Abstract

The Internet of Things (IoT) is a network of devices (―things‖). These devices are embedded with
integrated circuits and other electronic components, sensors, and operating software to communicate and
exchange data with other devices and systems. In the IoT paradigm, most IoT components like electronic
tag readers and CCTVs are positioned in remote areas and non-trustable environments, such as roads,
highways, countryside, forests, and parking spaces. Unfortunately, most of these devices are left
unattended or in remote places which gives an attacker a comfortable scenario to not only intercept
transmission within range but also have physical access to components without being caught. This leaves
the said devices highly vulnerable, especially during communication. A 2-step security technique of first
using aggregatable signcryption (digital signature and encryption at each node) that enables special
signcryption ciphertexts intended for the same destination to be assembled in a compressed single
ciphertext while maintaining the same security standards in the system and secondly, implementing
obfuscation (aimed at making information more difficult to be understood by human beings while
maintaining its computational functions) was employed. Unfortunately, computers nowadays have very
high computational power making it easier to undo these security techniques. Hence, a solution is
proposed using network steganography. This is achieved by employing PadSteg; a type of network
steganography which hides data in padded segments of choice protocols (ARP/TCP/UDP/ICMP etc)
which will not be visible to an observer and hence impossible to decode regardless of computational
power.

Key words: Aggregatable, IoT, Obfuscatable, OSI RM, PadSteg, Signcryption, Steganography