806 research outputs found
Rechained: Sybil-Resistant Distributed Identities for the Internet of Things and Mobile Ad Hoc Networks
Today, increasing Internet of Things devices are deployed, and the field of applications for decentralized, self-organizing networks keeps growing. The growth also makes these systems more attractive to attackers. Sybil attacks are a common issue, especially in decentralized networks and networks that are deployed in scenarios with irregular or unreliable Internet connectivity. The lack of a central authority that can be contacted at any time allows attackers to introduce arbitrary amounts of nodes into the network and manipulate its behavior according to the attacker’s goals, by posing as a majority participant. Depending on the structure of the network, employing Sybil node detection schemes may be difficult, and low powered Internet of Things devices are usually unable to perform impactful amounts of work for proof-of-work based schemes. In this paper, we present Rechained, a scheme that monetarily disincentivizes the creation of Sybil identities for networks that can operate with intermittent or no Internet connectivity. We introduce a new revocation mechanism for identities, tie them into the concepts of self-sovereign identities, and decentralized identifiers. Case-studies are used to discuss upper- and lower-bounds for the costs of Sybil identities and, therefore, the provided security level. Furthermore, we formalize the protocol using Colored Petri Nets to analyze its correctness and suitability. Proof-of-concept implementations are used to evaluate the performance of our scheme on low powered hardware as it might be found in Internet of Things applications
Robustness Enhanced Sensor Assisted Monte Carlo Localization for Wireless Sensor Networks and the Internet of Things
Formalizing and Safeguarding Blockchain-Based BlockVoke Protocol as an ACME Extension for Fast Certificate Revocation
Certificates are integral to the security of today’s Internet. Protocols like BlockVoke allow secure, timely and efficient revocation of certificates that need to be invalidated. ACME, a scheme used by the non-profit Let’s Encrypt Certificate Authority to handle most parts of the certificate lifecycle, allows automatic and seamless certificate issuance. In this work, we bring together both protocols by describing and formalizing an extension of the ACME protocol to support BlockVoke, combining the benefits of ACME’s certificate lifecycle management and BlockVoke’s timely and secure revocations. We then formally verify this extension through formal methods such as Colored Petri Nets (CPNs) and conduct a risk and threat analysis of the ACME/BlockVoke extension using the ISSRM domain model. Identified risks and threats are mitigated to secure our novel extension. Furthermore, a proof-of-concept implementation of the ACME/BlockVoke extension is provided, bridging the gap towards deployment in the real world
Formalizing the Blockchain-Based BlockVoke Protocol for Fast Certificate Revocation Using Colored Petri Nets
Protocol flaws such as the well-known Heartbleed bug, security and privacy issues or incomplete specifications, in general, pose risks to the direct users of a protocol and further stakeholders. Formal methods, such as Colored Petri Nets (CPNs), facilitate the design, development, analysis and verification of new protocols; the detection of flaws; and the mitigation of identified security risks. BlockVoke is a blockchain-based scheme that decentralizes certificate revocations, allows certificate owners and certificate authorities to revoke certificates and rapidly distributes revocation information. CPNs in particular are well-suited to formalize blockchain-based protocols—thus, in this work, we formalize the BlockVoke protocol using CPNs, resulting in a verifiable CPN model and a formal specification of the protocol. We utilize an agent-oriented modeling (AOM) methodology to create goal models and corresponding behavior interface models of BlockVoke. Subsequently, protocols semantics are defined, and the CPN models are derived and implemented using CPN Tools. Moreover, a full state-space analysis of the resulting CPN model is performed to derive relevant model properties of the protocol. The result is a complete and correct formal BlockVoke specification used to guide future implementations and security assessments
Smart RFID application in health care: Using RFID technology for smart inventory and logistic systems in hospitals
In today\u27s hospital environments, many medical devices and tools are used. While some of these will be stationary due to size and bulk, many devices can also be moved from room to room. To facilitate an efficiently running hospital environment and protect expensive devices from being lost, it is important to keep track of the whereabouts of every medical device or utensil. We propose an RFID based system with a smartphone application based frontend for tracking the locations of medical devices and utensils in a hospital environment, both enabling medical professionals to quickly locate required devices as well as allowing hospital administration to keep track of when and where devices leave hospital premises, optionally alerting security after a configurable grace period. In addition to this, our proposed application allows doctors and other medical personnal to reserve equipment and rooms such as examination or operating rooms and to easily find which rooms or pieces of equipment are available at a given time. This reduces administrative overhead and allows a smoother operation of the hospital, where efficiency is needed not only for the sake of profits but also to ensure the continued well-being of patients
A Security Aware Fuzzy Enhanced Ant Colony Optimization Routing in Mobile Ad hoc Networks
Secure and Authenticated Data Communication in Wireless Sensor Networks
Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our testbed of IRISmotes
Unchained Identities: Putting a Price on Sybil Nodes in Mobile Ad Hoc Networks
As mobile ad hoc networks (MANETs) and similar decentralized, self-organizing networks grow in number and popularity, they become worthwhile targets for attackers. Sybil attacks are a widespread issue for such networks and can be leveraged to increase the impact of other attacks, allowing attackers to threaten the integrity of the whole network. Authentication or identity management systems that prevent users from setting up arbitrary numbers of nodes are often missing in MANETs. As a result, attackers are able to introduce nodes with a multitude of identities into the network, thereby controlling a substantial fraction of the system and undermining its functionality and security. Additionally, MANETs are often partitioned and lack Internet access. As a result, implementing conventional measures based on central authorities is difficult. This paper fills the gap by introducing a decentralized blockchain-based identity system called Unchained. Unchained binds identities of nodes to addresses on a blockchain and economically disincentivizes the production of spurious identities by raising the costs of placing large numbers of Sybil identities in a network. Care is taken to ensure that circumventing Unchained results in costs similar or higher than following the protocol. We describe an offline verification scheme, detail the functionalities of the concept, discuss upper- and lower-bounds of security guarantees and evaluate Unchained based on case-studies
- …
