Freitag, 01.07.2022, 9:00 Uhr

Improving Functionality, Efficiency, and Trustworthiness of Secure Communication on an Internet diversified by Mobile Devices and the Internet of Things



Secure communication is essential for many use cases that exchange data over the Internet. However, prevalently used security protocols, e.g., TLS 1.2, have been standardized many years ago. At that time, the Internet was dominated by traditional devices and communication scenarios, especially location-bound workstations communicating with servers or cloud services. Since then, the advent of smartphones and the Internet of Things (IoT) introduced new scenarios with more diverse device types and use cases. The development to this evolved Internet motivates the question for a likewise evolved secure communication that fits new demands. To examine the need for improvements, we analyze the state of the art of secure communication for the different scenarios of the evolved Internet. Our analysis reveals several open challenges, especially missing advanced security and privacy features for secure communication in the IoT, the need for increased efficiency of secure communication by smartphones, and the demand for efficient secure low-latency communication in the industrial IoT. Furthermore, also considering the traditional Internet, we identify open problems in the PKI-based trust infrastructure, and highlight the need to understand drivers and obstacles of the roll-out of new security mechanisms to improve their adoption and effective use. We tackle these open challenges with four contributions. First, we tailor the Tor anonymity network to resource-constrained IoT devices to protect the metadata of IoT communication and also realize a resource-efficient in-network access control. Additionally, we enable IoT devices to use large and versatile secure communication stacks. Second, we increase secure communication efficiency by realizing secure low-latency communication for the industrial IoT. Moreover, we devise more efficient best practices for the establishment of secure connections by smartphones. Third, focusing on the trust infrastructure of secure communication, we provide a detailed risk analysis of cross-signing in the Web PKI, revealing that it can cause undesired certificate trust paths. Fourth, we analyze drivers and obstacles for the effective roll-out of adapted security protocols and procedures based on measurements of TLS 1.3 and Certification Authority Authorization. Overall, we show the need for adapting secure communication to the evolved Internet and present corresponding improvements.


Es laden ein: die Dozentinnen und Dozenten der Informatik