Evaluation of Decentralized Alternatives to PKI for IoT Devices : A litterature study and proof of concept implementation to explore the viability of replacing PKI with decentralized alternatives

Magnusson, Sebastian

January 2018

This report is the result of an investigation into current possibilities to use blockchain or other distributed ledger technologies for identification and authentication in an Internet-of-Things (IoT) setting. During the course of the project, several different distributed ledgers have been examined and their strengths and weaknesses analyzed with respect to their potential use in connected devices with constrained resources. After investigating whether there are any solutions providing identification and authentication through distributed ledgers available today, one was chosen for implementation in a Proof of Concept (PoC), where the solution was tested on a certain piece of hardware representing an IoT-device. The performance of the PoC was then analyzed and evaluated. The results of the literature study as well as the tests on the PoC led to the conclusion that a number of factors prevent such a solution from being a viable alternative to current solutions. However, as the technology involved is still in its infancy and developing rapidly, this verdict may be subject to change in the future. The advancements required for such a solution to become viable are: improved consensus models, light nodes and possibly fundamentally new and improved distributed ledger technologies. / Denna rapport är resultatet av en undersökning av nuvarande möjligheter att använda blockkedje- eller annan distribuerade-liggare-teknologi för identifikation och autentisering i en sakernas internet (IoT). Under arbetets gång har ett antal olika distribuerade liggare undersökts och deras respektive styrkor och svagheter har analyserats i förhållande till deras potentiella användbarhet i uppkopplade enheter med begränsad hårdvaruprestanda. Efter att ha undersökt om det finns några lösningar som erbjuder identifikation och autentisering genom distribuerade liggare tillgängliga idag valdes en för att implementeras i en konceptvalidering där lösningen testades på en viss hårdvara som representerade en enhet i IoT. Konceptvalideringens prestanda analyserades därefter och utvärderades. Resultaten av litteraturstudien och testerna av konceptvalideringen ledde till slutsatsen att ett antal faktorer hindrar en sådan lösning från att vara ett gångbart alternativ till dagens lösningar. Då teknologin i fråga fortfarande är i sin linda och utvecklas snabbt kan dock denna slutsats komma att ändras i framtiden. Framsteg som behöver göras för att en sådan lösning ska kunna vara praktisk är förbättrade konsensusmodeller, lätta noder och möjligen grundligen nya och förbättrade distribuerade liggare.

PKI

IKP

SCPKI

IoT

web of trust

Blockchain

krypteringsnyckeldistribution

sakernas internet

blockkedja

Computer and Information Sciences

Data- och informationsvetenskap

Cryptography and Computer Communications Security. Extending the Human Security Perimeter through a Web of Trust

Adeka, Muhammad I.

January 2015

This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work. / Petroleum Technology Development Fund (PTDF), Abuja, Nigeria.

Cryptography and computer communications security : extending the human security perimeter through a web of trust

Adeka, Muhammad I.

January 2015

This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work.

005.8

Extending the security perimeter through a web of trust: the impact of GPS technology on location-based authentication techniques

Adeka, Muhammad I., Shepherd, Simon J., Abd-Alhameed, Raed

January 2013

No / Security is a function of the trust that is associated with the active variables in a system. Thus, the human factor being the most critical element in security systems, the security perimeter could be defined in relation to the human trust level. Trust level could be measured via positive identification of the person/device on the other side of the interaction medium, using various authentication schemes; location-based being one of the latest. As for the location-based services, the identity of a customer remains hazy as long as his location is unknown; he virtually remains a ghost in the air, with implications on trust. This paper reviews the various location-based authentication techniques with a focus on the role that GPS could play in optimising this authentication approach. It advocates the urgent need to make all transmission devices GPS-compliant as a way forward, despite the privacy issues that might arise.

Global positioning system

Security perimeter

GPS

Location based services

Social networking online

Critical elements

Authentication techniques

Interaction mediums

GPS compliant

Authentication

Transmission devices

GPS technologies

Web of trust

Authentication scheme

Telecommunication services

Mobile security