The Internet of Things: Perspectives on Security from RFID and WSN

A massive current research effort focuses on combining pre-existing 'Intranets' of Things into one Internet of Things. However, this unification is not a panacea; it will expose new attack surfaces and vectors, just as it enables new applications. We therefore urgently need a model of security in the Internet of Things. In this regard, we note that IoT descends directly from pre-existing research (in embedded Internet and pervasive intelligence), so there exist several bodies of related work: security in RFID, sensor networks, cyber-physical systems, and so on. In this paper, we survey the existing literature on RFID and WSN security, as a step to compiling all known attacks and defenses relevant to the Internet of Things.

[1]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[2]  Michael D. Smith,et al.  A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography , 2004, 2004 First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004..

[3]  Dan Suciu,et al.  Physical Access Control for Captured RFID Data , 2007, IEEE Pervasive Computing.

[4]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[5]  Markus G. Kuhn,et al.  Attacks on time-of-flight distance bounding channels , 2008, WiSec '08.

[6]  Yang Yu,et al.  Query privacy in wireless sensor networks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[7]  Mikhail Nesterenko,et al.  RFID security without extensive cryptography , 2005, SASN '05.

[8]  David A. Wagner,et al.  Privacy for RFID through trusted computing , 2005, WPES '05.

[9]  Günter Karjoth,et al.  Disabling RFID tags with visible confirmation: clipped tags are silenced , 2005, WPES '05.

[10]  Tim Kerins,et al.  An Elliptic Curve Processor Suitable For RFID-Tags , 2006, IACR Cryptol. ePrint Arch..

[11]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[12]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[13]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[14]  Wade Trappe,et al.  Enhancing Source-Location Privacy in Sensor Network Routing , 2005, ICDCS.

[15]  Tassos Dimitriou,et al.  A secure and efficient RFID protocol that could make big brother (partially) obsolete , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[16]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[17]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[18]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[19]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[20]  David A. Wagner,et al.  Security in wireless sensor networks , 2004, SASN '04.

[21]  Weisong Shi,et al.  Preserving source location privacy in monitoring-based wireless sensor networks , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[22]  Mukesh Singhal,et al.  Security in wireless sensor networks , 2008, Wirel. Commun. Mob. Comput..

[23]  ChienHung-Yu,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007 .

[24]  Richard R. Brooks Handbook of Sensor Networks: Compact Wireless and Wired Sensing Systems , 2008 .

[25]  Xue Liu,et al.  PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[26]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[27]  Liang Zhang,et al.  Organizational memory: reducing source-sink distance , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

[28]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[29]  Ari Juels,et al.  Soft blocking: flexible blocker tags on the cheap , 2004, WPES '04.

[30]  Sencun Zhu,et al.  Towards event source unobservability with minimum network traffic in sensor networks , 2008, WiSec '08.

[31]  Levente Buttyán,et al.  Optimal Key-Trees for Tree-Based Private Authentication , 2006, Privacy Enhancing Technologies.

[32]  Andrew S. Tanenbaum,et al.  Is your cat infected with a computer virus? , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[33]  Flavio D. Garcia,et al.  A Practical Attack on the MIFARE Classic , 2008, CARDIS.

[34]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[35]  David E. Culler,et al.  SPINS: Security Protocols for Sensor Networks , 2001, MobiCom '01.

[36]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[37]  KobsaAlfred,et al.  Privacy through pseudonymity in user-adaptive systems , 2003 .

[38]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[39]  Sajal K. Das,et al.  Privacy preservation in wireless sensor networks: A state-of-the-art survey , 2009, Ad Hoc Networks.

[40]  Flavio D. Garcia,et al.  Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research , 2012 .

[41]  Yunhao Liu,et al.  Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems , 2007, PerCom.

[42]  Sozo Inoue,et al.  RFID Privacy Using User-Controllable Uniqueness , 2003 .

[43]  David A. Wagner,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Ad Hoc Networks.

[44]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[45]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[46]  Shivakant Mishra,et al.  Decorrelating wireless sensor network traffic to inhibit traffic analysis attacks , 2006, Pervasive Mob. Comput..

[47]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[48]  Aikaterini Mitrokotsa,et al.  Classification of RFID Attacks , 2008, IWRT.

[49]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[50]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[51]  Marc Langheinrich,et al.  Practical Minimalist Cryptography for RFID Privacy , 2007, IEEE Systems Journal.

[52]  Marc Langheinrich,et al.  A survey of RFID privacy approaches , 2009, Personal and Ubiquitous Computing.

[53]  Bart Preneel,et al.  Location verification using secure distance bounding protocols , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..

[54]  Sarah Spiekermann,et al.  Maintaining Privacy in RFID Enabled Environments , 2005 .

[55]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[56]  Marc Langheinrich,et al.  Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols , 2004, UCS.

[57]  Mohsen Guizani,et al.  Two Tier Secure Routing Protocol for Heterogeneous Sensor Networks , 2007, IEEE Transactions on Wireless Communications.

[58]  Kui Ren,et al.  DP²AC: Distributed Privacy-Preserving Access Control in Sensor Networks , 2009, IEEE INFOCOM 2009.

[59]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[60]  Tsuyoshi Takagi,et al.  An Efficient and Secure RFID Security Method with Ownership Transfer , 2006, 2006 International Conference on Computational Intelligence and Security.

[61]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[62]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[63]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[64]  Wensheng Zhang,et al.  GP^2S: Generic Privacy-Preservation Solutions for Approximate Aggregation of Sensor Data (concise contribution) , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[65]  Hrishikesh B. Acharya,et al.  The best keying protocol for sensor networks , 2011, 2011 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[66]  Alfred Kobsa,et al.  Privacy through pseudonymity in user-adaptive systems , 2003, TOIT.

[67]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, ACM Trans. Inf. Syst. Secur..

[68]  Emily Kimbrough So near and yet so far , 1955 .