UNIVERSITY OF JYVÄSKYLÄ
Dr. Zheng Chang
Department of Mathematical Information Technology
Wireless and Internet of
Things (IoT) security
UNIVERSITY OF JYVÄSKYLÄ
Outline
Securing IoT
– Importance of IoT
– Security threats
– From wireless sensor network point-of-view
– Challenges
Wireless (5G) Security
– Fundamentals of wireless communications
– Sensing security
– Transmission security
2
UNIVERSITY OF JYVÄSKYLÄ
IoT: what’s the difference
Low power Low
computing Low storage
Massive connection
Wide deployment
Vulnerability
UNIVERSITY OF JYVÄSKYLÄ
A Security Disaster
HP conducted a security analysis of IoT devices
7
80% had privacy
concerns
80% had poor
passwords
70% lacked encryption
60% had vulnerabilities
in UI
60% had insecure updates
UNIVERSITY OF JYVÄSKYLÄ
IoT: Typical Applications
Wireless Sensor Networks (WSN)
Smart Grid
Smart City
Autonomous Car/Intelligent Transportation
Factory automation
Wearable devices
eHealth
smart home
VR/AR
8
Basically, everything is
expected to be wireless
in future
UNIVERSITY OF JYVÄSKYLÄ
Security Threats in IoT (WSN)
11
The endless variety of IoT applications poses an equally wide variety of security challenges .
Main Concerns:
Security and
privacy of data
UNIVERSITY OF JYVÄSKYLÄ
WSN: Why considered specifically? (1)
12
WSN can consists of thousands of sensor nodes and may be dispersed over a wide area.
Typical sensors are small with limited communication and computing capabilities, and are powered by batteries.
These small sensor nodes are susceptible to many kinds of attacks.
It is impractical to monitor and protect each individual sensor.
UNIVERSITY OF JYVÄSKYLÄ
WSN: Why considered specifically? (2)
A typical sensor with 512 bytes RAM.
Resource for encryption is very limited.
Sophicicated cryptographic solution needs space for keys, lookup tables etc. For example, a typical Advanced Encryption Standard (AES) involves 800 bytes of lookup table.
So lightweight cryotographic schemes are needed for WSN.
13
UNIVERSITY OF JYVÄSKYLÄ
WSN: Threats Types
Outsider vs. Insider
• Nodes from outside of WSN and legitimate nodes behavior unnormally.
Passive vs. Active
• Passive attacks include eavesdropping on or monitoring packets exchanged within a WSN; active attacks involve some modifications of the data steam or the creation of a false stream.
Mote vs. Laptop
• A few nodes with similar capabilities to the network nodes vs. laptop-class attacks, an adversary can use more powerful devices
14
UNIVERSITY OF JYVÄSKYLÄ
WSN: Security Requirement
Availability, • which ensures that the
desired network services are available even in the presence of denial-of-ser-vice attacks
Authorization, • which ensures that only
authorized sensors can be involved in providing information to network services
Authentication,
• which ensures that the communication from one node to another node is genuine, that is, a malicious node cannot masquerade as a trusted network Node
Confidentiality,
• which ensures that a given message cannot be understood by anyone other than the desired recipients
Integrity,
• which ensures that a message sent from one node to another is not modified by malicious intermediate nodes
Nonrepudiation,
• which denotes that a node cannot deny sending a message it has previously sent
Freshness:
• it implies that the data is recent and ensures that no adversary can replay old message
15
UNIVERSITY OF JYVÄSKYLÄ
WSN: Evaluation
Security. Resiliency. Energy
Efficiency
Flexibility.
Fault-tolerance
Self-healing
Assurance Scalability
16
UNIVERSITY OF JYVÄSKYLÄ
WSN: What we can do about it?
Lightweight Cryptographic Algorithms in WSNs
Intrusion Detection
Secure and Trust Routing for WSNs
Efficient Key Management in WSNs
PHY layer security
17
UNIVERSITY OF JYVÄSKYLÄ
WSN: Lightweight Cryptography
Public key cryptography has been considered too
expensive for small sensor nodes, because typical
public key algorithms (e.g., RSA) require extensive
computations and are not suitable for tiny sensors.
The recent implementation of 160-bit elliptic curve
cryptography (ECC) on Atmel ATmega 128 , a CPU
of 8MHz, demonstrates that ECC public key
cryptography is feasible for sensor nodes.
18
N. Gura et al., “Comparing Elliptic Curve Cryptography and RSA on 8-Bit
CPUs,” Proc. 6th Int’l. Wksp. Cryptographic Hardware and Embedded Sys.,
Boston, MA, Aug. 2004.
UNIVERSITY OF JYVÄSKYLÄ
WSN: Secure Routing and Trust Management
By using the attacks above, the adversary can add himself/herself onto the path and thus gain full control of the flow.
The adversary can eavesdrop and modify the data.
The goal of a secure routing protocol is to ensure the integrity, authentication, and availability of messages.
Trust Management can be classified into two categories, – Identity trust is related to verifying the authenticity of an entity
– Behavioral trust deals with a broader notion of the trustworthiness of an entity depending on the context
19
UNIVERSITY OF JYVÄSKYLÄ
WSN: Intrusion Detection
It is easy for an adversary to inject false data into a WSN through the compromised nodes. Authentication and data encryption are not enough for ensuring data security.
An Intrusion Detection System (IDS) monitors for suspicious activity patterns outside normal and expected behavior.
It is based on the assumption that there exists a noticeable difference in the behaviors of an intruder and a legitimate user in the network. IDS are classified into rule-based and anomaly-based systems.
– The rule-based IDSs are used to detect known patterns of intrusions.
– The anomaly-based IDSs are used to detect new or unknown intrusions.
– The rule-based IDS has a low false-alarm rate when compared to an anomaly-based system.
20
UNIVERSITY OF JYVÄSKYLÄ
Outline
Fundamentals of wireless communications
Sensing security
Transmission security – Physical layer rules
– Physical Layer Security
• Wiretap channel
• Coding
• Security key management
• Artificial noise
• Cooperative communication
22
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Wireless Communications
In the 7-layer Open System Interconnect (OSI) model of computer
networking, the physical layer (PHY) or layer 1 is the first (lowest)
layer. It is commonly abbreviated PHY.
The name “physical layer” can be a bit problematic. Many people
may get the impression that the physical layer is only about actual
network hardware.
PHY contains
– Definition of Hardware Specifications
– Encoding and Signaling
– Data Transmission and Reception
– Topology and Physical Network Design/Network Management
23
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Wireless Communications
24
Wireless communications
Wireless
networks
Computer
networks
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Wireless Communications Physical Layer
The goal of PHY layer technology is to improve the
wireless tranmission quaility as much as possible via
the air-interface design.
– Typical tool is mathematics.
For the security concerns, we categorize it into two
main groups
– Sensing security
– Transmission security
25
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Wireless Communications A sensor example
Sensing/
Receveing Processing Transmitting
26
UNIVERSITY OF JYVÄSKYLÄ
Sensing Security: Extenal Adversaries
Extenal adversaries are entities without any established association with the system.
They can eavesdrop communications and manipulate the data collection process by contributing unauthorized samples.
External adversaries may also target the availability of the system by launching, for example, jamming and distributed denial of service attacks.
Employing simple encryption and access control mechanisms against it.
27
UNIVERSITY OF JYVÄSKYLÄ
Sensing Security: Internal Adversaries
Internal adversaries are legitimate participants of the system that exhibit malicious behavior.
Such adversaries, can submit faulty, yet authenticated, reports during the data collection process.
Their aim is to distort the system’s perception of the sensed phenomenon, and thus, degrade the usefulness of the sensing task.
For instance, in the context of traffic monitoring campaigns, malicious users might contribute false information (e.g., low velocities) to impose a false perception of the congestion levels of the road network. Such data pollution attacks can have far graver implications if malicious users impersonate other entities or pose with multiple identities.
28
UNIVERSITY OF JYVÄSKYLÄ
Source Source
Encoder
Channel
Encoder Modulator
User Source
Decoder
Channel
Decoder
Demodula
tor
Message
Signal
Channel
code
word
Estimate of
Message
signal
Estimate of
channel code word
Received
Signal y
Modulated
Transmitted
Signal x
Wireless
Channel noise
Transmission Security
UNIVERSITY OF JYVÄSKYLÄ
y = h x + n
30
h
x y
n
Tx Rx
Signal to noise ratio (SNR) at Rx= Ex*h^2 / En
Fundamentals of Physical Layer
UNIVERSITY OF JYVÄSKYLÄ
Assessing wireless transmission consists of the channel, frequency bandwidth, signal and noise.
The information carrying capacity of a link is bounded by Shannon’s theorem – C = W log2(1+S(I)NR)
C is the information bit rate (bits/s) that can be communicated to the user reliably.
SINR is the Signal-to-Interference+Noise ratio in absolute scale.
31
Fundamentals of Physical Layer
UNIVERSITY OF JYVÄSKYLÄ
Transmission Security: Physical Layer Security
The issues of authentication, confidentiality, and privacy are
handled in the upper layers using variations of key
cryptosystems or data management.
Nowadays, many results from information theory, signal
processing, and cryptography suggest that there is much
security to be gained by accounting for the imperfections of the
physical layer when designing secure systems.
32
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Physical Layer Security Physical Layer (PHY)
For example, while noise and fading are usually treated as impairments in wireless communications,
Signal to power ratio (SNR) at Rx= Ex*h^2 / En
Information-theoretic results show that they can be harnessed to “hide” messages from a potential eavesdropper or other devices, without requiring a additional secret key.
Such results, if they can be implemented in a cost-efficient way without sacrificing much data rate, call for the design of security solutions at the PHY to complement communications security mechanisms.
33
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Physical Layer Security General Concept
34
The communication between T1
and T2 is being eavesdropped by
an unauthorized terminal T3.
When T2 and T3 are not collocated,
the signals observed at the outputs
of the main channel and
eavesdropper’s channel are usually
different.
For instance, if T1 broadcasts a
video stream, the signal obtained
by T3 may be significantly
degraded compared to the one
received by T2; this degradation
can even prevent T3 from
understanding the content of the
video stream.
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of physical layer security General Concept of PLS
The common secure communication framework (in the upper
layer) does not account for the physical reality of
communication channels.
Especially, it does not consider the degradation of signals
because of noise or fading.
This observation naturally leads to the introduction of a more
realistic communication model, now known as the wiretap
channel.
35
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Physical Layer Security General Concept
36
Transmitter
(encoder)
Receiver
(decoder)
eavesdropper
Wireless Channel with noise
wiretap
Fig. 1 Wiretap channel model
Input signal
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Physical Layer Security Wiretap Channel
37
It is also assumed that Alice sends a common message M0 to both
Bob and Eve and a private message M1 to Bob only.
In the PLS, the common objective is to maximize the the secrecy
capacity, which is usually defined as the data rate of confidential
messages.
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Physical Layer Security Wiretap Channel
38
Essentially,
1. Z should provide no information about M1
2. Y can be decoded into M with negligibly small probability of
error
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Physical Layer Security Wiretap Channel
39
Secrecy Capacity of Gaussian Wiretap Channel
UNIVERSITY OF JYVÄSKYLÄ
Fundamentals of Physical Layer Security Wiretap Channel
To achieve security in PHY, there are multiple
approaches,
– Preprocessing Scheme
• Coding
• Key generation
• Artificial Noise Scheme
– Cooperation Communications
– Many others
40
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Coding
Coding is a essential part in the wireless communications.
In general, coding can be divided into two parts – Source Coding: modulation, typical: Morse code
– Channel Coding: to protect information from transmission error.
As the development of wireless communication technique, there are more types of coding, we can call it precoding which is usually used in Multiple antenna system to explore the use of more antennas, relay or some other systems.
41
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Coding
With the introduction of the wiretap channel model, it became
clear that security can also be achieved through means of
channel coding.
42
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Coding
The coding problem for Alice in the wiretap channel involves
adding redundancy for enabling Bob to correct errors (across
the main channel) and adding randomness for keeping Eve
ignorant (across the wiretap channel), which is different from
the coding in tranditional communications.
Polar codes, low-density parity-check (LDPC) can be used.
There are two types of coding approaches in general,
– Capacity achieving based construction
– Channel resolvability based construction
43
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Secure Key Generation
To fully exploit the randomness of the channel for security
purposes we need secrecy capacity-achieving channel codes.
Unfortunately, it seems very difficult to design near-to-optimal
codes for the Gaussian wiretap channel....
Secret key agreement is a somewhat “easier” problem.
Alice and Bob only have to agree on a key based on common
randomness and not to transmit a particular message.
44
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Secure Key Generation
This model is an extension of the wiretap channel.
There exists a two-way, noiseless, public, side-channel of
unlimited capacity.
This model was introduced to analyze the effect of feedback
on secret communications.
The focus of this model is on the generation of secrecy from
the channel in the form of secret keys.
45
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Secure Key Generation
Alice and Bob can communicate over a public
channel.
The assumption that the channel is public allows
Eve to intercept all messages transmitted over the
side-channel, and the side-channel does not
constitute a source of secrecy.
However, the assumption that the channel is
authenticated prevents Eve from tampering with the
messages.
47
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Secure Key Generation
Message F exchanged via public discussion leaks no information to Eve, which guarantees the security of the generated key so that Alice and Bob eventually agree on the same secret key K unknown to Eve.
A secret-key rate R is achievable if there exists a sequence of secret-key generation strategies with an increasing number of symbols transmitted over the noisy channels data n, such that – The reliability requirement: with high probability, Alice and Bob
agree on the same key.
– The uniformity requirement: the secret key is uniformly distributed in its set, which is a desirable property if the key is to be used for cryptographic applications.
– The secrecy requirement: the key is indeed secret with respect to Eve, who observes the noisy signals Zn and the public messages F.
48
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Secure Key Generation, Remarks
The addition of a public authenticated channel does not trivialize the problem, because it is not a resource for secrecy. The only resource for secrecy remains the noisy communication channel.
Unlike the wiretap channel model, feedback turns out to be an essential ingredient for secret-key generation.
In addition, the key K is not a message in the traditional sense because its value needs to be fixed at the beginning of a secret-key generation strategy.
Secret-key generation strategies can be extremely sophisticated
49
UNIVERSITY OF JYVÄSKYLÄ
Preprocessing Scheme Artificial Noise
There are some other possible ways to enhance the security at
the transmitter side.
For example, Alice can artificially make some noise when
transmitting the message to interfer the reception of Eve.
However, it requires Bob to correctly detect and estimate the
information. It is more or less the combination of security key
and coding.
50
UNIVERSITY OF JYVÄSKYLÄ
Cooperation Communications for PLS
There are many ways to explore the cooperation in
wireless communications.
– Relay
– User cooperation
– BS cooperation
For relay network, security issues are very important
as extra entities are involved during transmission.
We first introduce preliminary of relay
51
UNIVERSITY OF JYVÄSKYLÄ
Cooperation Communications for PLS
By mobilty
– Fixed relay
– Mobile relay
By processing technique
– Amplified-and-Forward
– Decode-and-Forward
52
UNIVERSITY OF JYVÄSKYLÄ
Cooperation Communications for PLS
Some important features
– Cooperative Jamming: Jamming at Eve.
– Untrusted relay
55
UNIVERSITY OF JYVÄSKYLÄ
Cooperation Communications for PLS
There are many critical issues involved,
– How many relays should be selected
– Which relay should be selected.
– Which types of relays should be used.
– How the channel should be modelled.
– Whether the Channel state information is known.
– Whether the relay is trustful.
56