KESIC: Kerberos Extensions for Smart, IoT and CPS Devices
Abstract: Secure and efficient multi-user access mechanisms are increasingly important for the growing number of Internet of Things (IoT) devices being used today. Kerberos is a well-known and time-tried security authentication and access control system for distributed systems wherein many users securely access various distributed services. Traditionally, these services are software applications or devices, such as printers. However, Kerberos is not directly suitable for IoT devices due to its relatively heavy-weight protocols and the resource-constrained nature of the devices. This paper presents KESIC, a system that enables efficient and secure multi-user access for IoT devices. KESIC aims to facilitate mutual authentication of IoT devices and users via Kerberos without modifying the latter's protocols. To facilitate that, KESIC includes a special Kerberized service, called IoT Server, that manages access to IoT devices. KESIC presents two protocols for secure and comprehensive multi-user access system for two types of IoT devices: general and severely power constrained. In terms of performance, KESIC onsumes $\approx~47$ times less memory, and incurs $\approx~135$ times lower run-time overhead than Kerberos.
- statista. ”number of internet of things (iot) connected devices worldwide from 2019 to 2021, with forecasts from 2022 to 2030”. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/, 2022.
- Wired Magazine. The botnet that broke the internet isn’t going away. https://www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/, 2016.
- Triton: The first ics cyber attack on safety instrument systems. In Black Hat USA, 2018.
- Building a sensor network of mobile phones. In Tarek F. Abdelzaher, Leonidas J. Guibas, and Matt Welsh, editors, Proceedings of the 6th International Conference on Information Processing in Sensor Networks, IPSN 2007, Cambridge, Massachusetts, USA, April 25-27, 2007, pages 547–548. ACM, 2007.
- Security for heterogeneous and ubiquitous environments consisting of resource-limited devices: An approach to authorization using kerberos. In Qijun Gu, Wanyu Zang, and Meng Yu, editors, Security in Emerging Wireless Communication and Networking Systems - First International ICST Workshop, SEWCN 2009, Athens, Greece, September 14, 2009, Revised Selected Papers, volume 42 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pages 65–76. Springer, 2009.
- Kesic source code. https://anonymous.4open.science/r/Kerberos-IoT-730B/, 2023.
- Noorman et al. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In USENIX Security Symposium, pages 479–494, 2013.
- PISTIS: Trusted computing architecture for low-end embedded systems. In 31st USENIX Security Symposium (USENIX Security 22), 2022.
- VRASED: A verified hardware/software co-design for remote attestation. In USENIX Security, 2019.
- On the toctou problem in remote attestation. CCS, 2021.
- Arm Ltd. Arm TrustZone. https://www.arm.com/products/security-on-arm/trustzone, 2018.
- Intel. Intel Software Guard Extensions (Intel SGX). https://software.intel.com/en-us/sgx.
- AMD. Amd secure encrypted virtualization (amd sev). https://developer.amd.com/sev/.
- Parsel: Towards a verified root-of-trust over sel4. CoRR, abs/2308.11921, 2023.
- seL4: Formal verification of an OS kernel. In ACM SIGOPS, 2009.
- Blink mini security camera. https://www.amazon.com/dp/B07X4BCRHB?tag=meastus-20.
- Google nest thermostat. https://store.google.com/us/product/nest_thermostat?hl=en-US.
- Lumiman smart bulb. https://www.amazon.com/Lights-Multi-Colored-Google-Assistant-Required/dp/B07DLSNNDS/.
- https://www.amazon.com/ThermoPro-Bluetooth-Hygrometer-Thermometer-Greenhouse/dp/B08LKCLFR6?th=1.
- Netatmo weather station -weatherproof. https://www.amazon.com/Netatmo-Weather-Station-Weatherproof/dp/B0098MGWA8/.
- nrf9160 low power sip with integrated lte-m/nb-iot modem and gnss. https://www.nordicsemi.com/products/nrf9160.
- Jamming attack detection and countermeasures in wireless sensor network using ant system. In Wireless Sensing and Processing, volume 6248, pages 118–129. SPIE, 2006.
- Low-rate dos attacks, detection, defense, and challenges: A survey. IEEE access, 8:43920–43943, 2020.
- Securing the internet of things and wireless sensor networks via machine learning: A survey. In 2018 International Conference on Computer and Applications (ICCA), pages 215–218. IEEE, 2018.
- Tamper resistance mechanisms for secure embedded systems. In VLSI Design, 2004.
- The past, present, and future of physical security enclosures: From battery-backed monitoring to puf-based inherent security and beyond. Journal of Hardware and Systems Security, 2:289–296, 2018.
- Paul C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Advances in Cryptology - CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996, Proceedings, Lecture Notes in Computer Science. Springer, 1996.
- Mit kerberos repository. https://github.com/krb5/krb5.
- Configuring kerberos token size using the maxtokensize parameter. https://woshub.com/kerberos-token-size-and-issues-of-its-growth/.
- Moralis et al. Performance comparison of web services security: Kerberos token profile against x. 509 token profile. In International Conference on Networking and Services (ICNS’07), pages 28–28. IEEE, 2007.
- Thomas Hardjono. Kerberos for internet-of-things. IETF89, 2014.
- A multifactor multilevel and interaction based (m2i) authentication framework for internet of things (iot) applications. IEEE Access, 10:47965–47996, 2022.
- Kazunori Miyazawa. Design and implementation of kerberos version 5 for embedded devices. In 2010 8th IEEE International Conference on Industrial Informatics, pages 449–453. IEEE, 2010.
- Secure and efficient coap based authentication and access control for internet of things (iot). In 2016 IEEE international conference on recent trends in electronics, information & communication technology (RTEICT), pages 1245–1250. IEEE, 2016.
- Esfahani et al. A lightweight authentication mechanism for m2m communications in industrial iot environment. IEEE Internet of Things Journal, 6(1):288–296, 2017.
- 3-level secure kerberos authentication for smart home systems using iot. In 2015 1st International Conference on Next Generation Computing Technologies (NGCT), pages 262–268. IEEE, 2015.
- Hokeun Kim. Securing the internet of things via locally centralized, globally distributed authentication and authorization. University of California, Berkeley, 2017.
- Thirumoorthy et al. Improved key agreement based kerberos protocol for m-health security. 42(2):577–587, 2022.
- SWATT: Software-based attestation for embedded devices. In IEEE Symposium on Research in Security and Privacy (S&P), pages 272–282, Oakland, California, USA, 2004. IEEE.
- Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. ACM SIGOPS Operating Systems Review, December 2005.
- Virgil D Gligor and Shan Leung Maverick Woo. Establishing software root of trust unconditionally. In NDSS, 2019.
- On the difficulty of software-based attestation of embedded devices. In Proceedings of the 16th ACM conference on Computer and communications security, pages 400–409, 2009.
- A tpm-enabled remote attestation protocol (trap) in wireless sensor networks. In Proceedings of the 6th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks, pages 9–16. ACM, 2011.
- Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, pages 115–124. IEEE, 2009.
- TrustVisor: Efficient TCB reduction and attestation. In IEEE S&P ’10, 2010.
- Trusted Computing Group. Trusted platform module (tpm), 2017.
- SMART: Secure and minimal architecture for (establishing dynamic) root of trust. In NDSS, 2012.
- Tytan: tiny trust anchor for tiny devices. In Proceedings of the 52nd Annual Design Automation Conference, San Francisco, CA, USA, June 7-11, 2015, pages 34:1–34:6. ACM, 2015.
- TrustLite: A security architecture for tiny embedded devices. In EuroSys, 2014.
- Smart user authentication through actuation of daily activities leveraging wifi-enabled iot. In Proceedings of the 18th ACM international symposium on mobile ad hoc networking and computing, pages 1–10, 2017.
- A lightweight biometrics based remote user authentication scheme for iot services. Journal of Information Security and Applications, 34:255–270, 2017.
- Saggaf et al. Lightweight two-factor-based user authentication protocol for iot-enabled healthcare ecosystem in quantum computing. Arabian Journal for Science and Engineering, 48(2):2347–2357, 2023.
- Mohammed Mujib Alshahrani. Secure multifactor remote access user authentication framework for iot networks. Computers, Materials & Continua, 68(3), 2021.
- A multi-device user authentication mechanism for internet of things. IET Networks, 2023.
- A user authentication scheme of iot devices using blockchain-enabled fog nodes. In 2018 IEEE/ACS 15th international conference on computer systems and applications (AICCSA), pages 1–8. IEEE, 2018.
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.