Abstract
Internet of Things or IoT deployments are becoming more and more common. The list of use-cases for IoT is getting longer and longer, but some examples are smart home appliances and wireless sensor networks. When IoT devices are deployed and used over an extended time, it is not guaranteed that one owner will control the IoT devices over their entire lifetime. If the ownership of an IoT system shall be transferred between two entities, secure ownership transfer arises.
In this paper we propose a protocol that enables secure ownership transfer of constrained IoT devices. The protocol is resource-efficient and only rely on symmetric cryptography for the IoT devices. The protocol has been rigorously analyzed to prove the state security requirements. The security analysis has been done partially using formal protocol verification tools, particularly Tamarin Prover. To show our proposed protocol’s resource efficiency, we have done a proof of concept implementation. This implementation, for constrained IoT devices, has been used to verify the efficiency of the protocol. The results presented in this paper, an extend version of previously published work on secure ownership transfer protocols for constrained IoT devices by the same authors.
Supported by SSF project SEC4Factory under grant RIT17-0032 and EU H2020 project CloudiFacturing under grant 768892.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
These keys are included not to give protection against IoT compromise but to make denial-of-service type of attacks less likely.
- 2.
- 3.
- 4.
- 5.
- 6.
References
Aghili, S.F., Mala, H., Shojafar, M., Peris-Lopez, P.: LACO: lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT. Future Gener. Comput. Syst. 96, 410–424 (2019). https://doi.org/10.1016/j.future.2019.02.020, http://www.sciencedirect.com/science/article/pii/S0167739X18331297
Alblooshi, M., Salah, K., Alhammadi, Y.: Blockchain-based ownership management for medical IoT (MIoT) devices. In: 2018 International Conference on Innovations in Information Technology (IIT), pp. 151–156. IEEE (2018)
Altun, C., Tavli, B., Yanikomeroglu, H.: Liberalization of digital twins of IoT-enabled home appliances via blockchains and absolute ownership rights. IEEE Commun. Mag. 57(12), 65–71 (2019)
Bagheri, N., Aghili, S.F., Safkhani, M.: On the security of two ownership transfer protocols and their improvements. Int. Arab J. Inf. Technol. 15(1), 87–93 (2018). https://iajit.org/PDF/January%202018,%20No.%201/8266.pdf. Accessed 07 Jan 2022
Basin, D., Cremers, C., Dreier, J., Sasse, R.: Symbolically analyzing security protocols using tamarin. ACM SIGLOG News 4(4), 19–30 (2017). https://doi.org/10.1145/3157831.3157835, https://hal.archives-ouvertes.fr/hal-01622110
Borah, M.D., Naik, V.B., Patgiri, R., Bhargav, A., Phukan, B., Basani, S.G.M.: Supply chain management in agriculture using blockchain and IoT. In: Kim, S., Deka, G.C. (eds.) Advanced Applications of Blockchain Technology. SBD, vol. 60, pp. 227–242. Springer, Singapore (2020). https://doi.org/10.1007/978-981-13-8775-3_11
Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. Internet Engineering Task Force (IETF): Fremont, CA, USA, pp. 1721–2070 (2014)
Burmester, M., de Medeiros, B., Motta, R.: Provably secure grouping-proofs for RFID tags. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 176–190. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85893-5_13
Cao, T., Chen, X., Doss, R., Zhai, J., Wise, L.J., Zhao, Q.: RFID ownership transfer protocol based on cloud. Comput. Networks 105, 47–59 (2016). https://doi.org/10.1016/j.comnet.2016.05.017, http://www.sciencedirect.com/science/article/pii/S1389128616301621
Díaz, M., Martín, C., Rubio, B.: State-of-the-art, challenges, and open issues in the integration of internet of things and cloud computing. J. Network Comput. Appl. 67, 99–117 (2016)
Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, pp. 350–357. SFCS 1981. IEEE Computer Society, Washington, DC (1981). https://doi.org/10.1109/SFCS.1981.32
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)
EPCglobal Inc.: EPC Radio-Frequency Identity Protocols Generation-2 UHF RFID. Report 1.2.0, EPCglobal Inc. (2008)
Eronen, P., Nir, Y., Hoffman, P.E., Kaufman, C.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (2010). https://doi.org/10.17487/RFC5996, https://rfc-editor.org/rfc/rfc5996.txt
Fielding, R.: Representational state transfer. In: Architectural Styles and the Design of Network-Based Software Architecture, pp. 76–85 (2000)
Gunnarsson, M., Gehrmann, C.: Secure ownership transfer for the internet of things. In: 6th International Conference on Information Systems Security and Privacy, ICISSP 2020, 25 February 2020 through 27 February 2020, pp. 33–44. SciTePress (2020)
He, L., Gan, Y., Yin, Y.: Secure group ownership transfer protocol with independence of old owner for RFID tags. Comput. Model. New Technol. 18(12B), 209–214 (2014). http://www.cmnt.lv/upload-files/ns_63brt035
Islam, M.N., Kundu, S.: IoT security, privacy and trust in home-sharing economy via blockchain. In: Choo, K.-K.R., Dehghantanha, A., Parizi, R.M. (eds.) Blockchain Cybersecurity, Trust and Privacy. AIS, vol. 79, pp. 33–50. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-38181-3_3
Kapoor, G., Piramuthu, S.: Protocols for objects with multiple RFID tags. In: 2008 16th International Conference on Advanced Computing and Communications, pp. 208–213, December 2008. https://doi.org/10.1109/ADCOM.2008.4760450
Kapoor, G., Zhou, W., Piramuthu, S.: Multi-tag and multi-owner RFID ownership transfer in supply chains. Decis. Support Syst. 52(1), 258–270 (2011)
Khan, M.S.N., Marchal, S., Buchegger, S., Asokan, N.: chownIoT: enhancing IoT privacy by automated handling of ownership change. In: Kosta, E., Pierson, J., Slamanig, D., Fischer-Hübner, S., Krenn, S. (eds.) Privacy and Identity 2018. IAICT, vol. 547, pp. 205–221. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16744-8_14
Lanza, J., et al.: Managing large amounts of data generated by a smart city internet of things deployment. Int. J. Semant. Web Inf. Syst. 12(4), 22–42 (2016). https://doi.org/10.4018/IJSWIS.2016100102
Leng, X., Mayes, K., Lien, Y.: Ownership management in the context of the internet of things. In: 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 150–153. IEEE (2014)
Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48
Müller, R., Schmitt, C., Kaiser, D., Waldvogel, M.: HomeCA: Scalable Secure IoT Network Integration. Gesellschaft für Informatik eV (2019)
Oded, G.: Foundations of Cryptography: Basic Applications, vol. 2, 1st edn. Cambridge University Press, New York (2009)
Pradeep, B.H., Singh, S.: Ownership authentication transfer protocol for ubiquitous computing devices. In: 2013 International Conference on Computer Communication and Informatics, pp. 1–6, January 2013. https://doi.org/10.1109/ICCCI.2013.6466133
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347, January 2012. https://doi.org/10.17487/RFC6347, https://rfc-editor.org/rfc/rfc6347.txt
Roman, R., Najera, P., Lopez, J.: Securing the Internet of Things. Computer 44(9), 51–58 (2011). https://doi.org/10.1109/MC.2011.291
Saied, Y.B., Olivereau, A.: D-hip: a distributed key exchange scheme for hip-based internet of things. In: 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–7, June 2012. https://doi.org/10.1109/WoWMoM.2012.6263785
Saito, J., Imamoto, K., Sakurai, K.: Reassignment scheme of an RFID tag’s key for owner transfer. In: Enokido, T., Yan, L., Xiao, B., Kim, D., Dai, Y., Yang, L.T. (eds.) EUC 2005. LNCS, vol. 3823, pp. 1303–1312. Springer, Heidelberg (2005). https://doi.org/10.1007/11596042_132
Schaad, J.: CBOR object signing and encryption (COSE). RFC 8152, RFC Editor, July 2017
Sedlak, K., Zih, J., Pirc, M., Osvald, U.: 0xcert protocol (2019)
Sundaresan, S., Doss, R., Zhou, W., Piramuthu, S.: Secure ownership transfer for multi-tag multi-owner passive RFID environment with individual-owner-privacy. Comput. Commun. 55, 112–124 (2015). https://doi.org/10.1016/j.comcom.2014.08.015, http://www.sciencedirect.com/science/article/pii/S0140366414003053
Tam, P., Newmarch, J.: Protocol for ownership of physical objects in ubiquitous computing environments. In: IADIS International Conference E-Society, vol. 2004, pp. 614–621 (2004)
Taqieddin, E., Al-Dahoud, H., Niu, H., Sarangapani, J.: Tag ownership transfer in radio frequency identification systems: a survey of existing protocols and open challenges. IEEE Access 6, 32117–32155 (2018)
Texas Instruments, I.: CC2538 powerful wireless microcontroller system-on-chip for 2.4-GHz IEEE 802.15. 4, 6lowpan, and ZigBee applications. CC2538 datasheet, April 2015
Tschofenig, H., Fossati, T.: Transport layer security (TLS)/datagram transport layer security (DTLS) profiles for the internet of things. In: RFC 7925. Internet Engineering Task Force (2016)
Vasseur, J.: Terms used in routing for low-power and lossy networks. Technical Report, RFC 7102, January 2014
Vögler, M., Schleicher, J.M., Inzinger, C., Dustdar, S.: A scalable framework for provisioning large-scale IoT deployments. ACM Trans. Internet Technol. 16(2), 11:1–11:20 (2016). https://doi.org/10.1145/2850416
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Pap. 151(2014), 1–32 (2014)
Zhang, L., Zhang, Y., Tang, S., Luo, H.: Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement. IEEE Trans. Ind. Electron. 65(3), 2795–2805 (2017)
Zhou, W., Yoon, E.J., Piramuthu, S.: Simultaneous multi-level RFID tag ownership and transfer in health care environments. Decis. Support Syst. 54(1), 98–108 (2012)
Zuo, Y.: Changing hands together: a secure group ownership transfer protocol for RFID tags. In: 2010 43rd Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Gunnarsson, M., Gehrmann, C. (2022). Secure Ownership Transfer for Resource Constrained IoT Infrastructures. In: Furnell, S., Mori, P., Weippl, E., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2020. Communications in Computer and Information Science, vol 1545. Springer, Cham. https://doi.org/10.1007/978-3-030-94900-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-94900-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-94899-3
Online ISBN: 978-3-030-94900-6
eBook Packages: Computer ScienceComputer Science (R0)