Hashed Passwords
According to security experts, one of the most secure IoT systems is one in which the hacker
cannot find anything worth stealing. To do this, one of the strategies which are used is the stor-
age of hashed passwords. If you are unaware about hash then it is a popular cryptographic
function which receives input and creates a response in the form of irreversible, distinct, and
consistent bits.
A well-designed hash algorithm is extremely unlikely to be reversed. In layman terms, after
the hashing of a password, one must not be able to re-arrange it to guess the original password.
However, this hash can help in the validation of the submitted passwords as whenever the same
input is applied, a hashing function creates the same result. Hashing function examples include
SHA-256, Blowfish, and MD5.
Among the popular hashing attack, one is called a look-up table or rainbow table. Such a
table is filled with common input of text data along with their respected output. Hackers can
use this table to rearrange or reverse the output of a hash. Once a cybercriminal is successful
in compromising a system and retrieving a list contain passwords hashes, then it does not long
take to re-arrange the hashes and view the actual values.
It is possible to mitigate such attacks with the help of a strategy known as Salt. Salt is a
series of random characters which are added in a string prior to the hashing process. The salt
stores the output of the hash as well but it modifies itself after each computation of a hash
which means a single salt cannot be used by 2 or more hashes. Since, the salt applies random-
ization to the salt and increases its length; therefore the rainbow table no more provides any
use. Now, it will be too computationally tricky for hackers to create look-up tables for all the
random and large strings.
Private Key Authentication
Asymmetric encryption is a part of private key cryptography. Asymmetric encryption
consists of two types of keys: public and private. When encryption is applied via the private
key then the decryption is only possible with a public key. The protection of the private key
helps an IoT system to securely interact with other parties as well with remote machines
authentication. Such cryptography aspects are especially a good choice for IoT systems for
two use cases.
Firstly, if a system attempts to join a network of IoT then it helps in the authentication
process. For instance, a central MQTT broker may receive a connection from an end node so it
can create the data upstream. The use of a private key in authentication provides every machine
with a distinct and hidden identifier to establish a connection with the network. The length of a
private key ensures that the popular hacking strategy of a brute-force attack is rendered useless.
Another area where private keys can assist is to verify the exchange of messages between
multiple devices. A hashing algorithm can be used for processing a message after which pri-
vate key encryption is applied to it and it gets attached to it. Subsequently, a message receiver
decrypts the hack with the use of a public key, confirming that only a private key holder has the
capability to create it.
In the end, validation is applied for the hashing algorithm to make sure that there was no
sort of compromise with the message and it was not intercepted by a third party. Such, elec-
tronic signature can prove valuable in circumstances where there is an issue of unavailability of
secure communication channels.
Chapter 12 Holistic View on IoT Security 313
Internet_of_Things_CH12_pp309-326.indd 313 9/3/2019 10:16:42 AM
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.188.40.207