Device d is created by manufacturer M. d is flashed with its software during the manufacturing process. At this time,M provides the following keys that are stored ond: A public key{Mpub}for the communication with M, and a unique public key infrastructure (PKI) key pair{dpub, dpriv}.M stores{dpub}only but must be expected to know the private key, too. HomeCA can verify ford, that update U is actually fromM since the update is signed with the certificate of M. Access todis only granted via HomeCA because devicedonly accepts access incoming messages encrypted with{dpub}which is known to HomeCA only. The protocol steps for the integration of d into the home network with HomeCA protocol is following:
Definition 1. Deviced with a possibly non-unique ECC (Elliptic Curve Cryp-tography) Key / key, that might also be known to a third party, i.e. Manufacturer M.
Definition 2. Manufacturer M that could know the ECC key ofd.
Definition 3. HomeCA which is a home certification authority, e.g. running within a owners Smart Home system and is a trustworthy entity that shall not know the key.
Theorem 1. A new key pairk for deviced, that includes the entropy from the previous key and additional entropy from an information exchange between the HomeCA and the device.
Proof. – HomeCA continuously broadcasts its presence within the private net-work and requests new devices for authentication.
10 Conclusions and Future Work – dauthenticates against HomeCA with its keypubd .
– Auxiliary condition: Geographically restricted and within a small time win-dow to reduce the attack vector.
– d and HomeCA create a common Diffie-Hellman Key DHk. The result is not predictable by both.
– Entropy check: Verification of the quality of the random numberk.
– dcreates a new keypubd2andprivd2, that are obtained by multiplication of pubd andprivd with k.
– HomeCA signs the new keypubd2, that HomeCA can obtain fromk∗pubd
and provides the certificate tod.
Result:
– privd is known todand potentially also toM. – k is known todand HomeCA.
– privd2=k∗privd is only known tod
– At the same time, HomeCA knows, thatdhas integrated material.
6 Conclusions and Future Work
This paper motivates the challenges of the integration of IoT devices into a private network. We present our mostly automated security protocol HomeCA.
It focuses mainly on two functions: First, secure integration, which relies on PKI cryptography that prevents attacks from the Internet. Second, scalability to a large number of IoT devices, by the automated integration process without user interaction based on defined protocol steps within the private network.
The steps described ensure that on first purchase and later ownership changes, the keys are updated securely, even when the device lacks a reliable entropy source.
The processes are designed to ensure long-term compatibility and security, even when the devices will not be provided with security updates.
We plan to implement the HomeCA protocol in a real world environment to analyze its viability without requiring changes on existing IoT devices. This prototype will also allow deployment to verify several parameters, including the validity periods and timeouts.
Acknowledgments
The authors would like to thank Adrian Spalka for discussions about the cryp-tographic properties of the key update algorithm.
References 11
References
[1] US-CERT, “Alert (TA16-288A): Heightened DDoS threat posed by Mi-rai and other botnets,” https://www.us-cert.gov/ncas/alerts/TA16-288A, Nov. 2016. 1
[2] M. Waldvogel, “DDoS: What we can do to prevent it,”https://netfuture.
ch/2016/09/ddos-what-we-can-do-to-prevent-it/, Nov. 2016. 1
[3] T. Zillner, “ZigBee exploited: The good, the bad and the ugly,” Cognosec, White paper, Aug. 2015. 1
[4] M. Vanhoef and F. Piessens, “Predicting, decrypting, and abusing WPA2/802.11 group keys,” in 25th USENIX Security Symposium.
USENIX, 2016. 1,2
[5] Wi-Fi Alliance, “Wi-Fi certified Wi-Fi Protected Setup,” 2014. 1,2,4.5 [6] D. Bongard, “Offline bureforce attack on WiFi Protected Setup,” inHackLu,
2014. 1,4.1
[7] Bundesamt f¨ur Sicherheit in der Informationstechnologie (BSI),
“Cyber-Angriffe durch IoT-Botnetze: BSI fordert Hersteller zu mehr Sicherheitsmaßnahmen auf,” https://www.bsi.bund.de/DE/Presse/
Pressemitteilungen/Presse2016/Cyber-Angriffe durch IoT-Botnetze 25102016.html, Oct. 2016. 1
[8] E. Harmon, “Don’t hide DRM in a security update,”https://www.eff.org/
deeplinks/2016/09/dont-hide-drm-security-update, 2016. 1
[9] Atmel, “AWS zero touch secure provisioning platform,” http://www.
atmel.com/applications/iot/aws-zero-touch-secure-provisioning-platform/
default.aspx, Application note, 2016. 1,2
[10] H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the internet of things: A review,” in2012 International Conference on Computer Science and Elec-tronics Engineering (ICCSEE). IEEE, 2012. 2
[11] M. J. Gander and U. M. Maurer, “On the secret-key rate of binary random variables,” in International Symposium on Information Theory. IEEE, 1994. 2
[12] P. Svenda, M. Nemec, P. Seka, R. Kvasnovsk, D. Formane, D. Komarek, and V. Matyas, “The million-key question—Investigating the origins of RSA public keys,” in25th USENIX Security Symposium. USENIX, 2016. 2 [13] J. Liu, Y. Xiao, and C. L. P. Chen, “Authentication and access control
in the internet of things,” in32nd International Conference on Distributed Computing Systems Workshops, 2012. 2
[14] B. Klugah-Brown, J. B. Aristotle, K. Ansuura, and X. Qi, “A signcryption scheme from certificateless to identity-based environment for WSNs into IoT,” International Journal of Computer Applications (0975 – 8887), vol.
120, no. 9, 2015. 2
[15] CAPTCHA, “CAPTCHA: Telling humans and computers apart automati-cally,”http://www.captcha.net/. 3.1
[16] R. R. Dube,Hardware-based Computer Security Techniques to Defeat Hack-ers: From Biometrics to Quantum Cryptography. Wiley, 2008. 4.1 [17] J. Scahill and J. Begley, “The great SIM heist,” The Intercept, Feb. 2015.
4.1,5.1
[18] IEEE Computer Society, “1149.1-2013 - ieee standard for test access port and boundary-scan architecture,” in Working Group: Boundary Scan Ar-chitecture - Standard Test Access and Boundary Scan ArAr-chitecture WG P1149.1, 2013. 4.1
12 References [19] F. Stajano and R. Anderson, “The resurrecting duckling: Security issues for ad-hoc wireless networks,” inInternational Workshop on Security Protocols, Apr. 1999. 4.3
[20] S. Cheshire and M. Krochmal, “DNS-Based Service Discovery,” RFC 6763 (Proposed Standard), Internet Engineering Task Force, Feb. 2013. [Online].
Available:https://tools.ietf.org/html/rfc6763 4.4,4.10
[21] J. J. Roberts, “Watch out that your rental car doesn’t steal your phone data,” Sep. 2016. [Online]. Available: https://fortune.com/2016/09/01/
rental-cars-data-theft/ 4.6
[22] S. Cheshire and M. Krochmal, “Multicast DNS,” RFC 6762 (Proposed Standard), Internet Engineering Task Force, Feb. 2013. [Online]. Available:
https://tools.ietf.org/html/rfc6762 4.10
[23] D. Kaiser and M. Waldvogel, “Adding privacy to multicast DNS service dis-covery,” inTrust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on. IEEE, 2014, pp. 809–816. 4.10
[24] ——, “Efficient privacy preserving multicast DNS service discovery,” inHigh Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC, CSS, ICESS), 2014 IEEE Intl Conf on. IEEE, 2014, pp. 1229–1236. 4.10
[25] E. Rescorla and N. Modadugu, “Datagram Transport Layer Security Version 1.2,” RFC 6347 (Proposed Standard), Internet Engineering Task Force, Jan. 2012, updated by RFCs 7507, 7905. [Online]. Available:
https://tools.ietf.org/html/rfc6347 4.11
[26] D. Fifield, C. Lan, R. Hynes, P. Wegmann, and V. Paxson, “Blocking-resistant communication through domain fronting,” inProceedings on Pri-vacy Enhancing Technologies, no. 2, Jun. 2015, pp. 46–64. 4.11