Conference PaperPDF Available

New Paradigms for Access Control in Constrained Environments

Authors:

Abstract and Figures

The Internet of Things (IoT) is here, more than 10 billion units are already connected and five times more devices are expected to be deployed in the next five years. Technological standarization and the management and fostering of rapid innovation by governments are among the main challenges of the IoT. However, security and privacy are the key to make the IoT reliable and trusted. Security mechanisms for the IoT should provide features such as scalability, interoperability and lightness. This paper addresses authentication and access control in the frame of the IoT. It presents Physical Unclonable Functions (PUF), which can provide cheap, secure, tamper-proof secret keys to authentify constrained M2M devices. To be successfully used in the IoT context, this technology needs to be embedded in a standardized identity and access management framework. On the other hand, Embedded Subscriber Identity Module (eSIM) can provide cellular connectivity with scalability, interoperability and standard compliant security protocols. The paper discusses an authorization scheme for a constrained resource server taking advantage of PUF and eSIM features. Concrete IoT uses cases are discussed (SCADA and building automation).
Content may be subject to copyright.
New Paradigms for Access Control in Constrained
Environments
A. Cherkaoui, L. Bossuet, L. Seitz, G. Selanderand R. Borgaonkar§
Hubert Curien Lab(France), SICS Swedish ICT(Sweden), Ericsson Research(Sweden), TU Berlin / T-Labs§(Germany)
Emails: abdelkarim.cherkaoui@univ-st-etienne.fr, lilian.bossuet@univ-st-etienne.fr, ludwig@sics.se,
goran.selander@ericsson.com, ravii@sec.t-labs.tu-berlin.de
Abstract—The Internet of Things (IoT) is here, more than 10
billion units are already connected and five times more devices
are expected to be deployed in the next five years. Technological
standarization and the management and fostering of rapid
innovation by governments are among the main challenges of
the IoT. However, security and privacy are the key to make
the IoT reliable and trusted. Security mechanisms for the IoT
should provide features such as scalability, interoperability and
lightness. This paper adresses authentication and access control
in the frame of the IoT. It presents Physical Unclonable Functions
(PUF), which can provide cheap, secure, tamper-proof secret keys
to authentify constrained M2M devices. To be successfully used
in the IoT context, this technology needs to be embedded in a
standardized identity and access management framework. On
the other hand, Embedded Subscriber Identity Module (eSIM)
can provide cellular connectivity with scalability, interoperability
and standard compliant security protocols. The paper discusses
an authorization scheme for a constrained resource server taking
advantage of PUF and eSIM features. Concrete IoT uses cases
are discussed (SCADA and building automation).
I. INTRODUCTION
We evolve because we communicate. Data is interpreted as
information, from which we derive a knowledge that translates
into wisdom. Considering the impact the Internet already has
had on education, communication, business and science, it
certainly appears to be one of the most important creations
in human history. Now, the evolution of the Internet is leading
to a global network of objects, which is commonly refered to
as the Internet of Things (IoT). The IoT enables the Internet to
reach out to the real world of physical objects by combining
their ability to sense, collect data, transmit it, analyze it, and
distribute it on a massive scale.
Ultimately, everything would be connected anytime, at
anyplace. This convergence of virtual and physical worlds can
drastically improve the user’s experience, but it also presents
several challenges regarding security and privacy, which are
among the main barriers for the deployment of IoT on a
broad scale [1]. IoT security needs to be garanteed on several
levels. Communication with the IoT needs to be encrypted
with proven algorithms using keys with high entropy that
are securely exchanged between the user and the IoT. The
communication channel is usually secured using a symmetric
encryption algorithm like AES, while public key encryption is
prefered for low data rate communication (e.g. key exchange).
Ideally, an IoT chip would embed a crypto-processor which
performs the encryption tasks and provides secure key man-
agement (key generation, key storage, etc).
Authentication using secret keys stored in non volatile mem-
ories presents nowadays many vulnerabilities, principaly due
to the development of active attacks (e.g. probing) and passive
attacks (e.g. differential power analysis). Protection mecha-
nisms against these attacks are expensive and not adapted
to devices with constrained size and energy. On the other
hand, future IoT scenarios would involve billions of heteroge-
neous devices which some of them maybe reprogrammable.
In many cases, non expert users would define policy and
permissions for the use of their own resources. Therefore,
security mechanisms for the IoT should also provide features
such as scalability, interoperability while still being sufficiantly
light.
This paper discusses two technologies that, combined to-
gether, provide most of the building blocks that meet these
requirements: Physical Unclonable Functions (PUF) provide
secure, low-cost authentication means in constrained devices
while eSIM provide cellular connectivity with the flexibility
to change operator or late binding of subscription needed in
many IoT use cases. Section II presents the PUF technology
and discusses a few design candidates that seem suitable for
the IoT use cases. Section III presents eSIM and its features.
Section IV describes the identity and access management
framework to show how these technologies fit together in
a security architecture for IoT devices. Finally, Section V
concludes the paper.
II. PHYSICAL UNCLONABLE FUNCTIONS - PUF
Privacy is an important prerequisite in most IoT use cases,
especially when the managed data is sensitive. This is true
even for a simple device like a sensor: the consequences
of a compromised temperature sensor in a power plant can
range from costly to disastrously. PUF provide a promising
framework for authentication in IoT architectures especially
in reconfigurable and/or constrained devices.
A. Privacy by design
Nowadays, traditionnal authentication methods based on
secret digital keys often require additionnal protection mecha-
nisms for the key storage. In fact, numerous active and passive
attacks which aim at extracting these keys have been developed
and reported over the past several years. On the other hand,978-1-4799-5810-8/14/$31.00 c
2014 IEEE
FPGA-based reconfigurable devices are increasingly growing
in the market of embedded and mobile applications. Integrat-
ing secure non-volatile memories in FPGA significantly raises
the fabrication overhead and production costs: in fact, most
commercial FPGA do not include it. The storage of secret keys
in FPGA therefore requires external memory with additionnal
contermeasures to protect it against attacks.
The concept of PUF was first introduced by Pappu in
[2]. PUF introduce a new paradigm shift from explicitely
programmed digital identity to unclonable physical identity.
They are mostly electrical constructions that extract a unique
secret key from physical parameters of the device: the chal-
lenge/response procedure is based on a physical interaction
which is theoretically unclonable. Entropy is derived from
a physical random variable as the mismatch in transistor
attributes (length, width, oxide thickness, etc) due to manu-
facturing process variability (MPV). The founding principle
is that MPV are not controllable (they are not predictable)
and not reproducible. Therefore and ideally (if the extraction
mechanism is properly designed), a PUF extracts secret keys
which are unique (each device has a unique, non reproducible
ID based on its unique physical characteristics), random (it
is impossible to predict the response of a device to a given
challenge), reliable (each device reproduces the same response
to a give challenge) and tamper resistant (probing the PUF
changes its physical behavior and thus the obtained response).
Therefore, a PUF can be seen as a function returning a
fingerprint of the device in which it is implemented, or even
of a specific part inside the device.
B. A closer look at PUF designs
Traditionnally, silicon based PUF rely on manufacturing
process variability (MPV) to generate unique, reliable and
unpredictable identifiers. There exist many silicon PUF archi-
tectures, but there are two main approaches to extract secrets
from MPV: methods based on delay measurements and other
methods related to the resolution of a metastability situation.
SRAM-PUF [4] and butterfly PUF [5] rely on the settling state
of a couple of cross-coupled elements. At the initialization
of an SRAM, most cells outputs are biased toward ’1’ or
’0’ depending on MPV. The arbiter PUF [3] relies on the
race of two events (electrical transitions) in two symmetrical
delay lines. The Ring Oscillator based PUF [6] (RO-PUF)
leverages the frequency mismatch between several identically
designed ring oscillators (RO). Most recent PUF architectures
are based on differential measurements in order to improve
the responses stability against environmental changes (mainly
temperature and voltage). PUF designs are often characterized
in terms of intra-device variation (a value close to 0% means
that PUF responses are reliable) and inter-device variation (a
value close to 50% means that PUF responses are unique).
Some PUF designs can provide an additionnal True Random
Number Generator (TRNG) function with little design over-
head since the entropy extraction methods are very similar to
those used usually in PUF, the variable being the source of
entropy targetted (MPV for PUF against noise for TRNG).
This feature is particulary interesting in constrained devices
because it allows to provide high entropy keys for encryption
mechanisms with very little design effort (implementing each
feature independently would be much more expensive). Table
I presents a comparison between four PUF designs in terms of
uniqueness, reliability, mathematical unclonability, the ability
to provide an additionnal TRNG function and their imple-
mentation effort. Intra-device and inter-device variations are
provided in [7] for ASIC and FPGA implementations.
TABLE I
COMPARISON OF THE MAIN PUF ARCHITECTURES IN DIGITAL DEVICES
(*INT RA-DEVICE AND IN TER-DEVICE VARIATIONS HAVE BEEN
CHARACTERIZED IN [7], PP = REQ UIR ES H EAVY PO ST-PRO CE SSI NG, D O =
INVOLVES AN IMPORTANT DESIGN OVERHEAD)
Butterfly
PUF
SRAM
PUF
Arbiter
PUF
RO PUF
Challenge cell selec-
tion
SRAM
adress
delay path
selection
RO selec-
tion
Response settling
state
memory
state
delay
length
oscillation
frequency
Inter-dev.
var.*
50% 50% 38% 46%
Intra-dev.
var.*
6% 12% 10% 0.5%
Math.
clonabil-
ity
no no yes possible
TRNG DO and PP DO and PP no DO
Implemen-
tation
easy easy difficult easy
Arbiter PUF seem nowadays obsolete considering their low
uniqueness and reliability. Their main flaws are the difficulty
to place and route identical delay lines which results in a
low entropy in the subsequent responses, and therefore a high
vulnerability to modeling attacks. This is more especially the
case in FPGA in which routing circuitery is often complex and
uses active elements such as multiplexors. SRAM and butterfly
PUF have remarkable uniqueness properties while being fairly
reliable. They can be easily embedded in most targets (using
SRAM, flip-flops, latches, bus keepers, etc) and are known to
be resistant to modeling attacks. Additional TRNG function
can be obtained but at a high cost. In fact, very few memory
cells would have unpredictable behavior and there is no prior
way to determine which cells should be used for the TRNG.
Also, one main barrier for their usage in many of the IoT use
cases is their low number of challenge/response pairs.
RO-PUF is reliable and has good uniqueness. Its implemen-
tation is straightforward since inverter ring oscillators integrate
very well in all ASIC and FPGA design flows. The number of
pair of challenge/response is potentially very large (2nwhere
nis the number of oscillators) although some of them may be
correlated. An additionnal TRNG feature can be implemented
by integrating a XOR tree at the outputs of the ring oscillators
(the size of the design is approximately doubled in the case
of rings of tens of elements). Until recent years, RO-PUF was
considered as a promising candidate for large scale usage of
PUF. Yet, recent studies highlighted two security issues that
may change this status: the mutual influence of RO frequencies
through supply lines (locking phenomenon) which can be
maliciously exasperated to fault the PUF behavior, and even
worse, the possibility of extracting the RO frequencies through
contactless electromagnetic charecterization [8] without af-
fecting the PUF behavior. The first case would be simply
a denial of service, while the latter could possibly allow to
mathematically clone the identifier (even though such attack
has not been performed yet).
C. TERO-PUF: a promising PUF candidate ?
The Transient Element Ring Oscillator based PUF (TERO-
PUF) is a delay based PUF which has been recently pro-
posed in [9]. The main argument of TERO-PUF is that it
reproduces most of RO-PUF features (good uniqueness and
reliability, straightforward implementation, large number of
challenge/response pairs) while presenting considerably less
security flaws and providing the TRNG feature with a very
low design effort.
A full TERO-PUF architecture is composed of several
TERO loops, whose architecture is described in Fig. 1. Each
TERO loop consists of a bistable circuit composed of two
intialization stages and 2 branches (ideally symmetrical) of
an odd number of inverters. After the initilization, two events
(electrical transitions) start propagating across the TERO loop
which provokes a periodic oscillation of the output. Due to
the charge and discharge phenomena, there occurs a drafting
effect where one event closes the distance to the other until
they ultimately collide which stops the oscillation. Since
the number of oscillations in each TERO loop depends on
manufacturing process variability that affects individually each
logic cell in the device, it appears natural to use a counter
as an entropy extractor. An 8-bit counter is placed at the
output of each TERO loop. Challenges consist of selecting
two TERO loops. Multiplexors allows to select pairs of TERO-
loops whose number of oscillation is compared to provide the
subsequent response to the challenge.
Fig. 1. TERO-PUF basic cell architecture
The number of oscillations in each TERO loop depends on
three parameters:
Intrinsic noise: The effective number of oscillations is directly
affected by intrinsic noise fluctuations (white noise, flicker
noise, etc) in each logic cell of the TERO loop. Therefore, the
reliability of each bit of the output comparison decreases from
most significant bits (MSB) to least significant bits (LSB).
Manufacturing process variability: The mean number of
oscillations depends on manufacturing process variability, it
is independent of noise fluctuations.
Charge and discharge parameters: The dependency of the
number of oscillations on the charge and discharge param-
eters is maybe, unexpectedly, the most interesting feature
of TERO-PUF. Probing the output signal of a TERO loop
would necesseraly change its output capacitance, resulting in
a change in its number of oscillations. This features makes
the TERO-PUF strongly tamper evident and resistant against
active attacks that aim at cloning the identifier. Moreover,
TERO-PUF are non vulnerable to contacless electromagnetic
characterization methods as for RO-PUF. In fact, these meth-
ods are based on frequency analysis, they cannot detect brief
transient oscillations in the case of TERO-PUF.
The two MSB of the 8-bit counters were used to build 128-
bit, 189-bit and 252-bit signatures which have been evaluated
in terms of uniqueness in reliability in 36 PUF instances in
Altera Cyclone II FPGA. Results are presented in Table II:
they show that TERO-PUF has good uniqueness and reliability
properties in FPGA implementations.
TABLE II
UNIQUENESS AND STABILITY OF IDS GE NER ATED U SIN G A 64-LO OP
TERO PUF IN AN ALTE RA CY CLO NE II FPGA
ID size (bits) Intra-device variation (%) Inter-device variation (%)
126 1.73 48.07 %
189 2.07 48.99 %
252 2.75 49.27 %
III. EMBEDDED SIM
Innovation regarding IoT is rapidely increasing, a wider
adoption of the IoT requires pressing the capitals and reducing
the operational costs. Classical removable SIM (Suscriber
Identity Module) cards and their logistic are certainly a bar-
rier for the development of M2M wireless communications.
Changing SIM card is problematic in many business cases:
many M2M devices are remotely deployed, often hermetically
sealed, their after sale location is not known during production
and furthermore their product life cycles are lengthy1(network
operator may change during their life time).
To overcome these issues, the GSMA has developed the new
embedded SIM (eSIM) standard to fullfill all the scalability,
interoperability and over-the-air (OTA) connectivity require-
ments for an array of new connected products. eSIM is a
non-removable, standard compliant, physical SIM specially
designed for M2M devices and which can provide secure
connectivity to the IoT. Its main features are:
Secure remote provisioning: provisioning of one or mul-
tiple operator credentials into a SIM, remote enable-
ment/disablement of the operator credentials within the SIM
(which enables a change of active operator), remote deletion
of an operator credentials within a SIM. Remote provisioning
can be performed OTA with encrypted packets or using SMS
or https connection.
New network elements: Subscription Manager - Data Prepa-
ration (SM-DP) used to securely encrypt operator credentials
and Subscription Manager - Secure Routing (SM-SR) used
to securely deliver the credentials to the SIM and remotely
1http://www.gsma.com/connectedliving/embedded-sim/
manage the SIM once they are installed. These network
elements make easier selecting and installing different mobile
operator credentials once the M2M device has been deployed.
eSIM also provide tamper-proof key storage that can be
used to authentify M2M devices, however at higher cost
than PUF (especially when the other eSIM services are not
required). Therefore, PUF seem suitable for a large number of
constrained devices which does not need to be individually
connected to the IoT (sensors, actuators, etc), while eSIM
would be suitable for a smaller number of more powerful
devices (e.g. control devices, gateways).
IV. PRACTICAL USE CASES IN THE FRAME OF THE IOT
While PUF can provide a cheap, tamper-proof, secret
key which can be used for authentication, this technology
needs to be embedded in a standardized identity and access
management framework in order to reap its benefits. The
target platform that would use PUF would be low cost,
mass produced IoT devices with very constrained resources
(battery driven, very small volatile and persistent memory, low
processor power). These devices would typically interact with
more powerful devices, such as gateways, client devices or
control units that would be equipped with eSIM. Standardized
authentication protocols would use the secret keys provided by
either PUF or eSIM to authenticate the different IoT devices in
such a framework. Based on that authentication, access control
can be performed in order to secure access to the data and
functions provided by the IoT devices.
Fig. 2. Authentication and authorization scheme for constrained M2M
devices using PUF and eSIM features
In Fig. 2 we present such a framework, which involves four
parties: a constrained resource server (the IoT device) which
authenticates using PUF, a client with an eSIM who wants to
access the resource server, a back-end authorization server, and
a resource owner, whose role is limited to the deployment steps
which consist of bootstrapping the devices, registering them in
the authorization server then setting the authorization policies
(steps 1. and 2.). Making access control decisions has been
offloaded to the authorization server (which is unconstrained),
whereas the resource server only needs to enforce these
decisions. This design allows to minimize the functionality
that needs to be implemented on the constrained IoT devices.
A more detailed description of this design is presented in [10].
This scheme can be applied for a number of uses cases such
as building automation and SCADA (Supervisory Control And
Data Acquisition). Table III illustrates how PUF and eSIM can
be effectively utilized in both those use cases.
TABLE III
PUF AN D ESIM UT IL IZATI ON I N TWO IOTP RAC TIC AL U SE CA SE S
Use case PUF eSIM
Building
automa-
tion
heaters, temperature
sensors, smoke detectors,
doorlocks, cameras
gateway, e-car
SCADA sensors and actuators in a
refinery, in an oil platform
gateway of the oil
platform/rafinery,
transport vehicules,
petrol stations
V. CONCLUSION
Security protocols for the IoT need to be flexible and
scalable while still being compliant with communication stan-
dards. This paper adresses authentication and access control
(ACC) in constrained environments connected to the IoT. Two
promising technologies are presented (PUF and eSIM) and
an ACC framework and use cases are discussed. While PUF
are appropriate to authenticate security critical constrained
devices, eSIM provide all the credentials to securely connect
to the IoT and communicate with it. The proposed setup takes
fully advantage of eSIM standard compliance and flexibility
features (remote provisionning, late binding, etc) and PUF
lightness and security features (tamper evidence, the impos-
sibility to physically clone identifiers, etc).
ACK NOW LE DG ME NT
This research work is in the frame of the EIT (European
Institute of innovation and Technology) ICT activity 14056.
REFERENCES
[1] D. Miorandi, S. Sicari, F. Pellegrini, and I. Chlamtac. Internet of
Things: Vision, Applications and Research Challenges. Ad Hoc Networks,
10(7):14971516, September 2012.
[2] Ravikanth S. Pappu. Physical one-way functions. PhD Thesis, MIT, 2001.
[3] B. Gassend, D. Lim, D. Clarke, M. Van Dijk, and S. Devadas. Iden-
tification and authentication of integrated circuits. Concurrency and
Computation: Practice and Experience, 16(11):10771098, 2004.
[4] J. Guajardo, S.S. Kumar, G.J. Schrijen and P. Tulys. FPGA Intrinsic PUFs
and Their Use for IP Protection. In Proc. of Int. Conf. on Cryptographic
Hardware an Embedded Systems (CHES), Springer, LNCS, vol. 4727,
pp. 63-80, 2010.
[5] S.S. Kumar, J. Guajardo, R. Maes, G.-J. Schrijen and P. Tulys. Extended
Abstract: The Butterfly PUF Protecting IP on every FPGA. In Proc. of
Int. Sym. on Hardware-Oriented Security and Trust (HOST), pp. 67-70,
2008.
[6] A. Maiti, J. Casarona, L. McHale and P. Schaumont. A large scale
characterization of RO-PUF. In Proc. of Int. Sym. on Hardware-Oriented
Security and Trust (HOST), IEEE, pp.94-99, 2010.
[7] Roel Maes, Ingrid Verbauwhede. Physically Unclonable Functions: A
Study on the State of the Art and Future Research Directions. Towards
Hardware-Intrinsic Security 2010: 3-37.
[8] P. Bayon, L. Bossuet, A. Aubert, V. Fischer. EM leakage analysis on
True Random Number Generator: Frequency and localization retrieval
method. In Proc. of Asia-Pacific Int. Symp. And Exh. On Electromagnetic
Compatibility (APEMC), 2013.
[9] L. Bossuet, X.T. Ngo , Z. Cherif, V. Fischer. A PUF based on transient
effect ring oscillator and insensitive to locking phenomenon. IEEE Trans.
Emerg. Top. Comput., 2013.
[10] L. Seitz, G. Selander, C. Gehrmann. Authorization Framework for the
Internet-of-Things. In Proc. 4th IEEE International Workshop on Data
Security and PrivAcy in wireless Networks (D-SPAN ’13), 2013.
... Additionally, the inherent advantage of intrinsic memory-based PUFs being lightweight and cost-efficient, allows them to be considered as an adequate security mechanism for the IoT, in the same manner that the inherent advantage of glass being transparent allows it to be considered as an adequate and practical isolation mechanism for a wide range of use cases, which range from common houses and vehicles to bottles and drinking vessels, the latter of which, i.e., the drinking vessels, are themselves commonly known as glasses. Therefore, while glass is rather more fragile than bricks and mortar 29 , it is rather widely used in practice due to its advantage of being transparent, in the same way that the fact that memory-based PUFs are lightweight, cost-efficient, and flexible security primitives, can also allow them to potentially act as adequate security mechanisms in a wide range of practical applications, as long as they can provide an acceptable level of security in relation to the relevant risks 30 . ...
... In general, however, we note that, by using hardware components that already form part of the relevant 29 In this context, and alluding to the previous paragraph that suggested that almost all, if not all, of the most well-known and most commonly used security mechanisms cannot prevent all potential attacks, at least on their own, we observe that such is the case also with both glass, and brick and mortar, as neither of them can, for example, fully protect from the effects of a nuclear weapon attack. Nevertheless, as such an attack is usually considered as rather improbable, although the relevant tensions between world powers are currently rising and a significant number of people live in urban areas that can be considered as potential targets of such attacks in the event of a nuclear war, the number of nuclear war shelters that have been built is rather low, and the number of domestic houses with walls that would protect from a relevant attack remains rather insignificant, with an extremely low number of people even considering the potential merits of walls of such a protective nature. ...
... to 70°C, at intervals of 10°C, as shown in Figure 4. 29. In this way, we can know how different are the PUF responses measured at 20°C from PUF responses from the same PUF instance that have been measured at a temperature ranging from 0°C to 70°C, at intervals of 10°C. ...
Thesis
Full-text available
In this work, we examine whether Physical Unclonable Functions (PUFs) can act as lightweight security mechanisms for practical applications in the context of the Internet of Things (IoT). In order to do so, we first discuss what PUFs are, and note that memory-based PUFs seem to fit the best to the framework of the IoT. Then, we consider a number of relevant memory-based PUF designs and their properties, and evaluate their ability to provide security in nominal and adverse conditions. Finally, we present and assess a number of practical PUF-based security protocols for IoT devices and networks, in order to confirm that memory-based PUFs can indeed constitute adequate security mechanisms for the IoT, in a practical and lightweight fashion. More specifically, we first consider what may constitute a PUF, and we redefine PUFs as inanimate physical objects whose characteristics can be exploited in order to obtain a behaviour similar to a highly distinguishable (i.e., “(quite) unique”) mathematical function. We note that PUFs share many characteristics with biometrics, with the main difference being that PUFs are based on the characteristics of inanimate objects, while biometrics are based on the characteristics of humans and other living creatures. We also note that it cannot really be proven that PUFs are unique per instance, but they should be considered to be so, insofar as (human) biometrics are also considered to be unique per instance. We, then, proceed to discuss the role of PUFs as security mechanisms for the IoT, and we determine that memory-based PUFs are particularly suited for this function. We observe that the IoT nowadays consists of heterogeneous devices connected over diverse networks, which include both high-end and resource-constrained devices. Therefore, it is essential that a security solution for the IoT is not only effective, but also highly scalable, flexible, lightweight, and cost-efficient, in order to be considered as practical. To this end, we note that PUFs have been proposed as security mechanisms for the IoT in the related work, but the practicality of the relevant security mechanisms has not been sufficiently studied. We, therefore, examine a number of memory-based PUFs that are implemented using Commercial Off-The-Shelf (COTS) components, and assess their potential to serve as acceptable security mechanisms in the context of the IoT, not only in terms of effectiveness and cost, but also under both nominal and adverse conditions, such as ambient temperature and supply voltage variations, as well as in the presence of (ionising) radiation. In this way, we can determine whether memory-based PUFs are truly suitable to be used in the various application areas of the IoT, which may even involve particularly adverse environments, e.g., in IoT applications involving space modules and operations. Finally, we also explore the potential of memory-based PUFs to serve as adequate security mechanisms for the IoT in practice, by presenting and analysing a number of cryptographic protocols based on these PUFs. In particular, we study how memory-based PUFs can be used for key generation, as well as device identification, and authentication, their role as security mechanisms for current and next-generation IoT devices and networks, and their potential for applications in the space segment of the IoT and in other adverse environments. Additionally, this work also discusses how memory-based PUFs can be utilised for the implementation of lightweight reconfigurable PUFs that allow for advanced security applications. In this way, we are able to confirm that memory-based PUFs can indeed provide flexible, scalable, and efficient security solutions for the IoT, in a practical, lightweight, and inexpensive manner.
... This solution is used as a frame of reference by Cherkaoui et al. [17] that focuses on the physical aspect of the IoT. It presents Physical Uncloneable Functions (PUF) [50] as a mean to generate and protect the keys used to secure communication. ...
Article
Full-text available
The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.
... The foremost successful strategy for fortifying the security and security of the Web of Things ought to be based on guaranteeing the accessibility of less user-identifying information exterior of an individual's claim circle of impact. When it comes to finishing this objective of decreasing the accessibility of such information, the Web of Things may concentrate more on local information handling instead of centralized data preparation, and it may also emphasize expanding flat communication between keen gadgets instead of vertical communication [29].The Web of Things to benefits from existing strategies for protection and security conservation, such as information irritation, client-side personalization, encryption, information secrecy and muddling, and information confusion. In any case, comparable techniques have to be altered to require into thought the scattered nature of information in IoT systems in arrange to be compelling. ...
... The foremost successful strategy for fortifying the security and security of the Web of Things ought to be based on guaranteeing the accessibility of less user-identifying information exterior of an individual's claim circle of impact. When it comes to finishing this objective of decreasing the accessibility of such information, the Web of Things may concentrate more on local information handling instead of centralized data preparation, and it may also emphasize expanding flat communication between keen gadgets instead of vertical communication [29].The Web of Things to benefits from existing strategies for protection and security conservation, such as information irritation, client-side personalization, encryption, information secrecy and muddling, and information confusion. In any case, comparable techniques have to be altered to require into thought the scattered nature of information in IoT systems in arrange to be compelling. ...
Article
The Internet of Things is now being developed to be the most cutting-edge and user-centric technology in the works. Raising both an individual's and society's level of life is the goal of this endeavour. When a technology advances, it always acquires certain flaws, which are always open to being attacked and taken advantage of in some manner. In this work, the problems posed by the Internet of Things (IoT) based on the fundamental security principles of confidentiality, integrity, and availability are discussed. It has also been discussed how an overview of the security restrictions, requirements, processes, and solutions implemented for the challenges generated in secured communication inside the IoT ecosystem. In this paper, the vulnerabilities of the underlying Internet of Things network are brought to light, and many security concerns on multiple tiers of the Internet of Things ecosystem have been examined. Based on the findings of our research into the vulnerabilities that are now present, a variety of potential solutions have been proposed in order to solve the ongoing problems that are plaguing the IoT ecosystem. In addition to that, it provides an overview of the various protocols that are used for security in IoT.
... The traditional way of changing a mobile operator is by swapping SIM cards, which becomes problematic and expensive when we consider massive IoT deployments [85]. Every company operating in this field strongly avoids such operations, with the result of being tied to contracts with operators, losing flexibility, and frequently opting for synchronizing changes to product releases, entirely replacing old devices. ...
Thesis
Full-text available
The increasing use of smart devices for monitoring spaces has caused an increase in concerns about the privacy of users of these spaces. Given this problem, the legislation on the right to privacy has been worked to ensure that the existing laws on this subject are sufficiently comprehensive to preserve the privacy of users. In this way, research on this topic evolves in the sense of creating systems that ensure compliance with these laws, that is, increase transparency in the treatment of user data. In the context of this dissertation, a demonstrator-based strategy is presented to provide users control over their stored data during the temporary use of an intelligent environment. In addition, this strategy includes transparency guarantees, highlights the right to forgetting, provides the ability to consent and proof of that consent. A strategy for privacy control in such environments is also mentioned in this paper. This dissertation was developed within the CASSIOPEIA project where the case study focuses on the SmartBnB problem where a user rents a smart home for a limited time. This paper presents the developed system that ensures the user's privacy and control over their data.
... The traditional way of changing a mobile operator is by swapping SIM cards, which becomes problematic and expensive when we consider massive IoT deployments [5]. Every company operating in this field strongly avoids such operations, with the result of being tied to contracts with operators, losing flexibility, and frequently opting for synchronizing changes to product releases, entirely replacing old devices. ...
Conference Paper
Full-text available
Up until recently, a physical SIM card was mandatory to make calls, send messages, and access the Internet using hardware modems, but a physical card has some limitations, especially when it is used within IoT devices deployed in a wide area. eSIM is an embedded alternative of the traditional physical SIM cards, providing the same usability, privacy, and security, but also minimizing some disadvantages of the traditional SIM card. In this work, we explore the usability of eSIM on vertical using 5G that can benefit from adopting eSIM. We start by presenting an overview of eSIM, discuss its main features, compare it to the physical SIM card, and specify the main characteristics of each vertical market.
... However, small type B sensors may F I G U R E 7 Enabling smart grid use case with 5G networks and IoT devices (type A and B) use a gateway equipped with eSIM for reporting readings or measurement data to the SGCC. In addition, similar to work presented by Cherkaoui et al., 62 eSIM based security solutions together with Physical Unclonable Functions (PUF) based security solutions can be used for authentication and authorization of resource-constrained type B IoT devices. The eSIM modules are widely used in today's IoT devices. ...
Article
Full-text available
This article investigates and analyzes the security aspects of 5G specifications from the perspective of IoT-based smart grids. As the smart grid requires high-speed and reliable communication to enable real-time grid monitoring via Internet of Things (IoT) devices, 5G can be considered a catalyst to transform the current power grid infrastructure into a smart grid. Thus, an understanding of what 5G can bring in terms of cyber security in IoT-based smart grids is important for design decisions and future risk analysis efforts. In this article, we explore a smart grid use case on automatic voltage control—a use case utilizing 5G as a wireless communication infrastructure with edge support. We identify the benefits 5G brings to several security aspects, and show how 5G security techniques are applicable to the smart grid, thus providing a foundation for future security analysis of 5G enabled smart grid systems. Future research should extend this work to additional smart grid use cases.
Article
Numerous vertical platforms are emerging as the backbone of the Internet of Things; these platforms are tailored to a particular use case and typically adopt their own communications, device, and resource management protocols. A unified and secure sharing and access to sensing/actuating resources is made possible via interoperability across IoT platforms, which is becoming more important as the need for cross-domain IoT applications and services grows. This position paper discusses where the Internet of Things (IoT) is at the moment, what potential exist for its sustainable expansion, and what obstacles must be overcome. The goals and vision of the H2020 symbIoTe project are outlined in this context; symbIoTe seeks to facilitate interoperability between IoT platforms by providing a malleable interoperability framework that permits i) cooperation between vertical IoT platforms, ii) the formation of IoT-platform federations for resource sharing, and iii) the development of innovative cross-domain applications by independent developers.
Chapter
Power analysis has long been used to tell apart different instructions running on the same machine. In this work, we show that it is also possible to use power consumption to tell apart different machines running the same instructions, even if these machines have entirely identical hardware and software configurations, and even if the power consumption measurements are carried out using low-rate software-based methods. We collected an extended dataset of power consumption traces from 291 desktop and server systems, spanning multiple processor generations and vendors (Intel and AMD). After analyzing them, we discovered that profiling the power consumption of individual assembly instructions makes it possible to create a fingerprinting agent that can identify individual machines with high accuracy. Our classifier approaches its peak accuracy after less than 10 instructions, meaning that the fingerprint can take a very short time to capture. We analyzed the stability of the fingerprint over time and discovered that, while it remains relatively stable, it is significantly affected by temperature changes. We also carried out a proof-of-concept evaluation using portable WebAssembly code, showing that our method can still be applied, albeit at a reduced accuracy, without using native instructions for the profiling step. Our method depends on the ability to measure power, which is currently restricted to high-privileged “ring 0” code on modern PCs. This limits the current use of our method to defense-only settings, such as strengthening authentication or anti-counterfeiting. Our tools and datasets are publicly released as an open-source repository. Our work highlights the importance of protecting power consumption measurements from unauthorized access. KeywordsSide ChannelFingerprintingPUFWebAssembly
Article
Full-text available
The internet of things (IoT) is an expertise that has the measurements to rebel lionise the method that we living, in subdivisions reaching from carriage to health, from entertaining to our connections with government. This imaginary chance also offerings a number of important challenges. The growth in the number of devices and the speed of that growth offering challenge to the security. and it is the freedoms as we clash to development of the policy and standard. it governance the shape of the growth without stifling novelty. Security and privacy deliberations and tests that untruth gaining are deliberated together usually and in the setting of these requests. Wireless communication networks are highly prone to security threats. The major applications of these communication networks are military, business and healthcare etc. also it is beneficial in the healthcare, retail, transport etc. these systems are used in the wired , cellular and system networks. Wireless sensor networks vehicular networks and actuators networks are received a great importance in the social life as well as in the industries, in recent years the IOT has received a considerations research attention. The iot ids considered as a future of the internet. in a head years iot will play a big role in Daly requirement send it will change our living styles and standard. It will change the business models to.The use of iot in the different applications is rise rapidly in the future. And it will be useful in all evinces in coming years. The iot allows a various devices and people and services to connect with the other devices to connect with the other devices for exchange the information. Due to increased usage of iot devices the iot networks are prone to various attacks. The development of efficiency security and privacy protocols in iot is extremely need to ensure the confidence and authentication and control access in other. In this paper a study of security and privacy is iot networks is provided.
Article
Full-text available
This paper presents a new silicon physical unclonable function (PUF) based on a transient effect ring oscillator (TERO). The proposed PUF has state of the art PUF characteristics with a good ratio of PUF response variability to response length. Unlike RO-PUF, it is not sensitive to the locking phenomenon, which challenges the use of ring oscillators for the design of both PUF and TRNG. The novel architecture using differential structures guarantees high stability of the TERO-PUF. The area of the TERO-PUF is relatively high, but is still comparable with other PUF designs. However, since the same piece of hardware can be used for both PUF and random number generation, the proposed principle offers an interesting low area mixed solution.
Conference Paper
Full-text available
True random number generators (TRNGs) are significant piece of hardware security that are used to generate secret keys, initial values or random masks for counter measures against side-channel attacks. Thus the security of implementation in hardware of such block is crucial. The work presented in this paper show that it is possible to find information on a TRNG using its electromagnetic radiations. The proposed analysis is suitable to retrieve information on the localization, oscillator frequency and sampling frequency of the TRNG
Chapter
Full-text available
The idea of using intrinsic random physical features to identify objects, systems, and people is not new. Fingerprint identification of humans dates at least back to the nineteenth century [21] and led to the field of biometrics. In the 1980s and 1990s of the twentieth century, random patterns in paper and optical tokens were used for unique identification of currency notes and strategic arms [2, 8, 53]. A formalization of this concept was introduced in the very beginning of the twenty-first century, first as physical one-way functions [41, 42], physical random functions [13], and finally as physical(ly) unclonable functions or PUFs.1 In the years following this introduction, an increasing number of new types of PUFs were proposed, with a tendency toward more integrated constructions. The practical relevance of PUFs for security applications was recognized from the start, with a special focus on the promising properties of physical unclonability and tamper evidence.
Conference Paper
Full-text available
In recent years, IP protection of FPGA hardware designs has become a requirement for many IP vendors. In [34], Simpson and Schaumont proposed a fundamentally different approach to IP protection on FPGAs based on the use of Physical Unclonable Functions (PUFs). Their work only assumes the existence of a PUF on the FPGAs without actually proposing a PUF construction. In this paper, we propose new protocols for the IP protection problem on FPGAs and provide the first construction of a PUF intrinsic to current FPGAs based on SRAM memory randomness present on current FPGAs. We analyze SRAM-based PUF statistical properties and investigate the trade offs that can be made when implementing a fuzzy extractor.
Conference Paper
Full-text available
IP protection of hardware designs is the most important requirement for many FPGA IP vendors. To this end, various solutions have been proposed by FPGA manufacturers based on the idea of bitstream encryption. An alternative solution was advocated in (E. Simpson and P. Schaumont, 2006). Simpson and Schaumont proposed a new approach based on physical unclonable functions (PUFs) for IP protection on FPGAs. PUFs are a unique class of physical systems that extract secrets from complex physical characteristics of the integrated circuits which along with the properties of unclonability provide a highly secure means of generating volatile secret keys for cryptographic operations. However, the first practical PUF on an FPGA was proposed only later in (J. Guajardo et al., 2007) based on the startup values of embedded SRAM memories which are intrinsic in some of the current FPGAs. The disadvantage of these intrinsic SRAM PUFs is that not all FPGAs support uninitialized SRAM memory. In this paper, we propose a new PUF structure called the butterfly PUF that can be used on all types of FPGAs. We also present experimental results showing their identification and key generation capabilities.
Conference Paper
This paper describes a framework that allows fine-grained and flexible access control to connected devices with very limited processing power and memory. We propose a set of security and performance requirements for this setting and derive an authorization framework distributing processing costs between constrained devices and less constrained back-end servers while keeping message exchanges with the constrained devices at a minimum. As a proof of concept we present performance results from a prototype implementing the device part of the framework.
Article
The term “Internet-of-Things” is used as an umbrella keyword for covering various aspects related to the extension of the Internet and the Web into the physical realm, by means of the widespread deployment of spatially distributed devices with embedded identification, sensing and/or actuation capabilities. Internet-of-Things envisions a future in which digital and physical entities can be linked, by means of appropriate information and communication technologies, to enable a whole new class of applications and services. In this article, we present a survey of technologies, applications and research challenges for Internet-of-Things.
Conference Paper
To validate the effectiveness of a Physical Unclonable Function (PUF), it needs to be characterized over a large population of chips. Though simulation methods can provide approximate results, an on-chip experiment produces more accurate result. In this paper, we characterize a PUF based on ring oscillator (RO) using a significantly large population of 125 FPGAs. We analyze the experimental data using a ring oscillator loop delay model, and quantify the quality factors of a PUF such as uniqueness and reliability. The RO-PUF shows an average inter-die Hamming distance of 47.31%, and an average intra-die Hamming distance of 0.86% at normal operating condition. Additionally, we intend to make this large RO frequency dataset available publicly for the research community.
Article
SUMMARY This paper describes a technique to reliably and securely identify individual integrated circuits (ICs) based on the precise measurement of circuit delays and a simple challenge-response protocol. This technique could be used to produce key-cards that are more difficult to clone than ones involving digital keys on the IC. We consider potential venues of attack against our system, and present candidate implementations. Experiments on Field Programmable Gate Arrays show that the technique is viable, but that our current implementations could require some strengthening before it can be considered as secure. Copyright c
Article
Modern cryptography relies on algorithmic one-way functions - numerical functions which are easy to compute but very difficult to invert. This dissertation introduces physical one-way firnctions and physical one-way hash functions as primitives for physical analogs of cryptosystems. Physical one-way functions are defined with respect to a physical probe and physical system in some unknown state. A function is called a physical one-way function if (a) there exists a deterministic physical interaction between the probe and the system which produces an output in constant time (b) inverting the function using either computational or physical means is difficult (c) simulating the physical interaction is computationally demanding and (d) the physical system is easy to make but difficult to clone. Physical one-way hash functions produce fixed-length output regardless of the size of the input. These hash functions can be obtained by sampling the output of physical one-way functions. For the system described below, it is shown that there is a strong correspondence between the properties of physical one-way hash functions and their algorithmic counterparts. In particular, it is demonstrated that they are collision-resistant and that they exhibit the avalanche effect, i.e., a small change in the physical system causes a large change in the hash value. An inexpensive prototype authentication system based on physical one-way hash functions is designed, implemented, and analyzed.