论文信息 - Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments

Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments

An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-toend security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.

[1] Nasir D. Memon,et al. Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis , 2017, NDSS.

[2] Martin Henze,et al. Accounting for Privacy in the Cloud Computing Landscape , 2018 .

[3] Franklin Heath. LPWA Technology Security Comparison A White Paper from Franklin Heath Ltd , 2017 .

[4] Other Contributors Are Indicated Where They Contribute. The Eclipse Foundation , 2017 .

[5] Reijo Savola,et al. Mitigating IoT security threats with a trusted Network element , 2016, 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST).

[6] Georg Carle,et al. DTLS based security and two-way authentication for the Internet of Things , 2013, Ad Hoc Networks.

[7] George Danezis,et al. Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[8] George Danezis,et al. A Survey of Anonymous Communication Channels , 2008 .

[9] Sylvia Ratnasamy,et al. Droplet: Decentralized Authorization for IoT Data Streams , 2018, ArXiv.

[10] Earlence Fernandes,et al. Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[11] Klaus Wehrle,et al. Website Fingerprinting at Internet Scale , 2016, NDSS.

[12] Ian Goldberg,et al. Changing of the guards: a framework for understanding and improving entry guard selection in tor , 2012, WPES '12.

[13] Nick Mathewson,et al. Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[14] Yanina Protskaya,et al. An anonymization protocol for the Internet of Things , 2017, 2017 International Symposium on Wireless Communication Systems (ISWCS).

[15] Yi Zhou,et al. Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[16] Andriy Panchenko,et al. Multipathing Traffic to Reduce Entry Node Exposure in Onion Routing , 2019, 2019 IEEE 27th International Conference on Network Protocols (ICNP).

[17] Micah Sherr,et al. Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[18] Ahmed Nait-Sidi-Moh,et al. Using Internet of Things Technologies for a Collaborative Supply Chain: Application to Tracking of Pallets and Containers , 2015, FNC/MobiSPC.

[19] Riccardo Bonetto,et al. Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[20] Jorge Sá Silva,et al. End-to-end transport-layer security for Internet-integrated sensing applications with mutual and delegated ECC public-key authentication , 2013, 2013 IFIP Networking Conference.

[21] Abhishek Javali,et al. IoT based localization and tracking , 2017, 2017 International Conference on IoT and Application (ICIOT).

[22] R. K. Bunkar,et al. Data Security and Privacy Protection Issues in Cloud Computing , 2014 .

[23] Bryan Ford,et al. Peer-to-Peer Communication Across Network Address Translators , 2005, USENIX Annual Technical Conference, General Track.

[24] Klaus Wehrle,et al. Distributed Configuration, Authorization and Management in the Cloud-Based Internet of Things , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[25] Prabal Dutta,et al. The Internet of Things Has a Gateway Problem , 2015, HotMobile.

[26] N. B. Anuar,et al. The rise of "big data" on cloud computing: Review and open research issues , 2015, Inf. Syst..

[27] Haw-Yun Shin,et al. The Study and Application of the IoT in Pet Systems , 2013, IOT 2013.

[28] David Chaum,et al. Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[29] Sebastian Hudert,et al. Utilising the Tor Network for IoT Addressing and Connectivity , 2018, CLOSER.

[30] Tao Wang,et al. Effective Attacks and Provable Defenses for Website Fingerprinting , 2014, USENIX Security Symposium.

[31] Marimuthu Palaniswami,et al. Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[32] Ian Goldberg,et al. Improving Tor using a TCP-over-DTLS Tunnel , 2009, USENIX Security Symposium.

[33] Óscar García-Morchón,et al. End-to-End Transport Security in the IP-Based Internet of Things , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[34] Lei Yang,et al. Hide Your Hackable Smart Home from Remote Attacks: The Multipath Onion IoT Gateways , 2018, ESORICS.

[35] Paul F. Syverson,et al. Hiding Routing Information , 1996, Information Hiding.

[36] Siarhei Kuryla,et al. RPL: IPv6 Routing Protocol for Low power and Lossy Networks , 2010 .

[37] Jürgen Schönwälder,et al. Management of resource constrained devices in the internet of things , 2012, IEEE Communications Magazine.

[38] Klaus Wehrle,et al. Delegation-based authentication and authorization for the IP-based Internet of Things , 2014, 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[39] U Moeller,et al. Mixmaster Protocol Version 2 , 2004 .

[40] Alex Biryukov,et al. Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization , 2013, 2013 IEEE Symposium on Security and Privacy.

[41] Klaus Wehrle,et al. Towards In-Network Security for Smart Homes , 2018, ARES.

[42] Klaus Wehrle,et al. CloudAnalyzer: Uncovering the Cloud Usage of Mobile Apps , 2017, MobiQuitous.

[43] Nick Feamster,et al. Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[44] David E. Culler,et al. JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT , 2019, USENIX Security Symposium.

[45] Dave Levin,et al. Ting: Measuring and Exploiting Latencies Between All Tor Nodes , 2015, Internet Measurement Conference.

[46] Christian Brecher,et al. Dataflow Challenges in an Internet of Production: A Security & Privacy Perspective , 2019, CPS-SPC@CCS.

[47] Ludwig Seitz,et al. S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things , 2016, IEEE Transactions on Automation Science and Engineering.

[48] Klaus Wehrle,et al. Analysis of Fingerprinting Techniques for Tor Hidden Services , 2017, WPES@CCS.

[49] Christian Brecher,et al. Towards an Infrastructure Enabling the Internet of Production , 2019, 2019 IEEE International Conference on Industrial Cyber Physical Systems (ICPS).

[50] Brijesh Joshi,et al. Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[51] Wu He,et al. Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[52] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[53] Hanno Wirtz,et al. Tailoring end-to-end IP security protocols to the Internet of Things , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[54] Peter Palfrader,et al. Mixmaster protocol --- version 2 , 2000 .

[55] Nick Feamster,et al. A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.