Analyzing the communication security between smartphones and IoT based on CORAS

Motalib Hossain Bhuyan, Nur A. Azad, Weizhi Meng, Christian D. Jensen

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The exponential growth of Internet-of-Things (IoT) devices and applications may expose tremendous security vulnerabilities in practice, as there are different protocols in the application layer to exchange sensor data, e.g., MQTT, AMQP, CoAP. For the MQTT protocol, IoT devices would publish a plain message that could potentially cause loss of data integrity and data stealing. Motivated by this, we first present a risk assessment on the communication channel between smartphones and IoT using the method of CORAS, which is a model-based security risk analysis framework. Then the paper analyzes several known cryptographic methods and mechanisms to identify which cryptography solution best fits resource constrained IoT devices. Further, we discuss appropriate cryptographic algorithms that can help protect data integrity between smartphones and IoT.
Original languageEnglish
Title of host publicationProceedings of 12th International Conference on Network and System Security
Volume11058
PublisherSpringer
Publication date2018
Pages251-265
ISBN (Print)9783030027438
DOIs
Publication statusPublished - 2018
Event12th International Conference on Network and System Security - Hong Kong Polytechnic University, Hong Kong, China
Duration: 27 Aug 201829 Aug 2018
Conference number: 12

Conference

Conference12th International Conference on Network and System Security
Number12
LocationHong Kong Polytechnic University
CountryChina
CityHong Kong
Period27/08/201829/08/2018
SeriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11058
ISSN0302-9743

Keywords

  • CORAS
  • Data integrity
  • Internet-of-Things
  • Network security
  • Risk assessment
  • Smartphone security

Cite this

Bhuyan, M. H., Azad, N. A., Meng, W., & Jensen, C. D. (2018). Analyzing the communication security between smartphones and IoT based on CORAS. In Proceedings of 12th International Conference on Network and System Security (Vol. 11058, pp. 251-265). Springer. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol.. 11058 https://doi.org/10.1007/978-3-030-02744-5_19
Bhuyan, Motalib Hossain ; Azad, Nur A. ; Meng, Weizhi ; Jensen, Christian D. / Analyzing the communication security between smartphones and IoT based on CORAS. Proceedings of 12th International Conference on Network and System Security. Vol. 11058 Springer, 2018. pp. 251-265 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 11058).
@inproceedings{ec0a8256d626471f8fba73e4577ebbd4,
title = "Analyzing the communication security between smartphones and IoT based on CORAS",
abstract = "The exponential growth of Internet-of-Things (IoT) devices and applications may expose tremendous security vulnerabilities in practice, as there are different protocols in the application layer to exchange sensor data, e.g., MQTT, AMQP, CoAP. For the MQTT protocol, IoT devices would publish a plain message that could potentially cause loss of data integrity and data stealing. Motivated by this, we first present a risk assessment on the communication channel between smartphones and IoT using the method of CORAS, which is a model-based security risk analysis framework. Then the paper analyzes several known cryptographic methods and mechanisms to identify which cryptography solution best fits resource constrained IoT devices. Further, we discuss appropriate cryptographic algorithms that can help protect data integrity between smartphones and IoT.",
keywords = "CORAS, Data integrity, Internet-of-Things, Network security, Risk assessment, Smartphone security",
author = "Bhuyan, {Motalib Hossain} and Azad, {Nur A.} and Weizhi Meng and Jensen, {Christian D.}",
year = "2018",
doi = "10.1007/978-3-030-02744-5_19",
language = "English",
isbn = "9783030027438",
volume = "11058",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "251--265",
booktitle = "Proceedings of 12th International Conference on Network and System Security",

}

Bhuyan, MH, Azad, NA, Meng, W & Jensen, CD 2018, Analyzing the communication security between smartphones and IoT based on CORAS. in Proceedings of 12th International Conference on Network and System Security. vol. 11058, Springer, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11058, pp. 251-265, 12th International Conference on Network and System Security, Hong Kong, China, 27/08/2018. https://doi.org/10.1007/978-3-030-02744-5_19

Analyzing the communication security between smartphones and IoT based on CORAS. / Bhuyan, Motalib Hossain; Azad, Nur A.; Meng, Weizhi; Jensen, Christian D.

Proceedings of 12th International Conference on Network and System Security. Vol. 11058 Springer, 2018. p. 251-265 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 11058).

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

TY - GEN

T1 - Analyzing the communication security between smartphones and IoT based on CORAS

AU - Bhuyan, Motalib Hossain

AU - Azad, Nur A.

AU - Meng, Weizhi

AU - Jensen, Christian D.

PY - 2018

Y1 - 2018

N2 - The exponential growth of Internet-of-Things (IoT) devices and applications may expose tremendous security vulnerabilities in practice, as there are different protocols in the application layer to exchange sensor data, e.g., MQTT, AMQP, CoAP. For the MQTT protocol, IoT devices would publish a plain message that could potentially cause loss of data integrity and data stealing. Motivated by this, we first present a risk assessment on the communication channel between smartphones and IoT using the method of CORAS, which is a model-based security risk analysis framework. Then the paper analyzes several known cryptographic methods and mechanisms to identify which cryptography solution best fits resource constrained IoT devices. Further, we discuss appropriate cryptographic algorithms that can help protect data integrity between smartphones and IoT.

AB - The exponential growth of Internet-of-Things (IoT) devices and applications may expose tremendous security vulnerabilities in practice, as there are different protocols in the application layer to exchange sensor data, e.g., MQTT, AMQP, CoAP. For the MQTT protocol, IoT devices would publish a plain message that could potentially cause loss of data integrity and data stealing. Motivated by this, we first present a risk assessment on the communication channel between smartphones and IoT using the method of CORAS, which is a model-based security risk analysis framework. Then the paper analyzes several known cryptographic methods and mechanisms to identify which cryptography solution best fits resource constrained IoT devices. Further, we discuss appropriate cryptographic algorithms that can help protect data integrity between smartphones and IoT.

KW - CORAS

KW - Data integrity

KW - Internet-of-Things

KW - Network security

KW - Risk assessment

KW - Smartphone security

U2 - 10.1007/978-3-030-02744-5_19

DO - 10.1007/978-3-030-02744-5_19

M3 - Article in proceedings

SN - 9783030027438

VL - 11058

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 251

EP - 265

BT - Proceedings of 12th International Conference on Network and System Security

PB - Springer

ER -

Bhuyan MH, Azad NA, Meng W, Jensen CD. Analyzing the communication security between smartphones and IoT based on CORAS. In Proceedings of 12th International Conference on Network and System Security. Vol. 11058. Springer. 2018. p. 251-265. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 11058). https://doi.org/10.1007/978-3-030-02744-5_19