Advertisement

Analyzing the Communication Security Between Smartphones and IoT Based on CORAS

  • Motalib Hossain Bhuyan
  • Nur A. Azad
  • Weizhi MengEmail author
  • Christian D. Jensen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11058)

Abstract

The exponential growth of Internet-of-Things (IoT) devices and applications may expose tremendous security vulnerabilities in practice, as there are different protocols in the application layer to exchange sensor data, e.g., MQTT, AMQP, CoAP. For the MQTT protocol, IoT devices would publish a plain message that could potentially cause loss of data integrity and data stealing. Motivated by this, we first present a risk assessment on the communication channel between smartphones and IoT using the method of CORAS, which is a model-based security risk analysis framework. Then the paper analyzes several known cryptographic methods and mechanisms to identify which cryptography solution best fits resource constrained IoT devices. Further, we discuss appropriate cryptographic algorithms that can help protect data integrity between smartphones and IoT.

Keywords

Network security Risk assessment CORAS Internet-of-Things Smartphone security Data integrity 

References

  1. 1.
    den Braber, F., Hogganvik, I., Lund, M.S., Stølen, K., Vraalsen, F.: Model-based security analysis in seven steps - a guided tour to the CORAS method. BT Technol. J. 1(25), 101–117 (2007)CrossRefGoogle Scholar
  2. 2.
    Stoneburner, G., Goguen, A.Y., Feringa, A.: SP 800–30. Risk management guide for information technology systems. National Institute of Standards & Technology. Gaithersburg, MD, United States (2002)Google Scholar
  3. 3.
    National Standards Authority of Ireland, Risk Management: Risk Assessment Techniques (IEC/ISO 31010:2009 (EQV). Irish standard. National Standards Authority of Ireland (2009)Google Scholar
  4. 4.
    Elminaam, D.S.A., Kader, H.M.A., Hadhoud, M.M.: Performance evaluation of symmetric encryption algorithms. IJCSNS Int. J. Comput. Sci. Netw. Secur. 8(12), 280–286 (2008)Google Scholar
  5. 5.
    Aggarwal, S., Goyal, N., Aggarwal, K.: A review of comparative study of MD5 and SHA security algorithm. Int. J. Comput. Appl. 104(14), 1–4 (2014)Google Scholar
  6. 6.
    Gaubatz, G., Kaps, J.-P., Sunar, B.: Public key cryptography in sensor networks-revisited. Worcester Polytechnic Institute, USA (2004)Google Scholar
  7. 7.
    Ali, B., Awad, A.I.: Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 18, 817 (2018)CrossRefGoogle Scholar
  8. 8.
    MQTT Security Fundamentals: MQTT Message Data Integrity. https://www.hivemq.com/blog/mqtt-security-fundamentals-mqtt-message-data-integrity
  9. 9.
  10. 10.
    Yassein, M.B., Shatnawi, M.Q., Al-zoubi, D.: Application layer protocols for the Internet of Things: a survey. In: 2016 International Conference on Engineering MIS (ICEMIS), pp. 1–4 (2016)Google Scholar
  11. 11.
  12. 12.
    Thangavel, D., Ma, X., Valera, A., Tan, H.X., Tan, C.K.Y.: Performance evaluation of MQTT and CoAP via a common middleware. In: 2014 IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP) (2014)Google Scholar
  13. 13.
    Farah, S., Javed, M.Y., Shamim, A., Nawaz, T.: An experimental study on performance evaluation of asymmetric encryption algorithms. In: WSEAS 3rd European Conference of Computer Science (WSEAS ECCS 2012) (2012)Google Scholar
  14. 14.
    Mittal, M.: Performance evaluation of cryptographic algorithms. J. Comput. Appl. 41(7), 1–6 (2012). (0975 – 8887)Google Scholar
  15. 15.
    Ebrahim, M., Khan, S., Khalid, U.B.: Symmetric algorithm survey: a comparative analysis. Int. J. Comput. Appl. 61(20) (2013)Google Scholar
  16. 16.
    Elbaz, L., Bar-El, H.: Strength assessment of encryption algorithms, pp. 1–14 October 2000Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Motalib Hossain Bhuyan
    • 1
  • Nur A. Azad
    • 1
  • Weizhi Meng
    • 1
    Email author
  • Christian D. Jensen
    • 1
  1. 1.Department of Mathematics and Computer ScienceTechnical University of DenmarkLyngbyDenmark

Personalised recommendations