SlideShare a Scribd company logo

HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme for Internet of Things

Mahmud Hossain
Mahmud Hossain

A Hardware and Software Co-Verification based Authentication Scheme for Internet of Things

Technology
1 of 35
Download to read offline
SECuRE and Trustworthy Computing Lab Authors Mahmud Hossain, Shahid Noor, Ragib HasanSECuRE and Trustworthy computing Lab (SECRETLab) University of Alabama at Birmingham Presenter: Mahmud Hossain, PhD Candidate, Dept. of Computer and Information Sciences, UAB http://secret.cis.uab.edu IoT HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme for Internet of Things
SECuRE and Trustworthy Computing Lab 2 The Internet of Things (IoT)  A programmable world  Everyday objects are interconnected  Objects are smart enough to make decision
SECuRE and Trustworthy Computing Lab The Scope of This Propose Work 3 Secure Network Admission Secure Service Access  Life cyle of an IoT node
SECuRE and Trustworthy Computing Lab Content Outline  Motivation and Threat Model  Contribution  Background  Operational model  Security Analysis  Performance Analysis 4
SECuRE and Trustworthy Computing Lab Motivation and Threat Model  Hardware compromise  Counterfeit IoT deices to impersonate a real device  E.g., fabricated medical IoT devices can be sold at a cheaper price  Node cloning  Extract keying materials for impersonation types of attacks  Simulate IoT devices using virtualization layer  Software compromise  A legitimate device with malicious software  Node reprogramming with malicious code  Running an older version of a software  A vulnerable version the software  Usage of static device identity for authentication  Does not provide location privacy  Vulnerable to location tracing attacks 5
SECuRE and Trustworthy Computing Lab Motivation and Threat Model  T-Mote Sky  CPU 8 MHz  RAM 8 KB  ROM 48 KB  Communication 250 Kbps  RE-Mote  CPU 16 MHz  RAM 8 KB  ROM 48 KB  Communication 250 Kbps 6
SECuRE and Trustworthy Computing Lab Contributions  Hardware and Software co-verification  Protect node cloning and reprogramming attacks  Physical Uncloneable Function (PUF) for hardware integrity verification  Hardware Performance Counter (HPC) for software integrity verification  Privacy-aware identity usage  Prevent location tracking attacks  Resource efficient mutual authentication  Protected access to IoT resources and services. 7
SECuRE and Trustworthy Computing Lab 8 Background
SECuRE and Trustworthy Computing Lab Physical Uncloneable Function (PUF)  Same circuitry is embedded with different devices  Same challenge bits  Different device produces different and unique response bits  Complex and statistical variation in logic and interconnect in an IC 9
SECuRE and Trustworthy Computing Lab Hardware Performance Counter (HPC)  HPCs are registers present in all commodity processors  ARM, Intel, AMD  HPCs can keep count of number of CPU cycles require to complete a task (to execute code segments)  Conventional usage  To determine software performance  Software profiling  Usage in security in rich resource devices  Code behavior analysis  Malware detection 10
SECuRE and Trustworthy Computing Lab 11 Operational Model
SECuRE and Trustworthy Computing Lab Hardware and Software Co-verification 12 Our Approach Conventional Approach E.g., Temperature Sensing Software Hash
SECuRE and Trustworthy Computing Lab System Architecture 13  IoT Identity Provider (IIP)  Stores challenge-response pairs, software hash, value of HPC  Authenticates an IoT device  Domain Security Manager  Provides an IoT device access to the network
SECuRE and Trustworthy Computing Lab Enrollment Phase 14 1. Challenge C 2. Response Ri IoT Device Challenge/ Device ID Response Task HPC Cycles Software Hash Smart Thermostat C1 = R1 R՛1 Temperature Sensing CC1 SH1 Smart Light C2 = R2 R՛2 Turn Light On CC2 SH2 PUF HPCs 3. Response R՛i Devices IoT Identity Provider (IIP) Challenge as Device Identifier
SECuRE and Trustworthy Computing Lab An Overview of the Operational Model 15 DSM IIP C1, R1 C1, R1 C2, R2 C2, R2 NIT1 C= Challenge, R = Response NIT= Network Identity Token DSM IIP C2, R2 C2, R2 C3, R3 C3, R3 NIT2 DSM IIP C3, R3 C3, R3 C4, R4 C4, R4 NIT3 Site 1 Site 2 Site 3
SECuRE and Trustworthy Computing Lab IIP Authenticates Device 16 DSM IIP R = PUF(C) C՛ = F(R) R՛ = PUF (C՛) C, X = R ⊕ R ՛ Y= CC ⊕ SH MACR(X ⊕Y) Retrieve R for C from DB R ՛ = X ⊕ R Certificate-based Mutual Authentication F  Public Random Generator Shared by IIP and Device Retrieve SH for C from DB CC = Y⊕SH Verify MACR(X⊕Y) C՛ = F(R) Sore [C՛, R ՛ ]
SECuRE and Trustworthy Computing Lab Device Authenticates IIP and DSM 17 DSM IIP R = PUF(C) C՛ = F(R) R՛ = PUF (C՛) MACR(H(R)) h = H(R) MACR(C՛) h = H(R) N, MACh (N) MACR(C՛) Store h Verify MACR(C՛)  Authenticates IIP Verify MACh (N)  Authenticates DSM F  Public Random Generator Shared by IIP and Device
SECuRE and Trustworthy Computing Lab Network Identity Token (NIT) Assignment 18 DSM IIP ECC Pair (dd,Qd) Q , MACh (Q) Verify MACh (Q)  Authenticates Device NIT = ECDSAdt(Qd) ECC Pair (dt,Qt) h = Hash (R) Q , MACh (Q) h = Hash (R)  DSM authenticates device
SECuRE and Trustworthy Computing Lab  Certificateless authentication  No need process to certificate chain Peer Authentication (Device to Device) 19 [(da, Qa), NITa ] [(db, Qb), NITb ] Qa, NITa  Verify NITa using DSM Public key (Qdsm)  K = db * Qa = da*db*G N1, MACK(N1) , Qb NITb  Verify NITb using DSM Public key  K = da * Qb = da*db*G  Verify MACK(N1) N2, MACK(N2)  Verify MACK(N2)
SECuRE and Trustworthy Computing Lab 20 Security Analysis and Comparison
SECuRE and Trustworthy Computing Lab Comparison of security properties 21 One Time Pad Encryption Cryptographic Nonce Unique Device Identifier IIP DSM IoT Keyed Hash (HMAC) PUF HPCs
SECuRE and Trustworthy Computing Lab 22 Performance Analysis of Device Authentication
SECuRE and Trustworthy Computing Lab PUF-Circuit 23
SECuRE and Trustworthy Computing Lab Comparison of Operations 24 XoR, Shift Operation, Random Number, Hash, MAC, Memory Access, Concertation operations are reduced
SECuRE and Trustworthy Computing Lab Comparison of Resource Efficiency 25  Do not provide good scalability  Provide lower degree of security
SECuRE and Trustworthy Computing Lab Comparison of Computation Cost 26  Do not implement majors security properties  privacy and mutual authentication  Suitable for passive devise (RFID Tags)  Cannot be applied to active devices (IoT)
SECuRE and Trustworthy Computing Lab Performance Analysis of Peer Authentication 27
SECuRE and Trustworthy Computing Lab Simulation Setup  IoT Identity Provider  Amazon EC2 Virtual Machine  Network Access Controller  A desktop commuter running Ubuntu 28  IoT Nodes: T-Mote SKY  IoT Operating System: Contiki  Device Simulator: Cooja  Serial Line IP (SLIP)  IP over serial tunnel
SECuRE and Trustworthy Computing Lab Experimental Network 29
SECuRE and Trustworthy Computing Lab Analysis of Payload Overhead 30 Total Number of UDP Packet Fragments: NIT  10 ECQV  13 HIP  17 X.509  53
SECuRE and Trustworthy Computing Lab Comparison of Crypto Operations 31  Number of Encryption (AES) and Hash operations (SHA-1) are reduces  Intensive Cryptographic overhead  Modular Exponentiation:  gab  Elliptic Curve cryptography  Lightweight
SECuRE and Trustworthy Computing Lab 32 NIT DTLS- ECQV DTLS- X.509 HIP Comparison of Speed 2x 3x 5.5x
SECuRE and Trustworthy Computing Lab Comparison of Energy Consumption 33 NITDTLS- ECQV DTLS- X.509 HIP  Lightweight cryptography  Reduced number of interactions  Less number of packet fragments
SECuRE and Trustworthy Computing Lab Conclusion and Future Work  Secure network admission  Authentication based on hardware and software integrity verification  Secure access to service  Certificateless and lightweight mutual authentication scheme  Secure against strong adversarial Scenarios  Future work  FPGA implementation of the PUF-based scheme  In-device intrusion detection based on Hardware Performance Counter 34
SECuRE and Trustworthy Computing Lab Thank You 35 SECRETLab@UAB  Phone: 205.934.8643  Fax: 205.934.5473  Web: http://secret.cis.uab.edu/ Mahmud Hossain  Email: mahmud@uab.edu

Recommended

Getting started with satellite IoT
Getting started with satellite IoTGetting started with satellite IoT
Getting started with satellite IoTJohn Staveley
 
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...Mahmud Hossain
 
Qualifying exam-2015-final
Qualifying exam-2015-finalQualifying exam-2015-final
Qualifying exam-2015-finalOpen Networking Perú (Opennetsoft)
 
Embedded device hacking Session i
Embedded device hacking Session iEmbedded device hacking Session i
Embedded device hacking Session iMalachi Jones
 
EVIL: Exploiting Software via Natural Language
EVIL: Exploiting Software via Natural LanguageEVIL: Exploiting Software via Natural Language
EVIL: Exploiting Software via Natural LanguagePietro Liguori
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonMalachi Jones
 
Towards Runtime Verification via Event Stream Processing in Cloud Computing I...
Towards Runtime Verification via Event Stream Processing in Cloud Computing I...Towards Runtime Verification via Event Stream Processing in Cloud Computing I...
Towards Runtime Verification via Event Stream Processing in Cloud Computing I...Pietro Liguori
 
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET Journal
 

Recommended

Getting started with satellite IoT
Getting started with satellite IoTGetting started with satellite IoT
Getting started with satellite IoTJohn Staveley
 
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...Mahmud Hossain
 
Qualifying exam-2015-final
Qualifying exam-2015-finalQualifying exam-2015-final
Qualifying exam-2015-finalOpen Networking Perú (Opennetsoft)
 
Embedded device hacking Session i
Embedded device hacking Session iEmbedded device hacking Session i
Embedded device hacking Session iMalachi Jones
 
EVIL: Exploiting Software via Natural Language
EVIL: Exploiting Software via Natural LanguageEVIL: Exploiting Software via Natural Language
EVIL: Exploiting Software via Natural LanguagePietro Liguori
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonMalachi Jones
 
Towards Runtime Verification via Event Stream Processing in Cloud Computing I...
Towards Runtime Verification via Event Stream Processing in Cloud Computing I...Towards Runtime Verification via Event Stream Processing in Cloud Computing I...
Towards Runtime Verification via Event Stream Processing in Cloud Computing I...Pietro Liguori
 
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET Journal
 
Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...
Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...
Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...Pietro Liguori
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptographyShivam Singh
 
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...Pietro Liguori
 
Final report
Final reportFinal report
Final reportJagbir Kalirai
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...IJECEIAES
 
Enhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESETEnhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESETIRJET Journal
 
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Mahmud Hossain
 
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...Mahmud Hossain
 
AF-2599-P.docx
AF-2599-P.docxAF-2599-P.docx
AF-2599-P.docxSami Siddiqui
 
Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSHASHANK WANKHADE
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...Open Networking Perú (Opennetsoft)
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureqqlan
 
REMOTE TRIGGERED SOFTWARE DEFINED RADIO
REMOTE TRIGGERED SOFTWARE DEFINED RADIOREMOTE TRIGGERED SOFTWARE DEFINED RADIO
REMOTE TRIGGERED SOFTWARE DEFINED RADIOKunal Bidkar
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET Journal
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...DefconRussia
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Sviluppare un portale per gestire la tua soluzione IoT Hub
Sviluppare un portale per gestire la tua soluzione IoT HubSviluppare un portale per gestire la tua soluzione IoT Hub
Sviluppare un portale per gestire la tua soluzione IoT HubMarco Parenzan
 
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...Andri Yadi
 
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Mahmud Hossain
 
Bridging Concepts and Practice in eScience via Simulation-driven Engineering
Bridging Concepts and Practice in eScience via Simulation-driven EngineeringBridging Concepts and Practice in eScience via Simulation-driven Engineering
Bridging Concepts and Practice in eScience via Simulation-driven EngineeringRafael Ferreira da Silva
 
Towards a Serverless Platform for Edge AI
Towards a Serverless Platform for Edge AITowards a Serverless Platform for Edge AI
Towards a Serverless Platform for Edge AIThomas Rausch
 

More Related Content

What's hot

Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...
Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...
Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...Pietro Liguori
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptographyShivam Singh
 
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...Pietro Liguori
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...IJECEIAES
 
Enhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESETEnhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESETIRJET Journal
 

What's hot (6)

Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...
Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...
Slide presentation of "How Bad Can a Bug Get? An Empirical Analysis of Softwa...
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptography
 
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...
Enhancing the Analysis of Software Failures in Cloud Computing Systems with D...
 
Final report
Final reportFinal report
Final report
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
 
Enhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESETEnhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESET
 

Similar to HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme for Internet of Things

Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Mahmud Hossain
 
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...Mahmud Hossain
 
Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSHASHANK WANKHADE
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...Open Networking Perú (Opennetsoft)
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureqqlan
 
REMOTE TRIGGERED SOFTWARE DEFINED RADIO
REMOTE TRIGGERED SOFTWARE DEFINED RADIOREMOTE TRIGGERED SOFTWARE DEFINED RADIO
REMOTE TRIGGERED SOFTWARE DEFINED RADIOKunal Bidkar
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET Journal
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...DefconRussia
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Sviluppare un portale per gestire la tua soluzione IoT Hub
Sviluppare un portale per gestire la tua soluzione IoT HubSviluppare un portale per gestire la tua soluzione IoT Hub
Sviluppare un portale per gestire la tua soluzione IoT HubMarco Parenzan
 
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...Andri Yadi
 
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Mahmud Hossain
 
Bridging Concepts and Practice in eScience via Simulation-driven Engineering
Bridging Concepts and Practice in eScience via Simulation-driven EngineeringBridging Concepts and Practice in eScience via Simulation-driven Engineering
Bridging Concepts and Practice in eScience via Simulation-driven EngineeringRafael Ferreira da Silva
 
Towards a Serverless Platform for Edge AI
Towards a Serverless Platform for Edge AITowards a Serverless Platform for Edge AI
Towards a Serverless Platform for Edge AIThomas Rausch
 
Generating cross platform .NET based azure IoTdevice
Generating cross platform .NET based azure IoTdeviceGenerating cross platform .NET based azure IoTdevice
Generating cross platform .NET based azure IoTdeviceAlon Fliess
 

Similar to HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme for Internet of Things (20)

Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
 
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
 
AF-2599-P.docx
AF-2599-P.docxAF-2599-P.docx
AF-2599-P.docx
 
Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time password
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
 
REMOTE TRIGGERED SOFTWARE DEFINED RADIO
REMOTE TRIGGERED SOFTWARE DEFINED RADIOREMOTE TRIGGERED SOFTWARE DEFINED RADIO
REMOTE TRIGGERED SOFTWARE DEFINED RADIO
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Sviluppare un portale per gestire la tua soluzione IoT Hub
Sviluppare un portale per gestire la tua soluzione IoT HubSviluppare un portale per gestire la tua soluzione IoT Hub
Sviluppare un portale per gestire la tua soluzione IoT Hub
 
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
 
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
 
Bridging Concepts and Practice in eScience via Simulation-driven Engineering
Bridging Concepts and Practice in eScience via Simulation-driven EngineeringBridging Concepts and Practice in eScience via Simulation-driven Engineering
Bridging Concepts and Practice in eScience via Simulation-driven Engineering
 
Towards a Serverless Platform for Edge AI
Towards a Serverless Platform for Edge AITowards a Serverless Platform for Edge AI
Towards a Serverless Platform for Edge AI
 
Middleware
MiddlewareMiddleware
Middleware
 
Azure IoT and data basics
Azure IoT and data basicsAzure IoT and data basics
Azure IoT and data basics
 
Generating cross platform .NET based azure IoTdevice
Generating cross platform .NET based azure IoTdeviceGenerating cross platform .NET based azure IoTdevice
Generating cross platform .NET based azure IoTdevice
 
Rohan resume
Rohan resumeRohan resume
Rohan resume
 

More from Mahmud Hossain

CACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming ServiceCACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming ServiceMahmud Hossain
 
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...Mahmud Hossain
 
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...Mahmud Hossain
 
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the CloudSecprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the CloudMahmud Hossain
 
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...Mahmud Hossain
 
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...Mahmud Hossain
 
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service AuthJugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service AuthMahmud Hossain
 
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...Mahmud Hossain
 

More from Mahmud Hossain (8)

CACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming ServiceCACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming Service
 
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
 
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
 
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the CloudSecprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
 
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
 
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
 
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service AuthJugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
 
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
 

Recently uploaded

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 

Recently uploaded (20)

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme for Internet of Things

  • 1. SECuRE and Trustworthy Computing Lab Authors Mahmud Hossain, Shahid Noor, Ragib HasanSECuRE and Trustworthy computing Lab (SECRETLab) University of Alabama at Birmingham Presenter: Mahmud Hossain, PhD Candidate, Dept. of Computer and Information Sciences, UAB http://secret.cis.uab.edu IoT HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme for Internet of Things
  • 2. SECuRE and Trustworthy Computing Lab 2 The Internet of Things (IoT)  A programmable world  Everyday objects are interconnected  Objects are smart enough to make decision
  • 3. SECuRE and Trustworthy Computing Lab The Scope of This Propose Work 3 Secure Network Admission Secure Service Access  Life cyle of an IoT node
  • 4. SECuRE and Trustworthy Computing Lab Content Outline  Motivation and Threat Model  Contribution  Background  Operational model  Security Analysis  Performance Analysis 4
  • 5. SECuRE and Trustworthy Computing Lab Motivation and Threat Model  Hardware compromise  Counterfeit IoT deices to impersonate a real device  E.g., fabricated medical IoT devices can be sold at a cheaper price  Node cloning  Extract keying materials for impersonation types of attacks  Simulate IoT devices using virtualization layer  Software compromise  A legitimate device with malicious software  Node reprogramming with malicious code  Running an older version of a software  A vulnerable version the software  Usage of static device identity for authentication  Does not provide location privacy  Vulnerable to location tracing attacks 5
  • 6. SECuRE and Trustworthy Computing Lab Motivation and Threat Model  T-Mote Sky  CPU 8 MHz  RAM 8 KB  ROM 48 KB  Communication 250 Kbps  RE-Mote  CPU 16 MHz  RAM 8 KB  ROM 48 KB  Communication 250 Kbps 6
  • 7. SECuRE and Trustworthy Computing Lab Contributions  Hardware and Software co-verification  Protect node cloning and reprogramming attacks  Physical Uncloneable Function (PUF) for hardware integrity verification  Hardware Performance Counter (HPC) for software integrity verification  Privacy-aware identity usage  Prevent location tracking attacks  Resource efficient mutual authentication  Protected access to IoT resources and services. 7
  • 9. SECuRE and Trustworthy Computing Lab Physical Uncloneable Function (PUF)  Same circuitry is embedded with different devices  Same challenge bits  Different device produces different and unique response bits  Complex and statistical variation in logic and interconnect in an IC 9
  • 10. SECuRE and Trustworthy Computing Lab Hardware Performance Counter (HPC)  HPCs are registers present in all commodity processors  ARM, Intel, AMD  HPCs can keep count of number of CPU cycles require to complete a task (to execute code segments)  Conventional usage  To determine software performance  Software profiling  Usage in security in rich resource devices  Code behavior analysis  Malware detection 10
  • 11. SECuRE and Trustworthy Computing Lab 11 Operational Model
  • 12. SECuRE and Trustworthy Computing Lab Hardware and Software Co-verification 12 Our Approach Conventional Approach E.g., Temperature Sensing Software Hash
  • 13. SECuRE and Trustworthy Computing Lab System Architecture 13  IoT Identity Provider (IIP)  Stores challenge-response pairs, software hash, value of HPC  Authenticates an IoT device  Domain Security Manager  Provides an IoT device access to the network
  • 14. SECuRE and Trustworthy Computing Lab Enrollment Phase 14 1. Challenge C 2. Response Ri IoT Device Challenge/ Device ID Response Task HPC Cycles Software Hash Smart Thermostat C1 = R1 R՛1 Temperature Sensing CC1 SH1 Smart Light C2 = R2 R՛2 Turn Light On CC2 SH2 PUF HPCs 3. Response R՛i Devices IoT Identity Provider (IIP) Challenge as Device Identifier
  • 15. SECuRE and Trustworthy Computing Lab An Overview of the Operational Model 15 DSM IIP C1, R1 C1, R1 C2, R2 C2, R2 NIT1 C= Challenge, R = Response NIT= Network Identity Token DSM IIP C2, R2 C2, R2 C3, R3 C3, R3 NIT2 DSM IIP C3, R3 C3, R3 C4, R4 C4, R4 NIT3 Site 1 Site 2 Site 3
  • 16. SECuRE and Trustworthy Computing Lab IIP Authenticates Device 16 DSM IIP R = PUF(C) C՛ = F(R) R՛ = PUF (C՛) C, X = R ⊕ R ՛ Y= CC ⊕ SH MACR(X ⊕Y) Retrieve R for C from DB R ՛ = X ⊕ R Certificate-based Mutual Authentication F  Public Random Generator Shared by IIP and Device Retrieve SH for C from DB CC = Y⊕SH Verify MACR(X⊕Y) C՛ = F(R) Sore [C՛, R ՛ ]
  • 17. SECuRE and Trustworthy Computing Lab Device Authenticates IIP and DSM 17 DSM IIP R = PUF(C) C՛ = F(R) R՛ = PUF (C՛) MACR(H(R)) h = H(R) MACR(C՛) h = H(R) N, MACh (N) MACR(C՛) Store h Verify MACR(C՛)  Authenticates IIP Verify MACh (N)  Authenticates DSM F  Public Random Generator Shared by IIP and Device
  • 18. SECuRE and Trustworthy Computing Lab Network Identity Token (NIT) Assignment 18 DSM IIP ECC Pair (dd,Qd) Q , MACh (Q) Verify MACh (Q)  Authenticates Device NIT = ECDSAdt(Qd) ECC Pair (dt,Qt) h = Hash (R) Q , MACh (Q) h = Hash (R)  DSM authenticates device
  • 19. SECuRE and Trustworthy Computing Lab  Certificateless authentication  No need process to certificate chain Peer Authentication (Device to Device) 19 [(da, Qa), NITa ] [(db, Qb), NITb ] Qa, NITa  Verify NITa using DSM Public key (Qdsm)  K = db * Qa = da*db*G N1, MACK(N1) , Qb NITb  Verify NITb using DSM Public key  K = da * Qb = da*db*G  Verify MACK(N1) N2, MACK(N2)  Verify MACK(N2)
  • 20. SECuRE and Trustworthy Computing Lab 20 Security Analysis and Comparison
  • 21. SECuRE and Trustworthy Computing Lab Comparison of security properties 21 One Time Pad Encryption Cryptographic Nonce Unique Device Identifier IIP DSM IoT Keyed Hash (HMAC) PUF HPCs
  • 22. SECuRE and Trustworthy Computing Lab 22 Performance Analysis of Device Authentication
  • 23. SECuRE and Trustworthy Computing Lab PUF-Circuit 23
  • 24. SECuRE and Trustworthy Computing Lab Comparison of Operations 24 XoR, Shift Operation, Random Number, Hash, MAC, Memory Access, Concertation operations are reduced
  • 25. SECuRE and Trustworthy Computing Lab Comparison of Resource Efficiency 25  Do not provide good scalability  Provide lower degree of security
  • 26. SECuRE and Trustworthy Computing Lab Comparison of Computation Cost 26  Do not implement majors security properties  privacy and mutual authentication  Suitable for passive devise (RFID Tags)  Cannot be applied to active devices (IoT)
  • 27. SECuRE and Trustworthy Computing Lab Performance Analysis of Peer Authentication 27
  • 28. SECuRE and Trustworthy Computing Lab Simulation Setup  IoT Identity Provider  Amazon EC2 Virtual Machine  Network Access Controller  A desktop commuter running Ubuntu 28  IoT Nodes: T-Mote SKY  IoT Operating System: Contiki  Device Simulator: Cooja  Serial Line IP (SLIP)  IP over serial tunnel
  • 29. SECuRE and Trustworthy Computing Lab Experimental Network 29
  • 30. SECuRE and Trustworthy Computing Lab Analysis of Payload Overhead 30 Total Number of UDP Packet Fragments: NIT  10 ECQV  13 HIP  17 X.509  53
  • 31. SECuRE and Trustworthy Computing Lab Comparison of Crypto Operations 31  Number of Encryption (AES) and Hash operations (SHA-1) are reduces  Intensive Cryptographic overhead  Modular Exponentiation:  gab  Elliptic Curve cryptography  Lightweight
  • 32. SECuRE and Trustworthy Computing Lab 32 NIT DTLS- ECQV DTLS- X.509 HIP Comparison of Speed 2x 3x 5.5x
  • 33. SECuRE and Trustworthy Computing Lab Comparison of Energy Consumption 33 NITDTLS- ECQV DTLS- X.509 HIP  Lightweight cryptography  Reduced number of interactions  Less number of packet fragments
  • 34. SECuRE and Trustworthy Computing Lab Conclusion and Future Work  Secure network admission  Authentication based on hardware and software integrity verification  Secure access to service  Certificateless and lightweight mutual authentication scheme  Secure against strong adversarial Scenarios  Future work  FPGA implementation of the PUF-based scheme  In-device intrusion detection based on Hardware Performance Counter 34
  • 35. SECuRE and Trustworthy Computing Lab Thank You 35 SECRETLab@UAB  Phone: 205.934.8643  Fax: 205.934.5473  Web: http://secret.cis.uab.edu/ Mahmud Hossain  Email: mahmud@uab.edu