Visible to the public Biblio

Filters: Keyword is Web API  [Clear All Filters]
2021-01-20
Li, Y., Yang, Y., Yu, X., Yang, T., Dong, L., Wang, W..  2020.  IoT-APIScanner: Detecting API Unauthorized Access Vulnerabilities of IoT Platform. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—5.

The Internet of Things enables interaction between IoT devices and users through the cloud. The cloud provides services such as account monitoring, device management, and device control. As the center of the IoT platform, the cloud provides services to IoT devices and IoT applications through APIs. Therefore, the permission verification of the API is essential. However, we found that some APIs are unverified, which allows unauthorized users to access cloud resources or control devices; it could threaten the security of devices and cloud. To check for unauthorized access to the API, we developed IoT-APIScanner, a framework to check the permission verification of the cloud API. Through observation, we found there is a large amount of interactive information between IoT application and cloud, which include the APIs and related parameters, so we can extract them by analyzing the code of the IoT application, and use this for mutating API test cases. Through these test cases, we can effectively check the permissions of the API. In our research, we extracted a total of 5 platform APIs. Among them, the proportion of APIs without permission verification reached 13.3%. Our research shows that attackers could use the API without permission verification to obtain user privacy or control of devices.

2020-01-27
Takahashi, Ririka, Tanizawa, Yoshimichi, Dixon, Alexander.  2019.  A High-Speed Key Management Method for Quantum Key Distribution Network. 2019 Eleventh International Conference on Ubiquitous and Future Networks (ICUFN). :437–442.

Quantum Key Distribution (QKD) is a technique for sharing encryption keys between two adjacent nodes. It provides unconditional secure communication based on the laws of physics. From the viewpoint of network research, QKD is considered to be a component for providing secure communication in network systems. A QKD network enables each node to exchange encryption keys with arbitrary nodes. However previous research did not focus on the processing speed of the key management method essential for a QKD network. This paper focuses on the key management method assuming a high-speed QKD system for which we clarify the design, propose a high-speed method, and evaluate the throughput. The proposed method consists of four modules: (1) local key manager handling the keys generated by QKD, (2) one-time pad tunnel manager establishing the transparent encryption link, (3) global key manager generating the keys for application communication, and (4) web API providing keys to the application. The proposed method was implemented in software and evaluated by emulating QKD key generation and application key consumption. The evaluation result reveals that it is capable of handling the encryption keys at a speed of 414 Mb/s, 185 Mb/s, 85 Mb/s and 971 Mb/s, for local key manager, one-time pad tunnel manager, global key manager and web API, respectively. These are sufficient for integration with a high-speed QKD system. Furthermore, the method allows the high-speed QKD system consisting of two nodes to expand corresponding to the size of the QKD network without losing the speed advantage.