No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Ultra Light-weight Encryption for Securing D2D Communication of ESP8266 IoT devices in Wireless Mesh Networks
Abstract
System-on-chip (SoC) design is extensively used in the Internet of Things (IoT) devices, cyber-physical systems, and embedded systems. However, due to the increasing complexity of on-chip components and the long supply chain, SoC devices, such as ESP8266 IoT devices, are vulnerable to numerous cyber-attacks. Consequently, developing and implementing security solutions for protecting these devices and their Device-to-Device (D2D) communications is increasingly becoming crucial. For the first time, this paper presents and investigates securing D2D communication of limited resources ESP8266 IoT devices in Wireless Mesh Network(WMN) using ultra light-weight encryption algorithms, including Speck Small and Diffie-Hellman key exchange using Curve 25519. This is important for protecting these limited-resources devices' data confidentiality and integrity in critical applications. The experiment results prove that Speck Small and Curve25519 are more efficient than other core algorithms in computation time, demonstrating their suitability for ESP8266 IoT devices in WMN.
ResearchGate has not been able to resolve any citations for this publication.
Wireless mesh network (WMN) is a type of self-healing, self-configuration, and peer-to-peer wireless network. Without expensive and fixed base stations, WMN can be established fast, easily, and flexibly at a low cost. The convenience and flexibility of establishing WMN brings a wide range of applications. The request of high bandwidth, high coverage and high transmission rate can be satisfied. Current research on WMN involves routing, resource allocation, mobility control, security and so on. With the increasing concern of green communication, improving energy efficiency is more and more important nowadays. As energy harvesting can overcome energy constraints and extend the network lifetime, it has attracted the great attention from many researchers when designing network. Further, WMN is an important networking mode in next-generation communication to guarantee the quality of service and reduce the networking complexity. Due to such importance, a survey of the research and development in WMN including the future research direction and opportunities is given in this paper.
While achieving security for Industrial Internet of Things (IIoT) is a critical and non-trivial task, more attention is required for brownfield IIoT systems. This is a consequence of long life cycles of their legacy devices which were initially designed without considering security and IoT connectivity, but they are now becoming more connected and integrated with emerging IoT technologies and messaging communication protocols. Deploying today’s methodologies and solutions in brownfield IIoT systems is not viable, as security solutions must co-exist and fit these systems’ requirements. This necessitates a realistic standardized IIoT testbed that can be used as an optimal format to measure the credibility of security solutions of IIoT networks, analyze IIoT attack landscapes and extract threat intelligence. Developing a testbed for brownfield IIoT systems is considered a significant challenge as these systems are comprised of legacy, heterogeneous devices, communication layers and applications that need to be implemented holistically to achieve high fidelity. In this paper, we propose a new generic end-to-end IIoT security testbed, with a particular focus on the brownfield system and provide details of the testbed’s architectural design and the implementation process. The proposed testbed can be easily reproduced and reconfigured to support the testing activities of new processes and various security scenarios. The proposed testbed operation is demonstrated on different connected devices, communication protocols and applications. The experiments demonstrate that this testbed is effective in terms of its operation and security testing. A comparison with existing testbeds, including a table of features is provided.
Lightweight cryptography (LWC) is an interesting research area in the field of information security. Some limitations like: increased components usage, time consumption, power consumption and memory requirement mandate the need for lightweight cryptography. One of the proposed algorithms in this field is Speck which was designed by the National Security Agency (NSA) in June 2013. In this paper, we propose a new ultra-lightweight cryptographic algorithm based on Speck known as Speck-R. Speck-R is a hybrid cipher, combining ARX architecture with a dynamic substitution layer. The novelty in this paper resides in adding a key-dynamic substitution layer that changes according to a dynamic key. With this modification, the number of rounds can be reduced from 26 (in Speck) to 7 (in Speck-R). Thus, the main contribution of this paper consists in reducing the execution time of Speck by at least 18% on limited devices to reach a reduction of 77% while keeping a high level of security. To backbone Speck-R’s security, different security and statistical tests are exerted on Speck-R. In addition, a real hardware implementation on three different famous IoT devices is also presented where Speck-R outperformed Speck in terms of execution times. Finally, extensive tests show that Speck-R possesses the necessary criteria to be considered as a good cipher scheme that is suitable for lightweight devices. Keywords Security · Encryption · Internet of Things · Cryptography · Randomness · Confusion
Due to suppression of central administration in WMN, network functioning like network controls, management, routing, switching, packet forwarding etc. are distributed among nodes, either collectively or individually. So, cooperation among nodes is highly solicited. However, there may exist node's malicious activities because of its open characteristics and limited available battery power. The nodes may misbehave by refusing to provide service or dropping down the packets because of its selfishness and malicious activity. The identification of misbehaving nodes and prevention from them can be one of the biggest challenges. Hence, the prime target of the chapter is to provide an overview of existing intrusion detection and prevention approaches,
Existing WiFi mesh networks are usually implemented on high-end or PC grade platforms. However, the open source community has been recently developing a unique mesh network library targeted for the low-cost and resource limited ESP8266 platform. The so called painlessMesh library enables two or more ESP8266 modules to self-configure and to form a WiFi mesh network. This might open up new potential for the ESP8266 to be used in wider application areas. The library is in an early development stage and not much is known about its performance. Therefore, this paper aims to evaluate to what extent the ESP8266 painlessMesh network can perform, in terms of one-way delay and data rate. Measurements showed that a 2-node network has a delay of 2.49 ms. A network consisting of higher number of nodes tends to have an increased network delay even for the same hop distance. Meanwhile, data rate measurements showed that for the case of 10-byte payload a node can receive up to 461 messages/sec. Whereas for payload of 4400 bytes, the node can receive up to 28 messages/sec. Furthermore, it can be reported that payload greater than 4400 bytes starts causing incomplete and erroneous messages.
With the advent of smart homes, smart cities, and smart everything, the Internet of Things (IoT) has emerged as an area of incredible impact, potential, and growth, with Cisco Inc. predicting to have 50 billion connected devices by 2020. However, most of these IoT devices are easy to hack and compromise. Typically, these IoT devices are limited in compute, storage, and network capacity, and therefore they are more vulnerable to attacks than other endpoint devices such as smartphones, tablets, or computers. In this paper, we present and survey major security issues for IoT. We review and categorize popular security issues with regard to the IoT layered architecture, in addition to protocols used for networking, communication, and management. We outline security requirements for IoT along with the existing attacks, threats, and state-of-the-art solutions. Furthermore, we tabulate and map IoT security problems against existing solutions found in the literature. More importantly, we discuss, how blockchain, which is the underlying technology for bitcoin, can be a key enabler to solve many IoT security problems. The paper also identifies open research problems and challenges for IoT security.
Elliptic curve cryptography (ECC) has become the predominant asymmetric cryptosystem found in most devices during the last years. Despite significant progress in efficient implementations, computations over standardized elliptic curves still come with enormous complexity, in particular when implemented on small, embedded devices. In this context, Bernstein proposed the highly efficient ECC instance Curve25519 that was shown to achieve new ECC speed records in software providing a high security level comparable to AES with 128-bit key. These very tempting results from the software domain have led to adoption of Curve25519 by several security-related applications, such as the NaCl cryptographic library or in anonymous routing networks (nTor). In this work we demonstrate that even better efficiency of Curve25519 can be realized on reconfigurable hardware, in particular by employing their Digital Signal Processor blocks (DSP). In a first proposal, we present a DSP-based single-core architecture that provides high-performance despite moderate resource requirements. As a second proposal, we show that an extended architecture with dedicated inverter stage can achieve a performance of more than 32,000 point multiplications per second on a (small) Xilinx Zynq 7020 FPGA. This clearly outperforms speed results of any software-based and most hardware-based implementations known so far, making our design suitable for cheap deployment in many future security applications.
Wireless Mesh Networks are considered as a promising solution for offering low-cost access to broadband services. However, one of the main challenges in the design of these networks is their vulnerability to security attacks. In this paper, we analyze the fundamental security challenges and constraints of these networks, classify several possible attacks, and survey several intrusion prevention, detection, and response mechanisms found in the literature. Copyright (c) 2013 John Wiley & Sons, Ltd.
Wireless mesh network (WMN) is a new wireless networking paradigm. Unlike traditional wireless networks, WMNs do not rely on any fixed infrastructure. Instead, hosts rely on each other to keep the network connected. Wireless Internet service providers are choosing WMNs to offer Internet connectivity, as it allows a fast, easy and inexpensive network deployment. One main challenge in design of these networks is their vulnerability to security attacks. In this paper, we investigate the principal security issues for WMNs. We study the threats a WMN faces and the security goals to be achieved. We identify the new challenges and opportunities posed by this new networking environment and explore approaches to secure its communication.
In the previous chapter, you learned about various communication protocols and successfully built a working application using MQTT broker. But what if you wanted to connect your appliances wirelessly and have the Raspberry Pi be the central computer/broker? When you have many appliances to control, you need a node system in which appliances can connect wirelessly.
Network administrators employ several security mechanisms to protect data in the network from unauthorized access and various threats. The security mechanisms enhance the usability and integrity of the network. The design aspects of the network security mechanism involve both hardware and software technologies. The application domains of security mechanisms cover both public and private computer networks which are used in everyday jobs for conducting transactions and communications among business partners, government agencies, enterprises and individuals. The network security schemes vary depending on the types of the network, that is, public or private, wired or wireless. Data security includes encryption, tokenization, and key management practices in protecting data across all applications and platforms. The antivirus and antimalware software are also part of network security for protection from malware such as spyware, ransomware, trojans, worms, and viruses. Cryptography is an automated mathematical tool that plays a vital role in network security. It assures the confidentiality and integrity of data as well as provides authentication and non-repudiation to the users. This chapter primarily focuses on cryptography techniques and their role in preserving the network security. The cryptography technique consists of encryption and decryption algorithms. The encryption algorithms perform scrambling of ordinary text and generate an unreadable format for the third party known as ciphertext. The original data is restructured by the intended receiver using decryption algorithms. The cryptographic techniques are broadly classified into three categories namely symmetric-key cryptography, asymmetric-key cryptography and authentication. The cryptographic algorithms that are widely accepted are outlined with their relative advantages and disadvantages. Moreover, recent proficient cryptographic algorithms specific to cloud computing, wireless sensor networks and on-chip-networks are thoroughly discussed that provide a clear view about acquiring secure communication in the network using cryptography.
Internet of Things (IoT) is an ecosystem of connected edge devices that are accessible through the internet. Recent research focusses on adding more smartness and intelligence to these edge devices making them susceptible to various kinds of security threats. These edge devices rely on cryptographic techniques to encrypt the pre-processed data collected from the sensors deployed in the field. Since the edge devices are resource constrained, low-cost implementations of cryptographic algorithms are desirable. This work proposes a novel low-cost implementation of a versatile symmetric encryption algorithm namely Advanced Encryption Standard (AES) using time-multiplexed architectures for edge devices. The optimization is carried out in a four-fold manner on AES encryption/decryption hardware based on the resource sharing mechanism with a modified Substitution box achieving a maximum of 1.053GHz operating frequency. The aim of this work is to develop an area-power efficient AES architecture with a reasonable throughput suitable for resource constrained applications. The proposed architectures are synthesized on a Virtex-6 FPGA board and the ASIC performance results are obtained using 180nm SCL technology library. Implementation results of the proposed AES core integrated with an UART module are shown as a proof of concept.
This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and state-of-the-art timing-attack protection), more than twice as fast as other authors’ results at the same conjectured security level (with or without the side benefits).KeywordsDiffie-Hellmanelliptic curvespoint multiplicationnew curvenew softwarehigh conjectured securityhigh speedconstant timeshort keys
A security researcher found wi-fi vulnerabilities that have existed since the beginning
- M Clark
M. Clark, "A security researcher found wi-fi vulnerabilities that have existed since the beginning," May 2021.
[Online]. Available: https://www.theverge.com
Practical secretkey generation by full-duplex nodes with residual selfinterference
- H Vogt
- K Ramm
- A Sezgin
H. Vogt, K. Ramm, and A. Sezgin, "Practical secretkey generation by full-duplex nodes with residual selfinterference," in WSA 2016; 20th International ITG
Workshop on Smart Antennas. VDE, 2016, pp. 1-5.
[14] "2020
unit
42
iot
threat
report,"
Accessed
:
December,
2021.
[Online].
Practical Secret-Key Generation by Full-Duplex Nodes with Residual Self-Interference
- vogt
Wireless Mesh Networks-Security, Architectures and Protocols
- J R Parvin
J. R. Parvin, "An overview of wireless mesh networks,"
Wireless Mesh Networks-Security, Architectures and Protocols, 2019.