Identity-based sender authentication in constrained networks

In October of 2016, a DDos attack made headlines by taking down several web services like Netflix, Twitter and PayPal and others over the course of a day. Security experts believe it was based on the Internet of Things (IoT), i.e. devices whose primary function lies outside the computerized world which are nevertheless connected to the Internet, like TVs, thermostats, security cameras etc. They can be found in smart homes, public infrastructure or industrial environme nts. The security of a home may depend on them, yet many, maybe most of the IoT devices are poorly secured and can easily be compromised. Allegedly, the aforementioned DDoS attack exploited those weaknesses.

Even more dangerous than single unsafe objects is a communicating group of such devices. In that scenario, a successful attacker gains control over many items at once. She may for example impersonate a group member and participate in their name. Therefore, the sender of a message needs to be identified correctly. Digital signatures are a well-established solution for this.

However, many standard schemes are too complex for items with low energy or memory resources as are common in IoT. To keep communication cost at a minimum, the number and size of messages for key exchange and signing need to be minimized. A fitting approach is that of Adi Shamir's paper "Identity-Based Cryptosystems and Signature Schemes". By using the identity of the sender as public key for the signature or encryption, not only does it save the cost of transmitting the public key but it also simplifies the scheme: usually the recipient would have to ensure that the public key belongs to the alleged sender by contacting a trusted third party. With Identity Based Signatures (IBS), this step is rendered superfluous since identity and public key are the same. A great amount of resources can thus be saved.

In recent years, a number of IBS schemes has been described. However, they seldom address the matter of constraints, why the goal of this thesis is to compose a sender authentication scheme based on IBS that meets the requirements of constrained networks. The first step is the specification of the IBS model (e.g. what entities exist whithin the model, which steps and transactions are necessary to sign and verify, if a hierarchical structure can be enforced etc). Then we examine three public-key encryption algorithms w.r.t. the model and choose one for a concrete implementation, which will be tested and evaluated.

Prof. Dr. D. Kranzlmüller

Dauer der Arbeit:

Anzahl Bearbeiter: 1


Last Change: Fri, 19 May 2017 04:04:18 +0200 - Viewed on: Sun, 20 Oct 2019 16:19:06 +0200
Copyright © MNM-Team - Impressum / Legal Info  - Datenschutz / Privacy