Michael Mars, Cloud IoT Architect at Softimize.co, provided techniques for initial setup and pairing of IoT devices in April 2018. The document describes sample device pairing flows involving turning on a Fast Pair-enabled device, establishing a Bluetooth connection when the user taps to pair, and downloading a companion app. It also discusses Bluetooth secured pairing as a 3-phase procedure to establish keys for encrypted links and Bluetooth simple pairing models like numeric comparison, just works, out of band, and passkey entry. Wi-Fi protected setup methods like push button configuration, PIN entry, and out of band channels are also summarized. Finally, an overall architecture for handling device data on onboarding, organization, monitoring, and remote management is
Client Server is networking based project.We made presentation slides to present this topic.It is helpful to everyone.Here we talked about socket programming too.
Client Server is networking based project.We made presentation slides to present this topic.It is helpful to everyone.Here we talked about socket programming too.
This ppt all about digital signature. In this PPT we cover about the Digital Signature and its Security Service provided by digital signature and different attack on digital signature. In this we also cover some digital signature schemes, including RSA algorithm and at the end some applications of digital signatures.
Detection Datasets: Forged Characters for Passport and Driving LicenceIJITE
Forged characters detection from personal documents including a passport or a driving licence is an extremely important and challenging task in digital image forensics, as forged information on personal documents can be used for fraud purposes including theft, robbery etc. For any detection task i.e. forged character detection, deep learning models are data hungry and getting the forged characters dataset for personal documents is very difficult due to various reasons, including information privacy, unlabeled data or existing work is evaluated on private datasets with limited access and getting data labelled is another big challenge. To address these issues, we propose a new algorithm that generates two new datasets named forged characters detection on passport (FCD-P) and forged characters detection on driving licence (FCD-D). To the best of our knowledge, we are the first to release these datasets. The proposed algorithm first reads the plain image, then performs forging tasks i.e. randomly changes the position of the random character or randomly adds little noise. At the same time, the algorithm also records the bounding boxes of the forged characters. To meet real world situations, we perform multiple data augmentation on cards very carefully. Overall, each dataset consists of 15000 images, each image with size of 950 x 550. Our algorithm code, FCD-P and FCD-D are publicly available.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This ppt all about digital signature. In this PPT we cover about the Digital Signature and its Security Service provided by digital signature and different attack on digital signature. In this we also cover some digital signature schemes, including RSA algorithm and at the end some applications of digital signatures.
Detection Datasets: Forged Characters for Passport and Driving LicenceIJITE
Forged characters detection from personal documents including a passport or a driving licence is an extremely important and challenging task in digital image forensics, as forged information on personal documents can be used for fraud purposes including theft, robbery etc. For any detection task i.e. forged character detection, deep learning models are data hungry and getting the forged characters dataset for personal documents is very difficult due to various reasons, including information privacy, unlabeled data or existing work is evaluated on private datasets with limited access and getting data labelled is another big challenge. To address these issues, we propose a new algorithm that generates two new datasets named forged characters detection on passport (FCD-P) and forged characters detection on driving licence (FCD-D). To the best of our knowledge, we are the first to release these datasets. The proposed algorithm first reads the plain image, then performs forging tasks i.e. randomly changes the position of the random character or randomly adds little noise. At the same time, the algorithm also records the bounding boxes of the forged characters. To meet real world situations, we perform multiple data augmentation on cards very carefully. Overall, each dataset consists of 15000 images, each image with size of 950 x 550. Our algorithm code, FCD-P and FCD-D are publicly available.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
Practical requirements for securely demonstrating identities between two handheld
devices are an important concern. The adversary can inject a Man-In- The-Middle (MITM) attack to
intrude the protocol. Protocols that employ secret keys require the devices to share private
information in advance, in which it is not feasible in the above scenario. Apart from insecurely
typing passwords into handheld devices or comparing long hexadecimal keys displayed on the
devices’ screen, many other human-verifiable protocols have been proposed in the literature to solve
the problem. Unfortunately, most of these schemes are unsalable to more users. Even when there are
only three entities attempt to agree a session key, these protocols need to be rerun for three times.
So, in the existing method a bipartite and a tripartite authentication protocol is presented using a
temporary confidential channel. Besides, further extend the system into a transitive authentication
protocol that allows multiple handheld devices to establish a conference key securely and efficiently.
But this method detects only the outsider attacks. Method does not consider the insider attacks. So,
in the proposed method trust score based method is introduced which computes the trust values for
the nodes and provide the security. The trust score is computed has a positive influence on the
confidence with which an entity conducts transactions with that node. Network the behavior of the
node will be monitored periodically and its trust value is also updated .So depending on the behavior
of the node in the network trust relation will be established between two nodes.
Research Inventy : International Journal of Engineering and Scienceinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
A Comprehensive Approach to Secure Group Communication in Wireless NetworksDavid González Romero
A basic slideshow complemented with some other slides I used for illustrating my master's thesis at the Illinois Institute of Technology in the field of cryptography and network security.
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTINGecij
The secret key generation for wireless devices, use for observing with every devices such as signal strength and range of their distance achieved by lower bit matching via RSS. In previous system they are defined secret key for multiple devices from one centralised device. Signal strength will be varied for each devices and connection of that devices also will be lose when the devices goes out of the range. In recent years network security become important issue. Data can be shared with other devices using secret key. We have designed and implement multiple key generation for multiple devices. Each time generated a new secret key for making communication with other devices. Overcome the range of signal strength and centralised networks, able to communicate with any devices with help of AES. Expand the key strength and create a
different secret key upto 256 bit.
Understanding what is IoT security
What is the scope of IoT security
Uses of IoT and where do we see it in our daily life
Possible attack surface and likelihood of IoT-related attacks
IoT specific security assessment (understanding approach, IoT protocols, how it is a combination of different type assessments)
The myths of IoT security and the way it has progressed in past few years and how far fetched it can be.
Available Resources and Tools
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
Subjects covered will include mobile devices OS security, state of malware on mobile devices, data loss prevention, VPN and remote access, 802.1x and certificate deployment, profiling, posture, web security, MDMs and others. For more information please visit our website: http://www.cisco.com/web/CA/index.html
Bluetooth network-security-seminar-reportROHIT SAGAR
basic network to protect blue-tooth from any un-authorised persons and devices ;its vital importance is to protect and send the data with or without any encrypted key
Softimize, the first and leading IoT cloud-mobile-web provider for OEMs in Israel, with special focus on Medical IoT. Softimize's R&D standards comply with IEC 62304, ISO 13485, ISO 14971 and ISO 27001/27799. Softimize's products are HIPAA eligible.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
IoT setup and pairing
1. Michael Mars, Cloud IoT Architect
michaelma@Softimize.co
Techniques for
Initial Setup and Pairing of
IoT Devices
April 2018
2. Your R&D Team
1. Turn on a Fast Pair-enabled device and
put it in pairing mode
o Android scans for BLE broadcasts in
close proximity of the user's phone
and discovers a Fast Pair packet
(if Bluetooth and Location are turned on)
o The packet is sent to server to
get back the device's product image,
product name and companion app
2. The user receives a notification asking
them to "Tap to pair" to the device.
The notification contains the product name and image
3. When the user taps on the notification, we use classic Bluetooth to establish a connection
4. A success notification is shown which contains a link to download the companion app
Let’s start with a pairing example
Source: https://android-developers.googleblog.com/2017/10/announcing-fast-pair-effortless.html
6. Bluetooth Simple Pairing
Bluetooth network consisting of one master and its slaves is called a piconet.
The master controls the timing of all Bluetooth communications on a piconet.
The process of adding a new slave device to a Bluetooth piconet is called pairing.
Bluetooth Simple Pairing is a set of security enhancements to the Bluetooth pairing mechanism.
The goal of Bluetooth Simple Pairing is to establish authentication credentials between the Bluetooth
master and slave devices.
Bluetooth Simple Pairing supports four different pairing models:
“Numeric Comparison” “Just Works” “Out of Band” and “Passkey Entry”
Wireless communication is inherently vulnerable to message injection and eavesdropping attacks.
We cannot rely on the wireless channel alone for establishing credentials.
Thus, we rely on an additional out-of-band channel.
We assume Dolev-Yao active attacker, who can eavesdrop, insert, modify, delay, and reorder
messages sent in the in-band channel.
Source: Kuo, Cynthia, Jesse Walker, and Adrian Perrig. "Low-cost manufacturing, usability, and security: an analysis of bluetooth simple pairing
and Wi-Fi protected setup." International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 2007.
7. Your R&D Team
Bluetooth Secured Pairing
Pairing is a three-phase procedure to establish keys to use for an encrypted link
Pairing phase 1 allows 2 devices to exchange their input/output capabilities, which will decide what
security scheme can be used
Phase 2 and 3 allows 2 devices to share keys that will be used at different stages of security features
3 phases :
• Phase 1: Pairing request & response
• Phase 2: Pairing over SM protocol +
short-term encryption
• Phase 3: Keys exchange +
long-term encryption
Bonding devices store encryption keys for
later secure communication
9. Bluetooth Simple Pairing
Numeric Comparison
◦ When both master and slave can display a 6-digit number and
both provide “Yes” and “No” buttons
◦ Each device displays a 6-digit number computed from the pairing protocol
◦ 6 digits in the PIN (= 106 ≈ 220 possibilities),
an attacker can compromise the PIN with a probability of at least 2−20
Just Works
◦ At least one of the devices has no display or “Yes/No” buttons (e.g. Bluetooth headset)
◦ Uses Numeric Comparison internally,
but does not display the six digits for comparison even if one of the devices has a suitable display
◦ No security against active attack
“Out-of-band”
◦ When alternate communication medium exists on both devices, such as Near Field Communication (NFC)
◦ The alternate medium transfers a key between the devices and functions as the out of-band channel in the standard model.
◦ Transfer of a large key can provide more security
◦ Security depends on the user properly exercising the alternate communication channel
Passkey Entry
◦ When one of the devices has a display and the other a keypad
◦ The device with the display randomly generates a 6-digit number, and the user enters this on the other device using the keypad
◦ The protocol splits the passkey into 20 bits and reveals one bit over 20 rounds of exchanges
◦ An eavesdropper can compute each bit of the passkey after it has been sent
(thus, a passkey can only be used securely once)
Pairing Algorithms
10. Wi-Fi Protected Setup
Developed to address consumers’ credential configuration problem
Wi-Fi Protected Setup supports three setup methods:
Push Button Configuration, PIN entry, and Out-of-band channel
Wi-Fi, or IEEE 802.11, is a Local Area Network standard.
Usually deployed as an infrastructure network, which consists of one or more access points, and one or more mobile
devices called stations.
Each station forms a connection, called an association, with a single access point.
Wi-Fi attempts to address more complex relationships among wireless devices:
The Wi-Fi scheme uses three different devices:
the registrar, which is the network enrollment center; an access point; and
an enrollee, which is the device being added to the network.
For security Wi-Fi uses the 802.11i standard, also called WPA2.
WPA2 uses the IETF EAP protocol to mutually authenticate a station and the network and to derive a session key.
The session key provides confidentiality, integrity, and origin authenticity for each frame that a station and its access
point exchange.
Thus, Wi-Fi security relies on a long-lived authentication credential being established between the station and the
network.
11. Wi-Fi Protected Setup
Push Button Configuration (PBC)
◦ The user pushes buttons on both the registrar and the enrollee devices.
The button push causes both to initiate an unauthenticated Diffie-Hellman exchange
◦ Has no security in the standard model
◦ The method assumes that the Diffie-Hellman peer is the correct device, i.e.,
that a malicious active attacker is not present.
◦ There is no out-of-band channel
PIN
◦ The enrollee device has a four- or eight-digit PIN which is entered on the registrar’s keypad
◦ The PIN method uses the PIN as an authentication key to protect a Diffie-Hellman exchange
◦ The transfer of the PIN from the enrollee device to the registrar is the out-of-band channel for the PIN
method
◦ A random eight-digit PIN represents 108 = 226.65 possibilities. However, the PIN protocol splits the PIN
into two four-digit numbers. Each side commits to its value for each half of the PIN and exchanges
“Out-of-band”
◦ An alternate communication channel, such as an NFC channel, transfers some information between the
registrar and the enrollee
◦ It is possible to obtain an arbitrary amount of security in the standard model,
provided the user actively participates in protecting the alternate channel from attack
12. Security Characteristics of Setup Models
Source: Kuo, Cynthia, Jesse Walker, and Adrian Perrig. "Low-cost manufacturing, usability, and security: an analysis of bluetooth simple pairing
and Wi-Fi protected setup." International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 2007.
13. Pairing Process with NFC
The telephone contains a
BT device and an NFC reader
The headset contains a
BT device and an NFC Tag
The telephone will start reading the NFC Tag with NFC technology.
NDEF message on Tag will contain a Bluetooth carrier configuration data record:
• Bluetooth address = Headset Device address
• Generic access profile = Headset
• Local name = “Cool Headset”
1. The headset starts Bluetooth advertising with its own ‘Headset device Address’ after the NFC Tag
content is read
2. The telephone starts Bluetooth scanning for a device with ‘Headset device Address’ after it has read
the NFC tag
3. Bluetooth link is established by a simple intuitive user interaction
Pairing headset with telephone
14. Mobile application scans the QR-code found in the back of
the device to pair and connect the device to the user’s
smartphone
QR-Code Pairing
15. Onboarding
◦ Control the provisioning workflow
◦ IoT Device Management Templates
◦ Certificates and access policies
Organization
◦ Hierarchical model of your fleet
◦ Set policies on hierarchical basis
◦ Query the fleet on attributes (e.g. device type, firmware version)
Monitoring
◦ Telemetry - real-time connection, authentication, and status metrics
Remote Management
◦ Push new software and firmware
◦ Reset to factory defaults
◦ Reboot
◦ Bulk updates rollouts
Overall architecture for handling device data
Source: Jeff Barr, New- AWS IoT Device Management, in AWS IoT Device Management, AWS Re:Invent*, Internet Of Things*, 29 Nov 2017
https://aws.amazon.com/blogs/aws/aws-iot-device-management/
16. Your R&D Team
Recommended Resources
Bluetooth Core Specification (version 4.0), and Supplements
Bluetooth® Secure Simple Pairing Using NFC
NFC Forum Connection Handover Technical Specification
NFC Forum NFC Data Exchange Format (NDEF) Technical Specification
Cynthia Kuo, Jesse Walker, and Adrian Perrig, Low-Cost Manufacturing, Usability, and Security: An
Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup