2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th

IEEE International Conference On Big Data Science And Engineering

Authentication of IoT Device and IoT Server Using

Secure Vaults
Trusit Shah S. Venkatesan
Department of Computer Science Department of Computer Science
University of Texas at Dallas University of Texas at Dallas
Richardson, TX 75080 Richardson, TX 75080
[email protected] [email protected]

Abstract— Internet of Things is a topic of much interest and, network. MIRAI malware is an example of such attacks,
in last few years, security of the IoT systems is a field of where many IoT devices have been attacked outside of the
tremendous research activities. Mutual authentication between network and used as network zombies to attack other websites
IoT devices and IoT servers is an important part of secure IoT and internet services [22]. Peraković, et al. [16] have
systems. Single password-based authentication mechanisms, discussed the increased amount of DDoS attacks using IoT
which are widely used, are vulnerable to side-channel and devices. DDoS attacks based on protocols like SSDP (a
dictionary attacks. In this paper, we present a multi-key (or
universal plug and play protocol), which is widely used in IoT
multi-password) based mutual authentication mechanism. In our
approach, the shared secret between the IoT server and the IoT
devices, have increased significantly after 2013. There have
device is called secure vault, which is a collection of equal sized been other cases of network attacks where the attacker
keys. Initial contents of the secure vault are shared between the attacked IoT devices from outside and used IoT devices to
server and the IoT device and contents of the secure vault change gather personal details of the owners1. An IoT device with a
after every successful communication session. We have proper authentication mechanism can avoid many such
implemented this mechanism on an Arduino device to prove our situations. Researchers have been working on creating such
algorithm is feasible on IoT devices with memory and secure authentication mechanisms. These authentication
computational power constraints. mechanisms securely identify the server and the IoT device
using either a public key or a shared key infrastructure.
Keywords— IoT Security, IoT Device Authentication, Secure
Vault In this paper, we propose a secure authentication protocol
to authenticate the IoT device and the server. Some of the
current authentication mechanisms, which are mostly based on
I.
INTRODUCTION single password-based mechanism, are vulnerable to side-
In the world of the Internet of Things (IoT), billions of channel and dictionary attacks. We have designed a multi key
devices are connected to the Internet, which provides an authentication mechanism, such that, even if the secret key (or
intruder an opportunity to manipulate the IoT system on a a combination of keys) used for ongoing authentication is
large scale. Authentication, authorization, privacy and data retrieved successfully by the attacker, the attacker cannot gain
confidentiality are some of the major security issues of IoT access to the unused authentication keys and the
[9]. Attacks on IoT devices can happen at one or more layers authentication system is secure from the side channel attack or
from the following: 1) Hardware layer, 2) Network layer and similar attacks. The key values keep changing over the time,
3) Cloud layer [10]. which prevents dictionary attacks.
At the hardware layer, an attacker gets access to the IoT This paper is organized as follows. We discuss previous
hardware and retrieves the keys or security parameters stored work in Section 2. Section 3 describes system architecture and
inside the IoT device. The attacker can recreate a duplicate or threat model. Our authentication mechanism is explained in
virtual IoT device using the stolen security parameters. The Section 4. Section 5 describes implementation details followed
duplicate IoT device can upload false data to the server and by Section 6, which provides performance analysis.
retrieve secure information about the user from the server or
the network to which the IoT device is connected. There are II.
PREVIOUS WORK
some side channel attacks available using which an attacker
can get access to security parameters of the IoT device without Many devices that are part of IoT system have constraints
having a physical access to the device. Researchers have (such as computational, memory, energy, etc). IEFT’s RFC
exhibited electromagnetic based side channel attacks to steal 7228[24] has proposed an application layer protocol, CoAP for
keys of RSA and ECC based encryption [11,12]. Using side low end IoT devices to connect to the internet. IEFT has also
channel attacks AES encryption keys can be stolen from IoT introduced low power security mechanism, DTLS (Datagram
devices [13,21]. Since the IoT devices are connected to the Transport Layer Security) [25] for secure communication over
internet, such devices are vulnerable to attacks through the the CoAP protocol. Kothmayr et. al. [1] have proposed a two-
way authentication system over the DTLS. The authentication

2324-9013/18/31.00 ©2018 IEEE 819

DOI 10.1109/TrustCom/BigDataSE.2018.00117
system is based on the well-known RSA scheme, which is hard •
IoT devices are constrained devices and have low
to deploy in severely constrained devices. Raza, et. al. [2] also memory, computational capabilities and low energy
present an approach based on the DTLS. They have adopted a availability.
shared key approach rather than RSA, which makes it more
feasible for resource-constrained devices. •
Each IoT device has a unique identification number
assigned.
One approach suggested by researchers for IoT
authentication is the use of ECC public key encryption [3]. •
An initial secure vault is stored in the IoT device and
Even though ECC requires less memory and computational this initial vault is shared with the server.
power than other public key encryption methods, it requires •
The server has a well-protected database.
more memory and computational power than shared key
encryption. Also, some side channel attacks are possible for •
Side-channel attacks can be performed by an adversary.
ECC [4]. Barreto et al. [5] present an SSO based authentication
system for authenticating the IoT device, the IoT cloud and the •
All the data exchanged between the server and the IoT
user. They create an authentication mechanism where the device is over a reliable channel, so there is no data loss
server authenticates the user using a user credential and then and every message is delivered exactly once.
the server communicates with the IoT device (they mutually
authenticate each other). After both end points (IoT device and Server User Interface
the server) successfully authenticate each other, the server
grants access. Porambage, et al. [15] introduced an ECC based
two phase authentication algorithm. The scheme of Porambage, WAN
et al. is a pervasive authentication scheme based on the ECC WAN
certificate. Butun, et al. [19] present an end to end cloud centric
authentication mechanism for the IoT devices. They use ECC
for authentication of the user to the IoT device. All the above
authentication mechanisms use ECC based public certificate or Sensor
ECC based Diffie and Heilman mechanism for authentication,
which makes the authentication mechanism secure. Controller
Jan et al. [6] introduce a robust authentication mechanism Actuator
using which the server and the IoT device can mutually
authenticate each other. They use shared key approach to IoT Device
authenticate the server and the IoT device and a secret is shared
Figure 1 IoT System Architecture
between them. Their algorithm uses AES encryption for
mutual authentication. If this single key is lost (or A.
Threat Model
compromised), the two end points must replace their shared
keys. The IoT server is deployed in the cloud and
communicates with the client (or IoT device) over WAN.
Single key based authentication mechanisms are not sufficient
III.
SYSTEM ARCHITECUTRE to authenticate the IoT device to the server. There are some
Figure 1 illustrates a typical IoT system. The system side-channel attacks possible to retrieve the shared key during
consists of 3 major components: An IoT device, an IoT server the communication between the IoT server and the IoT device.
and a user interface. The IoT device is responsible for If the password does not change over the time, it is vulnerable
collecting the data generated by the sensors connected to it and to the dictionary attack. Once the adversary has the shared
uploading them to the server. In many cases, it also processes key, a fake device can be created using that shared key.
the data before uploading to the server. The IoT device In our protocol, we use a set of keys, called a secure vault,
communicates with the IoT server through a wide area to authenticate both the server and the IoT device. This secure
network. This IoT system is accessible to the user using a web vault is initially shared between the server and the IoT device
and/or a mobile interface. and it changes its values based on data exchanged between the
Keep your text and graphic files separate until after the text IoT server and the IoT device. Thus, contents of the vault
has been formatted and styled. Do not use hard tabs, and limit change constantly. No additional message is exchanged
use of hard returns to only one return at the end of a paragraph. between the IoT server and the IoT device to change the value
Do not add any kind of pagination anywhere in the paper. Do of the secure vault.
not number text heads-the template will do that for you. We use the standard 3-way mutual authentication for
Assumptions authenticating the IoT server and the IoT device. The
communication is initiated by IoT device by sending a
•
We use an initial vault consisting of n keys of m bits connection request to the server. When this request is received
each. Parameters m and n can be chosen by the by the IoT server, it sends back a challenge to the IoT device;
developer based on security requirements and memory the IoT device responds to the IoT server’s challenge and
constraints. sends an authentication challenge to the IoT server. The IoT

820
server verifies the response and, if it is valid, the server communication (and subsequent communication is beyond the
responds back to the IoT device’s challenge. scope of this paper).
During the authentication phase, the IoT server and the IoT The IoT device also generates a separate challenge for the
device establish a shared secret, called a session key. This server using the same mechanism. The IoT device generates a
session key is used for two purposes. First, it is used to a challenge C2, another set of p distinct random numbers, each
encrypt the messages exchanged between the server and the number being between 0 and n-1 and random number r2. Set
IoT device. It is also used as an encryption key for the C1 and C2 are different. If C1 and C2 are same, an attacker can
message authentication code, which is used for message get the key used for the C1 challenge, and he can reuse that
authentication. All the messages exchanged between two key for C2. The IoT device concatenates both the response and
authentications considered as a session. The session key the challenge for the server and sends it back to the server.
remains unchanged throughout a single session, but different
sessions use different session keys. Message from the IoT device to the Server:
M3 = Enc (k1, r1 
 || {C2, r2})
Where,
IV.
AUTHENTICATION MECHANISM
Enc: shared key encryption
A.
Secure Vault k1 = P[c11]  P[c12] 

 P[c1p] is the key for the
encryption
The secure vault contains n keys each key being m bits C2 = {c21, c22, …, c2p}
long. The value of m is the key size. We denote all the keys as r2 = random number for the C2 challenge
K[0], K[1], K[2], ..., K[n-1]. During the time of deployment of t1 = random number for session key generation.
the IoT device, the secure vault is shared between the IoT
device and the server. On the IoT device, the secure vault Once the server receives the message M3, the server
should be stored in an encrypted format. On the server, secure decrypts the message sent by the IoT device by generating the
vaults are stored in a secure database. key k1 from its secure vault. If the server retrieves r1 from the
received message, it generates a response to the challenge C2.
B.
Challenge-Response Mechanism The message sent by the server back to the IoT device is:
Our protocol uses a variant of the well-known three-way
authentication mechanism to mutually authenticate the IoT M4 = Enc (k2 
, r2 
)
server and the IoT device. Figure 2 represents the messages Where, k2 = P[c21]  P[c22] 

 P[c2p] and k2 




exchanged between the server and the IoT device. The IoT key for the encryption
device initiates the process by sending the request message M1 t2 = random number for session key generation
to the server. The request message contains the unique id of The IoT device receives the message M4 and it verifies the
the IoT device and a session id to maintain the authentication identity of the server by getting back the value of r2 by
session. This message doesn’t contain any sensitive decrypting the message M4 using k2 
. Once the server and
information and, the message is not encrypted. The server the IoT device authenticate each other, they decide on a
verifies the unique id of requesting IoT device and, if the session key t = t1 

and all the further communication for
message contains the valid unique id, the server sends back a
this session is securely encrypted using this session key.
challenge message M2 to the IoT device. The challenge
message contains a challenge C1 and a random number r1. C1
is a set of p distinct numbers, and each number represents an C.
Changing the secure vault
index of a key, stored in the secure vault. C1 is denoted as The duration of the session is determined by the user:
{c11, c12, c13…, c1p}. The value of p should be less than n. shorter duration gives high security, while resulting in
frequent invocation of the 3-way authentication message
M2 = {C1, r1} exchange.
The values contained in C1 are between 0 and n-1. Again, each
element in C1 represents an index of a key stored in the secure After every session, the value of secure vault is changed
vault. based on the data exchanged between the server and the IoT
device. The new value of secure vault is generated by
The IoT device generates the response as follows: First, it performing HMAC on the contents of the current secure vault
generates a temporary key k1 of size m bits by performing value. HMAC [23] is a key based hashing algorithm.
XOR operation on all the keys whose indices are in C1. Thus, Following are the steps to change the secure vault:
k1 = K[c11]  K[c12] 

 K[c1p]. The IoT device creates
the response for the challenge by performing shared key •
We take the HMAC of the current secure vault and the
encryption on r1 || t1 using k1 as the encryption key. Note that || key for the HMAC is data exchanged between the
is the concatenation operation and 


  

server and the IoT device. The hash function used here

 

  . Here, t1 is a random number provides the output of k bits. This HMAC value is
generated by the IoT device, which is further used to generate denoted as h.
a session key t. This session key t will be used for subsequent h = HMAC (current secure vault, data exchanged)

821
 •
The current value of secure vault is divided into j equal 1)
Man in the middle attack
partitions of k bits, called vault partitions. All these
The man-in-the-middle can capture all the messages
partitions are xored with the (h  to generate the new exchanged between the server and the IoT device using
secure vault (here i is the index of the vault partition). network spoofing. After spoofing all the messages exchanged
If the size of the secure vault is not divisible by k bits, for the authentication, it can identify itself as the server to the
0 is padded at the end to create j equal partitions. IoT device and as the IoT device to the server. In our protocol,
we are using a session key t to authenticate all the messages
Server IoT Device exchanged after authentication. This session key t is generated
using two separate random numbers t1 and t2, which are
exchanged between the server and the IoT device in encrypted
n id messages. The key for those encrypted messages is a part of
vice id || Sessio
M1 = De the secure vault, which is secretly shared between the server
and the IoT device. Hence, the man-in-the-middle can’t
retrieve session key t from the messages exchanged between
Verify the device is valid. the server and the IoT device, so the man-in-the-middle can’t
generate a random number r1 and a challenge retrieve or modify any messages exchanged between the
C1 for the device server and the IoT device after the authentication.
2)
Next password prediction
M2 = {C After every successful session, the IoT device and the
1 , r1 }
server change the values of the secure vault based on the data
exchanged between them. The new value of the secure vault
must be random from the previous vault value. If some
passwords from a secure vault are predicted/retrieved by the
Generate a key k1 from the keys in the adversary, the adversary should not able to predict any other
challenge C1 and create response for the password of the next secure vault. We will prove that the next
challenge. Generate a new challenge C2 for the password prediction is not possible using random oracle
server. model.
In the random oracle model, hash functions are assumed as
random oracles. A random oracle has following properties:
|| {C2,
1 
 •
it takes an input x and generates a random output y.
nc (k1, r
M3 = E •
For every different value of x, it generates a different
r2}) value y.
•
Every time input x is provided to the random oracle, it
Verify the IoT device’s response. If valid, generates the same output y.
generate the response for the IoT device’s
Thus, all the outputs provided by the random oracle are
challenge
random and from the output provided by the random oracle, it
is not feasible to predict the input.

M4 = E When creating a new secure vault, first we take the keyed

nc (k2 hash(HMAC) of previous secure vault with the data

, r2 

) exchanged between them as the key. The random oracle
generates a new random value, every time a secure vault value
is provided to it. This newly generated random value is xored
with the previous vault values. According to the one-time pad
Figure 2 3-Way authentication message exchange
theorem, if we xor any value with a random value, the
generated output value will be random. Thus, the newly
generated secure vault values are random from previous
V.
SECURITY OF THE PROTOCOL values and the attacker can’t predict any value of next oracle
even if attacker knows a part of previous secure vault.
There are multiple ways to breach the security of an
authentication protocol. Depending upon the nature of the 3)
Side Channel Attack
authentication protocol, different types of attacks are possible.
The most common attacks on an authentication protocol are Some side channel attacks exist in well-known shared key
man-in-the-middle, next password prediction, side channel encryption. For example, side channel attacks based on power
attack and DoS attack. In this section, we show that our analysis, temperature analysis and memory analysis can break
authentication mechanism is safe from all these attacks. AES [13,21]. For the single password based authentication
system, the attacker can retrieve the AES encryption key
involved in the challenge-response using the side channel

822
attack. In our protocol, the AES encryption key is the single rotating passwords is 746.25 uJ. Figure 3 shows the
combination of multiple keys xored with each other and it is comparison between different authentication mechanisms.
not possible to retrieve back those keys from the encryption
key. There is no way an attacker can know values of the keys
involved in the authentication by just knowing the encryption !

$%
key. Hence, it is not possible to retrieve the whole secure vault *)22.
from the side channel attack and create a duplicate IoT device *+)))
or inject a false message to the channel. 1)))
4)
DoS Attack -))) /-/"0. 0-/"+.
)
An attacker can either flood the server or the IoT device 
 
  
with a large number of fake requests and crash it due to

resource constraint. In our architecture, we are not assigning
any resource before the authentication, so DoS attack is not Figure 3 Energy Consumption Comparison
possible.
B.
Security Analysis
VI.
PERFORMANCE ANALYSIS In this security analysis we assume that an attacker can
We did power and security analysis for our algorithm. We retrieve the password being used during the authentication
compared our algorithm with ECC (Elliptic Curve mechanism using a side-channel attack. We compare
Cryptography) based public key encryption mechanism and a password prediction complexity for different values of m and
simple 3-way authentication mechanism with changing keys n, where m = number of keys in the vault and n = size of each
after every successful data exchange using energy key. Single rotating and non-rotating based password methods
consumption as the comparison measure. ECC is a light can be considered as m = 1. For the authentication system
weight public key encryption scheme often used for IoT with m = 1, the attacker can get the actual password used for
devices. the authentication using a side channel attack. For m = 2, the
attacker has to perform brute force 2n hash operations to
A. Power Analysis retrieve both the passwords. In general, for a secure vault with
m keys (m > 1) each having n bits requires (m – 1) * 2n brute
We used the method described by Prasithsangaree, et. al. force hash operations to predict the whole secure vault. Table
[20] to measure the power consumption. Their method 4 shows the comparison of data memory required and
stipulates that the total energy consumed is the product of password prediction complexity for different values of m and
average current drawn by the hardware, voltage provided to n.
the hardware and the average time taken by the algorithm to
execute. Arduino uses 19.9 mA of average current when From the Table 2, it is clear that use of high n value will
supplied with 5V voltage. We have tested the average time for provide a high security. It requires high processing and more
different algorithms to measure the energy consumed by them. energy consumption. From the Table 1, we can observe that
The following table shows the results. the energy required for 256 bits AES is 1.5 times more than
the energy required for the 128 bits.

 

!


 



 
!






#
*+1

+".
 +-1"0.

$%
 !


.*+
*

22".

*
*+1
*+1
*


.*+


*".
 *-2"+.

+
*+1
+./
+*+1


**).

*)2"2.

+
+./
.*+
++./


#
+./
 -

,21

-
*+1
.*+
,
&
+*+1

Table 1 Energy consumption of different protocols
- +./ *)+- ,
&
++./
Our algorithm requires one AES encryption and one AES 1
*+1
*)+-
0
&
+*+1

decryption at the IoT device side. For changing the secure 1
+./
+)-1
0
&
++./

vault value, one HMAC operation is required. So, the total Table 2 Password prediction complexity for different values of m and
energy consumed by our protocol is 646.75 uJ. If we compare n
our algorithm with ECC based authentication, the energy
consumption is fairly low. The simplest version of VII.
CONCLUSION
authentication with one password and AES-128 encryption In this paper, we presented a scheme to provide a secure
requires 2 AES operations and it consumes 497.5 uJ of energy. authentication mechanism between the server and the IoT
Single rotating password-based scheme requires 3 AES device. Our algorithm is secure against side channel attacks
operations, first two AES operation for authentication and the used to breach the security of the IoT devices. The set of
last one for the exchanging new password using previous passwords is changed after every successful session between
password as encryption key. The total energy consumed by the server and the IoT device. We use the fact that the IoT

823
session involves many data exchanges and this exchanged data [12] Genkin, D., Pachmanov, L., Pipman, I., and Tromer, E.
is used to change the vault contents. ECDH key-extraction via low-bandwidth electromagnetic
ACKNOWLEDGEMENT attacks on PCs. In Proceedings of the Cryptographers' Track
of the RSA Conference (CT-RSA 2016). Springer, 2016, 219–
This research was conducted in the Distributed Systems Lab 235
of the University of Texas at Dallas. We would like to thank [13] Craig Ramsay & Jasper Lohuis, TEMPEST attacks
Rahul Haryan and Daniel Gracia for their help in against AES. October 2015.
implementing basic AES and SHA algorithms for Arduino. [14] Porambage, P., Schmitt, C., Kumar, P., Gurtov, A., &
Ylianttila, M. (2014, April). Two-phase authentication
REFERENCES protocol for wireless sensor networks in distributed IoT
[1] Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., & Carle, applications. In Wireless Communications and Networking
G. (2012, October). A DTLS based end-to-end security Conference (WCNC), 2014 IEEE (pp. 2728-2733). IEEE.
architecture for the Internet of Things with two-way [15] Porambage, P., Schmitt, C., Kumar, P., Gurtov, A., &
authentication. In Local Computer Networks Workshops (LCN Ylianttila, M. (2014). PAuthKey: A pervasive authentication
Workshops), 2012 IEEE 37th Conference on (pp. 956-963). protocol and key establishment scheme for wireless sensor
IEEE. networks in distributed IoT applications. International Journal
[2] Raza, S., Shafagh, H., Hewage, K., Hummen, R., & Voigt, of Distributed Sensor Networks, 10(7), 357430.
T. (2013). Lithe: Lightweight secure CoAP for the internet of [16] Dragan Peraković, Marko Periša, Ivan Cvitić "Analysis
things. IEEE Sensors Journal, 13(10), 3711-3720. of the IoT impact on volume of DDoS attacks" XXXIII
[3] Kalra, S., & Sood, S. K. (2015). Secure authentication Simpozijum o novim tehnologijama u poštanskom i
scheme for IoT and cloud servers. Pervasive and Mobile telekomunikacionom saobraćaju – PosTel 2015, Beograd, 1. i
Computing, 24, 210-223. 2. December 2015.
[4]
Danger, J. L., Guilley, S., Hoogvorst, P., Murdica, C., & [17] Khemissa, Hamza, and Djamel Tandjaoui. "A lightweight
Naccache, D. (2013). A synthesis of side-channel attacks on authentication scheme for e-health applications in the context
elliptic curve cryptography in smart-cards. Journal of of internet of things." Next Generation Mobile Applications,
Cryptographic Engineering, 3(4), 241-265. Services and Technologies, 2015 9th International Conference
[5] Barreto, L., Celesti, A., Villari, M., Fazio, M., & Puliafito, on. IEEE, 2015.
A. (2015, August). An authentication model for IoT clouds. [18] Cheikhrouhou, O., Koubaa, A., Boujelben, M., & Abid,
In Proceedings of the 2015 IEEE/ACM International M. (2010, May). A lightweight user authentication scheme for
Conference on Advances in Social Networks Analysis and wireless sensor networks. In Computer Systems and
Mining 2015 (pp. 1032-1035). ACM. Applications (AICCSA), 2010 IEEE/ACS International
[6] Jan, M. A., Nanda, P., He, X., Tan, Z., & Liu, R. P. (2014, Conference on (pp. 1-7). IEEE.
September). A robust authentication scheme for observing [19] Butun, I., Erol-Kantarci, M., Kantarci, B., & Song, H.
resources in the internet of things environment. In Trust, (2016). Cloud-centric multi-level authentication as a service
Security and Privacy in Computing and Communications for secure public safety device networks. IEEE
(TrustCom), 2014 IEEE 13th International Conference on (pp. Communications Magazine, 54(4), 47-53.
205-211). IEEE. [20] Prasithsangaree, Phongsak, and Prashant Krishnamurthy.
[7] Gai, K., Qiu, M., Xiong, Z. and Liu, M., 2018. Privacy- "Analysis of energy consumption of RC4 and AES algorithms
preserving multi-channel communication in Edge-of- in wireless LANs." Global Telecommunications Conference,
Things. Future Generation Computer Systems, 85, pp.190-200 2003. GLOBECOM'03. IEEE. Vol. 3. IEEE, 2003.
[8] Gai, K. and Qiu, M., 2017. Blend arithmetic operations on [21] Pammu, A. A., Chong, K. S., Ho, W. G., & Gwee, B. H.
tensor-based fully homomorphic encryption over real (2016, October). Interceptive side channel attack on AES-128
numbers. IEEE Transactions on Industrial Informatics wireless communications for IoT applications. In Circuits and
[9] Riahi, A., Challal, Y., Natalizio, E., Chtourou, Z., & Systems (APCCAS), 2016 IEEE Asia Pacific Conference on
Bouabdallah, A. (2013, May). A systemic approach for IoT (pp. 650-653). IEEE.
security. In Distributed Computing in Sensor Systems [22] Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J.
(DCOSS), 2013 IEEE International Conference on (pp. 351- (2017). DDoS in the IoT: Mirai and Other
355). IEEE. Botnets. Computer, 50(7), 80-84.
[10] Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. [23] Krawczyk, Hugo, Ran Canetti, and Mihir Bellare.
(2014). Security of the internet of things: Perspectives and "HMAC: Keyed-hashing for message authentication." (1997).
challenges. Wireless Networks, 20(8), 2481-2501. [24] Bormann, Carsten, Mehmet Ersue, and Ari
[11] Genkin, D., Pachmanov, L., Pipman, I., and Tromer, E. Keranen. Terminology for constrained-node networks. No.
Stealing keys from PCs using a radio: Cheap electromagnetic RFC 7228. 2014.
attacks on windowed exponentiation. In Proceedings of the [25] Rescorla, Eric, and Nagendra Modadugu. "Datagram
Workshop on Cryptographic Hardware and Embedded transport layer security version 1.2." (2012)
Systems (CHES 2015). Springer, 2015, 207–228.

824