Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lightweight Security Scheme for Vehicle Tracking System Using CoAP

Published byLőrinc Balla Modified over 5 years ago

Similar presentations

Presentation on theme: "Lightweight Security Scheme for Vehicle Tracking System Using CoAP"— Presentation transcript:

1 Lightweight Security Scheme for Vehicle Tracking System Using CoAP
Published in ASPI’13 Proceedings of the International Workshop on Adaptive Security Article No.3. (2013) UbiComp  Conference. Authors Arijit Ukil, Soma Bandyopadhyay, Abhijan Bhattacharyya, Arpan Pal Presenter: Chao-Chun, Sung Date: 107/11/14 Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan, Taiwan, R.O.C.

2 Computer & Internet Architecture Lab
Introduction We endeavor to embed a low overhead security mechanism consisting of both authentication with integrated key management and encryption on CoAP(Constrained Application Protocol). Our proposed security scheme leverages the request-response layer of CoAP. A novel approach is designed to enable secure mode of CoAP by introducing a unique option in CoAP header. It further adapts handshaking level of its secure channel depending on the state of vehicle (like moving fast, moving slowly, at rest etc.). 提出一個類似HTTP/TCP設計,但是屬於輕量版的HTTP/UDP,使得其有利於感測節點進行網路傳輸 CoAP是主從(Client/Server)架構,感測節點多半為CoAP Server提供資源,由CoAP Client請求讀取/控制資源狀態。CoAP使用UDP 對於資料是否要重傳或傳送順序(Reordering) 全交由上層應用層來決定,對於資源有限的MCU則不需要有完整TCP/IP協定實作。而CoAP同HTTP一樣具有REST(Representational State Transfer)設計風格,也支援GET/PUT/POST/DELETE及URIs的請求方式。 CoAP採用二進位整數格式且封包標頭4 個byte而非HTTP使用字串格式(ASCII code),所以封包傳送時的額外負擔小且不必像HTTP一樣得進行耗時的字串解析處理。 Computer & Internet Architecture Lab CSIE NCKU

3 Computer & Internet Architecture Lab
Related work Web-enablement of constrained sensor and gateways using traditional HTTP based protocol would be unsustainable and non- scalable. CoAP is established as candidate lightweight protocol for Internet connectivity of such energy-constrained sensors. The trend of using security scheme for sensor devices is based on symmetric key. Computer & Internet Architecture Lab CSIE NCKU

4 Computer & Internet Architecture Lab
System Architecture Computer & Internet Architecture Lab CSIE NCKU

5 Threat Model And Security Engineering
Computer & Internet Architecture Lab CSIE NCKU

6 Authentication Mechanism(1/)
Our proposed security solution is symmetric key based authentication with integrated key management. Exchanged symmetric key is used with AES 128 CBC (Cipher Block Chaining) mode. At the time of provisioning of a sensor gateway and server a unique secret is pre-shared, which in our case is considered as hardcoded with the device at the time of manufacturing and deployment. Computer & Internet Architecture Lab CSIE NCKU

7 Authentication Mechanism(2/)
Computer & Internet Architecture Lab CSIE NCKU

8 Authentication Mechanism(3/)
In order to secure the authentication scheme against the threats described earlier, we propose nonce based authentication-key management. Computer & Internet Architecture Lab CSIE NCKU

9 Authentication Mechanism(4/)
Computer & Internet Architecture Lab CSIE NCKU

10 Authentication Mechanism(5/)
Computer & Internet Architecture Lab CSIE NCKU

11 Authentication Mechanism(6/)
Computer & Internet Architecture Lab CSIE NCKU

12 Authentication Mechanism(7/)
Computer & Internet Architecture Lab CSIE NCKU

13 Security Analysis(1/)

14 Computer & Internet Architecture Lab
Security Analysis(2/) Computer & Internet Architecture Lab CSIE NCKU

15 Computer & Internet Architecture Lab
Security Analysis(3/) Computer & Internet Architecture Lab CSIE NCKU

16 Security Analysis(4/) Nonces are generally generated using larger length random number generation (RNG) to minimize collision attack. However, in practice, true RNG is difficult to find. Uses a pseudo random number generation (PRNG) appended with a timer(counter).

17 Embedding Authentication(1/)
‘AUTH’ uses an unused option indicating a critical option class. Along with ‘AUTH’ one more option ‘AUTH_MSG_TYPE’ is introduced to indicate different messages for establishing an authentication session Computer & Internet Architecture Lab CSIE NCKU

18 Embedding Authentication(2/)
Computer & Internet Architecture Lab CSIE NCKU

19 Embedding Authentication(3/)
Computer & Internet Architecture Lab CSIE NCKU

20 Embedding Authentication(4/)
Computer & Internet Architecture Lab CSIE NCKU

21 Embedding Authentication(5/)
Computer & Internet Architecture Lab CSIE NCKU

22 Embedding confidentiality
Payload consists of following fields: <vehicle ID, Route ID, Lat, Long, Time Stamp, Accelerometer Data> Computer & Internet Architecture Lab CSIE NCKU

23 Experimental Results And Analysis
We consider stringent wireless network condition with 9.6KBps data rate and three types of packet loss: 0%, 10% and 20%. Computer & Internet Architecture Lab CSIE NCKU

Download ppt "Lightweight Security Scheme for Vehicle Tracking System Using CoAP"

Similar presentations

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Secure Socket Layer.

Secure Socket Layer.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Secure Group Communications in Wireless Sensor Networks December 8, 2003 CS 526 Advance Internet and Web Systems Patrick D. Cook.

Secure Group Communications in Wireless Sensor Networks December 8, 2003 CS 526 Advance Internet and Web Systems Patrick D. Cook.
OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.

OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Similar presentations

Ads by Google