Composable Distributed Access Control and Integrity Policies for Query-Based Wireless Sensor Networks

An expected requirement of wireless sensor networks (WSN) is the support of a vast number of users while permitting limited access privileges. While WSN nodes have severe resource constraints, WSNs will need to restrict access to data, enforcing security policies to protect data within WSNs. To date, WSN security has largely been based on encryption and authentication schemes. WSN Authorization Specification Language (WASL) is specified and implemented using tools coded in JavaTM. WASL is a mechanism{independent policy language that can specify arbitrary, composable security policies. The construction, hybridization, and composition of well{known security models is demonstrated and shown to preserve security while providing for modifications to permit inter{network accesses with no more impact on the WSN nodes than any other policy update. Using WASL and a naive data compression scheme, a multi-level security policy for a 1000-node network requires 66 bytes of memory per node. This can reasonably be distributed throughout a WSN. The compilation of a variety of policy compositions are shown to be feasible using a notebook{class computer like that expected to be performing typical WSN management responsibilities

The Sensor Network Workbench: Towards Functional Specification, Verification and Deployment of Constrained Distributed Systems

As the commoditization of sensing, actuation and communication hardware increases, so does the potential for dynamically tasked sense and respond networked systems (i.e., Sensor Networks or SNs) to replace existing disjoint and inflexible special-purpose deployments (closed-circuit security video, anti-theft sensors, etc.). While various solutions have emerged to many individual SN-centric challenges (e.g., power management, communication protocols, role assignment), perhaps the largest remaining obstacle to widespread SN deployment is that those who wish to deploy, utilize, and maintain a programmable Sensor Network lack the programming and systems expertise to do so. The contributions of this thesis centers on the design, development and deployment of the SN Workbench (snBench). snBench embodies an accessible, modular programming platform coupled with a flexible and extensible run-time system that, together, support the entire life-cycle of distributed sensory services. As it is impossible to find a one-size-fits-all programming interface, this work advocates the use of tiered layers of abstraction that enable a variety of high-level, domain specific languages to be compiled to a common (thin-waist) tasking language; this common tasking language is statically verified and can be subsequently re-translated, if needed, for execution on a wide variety of hardware platforms. snBench provides: (1) a common sensory tasking language (Instruction Set Architecture) powerful enough to express complex SN services, yet simple enough to be executed by highly constrained resources with soft, real-time constraints, (2) a prototype high-level language (and corresponding compiler) to illustrate the utility of the common tasking language and the tiered programming approach in this domain, (3) an execution environment and a run-time support infrastructure that abstract a collection of heterogeneous resources into a single virtual Sensor Network, tasked via this common tasking language, and (4) novel formal methods (i.e., static analysis techniques) that verify safety properties and infer implicit resource constraints to facilitate resource allocation for new services. This thesis presents these components in detail, as well as two specific case-studies: the use of snBench to integrate physical and wireless network security, and the use of snBench as the foundation for semester-long student projects in a graduate-level Software Engineering course

Sensorsimulator: simulation framework for sensor networks

Wireless sensor networks have the potential to become significant subsystems of engineering applications. Before relegating important and safety-critical tasks to such subsystems, it is necessary to understand the dynamic behavior of these subsystems in simulation environments. There is an urgent need to develop a simulation platform that is useful to explore both the networking issues and the distributed computing aspects of wireless sensor networks. Current approaches to simulating wireless sensor networks largely focus on the networking issues. These approaches use well-known network simulation tools that are often difficult to extend to explore distributed computing issues. Discrete-event simulation is a trusted platform for modeling and simulation of a variety of systems. SensorSimulator is a discreet event simulation framework for sensor networks built over OMNeT++. It is a customizable and an extensible framework for wireless sensor network simulation. This framework allows the user to debug and test software for distributed sensor networks independent of hardware constraints. The extensibility of SensorSimulator allows developers and researchers to investigate topological, phenomenological, networking, robustness and scaling issues, to explore arbitrary algorithms for distributed sensors, and to defeat those algorithms through simulated failure. The framework provides modules for various layers. Applications can be implemented by using these framework modules by sub classing the framework classes and customizing their behavior at various network layers. We validate and demonstrate the usability of these capabilities through analyzing the simulation results of Directed Diffusion and GEAR. A comparison study of performance of SensorSimulator v/s NS2 for various network densities and traffic have shown that SensorSimulator is able to achieve higher scalability and requires less time for execution

Software Protection and Secure Authentication for Autonomous Vehicular Cloud Computing

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC. In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our vision of a layer-based approach to thoroughly study state-of-the-art literature in the realm of AVs. Particularly, we examined some cyber-attacks and compared their promising mitigation strategies from our perspective. Then, we focused on two security issues involving AVCC: software protection and authentication. For the first problem, our concern is protecting client’s programs executed on remote AVCC resources. Such a usage scenario is susceptible to information leakage and reverse-engineering. Hence, we proposed compiler-based obfuscation techniques. What distinguishes our techniques, is that they are generic and software-based and utilize the intermediate representation, hence, they are platform agnostic, hardware independent and support different high level programming languages. Our results demonstrate that the control-flow of obfuscated code versions are more complicated making it unintelligible for timing side-channels. For the second problem, we focus on protecting AVCC from unauthorized access or intrusions, which may cause misuse or service disruptions. Therefore, we propose a strong privacy-aware authentication technique for users accessing AVCC services or vehicle sharing their resources with the AVCC. Our technique modifies robust function encryption, which protects stakeholder’s confidentiality and withstands linkability and “known-ciphertexts” attacks. Thus, we utilize an authentication server to search and match encrypted data by performing dot product operations. Additionally, we developed another lightweight technique, based on KNN algorithm, to authenticate vehicles at computationally limited charging stations using its owner’s encrypted iris data. Our security and privacy analysis proved that our schemes achieved privacy-preservation goals. Our experimental results showed that our schemes have reasonable computation and communications overheads and efficiently scalable

Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services

Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings

The Design and Use of a Smartphone Data Collection Tool and Accompanying Configuration Language

Understanding human behaviour is key to understanding the spread of epidemics, habit dispersion, and the efficacy of health interventions. Investigation into the patterns of and drivers for human behaviour has often been facilitated by paper tools such as surveys, journals, and diaries. These tools have drawbacks in that they can be forgotten, go unfilled, and depend on often unreliable human memories. Researcher-driven data collection mechanisms, such as interviews and direct observation, alleviate some of these problems while introducing others, such as bias and observer effects. In response to this, technological means such as special-purpose data collection hardware, wireless sensor networks, and apps for smart devices have been built to collect behavioural data. These technologies further reduce the problems experienced by more traditional behavioural research tools, but often experience problems of reliability, generality, extensibility, and ease of configuration. This document details the construction of a smartphone-based app designed to collect data on human behaviour such that the difficulties of traditional tools are alleviated while still addressing the problems faced by modern supplemental technology. I describe the app's main data collection engine and its construction, architecture, reliability, generality, and extensibility, as well as the programming language developed to configure it and its feature set. To demonstrate the utility of the tool and its configuration language, I describe how they have been used to collect data in the field. Specifically, eleven case studies are presented in which the tool's architecture, flexibility, generality, extensibility, modularity, and ease of configuration have been exploited to facilitate a variety of behavioural monitoring endeavours. I further explain how the engine performs data collection, the major abstractions it employs, how its design and the development techniques used ensure ongoing reliability, and how the engine and its configuration language could be extended in the future to facilitate a greater range of experiments that require behavioural data to be collected. Finally, features and modules of the engine's encompassing system, iEpi, are presented that have not otherwise been documented to give the reader an understanding of where the work fits into the larger data collection and processing endeavour that spawned it

EDALoCo: Enhancing the accessibility of blockchains through a low-code approach to the development of event-driven applications for smart contract management

Blockchain is a cutting-edge technology based on a distributed, secure and immutable ledger that facilitates the registration of transactions and the traceability of tangible and intangible assets without requiring central governance. The agreements between the nodes participating in a blockchain network are defined through smart contracts. However, the compilation, deployment, interaction and monitoring of these smart contracts is a barrier compromising the accessibility of blockchains by non-expert developers. To address this challenge, in this paper, we propose a low-code approach, called EDALoCo, that facilitates the development of event-driven applications for smart contract management. These applications make blockchain more accessible for software developers who are non-experts in this technology as these can be modeled through graphical flows, which specify the communications between data producers, data processors and data consumers. Specifically, we have enhanced the open-source Node-RED low-code platform with blockchain technology, giving support for the creation of user-friendly and lightweight event-driven applications that can compile and deploy smart contracts in a particular blockchain. Additionally, this platform extension allows users to interact with and monitor the smart contracts already deployed in a blockchain network, hiding the implementation details from non-experts in blockchain. This approach was successfully applied to a case study of COVID-19 vaccines to monitor and obtain the temperatures to which these vaccines are continuously exposed, to process them and then to store them in a blockchain network with the aim of making them immutable and traceable to any user. As a conclusion, our approach enables the integration of blockchain with the low-code paradigm, simplifying the development of lightweight event-driven applications for smart contract management. The approach comprises a novel open-source solution that makes data security, immutability and traceability more accessible to software developers who are non-blockchain experts

IoTSan: Fortifying the Safety of IoT Systems

Today's IoT systems include event-driven smart applications (apps) that interact with sensors and actuators. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause unsafe and dangerous physical states. Detecting flaws that lead to such states, requires a holistic view of installed apps, component devices, their configurations, and more importantly, how they interact. In this paper, we design IoTSan, a novel practical system that uses model checking as a building block to reveal "interaction-level" flaws by identifying events that can lead the system to unsafe states. In building IoTSan, we design novel techniques tailored to IoT systems, to alleviate the state explosion associated with model checking. IoTSan also automatically translates IoT apps into a format amenable to model checking. Finally, to understand the root cause of a detected vulnerability, we design an attribution mechanism to identify problematic and potentially malicious apps. We evaluate IoTSan on the Samsung SmartThings platform. From 76 manually configured systems, IoTSan detects 147 vulnerabilities. We also evaluate IoTSan with malicious SmartThings apps from a previous effort. IoTSan detects the potential safety violations and also effectively attributes these apps as malicious.Comment: Proc. of the 14th ACM CoNEXT, 201