Abstract
In this paper, we present a basic system for controlling IoT devices in remote environments with the following requirements: (1) in a situation where an operation center broadcasts information to IoT devices, e.g., wireless environment, only the designated devices can identify operations sent from the center; (2) the devices can detect manipulation of the broadcast information and hence prevents maliciously generated operations from being executed. We formalize a model of the basic system and its essential requirements and propose anonymous broadcast authentication (ABA) as its core cryptographic primitive. We formally define the syntax and security notions for ABA and show provably-secure ABA constructions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Garadi, M.A., Mohamed, A., Al-Ali, A., Du, X., Ali, I., Guizani, M.: A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Commun. Surv. Tuts. 22(3), 1646–1685 (2020)
Andersen, M.P., et al.: WAVE: a decentralized authorization framework with transitive delegation. In: Proceedings of USENIX Security 2019, pp. 1375–1392. USENIX Association (2019)
Antonakakis, M., et al.: Understanding the mirai botnet. In: Proceedings of USENIX Security 2017, pp. 1093–1110. USENIX Association (2017)
Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Proceedings of CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Berlin, Heidelberg (2006)
Bellare, M., Goldreich, O., Mityagin, A.: The power of verification queries in message authentication and authenticated encryption. Cryptology ePrint Archive, Report 2004/309 (2004)
Bertino, E., Islam, N.: Botnets and internet of things security. Computer 50(2), 76–79 (2017)
Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Proceedings of CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Berlin, Heidelberg (2005)
Chan, H., Perrig, A.: Round-efficient broadcast authentication protocols for fixed topology classes. In: Proceedings of IEEE S&P 2010, pp. 257–272. IEEE (2010)
Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: Proceedings of USENIX Security 2014, pp. 95–110. USENIX Association (2014)
Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of ASIACCS 2016, pp. 437–448. ACM (2016)
Fazio, N., Perera, I.M.: Outsider-anonymous broadcast encryption with sublinear ciphertexts. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) Public Key Cryptography - PKC 2012, pp. 225–242. Springer, Berlin Heidelberg (2012)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: Proceedings of IEEE S&P 2016, pp. 636–654. IEEE (2016)
Fernandes, E., Paupore, J., Rahmati, A., Simionato, D., Conti, M., Prakash, A.: FlowFence: practical data protection for emerging iot application frameworks. In: Proceedings of USENIX Security 2016, pp. 531–548. USENIX Association (2016)
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)
HÅstad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)
Kiayias, A., Samari, K.: Lower bounds for private broadcast encryption. In: Proceedings of IH 2013. LNCS, vol. 7692, pp. 176–190. Springer, Berlin, Heidelberg (2013)
Kumar, S., Hu, Y., Andersen, M.P., Popa, R.A., Culler, D.E.: JEDI: many-to-many end-to-end encryption and key delegation for IoT. In: Proceedings of USENIX Security 2019, pp. 1519–1536. USENIX Association (2019)
Li, J., Gong, J.: Improved anonymous broadcast encryptions. In: Proceedings of ACNS 2018. LNCS, vol. 10892, pp. 497–515. Springer (2018)
Libert, B., Paterson, K.G., Quaglia, E.A.: Anonymous broadcast encryption: adaptive security and efficient constructions in the standard model. In: Proceedings of PKC 2012. LNCS, vol. 7293, pp. 206–224. Springer, Berlin, Heidelberg (2012)
Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Proceedings of CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Berlin, Heidelberg (2001)
Neto, A.L.M., et al.: AoT: authentication and access control for the entire iot device life-cycle. In: Proceedings of Sensys 2016, pp. 1–15. ACM (2016)
Perrig, A.: The biba one-time signature and broadcast authentication protocol. In: Proceedings of CCS 2001, pp. 28–37. ACM (2001)
Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: Proceedings of IEEE S&P 2000, pp. 56–73. IEEE (2000)
Ronen, E., Shamir, A., Weingarten, A.O., Olynn, C.: IoT goes nuclear: creating a ZigBee chain reaction. In: Proceedings of IEEE S&P 2017, pp. 195–212. IEEE (2017)
Safavi-Naini, R., Wang, H.: Broadcast authentication for group communication. Theor. Comput. Sci. 269(1), 1–21 (2001)
Shim, K.A.: Basis: a practical multi-user broadcast authentication scheme in wireless sensor networks. IEEE Trans. Inf. Forensics Secur. 12(7), 1545–1554 (2017)
Wang, X., Han, Y., Leung, V.C., Niyato, D., Yan, X., Chen, X.: Convergence of edge computing and deep learning: a comprehensive survey. IEEE Commun. Surv. Tuts. 22(2), 869–904 (2020)
Zhauniarovich, Y., Khalil, I., Yu, T., Dacier, M.: A survey on malicious domains detection through DNS data analysis. ACM Comput. Surv. 51(4) (2018)
Acknowledgements
This research was conducted under a contract of “Research and development on IoT malware removal / make it non-functional technologies for effective use of the radio spectrum” among “Research and Development for Expansion of Radio Wave Resources (JPJ000254)”, which was supported by the Ministry of Internal Affairs and Communications, Japan. We would like to thank Hirokazu Kobayashi for his useful comments on existing broadcast authentication protocols and Tatsuya Takehisa for his valuable comments on the system model.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Watanabe, Y., Yanai, N., Shikata, J. (2021). Anonymous Broadcast Authentication for Securely Remote-Controlling IoT Devices. In: Barolli, L., Woungang, I., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2021. Lecture Notes in Networks and Systems, vol 226. Springer, Cham. https://doi.org/10.1007/978-3-030-75075-6_56
Download citation
DOI: https://doi.org/10.1007/978-3-030-75075-6_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75074-9
Online ISBN: 978-3-030-75075-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)