The Internet of Things (IoT) and its applications have literally invaded ourenvironment, home, cars, cities, etc. and there could be more than 40 billionIoT devices generating around 80 zettabytes of data in 2025. Most of thegenerated IoT data are stored on the cloud from where they can be securelydownloaded by users. For real-time IoT applications which require highlyefficient mechanisms, fog computing offers better performance than cloudcomputing. For both cloud data storage and IoT applications relying on fogcomputing, we need to provide end-to-end security. Security includes, besidesconfidentiality of the data between sender and legitimate receiver, also integrity of the data and authentication of the entities participating in the process. In addition, anonymity and unlinkability of the sender are included as important requirements to ensure privacy. We have studied dedicated securitymechanisms with a focus on efficiency since the IoT devices are assumed to beconstrained devices and require a highly scalable approach due to their largeamount. Fog-based architectures are nowadays popular as they are efficient in terms of location awareness, hardware size, easy deployment, decentralized and simplified operations, time criticalness, internet connectivity and bandwidth usage, etc. To address security issues in fog computing, we proposed two solutions. In the first scheme, a new key agreement protocol is designed for an architecture model with one sensor device, a fog node, and the cloud server. The scheme relies on lightweight cryptographic operation to construct a symmetric key. In the second solution, the proposed protocol is suitable for a group of devices, a fog and a server providing authentication alongsideanonymity to the participants and use Elliptic Curve Cryptography to construct a group key.We also focused on security primitives enabling secure data transmission fromthe cloud service provider to the end-users. The cloud service provider isconsidered as an honest-but-curious entity, who executes the required stepsbut could be interested in retrieving the data for its own purpose. Theconfidentiality of the data should therefore be protected towards the cloud.Hence, a symmetric key based mechanism was proposed to enable proxy re-encryption. In proxy re-encryption schemes, a second encryption is performedby the cloud before the re-encrypted data are forwarded to the end-user. Weavoided computationally intensive operations and used lightweightcryptographic operations such as bitwise XOR, concatenation and hash instead.This approach is highly efficient in terms of computation cost.The developed schemes were verified using formal verification methods andinformal analysis. This PhD thesis contributes to the development of efficientsecurity primitives providing end-to-end security solutions between IoT devices and different legitimate receivers.
Shabisha, P 2021, ''Internet of Things: A contribution to the improvement of IoT for interoperability and enhanced security'', Doctor of Engineering Sciences, Vrije Universiteit Brussel, Brussels.
Shabisha, P. (2021). 'Internet of Things: A contribution to the improvement of IoT for interoperability and enhanced security'. [PhD Thesis, Vrije Universiteit Brussel].
@phdthesis{3d7325831b4d4f4db1e2614fba5e0a25,
title = "'Internet of Things: A contribution to the improvement of IoT for interoperability and enhanced security'",
abstract = "The Internet of Things (IoT) and its applications have literally invaded ourenvironment, home, cars, cities, etc. and there could be more than 40 billionIoT devices generating around 80 zettabytes of data in 2025. Most of thegenerated IoT data are stored on the cloud from where they can be securelydownloaded by users. For real-time IoT applications which require highlyefficient mechanisms, fog computing offers better performance than cloudcomputing. For both cloud data storage and IoT applications relying on fogcomputing, we need to provide end-to-end security. Security includes, besidesconfidentiality of the data between sender and legitimate receiver, also integrity of the data and authentication of the entities participating in the process. In addition, anonymity and unlinkability of the sender are included as important requirements to ensure privacy. We have studied dedicated securitymechanisms with a focus on efficiency since the IoT devices are assumed to beconstrained devices and require a highly scalable approach due to their largeamount. Fog-based architectures are nowadays popular as they are efficient in terms of location awareness, hardware size, easy deployment, decentralized and simplified operations, time criticalness, internet connectivity and bandwidth usage, etc. To address security issues in fog computing, we proposed two solutions. In the first scheme, a new key agreement protocol is designed for an architecture model with one sensor device, a fog node, and the cloud server. The scheme relies on lightweight cryptographic operation to construct a symmetric key. In the second solution, the proposed protocol is suitable for a group of devices, a fog and a server providing authentication alongsideanonymity to the participants and use Elliptic Curve Cryptography to construct a group key.We also focused on security primitives enabling secure data transmission fromthe cloud service provider to the end-users. The cloud service provider isconsidered as an honest-but-curious entity, who executes the required stepsbut could be interested in retrieving the data for its own purpose. Theconfidentiality of the data should therefore be protected towards the cloud.Hence, a symmetric key based mechanism was proposed to enable proxy re-encryption. In proxy re-encryption schemes, a second encryption is performedby the cloud before the re-encrypted data are forwarded to the end-user. Weavoided computationally intensive operations and used lightweightcryptographic operations such as bitwise XOR, concatenation and hash instead.This approach is highly efficient in terms of computation cost.The developed schemes were verified using formal verification methods andinformal analysis. This PhD thesis contributes to the development of efficientsecurity primitives providing end-to-end security solutions between IoT devices and different legitimate receivers.",
author = "Placide Shabisha",
year = "2021",
language = "English",
school = "Vrije Universiteit Brussel",
}