IoT Goes Nuclear: Creating a ZigBee Chain Reaction

Ronen, Eyal; Shamir, Adi; Weingarten, A.; O’Flynn, Colin

doi:10.1109/sp.2017.14

Cited by 315 publications

(32 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…With the rapid growth of the IoT (see Figure 2) also concerns have been raised that without appropriate considerations many new security challenges arise. In particular, as the IoT is interconnected and spreads widely, cyber attacks are an emerging threat [9,31,39,47]. Therefore, researchers from academia and industry are analysing the security aspects of IoT systems [48].…”

Section: Research Gap and Related Workmentioning

confidence: 99%

“…Often this mathematical analysis targets detailed aspects of the underlying encryption schemes, protocols, and hardware used in IT system architectures. The importance of a detailed security analysis of the primitives of encryption schemes and security protocols are highlighted in the case of many recent attacks on IoT systems [47]. Recently, also many international standards and even well studied primitives have been broken.…”

Section: Security Analysismentioning

confidence: 99%

See 1 more Smart Citation

Requirements and Recommendations for IoT/IIoT Models to automate Security Assurance through Threat Modelling, Security Analysis and Penetration Testing

Ankele

Marksteiner

Nahrgang

et al. 2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

The factories of the future require efficient interconnection of their physical machines into the cyber space to cope with the emerging need of an increased uptime of machines, higher performance rates, an improved level of productivity and a collective collaboration along the supply chain. With the rapid growth of the Internet of Things (IoT), and its application in industrial areas, the so called Industrial Internet of Things (IIoT)/Industry 4.0 emerged. However, further to the rapid growth of IoT/IIoT systems, cyber attacks are an emerging threat and simple manual security testing can often not cope with the scale of large IoT/IIoT networks.In this paper, we suggest to extract metadata from commonly used diagrams and models in a typical software development process, to automate the process of threat modelling, security analysis and penetration testing, without detailed prior security knowledge.In that context, we present requirements and recommendations for metadata in IoT/IIoT models that are needed as necessary input parameters of security assurance tools.

show abstract

Section: Research Gap and Related Workmentioning

confidence: 99%

Section: Security Analysismentioning

confidence: 99%

Requirements and Recommendations for IoT/IIoT Models to automate Security Assurance through Threat Modelling, Security Analysis and Penetration Testing

Ankele

Marksteiner

Nahrgang

et al. 2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…Ability of IoT devices to connect and communicate among themselves allows IoT systems to deal with a variety of complex operations that exceed the constrained resources of individual IoT devices. However, the limited capabilities of the IoT devices to adopt traditional security techniques exposes IoT systems to a huge number of potential attacks [2], [3], [4]. Thus, a security mechanism that guarantees the secure interaction between devices plays a key role in establishing trust in an IoT system.…”

Section: Introductionmentioning

confidence: 99%

RADIS: Remote Attestation of Distributed IoT Services

Conti

Dushku

Mancini

2019

2019 Sixth International Conference on Software Defined Systems (SDS)

View full text Add to dashboard Cite

Remote attestation is a security technique by which a potentially untrusted device called Prover can evidence its current state to an external trusted party called Verifier. The main goal of a remote attestation protocol is to guarantee the reliability of the evidence, such that the Verifier can verify remotely the trustworthiness of the Prover. In the Internet of Things (IoT) systems, which are increasingly becoming exposed to a broad range of exploitations, the existing remote attestation protocols aim to check the integrity of each individual IoT device by detecting the modified softwares and physical tampering attacks. However, in an interconnected IoT system, in which IoT devices interact autonomously among themselves, a compromised IoT service can influence the genuine operation of other invoked service, without changing the software.In this paper, we show how a compromised service in a distributed IoT service can induce malicious behavior on genuine services, and we highlight the need for distributed services attestation. We propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which provides a complete evidence about the trustworthiness of distributed IoT services. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Additionally, RADIS traces the interactions between IoT distributed services, allowing the Verifier to check whether the activities follow a legitimate interaction model. We discuss the effectiveness of our protocol in validating the integrity status of a distributed IoT service.

show abstract

“…Many of these fall into the category of non-invasive attacks, which can be performed without direct physical contact with components within the device. Attacks that exploit leakage of key-dependent information can lead to disastrous scenarios in which the master key used to encrypt and authenticate device firmware becomes compromised [RSWO17].…”

Section: Introductionmentioning

confidence: 99%

Threshold schemes for cryptographic primitives:

Brandão¹,

Mouha²,

Vassilev³

2019

View full text Add to dashboard Cite

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. AbstractThe Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms.This document overviews the possibility of implementing cryptographic primitives using threshold schemes, where multiple components contribute to the operation in a way that attains the desired security goals even if f out of n of its components are compromised. There is also an identified potential in providing resistance against side-channel attacks, which exploit inadvertent leakage from real implementations. Security goals of interest include the secrecy of cryptographic keys, as well as enhanced integrity and availability, among others. This document considers challenges and opportunities related to standardization of threshold schemes for cryptographic primitives. It includes examples illustrating security tradeoffs under variations of system model and adversaries. It enumerates several high-level characterizing features of threshold schemes, including the types of threshold, the communication interfaces (with the environment and between components), the executing platform (e.g., single device vs. multiple devices) and the setup and maintenance requirements.The document poses a number of questions, motivating aspects to take into account when considering standardization. A particular challenge is the development of criteria that may help guide a selection of threshold cryptographic schemes. An open question is deciding at what level each standard should be defined (e.g., specific base techniques vs. conceptualized functionalities) and which flexibility of parametrization they should allow. Suitability to testing and validation of implementations are also major concerns to be addressed. Overall, the document intends to support discussion about standardization, including motivating an engagement from stakeholders. This is a step towards enabling threshold cryptography within the US federal government and beyond.

show abstract

IoT Goes Nuclear: Creating a ZigBee Chain Reaction

Cited by 315 publications

References 9 publications

Requirements and Recommendations for IoT/IIoT Models to automate Security Assurance through Threat Modelling, Security Analysis and Penetration Testing

Requirements and Recommendations for IoT/IIoT Models to automate Security Assurance through Threat Modelling, Security Analysis and Penetration Testing

RADIS: Remote Attestation of Distributed IoT Services

Threshold schemes for cryptographic primitives:

Contact Info

Product

Resources

About