Professional Documents
Culture Documents
2017, India
765
Authorized licensed use limited to: Guru Gobind Singh Indraprastha University. Downloaded on January 03,2022 at 14:27:43 UTC from IEEE Xplore. Restrictions apply.
2017 2nd IEEE International Conference On Recent Trends in Electronics Information & Communication Technology (RTEICT), May 19-20, 2017, India
B. Hardware
1 Arduino 2.5-12V
2 Ultrasonic Sensor 5V and 40Hz
V. IMPLEMENTATION
The Arduino device firmware is coded in C that is involved in
authentication. The device sends authentication information
and payload from sensors by establishing a Wi-Fi connection
to server and publishes the same on MQTT message bus. The
server implemented in python subscribes to information
delivered on message bus and publishes the authentication
information that the device subscribes to successfully execute
the authentication function. Post successful authentication, the
server stores the payload i.e. sensor data in mongoDB that is
rendered in web console. The web console is html and java
script and makes rest api calls implemented in python flask.
VI. RESULTS
The authentication, encryption and detection of clones
happens within seconds. Detected clones are reported in UI as
shown in Fig 3.
The output of the program on the server:
Fig. 2: Flow Chart [root@ubuntu ]IoT/Src$ python main.py
In a nutshell, device cloning attack is prevented due to: Connected with device 1
1. Attacker simply cannot post data to IoT cloud but needs Topic: Identity - deviceidreceived: j*?xa deviceid valid :
to know the device id e.g. mac id. Yes
2. Device ids can be sniffed over internet so the algorithm Topic: Cipher - session keyreceived: k*?xa Generated
suggested considers encrypting device id with secret session
key. Secret key is not communicated over internet but key : 112
available with device and cloud during device Authentication : Success
qualification. Valid Session Device uploaded data : k*? Valid Session
3. But attacker can sniff traffic over internet and send the Topic : Data - Device uploaded data : k*?
encrypted device id without knowing the actual device
id.and to prevent this problem, we have a session key
which is also a must for authentication.
4. Session key is random and based on device id. This key
is encrypted using secret key that is not known to
766
Authorized licensed use limited to: Guru Gobind Singh Indraprastha University. Downloaded on January 03,2022 at 14:27:43 UTC from IEEE Xplore. Restrictions apply.
2017 2nd IEEE International Conference On Recent Trends in Electronics Information & Communication Technology (RTEICT), May 19-20, 2017, India
VII. CONCLUSION
A. Outcome & Success definition
The desired outcome of preventing device clone attack and The 2 security challenges that constitute max security
preventing sensitive data exposure was achieved. The breaches in IoT landscape have now solutions identified to
solution is able to identify clone attacks in milliseconds and prevent attacks. The unique solution implemented is carefully
the data size does not increase beyond 8 bytes post chosen due to hardware constraints of processing and memory
encryption thus not adding to high costs from ISP as data is on IoT devices as well as minimize cost of data transfer
sent over internet. This solution works on low powered charged by ISP. Implementation is carried out to establish
hardware and the processing times and data size does not device connection with cloud component for authenticating
grow exponentially. devices to prevent device clone attacks. Post successful
authentication data is encrypted to prevent sensitive data
Device Message Data Format exposure. The solution is efficient as it is very secure with
Data = "{\"did\":\"18fe34q13ucf\",\"swv\":\"v1_0\", very little overheads in terms of time required for
\"payload\":{\"R\":[24,30,32],\"A\":[0,0,0]}" authentication which is not exponential and data size which
just adds additional 8 bytes of encrypted session key for every
Encrypted Data = "{\"did\": v?V[@.,\"swv\":\"v1_0\", data posted from device to cloud.The little cost overhead is
\"payload\":!&u(0%<@*-m" worth the huge security benefits.
767
Authorized licensed use limited to: Guru Gobind Singh Indraprastha University. Downloaded on January 03,2022 at 14:27:43 UTC from IEEE Xplore. Restrictions apply.