Context-Based Authentication and Lightweight Group Key Establishment Protocol for IoT Devices

Ferrari, Nico

January 2019

The concept of the Internet of Things is driven by advancements of the Internet with the interconnection of heterogeneous smart objects using different networking and communication technologies. With the rapidly increasing number of interconnected devices present in the life of a person, providing authentication and secure communication between them is considered a key challenge. The integration of Wireless Sensor Networks in the Internet of Things creates new obstacles due to the necessity of finding a balance between the resources utilization and the applied security solutions. In multicast group communications, the energy consumption, bandwidth and processing overhead at the nodes are minimized in comparison to a point-to-point communication system. To securely transmit a message in order to maintain confidentiality of the data and the user’s privacy, usually involves human interaction or the pre-agreement upon some key, the latter unknown to an external attacker. In this thesis, the author proposed an authentication protocol based on the similar context between the correct devices and lightweight computationally secure group-key establishment, avoiding any kind of human involvement. The goal is achieved by having the devices calculate a fingerprint from their ambient context and through a fuzzy commitment scheme generating a commitment respectively opening value which is used to generate a common secret key between them. The tests are effected on real world data accumulated from different environments. The proposed scheme is based on elliptic curve cryptography and cryptographic one-way accumulators. Its feasibility is analyzed by implementing the group key establishment phase in the Contiki operating system and by simulating it with the Cooja simulator. Furthermore, the applicability of the protocol is analyzed and justified by an analysis of the storage overhead, communication overhead, and energy consumption. The simulator shows an energy consumption of only 112 mJ per node for group key establishment. The results obtained in this thesis demonstrate the feasibility of the scheme, it’s computational, and communication costs are further comparable to other similar approaches.

Internet of Things

Context-based authentication

Fuzzy commitment scheme

Cryptographic key establishment

Lightweight cryptography

Contiki

One-way accumulators

Computer Engineering

Datorteknik

Energy-efficient privacy homomorphic encryption scheme for multi-sensor data in WSNs

Verma, Suraj, Pillai, Prashant, Hu, Yim Fun

04 May 2015

Yes / The recent advancements in wireless sensor hardware ensures sensing multiple sensor data such as temperature, pressure, humidity, etc. using a single hardware unit, thus defining it as multi-sensor data communication in wireless sensor networks (WSNs). The in-processing technique of data aggregation is crucial in energy-efficient WSNs; however, with the requirement of end-to-end data confidentiality it may prove to be a challenge. End-to-end data confidentiality along with data aggregation is possible with the implementation of a special type of encryption scheme called privacy homomorphic (PH) encryption schemes. This paper proposes an optimized PH encryption scheme for WSN integrated networks handling multi-sensor data. The proposed scheme ensures light-weight payloads, significant energy and bandwidth consumption along with lower latencies. The performance analysis of the proposed scheme is presented in this paper with respect to the existing scheme. The working principle of the multi-sensor data framework is also presented in this paper along with the appropriate packet structures and process. It can be concluded that the scheme proves to decrease the payload size by 56.86% and spend an average energy of 8-18 mJ at the aggregator node for sensor nodes varying from 10-50 thereby ensuring scalability of the WSN unlike the existing scheme.

Wireless sensor networks

Homomorphic encryption scheme

Data aggregation

Energy-efficient WSNs

End-to-end data confidentiality

Contiki-OS

Safe Application Execution on Resource-Constrained IoT Devices Using WebAssembly

Engstrand, Fredrik

January 2024

The Internet of Things (IoT) comprises many small, embedded devices that operate on severe resource constraints concerning energy, bandwidth, and memory footprints. Software for such devices has traditionally been implemented using relatively low-level languages such as C, which makes it susceptible to introducing bugs or flaws that can compromise the security of the device. This thesis adds interpreted WebAssembly (WASM) bytecode execution to Contiki-NG – an operating system for the next generation IoT devices. This is done using an open-source WASM runtime called WebAssembly Micro Runtime (WAMR). It creates an isolated and secure environment for applications to be executed in that has restricted access to the host operating system. To support the event-driven approach of Contiki-NG, the bytecode execution can be interrupted and resumed as needed, allowing the operating system to handle pending events without significant delays. The result is a way for applications written in a variety of programming languages to be safely executed in Contiki-NG and to interact with its APIs. When tested on Nordic Semiconductor's nRF52840 System-on-Chip (SoC), applications executed as bytecode resulted in an increase in binary size of 2.7-3.1x, and a performance penalty of around 9.2x for C-generated bytecode, and 10.3x for Rust-generated bytecode. For less compute-intensive applications, the performance penalty is not as prominent but still displays a sizable increase in energy consumption compared to native execution.

webassembly

wamr

contiki-ng

safe execution

virtual machine

interpreter

resource-constrained devices

iot

Embedded Systems

Inbäddad systemteknik

Evaluating the functionality of an Industrial Internet of Things system in the Fog

Granlund, Mathias, Hoppe, Christoffer

January 2018

The Internet is one of the greatest innovations ever created by mankind, and it is a technical trend that has moved into industries to facilitate automation, supervision and management in the form of IoT devices. These devices are designed to be extremely lightweight and operate in low-power and lossy networks, and therefore run a low duty cycle and CPU-clock frequency to reserve battery life. Fog nodes are located on site to minimize network delay and provide centralized processing to handle data from hundreds of connected devices in wireless sensor networks. This is the future of industrial automation. Our goal is to show the functionality of an industrial IoT network within the scope of Fog computing by implementing a closed-loop control system in Cooja. Performance evaluations considered network reliability in terms of packet delivery ratio and timeliness. We assume that wireless IoT devices are running RPL routing (one of the most common standard routing protocols for IoT applications). We implement a mobility controller at the Fog-server in order to collect measurements made by the Fog nodes and send commands to IoT devices. In this thesis work, we assume that the commands are related to the mobility pattern of mobile node (e.g. AGVs in industrial automation) in order to avoid collision. From the simulation results we can conclude that sampling rates and node density have a greater impact on performance compared to payload size. We cannot be sure that our results reflect what a real-world evaluation would imply as we are running an emulation software, even though it has a very realistic physical layer. We do however believe that with substantial testing and improvements to both Cooja and our implementation, an accurate representation can be accomplished and algorithms in Cooja can be moved to real-world implementations.

IoT

IIoT

Fog

Cloud

Closed-loop control system

RPL

6LoWPAN

Contiki-OS

Cooja

TmoteSky

IEEE 802.15.4

CoAP

Engineering and Technology

Teknik och teknologier