Nader Mbarek - Service Level Management in Emerging Environments

In an IoT environment, there are several points that must be taken into consideration when using the confidentiality service, especially during the key exchange process for encryption. First of all, extensibility is an important characteristic that must be considered, as there is a high number of connected objects. In fact, the number of entities that can be involved in the key exchange process may be limited by using conventional systems. Second, new entities may be involved after the initial key exchange. Thus, new objects may be integrated into the IoT environment after the initiation of the services. Scalability is another important characteristic that must be taken into consideration. Indeed, when new entities are involved in the key exchange process in the IoT, the volume of cryptographic data to be stored on the objects becomes greater, while IoT objects are subject to restrictions in terms of data storage and processing abilities (Abdemeziem 2016).

One of the challenges in implementing an encryption system for a connected object in the IoT environment is the availability of appropriate software libraries that respect the constraints governing IoT objects in terms of memory, computation ability and energy consumption. In this context, certain research projects have been carried out to address this problem, which still poses a challenge and requires more advanced studies that are better adapted to the needs of the IoT in order to provide optimal security services. An example of an existing library that can be used in an IoT environment is the “AVR-Crypto-Lib” (Cantora 2013), which provides special implementations that respect the limited resources of microcontrollers. This library offers symmetric key encryption such as AES, RC5, RC6 and DES. Another library, “Relic-Toolkit” (2018), offers a large variety of asymmetric encryption algorithms such as RSA and Rabin crypto system. “Relic-Toolkit” is used in the TinyPBC project implemented on the TOSSIM simulator (2018) on the TinyOS operating system. The libraries we have just described provide, among other things, a confidentiality service in an IoT environment, which allows secure communications, so that unauthorized access to the content of the data is prohibited and that content is protected during its transfer between two entities in the IoT environment.

European research projects have also focused on data confidentiality on the IoT. The SMARTIE project (Pokric et al . 2015), for example, uses CP-ABE (Ciphertext Policy Attribute-Based Encryption), a technique that allows the IoT user to decrypt the message from objects with a secret key if the policy attributes match the attributes of the key. CP-ABE makes it possible to encrypt data for a group of users, instead of encrypting it individually, in accordance with access policies. This technique links access control and encryption and is used when data from an object must be received by several users of that IoT service. Data are thus encrypted only once (SMARTIE 2014a; Pokric et al . 2015). The European project BUTLER (CORDIS 2018) is focused on the protection of the communication channel in the IoT. This channel is vulnerable because of its wireless feature and information dissemination. BUTLER proposes improvements to security standards used in IoT communication technologies. For ZigBee, it offers a security system based on the use of symmetric keys to complement and enhance the security features provided by the ZigBee standard, which uses two mandatory keys and one optional key. The Master Key and the Network Key are mandatory, while the Link Key is optional. The Master Key is used in the initialization phase and implemented at the nodes through an out-of-band channel. The Network Key guarantees the security of the network layer and is shared by all nodes. It is derived from the Master Key. The optional Link Key is derived from the Master key and guarantees the security of the link between two peers at the application level. In this context, the BUTLER project put in place mechanisms to manage the deployment, maintenance and revocation of the Master key. It also proposed implementing an additional symmetric key (called the Global Key) at the node, at the time of manufacture. This key is used by the Medium Access Control (MAC) layer and is shared by all nodes. The Global Key guarantees security for the lower layers. The Network Key provided by the ZigBee standard will thus be used as a Group Key, which will be shared between the nodes and managed by the ZigBee Network layer. This makes it possible to securely address a group of nodes sharing a common feature. As a result, objects communicating via ZigBee will be guaranteed greater security as well as additional security when using the optional Link Key (Sottile et al . 2014).

Integrity is a security service that covers two significant concepts in the IoT: the integrity of data and the integrity of objects. The integrity of data aims to ensure that the data exchanged in an IoT environment is not modified or destroyed in an unauthorized manner during transfer. This is necessary in order to provide a reliable service and ensure that the information collected and commands received by the objects are legitimate. Verifying the integrity of data involves two processes, one involving the sender and the other the recipient. The entity that is transmitting the data adds verification information (like the Block Check Character or a cryptographic check value such as a hash value) based on the data transmitted. The recipient generates the same verification information based on the data received and compares this information with the information received in order to determine whether or not the data were modified during transmission in the IoT environment (ITU-T 1991).

The integrity of objects is necessary as the nodes in the IoT may be deployed in an unreliable environment and may be physically attacked to modify the software codes in the objects, for example. This second integrity service in the IoT enables the detection and prevention of any modification to the operating system and the configuration of the objects. The integrity of objects also makes it possible to lock and eliminate non-compliant devices. To implement this type of integrity, a digital fingerprint for the object in question is used to compare data effectively available on the object with the data that should be available.

Various European research projects have studied the security service ensuring both types of integrity, that of data as well as of objects, in an IoT environment. SMARTIE, for instance, takes into account several architectures for the implementation of the integrity service in an IoT environment. It uses Linux’s kernel integrity measurement architecture (Pokric et al . 2015) to verify the integrity of objects. It additionally takes the support of integrity verification mechanisms present on smart cards, while taking inspiration from the Integrity Measurement Architecture (IMA). SMARTIE thus offers a node-attestation component that makes it possible to verify the integrity of the node by testing the hashing for the list of software and files that have been executed on that node. The node attestation component consists of a Remote Attestation mechanism between IoT objects and the remote central unit that is responsible for measuring the integrity of the objects. Remote attestation allows the remote party – the gateway or server responsible for verifying the integrity of the objects – to inspect the state of a device or an IoT object at any given moment. The remote party may request the hashing of the list of software or files and is able to verify whether the records provided by the device have been falsified by comparing the hashing received with the hashing that was calculated. The node-attestation component developed in SMARTIE makes it possible to provide a practical solution, which is a compromise between the hardware solution and the software-based approaches by using the IMA module and the architecture for integrity measurement that is present in the Linux kernel (SMARTIE 2014a; Pokric et al . 2015). The IMA module measures the integrity of the binary code before the kernel proceeds to loading the code into memory to be run. The measurement result is recorded and sent to the IMASC service (Integrity Management Architecture using a Smart Card). The IMASC system transmits the result to the smart card, where it is timestamped and signed so that there can be no subsequent manipulation of the entry. In addition, the smart card preserves a record with the hash value. For remote attestation, the verifying party can inspect the state of a remote device at any time by requesting the hashing and verifying the signatures. During a remote attestation request, the IMASC service interacts with the smart card and with the remote party in order to provide the proof of attestation. Further, various libraries have been designed for IoT objects in order to carry out the hash functions. For example, we have “Cryptosuite” (Knight 2010), which is a library for Arduino that supports different hashing algorithms such as SHA-1, SHA-256, HMAC-SHA-1 and HMAC-SHA-256.