Trappe, Howard and Moore, three researchers from the University of Rutgers, have published an interesting paper in the latest issue of IEEE Security & Privacy. The title is ‘Low-Energy Security: Limits and Opportunities in the Internet of Things’
IoT will not only be connected phones, TVs, or fridges, it will also be myriads of tiny sensors (the famous concept of smart dust). Whereas the big devices have reasonable access to energy and calculation, these sensors do not have access to energy and calculation. They will have two issues:
- A very low energy consumption; You do not expect to charge every day a thermal sensor. You will rather install it and forget about it for many years.
- As they are low cost and low energy consumption, the calculation capabilities will be drastically reduced.
Unfortunately, the collected data will serve to major decisions by applications or may leak private information. They will need to be protected in integrity, and confidentiality. With the hardware constraints, conventional cryptography is out of reach. Moreover, poor security is not an option (it is useless), there is a major challenge for the security of IoT.
They present some of the potential new methods to secure the communication. For instance, the receiver that has serious calculation power could authenticate the sensor by fingerprinting the analog characteristics of the transmission. This would not put any burden on the sensor. To reduce the encrypted data which burns energy, they propose to encrypt only major variations. This may open interesting side channel attacks. For confidentiality, they propose to revisit the concept of ‘wire-tap channel’ disclosed by Wyner in 1975.
The paper is worthy to read as it clearly states the problems and highlights some potential research topics.