Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.5.955

Network Security Protocol Performance Analysis in IoT Environment  

Kang, Dong-hee (Ajou University)
Lim, Jae-Deok (Electronics and Telecommunications Research Institute)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.5, 2022 , pp. 955-963 More about this Journal
Abstract
The Internet of Things (IoT), combined with various technologies, is rapidly becoming an integral part of our daily life. While it is rapidly taking root in society, security considerations are relatively insufficient, making it a major target for cyber attacks. Since all devices in the IoT environment are connected to the Internet and are closely used in daily life, the damage caused by cyber attacks is also serious. Therefore, encryption communication using a network security protocol must be considered for a service in a more secure IoT environment. A representative network security protocol includes TLS (Transport Layer Protocol) defined by the IETF. This paper analyzes the performance measurement results for TLS version 1.2 and version 1.3 in an IoT device open platform environment to predict the load of TLS, a representative network security protocol, in IoT devices with limited resource characteristics. In addition, by analyzing the performance of each major cryptographic algorithm in version 1.3, we intend to present a standard for setting appropriate network security protocol properties according to IoT device specifications.
Keywords
IoT security; TLS 1.2; TLS 1.3; performance analysis; system overhead estimation;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Jong-mo Hwang, "Internet of Things (IoT) trends and future prospects in the financial sector," Financial Security Institute, Jul. 2016.
2 boannews and securityword, "2021 Domestic and overseas security market forecast report," Feb. 2021.
3 Unit 42, "2020 Unit 42 IoT Threat Report," Mar. 2020.
4 Thierry Zoller, "TLS/SSLv3 renegotiation vulnerability explained," G-SEC, Apr. 2011.
5 HITACHI, "HIRT-PUB15003: [tutorial] SSL/TLS implementations 'FREAK' issue" https://www.hitachi.com/hirt/publications/hirt-pub15003/index.html, Last Accessed 12 Aug. 2022.
6 David Adrian et al., "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice." CCS'15, pp 5-17, Oct. 2015.
7 Red Hat, "Logjam: TLS Vulnerability (CVE-2015-4000)" https://access.redhat.com/ko/articles/1480443, Last Accessed 12 Aug. 2022.
8 IInvicti, "How the BEAST AttackWorks" https://www.netsparker.com/blog/web-security/how-the-beast-attack-works/, Last Accessed 12 Aug. 2022.
9 Ivan Ristic, "CRIME: InformationLeakage Attack against SSL/TLS" https://blog.qualys.com/product-tech/2012/09/14/crime-information-leakageattack-against-ssltls, Last Accessed12 Aug. 2022.
10 Daniel J. Dubois and David Choffnes, "IoTLS: Understanding TLS Usage in Consumer IoT Devices," IMC '21, pp 165-178, Nov. 2021.
11 THE DROWN Attack, "drownattack" https://drownattack.com/, LastAccessed 12 Aug. 2022.
12 KIAT, "Domestic and international IoT industry trends," Apr. 2020.
13 iotforall, "The 5 Worst Examples of IoT Hacking and Vulnerabilities in Recorded History" https://www.iotforall.com/5-worst-iothacking-vulnerabilities, Last Accessed 19 Sep. 2022.
14 c0D3M, "FREAK Attack Explained" https://medium.com/@c0D3M/freak-attack-explained-3048ab9d3f30, Last Accessed 12 Aug. 2022.
15 Amrita Mitra, "What is the CRIMEAttack?" https://www.thesecuritybuddy.com/vulnerabilities/what-is-crime-attack/, Last Accessed 12 Aug. 2022.
16 BREACH, "breachattack" https://breachattack.com/, Last Accessed 12Aug.2022.
17 Tomasz Andrzej Nidecki, "What IsthePOODLE Attack?" https://www.acunetix.com/blog/web-security-zone/whatis-poodle-attack/, Last Accessed12Aug. 2022.
18 Ministry of Science and ICT, "Cyber Threat Analysis for 21 Years and Analysis for 22 Years," Dec. 2021.
19 Young-hwan Jang, Jae-sung Shimand Seok-cheon Park, "Anaysis Standardized of IoT-based Low-power.Light-weight Protocol," Journal of theKorea Institute Of Information and Communication Engineering, 20(10),pp. 1895-1902, Oct. 2016.   DOI
20 Min Se-ah, "What is the securityquality of HTTPS?" https://www.boannews.com/media/view.asp?idx=51115, Last Accessed 17 Jul. 2022.
21 Team Sesame, "Padding Oracle attacks" https://tlseminar.github.io/padding-oracle/, Last Accessed 12 Aug. 2022.
22 ALPACA Attack, "alpaca attack" https://alpaca-attack.com/, Last Accessed 12 Aug. 2022.
23 Bodo Mol er, Thai Duong andKrzysztof Kotowicz, "This POODLEBits: Exploiting The SSL 3.0 Fallback" https://www.openssl.org/~bodo/ssl-poodle.pdf, Sep. 2014.
24 Nadhem J. AlFardan et al., "Onthesecurity of RC4 in TLS," SEC'13, pp305-320, Aug. 2013.
25 RC4 NOMORE, "RC4 attack" https://www.rc4nomore.com/, Last Accessed12Aug. 2022.
26 Tech School, "A complete overview of SSL/TLS and its cryptographic system" https://dev.to/techschoolguru/a-complete-overview-of-ssl-tls-and-its-cryptographic-system-36pd, Last Accessed 13 Jul. 2022.
27 Ralph Holz, Jens Hiller, Johanna Amann, Abbas Razaghpanah, Thomas Jost, Narseo Vallina-Rodriguez, and Oliver Hohlfeld, "Tracking the deployment of TLS 1.3 on the Web: A story of experimentation and centralization," ACM SIGCOMM Computer Communication Review 2020, vol. 50, no. 3, pp. 3-15, Jul. 2020.   DOI
28 E. Rescorla, "The Transport LayerSecurity (TLS) Protocol Version1.3," RFC 8446, Aug. 2018.
29 Patrick Nohe, "TLS 1.3: Everythingyou need to know" https://www.thesslstore.com/blog/tls-1-3-everything-possibly-needed-know/, Last Accessed13Jul. 2022.
30 IDC Korea, "Wordwide Semiannual Internet of Things Spending Guide," Nov. 2021.
31 Se-Ra Oh and Young-Gab Kim, "Security Analysis of MQTT and CoAP protocols in the IoT Environment," CISC-W'16, pp. 297-299, Apr. 2016.