Improving functionality, efficiency, and trustworthiness of secure communication on an internet diversified by mobile devices and the internet of things

Hiller, Jens; Wehrle, Klaus (Thesis advisor); Strufe, Thorsten (Thesis advisor)

Düren : Shaker Verlag (2023)
Book, Dissertation / PhD Thesis

In: Reports on communications and distributed systems 22
Page(s)/Article-Nr.: 1 Online-Ressource : Illustrationen, Diagramme

Dissertation, RWTH Aachen University, 2022

Abstract

Secure communication is essential for many use cases that exchange data over the Internet. However, prevalently used security protocols, e.g., TLS 1.2, have been standardized many years ago. At that time, the Internet was dominated by traditional devices and communication scenarios, especially location-bound workstations communicating with servers or cloud services. Since then, the advent of smartphones and the Internet of Things (IoT) introduced new scenarios with more diverse device types and use cases. Smartphones and their mobile apps enable the broad public to access Internet services from virtually everywhere and at any time. Similarly, the IoT, facilitated by the ability to access Internet resources even with small, tightly resource-constrained devices, enables use cases ranging from personal wearables to smart homes and smart cities, up to digitization in the industrial domain. Together with traditional Internet devices, smartphones and IoT devices thus shape a more diverse evolved Internet. The development to this evolved Internet motivates the question for a likewise evolved secure communication that fits new demands. To examine the need for improvements, we analyze the state of the art of secure communication for the different scenarios of the evolved Internet. Thereby, we focus on our primary goal to achieve advanced security, advanced privacy, a solid trust infrastructure for authentication, high efficiency, and an up-to-date and effective deployment. Our analysis reveals several open challenges, especially missing advanced security and privacy features for secure communication in the IoT, the need for increased efficiency of secure communication by smartphones, and the demand for efficient secure low-latency communication in the industrial IoT. Furthermore, also considering the traditional Internet, we identify open problems in the PKI-based trust infrastructure, and highlight the need to understand drivers and obstacles of the roll-out of new security mechanisms to improve their adoption and effective use. We tackle these open challenges with four contributions. As first contribution, we tailor onion routing and the Tor anonymity network to resource-constrained IoT devices. Thereby, we can increase user privacy by protecting the metadata of IoT communication, and also realize a resource-efficient in-network access control. Additionally, we enable IoT devices to use large and versatile secure communication stacks. In our second contribution, we increase secure communication efficiency by devising new best practices for the establishment of secure connections by smartphones and realizing secure low-latency communication for the industrial IoT. Our third contribution focuses on the trust infrastructure of secure communication. We provide a detailed risk analysis of cross-signing in the Web PKI, revealing that it can cause undesired certificate trust paths, and propose new rules and guidelines that preserve the positive effects of cross-signing while mitigating its risks. In our fourth contribution, we analyze drivers and obstacles for the effective roll-out of adapted security protocols and procedures focusing on the next-generation security protocol TLS 1.3 and the Certification Authority Authorization mechanism for the Web PKI. Overall, we show the need for adapting secure communication to the evolved Internet and present corresponding improvements.

Institutions

• Department of Computer Science [120000]
• Chair of Computer Science 4 (Communication and Distributed Systems) [121710]