Refine
Document Type
- Bachelor Thesis (2)
- Doctoral Thesis (1)
- Master's Thesis (1)
Keywords
- IoT (4) (remove)
Institute
Open Access
- Open Access (3)
- Closed (1)
- Diamond (1)
Egal ob Smart City, Smart Home oder als kleine Alltagshilfen, das Internet der Dinge ist heutzutage allgegenwärtig. Um die Dinge der vernetzten Welt nutzen zu können, benötigt man in der Regel ein User Interface. Es gibt verschiedenste Möglichkeiten für den Menschen, mit vernetzten Dingen zu kommunizieren. Es kann über ein Voice User Interface (VUI) mit der Sprache kommuniziert werden oder sogar bereits nur mit Gedanken über sogenannte Brain User Interfaces (BUI). Eine zentrale Rolle hat momentan vor allem das Smartphone, welches als leistungsstarker, dauerhafter Begleiter im Alltag durch eingebaute Sensoren und Kommunikationsmöglichkeiten wie Wifi, Bluetooth oder NFC, ein ideales Interface zum IoT bietet. Das Smartphone, sowie bereits viele Mikrocontroller, bieten zudem die Möglichkeit mit Internettechnologien wie HTML, CSS und JavaScript programmiert zu werden. Somit sind Webentwickler in der Lage, komplette IoT-Anwendungen zu implementieren. Für die webtechnologienbasierte User-Interfaceentwicklung des Smartphones bieten sich Frameworks wie Ionic, React Native, NativeScript oder Evothings an. Zu diesen vier Frameworks wird ein fundierter Vergleich durchgeführt, der Aufschluss über die Einsetzbarkeit der Frameworks bei einer IoT-Anwendung gibt. Ionic steht bei diesem Vergleich beispielsweise durch eine große Community, oder unzählige UI-Elemente mit hoher Usability, an erster Stelle. Die Möglichkeiten von Ionic werden anhand der App für den smarten Briefkasten Mail-E verdeutlicht.
It is generally agreed that the development and deployment of an important amount of IoT devices throughout the world has revolutionized our lives in a way that we can rely on these devices to complete certain tasks that may have not been possible just years ago which also brought a new level of convenience and value to our lives.
This technology is allowing us in a smart home environment to remotely control doors, windows, and fridges, purchase online, stream music easily with the use of voice assistants such as Amazon Echo Alexa, also close a garage door from anywhere in the world to cite some examples as this technology has added value to several domains ranging from household environments, cites, industries by exchanging and transferring data between these devices and customers. Many of these devices’ sensors, collect and share information in real-time which enables us to make important business decisions.
However, these devices pose some risks and also some security and privacy challenges that need to be addressed to reach their full potential or be considered to be secure. That is why, comprehensive risk analysis techniques are essential to enhance the security posture of IoT devices as they can help evaluate the robustness and reliability towards potential susceptibility to risks, and vulnerabilities that IoT devices in a smart home setting might possess.
This approach relies on the basis of ISO/IEC 27005 methodology and risk matrix method to highlight the level of risks, impact, and likelihood that an IoT device in smart home settings can have, map the related vulnerability, threats and risks and propose the necessary mitigation strategies or countermeasures that can be taken to secure a device and therefore satisfying some security principles. Around 30 risks were identified on Amazon Echo and the related IoT system using the methodology. A detailed list of countermeasures is proposed as a result of the risk analysis. These results, in turn, can be used to elevate the security posture of the device.
With the expansion of IoT devices in many aspects of our life, the security of such systems has become an important challenge. Unlike conventional computer systems, any IoT security solution should consider the constraints of these systems such as computational capability, memory, connectivity, and power consumption limitations. Physical Unclonable Functions (PUFs) with their special characteristics were introduced to satisfy the security needs while respecting the mentioned constraints. They exploit the uncontrollable and reproducible variations of the underlying component for security applications such as identification, authentication, and communication security. Since IoT devices are typically low cost, it is important to reuse existing elements in their hardware (for instance sensors, ADCs, etc.) instead of adding extra costs for the PUF hardware. Micro-electromechanical system (MEMS) devices are widely used in IoT systems as sensors and actuators. In this thesis, a comprehensive study of the potential application of MEMS devices as PUF primitives is provided. MEMS PUF leverages the uncontrollable variations in the parameters of MEMS elements to derive secure keys for cryptographic applications. Experimental and simulation results show that our proposed MEMS PUFs are capable of generating enough entropy for a complex key generation, while their responses show low fluctuations in different environmental conditions.
Keeping in mind that the PUF responses are prone to change in the presence of noise and environmental variations, it is critical to derive reliable keys from the PUF and to use the maximum entropy at the same time. In the second part of this thesis, we elaborate on different key generation schemes and their advantages and drawbacks. We propose the PUF output positioning (POP) and integer linear programming (ILP) methods, which are novel methods for grouping the PUF outputs in order to maximize the extracted entropy. To implement these methods, the key enrollment and key generation algorithms are presented. The proposed methods are then evaluated by applying on the responses of the MEMS PUF, where it can be practically shown that the proposed method outperforms other existing PUF key generation methods.
The final part of this thesis is dedicated to the application of the MEMS PUF as a security solution for IoT systems. We select the mutual authentication of IoT devices and their backend system, and propose two lightweight authentication protocols based on MEMS PUFs. The presented protocols undergo a comprehensive security analysis to show their eligibility to be used in IoT systems. As the result, the output of this thesis is a lightweight security solution based on MEMS PUFs, which introduces a very low overhead on the cost of the hardware.