A New Frontier For Internet of Things Security: Far-Flung Key Generation

Overview

please visit the link for more information.

Summary

The Internet of Things (IoT) has digitally transformed our everyday life with exciting applications such as smart home, connected healthcare, smart cities, manufacturing automation, relying on billions of devices that have become connected over the past decade. Ofcom estimated that the number of IoT devices in the UK will soar from 13 million in 2016 to 156 million in 2024. Low power wide area networks (LPWANs) are new IoT systems with features of low power and wide coverage (over several kilometres). LPWAN accounts one-fourth of the number of IoT devices and the market. Digital Catapult is building the national LPWAN to improve the qualities of our lives and boost the UK economy using LoRaWAN, NB-IoT, and SigFox technologies. Vodafone and Three UK are piloting NB-IoT for a nationwide cellular-based LPWAN.

However, this digital revolution can only be viable if we can provide secure wireless connections. A pair of keys should be established between legitimate devices for encryption and decryption prior to transmissions. Although conventional key distribution schemes, e.g., elliptic curve Diffie Hellman (ECDH) algorithm, are quite mature, they tend to be less suitable for lightweight IoT applications owing to their high complexity. In practice, the pre-shared key (PSK) is often used, which may never refresh the key after its initial configuration. This obviously presents security risks since the key can be revealed, e.g. by side channel attacks. What is worse, many users lack awareness. The UK’s first cyber survey in 2019 by the National Cyber Security Centre revealed numerous weak passwords, e.g., 23.2 million victims worldwide used 123456 as their passwords. The vulnerabilities of IoT have resulted in numerous grave security attacks, which have compromised user privacy, adversely affected the economy and undermined the trust in the society. Gartner reported the information security market exceeded $124 billion in 2019.

Indeed, conceiving secure yet low-complexity key distribution for low-cost IoT devices is challenging. It becomes even more difficult and cumbersome if key refreshing is needed, such as in LPWAN where IoT devices are located in a far-flung environment over several kilometres radius and may not be attended. This open challenge can be tackled with a radical and completely different approach, namely key generation from wireless channels, which automatically generates cryptographic keys from unpredictable characteristics of the wireless channel, and thus avoids the conventional key distribution. While key generation has been demonstrated to work well with short-range communications such as WiFi, its exploration with LPWAN technologies such as LoRa and NB-IoT is rather limited, due to the more complicated radio propagation conditions and the affected channel reciprocity. This project hence will bridge this gap by designing scalable, automatic, and lightweight key generation solutions for LPWAN.

This project will be the first systematic study for LPWAN-based key generation. A synergistic approach will be adopted which involves theoretical modelling, algorithm design and experimental validation. The core aspects of this project will include novel mathematical channel correlation models and channel decomposition algorithms as well as new key generation protocols tuned and optimised for LPWAN. Extensive field-measurements will be carried out to evaluate our algorithms. A unique feature of this project will be the creation of viable security solutions for IoT validated by extensive measurements and proof-of-concept prototypes.

Introduction

to be updated

Outcome

to be updated