Extending hybrid approach to secure Trivial File Transfer Protocol in M2M communication: a comparative analysis

AbstractEmbedded Machine-to-Machine (M2M) is one of the hottest research topics in recent industrial Internet of Things. In order to serve the communication to effectively transfer data and messages between machines, the system must incorporate a file transfer protocol, known as Trivial File Transfer Protocol (TFTP). However, the main constraint is lack of security mechanism during TFTP Client–Server communication whereby its reliability is questionable as the protocol does not support any authentication or encryption methods, also provide no access control and zero protection from Man-In-The-Middle. Hence, in order to enhance the protocol security, hybrid security approach combining Diffie Hellman Key Exchange (DHKE) scheme and Advanced Encryption Standard symmetric encryption algorithm are proposed to be integrated into TFTP packet header. In this work, we present a performance comparison of three different protocols: the original TFTP protocol, TFTP protocol with single security extension, and our proposed TFTP protocol integrated with hybrid security approach to analyse the effectiveness of the method. The finding demonstrates that our proposed secure TFTP protocol generates comparable execution time as when implementing single encryption option, also more reliable to be used in the commercial system especially for low-cost M2M embedded infrastructure.

[1]  Saed Alrabaee,et al.  Using model checking for Trivial File Transfer Protocol validation , 2014, Fourth International Conference on Communications and Networking, ComNet-2014.

[2]  K. Rasool Reddy,et al.  GUI implementation of image encryption and decryption using Open CV-Python script on secured TFTP protocol , 2018 .

[3]  Ramlan Mahmod,et al.  Cryptographic Adversary Model: Timing and Power Attacks , 2015 .

[4]  George Suciu,et al.  Network management and monitoring using M2M sensor systems , 2014, 2014 IEEE 20th International Symposium for Design and Technology in Electronic Packaging (SIITME).

[5]  Yuqing Zhang,et al.  TFTP vulnerability finding technique based on fuzzing , 2008, Comput. Commun..

[6]  Nei Kato,et al.  Internet of Things (IoT): Present State and Future Prospects , 2014, IEICE Trans. Inf. Syst..

[7]  Bashir Alam,et al.  Diffie-Hellman Key Exchange Protocol with Entities Authentication , 2017 .

[8]  Jamalul-lail Ab Manan,et al.  Integrity Verification Architecture (IVA) Based Security Framework for Windows Operating System , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[9]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[10]  Michel Barbeau,et al.  Detecting Impersonation Attacks in Future Wireless and Mobile Networks , 2005, MADNES.

[11]  Gary Scott Malkin,et al.  TFTP Blocksize Option , 1998, RFC.

[12]  Nan Li,et al.  Research on Diffie-Hellman key exchange protocol , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[13]  Gary Scott Malkin,et al.  TFTP Option Extension , 1998, RFC.

[14]  Jamalul-lail Ab Manan,et al.  A Secure TFTP Protocol with Security Proofs , 2014, ArXiv.

[15]  Eun-Jun Yoon,et al.  An Efficient Diffie-Hellman-MAC Key Exchange Scheme , 2009, 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC).

[16]  Christof Paar,et al.  Understanding Cryptography: A Textbook for Students and Practitioners , 2009 .

[17]  H. Hashim,et al.  A lightweight and secure TFTP protocol for smart environment , 2012, 2012 International Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[18]  Yusnani Mohd Yussoff,et al.  Symmetric encryption using pre-shared public parameters for a secure TFTP protocol , 2017 .

[19]  Dodi Wisaksono Sudiharto,et al.  Design and implementation of encrypted SMS on Android smartphone combining ECDSA - ECDH and AES , 2016, 2016 Asia Pacific Conference on Multimedia and Broadcasting (APMediaCast).

[20]  Giuseppe Thadeu Freitas de Abreu,et al.  M2M technologies: Enablers for a pervasive Internet of Things , 2014, 2014 European Conference on Networks and Communications (EuCNC).

[21]  Xiaoming Chen,et al.  Research on a hybrid system with perfect forward secrecy , 2017, 2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC).

[22]  P. Rewagad,et al.  Use of Digital Signature with Diffie Hellman Key Exchange and AES Encryption Algorithm to Enhance Data Security in Cloud Computing , 2013, 2013 International Conference on Communication Systems and Network Technologies.

[23]  George Suciu,et al.  M2M sensors for Future Internet Of Things monitoring , 2015, 2015 13th International Conference on Engineering of Modern Electric Systems (EMES).

[24]  Goran Martinović,et al.  STFTP: Secure TFTP Protocol for Embedded Multi-Agent Systems Communication , 2013 .

[25]  R. H. Goudar,et al.  Hybrid Encryption Scheme (HES): An Approach for Transmitting Secure Data over Internet , 2015 .

[26]  Abhishek Singh,et al.  Vulnerability Analysis for FTP and TFTP , 2008 .

[27]  Aaron D. Wyner,et al.  The rate-distortion function for source coding with side information at the decoder , 1976, IEEE Trans. Inf. Theory.

[28]  B. B. Gupta,et al.  Security in Internet of Things: issues, challenges, taxonomy, and architecture , 2017, Telecommunication Systems.

[29]  Xiong Li,et al.  Secure and efficient anonymous authentication scheme for three-tier mobile healthcare systems with wearable sensors , 2018, Telecommun. Syst..

[30]  Wuling Ren,et al.  A Hybrid Encryption Algorithm Based on DES and RSA in Bluetooth Communication , 2010, 2010 Second International Conference on Modeling, Simulation and Visualization Methods.

[31]  William J. Buchanan,et al.  Evaluation of TFTP DDoS amplification attack , 2016, Comput. Secur..

[32]  Anton Stiglic,et al.  Security Issues in the Diffie-Hellman Key Agreement Protocol , 2001 .

[33]  Bin Yuan,et al.  Building TFTP Server on Embedded System , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.