What it takes to boost Internet of Things privacy beyond encryption with unobservable communication: a survey and lessons learned from the first implementation of DC-net
Tóm tắt
Privacy requires more than just encryption of data before and during transmission. Privacy would actually demand hiding the sheer fact that communication takes place. This requires to protect meta-data from observation. We motivate the need for strong privacy protection in a smart home use case by highlighting the privacy issues that cannot be solved by confidentiality mechanisms like encryption alone. Our solution is a implementation of DC-net on Re-Mote sensor nodes running Contiki OS. From this, we conclude that the computational and network overheads imposed by these techniques do not make them impractical to use in the IoT. To the best knowledge of the authors, this is the first implementation of DC-net on sensors. Alongside, we provide a survey of the required strong cryptographic security mechanisms, like encryption of communication, to be in place. We describe how the current existing techniques can be facilitated to achieve unobservable communication for the IoT. This includes mechanisms for encrypted IoT communication like DTLS or message authentication like ECDSA signatures on IoT devices. For readers unfamiliar with the concepts of MIXing and DC-net, we explain and analyse how those techniques, formerly used to provide private communication in the Internet, can be applied to the IoT. We briefly survey what complementary features from the IoT architecture are helpful in providing strong protection in this particular use case. Finally, we state some recommendations hoping that following these will enable us to reduce the privacy invasiveness of the IoT on all levels. We think that this will be indispensable if IoT devices shall become a part of our daily lives without rendering us into an Orwellian society.
Tài liệu tham khảo
Ahmad I, Namal S, Ylianttila M, Gurtov A (2015) Security in software defined networks: a survey. IEEE Commun Surv Tutor 17(4):2317–2346. https://doi.org/10.1109/COMST.2015.2474118
Angelakis V, Cuellar J, Fischer K, Fowler S, Gessner J, Gundlegård D, Helgesson D, Konios G, Lioumpas A, Lunggren M, Mardiak M, Moldovan G, Mouroutis T, Nechifor S, Oikonomou G, Pöhls HC, Ruiz D, Siris V, Suppan S, Stamatakis G, Stylianou Y, Traganitis A, Tragos EZ (2014) The RERUM system architecture. Tech. rep., University of Passau
Baldini G, Peirce T, Botterman M, Talacchini MC, Pereira A, Handte M, Rotondi D, Pöhls HC, Vermesan O, Baddii A, Copigneaux B, Schreckling D, Vigano L, Steri G, Piccione S, Vlacheas P, Stavroulaki V, Kelaidonis, D., Neisse, R., Tragos E, Smadja P, Hennebert C, Serrano M, Severi S, Abreu G, Kirstein PT, Varakliotis S, Skarmeta A (2015) Internet of Things: IoT governance, privacy and security issues. In: Position paper activity chain 05, IERC-European research cluster on the Internet of Things
Bandyopadhyay D, Sen J (2011) Internet of things: applications and challenges in technology and standardization. Wirel Pers Commun 58(1):49–69
Bauer J, Staudemeyer RC (2017) From dining cryptographers to dining things: unobservable communication in the IoT in practice. In: Proceedings of the international workshop on computer-aided modeling analysis and design of communication links and networks (CAMAD’17), p 9
Bauer J, Staudemeyer RC, Pöhls HC, Fragkiadakis A (2016) ECDSA on things: IoT integrity protection in practice. In: Proceedings of the 18th international conference on information and communications security (ICICS’16). Springer, pp 1–15. Retrieved from https://projects.eclipse.org/projects/iot.tinydtls. Accessed 29 June 2016
Bergmann O (2015) TinyDTLS: a DTLS open source stack. Retrieved from https://projects.eclipse.org/projects/iot.tinydtls. Accessed 29 June 2016
Bernstein DJ (2006) Curve25519: New Diffie–Hellman speed records. In: Proceedings of the int. workshop on public key cryptography (PKC’06), LNCS, vol 3958. Springer, pp 207–228
Bernstein DJ, Chou T, Chuengsatiansup C, Hülsing A, Lambooij E, Lange T, Niederhagen R, van Vredendaal C (2014) How to manipulate curve standards: a white paper for the Black Hat. Secur Stand Res LNCS 9497:109–139
Bernstein DJ, Duif N, Lange T, Schwabe P, Yang By (2012) High-speed high-security signatures. J Cryptogr Eng 2(2):77–89
Bernstein DJ, van Gastel B, Janssen W, Lange T, Schwabe P, Smetsers S (2014) TweetNaCl: a crypto library in 100 tweets. In: Proceedings of the international conference on cryptology and information security in Latin America (LATINCRYPT’14), vol 8895
Bilzhause A, Pöhls HC, Samelin K (2017) Position paper: the past, present, and future of sanitizable and redactable signatures. In: Proceedings of international conference on availability, reliability and security (ARES 2017), pp 87:1–87:9. ACM. https://doi.org/10.1145/3098954.3104058. Sep 2017
Brandt A, Hui J, Kelsey R, Levis P, Pister K, Struik R, Alexander R (2012) RFC6550—RPL: IPv6 routing protocol for low-power and lossy networks, Winter T, Thubert P (eds). https://doi.org/10.17487/rfc6550
Cavoukian A (2009) 7 Foundational Principles - Privacy By Design. Retrieved from https://www.privacybydesign.ca/index.php/about-pbd/7-foundational-principles. Accessed 27 July 2015
Chakrabarti S, Nordmark E, Bormann C (2012) RFC6775—neighbor discovery optimization for ipv6 over low-power wireless personal area networks (6LoWPANs) Shelby Z (ed). https://doi.org/10.17487/rfc6775
Chaum DL (1981) Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2):84–90
Chaum DL (1988) The dining cryptographers problem: unconditional sender and recipient untraceability. J Cryptol 1(1):65–75
Contiki (2017) Contiki: the open source OS for the internet of things. Retrieved from http://www.contiki-os.org/. Accessed 27 May 2017
Cooper DA, Birman KP (1995) The design and implementation of a private message service for mobile computers. Wirel Netw 1(3):297–309
Corrigan-Gibbs H, Ford B (2010) Dissent: accountable anonymous group messaging. In: Proceedings of the 17th ACM conference on computer and communications security (CCS’10), pp 340–350. ACM
Cuellar J, Bauer J, Fragkiadakis A, Petschkuhn B, Pöhls HC, Ruiz D, Tragos EZ, Staudemeyer RC, Suppan S, Weber R, Wójcik M (2015) Privacy enhancing techniques in Smart City applications. Tech. rep., University of Passau
Cuellar J, Ochoa M, Rios R (2012) Indistinguishable regions in geographic privacy. In: Proceedings of the 27th annual ACM symposium on applied computing, SAC ’12. ACM, New York. pp 1463–1469. https://doi.org/10.1145/2245276.2232010
Danezis G, Clayton R (2007) Introducing traffic analysis. In: Digital privacy: theory, technologies, and practices, pp 1–24
Danezis G, Dingledine R, Mathewson N (2003) Mixminion: design of a type III anonymous remailer protocol. In: Proceedings of the symposium on security and privacy. IEEE, pp 2–15
Danezis G, Domingo-Ferrer J, Hansen M, Hoepman JH, Metayer DL, Tirtea R, Schiffner S (2014) Privacy and data protection by design—from policy to engineering. Tech. Rep. dec, European Union Agency for Network and Information Security
Dingledine R, Mathewson N, Syverson P (2004) Tor: The second-generation onion router. In: Proceedings of the 13th USENIX security symp., vol 13. USENIX Association. pp 303–320
Dunkels A (2007) RIME—a lightweight layered communication stack for sensor networks. In: Proceedings of the European conference on wireless sensor networks (EWSN’07), Poster Abstract, p 2
Dunkels A, Grönvall B, Voigt T (2004) Contiki—a lightweight and flexible operating system for tiny networked sensors. In: 29th annual international conference on local computer networks (LCN’04), pp 455–462
Elgzil A, Chow CE, Aljaedi A, Alamri N (2017) Cyber anonymity based on software-defined networking and onion routing (sor). In: 2017 IEEE conference on dependable and secure computing, pp 358–365. https://doi.org/10.1109/DESEC.2017.8073856
Enev M, Gupta S, Kohno T, Patel SN (2011) Televisions, video privacy, and powerline electromagnetic interference. In: Proceedings of ACM SIGSAC symposium on information, computer and communications security (ASIA CCS 2011), pp 537–550. ACM
EU Article 29 Data Protection Working Party (WP 223): Opinion 8/2014 on the recent developments on the Internet of Things (2014)
(2016) European Parliament and the Council of the European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Off J 1–88. (OJ L 119 of 4.5.2016)
European Union Agency for Network and Information Security (ENISA): recommended cryptographic measures-securing personal data (2013). URL https://www.enisa.europa.eu/publications/recommended-cryptographic-measures-securing-personal-data/at_download/fullReport
Fielding RT (2000) Architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California, Irvine
Frizell S (2014) This startup is trying to create—and control—the Internet of your home. TIMES Magazine
Goel S, Robson M, Polte M, Sirer E (2003) Herbivore: a scalable and efficient protocol for anonymous communication. Tech. rep., Cornell University
Golle P, Juels A (2004) Dining cryptographers revisited. In: Proceedings of advances in cryptology (EUROCRYPT ’04), vol 2729, pp 456–473
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security, pp 89–98. ACM
Guan Y, Fu X, Bettati R, Zhao W (2002) An optimal strategy for anonymous communication protocols. In: Proceedings of the 22nd international conference on distributed computing systems (ICDCS’02), pp 257–266. IEEE
Hewlett Packard Enterprise (2015) Internet of Things research study. Tech. Rep. jul, HP
Hewlett Packard Enterprise (2015) Internet of Things Security Study: home security systems report. Tech. rep., HP
IEEE Standards Association: Wireless Medium Access Control (MAC) and Physical Layer (PHY) specifications for Low-Rate Wireless Personal Area Networks (LR-WPANs) (2006)
IEEE Standards Association: Part 15.4g: Low-Rate Wireless Personal Area Networks (LR-WPANs) Amendment 3: Physical Layer (PHY) Specifications for Low-Data-Rate, Wireless, Smart Metering Utility Networks IEEE Computer (2012)
Ilia P, Oikonomou G, Tryfonas T (2013) Cryptographic key exchange in IPv6-based low power, lossy networks. In: Workshop in information security theory and practice (WISTP’13), lecture notes in computer science, vol 7886, pp 34–49. Springer
ISO/IEC: ISO/IEC 29100:2011: information technology—security techniques—privacy framework. ISO, Geneva (2011)
Jawurek M (2013) Privacy in smart grids. Ph.D. thesis, Friedrich-Alexander-University Erlangen-Nuernberg
Johnson R, Molnar D, Song D, Wagner D (2002) Homomorphic signature schemes. In: Proceedings of the RSA security conference—cryptographers track. Springer, pp 244–262
Jonsson J, Kaliski B (2003) RFC3447—Public-Key Cryptography Standards (PKCS) #1: RSA cryptography specifications version 2.1. Tech. Rep. 3447, Internet Engineering Task Force
Josefsson S, Liusvaara I (2017) Edwards-Curve Digital Signature Algorithm (EdDSA). RFC 8032. 10.17487/RFC8032
Kelly D, Raines R, Baldwin R, Grimaila M, Mullins B (2012) Exploring extant and emerging issues in anonymous networks: a taxonomy and survey of protocols and metrics. IEEE Commun Surv Tutor 14(2):579–606
Krentz KF, Rafiee H, Meinel C (2013) 6LoWPAN security: adding compromise resilience to the 802.15.4 security sublayer. In: Proceedings of the international workshop on adaptive security (ASPI’13), pp 1–10. ACM
Lisovich MA, Mulligan DK, Wicker SB (2010) Inferring personal information from demand-response systems. IEEE Secur Priv 8(1):11–20. https://doi.org/10.1109/MSP.2010.40
MacKay K (2016) micro-ecc. Retrieved from http://kmackay.ca/micro-ecc/. Accessed 2 Oct 2016
McGrew D, Rescorla E (2010) RFC5764—datagram transport layer security (DTLS) extension to establish keys for the secure real-time transport protocol (SRTP). Tech. rep., RFC Editor
Meier R, Gugelmann D, Vanbever L (2017) itap: In-network traffic analysis prevention using software-defined networks. In: Proceedings of the symposium on SDN research, SOSR ’17. ACM, New York, pp 102–114. https://doi.org/10.1145/3050220.3050232
Miorandi D, Sicari S, De Pellegrini F, Chlamtac I (2012) Internet of things: vision, applications and research challenges. Ad Hoc Netw 10(7):1497–1516
Modadugu N, Rescorla E (2004) The design and implementation of datagram TLS. In: Proceedings of the 11th annual network and distributed system security symposium (ISOC NDSS’04)
Moeller N, Josefsson S (2015) IETF draft: EdDSA and Ed25519. Retrieved from https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02. Accessed 2 Oct 2016
Molina-Markham A, Shenoy P, Fu K, Cecchet E, Irwin, D (2010) Private memoirs of a smart meter. In: Proceedings of 2nd ACM BuildSys ’10. ACM, pp 61–66. https://doi.org/10.1145/1878431.1878446
Möller U, Cottrell L, Palfrader P, Sassaman L (2003) Mixmaster protocol—version 2 Internet Draft, July. Retrieved from https://www.ietf.org/archive/id/draft-sassaman-mixmaster-03.txt
Montenegro G, Kushalnagar N, Hui J, Culler, D (2007) RFC4944—transmission of IPv6 packets over IEEE 802.15.4 networks. https://doi.org/10.17487/rfc4944
Mössinger M, Petschkuhn B, Bauer J, Staudemeyer RC, Wójcik M, Pöhls HC (2016) Towards quantifying the cost of a secure IoT: overhead and energy consumption of ECC signatures on an ARM-based device. In: 17th international symposium on a world of wireless, mobile and multimedia networks (WoWMoM). IEEE, p 6
Palavras E, Fysarakis K, Papaefstathiou I, Askoxylakis I (2018) Semibiot: secure multi-protocol integration bridge for the iot. In: 2018 IEEE international conference on communications (ICC), pp 1–7. https://doi.org/10.1109/ICC.2018.8422486
Papadopoulos G, Staudemeyer RC, Wójcik M, Pöhls HC, Oikonomou G, Angelakis V, Bauer J, Charalampidis P, Fragkiadakis A, Gundlegård D, Katuri S, Makrogiannakis A, Petschkuhn B, Stamatakis G, Surligas M, Tragos EZ, Fragkiadakis A, Tragos EZ, Papadopoulos G, Gundlegård D, Angelakis V, Katuri S, Bauer J, Petschkuhn B, Charalampidis P, Stamatakis G, Surligas M, Makrogiannakis A (2016) The RERUM laboratory evaluation results. Tech. rep., University of Passau
Perazzo P, Vallati C, Arena A, Anastasi G, Dini G (2017) An implementation and evaluation of the security features of RPL. In: Puliafito A, Bruneo D, Distefano S, Longo F (eds) Ad-hoc, mobile, and wireless networks. Springer International Publishing, Cham, pp 63–76
Pfitzmann A, Hansen M (2010) A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. Tech. rep., Technical University Dresden
Pfitzmann A, Pfitzmann B, Waidner M (1991) ISDN-mixes: untraceable communication with very small bandwidth overhead. In: GI/ITG-conference “Kommunikation in verteilten Systemen” (communication in distributed systems), pp 451–463
Piñol Piñol O (2014) Implementation and evaluation of BSD elliptic curve cryptography. Master thesis (pre-bologna period), Universitat Politècnica de Catalunya
Pöhls HC (2015) JSON Sensor Signatures (JSS): end-to-end integrity protection from constrained device to IoT application. In: Proceedings of the workshop on extending seamlessly to the Internet of Things (esIoT’15). IEEE, pp 306–312
Pöhls HC, Angelakis V, Suppan S, Fischer K, Oikonomou G, Tragos EZ, Rodrigo Diaz Rodriguez, Mouroutis T (2014) RERUM: building a reliable IoT upon privacy- and security-enabled smart objects. In: Wireless communications and networking conference workshop on IoT communications and technologies (WCNC ’14), pp 122–127. IEEE
Pöhls HC, Karwe M (2014) Redactable signatures to control the maximum noise for differential privacy in the smart grid. In: Proceedings of international workshop on smart grid security (SmartGridSec 2014), LNCS, vol 8448. Springer, pp 79–93. https://doi.org/10.1007/978-3-319-10329-7_6
Pöhls HC, Petschkuhn B (2017) Towards compactly encoded signed IoT messages. In: Proceedings of IEEE international workshop on computer-aided modeling analysis and design of communication links and networks (IEEE CAMAD 2017). IEEE, pp 1–6. https://doi.org/10.1109/CAMAD.2017.8031622. http://henrich.poehls.com/papers/2017_PoehlsPetschkuhn_IoT_signature_encoding_CAMAD.pdf. Accessed: Sep 2017
Pöhls HC, Petschkuhn B, Rückert J, Mössinger M (2014) Aggregation and perturbation in practice: case-study of privacy, accuracy and performance. In: IEEE international workshop on computer-aided modeling analysis and design of communication links and networks (IEEE CAMAD 2014). IEEE, pp 183–187. https://doi.org/10.1109/CAMAD.2014.7033231
Raghavan B, Casado M, Koponen T, Ratnasamy S, Ghodsi A, Shenker S (2012) Software-defined internet architecture: Decoupling architecture from infrastructure. In: Proceedings of the 11th ACM workshop on hot topics in networks, HotNets-XI. ACM, New York, pp 43–48. https://doi.org/10.1145/2390231.2390239
Rasori M, Perazzo P, Dini G (2018) ABE-Cities: an attribute-based encryption system for smart cities. In: 2018 IEEE international conference on smart computing (SMARTCOMP). IEEE, pp 65–72
Raymond JF (2001) Traffic analysis: protocols, attacks, design issues, and open problems. In: Federrath H (ed) Designing privacy enhancing technologies, LNCS. Springer, pp 10–29
Reed MG, Syverson PF, Goldschlag DM (1998) Anonymous connections and onion routing. J Sel Areas Commun 16(4):482–494
Rios R, Lopez J, Cuellar J (2016) Location privacy in wireless sensor networks, 1st edn. CRC Press Inc, Boca Raton
Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Comput Netw 57(10):2266–2279
Ruiz D, Wójcik M, Pöhls HC et al (2015) Enhancing the autonomous smart objects and the overall system security of IoT based smart cities. Tech. rep., University of Passau
Rupprecht D, Kohls K, Holz T, Pöpper C (2019) Breaking LTE on layer two. In: IEEE symposium on security & privacy (SP). IEEE
Shelby Z, Hartke K, Bormann C (2014) RFC7252—the constrained application protocol (CoAP)
Singh M, Rajan M, Shivraj V, Balamuralidhar P (2015) Secure MQTT for Internet of Things (IoT). In: 2015 fifth international conference on communication systems and network technologies (CSNT). IEEE, pp 746–751
Soroush H, Salajegheh M, Dimitriou T (2007) Providing transparent security services to sensor networks. In: Proceedings of the international conference on communications, pp 3431–3436
Staudemeyer RC, Pöhls HC, Watson BW (2017) Security & privacy for the Internet-of-Things communication in the SmartCity. In: Designing, developing, and facilitating smart cities: urban design to IoT solutions, chap 7. Springer, pp 109–137
Staudemeyer RC, Pöhls HC, Wójcik M (2018) The road to privacy in IoT: beyond encryption and signatures, towards unobservable communication. In: Proceedings of The 7th workshop on IoT-SoS: Internet of Things smart objects and services (WOWMOM SOS-IOT 2018). IEEE Computer Society
Staudemeyer RC, Umuhoza D, Omlin CW (2005) Attacker models, traffic analysis and privacy threats in IP networks. In: Proceedings of the 12th international conference on telecommunications (ICT’05)
Steinfeld R, Bull L, Zheng Y (2002) Content extraction signatures. In: Proceedings of international conference on information security and cryptology (ICISC 2001), vol 2288. Springer, pp 163–205. https://doi.org/10.1007/3-540-45861-1_22
The European Parliament and the Council of the European Union: Directive 1995/46/EC of the european parliament and of the council—on the protection of individuals with regard to the processing of personal data on the free movement of such data (1995)
Thubert P (2011) RFC6282—compression format for IPv6 datagrams over IEEE 802.15.4-based networks
Tragos EZ, Angelakis V, Fragkiadakis A, Gundlegård D, Nechifor CS, Oikonomou G, Pöhls HC, Gavras A (2014) Enabling reliable and secure IoT-based smart city applications. In: Proceedings of the international conference on pervasive computing and communication workshops (PERCOM’14). IEEE, pp 111–116
Vella M (2014) Nest CEO Tony Fadell on the future of the smart home. TIMES Magazine
Waidner M (1989) Unconditional sender and recipient untraceability in spite of active attacks. In: Proceedings of advances in cryptology (EUROCRYPT’89). Springer, pp 302–319
Waidner M, Pfitzmann B (1990) The dining cryptographers in the disco: unconditional sender and recipient untraceability with computationally secure serviceability. In: Proceedings of the workshop on the theory and application of cryptographic techniques on advances in cryptology (EUROCRYPT ’89), vol 89, pp 690
Weiser M (1993) Some computer science issues in ubiquitous computing. Commun ACM 36(7):75–84
Wolinsky DI, Corrigan-Gibbs H, Ford B, Johnson A (2012) Dissent in numbers: making strong anonymity scale. In: Proceedings of the 10th USENIX conference on operating systems design and implementation, OSDI’12. USENIX Association, pp 179–192
Yao X, Chen Z, Tian Y (2015) A lightweight attribute-based encryption scheme for the Internet of Things. Future Gener Comput Syst 49:104–112
Zolertia (2015) RE-Mote datasheet. Retrieved from https://github.com/Zolertia/Resources/wiki/RE-Mote