Public key encryption systems rely on being able to associate public and private keys with some 'identity'. The keys are used to encrypt data using that identity, to sign data as belonging to that identity and so on. In the IoT, data will be sent from sensors and sent to actuators. If the data needs to be encrypted or authenticated then the devices must have an identity in some digital sense.
There are many possible identification schemes, but most of these are not good enough. This chapter looks at some of these.
RFID tags are the most prominent of these. Although supposedly unique, they can be cloned. The paper from ThingMagic RFID Security issues - Generation2 Security addresses some of these conerns.
EPC codes are generally good for identification but are not good for network purposes as they do not contain a routing address. Neverthess, as they can be cloned or sometimes altered, they are not realibale as a unique identifier.
On the internet, systems must have one or more IP addresses in order to be contactable. These could be IPv4 or IPv6 addresses. Similarly, most other network protocols have an addressing scheme. For example, the older X10 home networking protocol uses a 4 bit house address and a 4 bit unit address to give 256 possible X10 addresses.
These addresses are not invariant. Any Unix/Linux host can
have its IP addresses set by the command ifconfig
and simiarly for Windows. DHCP assigns IP addresses on request.
Private IPv4 addresses in the 10.0.0.0 - 10.255.255.255 and
192.168.0.0. - 192.16.255.255 can be re-used on multiple hosts -
but not on the same private network segment, of course.
IP addresses are not suitable as unique network identifiers for the purposes of security.
Media access control (MAC) address is a supposedly unique address assigned to a network interface card (NIC). The IEEE assigns a vendor address of 24 bits and the vendor can then assign a further 24 bits to NICs it manufactures. A list of such vendor assignments is given at Ethernet MAC .
The problem is that most NICs now can have the MAC address reset. Some, such as the OpenLabs IEEE802.15.4 wireless module generate a new MAC address each time they reboot.
MAC addresses are not suitable as unique network identifiers for the purposes of security. However, it has been suggested that using an RFID tag as the MAC address to form the IPv6 address might go some way to giving both unique identifier plus routing address.
What is required is an identifier that is guaranteed to be unique, is almost zero cost to create and cannot be duplicated. A Physical Unclonable Function (PUF) are physical entities that are embedded into devices that meet these requirements.
This is still an active research area. A good overview is at Physical Unclonable Function (PUF) as a Coursera talk from the University of Maryland, and the security siiues are explored in the paper by Rührmair and van Dijk PUFs in Security Protocols: Attack Models and Security Evaluations
How this unqiue identity is to be conveyed to other agents is not always clear.
Copyright © Jan Newmarch, jan@newmarch.name
"The Internet of Things - a techie's viewpoint" by Jan Newmarch is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Based on a work at https://jan.newmarch.name/IoT/.
If you like this book, please donate using PayPal