Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Towards Efficient Evaluation of a Time-Driven Cache Attack on Modern Processors Kapitel lesen Erstes Kapitel lesen

2016 | OriginalPaper | Buchkapitel

Privacy, Discovery, and Authentication for the Internet of Things

verfasst von : David J. Wu, Ankur Taly, Asim Shankar, Dan Boneh

Erschienen in: Computer Security – ESORICS 2016

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Automatic service discovery is essential to realizing the full potential of the Internet of Things (IoT). While discovery protocols like Multicast DNS, Apple AirDrop, and Bluetooth Low Energy have gained widespread adoption across both IoT and mobile devices, most of these protocols do not offer any form of privacy control for the service, and often leak sensitive information such as service type, device hostname, device owner’s identity, and more in the clear.
To address the need for better privacy in both the IoT and the mobile landscape, we develop two protocols for private service discovery and private mutual authentication. Our protocols provide private and authentic service advertisements, zero round-trip (0-RTT) mutual authentication, and are provably secure in the Canetti-Krawczyk key-exchange model. In contrast to alternatives, our protocols are lightweight and require minimal modification to existing key-exchange protocols. We integrate our protocols into an existing open-source distributed applications framework, and provide benchmarks on multiple hardware platforms: Intel Edisons, Raspberry Pis, smartphones, laptops, and desktops. Finally, we discuss some privacy limitations of the Apple AirDrop protocol (a peer-to-peer file sharing mechanism) and show how to improve the privacy of Apple AirDrop using our private mutual authentication protocol.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel LeiA: A Lightweight Authentication Protocol for CAN
Nächstes Kapitel Secure Code Updates for Mesh Networked Commodity Low-End Embedded Devices
Fußnoten
1
While protocols like SIGMA-I [23, 41] and TLS 1.3 [43, 50] can ensure privacy against passive adversaries, they do not provide privacy against active attackers.
 
2
All AirDrop-enabled devices have an RSA public and private key pair and an iCloud certificate for the owner’s identity.
 
3
In this step, the server samples a fresh ephemeral DH share \(g^y\) that is used to derive the application-traffic key \(\mathsf {atk}\). This is essential for ensuring perfect forward secrecy for all subsequent application-layer messages (encrypted under \(\mathsf {atk}\)). We discuss the perfect forward secrecy properties of this protocol in Sect. 5.1.
 
Literatur
1.
2.
3.
Bonjour printing specification version 1.2 (2013)
4.
Jini(TM) network technology specifications - Apache river version 2.2.0 (2013)
5.
Bluetooth specification version 4.2 (2014)
6.
UPnP(TM) device architecture 2.0 (2015)
7.
Abadi, M.: Private authentication. In: PETS, pp. 27–40 (2003)
8.
9.
Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)CrossRef
10.
Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ioannidis, J., Keromytis, A.D., Reingold, O.: Just fast keying: key agreement in a hostile internet. ACM Trans. Inf. Syst. Secur. 7(2), 242–273 (2004)CrossRefMATH
11.
Ateniese, G., Kirsch, J., Blanton, M.: Secret handshakes with dynamic and fuzzy matching. In: NDSS (2007)
12.
Balfanz, D., Durfee, G., Shankar, N., Smetters, D.K., Staddon, J., Wong, H.-C.: Secret handshakes from pairing-based key agreements. In: 2003 IEEE S&P 2003, pp. 180–196 (2003)
13.
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRef
14.
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM CCS, pp. 62–73 (1993)
15.
Bellare, M., Rogaway, P., Wagner, D.: EAX: a conventional authenticated-encryption mode. IACR Cryptology ePrint Archive, 2003:69 (2003)
16.
Bernstein, D.J.: Cryptography in NaCl (2009)
17.
Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012)CrossRef
18.
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE S&P, pp. 321–334 (2007)
19.
Boneh, D., Boyen, X.: Efficient Selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRef
20.
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRef
21.
Bradshaw, R.W., Holt, J.E., Seamons, K.E.: Concealing complex policies with hidden credentials. In: ACM CCS, pp. 146–157 (2004)
22.
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRef
23.
Canetti, R., Krawczyk, H.: Security analysis of IKE’s signature-based key-exchange protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)CrossRef
24.
Cheshire, S., Krochmal, M.: DNS-Based Service Discovery. RFC 6763 (Proposed Standard), February 2013
25.
Cheshire, S., Krochmal, M.: Multicast DNS. RFC 6762 (Proposed Standard), February 2013
26.
Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)CrossRef
27.
Czerwinski, S.E., Zhao, B.Y., Hodes, T.D., Joseph, A.D., Katz, R.H.: An architecture for a secure service discovery service. In: MobiCom, pp. 24–35 (1999)
28.
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008
29.
Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)CrossRef
30.
Ellison, C.M.: Home network security. Intel Technol. J. 6(4), 37–48 (2002)
31.
Frikken, K.B., Atallah, M.J., Li, J.: Hidden access control policies with hidden credentials. In: ACM WPES, p. 27 (2004)
32.
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)CrossRef
33.
Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: STOC, pp. 545–554 (2013)
34.
Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 503–523. Springer, Heidelberg (2015)CrossRef
35.
Holt, J.E., Bradshaw, R.W., Seamons, K.E., Orman, H.K.: Hidden credentials. In: ACM WPES, pp. 1–8 (2003)
36.
Jarecki, S., Kim, J.H., Tsudik, G.: Authentication for paranoids: multi-party secret handshakes. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 325–339. Springer, Heidelberg (2006)CrossRef
37.
Kaiser, D., Waldvogel, M.: Adding privacy to multicast DNS service discovery. In: IEEE TrustCom, pp. 809–816 (2014)
38.
Kaiser, D., Waldvogel, M.: Efficient privacy preserving multicast DNS service discovery. In: IEEE CSS (2014)
39.
Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008)CrossRef
40.
Könings, B., Bachmaier, C., Schaub, F., Weber, M.: Device names in the wild: investigating privacy risks of zero configuration networking. In: IEEE MDM, pp. 51–56 (2013)
41.
Krawczyk, H.: SIGMA: the ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003)CrossRef
42.
Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010)CrossRef
43.
Krawczyk, H., Wee, H.: The OPTLS protocol and TLS 1.3. IACR Cryptology ePrint Archive, 2015:978 (2015)
44.
Lewko, A., Waters, B.: Why proving HIBE systems secure is difficult. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 58–76. Springer, Heidelberg (2014)CrossRef
45.
Li, J., Li, N.: OACerts: oblivious attribute certificates. IEEE Trans. Dependable Sec. Comput. 3(4), 340–352 (2006)CrossRefMATH
46.
Li, N., Wenliang, D., Boneh, D.: Oblivious signature-based envelope. Distrib. Comput. 17(4) (2005). Extended abstract in ACM PODC 2003
47.
Lychev, R., Jero, S., Boldyreva, A., Nita-Rotaru, C.: How secure and quick is quic? Provable security and performance analyses. In: IEEE Symposium on Security and Privacy, pp. 214–231 (2015)
48.
Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010)CrossRef
49.
Pang, J., Greenstein, B., McCoy, D., Seshan, S., Wetherall, D.: Tryst: the case for confidential service discovery. In: HotNets (2007)
50.
Rescorla, E.: The transport layer security (TLS) protocol version 1.3, July 2015
51.
Rivest, R.L., Lampson, B.: SDSI - a simple distributed security infrastructure. Technical report (1996)
52.
Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS, pp. 98–107 (2002)
53.
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRef
54.
55.
Zhu, F.W., Mutka, M.W., Bivalkar, A., Demir, A., Yue, L., Chidambarm, C.: Toward secure and private service discovery anywhere anytime. Front. Comput. Sci. China 4(3), 311–323 (2010)CrossRef
56.
Zhu, F.W., Mutka, M.W., Ni, L.M.: PrudentExposure: a private and user-centric service discovery protocol. In: IEEE PerCom, pp. 329–340 (2004)
57.
Zhu, F.W., Mutka, M.W., Ni, L.M.: Service discovery in pervasive computing environments. IEEE Pervasive Comput. 4(4), 81–90 (2005)CrossRef
58.
Zhu, F.W., Mutka, M.W., Ni, L.M.: A private, secure, and user-centric information exposure model for service discovery protocols. IEEE Trans. Mob. Comput. 5(4), 418–429 (2006)CrossRef
Metadaten
Titel
Privacy, Discovery, and Authentication for the Internet of Things
verfasst von
David J. Wu
Ankur Taly
Asim Shankar
Dan Boneh
Copyright-Jahr
2016
Buch
Computer Security – ESORICS 2016

Print ISBN: 978-3-319-45740-6

Electronic ISBN: 978-3-319-45741-3

Copyright-Jahr: 2016

DOI
https://doi.org/10.1007/978-3-319-45741-3_16

Premium Partner

    Bildnachweise