Privacy, Discovery, and Authentication for the Internet of Things

Automatic service discovery is essential to realizing the full potential of the Internet of Things (IoT). While discovery protocols like Multicast DNS, Apple AirDrop, and Bluetooth Low Energy have gained widespread adoption across both IoT and mobile devices, most of these protocols do not offer any form of privacy control for the service, and often leak sensitive information such as service type, device hostname, device owner’s identity, and more in the clear.

[1]  Diana K. Smetters,et al.  Secret handshakes from pairing-based key agreements , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Marcel Waldvogel,et al.  Efficient Privacy Preserving Multicast DNS Service Discovery , 2014, 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS).

[3]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[4]  Lionel M. Ni,et al.  PrudentExposure: a private and user-centric service discovery protocol , 2004, Second IEEE Annual Conference on Pervasive Computing and Communications, 2004. Proceedings of the.

[5]  Cristina Nita-Rotaru,et al.  How Secure and Quick is QUIC? Provable Security and Performance Analyses , 2015, 2015 IEEE Symposium on Security and Privacy.

[6]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[7]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[8]  Marc Fischlin,et al.  Multi-Stage Key Exchange and the Case of Google's QUIC Protocol , 2014, CCS.

[9]  Gene Tsudik,et al.  Authentication for Paranoids: Multi-party Secret Handshakes , 2006, ACNS.

[10]  Paolo Traverso,et al.  Service Discovery in Pervasive Computing Environments , 2009 .

[11]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[13]  Kenneth G. Paterson,et al.  On the Security of the TLS Protocol: A Systematic Analysis , 2013, IACR Cryptol. ePrint Arch..

[14]  Lionel M. Ni,et al.  A private, secure, and user-centric information exposure model for service discovery protocols , 2006 .

[15]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[16]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[17]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[18]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[19]  Ninghui Li,et al.  Oblivious signature-based envelope , 2003, PODC.

[20]  Ninghui Li,et al.  OACerts: Oblivious Attribute Certificates , 2006, IEEE Trans. Dependable Secur. Comput..

[21]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[22]  Marcel Waldvogel,et al.  Adding Privacy to Multicast DNS Service Discovery , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[23]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[24]  Alfred Menezes,et al.  Security of Signature Schemes in a Multi-User Setting , 2004, Des. Codes Cryptogr..

[25]  Allison Bishop,et al.  Why Proving HIBE Systems Secure Is Difficult , 2014, EUROCRYPT.

[26]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[27]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[28]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[29]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[30]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[31]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[32]  Andrey Jivsov,et al.  Compact representation of an elliptic curve point , 2014 .

[33]  Tanja Lange,et al.  The Security Impact of a New Cryptographic Library , 2012, LATINCRYPT.

[34]  Michael Weber,et al.  Device Names in the Wild: Investigating Privacy Risks of Zero Configuration Networking , 2013, 2013 IEEE 14th International Conference on Mobile Data Management.

[35]  Ben Y. Zhao,et al.  An architecture for a secure service discovery service , 1999, MobiCom.

[36]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[37]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[38]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[39]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[40]  Hugo Krawczyk,et al.  The OPTLS Protocol and TLS 1.3 , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[41]  Marina Blanton,et al.  Secret Handshakes with Dynamic and Fuzzy Matching , 2007, NDSS.

[42]  Srinivasan Seshan,et al.  Tryst: The Case for Confidential Service Discovery , 2007, HotNets.

[43]  Mihir Bellare,et al.  EAX: A Conventional Authenticated-Encryption Mode , 2003, IACR Cryptol. ePrint Arch..

[44]  Stuart Cheshire,et al.  Multicast DNS , 2013, RFC.

[45]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[46]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[47]  Alfred Menezes,et al.  Another look at security definitions , 2013, Adv. Math. Commun..

[48]  Hugo Krawczyk,et al.  Security Analysis of IKE's Signature-Based Key-Exchange Protocol , 2002, CRYPTO.

[49]  Peter Schwabe,et al.  New Software Speed Records for Cryptographic Pairings , 2010, LATINCRYPT.

[50]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[51]  Angelos D. Keromytis,et al.  Just fast keying: Key agreement in a hostile internet , 2004, TSEC.

[52]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[53]  Stuart Cheshire,et al.  DNS-Based Service Discovery , 2013, RFC.

[54]  S. Ungar,et al.  Home network security , 2002, Proceedings 2002 IEEE 4th International Workshop on Networked Appliances (Cat. No.02EX525).

[55]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[56]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[57]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[58]  Compact representation of an elliptic curve point draft-jivsov-ecc-compact-04 , 2012 .

[59]  Hugo Krawczyk,et al.  Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes , 2004, CRYPTO.

[60]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[61]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[62]  Mikhail J. Atallah,et al.  Hidden access control policies with hidden credentials , 2004, WPES '04.

[63]  Martín Abadi,et al.  Distributed Authorization with Distributed Grammars , 2015, Programming Languages with Applications to Biology and Security.

[64]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[65]  Hans Scholten,et al.  Home Network Security , 2008, Seventh International Conference on Networking (icn 2008).

[66]  Kent E. Seamons,et al.  Concealing complex policies with hidden credentials , 2004, CCS '04.

[67]  Feng Zhu,et al.  Toward secure and private service discovery anywhere anytime , 2010, Frontiers of Computer Science in China.

[68]  Hugo Krawczyk,et al.  HMAC-based Extract-and-Expand Key Derivation Function (HKDF) , 2010, RFC.

[69]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).