Security of Short-Range Wireless Technologies and an Authentication Protocol for IoT

Abstract

The number of wireless IoT (Internet of Thing) infrastructures is considerably growing as thousands of new devices are being connected everyday. This has allowed the emergence of various smart applications that have changed the lifestyle of many people. However, as security has always been an afterthought to innovation, the security of these infrastructures has raised serious concerns. The research community has to conduct serious investigations before IoT grows further and it becomes too late. Thus, we devote this Ph.D. thesis to study and improve the security of IoT wireless infrastructures, in particular, those adopting Wi-Fi, Bluetooth, ZigBee, and RFID technologies. To that end, we divide this thesis into two parts. In Part 1, we review the technologies and propose an attack taxonomy to classify existing attacks on these technologies and discuss possible countermeasures. Moreover, we analyze the security of these technologies and identify new vulnerabilities and attacks. In Part 2, we analyze the security of recent PUF (Physical Unclonable Function)-based authentication protocols and propose a generic authentication protocol for IoT. We specifically design the protocol for wireless Thing-to-Thing communication scheme. We implement the protocol on resource-constrained devices and perform security as well as performance analysis. We show that the proposed protocol is secure and efficient in terms of execution time, communication overhead, and energy consumption.