Abstract
This chapter discusses the design, implementation and evaluation of a hardware-based mutual authentication and the key agreement protocol. The latter combines a lightweight symmetric cipher with physically unclonable functions technology to provide an energy-efficient solution that is particularly useful for Internet of Things (IoT) systems. The security of the proposed protocol is rigorously analysed under various cyberattack scenarios. For overheads’ evaluation, a wireless sensor network using typical IoT devices, called Zolertia Zoul RE-mote, is constructed. The functionality of the proposed scheme is verified using a server–client configuration. Then energy consumption and memory utilisation are estimated and compared with the existing solutions, namely the DTLS (datagram transport layer security) handshake protocol in pre-shared secret (PSK) mode and UDP (user datagram protocol). Experimental analysis results indicate that the proposed protocol can save up to 39.5% energy and use 14% less memory compared to the DTLS handshake protocol.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
S. Raza, H. Shafagh, K. Hewage, R. Hummen, T. Voigt, Lithe: Lightweight secure CoAP for the internet of things. IEEE Sensors J. 13(10), 3711–3720 (Oct. 2013). https://doi.org/10.1109/JSEN.2013.2277656
G. Arfaoui, X. Bultel, P. Fouque, A. Nedelcu, C. Onete, The privacy of the TLS 1.3 protocol, in Cryptology ePrint Archive, Report 2019/749, (2019), pp. 190–210. https://doi.org/10.2478/popets-2019-0065
A. Capossele, V. Cervo, G. De Cicco, C. Petrioli, Security as a CoAP resource: An optimized DTLS implementation for the IoT, in IEEE International Conference on Communications, vol. 2015-September, (2015, June), pp. 549–554. https://doi.org/10.1109/ICC.2015.7248379
G. Lessa dos Santos, V.T. Guimaraes, G. da Cunha Rodrigues, L.Z. Granville, L.M.R. Tarouco, A DTLS-based security architecture for the Internet of Things, in 2015 IEEE Symposium on Computers and Communication (ISCC), vol. 2016-February, (2015, July), pp. 809–815. https://doi.org/10.1109/ISCC.2015.7405613
D. Mukhopadhyay, PUFs as promising tools for security in internet of things. IEEE Des. Test 33(3), 103–115 (2016, June). https://doi.org/10.1109/MDAT.2016.2544845
J. Delvaux, R. Peeters, D. Gu, I. Verbauwhede, A survey on lightweight entity authentication with strong PUFs. ACM Comput. Surv. 48(2), 1–42 (Oct. 2015). https://doi.org/10.1145/2818186
A.C.D. Resende, K. Mochetti, D.F. Aranha, Lightweight Cryptography for Security and Privacy, vol 9542 (Springer, Cham, 2016)
K.B. Frikken, M. Blanton, M.J. Atallah, Robust authentication using physically unclonable functions, in Lecture Notes in Computer Science, vol. 5735 LNCS, (2009), pp. 262–277
Ü. Kocabaş, A. Peter, S. Katzenbeisser, A.-R. Sadeghi, Converse PUF-based authentication, in Lecture Notes in Computer Science, vol. 7344 LNCS, (2012), pp. 142–158
B. Halak, Physically Unclonable Functions From Basic Design Principles to Advanced Hardware Security Applications, 1st edn. (Springer, Cham, 2018)
Y. Gao, H. Ma, S.F. Al-Sarawi, D. Abbott, D.C. Ranasinghe, PUF-FSM: A controlled strong PUF. IEEE Trans. Comput. Des. Integr. Circuits Syst. 37(5), 1–1 (2017). https://doi.org/10.1109/TCAD.2017.2740297
T. Kothmayr, C. Schmitt, W. Hu, M. Brünig, G. Carle, DTLS based security and two-way authentication for the Internet of Things. Ad Hoc Netw. 11(8), 2710–2723 (2013, November). https://doi.org/10.1016/j.adhoc.2013.05.003
P. Wouters, E.H. Tschofenig, J. Gilmore, S. Weiler, T. Kivinen, Using raw public keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). RFC 5741, 1–18 (2014) doi: 2070-1721
M. Bafandehkar, S.M. Yasin, R. Mahmod, Z.M. Hanapi, Comparison of ECC and RSA algorithm in resource constrained devices, in 2013 International Conference on IT Convergence and Security (ICITCS), (2013, December), pp. 1–3. https://doi.org/10.1109/ICITCS.2013.6717816
C.S. Park, W.S. Park, A group-oriented DTLS handshake for secure IoT applications. IEEE Trans. Autom. Sci. Eng. 15(4), 1920–1929 (2018, October). https://doi.org/10.1109/TASE.2018.2855640
S. Raza, L. Seitz, D. Sitenkov, G. Selander, S3K: Scalable security with symmetric keys—DTLS key establishment for the internet of things. IEEE Trans. Autom. Sci. Eng. 13(3), 1270–1280 (2016, July). https://doi.org/10.1109/TASE.2015.2511301
J. Granjal, E. Monteiro, J.S. Silva, On the effectiveness of end-to-end security for internet-integrated sensing applications, in 2012 IEEE International Conference on Green Computing and Communications, (2012, November), pp. 87–93. https://doi.org/10.1109/GreenCom.2012.23
J. Granjal, E. Monteiro, J.S. Silva, End-to-end transport-layer security for Internet-integrated sensing applications with mutual and delegated ECC public-key authentication, in 2013 IFIP Networking Conference, IFIP Networking 2013, (2013), pp. 1–9
Z. Shelby, K. Hartke, C. Bormann, The Constrained Application Protocol (CoAP). RFC7252, 3 (2014, June). https://doi.org/10.17487/rfc7252
Tinydtls URL: https://projects.eclipse.org/proposals/tinydtls
J. Lee, K. Kapitanova, S.H. Son, The price of security in wireless sensor networks. Comput. Netw. 54(17), 2967–2978 (2010, December). https://doi.org/10.1016/j.comnet.2010.05.011
R. Maes, Physically Unclonable Functions Constructions, Properties and Applications (Springer, Berlin/Heidelberg, 2013)
M. Burrows, M. Abadi, R. Needham, A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990, February). https://doi.org/10.1145/77648.77649
C. Cremers, S. Mauw, Operational semantics and verification of security protocols (Springer, Berlin/Heidelberg, 2012, November)
C.J.F. Cremers, P. Lafourcade, P. Nadeau, Comparing state spaces in automatic security protocol analysis. Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) 5458, 74–94 (2009). https://doi.org/10.1007/978-3-642-02002-5-5
C.J.F. Cremers, The Scyther tool: Verification, falsification, and analysis of security protocols, in Computer Aided Verification, vol. 5123 LNCS, (Springer, Berlin/Heidelberg, 2008), pp. 414–418
R. Patel, B. Borisaniya, A. Patel, D. Patel, M. Rajarajan, A. Zisman, Comparative analysis of formal model checking tools for security protocol verification, in Communications in computer and information science, vol. 89 CCIS, (2010), pp. 152–163
A. Armando et al., The AVISPA tool for the automated validation of internet security protocols and applications, in Computer Aided Verification, vol. 3576, (2005), pp. 281–285
B. Blanchet, An efficient cryptographic protocol verifier based on prolog rules, in Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001, vol. 96, (2005), pp. 82–96. https://doi.org/10.1109/CSFW.2001.930138
G.E. Suh, S. Devadas, Physical unclonable functions for device authentication and secret key generation, in 2007 44th ACM/IEEE Design Automation Conference, vol. 129, (2007, June), pp. 9–14. https://doi.org/10.1109/DAC.2007.375043
L. Daihyun, J.W. Lee, B. Gassend, G.E. Suh, M. van Dijk, S. Devadas, Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. Syst. 13(10), 1200–1205 (2005, October). https://doi.org/10.1109/TVLSI.2005.859470
U. Ruhrmair et al., PUF Modeling attacks on simulated and silicon data. IEEE Trans. Inf. Forensics Secur. 8(11), 1876–1891 (2013, November). https://doi.org/10.1109/TIFS.2013.2279798
M. Barbareschi, P. Bagnasco, A. Mazzeo, Authenticating IoT devices with physically unclonable functions models, in 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), vol. 2015, November, pp. 563–567. https://doi.org/10.1109/3PGCIC.2015.117
W. Che, PUF-based authentication invited paper, in IEEE/ACM international conference on Computer-aided design, (2015), pp. 337–344
A. Perrig, R. Szewczyk, V. Wen, D. Culler, J.D. Tygar, SPINS: Security protocols for sensor networks, in Proceedings of the 7th annual international conference on Mobile computing and networking - MobiCom’01, (2001), pp. 189–199. https://doi.org/10.1145/381677.381696
M.S. Mispan, B. Halak, Z. Chen, M. Zwolinski, TCO-PUF: A subthreshold physical unclonable function, in 2015 11th Conference on Ph.D. Research in Microelectronics and Electronics (PRIME), (2015, June), pp. 105–108. https://doi.org/10.1109/PRIME.2015.7251345
M.S. Mispan, B. Halak, M. Zwolinski, Lightweight obfuscation techniques for modeling attacks resistant PUFs, in 2017 IEEE 2nd International Verification and Security Workshop (IVSW), (2017, July), pp. 19–24. https://doi.org/10.1109/IVSW.2017.8031539
“Zolertia RE-Mote Revision B,” 2016.
A. Velinov, A. Mileva, Running and testing applications for Contiki OS using Cooja simulator, in International Conference on Information Technology and Development of Education, (2016), pp. 279–285
M. Sethi, J. Arkko, A. Keranen, End-to-end security for sleepy smart object networks, in Proceedings – Conference on Local Computer Networks, LCN, (2012, October), pp. 964–972. https://doi.org/10.1109/LCNW.2012.6424089
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A. Appendix A
A. Appendix A
Energest Module
// Project : Energest values printing // Program name : PrintEnergest.c // Author : yy6e14 // Date created : 20/7/2019 // Purpose : To print processing time of each components on the device. static unsigned long convto_milliseconds(uint64_t time) { return (unsigned long)(time*1000 / RTIMER_ARCH_SECOND); } void printEnergest() { energest_flush(); printf("\nEnergest-values:\n"); printf(" CPU_mode %lums LPM_mode %lums \n", convto _milliseconds(energest_type_time(ENERGEST_TYPE_CPU)), convto _milliseconds(energest_type_time(ENERGEST_TYPE_LPM))); printf(" Radio LISTEN_mode %lums TRANSMIT_mode %lums \n", convto _milliseconds(energest_type_time(ENERGEST_TYPE_LISTEN)), convto _milliseconds(energest_type_time(ENERGEST_TYPE_TRANSMIT))); unsigned long total_time= to_milliseconds(energest_type_time (ENERGEST_TYPE_CPU)) + convto _milliseconds(energest_type_time(ENERGEST_TYPE_LPM)) + convto _milliseconds(energest_type_time(ENERGEST_TYPE_LISTEN)) + convto _milliseconds(energest_type_time(ENERGEST_TYPE_TRANSMIT)); printf("Completion time: %lu\n", total_time); printf("RTIMER_ARCH_SECOND= %lu",RTIMER_ARCH_SECOND); }
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Yilmaz, Y., Aniello, L., Halak, B. (2021). ASSURE: A Hardware-Based Security Protocol for Internet of Things Devices. In: Halak, B. (eds) Authentication of Embedded Devices. Springer, Cham. https://doi.org/10.1007/978-3-030-60769-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-60769-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-60768-5
Online ISBN: 978-3-030-60769-2
eBook Packages: EngineeringEngineering (R0)