Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Efficient Security Protocols for Constrained Devices

Gunnarsson, Martin LU (2023) In EIT series of licentiate and doctoral theses
Abstract
During the last decades, more and more devices have been connected to the Internet.
Today, there are more devices connected to the Internet than humans.
An increasingly more common type of devices are cyber-physical devices.
A device that interacts with its environment is called a cyber-physical device.
Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.

Devices connected to the Internet risk being compromised by threat actors such as hackers.
Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.
Cyber attacks against... (More)
During the last decades, more and more devices have been connected to the Internet.
Today, there are more devices connected to the Internet than humans.
An increasingly more common type of devices are cyber-physical devices.
A device that interacts with its environment is called a cyber-physical device.
Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.

Devices connected to the Internet risk being compromised by threat actors such as hackers.
Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.
Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.

Many cyber-physical devices are categorized as constrained devices.
A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.
Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.
Devices must be efficient to make the most of the limited resources.

Mitigating cyber attacks is a complex task, requiring technical and organizational measures.
Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.
In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.

We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.
These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.

Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.
In our work, we present a novel attack against the protocol.

We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.
Using a state synchronization protocol, we propagate state changes between the digital and physical twins.
The Digital Twin can then monitor and manage devices.

We have also designed a protocol for secure ownership transfer of constrained wireless devices.
Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.
With a formal protocol verification, we can guarantee the security of both the old and new owners.

Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.
PSA allows devices to send encrypted measurements to an aggregator.
The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.
No party will learn the measurement except the device that generated it.
(Less)
Please use this url to cite or link to this publication:
author
supervisor
opponent
  • Prof. Delsing, Jerker, Luleå University of Technology, Sweden.
organization
publishing date
type
Thesis
publication status
published
subject
in
EIT series of licentiate and doctoral theses
issue
154
pages
258 pages
publisher
Dpt. of Electrical and Information Technology, Lund University, Sweden
defense location
Lecture Hall E:1406, building E, Ole Römers väg 3, Faculty of Engineering LTH, Lund University, Lund. The dissertation will be live streamed, but part of the premises is to be excluded from the live stram.
defense date
2023-03-21 09:15:00
ISSN
1654-790X
1654-790X
ISBN
978-91-8039-570-0
978-91-8039-571-7
language
English
LU publication?
yes
id
1181618e-09b0-4b58-be7e-446db605aeda
date added to LUP
2023-02-23 14:23:47
date last changed
2023-02-28 10:25:05
@phdthesis{1181618e-09b0-4b58-be7e-446db605aeda,
  abstract     = {{During the last decades, more and more devices have been connected to the Internet.<br/>Today, there are more devices connected to the Internet than humans.<br/>An increasingly more common type of devices are cyber-physical devices.<br/>A device that interacts with its environment is called a cyber-physical device.<br/>Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.<br/><br/>Devices connected to the Internet risk being compromised by threat actors such as hackers.<br/>Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.<br/>Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.<br/><br/>Many cyber-physical devices are categorized as constrained devices.<br/>A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.<br/>Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.<br/>Devices must be efficient to make the most of the limited resources.<br/><br/>Mitigating cyber attacks is a complex task, requiring technical and organizational measures.<br/>Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.<br/>In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.<br/><br/>We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.<br/>These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.<br/><br/>Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.<br/>In our work, we present a novel attack against the protocol.<br/><br/>We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.<br/>Using a state synchronization protocol, we propagate state changes between the digital and physical twins.<br/>The Digital Twin can then monitor and manage devices.<br/><br/>We have also designed a protocol for secure ownership transfer of constrained wireless devices. <br/>Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.<br/>With a formal protocol verification, we can guarantee the security of both the old and new owners.<br/><br/>Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.<br/>PSA allows devices to send encrypted measurements to an aggregator.<br/>The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.<br/>No party will learn the measurement except the device that generated it.<br/>}},
  author       = {{Gunnarsson, Martin}},
  isbn         = {{978-91-8039-570-0}},
  issn         = {{1654-790X}},
  language     = {{eng}},
  month        = {{02}},
  number       = {{154}},
  publisher    = {{Dpt. of Electrical and Information Technology, Lund University, Sweden}},
  school       = {{Lund University}},
  series       = {{EIT series of licentiate and doctoral theses}},
  title        = {{Efficient Security Protocols for Constrained Devices}},
  url          = {{https://lup.lub.lu.se/search/files/138720105/martin_gunnarsson_avhandling.pdf}},
  year         = {{2023}},
}