Cryptographic Keys Generating and Renewing System for IoT Network Nodes—A Concept
TL;DR: The KGR system is especially designed for clusters of the IoT nodes but can also be used by other systems and is based on the use of the hardware Trusted Platform Module v2.0 to support the procedures of creating trust structures, generating keys, protecting stored data, and securing data exchange between system nodes.
Abstract: Designers and users of the Internet of Things (IoT) are devoting more and more attention to the issues of security and privacy as well as the integration of data coming from various areas. A critical element of cooperation is building mutual trust and secure data exchange. Because IoT devices usually have small memory resources, limited computing power, and limited energy resources, it is often impossible to effectively use a well-known solution based on the Certification Authority. This article describes the concept of the system for a cryptographic Key Generating and Renewing system (KGR). The concept of the solution is based on the use of the hardware Trusted Platform Module (TPM) v2.0 to support the procedures of creating trust structures, generating keys, protecting stored data, and securing data exchange between system nodes. The main tasks of the system are the secure distribution of a new symmetric key and renewal of an expired key for data exchange parties. The KGR system is especially designed for clusters of the IoT nodes but can also be used by other systems. A service based on the Message Queuing Telemetry Transport (MQTT) protocol will be used to exchange data between nodes of the KGR system.
Citations
More filters
TL;DR: In this paper, the authors propose the use of non-fungible tokens (NFTs) to represent IoT devices, which are physical smart assets, and demonstrate their use on ESP32-based devices and Ethereum blockchain.
Abstract: Non-fungible tokens (NFTs) are widely used in blockchain to represent unique and non-interchangeable assets. Current NFTs allow representing assets by a unique identifier, as a possession of an owner. The novelty introduced in this paper is the proposal of smart NFTs to represent IoT devices, which are physical smart assets. Hence, they are also identified as the utility of a user, they have a blockchain account (BCA) address to participate actively in the blockchain transactions, they can establish secure communication channels with owners and users, and they operate dynamically with several modes associated with their token states. A smart NFT is physically bound to its IoT device thanks to the use of a physical unclonable function (PUF) that allows recovering its private key and, then, its BCA address. The link between tokens and devices is difficult to break and can be traced during their lifetime, because devices execute a secure boot and carry out mutual authentication processes with new owners and users that could add new software. Hence, devices prove their trusted hardware and software. A whole demonstration of the proposal developed with ESP32-based IoT devices and Ethereum blockchain is presented, using the SRAM of the ESP32 microcontroller as the PUF.
34 citations
28 Nov 2022
TL;DR: In this paper , the authors investigated a secure approach to connect heterogeneous assets that rely on widely used and standardized technologies, and a set of planned experiments is presented in which systems from different nations are connected in a federated environment.
Abstract: The Internet of Things (IoT) has become one of the defining technology trends of the last decade. It has also attracted the attention of military technology innovators as a means to gain information dominance in the battlespace through improved situational awareness. Conducted as part of the NATO research task group IST-176 on “Federated Interoperability of Military C2 and IoT Systems”, this research investigates a secure approach to connect heterogeneous assets that rely on widely used and standardized technologies. To demonstrate the approach, a set of planned experiments is presented in which systems from different nations are connected in a federated environment. The results of the experiments aim to demonstrate the feasibility of integrating battlefield assets, including soldier systems and IoT devices, to support collective C2.
1 citations
28 Nov 2022
TL;DR: In this article , the authors investigated a secure approach to connect heterogeneous assets that rely on widely used and standardized technologies, and a set of planned experiments is presented in which systems from different nations are connected in a federated environment.
Abstract: The Internet of Things (IoT) has become one of the defining technology trends of the last decade. It has also attracted the attention of military technology innovators as a means to gain information dominance in the battlespace through improved situational awareness. Conducted as part of the NATO research task group IST-176 on “Federated Interoperability of Military C2 and IoT Systems”, this research investigates a secure approach to connect heterogeneous assets that rely on widely used and standardized technologies. To demonstrate the approach, a set of planned experiments is presented in which systems from different nations are connected in a federated environment. The results of the experiments aim to demonstrate the feasibility of integrating battlefield assets, including soldier systems and IoT devices, to support collective C2.
1 citations
TL;DR: In this article , the design and demonstrator of a system for symmetric cryptographic key generating, renewal, and distribution (KGRD) is presented, which uses the TPM 2.0 hardware module to support cryptographic procedures, including creating trust structures, key generation, and securing the node's exchange of data and resources.
Abstract: The Internet of Things (IoT) is a very abundant source of data, as well as a source of many vulnerabilities. A significant challenge is preparing security solutions to protect IoT nodes’ resources and the data exchanged. The difficulty usually stems from the insufficient resources of these nodes in terms of computing power, memory size, range energy resource, and wireless link performance. The paper presents the design and demonstrator of a system for symmetric cryptographic Key Generating, Renewing, and Distributing (KGRD). The system uses the TPM 2.0 hardware module to support cryptographic procedures, including creating trust structures, key generation, and securing the node’s exchange of data and resources. Clusters of sensor nodes and traditional systems can use the KGRD system to secure data exchange in the federated cooperation of systems with IoT-derived data sources. The transmission medium for exchanging data between KGRD system nodes is the Message Queuing Telemetry Transport (MQTT) service, which is commonly used in IoT networks.
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
Additional excerpts
..., according to the Diffie–Hellmann scheme [1]....
[...]
TL;DR: The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things devices or risk exposing the Internet infrastructure to increasingly disruptive distributed denial-of-service attacks.
Abstract: The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things devices or risk exposing the Internet infrastructure to increasingly disruptive distributed denial-of-service attacks.
1,391 citations
"Cryptographic Keys Generating and R..." refers background in this paper
...An example of such a bot is Mirai malware [29]....
[...]
01 May 2006
TL;DR: This Recommendation provides cryptographic key management guidance on policy and security planning requirements for U.S. government agencies and best practices for the management of cryptographic keying material.
Abstract: This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
596 citations
TL;DR: This paper tries to bring order on the IoT security panorama providing a taxonomic analysis from the perspective of the three main key layers of the IoT system model: 1) perception; 2) transportation; and 3) application levels.
Abstract: Social Internet of Things (SIoT) is a new paradigm where Internet of Things (IoT) merges with social networks, allowing people and devices to interact, and facilitating information sharing. However, security and privacy issues are a great challenge for IoT but they are also enabling factors to create a “trust ecosystem.” In fact, the intrinsic vulnerabilities of IoT devices, with limited resources and heterogeneous technologies, together with the lack of specifically designed IoT standards, represent a fertile ground for the expansion of specific cyber threats. In this paper, we try to bring order on the IoT security panorama providing a taxonomic analysis from the perspective of the three main key layers of the IoT system model: 1) perception; 2) transportation; and 3) application levels. As a result of the analysis, we will highlight the most critical issues with the aim of guiding future research directions.
524 citations
"Cryptographic Keys Generating and R..." refers background in this paper
...These requirements are easy to meet by stationary nodes, but are a big challenge for usually mobile, using wireless links and battery-powered nodes of sensor network, which currently constitute a very large population of IoT network nodes [5,6]....
[...]
01 May 2014
TL;DR: This document provides a number of basic terms that have been useful in the standardization work for constrained-node networks.
Abstract: The Internet Protocol Suite is increasingly used on small devices with
severe constraints on power, memory, and processing resources,
creating constrained-node networks. This document provides a number of
basic terms that have been useful in the standardization work for
constrained-node networks.
461 citations
"Cryptographic Keys Generating and R..." refers background in this paper
...Regarding N nodes, the following assumptions were made [27]: • Node N is a class 1 (RAM << 10 KB and Flash << 100KB) or class 2 device (RAM ~ 10 KB and Flash ~ 100KB) constrained device; • Node N is powered by a class E1 energy source (i....
[...]
...Regarding N nodes, the following assumptions were made [27]: • Node N is a class 1 (RAM << 10 KB and Flash << 100 KB) or class 2 device (RAM ~ 10 KB and Flash ~ 100 KB) constrained device; • Node N is powered by a class E1 energy source (i....
[...]