Packet header support using hybrid security approach for securing trivial file transfer protocol in machine to machine applications / Nur Nabila Mohamed

Trivial File Transfer Protocol (TFTP) is noted as one of the well-known protocols for managing data transfer in Machine to Machine (M2M) constrained embedded system due to its lightweight features and compatibility. However, the protocol provides zero support for data authentication or encryption method, also lacks of access control mechanism and no protection from Man In The Middle (MITM) attack. The security flaw should not be ignored as the attackers can easily access, modify private information and install malicious codes to interrupt the communication especially during data collection and transmission. Here in this thesis study, a feasible hybrid security extension has been incorporated into the protocol combining the Hash-based Message Authentication Code and Diffie Hellman Key Exchange (HMAC-DHKE) to enable key agreement and Advanced Encryption Standard (AES) algorithm to perform data encryption/decryption. Upon achieving the first objective, a reasonable hybrid security mechanism has been identified and ratified to perform the shared secret and data encryption/decryption in TFTP. The proof of concept of the proposed scheme and analysis study are presented to demonstrate that the proposed work can mitigate at least MITM and impersonation attacks.