Skip to main content
Log in

Extending hybrid approach to secure Trivial File Transfer Protocol in M2M communication: a comparative analysis

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Embedded Machine-to-Machine (M2M) is one of the hottest research topics in recent industrial Internet of Things. In order to serve the communication to effectively transfer data and messages between machines, the system must incorporate a file transfer protocol, known as Trivial File Transfer Protocol (TFTP). However, the main constraint is lack of security mechanism during TFTP Client–Server communication whereby its reliability is questionable as the protocol does not support any authentication or encryption methods, also provide no access control and zero protection from Man-In-The-Middle. Hence, in order to enhance the protocol security, hybrid security approach combining Diffie Hellman Key Exchange (DHKE) scheme and Advanced Encryption Standard symmetric encryption algorithm are proposed to be integrated into TFTP packet header. In this work, we present a performance comparison of three different protocols: the original TFTP protocol, TFTP protocol with single security extension, and our proposed TFTP protocol integrated with hybrid security approach to analyse the effectiveness of the method. The finding demonstrates that our proposed secure TFTP protocol generates comparable execution time as when implementing single encryption option, also more reliable to be used in the commercial system especially for low-cost M2M embedded infrastructure.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Severi, S., Abreu, G., Berens, F., Pastrone, C., Sottile, F., & Spirito, M. (2014). M2M technologies: Enablers for a pervasive internet of things. In The European conference on networks and communications (pp. 1–5).

  2. Kawamoto, Y., Nishiyama, H., Kato, N., & Yoshimura, N. (2014). Internet of things (IoT): Present state and future prospects. IEICE Transactions on Information and Systems, E97-D(10), 2568–2575.

    Article  Google Scholar 

  3. Suciu, G., Suciu, V., & Butca, C. (2014). Network management and monitoring using M2M sensor systems. In International symposium for design and technology in electronic packaging (pp. 175–178).

  4. Li, X., Ibrahim, M. H., Kumari, S., & Kumar, R. (2018). Secure and efficient anonymous authentication scheme for three-tier mobile healthcare systems with wearable sensors. Telecommunication Systems, 67(2), 323–348.

    Article  Google Scholar 

  5. Lear, E. (2003). Uniform Resource Identifier (URI) scheme and applicability statement for the Trivial File Transfer Protocol (TFTP). Request for Comments 3617. https://tools.ietf.org/html/rfc3617.

  6. Isa, M. A. M., Hashim, H., Adnan, S. F. S., Manan, J. A., & Mahmod, R. (2014). A secure TFTP protocol with security proofs. In Proceedings of the world congress on engineering (pp. 3–8).

  7. Singh, A., Singh, B., & Joseph, H. (2008). Vulnerability analysis for FTP and TFTP. In Vulnerability analysis and defense for the internet (pp. 71–77). Boston: Springer.

    Chapter  Google Scholar 

  8. Isa, M. A. M., Hashim, H., Ghafar, A. H. A., Adnan, S. F. S., & Mahmod, R. (2015). Cryptographic adversary model: Timing and power attacks. In Transactions on engineering technologies (pp. 585–598). Dordrecht: Springer.

    Google Scholar 

  9. Qiu, S. B., Yuan, B., & Zhang, K. L. (2008). Building TFTP server on embedded system. In International conference on wireless communications, networking and mobile computing (pp. 1–4).

  10. Adat, V., & Gupta, B. B. (2017). Security in internet of things: Issues, challenges, taxonomy, and architecture. Telecommunication Systems, 67(3), 423–441.

    Article  Google Scholar 

  11. Suciu, G., Butca, C., & Suciu, V. (2015). M2M sensors for future internet of things monitoring. In International conference on engineering of modern electric systems (EMES) (pp. 1–4).

  12. Hitachi Data Collection Agent. (2013). http://www.hitachi-solutions.co.jp/datacollection/.

  13. Isa, M. A. M., Hashim, H., Manan, J. A., Mahmod, R., & Othman, H. (2012). Integrity verification architecture (IVA) based security framework for windows operating system. In International conference on trust, security and privacy in computing and communications (pp. 1304–1309).

  14. Iitsuka, T., Saze, N., Chiba, N., Kase, N., Hiro, Y., & Imamura, Y. (2012). Hitachi cloud computing solutions for enterprise information systems. Hitachi Review, 61(2), 53–59.

    Google Scholar 

  15. Horvat, G., Ţagar, D., & Martinović, G. (2014). STFTP: Secure TFTP protocol for embedded multi-agent systems communication. Advances in Electrical and Computer Engineering, 13(2), 23–32.

    Article  Google Scholar 

  16. Barbeau, M., & Hall, J. (2006). Detecting impersonation attacks in future wireless and mobile networks. In Proceedings of international conference on secure mobile ad hoc networks and sensors (pp. 80–95).

  17. Liu, Q., & Zhang, Y. (2008). TFTP vulnerability finding technique based on fuzzing. Computer Communications, 31(14), 3420–3426.

    Article  Google Scholar 

  18. Masotta, P. (2015). TFTP Windowsize option. Request for Comments 7440. https://tools.ietf.org/html/rfc7440.

  19. Sieklik, B., MacFarlane, R., & Buchanan, W. J. (2016). Evaluation of TFTP DDoS amplification attack. Computers & Security, 57, 67–92.

    Article  Google Scholar 

  20. Alrabaee, S., Bataineh, A., Khasawneh, A., & Dssouli, R. (2014). Using model checking for trivial file transfer protocol validation. In International conference on communications and networking (ComNet) (pp. 1–7).

  21. Isa, M. A. M., Mohamed, N. N., Hashim, H., Adnan, S.F.S., Manan, J. A., & Mahmod, R. (2012). A lightweight and secure TFTP protocol for smart environment. In International symposium on computer applications and industrial electronic (pp. 302–306).

  22. Reddy, K. R., & Rao, C. M. (2018). GUI implementation of image encryption and decryption using Open CV-Python script on secured TFTP protocol. AIP Conference Proceedings, 1952(1), 020074.

    Article  Google Scholar 

  23. Ren, W. (2010). A hybrid encryption algorithm based on DES and RSA in bluetooth communication. In International conference on modeling, simulation and visualization methods (pp. 2–6).

  24. Singh, R., Panchbhaiya, I., Pandey, A., & Goudar, R. H. (2015). Hybrid Encryption Scheme (HES): An approach for transmitting secure data over internet. Procedia Computer Science, 48, 51–57.

    Article  Google Scholar 

  25. Azaim, M. H., Sudiharto, D. W., & Jadied, E. M. (2016). Design and implementation of encrypted SMS on android smartphone combining ECDSA-ECDH and AES. In Asia Pacific conference on multimedia and broadcasting (pp. 18–23).

  26. Ravikant, K., & Lilhore, U. K. (2016). Combined cryptographic standards for minimizing the decryption time of encrypted data using E-AES and D-AES. International Journal of Innovative Research in Computer and Communication Engineering, 4(11), 19783–19788.

    Google Scholar 

  27. Rewagad, M. P., & Pawar, M. Y. (2013). Use of digital signature with Diffie Hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In International conference on communication systems and network technologies (pp. 437–439).

  28. Sophia, S. G., & Prabakeran, S. (2016). Efficient and secure data sharing using AES and DHKE algorithm in cloud KCG College of Technology, Chennai, India. Middle-East Journal of Science Research, 24(SI), 126–131.

    Google Scholar 

  29. You, W., Shi, G., Chen, X., Qi, J., & Qing, C. (2017). Research on a hybrid system with perfect forward secrecy. In IEEE information technology, networking, electronic and automation control conference (pp. 1783–1787).

  30. Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 29–40.

    Article  Google Scholar 

  31. Kozierok, C. M. (2005). The TCP/IP guide. http://www.tcpipguide.com/free/t_TCPIPFileandMessageTransferApplicationsandProtocol.htm.

  32. Rescorla, E. (1999). Diffie Hellman key agreement method. Request for Comments 2631. https://tools.ietf.org/html/rfc2631.

  33. Paar, C., & Pelzl, J. (2009). Understanding cryptography: A textbook for students and practitioners. Springer Science & Business Media.

  34. Raymond, J. F., & Stiglic, A. (2002). Security issues in the Diffie-Hellman key agreement protocol. IEEE Transactions on Information Theory, 22, 1–17.

    Google Scholar 

  35. Mohamed, N. N., Yussoff, Y. M., Isa, M. A. M., & Hashim, H. (2017). Symmetric encryption using pre-shared public parameters for a secure TFTP protocol. Journal of Engineering Science & Technology, 12(1), 98–112.

    Google Scholar 

  36. Pal, O., & Alam, B. (2017). Diffie–Hellman key exchange protocol with entities authentication. International Journal of Engineering & Computer Science, 6(4), 20831–20839.

    Google Scholar 

  37. Yoon, E. J., & Yoo, K. Y. (2009). An efficient Diffie–Hellman–MAC key exchange scheme. In International conference on innovative computing, information and control (pp. 398–400).

  38. Li, N. (2010). Research on Diffie–Hellman key exchange protocol. IEEE International Conference on Computer Engineering and Technology, 3(4), 634–637.

    Google Scholar 

  39. Malkin, A. H. G. (1998). TFTP option extension. Request for Comments 2347. https://tools.ietf.org/html/rfc2347.

  40. Malkin, A. H. G. (1998). TFTP blocksize option. Request for Comments 2348. https://tools.ietf.org/html/rfc2348.

  41. Malkin, A. H. G. (1995). tftp timeout interval and transfer size options status. Request for Comments 2349. https://tools.ietf.org/html/rfc2349.

  42. Mohamed, N. N., Yussoff, Y. M., Kamarudin, N. H., & Hashim, H. (2017). New packet header support and key exchange mechanism for secure trivial file transfer protocol. International Journal of Electrical and Electronic Systems Research, 12(SI), 1–5.

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the Ministry of Higher Education for providing the NRGS Grant, 600-RMI/NRGS 5/3 (5/2013), Research Management Institute (RMI), and also Faculty of Electrical Engineering, Universiti Teknologi MARA (UiTM) for financial support of this research work.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nur Nabila Mohamed.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mohamed, N.N., Mohd Yussoff, Y., Mat Isa, M.A. et al. Extending hybrid approach to secure Trivial File Transfer Protocol in M2M communication: a comparative analysis. Telecommun Syst 70, 511–523 (2019). https://doi.org/10.1007/s11235-018-0522-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-018-0522-5

Keywords

Navigation