wireless and internet of things (iot) securityusers.jyu.fi/~timoh/ties327/wireless.pdf ·...

UNIVERSITY OF JYVÄSKYLÄ

Dr. Zheng Chang

Department of Mathematical Information Technology

[email protected]

Wireless and Internet of

Things (IoT) security


Outline

Securing IoT

– Importance of IoT

– Security threats

– From wireless sensor network point-of-view

– Challenges

Wireless (5G) Security

– Fundamentals of wireless communications

– Sensing security

– Transmission security

2


SECURING INTERNET OF THINGS

3


The Internet of Things

(Cyber–Physical System)


IoT: what’s the difference

Low power Low

computing Low storage

Massive connection

Wide deployment

Vulnerability


A Security Disaster

HP conducted a security analysis of IoT devices

7

80% had privacy

concerns

80% had poor

passwords

70% lacked encryption

60% had vulnerabilities

in UI

60% had insecure updates


IoT: Typical Applications

Wireless Sensor Networks (WSN)

Smart Grid

Smart City

Autonomous Car/Intelligent Transportation

Factory automation

Wearable devices

eHealth

smart home

VR/AR

8

Basically, everything is

expected to be wireless

in future


Wired and Wireless Sensor Networks

CCTV Smart parking

9


Layout

10


Security Threats in IoT (WSN)

11

The endless variety of IoT applications poses an equally wide variety of security challenges .

Main Concerns:

Security and

privacy of data


WSN: Why considered specifically? (1)

12

WSN can consists of thousands of sensor nodes and may be dispersed over a wide area.

Typical sensors are small with limited communication and computing capabilities, and are powered by batteries.

These small sensor nodes are susceptible to many kinds of attacks.

It is impractical to monitor and protect each individual sensor.


WSN: Why considered specifically? (2)

A typical sensor with 512 bytes RAM.

Resource for encryption is very limited.

Sophicicated cryptographic solution needs space for keys, lookup tables etc. For example, a typical Advanced Encryption Standard (AES) involves 800 bytes of lookup table.

So lightweight cryotographic schemes are needed for WSN.

13


WSN: Threats Types

Outsider vs. Insider

• Nodes from outside of WSN and legitimate nodes behavior unnormally.

Passive vs. Active

• Passive attacks include eavesdropping on or monitoring packets exchanged within a WSN; active attacks involve some modifications of the data steam or the creation of a false stream.

Mote vs. Laptop

• A few nodes with similar capabilities to the network nodes vs. laptop-class attacks, an adversary can use more powerful devices

14


WSN: Security Requirement

Availability, • which ensures that the

desired network services are available even in the presence of denial-of-ser-vice attacks

Authorization, • which ensures that only

authorized sensors can be involved in providing information to network services

Authentication,

• which ensures that the communication from one node to another node is genuine, that is, a malicious node cannot masquerade as a trusted network Node

Confidentiality,

• which ensures that a given message cannot be understood by anyone other than the desired recipients

Integrity,

• which ensures that a message sent from one node to another is not modified by malicious intermediate nodes

Nonrepudiation,

• which denotes that a node cannot deny sending a message it has previously sent

Freshness:

• it implies that the data is recent and ensures that no adversary can replay old message

15


WSN: Evaluation

Security. Resiliency. Energy

Efficiency

Flexibility.

Fault-tolerance

Self-healing

Assurance Scalability

16


WSN: What we can do about it?

Lightweight Cryptographic Algorithms in WSNs

Intrusion Detection

Secure and Trust Routing for WSNs

Efficient Key Management in WSNs

PHY layer security

17


WSN: Lightweight Cryptography

Public key cryptography has been considered too

expensive for small sensor nodes, because typical

public key algorithms (e.g., RSA) require extensive

computations and are not suitable for tiny sensors.

The recent implementation of 160-bit elliptic curve

cryptography (ECC) on Atmel ATmega 128 , a CPU

of 8MHz, demonstrates that ECC public key

cryptography is feasible for sensor nodes.

18

N. Gura et al., “Comparing Elliptic Curve Cryptography and RSA on 8-Bit

CPUs,” Proc. 6th Int’l. Wksp. Cryptographic Hardware and Embedded Sys.,

Boston, MA, Aug. 2004.


WSN: Secure Routing and Trust Management

By using the attacks above, the adversary can add himself/herself onto the path and thus gain full control of the flow.

The adversary can eavesdrop and modify the data.

The goal of a secure routing protocol is to ensure the integrity, authentication, and availability of messages.

Trust Management can be classified into two categories, – Identity trust is related to verifying the authenticity of an entity

– Behavioral trust deals with a broader notion of the trustworthiness of an entity depending on the context

19


WSN: Intrusion Detection

It is easy for an adversary to inject false data into a WSN through the compromised nodes. Authentication and data encryption are not enough for ensuring data security.

An Intrusion Detection System (IDS) monitors for suspicious activity patterns outside normal and expected behavior.

It is based on the assumption that there exists a noticeable difference in the behaviors of an intruder and a legitimate user in the network. IDS are classified into rule-based and anomaly-based systems.

– The rule-based IDSs are used to detect known patterns of intrusions.

– The anomaly-based IDSs are used to detect new or unknown intrusions.

– The rule-based IDS has a low false-alarm rate when compared to an anomaly-based system.

20


WIRELESS SECURITY

21


Outline

Fundamentals of wireless communications

Sensing security

Transmission security – Physical layer rules

– Physical Layer Security

• Wiretap channel

• Coding

• Security key management

• Artificial noise

• Cooperative communication

22


Fundamentals of Wireless Communications

In the 7-layer Open System Interconnect (OSI) model of computer

networking, the physical layer (PHY) or layer 1 is the first (lowest)

layer. It is commonly abbreviated PHY.

The name “physical layer” can be a bit problematic. Many people

may get the impression that the physical layer is only about actual

network hardware.

PHY contains

– Definition of Hardware Specifications

– Encoding and Signaling

– Data Transmission and Reception

– Topology and Physical Network Design/Network Management

23


Fundamentals of Wireless Communications

24

Wireless communications

Wireless

networks

Computer

networks


Fundamentals of Wireless Communications Physical Layer

The goal of PHY layer technology is to improve the

wireless tranmission quaility as much as possible via

the air-interface design.

– Typical tool is mathematics.

For the security concerns, we categorize it into two

main groups

– Sensing security

– Transmission security

25


Fundamentals of Wireless Communications A sensor example

Sensing/

Receveing Processing Transmitting

26


Sensing Security: Extenal Adversaries

Extenal adversaries are entities without any established association with the system.

They can eavesdrop communications and manipulate the data collection process by contributing unauthorized samples.

External adversaries may also target the availability of the system by launching, for example, jamming and distributed denial of service attacks.

Employing simple encryption and access control mechanisms against it.

27


Sensing Security: Internal Adversaries

Internal adversaries are legitimate participants of the system that exhibit malicious behavior.

Such adversaries, can submit faulty, yet authenticated, reports during the data collection process.

Their aim is to distort the system’s perception of the sensed phenomenon, and thus, degrade the usefulness of the sensing task.

For instance, in the context of traffic monitoring campaigns, malicious users might contribute false information (e.g., low velocities) to impose a false perception of the congestion levels of the road network. Such data pollution attacks can have far graver implications if malicious users impersonate other entities or pose with multiple identities.

28


Source Source

Encoder

Channel

Encoder Modulator

User Source

Decoder

Channel

Decoder

Demodula

tor

Message

Signal

Channel

code

word

Estimate of

Message

signal

Estimate of

channel code word

Received

Signal y

Modulated

Transmitted

Signal x

Wireless

Channel noise

Transmission Security


y = h x + n

30

h

x y

n

Tx Rx

Signal to noise ratio (SNR) at Rx= Ex*h^2 / En

Fundamentals of Physical Layer


Assessing wireless transmission consists of the channel, frequency bandwidth, signal and noise.

The information carrying capacity of a link is bounded by Shannon’s theorem – C = W log2(1+S(I)NR)

C is the information bit rate (bits/s) that can be communicated to the user reliably.

SINR is the Signal-to-Interference+Noise ratio in absolute scale.

31

Fundamentals of Physical Layer


Transmission Security: Physical Layer Security

The issues of authentication, confidentiality, and privacy are

handled in the upper layers using variations of key

cryptosystems or data management.

Nowadays, many results from information theory, signal

processing, and cryptography suggest that there is much

security to be gained by accounting for the imperfections of the

physical layer when designing secure systems.

32


Fundamentals of Physical Layer Security Physical Layer (PHY)

For example, while noise and fading are usually treated as impairments in wireless communications,

Signal to power ratio (SNR) at Rx= Ex*h^2 / En

Information-theoretic results show that they can be harnessed to “hide” messages from a potential eavesdropper or other devices, without requiring a additional secret key.

Such results, if they can be implemented in a cost-efficient way without sacrificing much data rate, call for the design of security solutions at the PHY to complement communications security mechanisms.

33


Fundamentals of Physical Layer Security General Concept

34

The communication between T1

and T2 is being eavesdropped by

an unauthorized terminal T3.

When T2 and T3 are not collocated,

the signals observed at the outputs

of the main channel and

eavesdropper’s channel are usually

different.

For instance, if T1 broadcasts a

video stream, the signal obtained

by T3 may be significantly

degraded compared to the one

received by T2; this degradation

can even prevent T3 from

understanding the content of the

video stream.


Fundamentals of physical layer security General Concept of PLS

The common secure communication framework (in the upper

layer) does not account for the physical reality of

communication channels.

Especially, it does not consider the degradation of signals

because of noise or fading.

This observation naturally leads to the introduction of a more

realistic communication model, now known as the wiretap

channel.

35


Fundamentals of Physical Layer Security General Concept

36

Transmitter

(encoder)

Receiver

(decoder)

eavesdropper

Wireless Channel with noise

wiretap

Fig. 1 Wiretap channel model

Input signal


Fundamentals of Physical Layer Security Wiretap Channel

37

It is also assumed that Alice sends a common message M0 to both

Bob and Eve and a private message M1 to Bob only.

In the PLS, the common objective is to maximize the the secrecy

capacity, which is usually defined as the data rate of confidential

messages.



38

Essentially,

1. Z should provide no information about M1

2. Y can be decoded into M with negligibly small probability of

error



39

Secrecy Capacity of Gaussian Wiretap Channel



To achieve security in PHY, there are multiple

approaches,

– Preprocessing Scheme

• Coding

• Key generation

• Artificial Noise Scheme

– Cooperation Communications

– Many others

40


Preprocessing Scheme Coding

Coding is a essential part in the wireless communications.

In general, coding can be divided into two parts – Source Coding: modulation, typical: Morse code

– Channel Coding: to protect information from transmission error.

As the development of wireless communication technique, there are more types of coding, we can call it precoding which is usually used in Multiple antenna system to explore the use of more antennas, relay or some other systems.

41



With the introduction of the wiretap channel model, it became

clear that security can also be achieved through means of

channel coding.

42



The coding problem for Alice in the wiretap channel involves

adding redundancy for enabling Bob to correct errors (across

the main channel) and adding randomness for keeping Eve

ignorant (across the wiretap channel), which is different from

the coding in tranditional communications.

Polar codes, low-density parity-check (LDPC) can be used.

There are two types of coding approaches in general,

– Capacity achieving based construction

– Channel resolvability based construction

43


Preprocessing Scheme Secure Key Generation

To fully exploit the randomness of the channel for security

purposes we need secrecy capacity-achieving channel codes.

Unfortunately, it seems very difficult to design near-to-optimal

codes for the Gaussian wiretap channel....

Secret key agreement is a somewhat “easier” problem.

Alice and Bob only have to agree on a key based on common

randomness and not to transmit a particular message.

44



This model is an extension of the wiretap channel.

There exists a two-way, noiseless, public, side-channel of

unlimited capacity.

This model was introduced to analyze the effect of feedback

on secret communications.

The focus of this model is on the generation of secrecy from

the channel in the form of secret keys.

45



46



Alice and Bob can communicate over a public

channel.

The assumption that the channel is public allows

Eve to intercept all messages transmitted over the

side-channel, and the side-channel does not

constitute a source of secrecy.

However, the assumption that the channel is

authenticated prevents Eve from tampering with the

messages.

47



Message F exchanged via public discussion leaks no information to Eve, which guarantees the security of the generated key so that Alice and Bob eventually agree on the same secret key K unknown to Eve.

A secret-key rate R is achievable if there exists a sequence of secret-key generation strategies with an increasing number of symbols transmitted over the noisy channels data n, such that – The reliability requirement: with high probability, Alice and Bob

agree on the same key.

– The uniformity requirement: the secret key is uniformly distributed in its set, which is a desirable property if the key is to be used for cryptographic applications.

– The secrecy requirement: the key is indeed secret with respect to Eve, who observes the noisy signals Zn and the public messages F.

48


Preprocessing Scheme Secure Key Generation, Remarks

The addition of a public authenticated channel does not trivialize the problem, because it is not a resource for secrecy. The only resource for secrecy remains the noisy communication channel.

Unlike the wiretap channel model, feedback turns out to be an essential ingredient for secret-key generation.

In addition, the key K is not a message in the traditional sense because its value needs to be fixed at the beginning of a secret-key generation strategy.

Secret-key generation strategies can be extremely sophisticated

49


Preprocessing Scheme Artificial Noise

There are some other possible ways to enhance the security at

the transmitter side.

For example, Alice can artificially make some noise when

transmitting the message to interfer the reception of Eve.

However, it requires Bob to correctly detect and estimate the

information. It is more or less the combination of security key

and coding.

50


Cooperation Communications for PLS

There are many ways to explore the cooperation in

wireless communications.

– Relay

– User cooperation

– BS cooperation

For relay network, security issues are very important

as extra entities are involved during transmission.

We first introduce preliminary of relay

51



By mobilty

– Fixed relay

– Mobile relay

By processing technique

– Amplified-and-Forward

– Decode-and-Forward

52



53



54



Some important features

– Cooperative Jamming: Jamming at Eve.

– Untrusted relay

55



There are many critical issues involved,

– How many relays should be selected

– Which relay should be selected.

– Which types of relays should be used.

– How the channel should be modelled.

– Whether the Channel state information is known.

– Whether the relay is trustful.

56


THANKS

57

wireless and internet of things (iot) securityusers.jyu.fi/~timoh/ties327/wireless.pdf ·...

Documents