Lightweight Security Scheme for Vehicle Tracking System Using CoAP

Slides:

Advertisements

Similar presentations

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Advertisements

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Secure Socket Layer.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

IEEE Wireless Local Area Networks (WLAN’s).

Secure Group Communications in Wireless Sensor Networks December 8, 2003 CS 526 Advance Internet and Web Systems Patrick D. Cook.

OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author : Baohua Yang, Xiang Wang, Yibo Xue, Jun Li Publisher : th.

Azam Supervisor : Prof. Raj Jain

Early Detection of DDoS Attacks against SDN Controllers

Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:

LOP_RE: Range Encoding for Low Power Packet Classification Author: Xin He, Jorgen Peddersen and Sri Parameswaran Conference : IEEE 34th Conference on Local.

K. Salah1 Security Protocols in the Internet IPSec.

Cryptography CSS 329 Lecture 13:SSL.

Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,

Lightweight security protocols for the IoT

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH

JA-trie: Entropy-Based Packet Classiﬁcation Author: Gianni Antichi, Christian Callegari, Andrew W. Moore, Stefano Giordano, Enrico Anastasi Conference.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Emerging Solutions in Network Time Synchronization Security

Executive Director and Endowed Chair

The Secure Sockets Layer (SSL) Protocol

Authentication and handoff protocols for wireless mesh networks

Developing IoT endpoints with mbed Client

System Design of Internet-of-Things for Residential Smart Grid

Secure Sockets Layer (SSL)

UNIT.4 IP Security.

2018/6/26 An Energy-efficient TCAM-based Packet Classification with Decision-tree Mapping Author: Zhao Ruan, Xianfeng Li , Wenjun Li Publisher: 2013.

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

Cryptography and Network Security Chapter 16

2018/11/19 Source Routing with Protocol-oblivious Forwarding to Enable Efficient e-Health Data Transfer Author: Shengru Li, Daoyun Hu, Wenjian Fang and.

SPINS: Security Protocols for Sensor Networks

Virtual Private Networks (VPN)

Web Security (TRANSPORT-LEVEL SECURITY)

Web Security (TRANSPORT-LEVEL SECURITY)

Security Of Wireless Sensor Networks

The University of Adelaide, School of Computer Science

2019/1/1 High Performance Intrusion Detection Using HTTP-Based Payload Aggregation 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Author: Felix.

The Secure Sockets Layer (SSL) Protocol

SPINS: Security Protocols for Sensor Networks

Chinese wall model in the internet Environment

Security of Wireless Sensor Networks

Advanced Computer Networks

2019/5/10 A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Author: Tejmani Sinam, Irengbam Tilokchan Singh,

Published in 2016 International Computer Symposium (ICS) Authors

Security at the Transport Layer

2019/7/26 OpenFlow-Enabled User Traffic Profiling in Campus Software Defined Networks Presenter: Wei-Li,Wang Date: 2016/1/4 Author: Taimur Bakhshi and.

Cryptography and Network Security

MESSAGE ACCESS AGENT: POP AND IMAP

Counter With Cipher Block Chaining-MAC

Presentation transcript:

Lightweight Security Scheme for Vehicle Tracking System Using CoAP Published in ASPI’13 Proceedings of the International Workshop on Adaptive Security Article No.3. (2013) UbiComp Conference. Authors Arijit Ukil, Soma Bandyopadhyay, Abhijan Bhattacharyya, Arpan Pal Presenter: Chao-Chun, Sung Date: 107/11/14 Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan, Taiwan, R.O.C.

Computer & Internet Architecture Lab Introduction We endeavor to embed a low overhead security mechanism consisting of both authentication with integrated key management and encryption on CoAP(Constrained Application Protocol). Our proposed security scheme leverages the request-response layer of CoAP. A novel approach is designed to enable secure mode of CoAP by introducing a unique option in CoAP header. It further adapts handshaking level of its secure channel depending on the state of vehicle (like moving fast, moving slowly, at rest etc.). 提出一個類似HTTP/TCP設計，但是屬於輕量版的HTTP/UDP，使得其有利於感測節點進行網路傳輸 CoAP是主從(Client/Server)架構，感測節點多半為CoAP Server提供資源，由CoAP Client請求讀取/控制資源狀態。CoAP使用UDP 對於資料是否要重傳或傳送順序(Reordering) 全交由上層應用層來決定，對於資源有限的MCU則不需要有完整TCP/IP協定實作。而CoAP同HTTP一樣具有REST(Representational State Transfer)設計風格，也支援GET/PUT/POST/DELETE及URIs的請求方式。 CoAP採用二進位整數格式且封包標頭4 個byte而非HTTP使用字串格式(ASCII code)，所以封包傳送時的額外負擔小且不必像HTTP一樣得進行耗時的字串解析處理。 Computer & Internet Architecture Lab CSIE NCKU

Computer & Internet Architecture Lab Related work Web-enablement of constrained sensor and gateways using traditional HTTP based protocol would be unsustainable and non- scalable. CoAP is established as candidate lightweight protocol for Internet connectivity of such energy-constrained sensors. The trend of using security scheme for sensor devices is based on symmetric key. Computer & Internet Architecture Lab CSIE NCKU

Computer & Internet Architecture Lab System Architecture Computer & Internet Architecture Lab CSIE NCKU

Threat Model And Security Engineering Computer & Internet Architecture Lab CSIE NCKU

Authentication Mechanism(1/) Our proposed security solution is symmetric key based authentication with integrated key management. Exchanged symmetric key is used with AES 128 CBC (Cipher Block Chaining) mode. At the time of provisioning of a sensor gateway and server a unique secret is pre-shared, which in our case is considered as hardcoded with the device at the time of manufacturing and deployment. Computer & Internet Architecture Lab CSIE NCKU

Authentication Mechanism(2/) Computer & Internet Architecture Lab CSIE NCKU

Authentication Mechanism(3/) In order to secure the authentication scheme against the threats described earlier, we propose nonce based authentication-key management. Computer & Internet Architecture Lab CSIE NCKU

Authentication Mechanism(4/) Computer & Internet Architecture Lab CSIE NCKU

Authentication Mechanism(5/) Computer & Internet Architecture Lab CSIE NCKU

Authentication Mechanism(6/) Computer & Internet Architecture Lab CSIE NCKU

Authentication Mechanism(7/) Computer & Internet Architecture Lab CSIE NCKU

Security Analysis(1/)

Computer & Internet Architecture Lab Security Analysis(2/) Computer & Internet Architecture Lab CSIE NCKU

Computer & Internet Architecture Lab Security Analysis(3/) https://www.zhihu.com/question/37203836 https://en.wikipedia.org/wiki/Advantage_(cryptography) Computer & Internet Architecture Lab CSIE NCKU

Security Analysis(4/) Nonces are generally generated using larger length random number generation (RNG) to minimize collision attack. However, in practice, true RNG is difficult to find. Uses a pseudo random number generation (PRNG) appended with a timer(counter).

Embedding Authentication(1/) ‘AUTH’ uses an unused option indicating a critical option class. Along with ‘AUTH’ one more option ‘AUTH_MSG_TYPE’ is introduced to indicate different messages for establishing an authentication session Computer & Internet Architecture Lab CSIE NCKU

Embedding Authentication(2/) Computer & Internet Architecture Lab CSIE NCKU

Embedding Authentication(3/) Computer & Internet Architecture Lab CSIE NCKU

Embedding Authentication(4/) Computer & Internet Architecture Lab CSIE NCKU

Embedding Authentication(5/) Computer & Internet Architecture Lab CSIE NCKU

Embedding confidentiality Payload consists of following fields: <vehicle ID, Route ID, Lat, Long, Time Stamp, Accelerometer Data> Computer & Internet Architecture Lab CSIE NCKU

Experimental Results And Analysis We consider stringent wireless network condition with 9.6KBps data rate and three types of packet loss: 0%, 10% and 20%. Computer & Internet Architecture Lab CSIE NCKU