POTENTIAL APPLICATION OF HARDWARE PROTECTED SYMMETRIC AUTHENTICATION MICROCIRCUITS TO ENSURE THE SECURITY OF INTERNET OF THINGS
Main Article Content
Abstract
The paper objective is to determine the basic schemes and their characteristics for ensuring the security of Internet of Things nodes using symmetric authentication cryptographic microcircuits. The main results that had been obtained by using method of structural and functional design represent potentially possible options for using symmetric authentication cryptomicrocircuits to ensure the protection of Internet of Things nodes. The analysis of the presented schemes’ functioning made it possible to form the following conclusions. The host-side private key storage authentication scheme provides a fast symmetric authentication process, but requires secure storage of the private key on the host side. The simplest authentication scheme without storing a secret key on the host side, which does not imply the use of a cryptographic chip on the host side, provides a fast symmetric authentication process, but has a relatively low cryptographic strength, since the interaction in the system is performed without a random component in cryptographic transformations, which assumes constant the nature of requests in the system, and, consequently, the possibility of cryptanalysis of messages. To increase the cryptographic strength of such a scheme, it is advisable to introduce into the interaction system a random component in cryptographic transformations and use additional hashing procedures with an intermediate key, which leads to the complication of the scheme due to double hashing, but significantly increases the level of information security of IoT nodes. Downloading software in the system is implemented using secret encryption and authentication keys, which are permanently stored in the secure non-volatile memory of cryptographic chips of IoT nodes. In this case, session keys for encrypting the firmware code or decrypting it are generated on the client and host side, respectively. This approach allows creating unique downloads of the original firmware code (application) by preventing cryptanalysts from obtaining its images and algorithms. The peculiarity of the scheme of exchange of symmetric session encryption keys of messages are: use of a secret key stored on the side of the host and the client; the determination of the session key is performed as a result of hashing a random number with a secret key, that is, the exchange of the session key is performed in an encrypted secure form.
Article Details
References
Burg, A., Chattopadhyay, A. and Lam, K. (2018), “Wireless Communication and Security Issues for Cyber-Physical Systems and the Internet-of-Things”, Proc. IEEE, no. 106, pp. 38–60.
CryptoAuthentication™ Family. URL: https://www.microchip.com/en-us/products/security-ics/cryptoauthentication-family.
David J., Wu, Ankur, Taly, Asim, Shankar and Dan, Boneh Privacy, (2017), “Discovery, and Authentication for the Internet of Things”, Computer Science. Cryptography and Security, URL: https://arxiv.org/abs/1604.06959.
Eustace, Asanghanwa and Ronald, Ih. (2020), Security for Intelligent, Connected IoT Edge Nodes. White Paper,
Security ICs, CryptoAuthentication Marketing, URL: https://www.microchip.com/content/dam/mchp/documents/OTH/
ProductDocuments/SupportingCollateral/Atmel-8994-Security-for-Intelligent-Connected-IoT-Edge-Nodes_Whitepaper.pdf.
Froiz-Míguez, I., Fernández-Caramés, T.M., Fraga-Lamas, P. and Castedo L. (2018), “Design, Implementation and Practical Evaluation of an IoT Home Automation System for Fog Computing Applications Based on MQTT and ZigBee-WiFi Sensor Nodes”, Sensors, no. 18(8), 42 p., DOI: https://doi.org/10.3390/s18082660.
Lo’ai, Tawalbeh, Fadi, Muheidat, Mais, Tawalbeh and Muhannadm Quwaider (2020), “IoT Privacy and Security: Challenges and Solutions”, Appl. Sci., no. 10(12), 17 p., DOI: https://doi.org/10.3390/app10124102.
Mostafa, Yavari, Masoumeh, Safkhani, Saru, Kumari, Sachin, Kumar and Chien-Ming, Chen (2020), “An Improved Blockchain-Based Authentication Protocol for IoT Network Management”, Security and Communication Networks, article ID 8836214, 16 p., DOI: https://doi.org/10.1155/2020/8836214.
Rainer, Falk and Steffen, Fries (2016), “Advanced Device Authentication: Bringing Multi-Factor Authentication and Continuous Authentication to the Internet of Things”, CYBER 2016: The First International Conference on Cyber-Technologies and Cyber-Systems, Germany, pp. 69–74.
Zongqing, Tian, Biwei, Yan, Qiang, Guo, Jianyun, H. and Qingyu Du (2020), “Feasibility of Identity Authentication for IoT Based on Blockchain”, Procedia Computer Science, vol. 174, pp. 328–332, DOI: https://doi.org/10.1016/j.procs.2020.06.094.
Asangkhanva. Yu, Yi. R. and Syrov, A. (2019), “Improving the security level of the edge nodes of the IoT using microchip ATECC608A chips”, Electronics NTB, no. 7 (00188), p. 60-64, DOI: https://doi.org/10.22184/1992-4178.2019.188.7.60.64.
Gnusov, Y. B., Klimushin, P. S., Kolisnyk, T. P. and Mozhayev, M. O. (2020), “Analysis of microcontroller modeling systems with additional modules of cryptographic information protection”, Bulletin of the National Technical University "KhPI", no. 1 (3), pp. 79–84, DOI: https://doi.org/10.20998/2079-0023.2020.01.14.
Gorbenko, Y. I., Grinenko, T. O. and Narezhniy, O. P. (2015), “Analysis of statistical properties of the hardware generator of random sequences”, Collection of scientific works of Kharkiv University of the Air Force, no. 4 (45), pp. 74–77.
Gorbovsky, A. I. and Voitovich, O. P. (2020), Internet safety research, URL: http://ir.lib.vntu.edu.ua/bitstream/handle/12345
/17277/2805.pdf?sequence=3 pdf.
Krivchenko, I. (2015), “Hardware-protected chips of the CryptoAuthentication family: potential applications of ATSHA204A”, Components and technologies. no. 10, pp. 60–65.
Crinon, G. (2018), Internet of Things security: existing problems and their solutions, URL: https://controleng.ru/wp-content/uploads/In_08.pdf (accessed 21.05.2021).
Petrenko, A. B., Shmatok, O. S. and Ageenko, E. A. (2014), “Analysis of time attacks on the hardware encoder of the personal means of cryptographic protection of information SHIPKA”, Science-intensive technologies, no. 2 (22), pp. 187–191.
Puleko, I. V. and Chumakevich, V. O. (2021), IoT sensors with time representation of measuring information, URL: https://conf.ztu.edu.ua/wp-content/uploads/2019/06/44.pdf.
Sovin, Y. R., Nakonechny, Y. M., Opirsky, I. R. and Stakhiv, M. Yu. (2018), “Analysis of hardware support for cryptography in IoT devices”, Ukrainian Scientific Journal of Information Security, vol. 24, issue 1, pp. 36–48.
Shlykov, D. I. (2018), “About the fast implementation of the AES cipher in the Sdicrypt library”, Information systems. no. 3 (53), pp. 34–40.