Saudi Cultural Missions Theses & Dissertations
Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10
Browse
3 results
Search Results
Item Restricted Adaptive encryption scheme for IoT sensors network(Cardiff University, 2024-09-05) Almalki, Ohud; Li, ShancangArtificial Intelligence (AI) and the Internet of Things (IoT) have revolutionised the way we live and work, bringing unpredictable levels of automation and decision-making. As a result, industries such as healthcare, finance, and smart cities have experienced significant changes. These technologies have transformed our lives to be more efficient, convenient, and connected. However, the rapid advancement of AI and IoT has also raised some concerns. Data privacy and security have become a major challenge with these systems processing massive amounts of sensitive personal and organisational information data. Highlighting the importance of implementing robust protection methods. This dissertation focuses on the different techniques used to maintain data privacy in AI and IoT ecosystems using privacy-preserving technologies (PETs), such as differential privacy (DP), federated learning (FL), and secure computation. These technologies are essential for compliance with data protection regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Moreover, it is important to educate users about the associated risks of using AI and IoT and to encourage responsible behaviours. The core focus of this research is a dual-layer encryption schema that helps to protect sensitive data in IoT sensor networks by classifying the data as low and high-critical.6 0Item Restricted Internet Of Things Security(Cardiff University, 2023-09-10) Alqarni, Abdullah Ibrahim A; Theodorakopoulos, George; Hood, AndrewThis project sought to examine the security of the TP-Link KP105 smart plug, an Internet of Things (IoT) device. In the IoT realm, where numerous devices are interconnected and constantly communicating, ensuring security is crucial, and the goal was thus to identify and evaluate any potential vulnerabilities in the smart plug as part of an effort to enhance the overall safety of IoT devices. The project thus adopted a methodical approach, conducting a comprehensive penetration test on the smart plug using the Penetration Testing Execution Standard (PTES) as a guiding framework. Initially, an understanding the intricacies of IoT security was thus developed, based on the author studying various penetration testing methodologies, and gaining ands-on experience with a wide array of suitable tools including, though not limited to, Metasploit, LOIC, hping3, and Aireplay-ng. Penetration testing was carried out using the Kali Linux operating system, which is renowned for its extensive suite of pre-installed security tools. The full process involved the capture and analysis of network traffic both to and from the smart plug by means of Wireshark, followed by the implementation of the TP-Link Smart Home Protocol Wireshark Dissector to enable the decryption of local network communication between the TP-Link Smart Home Devices and the Kasa Smart Home App. The EXPLIoT framework and the tplink_smartplug.py script were then leveraged to dispatch commands, facilitating manipulation of the plug's operations. By dong this, the project identified a series of significant vulnerabilities, including weak points across all of the areas of encryption, protocol authentication, binary protections, and physical security. Post-exploitation scenarios were also explored to develop understanding of the potential consequences of exploitation of the identified vulnerabilities. If an attacker were to gain physical access to the smart plug, they could reset, reboot, or even steal the device, while the lack of binary protections could open the door for reverse engineering of the smart plug software, leading to the discovery of additional vulnerabilities or even the creation of custom firmware with malicious functions. Furthermore, breaking XOR encryption could potentially enable an attacker to read and manipulate the traffic between the smart plug and the control app, while the absence of authentication, coupled with the use of open ports and a known MAC address, also pose significant network threats. The results of this study thus highlight the crucial need for additional strong security measures in IoT devices. Examining the identified vulnerabilities and potential exploitation scenarios should thus guide the creation of safer IoT devices in the future. This project also reinforces the importance of ongoing learning in the swiftly changing field of cybersecurity, however, and the need for proactive protection of secure interconnected devices in the IoT era.19 0Item Restricted Lightweight Cryptographic Mechanisms for Internet of Things and Embedded Systems(2023-03) Bin Rabiah, Abdulrahman; Abu-Ghazaleh, Nael; Richelson, SilasToday, IoT devices such as health monitors and surveillance cameras are widespread. As the industry matures, IoT systems are becoming pervasive. This revolution necessitates further research in network security, as IoT systems impose constraints on network design due to the use of lightweight, computationally weak devices with limited power and network connectivity being used for varying and unique applications. Thus, specialized secure protocols which can tolerate these constraints are needed. This dissertation examines three problems in the constrained IoT setting: 1) Key exchange, 2) Authentication and 3) Key management. First, IoT devices often gather critical information that needs to be communicated in a secure manner. Authentication and secure communication in an IoT environment can be difficult because of constraints, in computing power, memory, energy and network connectivity. For secure communication with the rest of the network, an IoT device needs to trust the gateway through which it communicates, often over a wireless link. An IoT device needs a way of authenticating the gateway and vice-versa, to set up that secure channel. We introduce a lightweight authentication and key exchange system for IoT environments that is tailored to handle the IoT-imposed constraints. In our system, the gateway and IoT device communicate over an encrypted channel that uses a shared symmetric session key which changes periodically (every session) in order to ensure perfect forward secrecy. We combine both symmetric-key and public-key cryptography based authentication and key exchange, thus reducing the overhead of manual configuration. We study our proposed system, called Haiku, where keys are never exchanged over the network. We show that Haiku is lightweight and provides authentication, key exchange, confidentiality, and message integrity. Haiku does not need to contact a Trusted Third Party (TTP), works in disconnected IoT environments, provides perfect forward secrecy, and is efficient in compute, memory and energy usage. Haiku achieves 5x faster key exchange and at least 10x energy consumption reductions. Second, signature-based authentication is a core cryptographic primitive essential for most secure networking protocols. We introduce a new signature scheme, MSS, that allows a client to efficiently authenticate herself to a server. We model our new scheme in an offline/online model where client online time is premium. The offline component derives basis signatures that are then composed based on the data being signed to provide signatures efficiently and securely during run-time. MSS requires the server to maintain state and is suitable for applications where a device has long-term associations with the server. MSS allows direct comparison to hash chain-based authentication schemes used in similar settings, and is relevant to resource-constrained devices e.g., IoT. We derive MSS instantiations for two cryptographic families, assuming the hardness of RSA and decisional Diffie-Hellman (DDH) respectively, demonstrating the generality of the idea. We then use our new scheme to design an efficient time-based one-time password (TOTP) system. Specifically, we implement two TOTP authentication systems from our RSA and DDH instantiations. We evaluate the TOTP implementations on Raspberry Pis which demonstrate appealing gains: MSS reduces authentication latency and energy consumption by a factor of ∼82 and 792, respectively, compared to a recent hash chain-based TOTP system. Finally, we examine an important sub-component of the massive IoT technology, namely connected vehicles (CV)/Internet of Vehicles (IoV). In the US alone, the US department of transportation approximates the number of vehicles to be around 350 million. Connected vehicles is an emerging technology, which has the potential to improve the safety and efficiency of the transportation system. To maintain the security and privacy of CVs, all vehicle-to-vehicle (V2V) communications are typically established on top of pseudonym certificates (PCs) which are maintained by a vehicular public key infrastructure (VPKI). However, the state-of-the-art VPKIs (including SCMS; the US VPKI standard for CV) often overlooked the reliability constraint of wireless networks (which eventually degrades the VPKI security) that exists in high-mobility environments such as CV networks. This constraint stems from the short coverage time between an on-board unit (OBU) inside a fast moving vehicle and a stationary road-side unit (RSU). In this work, we present TVSS, a novel VPKI design that pushes critical VPKI operations to the edge of the network; the RSU, while maintaining all security and privacy assumptions in the state-of-the-art VPKIs. Our real-life testbed shows a reduced PC generation latency by 28.5x compared to recent VPKIs. Furthermore, our novel local pseudonym certificate revocation lists (PCRLs) achieves 13x reduction in total communication overhead for downloading them compared to delta PCRLs.32 0