skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: GPS-free synchronized pseudo-random number generators for internet-of-things
Introduction Securing wireless communications in internet-of-things (IoT) requires both generation and synchronization of random numbers in real-time. However, resource constraints on an IoT device limit the use of computationally intensive random number generators and the use of global positioning systems (GPS) for synchronization. In this paper, we propose a synchronized pseudo-random number generator (SPRNG) that uses a combination of a fast, low-complexity linear-feedback-shift-register (LFSR) based PRNG and a slow but secure, synchronized seed generator based on self-powered timers. Methods A prototype synchronized self-powered timer (SSPT) array was fabricated in a standard silicon process and was used to generate dynamic random seeds for the LFSR. The SSPTs use quantum-mechanical tunneling of electrons to operate without any external power and are practically secure against tampering, snooping, and side-channel attacks (both power and electromagnetic). Results In this work, we explore protocols to periodically and securely generate random bits using the self-powered timers for seeding the LFSR. We also show that the time-varying random seeds extend and break the LFSR periodic cycles, thus making it difficult for an attacker to predict the random output or the random seed. Using the National Institute of Standards and Technology (NIST) test suite we verify the randomness of the measured seeds from the fabricated ensemble of SSPTs together with the random bit sequences generated by a software-seeded LFSR. Discussions In this modality, the proposed SPRNG could be used as a trusted platform module (TPM) on IoTs and used for verifying and authenticating secure transactions (e.g., software upgrades). Since the SPRNG system does not require access to GPS for synchronization, therefore it could be used in many resource-constrained and adversarial environments.  more » « less
Award ID(s):
2237004
PAR ID:
10464260
Author(s) / Creator(s):
;
Date Published:
Journal Name:
Frontiers in Computer Science
Volume:
5
ISSN:
2624-9898
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, IEEE International Symposium on Hardware Oriented Security and Trust (HOST))
    Recent advancements in energy-harvesting techniques provide an alternative to batteries for resource-constrained IoT devices and lead to a new computing paradigm, the intermittent computing model. In this model, a software module continues its execution from where it left off when an energy shortage occurred. Enforcing security of an intermittent software module is challenging because its power-off state has to be protected from a malicious adversary in addition to its power-on state, while the security mechanisms put in place must have a low overhead on the performance, resource consumption, and cost of a device. In this paper, we propose SIA (Secure Intermittent Architecture), a security architecture for resource-constrained IoT devices. SIA leverages low-cost security features available in commercial off-the-shelf microcontrollers to protect both the power-on and power-off state of an intermittent software module. Therefore, SIA enables a host of secure intermittent computing applications such as self-attestation, remote attestation, and secure communication. Moreover, our architecture provides confidentiality and integrity guarantees to an intermittent computing module at no cost compared to previous approaches in the literature that impose significant overheads. The salient characteristic of SIA is that it does not require any hardware modifications, and hence, it can be directly applied to existing IoT devices. We implemented and evaluated SIA on a resource-constrained IoT device based on an MSP430 processor. Besides being secure, SIA is simple and efficient. We confirm the feasibility of SIA for resource-constrained IoT devices with experimental results of several intermittent computing applications. Our prototype implementation outperforms by two to three orders of magnitude the secure intermittent computing solution of Suslowicz et al. presented at IGSC 2018. 
    more » « less
  2. ; ; (, IEEE International Symposium on Hardware Oriented Security and Trust (HOST))
    Recent advancements in energy-harvesting techniques provide an alternative to batteries for resource constrained IoT devices and lead to a new computing paradigm, the intermittent computing model. In this model, a software module continues its execution from where it left off when an energy shortage occurred. Enforcing security of an intermittent software module is challenging because its power-off state has to be protected from a malicious adversary in addition to its power-on state, while the security mechanisms put in place must have a low overhead on the performance, resource consumption, and cost of a device. In this paper, we propose SIA (Secure Intermittent Architecture), a security architecture for resource-constrained IoT devices. SIA leverages low-cost security features available in commercial off-the-shelf microcontrollers to protect both the power-on and power-off state of an intermittent software module. Therefore, SIA enables a host of secure intermittent computing applications such as self-attestation, remote attestation, and secure communication. Moreover, our architecture provides confidentiality and integrity guarantees to an intermittent computing module at no cost compared to previous approaches in the literature that impose significant overheads. The salient characteristic of SIA is that it does not require any hardware modifications, and hence, it can be directly applied to existing IoT devices. We implemented and evaluated SIA on a resource-constrained IoT device based on an MSP430 processor. Besides being secure, SIA is simple and efficient. We confirm the feasibility of SIA for resource-constrained IoT devices with experimental results of several intermittent computing applications. Our prototype implementation outperforms by two to three orders of magnitude the secure intermittent computing solution of Suslowicz et al. presented at IGSC 2018. 
    more » « less
  3. ; ; ; ; (, Future Internet)
    Randomness is integral to computer security, influencing fields such as cryptography and machine learning. In the context of cybersecurity, particularly for the Internet of Things (IoT), high levels of randomness are essential to secure cryptographic protocols. Quantum computing introduces significant risks to traditional encryption methods. To address these challenges, we propose investigating a quantum-safe solution for IoT-trusted computing. Specifically, we implement the first lightweight, practical integration of a quantum random number generator (QRNG) with a software-based trusted platform module (TPM) to create a deployable quantum trusted platform module (QTPM) prototype for IoT systems to improve cryptographic capabilities. The proposed quantum entropy as a service (QEaaS) framework further extends quantum entropy access to legacy and resource-constrained devices. Through the evaluation, we compare the performance of QRNG with traditional Pseudo-random Number Generators (PRNGs), demonstrating the effectiveness of the quantum TPM. Our paper highlights the transformative potential of integrating quantum technology to bolster IoT security. 
    more » « less
  4. ; ; ; (, SenSys '21: Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems)
    While relying on energy harvesting to power Internet of Things (IoT) devices eliminates the maintenance burden of battery replacement, energy generation fluctuation constitutes a major source of uncertainty to design reliable self-powered IoT devices. To characterize spatial-temporal variability of energy harvesting, data acquisition campaigns are needed across the range of potential harvesting sources. In this work we present a dataset to characterize thermal energy sources in residential settings by measuring thermoelectric generator (TEG) operating conditions over 16 deployment locations for periods ranging from 19 to 53 days. We present our easy-to-use thermal energy measurement platform built from off-the-shelf component modules and a custom TEG interface circuit. We demonstrate how the collected measurements can inform the design of energy harvesting IoT devices by deriving the TEG's maximum power output and estimating the available energy at each harvesting location. 
    more » « less
  5. ; (, IEEE Internet of Things Journal)
    null (Ed.)
    The Host Identity Protocol (HIP) has emerged as the most suitable solution to uniquely identify smart devices in the mobile and distributed Internet of Things (IoT) systems, such as smart cities, homes, cars, and healthcare. The HIP provides authentication methods that enable secure communications between HIP peers. However, the authentication methods provided by the HIP cannot be adopted by the IoT devices with limited processing power because of the computation-intensive cryptographic operations involved in hash generation, signature validation, and session key establishment. Moreover, IoT devices cannot utilize the HIP as is to communicate securely in the low power and lossy networks as there is a considerable communication overhead, such as packet fragmentation and reassembly, for exchanging certificates over a lossy link. Additionally, the use of static host identifiers makes IoT devices vulnerable to cyber espionage and user-targeted attacks. In this article, we propose an authentication scheme, P-HIP, that protects the identity privacy of an IoT device by enabling the device to compute and use unique host identifiers from networks to networks and sessions to sessions. To make the HIP suitable for resource-constrained IoT devices, P-HIP provides methods that unburden IoT devices from computation-intensive operations, such as modular exponentiation, involved in authentication and session-key exchange. Additionally, P-HIP minimizes the communication overheads for exchanging certificates in lossy networks. We implement a prototype of P-HIP on Contiki enabled IoT that shows P-HIP can reduce computation costs, communication overheads, and the session-key establishment time when used by low-powered devices in a lossy network. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email