TY  - JOUR
T1  - Secure Gateway for the Internet of Things
TT  - Nesnelerin İnterneti için Güvenli Ağ Geçidi
AU  - Toğay, Cengiz
AU  - Mutlu, Gökhan
AU  - Kurtuluş, Durmuş
AU  - Özgür, Faik
PY  - 2019
DA  - August
DO  - 10.31590/ejosat.524783
JF  - Avrupa Bilim ve Teknoloji Dergisi
JO  - EJOSAT
PB  - Osman SAĞDIÇ
WT  - DergiPark
SN  - 2148-2683
SP  - 414
EP  - 426
IS  - 16
LA  - en
AB  - Internet of Things (IoT)devices includes connected devices suchas industrial embedded devices, vehicles, smart home appliance, sensors, andactuators. Even non-internet-enabled physical devices can be part of the IoTsystem through gateways. IoT platforms are getting the attraction of the attackers because of the security weakness of theconstrained devices. They can use the IoT devices for DDOS attacking ordirectly attack the device to damage the overall system. Since several communication industry standard protocols such as MQTT, AMQP, and COAP can be utilized inan environment, communication between devices can be provided through a broker. Unencryptedcommunications can be sniffed therefore username and passwords can be stolen, or message canbe modified by the attacker. We need to provide secure authentication and encryptedcommunication in order to make the systems secure. One way is the utilizationof TLS based approaches can be utilized,but memory constrained devices cannot handle asymmetric encryption algorithms.In this paper, we propose a new approach for IoT gateways with utilization of asecure element has storage for keys, true random generator and FIPS standard AES 128 bit encryption capability.We utilized the secure element/chip in two different embedded devices to testthe approach and measure performances. We developed a new embedded deviceincludes ARM Cortex M0 for this study and also utilize a demo card includes ARMCortex M3. We also propose a new method utilizes physical I2C propertyof the ARM Cortex M3 to provide fast and secure communication. The approachincludes a new authentication method and encrypted communication based on thesecure element’s properties. We also investigate on the message integrity basedon the cryptographic hash and cyclic redundancy checkalgorithms.
KW  - Internet of Things
KW  - Authentication
KW  - Encryption
KW  - ModBus
KW  - Embedded Software
N2  - ÖzNesnelerininterneti cihazları, endüstriyel gömülü sistemler, araçlar, akıllı evaygıtları, sensörler ve işleticiler gibi birbirine bağlı cihazlardan meydanagelmektedir. İnternete bağlanma imkanı olmayan cihazlar dahi ağ geçitlerisayesinde bir nesnelerin interneti sisteminin parçası olabilmektedirler.Nesnelerin interneti sistemleri gömülü sistemlerin sahipi oldukları donanımsınırları nedeni ile saldırganların hedefi olmaya başladı. Saldırganlar bucihazları DDOS ataklarından kulllanabilmekte veya doğrudan ilgili cihazayapılan saldırılar ile bağlı oldukları sistemlerde çok ciddi hasarlara nedenolabilmektedirler. Bir ortamda birden fazla MQTT, AMQP, ve COAP gibi iletişimprotokolünün kullanılması nedeni ile cihazlar arasındaki iletişimde aracıolarak bir aracı/broker kullanılabilir. Saldırganlar şifresiz iletişimin birsonucu olarak kullanıcı adı ve parolası gibi bilgiler ağ üzerinden eldeedilebilmekte ya da mesaj içerikleri değiştirebilmektedirler. Sistemin güvenlihale getirmek için güvenli yetkilendirme ve şifreli iletişimi sağlamamızgerekmektedir. TLS tabanlı yaklaşımlar uygulanabilir. Ancak, gömülü sistemlerinbellek gibi kısıtları nedeni ile asimetrik şifreleme yaklaşımlarınınuygulamakta güçlük çekilmektedir. Bu makalemizde nesnelerin internet ağgeçitleri için güvenli anahtar depolama, gerçek rastgele üretici ve FIPSstandartlarına uygun olarak 128 bit AES şifreleme/çözme özelliklerine sahipolan bir chipi baz alan bir yaklaşım önerilmektedir. İki farklı gömülü sistem donanımında güvenlik chipikullanılarak yaklaşım test edildi ve performans değerleri ölçüldü. Bu çalışmaiçin ARM Cortex M0 işlemcisine dahip yeni bir gömülü system cihazı geliştirildiayrıca ARM Cortex M3 işlemcisine dahip bir demo kart kullanıldı. Sunulançalışmada ayrıca ARM Cortex M3’ün sahip olduğu fiziksel I2C özelliğini kullananönerdiğimiz bir metod ile düşük boyuttaki mesajlar için hızlı ve şifreliiletişim imkanı elde ettik. Yaklaşım, chipin özelliklerini kullanan yeni kimlikdoğrulama ve şifreli iletişim metodlarını içermektedir. Ayrıca, mesajlarınbütünlüğüne yönelik olarak kriptoğrafik hash ve çevrimsel fazlalık sınamasıalgoritmaları kullanıldı.
CR  - ATAES132A. (n.d.). Retrieved from http://ww1.microchip.com/downloads/en/DeviceDoc/ATAES132A-Data-Sheet-40002023A.pdf
CR  - Banks, A., & Gupta, R. (n.d.). MQTT Version 3.1.1. Retrieved from https://www.oasis-open.org/news/announcements/mqtt-version-3-1-1-becomes-an-oasis-standard
CR  - Bassham, L. E. (2002). The Advanced Encryption Standard Algorithm Validation Suite (AESAVS). Retrieved from http://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdf
CR  - Bormann, C., Ersue, M., & Keränen, A. (2014, May). Terminology for Constrained-Node Networks. RFC Editor. http://doi.org/10.17487/RFC7228
CR  - Choi, S. K., Yang, C. H., & Kwak, J. (2018). System hardening and security monitoring for IoT devices to mitigate IoT security vulnerabilities and threats. KSII Transactions on Internet and Information Systems, 12(2), 906–918. http://doi.org/10.3837/tiis.2018.02.022
CR  - Chowdhury, F. S., Istiaque, A., Mahmud, A., & Miskat, M. (2018). An implementation of a lightweight end-to-end secured communication system for patient monitoring system. In 2018 Emerging Trends in Electronic Devices and Computational Techniques (EDCT) (pp. 1–5). http://doi.org/10.1109/EDCT.2018.8405076
CR  - Digikey. (n.d.). Retrieved December 20, 2018, from https://www.digikey.com
CR  - Dworkin, M. (n.d.). NIST Special Publication 800-38C: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. Retrieved from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf
CR  - Eclipse Paho. (n.d.). Retrieved from https://www.eclipse.org/paho/
CR  - Ettercap. (n.d.). Retrieved December 20, 2018, from https://www.ettercap-project.org/
CR  - Fathy, A., Tarrad, I. F. I. F., Hamed, H. F. A. H. F. A., & Awad, A. I. A. I. (2012). Advanced Encryption Standard Algorithm: Issues and Implementation Aspects. In Communications in Computer and Information Science. http://doi.org/10.1007/978-3-642-35326-0
CR  - FIPS 197: Announcing the ADVANCED ENCRYPTION STANDARD (AES). (2001). Retrieved from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
CR  - Fusesource MQTT Client. (n.d.). Retrieved from https://github.com/fusesource/mqtt-client
CR  - Huitsing, P., Chandia, R., Papa, M., & Shenoi, S. (2008). Attack taxonomies for the Modbus protocols. International Journal of Critical Infrastructure Protection, 1, 37–44. http://doi.org/10.1016/J.IJCIP.2008.08.003
CR  - Ionescu, V. M. (2015). The analysis of the performance of RabbitMQ and ActiveMQ. In 2015 14th RoEduNet International Conference - Networking in Education and Research, RoEduNet NER 2015 - Proceedings (pp. 132–137). Craiova Romania. http://doi.org/10.1109/RoEduNet.2015.7311982
CR  - ISO/IEC 19464:2014: Advanced Message Queuing Protocol (AMQP) 1.0. (2014). Retrieved from http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=64955
CR  - Katsikeas, S. (2016). A lightweight and secure MQTT implementation for Wireless Sensor Nodes. Technical University of Crete. Technical University of Crete.
CR  - King, J., & Awad, A. I. (2016). A distributed security mechanism for Resource-Constrained IoT Devices A Distributed Security Mechanism for Resource-Constrained IoT Devices, 40(June), 133–143.
CR  - MbedTLS. (n.d.). Retrieved from https://tls.mbed.org
CR  - Modbus. (n.d.). Retrieved November 21, 2018, from http://www.modbus.org
CR  - Mosquitto. (n.d.). Retrieved December 19, 2018, from https://mosquitto.org/
CR  - Naik, S., & Maral, V. (2018). Cyber security - IoT. RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings, 2018–Janua, 764–767. http://doi.org/10.1109/RTEICT.2017.8256700
CR  - Oliveira, C. T., Moreira, R., de Oliveira Silva, F., Miani, R. S., & Rosa, P. F. (2018). Improving Security on IoT Applications Based on the FIWARE Platform. In 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA) (pp. 686–693). http://doi.org/10.1109/AINA.2018.00104
CR  - OWASP IoT Vulnerabilities. (n.d.). Retrieved from https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Vulnerabilities
CR  - Petit, C., Standaert, F.-X., Pereira, O., Malkin, T., & Yung, M. (2007). A Block Cipher based PRNG Secure Against Side-Channel Key Recovery. In AsiaCCS (pp. 1–22). Retrieved from http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.74.4352%5Cnhttps://eprint.iacr.org/2007/356.pdf
CR  - Schwabe, P., & Stoffelen, K. (2016). All the AES You Need on Cortex-M3 and M4. IACR Cryptology EPrint Archive, 2016, 714.
CR  - TinyCrypt. (n.d.). Retrieved from https://01.org/tinycrypt
CR  - Urbina, M., Astarloa, A., Lázaro, J., Bidarte, U., Villalta, I., & Rodriguez, M. (2017). Cyber-Physical Production System Gateway Based on a Programmable SoC Platform. IEEE Access, 5, 20408–20417. http://doi.org/10.1109/ACCESS.2017.2757048
CR  - Vrettos, G., Logaras, E., & Kalligeros, E. (2018). Towards Standardization of MQTT-Alert-based Sensor Networks: Protocol Structures Formalization and Low-End Node Security. In 2018 IEEE 13th International Symposium on Industrial Embedded Systems (SIES) (pp. 1–4). http://doi.org/10.1109/SIES.2018.8442109
CR  - Wardhani, R. W., Ogi, D., Syahral, M., & Septono, P. D. (2017). Fast implementation of AES on Cortex-M3 for security information devices. In 2017 15th International Conference on Quality in Research (QiR) : International Symposium on Electrical and Computer Engineering (pp. 241–244). http://doi.org/10.1109/QIR.2017.8168489
CR  - Whiting, D., Housley, R., & Ferguson, N. (2003). Counter with CBC-MAC (CCM). United States: RFC Editor.
UR  - https://doi.org/10.31590/ejosat.524783
L1  - https://dergipark.org.tr/tr/download/article-file/738104
ER  -