components of IoT Due to heterogeneity of components and their availability anywhere through a single workstation, an IoT becomes ubiquitous in nature. Keywords 2. SECURITY ISSUES OF IOT: IoT, Embedded Security, Cryptography, ubiquitous computing Unfortunately, the explosion in devices and connectivity creates a much larger attack surface, opening up new opportunities for malicious people and entities. Unless significant attention is paid to security, the Internet of Things could well be turned into an Internet of “Things to be Hacked!” [1] 1. INTRODUCTION TO INTERNET OF THINGS (IOT): IoT consists of billions of tiny devices, people, services, several digital devices and other physical objects to form a collaborative computing environment to extend the communication and networking services anytime and anywhere. Components of IoT are having capability to flawlessly connect, interact and exchange information among them to make our lives simpler ISSN: 0975 – 8887 Various attacks on IoT devices, which are to be highlighted, are summarized in the following diagram [2] Department of Computer Engineering, SKNCOE, Pune Page 57 Proceeding of International Conference on Internet of Things, Next Generation Network and Cloud Computing 2016. Fig 2: Attacks on IoT Devices Physical attacks: In this type of attack, access to the device is required which can be done by different means like purchase, rent etc. Objective of the attacker may be interception i.e. accessing protected information, interruption i.e. generating faults, modification i.e. making changes in the original design and fabrication i.e. develop clone of the system. ii) Side channel attacks: In this type of attack, physical access to the device is not required. As all devices generates EMI which can be monitored and used to retrieve the secret information. The emissions generated by devices can be used to determine the timing information, power consumption pattern and many more. iii) Environmental attacks: This type of threat or attack on devices is related to the environment they operate in. iv) Cryptanalysis attacks: These types of attacks are related to encryption devices, which are used to break the encryption by focusing on ciphertext. Cipher-text attack, Known-plain text attack, Chosenplain text attack, Man-in-the-middle attack and many more are the examples of these types of attacks. v) Software attacks: These types of attacks are generated by injecting malicious code in the system, which exploits vulnerabilities in the operating system or application software, procure access to system internals, and disrupt its normal functioning [2]. i) ISSN: 0975 – 8887 Viruses and Trojan horses are the common software attacks. vi) Network attacks: Wireless communication systems are vulnerable to network security attacks due to broadcast nature of the transmission medium [3]. Monitor and Eavesdropping, DoS attack, Traffic analysis, Node supervision, Node Capture, False node, Routing attacks etc. are the various examples of network attacks 3. RELATED WORK Devices connected in IoT are more interdependent, pervasive and critical to our day to day life and safety. As these devices are resource constrained, in terms of power, processing capability etc, they cannot afford to have more sophisticated hardware security mechanisms, due to which these devices are more open for attacks. [4] suggested TrustLite security architecture for flexible, hardware-enforced isolation of software modules. The mechanism proposed is used for secure exception handling and communication between protected modules enabling flawless interoperability with untrusted operating systems and tasks. The range of protection provided by TrustLite is from protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. In [5], the suggested solution is based on bit permutation instruction group operation (GRP). S-box of PRESENT is used with confusion property added. The suggested cryptosystem Department of Computer Engineering, SKNCOE, Pune Page 58 Proceeding of International Conference on Internet of Things, Next Generation Network and Cloud Computing 2016. consist of GRP and S-box of PRESENT, designed and implemented using 32-bit processor LPC2129. The strength of block cipher is increased by bit permutation instructions which allow them to perform any arbitrary permutations efficiently with ‘log (n)’ steps as compared to ‘n’. By adding GRP, in addition to increased cryptographic strength to the cipher, the memory requirement and power consumption is also reduced. The solution is designed with permutation box (P-box) by using GRP for 128 and 64 bit block size [5]. Linear and differential cryptanalysis of P-box of GRP indicates that it is resistant to attacks like brute force attacks. privacy are addressed in [6]. The proposed solution uses sensor Physical Unclonable Functions (PUFs) to address the challenge of data provenance and integrity, sensor PUFs & PUFs for identity management, PUFs & hardware performance counters for trust management. Four key challenges in designing a secure IoT viz. data management, identity management, trust management, and 4. EVALUATION OF RELATED WORK: Author Paper Theme Issues addressed Lightweight Cryptography Merits/Demerits Patrick Koeberl et al. [4] Generalized memory protection scheme Isolating secure applications, providing Trusted execution, OS interoperability & secure peripheral access Programmed in software. Supports update of software & security policy in the field Gaurav Bansod et al. [5] A hybrid cryptosystem Added cryptographic strength to the cipher, reduced memory requirements & power consumption Combination of S-box of PRESENT and Pbox of GRP. Shows good resistance to linear as well as differential attacks. Arun Kanuparthi et al. [6] Designing a secure IoT Data management, identity management, trust management, Lightweight encryption algorithm not suggested Embedded and hardware Security solution to design a secure IoT. and privacy A. Bogdanov et al. [7] Ultra-lightweight block cipher Security & hardware efficiency 1570 GE area occupied by PRESENT-80 Improvement in power consumption and area occupied is essential for IoT devices. Feldhofer et al. [8] An AES hardware implementation Security and privacy of RFID systems 3595 GE area occupied Improvement in power consumption and area occupied is essential for IoT devices. ISSN: 0975 – 8887 Department of Computer Engineering, SKNCOE, Pune Page 59 Proceeding of International Conference on Internet of Things, Next Generation Network and Cloud Computing 2016. 5. GAP ANALYSIS 1) Isolated work on requirements of embedded security 2) There is no converged solution 3) Solution is not lightweight in order to be deployed on resource constrained IoT devices. 4) The proposed embedded security solution is not attack resistant 6. CONCLUSION By comparing various embedded security solutions, we realized that there is a need of a security system for various resource constrained tiny devices. More research work is required to implement lightweight embedded security for these devices. [9] Arijit Ukil, Jaydip Sen, Sripad Koilakonda: “Embedded Security for Internet of Things”, IEEE 2011. [10] Dimitrios N. Serpanos, Artemios G. Voyiatzis: “Security Challenges in Embedded Systems” ACM Transactions on Embedded Computing Systems, Vol. 12, No. 1s, Article 66, Publication date: March 2013. [11] Christof Paar “Constructive and Destructive Aspects of Embedded Security in the Internet of Things”, CCS’13 November 2013 ACM. [12] Konstantinos Fysarakis George Hatzivasilis, Konstantinos Rantos, Alexandros Papanikolaou and Charalampos Manifavas “Embedded Systems Security Challenges”, MeSe CCS 2014. 7. REFERENCES [1] Mehran Mozaffari Kermani, Meng Zhang, Anand Raghunathan and Niraj K. Jha: “Emerging Frontiers in Embedded Security”, 2013 26th International Conference on VLSI Design and the 12th International Conference on Embedded Systems. [2] Srivaths Ravi, Anand Raghunathan, Paul Kocher, Sunil Hattangady: “Security in Embedded Systems: Design Challenges” ACM Transactions on Embedded Computing Systems, Vol. 3, No. 3, August 2004. [13] Romain Vaslin, Guy Gogniat, Jean-Philippe Diguet, Eduardo Wanderley, Russell Tessier, Wayne Burleson: “A security approach for off-chip memory in embedded microprocessor systems”, Microprocessors and Microsystems 33 (2009) Journal, Elsevier. [14] Masanobu Katagi and Shiho Moriai: “Lightweight Cryptography for the Internet of Things”, https://www.iab.org/wp-content/IABuploads/2011/03/Kaftan.pdf. [3] Sachin Babar, Antonietta Stango, Neeli Prasad, Jaydip Sen, Ramjee Prasad: “Proposed Embedded Security for Internet of Things (IoT)”, IEEE 2011. [4] Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, Vijay Varadharajan: “TrustLite: A Security Architecture for Tiny Embedded Devices”, ACM EuroSys’14, April 13-16, 2014. [5] Gaurav Bansod Nishchal Raval, and Narayan Pisharoty: “Implementation of a New Lightweight Encryption Design for Embedded Security” IEEE Transactions on Information Forensics And Security, Vol. 10, NO. 1, JANUARY 2015. [6] Arun Kanuparthi, Ramesh Karri, Sateesh Addepalli: “Hardware and Embedded Security in the Context of Internet of Things”, ACM 2013. [7] A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J.B. Robshaw, Y. Seurin, C. Vikkelsoe: “PRESENT: An Ultra-Lightweight Block Cipher”, CHES 2007. LNCS 4727, pp. 450–466. Springer, Heidelberg (2007). [8] Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004). ISSN: 0975 – 8887 Department of Computer Engineering, SKNCOE, Pune Page 60