Facilitating the Delegation of Use for Private Devices in the Era of the Internet of Wearable Things

The Internet undergoes a fundamental transformation as billions of connected “things” surround us and embed themselves into the fabric of our everyday lives. However, this is only the beginning of true convergence between the realm of humans and that of machines, which materializes with the advent of connected machines worn by humans, or wearables. The resulting shift from the Internet of Things to the Internet of Wearable Things (IoWT) brings along a truly personalized user experience by capitalizing on the rich contextual information, which wearables produce more than any other today’s technology. The abundance of personally identifiable information handled by wearables creates an unprecedented risk of its unauthorized exposure by the IoWT devices, which fuels novel privacy challenges. In this paper, after reviewing the relevant contemporary background, we propose efficient means for the delegation of use applicable to a wide variety of constrained wearable devices, so that to guarantee privacy and integrity of their data. Our efficient solutions facilitate contexts when one would like to offer their personal device for temporary use (delegate it) to another person in a secure and reliable manner. In connection to the proposed protocol suite for the delegation of use, we also review the possible attack surfaces related to advanced wearables.

[1]  Preben E. Mogensen,et al.  LTE UE Power Consumption Model: For System Level Energy and Performance Optimization , 2012, 2012 IEEE Vehicular Technology Conference (VTC Fall).

[2]  Jung Hee Cheon,et al.  Authenticated Key-Insulated Public Key Encryption and Timed-Release Cryptography , 2006 .

[3]  Antonio Iera,et al.  Context-Aware Information Diffusion for Alerting Messages in 5G Mobile Social Networks , 2017, IEEE Internet of Things Journal.

[4]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[5]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[6]  Seda F. Gürses,et al.  Multilateral security requirements analysis for preserving privacy in ubiquitous environments , 2006 .

[7]  Longfei Wu,et al.  MobiFish: A lightweight anti-phishing scheme for mobile phones , 2014, 2014 23rd International Conference on Computer Communication and Networks (ICCCN).

[8]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[9]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[10]  Kui Ren,et al.  Distributed Privacy-Preserving Access Control in Sensor Networks , 2012, IEEE Transactions on Parallel and Distributed Systems.

[11]  Samuel Neves,et al.  BLAKE2: Simpler, Smaller, Fast as MD5 , 2013, ACNS.

[12]  Hailong Feng,et al.  Study of Recent Development about Privacy and Security of the Internet of Things , 2010, 2010 International Conference on Web Information Systems and Mining.

[13]  Claudio Soriente,et al.  On the difficulty of software-based attestation of embedded devices , 2009, CCS.

[14]  Klaus Wehrle,et al.  Towards viable certificate-based authentication for the internet of things , 2013, HotWiSec '13.

[15]  Antonio Iera,et al.  Energy Efficient IoT Data Collection in Smart Cities Exploiting D2D Communications , 2016, Sensors.

[16]  Wenyuan Xu,et al.  Jamming sensor networks: attack and defense strategies , 2006, IEEE Network.

[17]  Ilia Petrov,et al.  From Active Data Management to Event-Based Systems and More , 2010, Lecture Notes in Computer Science.

[18]  Richard Han,et al.  Node Compromise in Sensor Networks: The Need for Secure Systems ; CU-CS-990-05 , 2005 .

[19]  A. Ornaghi,et al.  Man in the middle attacks Demos , 2003 .

[20]  Yvo Desmedt,et al.  Man-in-the-Middle Attack , 2005, Encyclopedia of Cryptography and Security.

[21]  Oscar Garcia Morchon,et al.  Efficient distributed security for wireless medical sensor networks , 2008, 2008 International Conference on Intelligent Sensors, Sensor Networks and Information Processing.

[22]  Klaus Wehrle,et al.  Modular context-aware access control for medical sensor networks , 2010, SACMAT '10.

[23]  P. Agrawal,et al.  A Comparative Study of Wireless Protocols Bandwidth-Efficient Wpan OFDM Protocol with Applications to UWB Communications , 2013 .

[24]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[25]  Olga Galinina,et al.  Understanding the IoT connectivity landscape: a contemporary M2M radio technology roadmap , 2015, IEEE Communications Magazine.

[26]  Bogdan Warinschi,et al.  A Modular Security Analysis of the TLS Handshake Protocol , 2008, ASIACRYPT.

[27]  Alan H. Karp,et al.  Solving the Transitive Access Problem for the Services Oriented Architecture , 2010, 2010 International Conference on Availability, Reliability and Security.

[28]  Peter Friess,et al.  Internet of Things Strategic Research Roadmap , 2011 .

[29]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[30]  Alan H. Karp,et al.  Access control for the services oriented architecture , 2007, SWS '07.

[31]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[32]  Friedemann Mattern,et al.  From the Internet of Computers to the Internet of Things , 2010, From Active Data Management to Event-Based Systems and More.

[33]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[34]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[35]  David Wetherall,et al.  Demystifying 802.11n power consumption , 2010 .

[36]  Josef Langer,et al.  Relay Attacks on Secure Element-Enabled Mobile Devices - Virtual Pickpocketing Revisited , 2012, SEC.

[37]  Franz J. Hauck,et al.  Meta objects for access control: extending capability-based security , 1998, NSPW '97.

[38]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[39]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[40]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[41]  Xiaolei Dong,et al.  4S: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks , 2015, Inf. Sci..

[42]  Feng Hao J-PAKE: Password-Authenticated Key Exchange by Juggling , 2017, RFC.

[43]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..

[44]  Seppo Heikkinen,et al.  Security and User Guidelines for the Design of the Future Networked Systems , 2009, 2009 Third International Conference on Digital Society.

[45]  Yu-Wei Su,et al.  A Comparative Study of Wireless Protocols: Bluetooth, UWB, ZigBee, and Wi-Fi , 2007, IECON 2007 - 33rd Annual Conference of the IEEE Industrial Electronics Society.

[46]  Hyunsoo Yoon,et al.  Digital Rights Management with Right Delegation for Home Networks , 2006, ICISC.

[47]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[48]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[49]  Ming Li,et al.  Data security and privacy in wireless body area networks , 2010, IEEE Wireless Communications.

[50]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[51]  Klaus Wehrle,et al.  Delegation-based authentication and authorization for the IP-based Internet of Things , 2014, 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).