2019+ASurveyonHardware-basedSecurityMechanismsforInternetofThings.pdf资源-CSDN文库

需积分: 10 93 浏览量 2020-06-04 16:25:21 上传评论收藏 4.29MB PDF 举报

### 基于硬件的安全机制在物联网中的应用调查 #### 概述随着物联网（IoT）技术的迅速发展，其应用范围已经扩展到了未来智慧城市、工业自动化、智能交通系统以及智能医疗设施等多个领域。然而，这些应用也带来了巨大的安全挑战，可能会导致经济、环境和社会层面的重大影响。本文旨在对物联网领域中的各种安全挑战进行综述，并探讨针对这些挑战的不同领域的攻击及其应对措施。 #### 物联网安全挑战与传统方法局限性传统的物联网安全解决方案大多源自通信网络领域，并没有充分考虑到物联网网络的独特特性，如节点数量庞大、网络异构性以及节点有限的能量、通信和计算能力等。因此，这些传统方法并不完全适用于物联网。其中一个重要的挑战是在大规模物联网网络中利用常见的基于密钥的加密方法时所遇到的问题，例如密钥生成、分配与存储等难题，特别是如何保护这些密钥免受物理攻击。 #### 物理不可克隆函数（PUF）的应用近年来，物理不可克隆函数（Physical Unclonable Functions，简称PUF）作为一种有前景的硬件安全解决方案被广泛应用于物联网身份验证与认证。PUF通过提取设备独特的硬件特征来生成密钥，这为密钥生成提供了一个成本低廉且实用的方法。尽管如此，PUF在用于密钥生成时仍面临一些限制。以下将详细介绍PUF的优势、现有技术以及一个可靠的基于电阻随机存取存储器（ReRAM）的PUF解决方案。 #### PUF的优势 - **独特性**：每个PUF都是独一无二的，基于设备硬件本身的特性，可以作为设备的身份标识。 - **安全性**：由于PUF是基于物理结构的不可复制特性，即使硬件被复制，也无法复制其内部的物理特性，从而提高了安全水平。 - **成本效益**：相比于其他加密方案，PUF实现的成本更低，特别适合资源受限的物联网设备。 - **灵活性**：PUF可以用于多种场景，包括但不限于密钥生成、认证和数据加密等。 #### PUF技术现状目前，PUF技术在以下几个方面取得了进展： - **基于电路的PUF**：利用电路的微小差异生成唯一的响应序列。 - **基于存储器的PUF**：利用存储单元的非理想特性（如ReRAM的不稳定性）来生成密钥。 - **混合PUF**：结合多种PUF技术以提高安全性。 #### 基于ReRAM的PUF解决方案本文提出了一种基于ReRAM的PUF解决方案，该方案利用了ReRAM的非易失性和可编程性特点，能够生成稳定且独特的密钥。ReRAM是一种新兴的非易失性存储技术，具有高速读写、低功耗以及高密度等特点。利用ReRAM单元的随机特性，可以实现高效的密钥生成过程。此外，该方案还考虑了如何解决ReRAM单元的不稳定性问题，以确保密钥的可靠性和一致性。 #### 结论随着物联网技术的发展，基于硬件的安全机制，尤其是PUF技术，在提高物联网安全性方面扮演着越来越重要的角色。通过对现有技术的研究和改进，可以进一步提高PUF的性能和适用性，为物联网提供更强大、更灵活的安全保障。未来的研究方向应该集中在优化PUF的可靠性和鲁棒性上，以适应不断变化的物联网环境。 ### 关键词 - 安全 - 基于硬件的安全 - 物联网 - 物理不可克隆函数（PUF） - 存储器基PUF - ReRAM

资源推荐

资源详情

资源评论

A Survey on Hardware-based Security Mechanisms for Internet of Things

ALIREZA SHAMSOSHOARA, ASHWIJA KORENDA, and FATEMEH AFGHAH,

School of Informatics,

Computing, and Cyber Systems, Northern Arizona University

SHERALI ZEADALLY, College of Communication and Information, University of Kentucky

The vast areas of applications for IoTs in future smart cities, industrial automation, smart transportation systems, and smart health

facilities represent a thriving surface for several security attacks with enormous economic, environmental and societal impacts. This

survey paper presents a review of several security challenges of emerging IoT networks and discusses some of the attacks and their

countermeasures based on dierent domains in IoT networks. Most conventional security solutions for IoT networks are adopted from

communication networks while noting the particular characteristics of IoT networks such as the huge number of nodes, heterogeneity

of the network, and the limited energy, communication, and computation of the nodes, these conventional security methods are not

really adequate. One important challenge toward utilizing common secret key-based cryptographic methods in very large scale IoT

networks is the problem of secret key generation, distribution, and storage in IoT devices and more importantly protecting these secret

keys from physical attacks. Physically unclonable functions (PUFs) are recently utilized as a promising hardware security solution for

identication and authentication in IoT networks. Since PUFs extract the unique hardware characteristics, they potentially oer an

aordable and practical solution for secret key generation. However, several barriers limit the applications of dierent types of PUFs

for key generation purposes. We discuss the advantages of PUF-based key generation methods, review the state-of-the-art techniques

in this eld and propose a reliable PUF-based solution for secret key generation using resistive random-access memories (RERAMs)

embedded in IoTs

CCS Concepts:

• Security and privacy → Security in hardware

;

• Computer systems organization →

Embedded and cyber-

physical systems.

Additional Key Words and Phrases: security, hardware-based security, IoT, physical unclonable functions (PUFs), memory-based PUFs,

key generation, authentication

ACM Reference Format:

Alireza Shamsoshoara, Ashwija Korenda, Fatemeh Afghah, and Sherali Zeadally. 2019. A Survey on Hardware-based Security Mecha-

nisms for Internet of Things. 1, 1 (July 2019), 33 pages.

1 INTRODUCTION

Wireless communication technologies have managed to imprint itself into everyone’s lives through emerging Internet

of Things (IoTs). IoT allows interconnection of billions of objects from tiny sensors to automobiles, and smart phones to

factories and hospitals. IoT systems currently impact dierent aspects of people daily life. Various kinds of information

This material is based upon the work supported by the National Science Foundation under Grant No. 1827753.

Authors’ addresses: Alireza Shamsoshoara, alireza_shamsoshoara@nau.edu; Ashwija Korenda, ashwijakorenda@nau.edu; Fatemeh Afghah, Fatemeh.

Afghah@nau.edu, School of Informatics, Computing, and Cyber Systems, Northern Arizona University, Flagsta, Arizona, Sherali Zeadally, szeadally@

uky.edu, College of Communication and Information, University of Kentucky, Lexington, Kentucky.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not

made or distributed for prot or commercial advantage and that copies bear this notice and the full citation on the rst page. Copyrights for components

of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to

redistribute to lists, requires prior specic permission and/or a fee. Request permissions from permissions@acm.org.

Manuscript submitted to ACM

Manuscript submitted to ACM 1

arXiv:1907.12525v1 [cs.CR] 29 Jul 2019

2 Shamsoshoara and Korenda, et al.

including location information, medical information, and etc are constantly gathered by sensors and dierent electronic

and tracking devices [

]. Some examples include using smart watches to set the credit cards with the cell phone’s

NFC interface to stimulate a transaction protocol and reduce the required time for shopping [

]; using IoT-based

remote health monitoring systems to gather information from patients in a short time and inform the physicians

to take timely actions [

]. Figure 1 demonstrates various applications of IoT systems in our day-to-day life. While

IoT networks have improved the quality of life in many levels and opened up a path for several new services, due

to the power and computing limitation, high mobility, and the dynamic nature of the network, security threats and

attacks can rapidly propagate throughout the entire network [

]. One key challenge in IoT networks is the lack of

a unied security, identication and authentication standard, while new products and technologies come to market

every day without paying enough attention to the potential security threats. Besides the security challenges, there are

several other concerns regarding the large scale IoT networks in terms of data fusion and data management, complexity,

spectrum scarcity, and so on [

145

–

147

150

169

170

189

]. Moreover, several recent IoT technologies are still

based on IPV4 for addressing which compromises the scalability of these networks.

Fig. 1. Some examples of IoT applications

The attacks on IoTs are usually intentional attacks by hackers who silently eavesdrop the communications between

the nodes and gather condential information or intrude themselves in the network and tamper with the sensitive

information that can potentially result in failure of the entire system. According to Symantec [

123

], cyber-criminals

progressively target IoT devices since they are developing and expanding rapidly. The number of IoT attacks increased

by 600% in 2017 compared to 2016 [

123

]. In 2018, there was an increase of 217.5% from 2017 with 32.7 million IoT attacks.

Ransomware is one of the growing malwares, in which the attacker uses Bitcoin or prepaid credit cards to demand

Manuscript submitted to ACM

A Survey on Hardware-based Security Mechanisms for Internet of Things 3

money, where they do not need to decrypt the public or private keys for stealing cards information [

117

172

]. For

instance, in the earlier months of 2017, a number of individuals and businesses around the world were aected by two

huge ransomware attacks, followed by a variant called "Wanacry" which aected 300,000 computers. Petya is another

version of the Ransomware attack, which exploited the existence of a third party software to spread and grow itself

in the networks [

139

181

]. The prevalence of this malware started from Ukraine, where 12,500 computers were

aected. According to Microsoft, this malware has been outspread by using a third-party application [

]. Dyn cyber

attack in 2016 that caused distributed denial of service (DDoS) for several Internet platforms and services in Europe

and North America was also a result of insucient security at the IoT nodes [

]. These attacks have even penetrated

into remote health monitoring systems. An article published in the Journal of the American College of Cardiology in

February 2018, conrms that cardiac devices can be attacked by hackers leading to severe consequences or even death

in some cases [8].

There are several factors contributing to the immense security vulnerability of IoTs including the limited energy

available at IoT nodes, their low computational capability, the huge number of available nodes in the network as well as

the heterogeneous nature of the network [

137

]. These characteristics, in particular, the number of connected devices,

often result in inecient performance of conventional security mechanisms. By 2020, it is expected that about 31 billion

IoT devices will be connected to the Internet, which drastically increases the need for advanced security mechanisms

for IoT. These devices need to communicate with each other to transmit the data they collected or received from other

devices and intelligently respond and react to the received information. Therefore, it is crucial that information is

received from and sent to an authenticated user. Figure 2a shows a few examples of IoT devices connected to the

Internet, which can be controlled using the users’ cellphones or smart watches. If these devices are hacked, it can

interrupt the users’ daily life. For example, the user may not be able to use his/her car or even the hacker can induce

a heart attack for the users with implanted pacemakers. Figure 2b shows an example of an attack on an IoT device

that allows remote control over a smart home, a car navigation system and a remote heart monitoring system for a

patient with a pacemaker. The goal of the attacker is to interrupt the communications between dierent IoT nodes and

to manipulate the data being sent, by extracting the cryptographic key. In such scenarios, tamper detection circuits are

needed to prevent the attacks, but these are infeasible in low-power IoT nodes.

The security challenges in IoTs can be broadly classied into identication, authentication, encryption, condentially,

jamming, cloning, hijacking, and privacy. Encryption has been widely used by several mechanisms in order to send

their messages without the risk of being understood by the hackers. Encrypting messages does not allow the hackers to

have access to the messages and eliminates the risk of data manipulation. Hence, cryptographic methods play a crucial

role in the security of IoT systems. Well-known cryptographic mechanisms include Public Key Infrastructure (PKI),

Advanced Encryption Etandard (AES), Data Encryption Standard (DES), and Elliptic Curve Cryptography (ECC) rely on

cryptographic keys [

143

]. In PKI-based systems, there are two sets of keys for each user, private and public keys.

The private keys need to be kept secret while the public keys can be known by everyone. If one key is used to encrypt a

message, the other key needs to be used in order to decrypt the message. These secret (private) cryptographic keys are

expected to be robust, reliable and reproducible and they are usually stored in the Non-Volatile Memory (NVM) of the

devices. However, the NVMs are highly susceptible to physical attacks.

The cryptographic keys are sensitive information and therefore, several mechanisms have been developed to protect

these keys. White Box Cryptography (WBC) is a software based solution to protect these keys and allow secure

distribution of valuable information [

]. WBC requires high processing power and memory and is only applicable to

symmetric cryptographic methods; therefore, it will not be a competing candidate for the security of IoT networks. In

Manuscript submitted to ACM

4 Shamsoshoara and Korenda, et al.

(a) An example of an IoT system with access to a smart home, a

car and a remote health monitoring. (b) IoT environment aacked by a hacker.

Fig. 2. IoT environment with and without existence of an aacker

Table 1. Dierences between hardware- and soware-based security

Hardware-based security Software-based security

Circuitry Requires dedicated hardware and processor Does not require new hardware

Cost Expensive Inexpensive

Power Requires extra power for hardware No extra power is required

Updates Hard to update in order to accommodate new security threats Easy to update to accommodate new security threats

Load on host Processor No extra load Extra load which might compromise eciency

Key Protection Protected by crypto-hardware No protection for keys

Vulnerability Dicult to extract the key Easy to decode the algorithm and extract the key

addition, RSA encryption keys are stored on a specialized chip called trusted platform modules, introduced in [

], on

an endpoint device (client device) to allow secured encryption. Physical computing devices called Hardware Security

Modules (HSM) were designed to safeguard and manage digital keys. HSM requires programming equipment and

interfaces to allow fast data transfer. Since the number of IoT devices is increasing rapidly, key management including

key generation, key distribution and key storage in large-scale IoT networks is a major challenge in security of IoTs.

In general, there are two types of software-based, and hardware-based mechanisms to protect IoT devices from

various attacks. Software-based security mechanisms rely solely on software to protect their messages. As they are

based on algorithms, it may be easier to decode the algorithm to extract the secret keys. Therefore, these security

mechanisms are vulnerable to many attacks such as malware, phishing, DoS, etc. In software-based security mechanisms,

the keys are stored in the NVM of the devices which are prone to attacks. Though software-based security systems

were eective all these years, the advancement in hardware and computers may allow the hackers to break the systems

such as using quantum computers. Hardware-based security uses a dedicated hardware integrated circuit or processor

to perform cryptographic functions and store the keys. They can prevent read-and-write access to data and oer a

stronger protection against various attacks. However, hardware-based security is prone to man-in-the-middle attacks.

The hardware-based mechanisms such as HSM have been used for crypto processing and strong authentication where

it can encrypt, decrypt, store, and manage digital keys. HSM has been used alongside software mechanisms such as PKI,

AES to encrypt their messages [14].

Manuscript submitted to ACM

A Survey on Hardware-based Security Mechanisms for Internet of Things 5

Physically unclonable functions (PUFs) are a hardware-based security primitive introduced in 2002 [

]. The PUF

utilizes the intrinsic manufacturing variations in a device to generate a ngerprint of the hardware that oers the

valuable advantage of unclonability. This means that the device cannot be cloned even when a hacker has physical

access to the device. Therefore, the PUFs are unique to their device and can be used as a security primitive to enable

device-based identication, authentication, and secret key generation.

PUFs can provide a low cost alternative solution for on-demand generation of cryptographic keys from the device

rather than the conventional methods, where the secret keys are produced and distributed by the server and stored in

the IoT device memories [37].

The data derived from PUFs is often highly sensitive to environmental changes and the physical conditions where

the device is being tested. In other words, the readings from the PUFs are not perfectly reproducible. Therefore, dierent

types of PUFs have been used for the purpose of identication and authentication of devices, where a certain margin

of error rate is tolerable. However, even a small amount of variation in the PUF’s responses in dierent conditions

can prevent them from being utilized in key generation because the key used for encryption needs to be perfectly

reproducible to decrypt the messages.

1.1 Review of Recent Relevant Survey Papers and the Contributions of this Paper

This survey aims to focus on the applicability of PUFs-based hardware security for key generation and authentication

of IoT devices. The paper oers a unique and timely survey compared to existing survey papers in the literature

by investigating the role of PUFs in IoT security, in particular providing an additional level of security to common

key-based cryptographic methods to generate the keys from the devices. In 2018, authors of [

] discuss the standards

of wireless communication in Cyber Physical Systems (CPS) and IoT and focus on security of these systems. The paper

does not study the physical side channel attacks in implementation of security mechanisms for these systems. The paper

explains in detail, the various wireless communication standards and protocols. Later, it briey reviews the security

threats in IoT and CPS domains and concludes the paper with recommendations on careful selection of devices from

sensors to routers, and auditing the systems using dedicated third party surveillance technologies. The paper does not

address the problems in identifying malicious nodes and authenticating known users in the network. In [

178

], several

recent challenges are identied as a result of the introduction of IoT and CPS systems are discussed. This work focuses

on dierent attacks and threats for these systems as well as challenges related to implementation of CPS and IoT in the

wireless network.

In [

], the security and privacy challenges of IoT in general and possible attacks in dierent layers of IoT devices

were discussed. In particular, this paper discusses the security challenges of fog/edge computing-based IoT. In [

the use of information-centric networking (ICN) as a possible protocol for addressing IoT devices was introduced.

This paper stresses on the need for larger and permanent naming scheme and addressing space for IoT contents and

devices. ICN-based solutions for IoTs were discussed along with classication of ICN-IoT architecture into naming,

caching, security and mobility elds for applicability of ICN for IoTs. The authors also provided a detailed survey on ICN

based caching, naming, security, and mobility approaches for IoTs. In [

], the authors identify dierent protocols and

mechanisms to secure communications in IoT and the security weaknesses of IoT at dierent layers of communication.

In [

], the authors discussed the use of programmable hardware such as FPGAs in network infrastructure security.

This paper highlighted the role of hardware-based mechanisms to address some of the challenges in software-based

methods, as well as the potential challenges due to the rising demands of intensive analysis and real time operation for

sequential processing.

Manuscript submitted to ACM

剩余32页未读，继续阅读

评论收藏

内容反馈

元辰辰辰辰辰辰

粉丝: 54
资源: 76

2019+A Survey on Hardware-based Security Mechanisms for Internet...

最新资源

2019+A Survey on Hardware-based Security Mechanisms for Internet...

2019+Memristors for Hardware Security Applications.pdf

A General Survey on Attention Mechanisms in Deep Learning.pdf

《Study of Security Mechanisms inside Linux Kernel 》.pdf

K. H. Hunt-Kinematic Geometry of Mechanisms

Machines-and-Mechanisms 4th Edition.pdf

JEDEC JEP122H-2016 Failure Mechanisms And Models For Semiconductor Devices - 完整英文版（111页）.pdf

Internet of Things in Industries: A Survey

Graph-based Knowledge Representation: Computational Foundations of Conceptual Graphs

NSX-T hol-2026-01-net_pdf_en.pdf

java-security-mechanisms-code.rar_java security

Mcgraw-Hill-Robot.Mechanisms.And.Mechanical.Devices.Illustrated-(2003)

SAE-2020-J3101-硬件安全标准.pdf

jwts-not-safe-e-book.pdf

A Comprehensive Survey on Transfer Learning.pdf

NIST SP800-175B.pdf

lorawan_security_whitepaper.pdf

internet-of-things

security the internet of things

elasticsearch-py-readthedocs-io-en-7.7.1.pdf

2018英国物联网安全大会PPT汇总（21份）.zip - 访问管理

Packt.Hands-On.Spring.Security.5.for.Reactive.Applications

thymeleaf-extras-eclipse-plugin-2.1-master.zip

Go in Practice.pdf

The Indispensable PC Hardware Book - rar - part1. (1/7)

ISC2019文档.7z

最新资源