KSII Transactions on Internet and Information Systems, vol. 12, no. 8, KSII, pp. 3567-3588, 08/2018. DOI (I.F.: 0.711)
In the Internet of Things (IoT) concept, devices communicate autonomously with applications in the Internet. A significant aspect of IoT that makes it stand apart from present-day networked devices and applications is a) the very large number of devices, produced by diverse makers and used by an even more diverse group of users; b) the applications residing and functioning in what were very private sanctums of life e.g. the car, home, and the people themselves. Since these diverse devices require high-level security, an operational model for an IoT system is required, which has built-in security. We have proposed the societal model as a simple operational model. The basic concept of the model is borrowed from human society – there will be infants, the weak and the handicapped who need to be protected by guardians. This natural security mechanism works very well for IoT networks which seem to have inherently weak security mechanisms. In this paper, we discuss the requirements of the societal model and examine its feasibility by doing a proof-of-concept implementation.
31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'17), vol. LNCS 10359, Springer, pp. 453-472, 07/2017. DOI
In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the cor- responding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward secu- rity and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk.
2nd IEEE International Conference on Fog and Edge Mobile Computing (FMEC 2017), IEEE Computer Society, pp. 56-61, 06/2017. DOI
Cloud computing has some major limitations that hinder its application to some specific scenarios (e.g., Industrial IoT, and remote surgery) where there are particularly stringent requirements, such as extremely low latency. Fog computing is a specialization of the Cloud that promises to overcome the aforementioned limitations by bringing the Cloud closer to end-users. Despite its potential benefits, Fog Computing is still a developing paradigm which demands further research, especially on security and privacy aspects. This is precisely the focus of this paper: to make evident the urgent need for security mechanisms in Fog computing, as well as to present a research strategy with the necessary steps and processes that are being undertaken within the scope of the SMOG project, in order to enable a trustworthy and resilient Fog ecosystem.
Computer Networks, vol. 57, Elsevier, pp. 2266–2279, July 2013. DOI (I.F.: 1.282)
In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.