SlideShare a Scribd company logo

BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes

Mahmud Hossain
Mahmud Hossain

The document presents Boot-IoT, a privacy-aware authentication scheme for secure bootstrapping of IoT nodes. Boot-IoT uses combined public key cryptography to enable secure network admission and authentication based on elliptic curve cryptography. It also provides a lightweight certificateless mutual authentication scheme for secure access to services. Experimental results show that Boot-IoT has lower communication and computation costs compared to other authentication methods like EAP, making it more efficient for resource-constrained IoT devices.

Technology
1 of 18
Download to read offline
SECuRE and Trustworthy Computing Lab Authors Mahmud Hossain and Ragib Hasan SECuRE and Trustworthy computing Lab (SECRETLab) University of Alabama at Birmingham Presenter: Mahmud Hossain, PhD Student, Dept. of Computer and Information Sciences, UAB http://secret.cis.uab.edu IoT Boot-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes
SECuRE and Trustworthy Computing Lab 2 The Internet of Things (IoT)  A programmable world  Everyday objects are interconnected  Objects are smart enough to make decision  Objects are programmable Smart Thermostat IoT Ecosystem
SECuRE and Trustworthy Computing Lab IoT Forecasts and Market Estimates 3  Estimation of connected things by 2020  20.8 billion (Gartner)  26.3 billion (Cisco)  28 billion (Ericson)  34 billion (Business Insider) Source: IoT Analytics (2015) Source: Zinnov Zones (2016)
SECuRE and Trustworthy Computing Lab Internet of Insecure Things 4  Smart Objects  TV, webcams, home thermostat, remote power outlets, sprinkler controllers, door locks, home alarm, garage door openers.  IoT Security study by HP1  80% of devices raised privacy concerns  80% failed to require passwords of sufficient complexity and length  70% did not encrypt communications to the internet and local network  60% raised security concerns with their user interfaces [1] Hewlett Packrad (HP), “Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10”, in RSA Conference, 2015
SECuRE and Trustworthy Computing Lab Attacks on IoT Systems 5  Remotely hacked an IoT enabled car1  Consumer gadgets sending phishing and spam emails2  DVRs and cameras were infected to form Botnet3  Internet connected Baby Monitors were compromised4  “Hospira” hospital drug pumps were compromised5 [1] IoActive Lab, 2015, http://blog.ioactive.com/2014/04/car-hacking-2-content.html [2] Proofpoint Lab, 2014, https://www.proofpoint.com/us/news [3] Krebson Security, 2016, https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ [4] Rapid7, 2016, https://information.rapid7.com/iot-baby-monitor-research.html [5] Hacking the Drug Pump. 2015. http://money.cnn.com/2015/06/10/technology/drug-pump-hack/
SECuRE and Trustworthy Computing Lab The Scope of This Propose Work 6 Secure Network Admission Secure Service Access  Life cycle of an IoT node
SECuRE and Trustworthy Computing Lab Content Outline  Motivation and Threat Model  Contribution  Operational Model  Performance Analysis 7
SECuRE and Trustworthy Computing Lab Motivation and Threat Model  Static identity usage  Does not provide location privacy  Vulnerable to location tracing and Denial (DoS) of Service attacks  Internet of Vehicle (Connected Cars)  Cyber espionage  False information about collocated vehicles  Smart Home  Infer home owner's presence  User targeted attack (e.g., Burglary or physical attack)  Smart Medical Assistance  DoS attacks for blocking devices from sending real-time updates 8
SECuRE and Trustworthy Computing Lab Contributions  Secure network admission  Privacy-aware authentication based on Combined Public Key (CPK) cryptography  Secure end to end communication  Lightweight ECQV implicit certificate scheme for mutual authentication  Experimental evaluation  BooT-IoT is resource efficient compared to contemporary network admission schemes 9
SECuRE and Trustworthy Computing Lab Combined Public Key (CPK) Cryptography  Take advantage of Elliptic Curve Cryptograph (ECC)  ECC pair (d,Q); d = secret key and Q = public key  Q = d*G  Two ECC pairs (d1, Q1) and (d2, Q2)  New key pair (d,Q) can be calculated as  Q = Q1 + Q2 = d1*G + d2*G = (d1 + d2)*G = d*G 10
SECuRE and Trustworthy Computing Lab BooT-IoT: CPK-based Authentication (1/2) 11 Q11 Q12 … Q1w Q21 Q22 … Q2w Qv1 Qv2 … Qvw . . . . . . . . . PKM  Verifier maintains a Public Key Matrix (PKM)  Qij = PKM[i][j] represents a public key of an ECC pair (dij, Qij)  Verifier issues a set of cells from PKM to a prover  Prover computes (d11,Q11), (d22,Q22)… (dnn, Qnn)  Prover sends (Q11, Q22, …, Qnn) and stores (d11, d22,…, dnn) 1 2 …. v 1 2 . . . w List of Assigned Cells Verifier Prover
SECuRE and Trustworthy Computing Lab BooT-IoT: CPK-based Authentication (2/2) 12  Prover generates an ECC pair using [d11], [d22],… [dnn]  Prover selects a combination dij, …,dkl from [d11], [d22],… [dnn] keys  Prover computes  d = dij+ … + dkl  Q =d*G  Prover sends a nonce N, MACk(N), and the indices (ij)…(kl) of cells used to compute Q  K is the shared key between verifier and prover.  Verifier computes Q = PKM [ij] + … + PKM (kl) and verifies Signd(N) using Q
SECuRE and Trustworthy Computing Lab Experiment and Evaluation  RE-Mote IoT devices  Webtech IoT Gateway  Contiki IoT Operating System  Analysis and comparison of BooT-IoT with authentication methods of Extensible Authentication Protocol (EAP)  EAP authentication method  TLS-ECC  Pre Shared Key  MD5 13
SECuRE and Trustworthy Computing Lab Analysis of Communication Cost 14 1.5x Faster Pre shared key and MD5 faster but do not provide good degree of security.
SECuRE and Trustworthy Computing Lab Comparison of Cryptographic Operations 15 Eliminates cryptographic operations for ECDSA signature
SECuRE and Trustworthy Computing Lab Comparison of Energy Cost 16 ~70%
SECuRE and Trustworthy Computing Lab Conclusion  Secure network admission  Authentication based Combined Pubic Key cryptography  Secure access to service  Certificateless and lightweight mutual authentication scheme  Secure against user targeted attacks  Resource efficient comparted to contemporary network admission security schemes 17
SECuRE and Trustworthy Computing Lab Thank You 18 SECRETLab@UAB  Phone: 205.934.8643  Fax: 205.934.5473  Web: http://secret.cis.uab.edu/ Mahmud Hossain  Email: mahmud@uab.edu

Recommended

Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Mahmud Hossain
 
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
Mahmud Hossain
 
581 517-525
581 517-525581 517-525
581 517-525
idescitation
 
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
IJCSIS Research Publications
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
Finalyearprojects Toall
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpick
idsecconf
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
IJECEIAES
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 

Recommended

Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Mahmud Hossain
 
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
Mahmud Hossain
 
581 517-525
581 517-525581 517-525
581 517-525
idescitation
 
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
IJCSIS Research Publications
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
Finalyearprojects Toall
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpick
idsecconf
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
IJECEIAES
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
Mediated certificateless cryptosystem for the security of data in public cloud
Mediated certificateless cryptosystem for the security of data in public cloudMediated certificateless cryptosystem for the security of data in public cloud
Mediated certificateless cryptosystem for the security of data in public cloud
eSAT Journals
 
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET Journal
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...
TELKOMNIKA JOURNAL
 
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET Journal
 
documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemes
Sahithi Naraparaju
 
Enhanced Security Through Token
Enhanced Security Through TokenEnhanced Security Through Token
Enhanced Security Through Token
IRJET Journal
 
PPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESPPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMES
Sahithi Naraparaju
 
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
IRJET Journal
 
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public CloudIRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET Journal
 
IRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed Environment
IRJET Journal
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
Shakas Technologies
 
Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...
eSAT Journals
 
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DCDetecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
Khaled Al-Hassanieh
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
IRJET- Secure File Storage on Cloud using Cryptography
IRJET- Secure File Storage on Cloud using CryptographyIRJET- Secure File Storage on Cloud using Cryptography
IRJET- Secure File Storage on Cloud using Cryptography
IRJET Journal
 
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET Journal
 
iaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesiaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineries
Iaetsd Iaetsd
 
Enhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPSEnhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPS
RAJESH DUVVURU
 
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET Journal
 
Smart home for specially abled
Smart home for specially abledSmart home for specially abled
Smart home for specially abled
ArvindKumar1806
 
Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time password
SHASHANK WANKHADE
 
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadehSmart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
nabati
 

More Related Content

What's hot

Mediated certificateless cryptosystem for the security of data in public cloud
Mediated certificateless cryptosystem for the security of data in public cloudMediated certificateless cryptosystem for the security of data in public cloud
Mediated certificateless cryptosystem for the security of data in public cloud
eSAT Journals
 
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET Journal
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...
TELKOMNIKA JOURNAL
 
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET Journal
 
documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemes
Sahithi Naraparaju
 
Enhanced Security Through Token
Enhanced Security Through TokenEnhanced Security Through Token
Enhanced Security Through Token
IRJET Journal
 
PPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESPPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMES
Sahithi Naraparaju
 
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
IRJET Journal
 
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public CloudIRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET Journal
 
IRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed Environment
IRJET Journal
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
Shakas Technologies
 
Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...
eSAT Journals
 
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DCDetecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
Khaled Al-Hassanieh
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
IRJET- Secure File Storage on Cloud using Cryptography
IRJET- Secure File Storage on Cloud using CryptographyIRJET- Secure File Storage on Cloud using Cryptography
IRJET- Secure File Storage on Cloud using Cryptography
IRJET Journal
 
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET Journal
 
iaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesiaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineries
Iaetsd Iaetsd
 
Enhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPSEnhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPS
RAJESH DUVVURU
 
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET Journal
 
Smart home for specially abled
Smart home for specially abledSmart home for specially abled
Smart home for specially abled
ArvindKumar1806
 

What's hot (20)

Mediated certificateless cryptosystem for the security of data in public cloud
Mediated certificateless cryptosystem for the security of data in public cloudMediated certificateless cryptosystem for the security of data in public cloud
Mediated certificateless cryptosystem for the security of data in public cloud
 
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...
 
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
IRJET- A Novel Survey to Secure Medical Images in Cloud using Digital Wat...
 
documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemes
 
Enhanced Security Through Token
Enhanced Security Through TokenEnhanced Security Through Token
Enhanced Security Through Token
 
PPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESPPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMES
 
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...
 
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public CloudIRJET- Protecting E-Health Record with Data Sharing in Public Cloud
IRJET- Protecting E-Health Record with Data Sharing in Public Cloud
 
IRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed Environment
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
 
Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...Comparative analysis of authentication and authorization security in distribu...
Comparative analysis of authentication and authorization security in distribu...
 
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DCDetecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
Detecting Malicious SSL Certificates Using Machine Learning - 2017 B-Sides DC
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
IRJET- Secure File Storage on Cloud using Cryptography
IRJET- Secure File Storage on Cloud using CryptographyIRJET- Secure File Storage on Cloud using Cryptography
IRJET- Secure File Storage on Cloud using Cryptography
 
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
 
iaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesiaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineries
 
Enhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPSEnhanced Authentication Mechanism in WLAN via MMBSPS
Enhanced Authentication Mechanism in WLAN via MMBSPS
 
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different Hardware
 
Smart home for specially abled
Smart home for specially abledSmart home for specially abled
Smart home for specially abled
 

Similar to BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes

Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time password
SHASHANK WANKHADE
 
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadehSmart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
nabati
 
Internet of things .pptx [repaired]
Internet of things .pptx [repaired]Internet of things .pptx [repaired]
Internet of things .pptx [repaired]
Self-employed
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) Devices
SanjayKumarYadav58
 
IOT Forensics
IOT ForensicsIOT Forensics
IOT Forensics
MuhammadAwaisQureshi6
 
Chapter_1.pptx
Chapter_1.pptxChapter_1.pptx
Chapter_1.pptx
AadiSoni3
 
9. 23765.pdf
9. 23765.pdf9. 23765.pdf
9. 23765.pdf
TELKOMNIKA JOURNAL
 
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
Mahmud Hossain
 
MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012
MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012
MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012
Charith Perera
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
Open Networking Perú (Opennetsoft)
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET Journal
 
IRJET- A Survey on Secure Protocols of Communication for IoT Components i...
IRJET- A Survey on Secure Protocols of Communication for IoT Components i...IRJET- A Survey on Secure Protocols of Communication for IoT Components i...
IRJET- A Survey on Secure Protocols of Communication for IoT Components i...
IRJET Journal
 
IRJET - Effective Authentication of Medical IoT Devices using Authentication ...
IRJET - Effective Authentication of Medical IoT Devices using Authentication ...IRJET - Effective Authentication of Medical IoT Devices using Authentication ...
IRJET - Effective Authentication of Medical IoT Devices using Authentication ...
IRJET Journal
 
IoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative ApproachesIoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative Approaches
Shashi Kiran
 
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Andri Yadi
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Showcase poster
Showcase posterShowcase poster
Showcase poster
Christopher Dubois
 
Cloud centric multi-level authentication as a service for secure public safet...
Cloud centric multi-level authentication as a service for secure public safet...Cloud centric multi-level authentication as a service for secure public safet...
Cloud centric multi-level authentication as a service for secure public safet...
ieeepondy
 
Internet of things-IoT.pptx
Internet of things-IoT.pptxInternet of things-IoT.pptx
Internet of things-IoT.pptx
Mukulislam1
 
Design of a Hybrid Authentication Technique for User and Device Authenticatio...
Design of a Hybrid Authentication Technique for User and Device Authenticatio...Design of a Hybrid Authentication Technique for User and Device Authenticatio...
Design of a Hybrid Authentication Technique for User and Device Authenticatio...
IRJET Journal
 

Similar to BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes (20)

Security for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time passwordSecurity for automation in Internet of Things by using one time password
Security for automation in Internet of Things by using one time password
 
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadehSmart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
Smart manufacturing through cloud based-r-nabati--dr abdulbaghi ghaderzadeh
 
Internet of things .pptx [repaired]
Internet of things .pptx [repaired]Internet of things .pptx [repaired]
Internet of things .pptx [repaired]
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) Devices
 
IOT Forensics
IOT ForensicsIOT Forensics
IOT Forensics
 
Chapter_1.pptx
Chapter_1.pptxChapter_1.pptx
Chapter_1.pptx
 
9. 23765.pdf
9. 23765.pdf9. 23765.pdf
9. 23765.pdf
 
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
 
MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012
MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012
MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...
 
IRJET- A Survey on Secure Protocols of Communication for IoT Components i...
IRJET- A Survey on Secure Protocols of Communication for IoT Components i...IRJET- A Survey on Secure Protocols of Communication for IoT Components i...
IRJET- A Survey on Secure Protocols of Communication for IoT Components i...
 
IRJET - Effective Authentication of Medical IoT Devices using Authentication ...
IRJET - Effective Authentication of Medical IoT Devices using Authentication ...IRJET - Effective Authentication of Medical IoT Devices using Authentication ...
IRJET - Effective Authentication of Medical IoT Devices using Authentication ...
 
IoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative ApproachesIoT and IIoT - Security Challenges and Innovative Approaches
IoT and IIoT - Security Challenges and Innovative Approaches
 
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
Global Azure Bootcamp 2016 - Real-world Internet of Things Backend with Azure...
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
Showcase poster
Showcase posterShowcase poster
Showcase poster
 
Cloud centric multi-level authentication as a service for secure public safet...
Cloud centric multi-level authentication as a service for secure public safet...Cloud centric multi-level authentication as a service for secure public safet...
Cloud centric multi-level authentication as a service for secure public safet...
 
Internet of things-IoT.pptx
Internet of things-IoT.pptxInternet of things-IoT.pptx
Internet of things-IoT.pptx
 
Design of a Hybrid Authentication Technique for User and Device Authenticatio...
Design of a Hybrid Authentication Technique for User and Device Authenticatio...Design of a Hybrid Authentication Technique for User and Device Authenticatio...
Design of a Hybrid Authentication Technique for User and Device Authenticatio...
 

More from Mahmud Hossain

CACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming ServiceCACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming Service
Mahmud Hossain
 
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Mahmud Hossain
 
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Mahmud Hossain
 
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
Mahmud Hossain
 
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the CloudSecprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
Mahmud Hossain
 
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Mahmud Hossain
 
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Mahmud Hossain
 
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service AuthJugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
Mahmud Hossain
 
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Mahmud Hossain
 

More from Mahmud Hossain (9)

CACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming ServiceCACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming Service
 
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
 
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
 
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in...
 
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the CloudSecprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
 
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
 
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
 
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service AuthJugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
 
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
 

Recently uploaded

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 

Recently uploaded (20)

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 

BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes

  • 1. SECuRE and Trustworthy Computing Lab Authors Mahmud Hossain and Ragib Hasan SECuRE and Trustworthy computing Lab (SECRETLab) University of Alabama at Birmingham Presenter: Mahmud Hossain, PhD Student, Dept. of Computer and Information Sciences, UAB http://secret.cis.uab.edu IoT Boot-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes
  • 2. SECuRE and Trustworthy Computing Lab 2 The Internet of Things (IoT)  A programmable world  Everyday objects are interconnected  Objects are smart enough to make decision  Objects are programmable Smart Thermostat IoT Ecosystem
  • 3. SECuRE and Trustworthy Computing Lab IoT Forecasts and Market Estimates 3  Estimation of connected things by 2020  20.8 billion (Gartner)  26.3 billion (Cisco)  28 billion (Ericson)  34 billion (Business Insider) Source: IoT Analytics (2015) Source: Zinnov Zones (2016)
  • 4. SECuRE and Trustworthy Computing Lab Internet of Insecure Things 4  Smart Objects  TV, webcams, home thermostat, remote power outlets, sprinkler controllers, door locks, home alarm, garage door openers.  IoT Security study by HP1  80% of devices raised privacy concerns  80% failed to require passwords of sufficient complexity and length  70% did not encrypt communications to the internet and local network  60% raised security concerns with their user interfaces [1] Hewlett Packrad (HP), “Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10”, in RSA Conference, 2015
  • 5. SECuRE and Trustworthy Computing Lab Attacks on IoT Systems 5  Remotely hacked an IoT enabled car1  Consumer gadgets sending phishing and spam emails2  DVRs and cameras were infected to form Botnet3  Internet connected Baby Monitors were compromised4  “Hospira” hospital drug pumps were compromised5 [1] IoActive Lab, 2015, http://blog.ioactive.com/2014/04/car-hacking-2-content.html [2] Proofpoint Lab, 2014, https://www.proofpoint.com/us/news [3] Krebson Security, 2016, https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ [4] Rapid7, 2016, https://information.rapid7.com/iot-baby-monitor-research.html [5] Hacking the Drug Pump. 2015. http://money.cnn.com/2015/06/10/technology/drug-pump-hack/
  • 6. SECuRE and Trustworthy Computing Lab The Scope of This Propose Work 6 Secure Network Admission Secure Service Access  Life cycle of an IoT node
  • 7. SECuRE and Trustworthy Computing Lab Content Outline  Motivation and Threat Model  Contribution  Operational Model  Performance Analysis 7
  • 8. SECuRE and Trustworthy Computing Lab Motivation and Threat Model  Static identity usage  Does not provide location privacy  Vulnerable to location tracing and Denial (DoS) of Service attacks  Internet of Vehicle (Connected Cars)  Cyber espionage  False information about collocated vehicles  Smart Home  Infer home owner's presence  User targeted attack (e.g., Burglary or physical attack)  Smart Medical Assistance  DoS attacks for blocking devices from sending real-time updates 8
  • 9. SECuRE and Trustworthy Computing Lab Contributions  Secure network admission  Privacy-aware authentication based on Combined Public Key (CPK) cryptography  Secure end to end communication  Lightweight ECQV implicit certificate scheme for mutual authentication  Experimental evaluation  BooT-IoT is resource efficient compared to contemporary network admission schemes 9
  • 10. SECuRE and Trustworthy Computing Lab Combined Public Key (CPK) Cryptography  Take advantage of Elliptic Curve Cryptograph (ECC)  ECC pair (d,Q); d = secret key and Q = public key  Q = d*G  Two ECC pairs (d1, Q1) and (d2, Q2)  New key pair (d,Q) can be calculated as  Q = Q1 + Q2 = d1*G + d2*G = (d1 + d2)*G = d*G 10
  • 11. SECuRE and Trustworthy Computing Lab BooT-IoT: CPK-based Authentication (1/2) 11 Q11 Q12 … Q1w Q21 Q22 … Q2w Qv1 Qv2 … Qvw . . . . . . . . . PKM  Verifier maintains a Public Key Matrix (PKM)  Qij = PKM[i][j] represents a public key of an ECC pair (dij, Qij)  Verifier issues a set of cells from PKM to a prover  Prover computes (d11,Q11), (d22,Q22)… (dnn, Qnn)  Prover sends (Q11, Q22, …, Qnn) and stores (d11, d22,…, dnn) 1 2 …. v 1 2 . . . w List of Assigned Cells Verifier Prover
  • 12. SECuRE and Trustworthy Computing Lab BooT-IoT: CPK-based Authentication (2/2) 12  Prover generates an ECC pair using [d11], [d22],… [dnn]  Prover selects a combination dij, …,dkl from [d11], [d22],… [dnn] keys  Prover computes  d = dij+ … + dkl  Q =d*G  Prover sends a nonce N, MACk(N), and the indices (ij)…(kl) of cells used to compute Q  K is the shared key between verifier and prover.  Verifier computes Q = PKM [ij] + … + PKM (kl) and verifies Signd(N) using Q
  • 13. SECuRE and Trustworthy Computing Lab Experiment and Evaluation  RE-Mote IoT devices  Webtech IoT Gateway  Contiki IoT Operating System  Analysis and comparison of BooT-IoT with authentication methods of Extensible Authentication Protocol (EAP)  EAP authentication method  TLS-ECC  Pre Shared Key  MD5 13
  • 14. SECuRE and Trustworthy Computing Lab Analysis of Communication Cost 14 1.5x Faster Pre shared key and MD5 faster but do not provide good degree of security.
  • 15. SECuRE and Trustworthy Computing Lab Comparison of Cryptographic Operations 15 Eliminates cryptographic operations for ECDSA signature
  • 16. SECuRE and Trustworthy Computing Lab Comparison of Energy Cost 16 ~70%
  • 17. SECuRE and Trustworthy Computing Lab Conclusion  Secure network admission  Authentication based Combined Pubic Key cryptography  Secure access to service  Certificateless and lightweight mutual authentication scheme  Secure against user targeted attacks  Resource efficient comparted to contemporary network admission security schemes 17
  • 18. SECuRE and Trustworthy Computing Lab Thank You 18 SECRETLab@UAB  Phone: 205.934.8643  Fax: 205.934.5473  Web: http://secret.cis.uab.edu/ Mahmud Hossain  Email: mahmud@uab.edu