Establishing trusted Machine-to-Machine communications in the Internet of Things through the use of behavioural tests

Today, the Internet of Things (IoT) is one of the most important emerging technologies. Applicable to several fields, it has the potential to strongly influence people’s lives. “Things” are mostly embedded machines, and Machine-to-Machine (M2M) communications are used to exchange information. The main aspect of this type of communication is that a “thing” needs a mechanism to uniquely identify other “things” without human intervention. For this purpose, trust plays a key role. Trust can be incorporated in the smartness of “things” by using mobile “agents”. From the study of the IoT ecosystem, a new threat against M2M communications has been identified. This relates to the opportunity for an attacker to employ several forged IoT-embedded machines that can be used to launch attacks. Two “things-aware” detection mechanisms have been proposed and evaluated in this work for incorporation into IoT mobile trust agents. These new mechanisms are based on observing specific thing-related behaviour obtained by using a characterisation algorithm. The first mechanism uses a range of behaviours obtained from real embedded machines, such as threshold values, to detect whether a target machine is forged. This detection mechanism is called machine emulation detection algorithm (MEDA). MEDA takes around 3 minutes to achieve a detection accuracy of 79.21%, with 44.55% of real embedded machines labelled as belonging to forged embedded machines. These results indicated a need to develop a more accurate and faster detection method. Therefore, a second mechanism was created and evaluated. A dataset composed of behaviours from real, virtual and emulated embedded systems that can be part of the IoT was created. This was used for both training and testing classification methods. The results identified Random Forest (RF) as the most efficient method, recognising forged embedded machines in only 5 seconds with a detection rate of around 99.5%. It follows that this solution can be applied in real IoT scenarios with critical conditions. In the final part of this thesis, an attack against these new mechanisms has been proposed. This consists of using a modified kernel of a powerful machine to mimic the behaviour of a real IoT-embedded machine, referred to as a fake timing attack (FTA). Two metrics, mode and median from ping response time, have been found to effectively detect this attack. The final detection method involves combining RF and k-Nearest Neighbour to successfully detect forged embedded machines and FTA in only 40 seconds, with an overall detection performance (ODP) of 99.9% and 93.70% respectively. This method also was evaluated using behaviours from embedded machines that were not present in the training set. The results from that evaluation demonstrate that the proposed solution can detect embedded machines unknown to the method, both real and virtual, with an ODP of 99.96% and 99.92% respectively. In summary, a new algorithm able to detect forged embedded machines easily, quickly and with very high accuracy has been developed. The proposed method addresses the challenge of securing present and future M2M-embedded machines with power-constrained resources and can be applied to real IoT scenarios

\u3ci\u3eKabul Times\u3c/i\u3e, June 1973

Kabul Times, June 1973 *This is a large file and may take a couple of minutes to download

\u3ci\u3eKabul Times\u3c/i\u3e, June 1973

Kabul Times, June 1973 *This is a large file and may take a couple of minutes to download

Anales del XIII Congreso Argentino de Ciencias de la Computación (CACIC)

Contenido: Arquitecturas de computadoras Sistemas embebidos Arquitecturas orientadas a servicios (SOA) Redes de comunicaciones Redes heterogéneas Redes de Avanzada Redes inalámbricas Redes móviles Redes activas Administración y monitoreo de redes y servicios Calidad de Servicio (QoS, SLAs) Seguridad informática y autenticación, privacidad Infraestructura para firma digital y certificados digitales Análisis y detección de vulnerabilidades Sistemas operativos Sistemas P2P Middleware Infraestructura para grid Servicios de integración (Web Services o .Net)Red de Universidades con Carreras en Informática (RedUNCI

Anales del XIII Congreso Argentino de Ciencias de la Computación (CACIC)

Contenido: Arquitecturas de computadoras Sistemas embebidos Arquitecturas orientadas a servicios (SOA) Redes de comunicaciones Redes heterogéneas Redes de Avanzada Redes inalámbricas Redes móviles Redes activas Administración y monitoreo de redes y servicios Calidad de Servicio (QoS, SLAs) Seguridad informática y autenticación, privacidad Infraestructura para firma digital y certificados digitales Análisis y detección de vulnerabilidades Sistemas operativos Sistemas P2P Middleware Infraestructura para grid Servicios de integración (Web Services o .Net)Red de Universidades con Carreras en Informática (RedUNCI