OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN
|
|
- Dorthy Banks
- 5 years ago
- Views:
Transcription
1 OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN Alberto Compagno 1,3, Mauro Conti 2 and Ralph Droms 3 1 Sapienza University of Rome 2 University of Padua 3 Cisco Systems 3rd ACM Conference on Information-Centric Networking September 28, 2016
2 IoT Scenario Internet Publishes readings under a proper namespace e.g. [1]: /coord/readings [1] M. Enguehard, et al. "SLICT: Secure Localized Information Centric Things." ACM ICN, Wireless mesh network of resource-constrained devices IEEE MAC 2 of 20
3 Unauthorized access Internet Easy to deploy malicious devices An attacker can waste devices resources: bandwidth, energy, memory, computation 3 of 20
4 Unauthorized access in ICN Internet Even a more serious problem Attacker can target network state (PIT, CS): Interest flooding, cache pollution attacks 4 of 20
5 How to secure the network? Internet Create a network of trusted devices: Device authentication and authorization to join the network Prevent packets manipulation and injection: Hop-by-hop packet integrity/authenticity check 5 of 20
6 Existing approaches In IP wireless mesh network (ZigBee IP): EAP-PSK with Protocol for Carrying Authentication for Network Access EAP-PSK/PANA EAP-TLS/PANA In ICN wireless mesh network: Nothing so far 6 of 20
7 Our proposal OnboardICNg We design OnboardICNg, an on-boarding protocol based on symmetric encryption that: Authenticates and authorizes new devices to join network Provides the authentication of the network to the joining device Bootstraps the key material for MAC and network layer Has a low cost in terms of devices resources 7 of 20
8 System model AGW Internet Figure: Advanced Metering Infrastructure Scenario Application Gateway (AGW) provides connectivity to Internet 8 of 20
9 System model AGW Internet Figure: Advanced Metering Infrastructure Scenario Application Gateway (AGW) provides connectivity to Internet AGW queries devices / issues commands 8 of 20
10 System model AGW Internet Figure: Advanced Metering Infrastructure Scenario Application Gateway (AGW) provides connectivity to Internet AGW queries devices / issues commands Devices retrieve content only from AGW 8 of 20
11 System Model To secure communication we distribute: k dj AGW : a pairwise key between each device d j and AGW Used to protect confidentiality and provide content authentications to content retrieved between d j and AGW (e.g., AGW queries and crypto material intended for d j ) k dj d nbr : pairwise key between d j and d nbr Used to trigger the integrity (and optionally confidentiality) 9 of 20
12 System model AGW Internet AAM Figure: Advanced Metering Infrastructure Scenario Authentication Authorization Manager (AAM) authenticates and authorizes devices Pre-shared key () between each device and AAM during provisioning phase 10 of 20
13 OnboardICNg - High level picture AGW AAM d j Device d nbr Figure: OnboardICNg 11 of 20
14 OnboardICNg - High level picture AGW AAM d j Device d nbr (a) OnboardICNg PANA Authentication Agent (PAA) AAM PANA Client (PaC) (b) EAP-PSK/PANA 12 of 20
15 AKEP2 OnboardICNg is built on AKEP2 scheme (which has proven to be secure) AKEP2 provides: Mutual authentication Authenticated key exchange A B s identity B A s identity, proof of A authenticity k =KDF(,) Proof of B authenticity k =KDF(,) 13 of 20
16 AKEP2 OnboardICNg is built on AKEP2 scheme (which has proven to be secure) AKEP2 provides: Mutual authentication Authenticated key exchange A B s identity B k =KDF(,) A s identity, proof of A authenticity k =KDF(,) Proof of B authenticity k =KDF(,) k =KDF(,) 13 of 20
17 AKEP2 in ICN AKEP2 can be simply implemented in interest and content packets...but it is a two party protocol A interest B content B s identity k interest content A s identity, proof of A authenticity Payload interest k content Proof of B authenticity interest content 14 of 20
18 OnboardICNg - Description d j d nbr Certifies to d j that the network is authentic AGW AAM interest content 15 of 20
19 OnboardICNg - Description k d j AKEP2 d nbr s identity d j s identity, proof auth. d nbr Certifies to d j that the network is authentic AGW AAM d nbr s identity, proof auth. interest content 15 of 20
20 OnboardICNg - Description k d j d nbr s identity d j s identity, proof auth. d nbr Certifies to d j that the network is authentic AGW AAM d nbr s identity, proof auth. interest content 15 of 20
21 OnboardICNg - Description k d j d nbr s identity d nbr d nbr expresses an interest to retrieve authorization and crypto material AGW AAM d j s identity, proof auth. d nbr s identity, proof auth. interest content 15 of 20
22 OnboardICNg - Description k d j d nbr s identity d nbr AAM authenticates and authorizes d j AGW AAM d j s identity, proof auth. d nbr s identity, proof auth. interest content 15 of 20
23 OnboardICNg - Description k d j d nbr s identity d nbr AAM authenticates and authorizes d j AGW AAM d j s identity, proof auth. Crypto material, k dj -AGW d nbr s identity, proof auth. interest content 15 of 20
24 OnboardICNg - Description K d j d nbr s identity d nbr Crypto material to generates d nbr proof auth. AGW AAM d j s identity, proof auth. Crypto material, kd j -AGW d nbr s identity, proof auth. interest content 15 of 20
25 OnboardICNg - Description K d j d nbr s identity d nbr Encrypted with to protect confidentiality AGW AAM d j s identity, proof auth. Crypto material, k dj -AGW d nbr s identity, proof auth. interest content 15 of 20
26 OnboardICNg - Description K d j d nbr s identity d nbr Encrypted with to protect confidentiality AGW AAM d j s identity, proof auth. Crypto material, k dj -AGW k, k d j -d nbr d nbr s identity, proof auth. interest content 15 of 20
27 OnboardICNg - Description Encrypted with k d j d nbr AGW AAM d nbr s identity K d j s identity, proof auth. Crypto material, k dj -AGW d nbr s identity, proof auth. k d, k j -d nbr dj -AGW k, k dj -d nbr interest content 15 of 20
28 OnboardICNg - Evaluation settings We compare OnboardICNg with EAP-PSK/PANA Specifically, constrained devices having a similar role: d j with PaC joining device d nbr with PRE neighbor OnboardICNg evaluation setting: 1+0 Encoding proposal for CCN [1] resourced-constrained devices with hardware implementation of AES-128 (e.g., MSP430 MCU combined with the CC2420 radio chip) [1] CCN and NDN TLV encodings in packets. pdfs9ielpwcji.pdf. 16 of 20
29 OnboardICNg - Analytical evaluation Communication cost comparison Bytes transmitted/received between entities d j /PaC d nbr /PRE AGW/PAA OnboardICNg: 549 B 318 B EAP-PSK/PANA: 1380 B 2481 B -70% -87% 17 of 20
30 OnboardICNg - Analytical evaluation Computation cost comparison (milliseconds) EAP-PSK/PANA OnboardICNg Crypto op. PaC PRE d j d nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der. 22,75 0,00 23,05 0,90 Encrypt 0,00 0,00 0,00 0,30 Decrypt 0,30 0,00 0,60 0,30 Memory cost comparison (bytes) EAP-PSK/PANA OnboardICNg PaC PRE d j d nbr Comparable memory and computation cost for the joining device Greater memory and computation cost on neighbor device, but of 20
31 OnboardICNg - Analytical evaluation Energy cost comparison 19 of 20
32 Conclusion OnboardICNg is the first protocol providing secure authentication and authorization for IoT over ICN Resilient to outsider and insider attacks Securely bootstraps cryptographic material for subsequent secure communication Resource utilization compares favorably with EAP-PSK/PANA Up to 87% less in communication cost Up to 66% less in energy consumption 20 of 20
33 Conclusion OnboardICNg is the first protocol providing secure authentication and authorization for IoT over ICN Resilient to outsider and insider attacks Securely bootstraps cryptographic material for subsequent secure communication Resource utilization compares favorably with EAP-PSK/PANA Up to 87% less in communication cost Up to 66% less in energy consumption Questions? 20 of 20
An Implementation of Fog Computing Attributes in an IoT Environment
An Implementation of Fog Computing Attributes in an IoT Environment Ranjit Deshpande CTO K2 Inc. Introduction Ranjit Deshpande CTO K2 Inc. K2 Inc. s end-to-end IoT platform Transforms Sensor Data into
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationSensor-to-cloud connectivity using Sub-1 GHz and
Sensor-to-cloud connectivity using Sub-1 GHz and 802.15.4 Nick Lethaby, IoT, Ecosystem Manager, Texas Instruments Agenda Key design considerations for a connected IoT sensor Overview of the Sub-1 GHz band
More informationSecure Multi-Hop Infrastructure Access
Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 Advanced Topics in Wireless Networks Wireless Infrastructure
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationSecure Embedded Wireless Networks
Secure Embedded Wireless Networks Prof. Saurabh Bagchi School of Electrical & Computer Engineering, Purdue University September 22, 2010 Product/Service Communication and reprogramming protocol that can
More informationA CoAP-Based Network Access Authentication Service for Low-Power Wide Area Networks: LO-CoAP-EAP
sensors Article A CoAP-Based Network Access Authentication Service for Low-Power Wide Area Networks: LO-CoAP-EAP Dan Garcia-Carrillo 1, *, Rafael Marin-Lopez 1, Arunprabhu Kandasamy 2,3 and Alexander Pelov
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationIntroduction to Information Centric Networking
Introduction to Information Centric Networking... with a Dash of Security Claudio Marxer Computer Networks Group University of Basel Switzerland Open Source IoT & Blockchain
More informationUnderstanding Layer 2 Encryption
Understanding Layer 2 Encryption TECHNICAL WHITEPAPER Benefits of Layer 2 Encryption Lowest cost of ownership Better bandwith efficiency (up to 50%) Minimal ongoing maintenance routing updates transparent
More informationHybrid Information-Centric Networking
Hybrid Information-Centric Networking ICN inside the Internet Protocol Luca Muscariello, Principal Engineer Giovanna Carofiglio, Distinguished Engineer Jordan Augé, Michele Papalini, Mauro Sardara, Alberto
More informationSleep/Wake Aware Local Monitoring (SLAM)
Sleep/Wake Aware Local Monitoring (SLAM) Issa Khalil, Saurabh Bagchi, Ness Shroff Dependable Computing Systems Lab (DCSL) & Center for Wireless Systems and Applications (CWSA) School of Electrical and
More informationExpires: February 21, Huawei & USTC G. Wang. Huawei Technologies. August 20, 2013
ICN Research Group Internet-Draft Intended status: Informational Expires: February 21, 2014 X. Zhang R. Ravindran Huawei Technologies H. Xie Huawei & USTC G. Wang Huawei Technologies August 20, 2013 Abstract
More informationTwo different chat groups Between the three ships Between the carrier and the troops
Chat Application Notional Tactical Network Two different chat groups Between the three ships Between the carrier and the troops C gro hat up 1 Chat group2 Loss cannot be tolerated In order delivery is
More informationRule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs
Rule based Forwarding (RBF): improving the Internet s flexibility and security Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs Motivation Improve network s flexibility Middlebox support,
More informationVendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
More informationA consumer-driven access control approach to censorship circumvention in content-centric networking
A consumer-driven access control approach to censorship circumvention in content-centric networking Jun Kurihara, Kenji Yokota and Atsushi Tagami KDDI R&D Laboratories, Inc. ACM ICN 2016 Kyoto, Japan,
More informationAn Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE based IoT Access Networks
sensors Article An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks Ki-Wook Kim 1 ID, Youn-Hee Han 2 and Sung-Gi Min 3, * 1 Department
More informationOn Demand secure routing protocol resilient to Byzantine failures
On Demand secure routing protocol resilient to Byzantine failures Primary Reference: B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, An on-demand secure routing protocol resilient to Byzantine failures,
More informationSecuring Internet of things Infrastructure Standard and Techniques
Securing Internet of things Infrastructure Standard and Techniques Paper Author : Zubair A. Baig Name: Farooq Abdullah M.Sc Programming and Networks University of Oslo. Security internet of Things Standards
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationPublish Subscribe Deployment Option for NDN in the Constrained IoT
Publish Subscribe Deployment Option for NDN in the Constrained IoT draft-gundogan-icnrg-pub-iot-02 Cenk Gündoğan 1 Thomas Schmidt 1 Matthias Wählisch 2 1 HAW Hamburg 2 Freie Universität Berlin March 18,
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationCIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec
CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationStateless ICN Forwarding with P4 towards Netronome NFP-based Implementation
Stateless ICN Forwarding with P4 towards Netronome NFP-based Implementation Aytac Azgin, Ravishankar Ravindran, Guo-Qiang Wang aytac.azgin, ravi.ravindran, gq.wang@huawei.com Huawei Research Center, Santa
More informationSecurity in Mobile Ad-hoc Networks. Wormhole Attacks
Security in Mobile Ad-hoc Networks Wormhole Attacks What are MANETs Mobile Ad-hoc Network (MANET) is a collection of wireless mobile hosts without fixed network infrastructure and centralized administration.
More informationAn Optimal Statistical Test for Robust Detection against Interest Flooding Attacks in CCN
An Optimal Statistical Test for Robust Detection against Interest Flooding Attacks in CCN Tan NGUYEN Remi COGRANNE Guillaume DOYEN ANR DOCTOR project, number Troyes University of Technology,
More informationDanube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks. Thilo Sauter Albert Treytl
Danube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks Thilo Sauter Albert Treytl Wireless Sensor Network Vision High-level company functions
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationTHOUGHTS ON TSN SECURITY
THOUGHTS ON TSN SECURITY Contributed by Philippe Klein, PhD (philippe@broadcom.com) 1 METWORK SECURITY PROTOCOLS Description Complexity Performance Layer 4..7 Layer 3 Layer 2 SSL / TLS, IPsec MACsec Application
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationConfiguring the Radio Network
CHAPTER 4 This chapter describes the procedures for configuring the bridge s radio network. Here s what you ll find in this chapter: Using the Configuration Radio Menu, page 4-2 Establishing an SSID (Ssid),
More informationAuthenticating People and Machines over Insecure Networks
Authenticating People and Machines over Insecure Networks EECE 571B Computer Security Konstantin Beznosov authenticating people objective Alice The Internet Bob Password= sesame Password= sesame! authenticate
More informationPANA applicability in constrained environments
PANA applicability in constrained environments Mitsuru Kanda Yoshihiro Ohba Subir Das Stephen Chasko
More informationCisco Exam Implementing Cisco unified Wireless Voice Networks (IUWVN) v2.0 Version: 10.0 [ Total Questions: 188 ]
s@lm@n Cisco Exam 642-742 Implementing Cisco unified Wireless Voice Networks (IUWVN) v2.0 Version: 10.0 [ Total Questions: 188 ] Question No : 1 A client reports that video is not streaming. The administrator
More informationDASH7 ALLIANCE PROTOCOL - WHERE RFID MEETS WSN. public
DASH7 ALLIANCE PROTOCOL - WHERE RFID MEETS WSN public DASH7 ALLIANCE PROTOCOL OPEN STANDARD OF ULTRA LOW POWER MID-RANGE SENSOR AND ACTUATOR COMMUNICATION Wireless Sensor and Actuator Network Protocol
More informationICN for Cloud Networking. Lotfi Benmohamed Advanced Network Technologies Division NIST Information Technology Laboratory
ICN for Cloud Networking Lotfi Benmohamed Advanced Network Technologies Division NIST Information Technology Laboratory Information-Access Dominates Today s Internet is focused on point-to-point communication
More informationConfiguring Layer2 Security
Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring
More informationSupport for Notifications in CCN ( draft-ravi-ccn-notification-00.txt ) IETF/ICN-RG -93, Prague
Support for Notifications in CCN ( draft-ravi-ccn-notification-00.txt ) IETF/ICN-RG -93, Prague Ravi Ravindran (ravi.ravindran@huawei.com) Asit Chakraborti(asit.chakraborti@huawei.com) Marc Mosko(marc.mosko@parc.com)
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationThread in Commercial Backgrounder
Thread in Commercial Backgrounder September 2018 An introduction to Thread, its Network Topology and Application Support 1 What is Thread Thread is an open standard for wireless communication providing
More informationConcrete cryptographic security in F*
Concrete cryptographic security in F* crypto hash (SHA3) INT-CMA encrypt then-mac Auth. encryption Secure RPC some some some adversary attack attack symmetric encryption (AES). IND-CMA, CCA2 secure channels
More informationKun Sun, Peng Ning Cliff Wang An Liu, Yuzheng Zhou
Kun Sun, Peng Ning Cliff Wang An Liu, Yuzheng Zhou Abstract Accurate and synchronized time is crucial in many sensor network applications Time synchronization becomes an attractive target due to its importance
More informationMACSec Security Service FIPS Validation. Richard Wang May 19, 2017 International Crypto Module Conference
MACSec Security Service FIPS Validation Richard Wang May 19, 2017 International Crypto Module Conference Topics! MACSec Overview! MACSec Authentication Mechanisms! MACSec with FIPS! Draft IG A.5! References!
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationUnraveling Mesh Networking Options TOM PANNELL 28 FEBRUARY 2018
Unraveling Mesh Networking Options TOM PANNELL 28 FEBUAY 2018 The Benefits of Mesh Networks Star Network Extend the range of connections from gateways or mobile devices with multi-hop communication educe
More informationTime Synchronization Security using IPsec and MACsec
Time Synchronization using IPsec and MACsec Appeared in ISPCS 2011 Tal Mizrahi Israel ing Seminar May 2012 Time Synchronization Time synchronization is used for various applications. Securing the time
More informationINTERNET PROTOCOL SECURITY (IPSEC) GUIDE.
INTERNET PROTOCOL SECURITY (IPSEC) GUIDE www.insidesecure.com INTRODUCING IPSEC NETWORK LAYER PACKET SECURITY With the explosive growth of the Internet, more and more enterprises are looking towards building
More informationLab Configure Enterprise Security on AP
Lab 8.5.4.1 Configure Enterprise Security on AP Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, students will demonstrate an understanding
More informationConfiguring Hybrid REAP
13 CHAPTER This chapter describes hybrid REAP and explains how to configure this feature on controllers and access points. It contains the following sections: Information About Hybrid REAP, page 13-1,
More informationICN Content Security Using Encrypted Manifest and Encrypted Content Chunks
ICN Content Security Using Encrypted Manifest and Encrypted Content Chunks Dante Pacella dante@verizon.com Ashish Sardesai ashish.sardesai@verizon.com Mani Tadayon mani.tadayon@verizon.com Venkat Josyula
More informationPerformance Evaluation of CCN
Performance Evaluation of CCN September 13, 2012 Donghyun Jang, Munyoung Lee, Eunsang Cho, Ted Taekyoung Kwon (Seoul National University), Byoung-Joon Lee, Myeong-Wuk Jang, Sang-Jun Moon (Samsung Electronics),
More informationWirelessHART: Applying Wireless Technology in Real-Time Industrial Process Control
WirelessHART: Applying Wireless Technology in Real-Time Industrial Process Control Jianping Song, Song Han, Al Mok University of Texas at Austin Deji Chen, Mike Lucas, Mark Nixon Emerson Process Management
More informationIP network that supports DHCP or manual assignment of IP address, gateway, and subnet mask
Network Requirements, page 1 Wireless LAN, page 2 Wi-Fi Network Components, page 3 802.11 Standards for WLAN Communications, page 6 Security for Communications in WLANs, page 9 WLANs and Roaming, page
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #12 Forwarding Security 2015 Patrick Tague 1 SoW Presentation SoW Thursday in class I'll post a template Each team gets ~5-8 minutes Written SoW
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationThe Open Protocol for Access Control Identification and Ticketing with PrivacY
The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2 OPACITY
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationLead Partner Smartesting
Ref. Ares(2016)2472574-27/05/2016 Deliverable D2.1 Generic test patterns and test models for IoT security testing Version Version 1.0 Lead Partner Smartesting Date 25/05/2016 Project Name ARMOUR Large-Scale
More informationTrust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks
Trust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks Han Sang Kim, Jin Wook Lee*, Sandeep K. S. Gupta and Yann-Hang Lee Department of Computer Science and Engineering Arizona
More informationNetwork Access Flows APPENDIXB
APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies
More informationWireless KRACK attack client side workaround and detection
Wireless KRACK attack client side workaround and detection Contents Introduction Components used Requirements EAPoL Attack protections Why this works Possible impact How to identify if a client is deleted
More informationGuide to Wireless Communications, 3 rd Edition. Objectives
Guide to Wireless Communications, 3 rd Edition Chapter 5 Wireless Personal Area Networks Objectives Describe a wireless personal area network (WPAN) List the different WPAN standards and their applications
More informationPROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
More informationUsing the tpm with iot
Using the tpm with iot David Grawrock Security Architect, Senior Principle Engineer Agenda History Lesson What Does IoT Need How Does The Fulfill Needs Usage IoT Security 2 History Worked on the from 1999
More informationRouting Security Security Solutions
Routing Security Security Solutions CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 Page 1 Solving BGP Security Reality: most attempts at securing BGP have been at the local level
More informationBluetooth. Quote of the Day. "I don't have to be careful, I've got a gun. -Homer Simpson. Stephen Carter March 19, 2002
Bluetooth Stephen Carter March 19, 2002 Quote of the Day "I don't have to be careful, I've got a gun. -Homer Simpson 1 About Bluetooth Developed by a group called Bluetooth Special Interest Group (SIG),
More informationWhen the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft
When the Lights go out Hacking Cisco EnergyWise Version: 1.0 Date: 7/1/14 Classification: Author(s): Public Ayhan Koca, Matthias Luft TABLE OF CONTENT 1 HANDLING... 5 1.1 DOCUMENT STATUS AND OWNER... 5
More informationTrusted Platform Module explained
Bosch Security Systems Video Systems Trusted Platform Module explained What it is, what it does and what its benefits are 3 August 2016 2 Bosch Security Systems Video Systems Table of contents Table of
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationZIGBEE. Erkan Ünal CSE 401 SPECIAL TOPICS IN COMPUTER NETWORKS
ZIGBEE Erkan Ünal CSE 401 SPECIAL TOPICS IN COMPUTER NETWORKS OUTLINE ZIGBEE AND APPLICATIONS IEEE 802.15.4 PROTOCOL ZIGBEE PROTOCOL ZIGBEE ALLIANCE ZIGBEE APPLICATIONS PHYSICAL LAYER MAC LAYER ZIGBEE
More informationExam Questions Demo Cisco. Exam Questions
Cisco Exam Questions 300-208 SISAS Implementing Cisco Secure Access Solutions (SISAS) Version:Demo 1. Which functionality does the Cisco ISE self-provisioning flow provide? A. It provides support for native
More informationUNCLASSIFIED//FOR OFFICIAL USE ONLY INDUSTRIAL CONTROL SYSTEMS CYBER EMERGENCY RESPONSE TEAM
ADVISORY ICSA-10-019-01 ZIGBEE PSEUDORANDOM NUMBER GENERATOR VULNERABILITY January 19, 2010 OVERVIEW On January 09, 2010, a security researcher published an attack on a ChipCon (CC) implementation of ZigBee
More informationNetworking Named Content: Content-Centric Networking. John Rula
Networking Named Content: Content-Centric Networking John Rula Overview Replacing traditional host based routing with named content routing Consumers request a data s name instead of a host (ip address)
More information5G-ENSURE. Privacy Enablers. (Project Number )
5G-ENSURE (Project Number 671562) Privacy Enablers madalina.baltatu@telecomitalia.it luciana.costa@telecomitalia.it dario.lombardo@telecomitalia.it Privacy enhanced identity protection Privacy Enablers
More informationMobile ad hoc networks Various problems and some solutions
Mobile ad hoc networks Various problems and some solutions Humayun Bakht School of Computingand Mathematical Sciences Liverpool John Mores University Email:humayunbakht@yahoo.co.uk Main Focus Problems
More informationControl Plane Security Overview
Control Plane Security Overview Wes Doonan Control Plane R&D Hybrid Networks Packet-based Delivery ( ) Packets delivered via standard IP infrastructure Routes configured or learned, packets forwarded per
More informationWireless Security Security problems in Wireless Networks
Wireless Security Security problems in Wireless Networks Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security
More informationCryptography for the Internet of Things. Kenny Paterson Information Security
Cryptography for the Internet of Things Kenny Paterson Information Security Group @kennyog; www.isg.rhul.ac.uk/~kp What is the Internet of Things? The Internet of Things (IoT) is the network of physical
More informationSecure Ethernet Communication for Autonomous Driving. Jared Combs June 2016
Secure Ethernet Communication for Autonomous Driving Jared Combs June 2016 Agenda Motivation for Security The Multi-Level Security Architecture Proposal Level 1: Restrict access to the network Level 2:
More informationConfiguring r BSS Fast Transition
Finding Feature Information, on page 1 Restrictions for 802.11r Fast Transition, on page 1 Information About 802.11r Fast Transition, on page 2 How to Configure 802.11r Fast Transition, on page 4 Additional
More informationAttacking and Defending LoRa systems. LoRa the Explorer 22/03/2016
Attacking and Defending LoRa systems LoRa the Explorer 22/03/2016 LoRa the Explorer 1.What is LoRa / LoRaWAN? 2.LoRaWAN Security Features 3.How to test LoRa systems Introduction Introductions Introduction
More informationZIGBEE EXPLOITED. The!good,!the!bad!and!the!ugly! Cognosec 2015 Castellezgasse 16/ Vienna, Austria
ZIGBEE EXPLOITED Thegood,thebadandtheugly Cognosec 2015 Castellezgasse 16/2 1020 Vienna, Austria TABLE OF CONTENTS ABSTRACT...1 INTRODUCTION...1 THE ZIGBEE STANDARD...1 ZIGBEE SECURITY...2 NETWORK LAYER
More informationICN & 5G. Dr.-Ing. Dirk Kutscher Chief Researcher Networking. NEC Laboratories Europe
ICN & 5G Dr.-Ing. Dirk Kutscher Chief Researcher Networking NEC Laboratories Europe Performance and Security Today User Equipment Access Network Core/Service Network Application Servers 2 NEC Corporation
More informationNetwork Working Group Request for Comments: Nokia Siemens Networks February 2009
Network Working Group Request for Comments: 5433 Category: Standards Track T. Clancy LTS H. Tschofenig Nokia Siemens Networks February 2009 Status of This Memo Extensible Authentication Protocol - Generalized
More informationUNDERSTANDING SENETAS LAYER 2 ENCRYPTION TECHNICAL-PAPER
1 UNDERSTANDING SENETAS LAYER 2 ENCRYPTION TECHNICAL-PAPER CN encryption devices are purpose built hardware appliances that have been designed and developed in Australia by Senetas Corporation since 1997.
More informationNetwork Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011
Network Security: Broadcast and Multicast Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2011 Outline 1. Broadcast and multicast 2. Receiver access control (i.e. data confidentiality)
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #12 Routing Security; Forwarding Security 2016 Patrick Tague 1 SoW Presentation SoW Thursday in class I'll post a template Each team gets ~5 minutes
More informationMULTICAST SECURITY. Piotr Wojciechowski (CCIE #25543)
MULTICAST SECURITY Piotr Wojciechowski (CCIE #25543) ABOUT ME Senior Network Engineer MSO at VeriFone Inc. Previously Network Solutions Architect at one of top polish IT integrators CCIE #25543 (Routing
More informationA Policy Framework for a Secure
A Policy Framework for a Secure Future Internet Jad Naous(Stanford University) Arun Seehra(UT Austin) Michael Walfish(UT Austin) David Mazières(Stanford University) Antonio Nicolosi(Stevens Institute of
More informationConfiguring the Client Adapter through Windows CE.NET
APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More information