skip to main content

Title: Harnessing Uncertainty in Photoresistor Sensor for True Random Number Generation in IoT Devices
Internet of Things (IoT) has facilitated the connection of many smart devices via internet. Recent cyberattacks have shown that resource constrained IoT nodes are easy prey that lead towards compromising the secrecy of the data and vulnerabilities could be exploited remotely to take control of safety-critical systems. Photoresistor sensors have applications in IoT systems, such as smart street lighting, intelligent cameras, light activated smart consumer electronics, smart home, smart healthcare, etc. Building hardware security primitives, such as True Random Number Generator (TRNG), based on the intrinsic properties of photoresistor would be a novel direction to develop cost-savvy IoT security primitives. Therefore, this paper proposes a TRNG prototype that is devised from uncertainty presents in photoresistor sensors. The proposed TRNG prototype does not require any complex interfacing for preprocessing the weak signal, thereby reducing the unnecessary delay and the recurring hardware cost. The proposed prototype employs the novel approach of additive scrambling that aids to sample sensors at a higher rate. The proposed TRNG has an average random bit generation rate of 8 kbps that is better than the recent work in the literature. The quality of randomness was validated by 15 test batteries of NIST STS test.  more » « less
Award ID(s):
Author(s) / Creator(s):
Date Published:
Journal Name:
2020 IEEE International Conference on Consumer Electronics (ICCE)
Page Range / eLocation ID:
1 to 5
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. This article presents a novel hardware-assisted distributed ledger-based solution for simultaneous device and data security in smart healthcare. This article presents a novel architecture that integrates PUF, blockchain, and Tangle for Security-by-Design (SbD) of healthcare cyber–physical systems (H-CPSs). Healthcare systems around the world have undergone massive technological transformation and have seen growing adoption with the advancement of Internet-of-Medical Things (IoMT). The technological transformation of healthcare systems to telemedicine, e-health, connected health, and remote health is being made possible with the sophisticated integration of IoMT with machine learning, big data, artificial intelligence (AI), and other technologies. As healthcare systems are becoming more accessible and advanced, security and privacy have become pivotal for the smooth integration and functioning of various systems in H-CPSs. In this work, we present a novel approach that integrates PUF with IOTA Tangle and blockchain and works by storing the PUF keys of a patient’s Body Area Network (BAN) inside blockchain to access, store, and share globally. Each patient has a network of smart wearables and a gateway to obtain the physiological sensor data securely. To facilitate communication among various stakeholders in healthcare systems, IOTA Tangle’s Masked Authentication Messaging (MAM) communication protocol has been used, which securely enables patients to communicate, share, and store data on Tangle. The MAM channel works in the restricted mode in the proposed architecture, which can be accessed using the patient’s gateway PUF key. Furthermore, the successful verification of PUF enables patients to securely send and share physiological sensor data from various wearable and implantable medical devices embedded with PUF. Finally, healthcare system entities like physicians, hospital admin networks, and remote monitoring systems can securely establish communication with patients using MAM and retrieve the patient’s BAN PUF keys from the blockchain securely. Our experimental analysis shows that the proposed approach successfully integrates three security primitives, PUF, blockchain, and Tangle, providing decentralized access control and security in H-CPS with minimal energy requirements, data storage, and response time. 
    more » « less
  2. There is increasing interest in deploying building-scale, general-purpose, and high-fidelity sensing to drive emerging smart building applications. However, the real-world deployment of such systems is challenging due to the lack of system and architectural support. Most existing sensing systems are purpose-built, consisting of hardware that senses a limited set of environmental facets, typically at low fidelity and for short-term deployment. Furthermore, prior systems with high-fidelity sensing and machine learning fail to scale effectively and have fewer primitives, if any, for privacy and security. For these reasons, IoT deployments in buildings are generally short-lived or done as a proof of concept. We present the design of Mites, a scalable end-to-end hardware-software system for supporting and managing distributed general-purpose sensors in buildings. Our design includes robust primitives for privacy and security, essential features for scalable data management, as well as machine learning to support diverse applications in buildings. We deployed our Mites system and 314 Mites devices in Tata Consultancy Services (TCS) Hall at Carnegie Mellon University (CMU), a fully occupied, five-story university building. We present a set of comprehensive evaluations of our system using a series of microbenchmarks and end-to-end evaluations to show how we achieved our stated design goals. We include five proof-of-concept applications to demonstrate the extensibility of the Mites system to support compelling IoT applications. Finally, we discuss the real-world challenges we faced and the lessons we learned over the five-year journey of our stack's iterative design, development, and deployment.

    more » « less
  3. The rapid adoption of Internet-of-Medical-Things (IoMT) has revolutionized e-health systems, particularly in remote patient monitoring. With the growing adoption of Internet-of-Medical-Things (IoMT) in delivering technologically advanced health services, the security of Medtronic devices is pivotal as the security and privacy of data from these devices are directly related to patient safety. PUF has been the most widely adopted hardware security primitive which has been successfully integrated with various Internet-of-Things (IoT) based applications, particularly in smart healthcare for facilitating device security. To facilitate security and access control to IoMT devices, this work proposes a novel cybersecurity solution using PUF for facilitating global access to IoMT devices. The proposed framework presents an approach that enables the patient’s body area network devices supported by PUF to be securely accessible and controllable globally. The proposed cybersecurity solution has been experimentally validated using state-of-the-art SRAM PUF, a delay based PUF, and a trusted platform module (TPM) primitive. 
    more » « less
  4. The Global Wearable market is anticipated to rise at a considerable rate in the next coming years and communication is a fundamental block in any wearable device. In communication, encryption methods are being used with the aid of microcontrollers or software implementations, which are power-consuming and incorporate complex hardware implementation. Internet of Things (IoT) devices are considered as resource-constrained devices that are expected to operate with low computational power and resource utilization criteria. At the same time, recent research has shown that IoT devices are highly vulnerable to emerging security threats, which elevates the need for low-power and small-size hardware-based security countermeasures. Chaotic encryption is a method of data encryption that utilizes chaotic systems and non-linear dynamics to generate secure encryption keys. It aims to provide high-level security by creating encryption keys that are sensitive to initial conditions and difficult to predict, making it challenging for unauthorized parties to intercept and decode encrypted data. Since the discovery of chaotic equations, there have been various encryption applications associated with them. In this paper, we comprehensively analyze the physical and encryption attacks on continuous chaotic systems in resource-constrained devices and their potential remedies. To this aim, we introduce different categories of attacks of chaotic encryption. Our experiments focus on chaotic equations implemented using Chua’s equation and leverages circuit architectures and provide simulations proof of remedies for different attacks. These remedies are provided to block the attackers from stealing users’ information (e.g., a pulse message) with negligible cost to the power and area of the design. 
    more » « less
  5. Information about the privacy and security of Internet of Things (IoT) devices is not readily available to consumers who want to consider it before making purchase decisions. While legislators have proposed adding succinct, consumer accessible, labels, they do not provide guidance on the content of these labels. In this paper, we report on the results of a series of interviews and surveys with privacy and security experts, as well as consumers, where we explore and test the design space of the content to include on an IoT privacy and security label. We conduct an expert elicitation study by following a three-round Delphi process with 22 privacy and security experts to identify the factors that experts believed are important for consumers when comparing the privacy and security of IoT devices to inform their purchase decisions. Based on how critical experts believed each factor is in conveying risk to consumers, we distributed these factors across two layers—a primary layer to display on the product package itself or prominently on a website, and a secondary layer available online through a web link or a QR code. We report on the experts’ rationale and arguments used to support their choice of factors. Moreover, to study how consumers would perceive the privacy and security information specified by experts, we conducted a series of semi-structured interviews with 15 participants, who had purchased at least one IoT device (smart home device or wearable). Based on the results of our expert elicitation and consumer studies, we propose a prototype privacy and security label to help consumers make more informed IoTrelated purchase decisions. 
    more » « less