Two-Factor Fuzzy Commitment for Unmanned IoT Devices Security
To create an environment for IoT devices, securely, it is necessary to establish a cryptographic key for those devices. Conventionally, this key has been stored on the actual device, but this leaves the key vulnerable to physical attacks in the IoT environment. To solve this problem, several researc...
Gespeichert in:
| Veröffentlicht in: | IEEE internet of things journal 2019-02, Vol.6 (1), p.335-348 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 348 |
|---|---|
| container_issue | 1 |
| container_start_page | 335 |
| container_title | IEEE internet of things journal |
| container_volume | 6 |
| creator | Choi, Dooho Seo, Seung-Hyun Oh, Yoon-Seok Kang, Yousung |
| description | To create an environment for IoT devices, securely, it is necessary to establish a cryptographic key for those devices. Conventionally, this key has been stored on the actual device, but this leaves the key vulnerable to physical attacks in the IoT environment. To solve this problem, several research studies have been conducted on how best to conceal the cryptographic key. Recently, these studies have most often focused on generating the key dynamically from noisy data using a fuzzy extractor or providing secure storage using a fuzzy commitment. Thus, far, all of these studies use only one type of noisy source data, such as biometric data or physical unclonable function (PUF). However, since most IoT devices are operated in unmanned environments, where biometric data is unavailable, the method using biometric data cannot be utilized for unmanned IoT devices. Although the method using PUF is applied to these unmanned devices, these are still vulnerable against physical attacks including unintended move or theft. In this paper, we present a novel way to use the fuzzy commitment on such devices, called two-factor fuzzy commitment scheme. The proposed method utilizes two noisy factors from the inside and outside of the IoT device. Therefore, although an attacker acquiring the IoT device can access the internal noisy source, the attacker cannot extract the right key from that information only. We also give a prototype implementation for ensuring the feasibility of our two-factor fuzzy commitment concept by utilizing the image data and PUF data for two noisy factors. |
| doi_str_mv | 10.1109/JIOT.2018.2837751 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_proquest_journals_2185732290</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8360476</ieee_id><sourcerecordid>2185732290</sourcerecordid><originalsourceid>FETCH-LOGICAL-c336t-39ad46bfde00a70075dc3216887eaf63c7a9b9d86eac25e712a78e080b2cadc53</originalsourceid><addsrcrecordid>eNpNkEFLwzAUx4MoOOY-gHgpeG59SdokPXiQ6XQy2MHuHNL0FTpsM5NW2T69HRvi6f15_P7vwY-QWwoJpZA_vC_XRcKAqoQpLmVGL8iEcSbjVAh2-S9fk1kIWwAYaxnNxYQ8Fj8uXhjbOx8thsNhH81d2zZ9i10f1eNy07Wm67CKlq6InvG7sRiiD7SDb_r9DbmqzWfA2XlOyWbxUszf4tX6dTl_WsWWc9HHPDdVKsq6QgAjAWRWWc6oUEqiqQW30uRlXimBxrIMJWVGKgQFJbOmshmfkvvT3Z13XwOGXm_d4LvxpWZUZZIzlsNI0RNlvQvBY613vmmN32sK-ihKH0Xpoyh9FjV27k6dBhH_eMUFpFLwX-vxY0I</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2185732290</pqid></control><display><type>article</type><title>Two-Factor Fuzzy Commitment for Unmanned IoT Devices Security</title><source>IEEE Electronic Library (IEL)</source><creator>Choi, Dooho ; Seo, Seung-Hyun ; Oh, Yoon-Seok ; Kang, Yousung</creator><creatorcontrib>Choi, Dooho ; Seo, Seung-Hyun ; Oh, Yoon-Seok ; Kang, Yousung</creatorcontrib><description>To create an environment for IoT devices, securely, it is necessary to establish a cryptographic key for those devices. Conventionally, this key has been stored on the actual device, but this leaves the key vulnerable to physical attacks in the IoT environment. To solve this problem, several research studies have been conducted on how best to conceal the cryptographic key. Recently, these studies have most often focused on generating the key dynamically from noisy data using a fuzzy extractor or providing secure storage using a fuzzy commitment. Thus, far, all of these studies use only one type of noisy source data, such as biometric data or physical unclonable function (PUF). However, since most IoT devices are operated in unmanned environments, where biometric data is unavailable, the method using biometric data cannot be utilized for unmanned IoT devices. Although the method using PUF is applied to these unmanned devices, these are still vulnerable against physical attacks including unintended move or theft. In this paper, we present a novel way to use the fuzzy commitment on such devices, called two-factor fuzzy commitment scheme. The proposed method utilizes two noisy factors from the inside and outside of the IoT device. Therefore, although an attacker acquiring the IoT device can access the internal noisy source, the attacker cannot extract the right key from that information only. We also give a prototype implementation for ensuring the feasibility of our two-factor fuzzy commitment concept by utilizing the image data and PUF data for two noisy factors.</description><identifier>ISSN: 2327-4662</identifier><identifier>EISSN: 2327-4662</identifier><identifier>DOI: 10.1109/JIOT.2018.2837751</identifier><identifier>CODEN: IITJAU</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Bioinformatics ; Biometrics ; Cameras ; Cryptography ; Data mining ; Devices ; Error correcting codes ; fuzzy commitment ; Internet of Things ; Noise measurement ; noisy source data ; physical unclonable function (PUF) ; Theft</subject><ispartof>IEEE internet of things journal, 2019-02, Vol.6 (1), p.335-348</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c336t-39ad46bfde00a70075dc3216887eaf63c7a9b9d86eac25e712a78e080b2cadc53</citedby><cites>FETCH-LOGICAL-c336t-39ad46bfde00a70075dc3216887eaf63c7a9b9d86eac25e712a78e080b2cadc53</cites><orcidid>0000-0001-5625-4067 ; 0000-0002-1150-7080 ; 0000-0002-4941-1447</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8360476$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids></links><search><creatorcontrib>Choi, Dooho</creatorcontrib><creatorcontrib>Seo, Seung-Hyun</creatorcontrib><creatorcontrib>Oh, Yoon-Seok</creatorcontrib><creatorcontrib>Kang, Yousung</creatorcontrib><title>Two-Factor Fuzzy Commitment for Unmanned IoT Devices Security</title><title>IEEE internet of things journal</title><addtitle>JIoT</addtitle><description>To create an environment for IoT devices, securely, it is necessary to establish a cryptographic key for those devices. Conventionally, this key has been stored on the actual device, but this leaves the key vulnerable to physical attacks in the IoT environment. To solve this problem, several research studies have been conducted on how best to conceal the cryptographic key. Recently, these studies have most often focused on generating the key dynamically from noisy data using a fuzzy extractor or providing secure storage using a fuzzy commitment. Thus, far, all of these studies use only one type of noisy source data, such as biometric data or physical unclonable function (PUF). However, since most IoT devices are operated in unmanned environments, where biometric data is unavailable, the method using biometric data cannot be utilized for unmanned IoT devices. Although the method using PUF is applied to these unmanned devices, these are still vulnerable against physical attacks including unintended move or theft. In this paper, we present a novel way to use the fuzzy commitment on such devices, called two-factor fuzzy commitment scheme. The proposed method utilizes two noisy factors from the inside and outside of the IoT device. Therefore, although an attacker acquiring the IoT device can access the internal noisy source, the attacker cannot extract the right key from that information only. We also give a prototype implementation for ensuring the feasibility of our two-factor fuzzy commitment concept by utilizing the image data and PUF data for two noisy factors.</description><subject>Bioinformatics</subject><subject>Biometrics</subject><subject>Cameras</subject><subject>Cryptography</subject><subject>Data mining</subject><subject>Devices</subject><subject>Error correcting codes</subject><subject>fuzzy commitment</subject><subject>Internet of Things</subject><subject>Noise measurement</subject><subject>noisy source data</subject><subject>physical unclonable function (PUF)</subject><subject>Theft</subject><issn>2327-4662</issn><issn>2327-4662</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><recordid>eNpNkEFLwzAUx4MoOOY-gHgpeG59SdokPXiQ6XQy2MHuHNL0FTpsM5NW2T69HRvi6f15_P7vwY-QWwoJpZA_vC_XRcKAqoQpLmVGL8iEcSbjVAh2-S9fk1kIWwAYaxnNxYQ8Fj8uXhjbOx8thsNhH81d2zZ9i10f1eNy07Wm67CKlq6InvG7sRiiD7SDb_r9DbmqzWfA2XlOyWbxUszf4tX6dTl_WsWWc9HHPDdVKsq6QgAjAWRWWc6oUEqiqQW30uRlXimBxrIMJWVGKgQFJbOmshmfkvvT3Z13XwOGXm_d4LvxpWZUZZIzlsNI0RNlvQvBY613vmmN32sK-ihKH0Xpoyh9FjV27k6dBhH_eMUFpFLwX-vxY0I</recordid><startdate>20190201</startdate><enddate>20190201</enddate><creator>Choi, Dooho</creator><creator>Seo, Seung-Hyun</creator><creator>Oh, Yoon-Seok</creator><creator>Kang, Yousung</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0001-5625-4067</orcidid><orcidid>https://orcid.org/0000-0002-1150-7080</orcidid><orcidid>https://orcid.org/0000-0002-4941-1447</orcidid></search><sort><creationdate>20190201</creationdate><title>Two-Factor Fuzzy Commitment for Unmanned IoT Devices Security</title><author>Choi, Dooho ; Seo, Seung-Hyun ; Oh, Yoon-Seok ; Kang, Yousung</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c336t-39ad46bfde00a70075dc3216887eaf63c7a9b9d86eac25e712a78e080b2cadc53</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Bioinformatics</topic><topic>Biometrics</topic><topic>Cameras</topic><topic>Cryptography</topic><topic>Data mining</topic><topic>Devices</topic><topic>Error correcting codes</topic><topic>fuzzy commitment</topic><topic>Internet of Things</topic><topic>Noise measurement</topic><topic>noisy source data</topic><topic>physical unclonable function (PUF)</topic><topic>Theft</topic><toplevel>online_resources</toplevel><creatorcontrib>Choi, Dooho</creatorcontrib><creatorcontrib>Seo, Seung-Hyun</creatorcontrib><creatorcontrib>Oh, Yoon-Seok</creatorcontrib><creatorcontrib>Kang, Yousung</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE internet of things journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Choi, Dooho</au><au>Seo, Seung-Hyun</au><au>Oh, Yoon-Seok</au><au>Kang, Yousung</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Two-Factor Fuzzy Commitment for Unmanned IoT Devices Security</atitle><jtitle>IEEE internet of things journal</jtitle><stitle>JIoT</stitle><date>2019-02-01</date><risdate>2019</risdate><volume>6</volume><issue>1</issue><spage>335</spage><epage>348</epage><pages>335-348</pages><issn>2327-4662</issn><eissn>2327-4662</eissn><coden>IITJAU</coden><abstract>To create an environment for IoT devices, securely, it is necessary to establish a cryptographic key for those devices. Conventionally, this key has been stored on the actual device, but this leaves the key vulnerable to physical attacks in the IoT environment. To solve this problem, several research studies have been conducted on how best to conceal the cryptographic key. Recently, these studies have most often focused on generating the key dynamically from noisy data using a fuzzy extractor or providing secure storage using a fuzzy commitment. Thus, far, all of these studies use only one type of noisy source data, such as biometric data or physical unclonable function (PUF). However, since most IoT devices are operated in unmanned environments, where biometric data is unavailable, the method using biometric data cannot be utilized for unmanned IoT devices. Although the method using PUF is applied to these unmanned devices, these are still vulnerable against physical attacks including unintended move or theft. In this paper, we present a novel way to use the fuzzy commitment on such devices, called two-factor fuzzy commitment scheme. The proposed method utilizes two noisy factors from the inside and outside of the IoT device. Therefore, although an attacker acquiring the IoT device can access the internal noisy source, the attacker cannot extract the right key from that information only. We also give a prototype implementation for ensuring the feasibility of our two-factor fuzzy commitment concept by utilizing the image data and PUF data for two noisy factors.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/JIOT.2018.2837751</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0001-5625-4067</orcidid><orcidid>https://orcid.org/0000-0002-1150-7080</orcidid><orcidid>https://orcid.org/0000-0002-4941-1447</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2327-4662 |
| ispartof | IEEE internet of things journal, 2019-02, Vol.6 (1), p.335-348 |
| issn | 2327-4662 2327-4662 |
| language | eng |
| recordid | cdi_proquest_journals_2185732290 |
| source | IEEE Electronic Library (IEL) |
| subjects | Bioinformatics Biometrics Cameras Cryptography Data mining Devices Error correcting codes fuzzy commitment Internet of Things Noise measurement noisy source data physical unclonable function (PUF) Theft |
| title | Two-Factor Fuzzy Commitment for Unmanned IoT Devices Security |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-13T21%3A31%3A24IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Two-Factor%20Fuzzy%20Commitment%20for%20Unmanned%20IoT%20Devices%20Security&rft.jtitle=IEEE%20internet%20of%20things%20journal&rft.au=Choi,%20Dooho&rft.date=2019-02-01&rft.volume=6&rft.issue=1&rft.spage=335&rft.epage=348&rft.pages=335-348&rft.issn=2327-4662&rft.eissn=2327-4662&rft.coden=IITJAU&rft_id=info:doi/10.1109/JIOT.2018.2837751&rft_dat=%3Cproquest_ieee_%3E2185732290%3C/proquest_ieee_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2185732290&rft_id=info:pmid/&rft_ieee_id=8360476&rfr_iscdi=true |