miun.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Eldefrawy, Mohamed
Publications (4 of 4) Show all publications
Eldefrawy, M., Ferrari, N. & Gidlund, M. (2019). Dynamic User Authentication Protocol for Industrial IoT without Timestamping. In: 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS): . Paper presented at 15th IEEE International Workshop on Factory Communication Systems (WFCS´19), Sundsvall, Sweden, May 27-29, 2019.. IEEE, Article ID 8757984.
Open this publication in new window or tab >>Dynamic User Authentication Protocol for Industrial IoT without Timestamping
2019 (English)In: 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS), IEEE, 2019, article id 8757984Conference paper, Published paper (Refereed)
Abstract [en]

Internet of Things (IoT) technology has succeed ingetting a great attention in the industry where it has been ableand still can solve many industrial intractable issues. The emergingtechnology is suffering from severe security shortcomings.Authentication is a cornerstone of IoT security as it presents the measures of checking the legitimacy of communication’s entities.The Industrial IoT (IIoT) technology has special conditions, resulting from a lack of resources and a shortage of security skills. As far as we can tell, from the literature, IIoT user authentication has not been studied extensively. In 2017 Tai et al. presented an authenticated key agreement for IoT networks. Here we prove that Tai et al. is susceptible to sever security weaknesses, such as;i. stolen smart card attack, ii. unknown key share attack, iii. node capturing attack. In this research article, we offer an innovative IIoT user authentication scheme that can achieve secure remote user authentication without timestamping that requires precise synchronization, it only needs Hashing and Xor-ing. We examine the efficiency of our presented scheme using Tmote Sky node over an MSP430 microcontroller using COOJA simulator as well aswe show its correctness using Scyther verification tool.

Place, publisher, year, edition, pages
IEEE, 2019
Keywords
Industrial IoT, Security, Authentication, Timestamp
National Category
Communication Systems Computer Engineering
Identifiers
urn:nbn:se:miun:diva-36732 (URN)10.1109/WFCS.2019.8757984 (DOI)000490866300013 ()2-s2.0-85070082936 (Scopus ID)978-1-7281-1268-8 (ISBN)
Conference
15th IEEE International Workshop on Factory Communication Systems (WFCS´19), Sundsvall, Sweden, May 27-29, 2019.
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Funder
European Regional Development Fund (ERDF)
Available from: 2019-07-15 Created: 2019-07-15 Last updated: 2019-11-13Bibliographically approved
Eldefrawy, M., Butun, I., Pereira, N. & Gidlund, M. (2019). Formal security analysis of LoRaWAN. Computer Networks, 148, 328-339
Open this publication in new window or tab >>Formal security analysis of LoRaWAN
2019 (English)In: Computer Networks, ISSN 1389-1286, E-ISSN 1872-7069, Vol. 148, p. 328-339Article in journal (Refereed) Published
Abstract [en]

Recent Low Power Wide Area Networks (LPWAN) protocols are receiving increased attention from industry and academia to offer accessibility for Internet of Things (IoT) connected remote sensors and actuators. In this work, we present a formal study of LoRaWAN security, an increasingly popular technology, which defines the structure and operation of LPWAN networks based on the LoRa physical layer. There are previously known security vulnerabilities in LoRaWAN that lead to the proposal of several improvements, some already incorporated into the latest protocol specification. Our analysis of LoRaWAN security uses Scyther, a formal security analysis tool and focuses on the key exchange portion of versions 1.0 (released in 2015) and 1.1 (the latest, released in 2017). For version 1.0, which is still the most widely deployed version of LoRaWAN, we show that our formal model allowed to uncover weaknesses that can be related to previously reported vulnerabilities. Our model did not find weaknesses in the latest version of the protocol (v1.1), and we discuss what this means in practice for the security of LoRaWAN as well as important aspects of our model and tools employed that should be considered. The Scyther model developed provides realistic models for LoRaWAN v1.0 and v1.1 that can be used and extended to formally analyze, inspect, and explore the security features of the protocols. This, in turn, can clarify the methodology for achieving secrecy, integrity, and authentication for designers and developers interested in these LPWAN standards. We believe that our model and discussion of the protocols security properties are beneficial for both researchers and practitioners. To the best of our knowledge, this is the first work that presents a formal security analysis of LoRaWAN.

Keywords
IoT, LoRaWANS, cyther verification
National Category
Communication Systems
Identifiers
urn:nbn:se:miun:diva-35145 (URN)10.1016/j.comnet.2018.11.017 (DOI)000458345100027 ()2-s2.0-85057039918 (Scopus ID)
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2018-12-10 Created: 2018-12-10 Last updated: 2019-10-16Bibliographically approved
Eldefrawy, M., Pereira, N. & Gidlund, M. (2019). Key Distribution Protocol for Industrial Internet of Things without Implicit Certificates. IEEE Internet of Things Journal, 6(1), 906-917
Open this publication in new window or tab >>Key Distribution Protocol for Industrial Internet of Things without Implicit Certificates
2019 (English)In: IEEE Internet of Things Journal, ISSN 2327-4662, Vol. 6, no 1, p. 906-917Article in journal (Refereed) Published
Abstract [en]

The deployment of the Internet of Things (IoT) in industry, called the Industrial IoT (IIoT), is supporting the introduction of very desirable improvements such as increasing production flexibility, self-organization and real-time and quick response to events. However, security and privacy challenges are still to be well addressed. The IIoT requires different properties to achieve secure and reliable systems and these requirements create extra challenges considering the limited processing and communication power available to IIoT field devices. In this research article, we present a key distribution protocol for IIoT that is computationally and communicationally lightweight (requires a single message exchange) and handles node addition and revocation, as well as fast re-keying. The scheme can also resist the consequences of node capture attacks (we assume that captured nodes can be detected by the Gateway and previous works have shown this assumption to be acceptable in practice), server impersonation attacks and provides forward/backward secrecy. We show formally the correctness of our protocol and evaluate its energy consumption under realistic scenarios using a real embedded platform compared to previous state-of-the-art key-exchange protocols, to show our protocol reliability for IIoT.

Keywords
Industrial Internet of Things (IIoT), Cyber Assurance, Key Distribution Protocol.
National Category
Communication Systems Telecommunications Computer Engineering Computer Sciences
Identifiers
urn:nbn:se:miun:diva-34278 (URN)10.1109/JIOT.2018.2865212 (DOI)000459709500077 ()2-s2.0-85051650298 (Scopus ID)
Projects
TIMELINESSSMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Funder
European Regional Development Fund (ERDF)Knowledge Foundation
Available from: 2018-08-20 Created: 2018-08-20 Last updated: 2019-10-16Bibliographically approved
Forsström, S., Butun, I., Eldefrawy, M., Jennehag, U. & Gidlund, M. (2018). Challenges of Securing the Industrial Internet of Things Value Chain. In: 2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018 - Proceedings: . Paper presented at 2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018, Brescia, Italy, 16 April 2018 through 18 April 2018 (pp. 218-223). IEEE, Article ID 8428344.
Open this publication in new window or tab >>Challenges of Securing the Industrial Internet of Things Value Chain
Show others...
2018 (English)In: 2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018 - Proceedings, IEEE, 2018, p. 218-223, article id 8428344Conference paper, Published paper (Refereed)
Abstract [en]

We see a shift from todays Internet-of-Things (IoT)to include more industrial equipment and metrology systems,forming the Industrial Internet of Things (IIoT). However, thisleads to many concerns related to confidentiality, integrity,availability, privacy and non-repudiation. Hence, there is a needto secure the IIoT in order to cater for a future with smart grids,smart metering, smart factories, smart cities, and smart manufacturing.It is therefore important to research IIoT technologiesand to create order in this chaos, especially when it comes tosecuring communication, resilient wireless networks, protectingindustrial data, and safely storing industrial intellectual propertyin cloud systems. This research therefore presents the challenges,needs, and requirements of industrial applications when it comesto securing IIoT systems.

Place, publisher, year, edition, pages
IEEE, 2018
Keywords
Security, IoT, IIoT, Industry 4.0, vulnerabilities, trust, metering, metrology, application, end-device
National Category
Computer Engineering
Identifiers
urn:nbn:se:miun:diva-33653 (URN)10.1109/METROI4.2018.8428344 (DOI)000494651700040 ()2-s2.0-85052506472 (Scopus ID)978-1-5386-2497-5 (ISBN)978-1-5386-2498-2 (ISBN)
Conference
2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018, Brescia, Italy, 16 April 2018 through 18 April 2018
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2018-05-22 Created: 2018-05-22 Last updated: 2020-01-15Bibliographically approved
Organisations

Search in DiVA

Show all publications