, DIscovery and REgistration Protocol: For Device and Person Identity Management in, IoT -13th International Conference on Information Systems Security, 2017.
, Detection and response to Data Exfiltration from Internet of Things Android Devices-24th IFIP World Computer Congress, 2018.
, CoAP Enhancement For a Better IoT Centric Protocol: CoAP2.0. 5th International Conference on Internet of Things: Systems, Management and Security, 2018.
, A certificateless key exchange protocol for IoT, The 13th International Conference on Risks and Security of Internet and Systems, p.28, 2008.
, Rodin: an open toolset for modelling and reasoning in Event-B, vol.12, p.105, 2010.
, Authentication and authorization for constrained environments (ace), vol.40, p.51, 2017.
, Imperfect forward secrecy: How diffie-hellman fails in practice, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, vol.67, p.130, 2015.
, , p.97, 2001.
, Bonjour printing specification, vol.44, p.45, 2003.
, Dynamic configuration of ipv4 link-local addresses, p.45, 2005.
, The avispa tool for the automated validation of internet security protocols and applications, International conference on computer aided verification, p.29, 2005.
URL : https://hal.archives-ouvertes.fr/inria-00000408
, Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps, Acm Sigplan Notices, vol.49, issue.6, p.79, 2014.
, Fido u2f implementation considerations. FIDO Alliance Proposed Standard, p.14, 2015.
, M2m security: Challenges and solutions, IEEE Communications Surveys & Tutorials, vol.18, issue.2, p.76, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01236511
, On the utility of chirp modulation for digital signaling, IEEE Transactions on Communications, vol.21, issue.6, pp.748-751, 1973.
, Comparative study on ieee, International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE), vol.2, issue.7, pp.687-691, 2013.
, Digital imaging services using ptp (picture transfer protocol), Consumer Electronics, 2002. ICCE. 2002 Digest of Technical Papers. International Conference on, p.80, 2002.
, Authenticated diffe-hellman key agreement protocols, International Workshop on Selected Areas in Cryptography, p.75, 1998.
, The decision diffie-hellman problem, International Algorithmic Number Theory Symposium, p.66, 1998.
, Terminology for constrained-node networks, vol.43, p.65, 2014.
, Oauth 2.0 for native apps, p.23, 2017.
, An incremental development of the Mondex system in Event-B. Formal Aspects of Computing, vol.20, p.28, 2008.
, Privacy in the clouds, Identity in the Information Society, vol.1, issue.1, p.17, 2008.
, The Dolev-Yao intruder is the most powerful attacker, 16th Annual Symposium on Logic in Computer Science LICS, vol.1, p.32, 2001.
, Identity-based key agreement protocols from pairings, International Journal of Information Security, vol.6, issue.4, p.75, 2007.
, DNS-based service discovery, 2013.
, Iot-oas: an oauth-based authorization service architecture for secure services in iot scenarios, IEEE Sensors Journal, vol.15, issue.2, p.41, 2015.
, C. Community. C.h.i.p community, p.59, 2018.
, An introduction to LTE: LTE, LTE-advanced, SAE and 4G mobile communications, 2012.
, State of the art of smart homes, Engineering Applications of Artificial Intelligence, vol.25, issue.7, pp.1313-1321, 2012.
, Bilinear forms over a finite field, with applications to coding theory, Journal of Combinatorial Theory, Series A, vol.25, issue.3, p.67, 1978.
, the internet of things":how the next evolution of the internet is changing everything, 2011.
, New directions in cryptography. IEEE transactions on Information Theory, vol.22, p.65, 1976.
, Exfiltrating data from android devices, Computers & Security, vol.48, p.92, 2015.
, Data exfiltration from internet of things devices: ios devices as case studies, IEEE Internet of Things Journal, vol.4, issue.2, p.92, 2017.
, Domain name system (dns) iana considerations, vol.46, p.53, 2013.
, Ten risks of pki: What you're not being told about public key infrastructure, Comput Secur J, vol.16, issue.1, p.73, 2000.
, Internet of people, things and services-the convergence of security, trust and privacy, Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones, vol.32, p.92, 2009.
, Internet Engineering Task Force. Certificate credentials for ACE framework. Internet-Draft draft-erdtman-ace-certificate-credential-00, 2016.
, Espressif systems socs, p.75, 2014.
, General data protection regulation, 2018.
, The many faces of publish/subscribe, ACM computing surveys (CSUR), vol.35, issue.2, p.46, 2003.
, The internet of things: How the next evolution of the internet is changing everything, vol.1, pp.1-11, 2011.
, Ieee 802.11 af: A standard for tv white space spectrum sharing, IEEE Communications Magazine, vol.51, issue.10, pp.92-100, 2013.
URL : https://hal.archives-ouvertes.fr/hal-02184618
, Federated identity and access management for the internet of things, Secure Internet of Things (SIoT, p.13, 2014.
, A bill of rights for the internet of things, p.17, 2013.
, Scandroid: Automated security certification of android, p.79, 2009.
, Transmission of ipv6 packets over ieee 802.15.4 networks, 2007.
, A modeling approach to federated identity and access management, Special interest tracks and posters of the 14th international conference on World Wide Web, p.13, 2005.
, Catching the z-wave, The digital universe in 2020: Big data, bigger digital shadows, and biggest growth in the far east. IDC iView: IDC Analyze the future, pp.1-16, 2006.
, , p.75, 2014.
, Delegated CoAP Authentication and Authorization Framework (DCAF), p.40, 2014.
, Internet Engineering Task Force. An architecture for authorization in constrained environments, 2016.
, Overview and evaluation of bluetooth low energy: An emerging low-power wireless technology, Sensors, vol.12, issue.9, pp.11734-11753, 2012.
, Protection against code obfuscation attacks based on control dependencies in android systems, Software Security and Reliability-Companion (SERE-C), vol.45, p.79, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01010902
, Detecting control flow in smarphones: Combining static and dynamic analyses, Cyberspace Safety and Security, p.92, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00785180
, , 2016.
, Tracking explicit and control flows in Java and native Android apps code, ICISSP 2016 : 2nd International Conference on Information Systems Security and Privacy, volume Proceedings of the 2nd International Conference on Information Systems Security and Privacy, vol.79, p.92, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01385196
, Internet of things (iot): A vision, architectural elements, and future directions, Cyber-enabled Distributed Computing for Ubiquitous Cloud and Network Services & Cloud Computing and Scientific Applications ?Äî Big Data, Scalable Analytics, and Beyond, vol.29, pp.1645-1660, 2013.
, Internet of things (iot): A vision, architectural elements, and future directions, Future generation computer systems, vol.29, issue.7, p.79, 2013.
, Primitive points on elliptic curves, Compositio mathematica, vol.58, issue.1, p.66, 1986.
, , 2004.
, Comparing elliptic curve cryptography and rsa on 8-bit cpus, International workshop on cryptographic hardware and embedded systems, p.65, 2004.
, Usbee: air-gap covertchannel via electromagnetic emission from usb, Privacy, Security and Trust (PST), 2016 14th Annual Conference on, p.92, 2016.
, The oauth 2.0 authorization framework, vol.10, p.51, 2012.
, , 2011.
, These aren't the droids you're looking for: Retrofitting android to protect data from imperious applications, Proceedings of the 18th ACM conference on Computer and communications security, p.92, 2011.
, Internet x. 509 public key infrastructure certificate and crl profile, p.68, 1998.
, An empirical examination of consumer adoption of internet of things services: Network externalities and concern for information privacy perspectives, Computers in Human Behavior, vol.62, p.79, 2016.
, Cyber attack: hackers 'weaponised' everyday devices with malware. The Guardian, vol.21, p.102, 2016.
, Bittersweet adb: Attacks and defenses, Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, p.92, 2015.
, Itu strategy and policy unit (spu),the internet of things executive summary, 2005.
, Json web algorithms (jwa), p.81, 2015.
, Json web signature (jws), p.81, 2015.
, Json web encryption (jwe), JSON Web Token (JWT). RFC, vol.7519, p.85, 1980.
, CBOR Web Token (CWT), vol.8392, p.61, 2018.
, Identity-based signatures, Identity-Based Cryptography, vol.2, p.75, 2009.
, The stuxnet attack on iran?Äôs nuclear plant was ?Äòfar more dangerous?Äô than previously thought, Business Insider, vol.20, p.76, 2013.
, Simurgh: A framework for effective discovery, programming, and integration of services exposed in IoT, Recent Advances in Internet of Things (RIoT), 2015 International Conference on, p.24, 2015.
, A survey on ieee 802.11 ah: An enabling networking technology for smart cities, Computer Communications, vol.58, issue.4, pp.53-69, 2015.
, Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach, 2nd IEEE European Symposium on Security and Privacy (EuroS&P'17), vol.29, p.87, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01575923
, Introduction to elliptic curves and modular forms, vol.97, p.66, 2012.
, , 2013.
, DTLS based security and two-way authentication for the Internet of Things, Ad Hoc Networks, vol.11, issue.8, p.40, 2013.
, Hmqv: A high-performance secure diffie-hellman protocol, Annual International Cryptology Conference, p.75, 2005.
, Mtp: a movie transmission protocol for multimedia applications, ACM SIGCOMM Computer Communication Review, vol.22, issue.3, p.81, 1992.
, Stuxnet: Dissecting a cyberwarfare weapon, IEEE Security & Privacy, vol.9, issue.3, p.69, 2011.
, , 2013.
, Injecting malware into ios devices via malicious chargers, p.92, 2013.
, The number field sieve, The development of the number field sieve, p.67, 1993.
URL : https://hal.archives-ouvertes.fr/inria-00108061
, Performance analysis of multiuser selection scheme in dynamic home area networks for smart grid communications, IEEE Transactions on Smart Grid, vol.4, issue.1, pp.13-20, 2013.
, Pyrit code source. 2013. 73 [Lueg 2013b] L. Lueg. The twilight of wi-fi protected access, p.73, 2013.
, An adaptive cognition system for smart grids with context awareness and fault tolerance, IEEE Transactions on Smart Grid, vol.5, issue.3, pp.1246-1253, 2014.
, Fido uaf review draft spec set. FIDO Alliance Proposed Standard, p.14, 2014.
, Federated authorization for user-managed access (uma) 2.0, p.11, 2018.
, User-managed access (uma) 2.0 grant for oauth 2.0 authorization, p.11, 2018.
, Disruptive technologies: Advances that will transform life, business, and the global economy, McKinsey Global Institute, vol.180, issue.6, 2013.
, On seeking smart public-key-distribution systems, IEICE TRANSACTIONS, vol.69, issue.2, p.75, 1976.
, Smart home communication technologies and applications: Wireless protocol assessment for home area network resources, Energies, vol.8, issue.7, pp.7279-7311, 2015.
, Esp header compression and diet-esp. Internet Engineering Task Force, p.76, 2004.
, Diet-esp: Ip layer security for iot, Journal of Computer Security, vol.25, issue.2, p.76, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01518274
, Use of elliptic curves in cryptography, Conference on the theory and application of cryptographic techniques, p.66, 1985.
, Attacks on IoT devices more than doubled in 2015, study shows ?Äì HOTforSecurity, vol.21, p.102, 2016.
, Ipv6 over lowpower wireless personal area networks (6lowpans): Overview, assumptions, problem statement, and goals, 2007.
, Efficient authentication and key management mechanisms for smart grid communications, IEEE systems journal, vol.8, issue.2, p.75, 2014.
, Power profiling: Https long polling vs. mqtt with ssl, on android, vol.25, p.46, 2012.
, Popular Internet of Things Forecast of 50 Billion Devices by 2020 Is Outdated, p.79, 2016.
, Message recovery for signature schemes based on the discrete logarithm problem, Workshop on the Theory and Application of of Cryptographic Techniques, p.65, 1994.
, Arduino Client for MQTT, p.35, 2009.
, Zeroconf and UPnP techniques, p.45, 2007.
, Coordinated scheduling of residential distributed energy resources to optimize smart home energy services, CoAP Pub-Sub Profile for Authentication and Authorization for Constrained Environments (ACE), vol.50, pp.134-143, 2010.
, the caffeinemark java performance test, p.91, 1997.
, Lithe: Lightweight secure CoAP for the internet of things, IEEE Sensors Journal, vol.13, issue.10, p.61, 2013.
, 6lowpan compressed DTLS for CoAP, 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems, vol.4, p.40, 2012.
, 6lowpan compressed DTLS for CoAP, 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems, p.76, 2012.
, Openid connect core 1.0 incorporating errata set 1. The OpenID Foundation, specification, p.70, 2014.
, Universal 2nd factor (u2f) overview, p.14, 2014.
, Use of the advanced encryption standard (aes) encryption algorithm in cryptographic message syntax (cms), 2003.
, J. Schaad. CBOR Object Signing and Encryption (COSE). RFC, vol.8152, p.61, 2017.
, Authenticated id-based key exchange and remote log-in with simple token and pin number, IACR Cryptology ePrint Archive, p.75, 2002.
, Detecting data exfiltration by integrating information across layers, Information Reuse and Integration (IRI), p.92, 2013.
, The Constrained Application Protocol (CoAP), vol.76, p.106, 2014.
, Efficient id-based authenticated key agreement protocol based on weil pairing, Electronics Letters, vol.39, issue.8, p.75, 2003.
, Sigfox : Radio technology keypoints, 2012.
, The discrete logarithm problem on elliptic curves of trace one, Journal of cryptology, vol.12, issue.3, p.65, 1999.
, Identity-based authenticated key agreement protocol based on weil pairing, Electronics letters, vol.38, issue.13, p.75, 2002.
, No free charge theorem: A covert channel via usb charging cable on mobile devices, International Conference on Applied Cryptography and Network Security, p.92, 2017.
, The next generation of the internet revolutionizing the way we work, live, play, and learn, vol.12, 2013.
, Performance evaluation of mqtt and coap via a common middleware, Intelligent Sensors, Sensor Networks and Information Processing, p.44, 2014.
, Fitbit users are unwittingly sharing details of their sex lives with the world, vol.22, p.102, 2013.
, The first $9 computer. 2016. 58 [Thuresson 2006] M. Thuresson. Z-wave, zigbee compete to become standard. NIKKEI ELECTRONICS ASIA, p.32, 2006.
, Defending against malicious usb firmware with goodusb, Proceedings of the 31st Annual Computer Security Applications Conference, p.92, 2015.
, A survey on identity management for the future network, IEEE Communications Surveys & Tutorials, vol.15, issue.2, p.95, 2013.
URL : https://hal.archives-ouvertes.fr/hal-01168795
, The OAuth 2.0 Internet of Things (IoT) Client Credentials Grant, p.40, 2014.
, Three innovative directions based on secure elements for trusted and secured iot platforms, New Technologies, Mobility and Security (NTMS), p.65, 2016.
, Brute forcing wi-fi protected setup. when poor design meets poor implementation, p.73, 2011.
, Cryptanalysis and improvement of an elliptic curve diffie-hellman key agreement protocol, IEEE Communications Letters, vol.12, issue.2, p.75, 2008.
, Exposing security risks for commercial mobile devices, International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, p.92, 2012.
, Flask-OAuthlib ?Äî Flask-OAuthlib 0.9.3 documentation, p.35, 2013.
, Efficient energy consumption and operation management in a smart building with microgrid, Energy Conversion and Management, vol.74, issue.6, pp.209-222, 2013.
, Distributed intrusion detection system in a multi-layer network architecture of smart grids, IEEE Trans. Smart Grid, vol.2, issue.4, pp.796-808, 2011.
,
, 35 2.6 Class diagram of the IS implementation
, 47 3.2 Content-based Pub/Sub interactions, Topic-based Pub/Sub interactions
,
,
,
, A client registers and receives one notification of the current state and one of a new state upon a state change, p.51
, Basic access control use case in IoT
, A Client Registers and Receives Notifications of the Current State according to the Rule: 18 < State ? 22
, The Logjam attack on TLS, p.68
, A certification path from the certificate owner to the Root CA, p.69
, M7 are messages exchanged during the WPA authentication with PIN
, Security model of the protocol, vol.87
, Android system device notifications
,
, Discovery and Registration protocol flow