Use this URL to cite or link to this record in EThOS:
Title: Low-cost security protocols for resource-constrained Internet of Things devices
Author: Yilmaz, Yildiran
ISNI:       0000 0004 8510 422X
Awarding Body: University of Southampton
Current Institution: University of Southampton
Date of Award: 2019
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Restricted access.
Access from Institution:
The Internet of Things (IoT) devices, especially in wireless sensor networks (WSN) and radio frequency identification (RFID) systems, have limited resources. For example, battery-operated sensor devices forming the basic structure of the wireless sensor networks and the passive tags forming the basic structure of the RFID system can now be produced in smaller sizes and lower cost because of the development in electronics. Therefore, the wireless sensor devices are limited in memory, computation ability and energy resource and passive tags are limited in their chip area and computation ability. However, these devices make the task of establishing security protocols difficult as they dedicate most of the available resources to perform their basic tasks. On the other hand, these devices are based on pervasive technology which makes it easy for potential adversities and third parties to have access to them and carry well-established attacks. Security protocols that rely on storing keys or secrets in the devices' memory cannot provide physical security, as the key or secret data stored on the device is always open to physical tampering. Physical Unclonable Functions (PUF) technology is a potential candidate cryptographic primitive to incorporate physical security into the system. However, PUF-based protocols come with complications. Their security has not been established against communication traffic attacks. The machine learning and the Man in the Middle (MitM) are considered major security threats for PUF-based protocols. Consequently, there are two challenges in developing and implementing security protocols specific to resource-constrained devices; the first challenge is to provide security against common attacks, including physical attacks. The second challenge is to make the use of resources efficient considering the device-specific characteristics for the smooth implementation of the security protocol. This thesis proposes three new security protocols in consideration of the unique characteristics of IoT devices. The proposed and implemented security protocols that ensure privacy and mutual authentication in wireless sensor devices and RFID system are described in details, and their security is analysed systematically. The first protocol is named ASSURE and is based on PUF technology and a symmetric light cipher. It provides security for wireless sensor devices and ensures communication traffic privacy, physical security and energy-efficiency. The second security protocol is called ARMOR and is based on PUF and lightweight asymmetric encryption. It provides security for the RFID system and ensures communication traffic privacy and physical security. For the ARMOR protocol, it is proposed a PUF enabled area-efficient tag architecture. The third protocol termed TiGHTEN provides energy-efficiency and mutual authentication for wireless sensor devices and it consumes less energy compared to the first protocol. In the third protocol aimed at minimising communicational energy consumption, both symmetric (RC5) and asymmetric cryptosystems (ECC) are used to provide mutual authentication.
Supervisor: Halak, Basel Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available