Integrating secure mobile P2P systems and Wireless Sensor Networks

Aquesta tesi tracta de les diferents limitacions trobades a WSN per a habilitar-ne el desplegament en nous escenaris i facilitar la difusió de la informació obtinguda. A un nivell baix, ens centrem en el consum d'energia, mentre que, a un nivell més alt, ens focalitzem en la difusió i la seguretat de la informació. Reduïm el consum d'una mote individual en xarxes amb patrons de trànsit dinàmic mitjançant la definició d'una funció de planificació basada en el conegut controlador PID i allarguem la vida d'una WSN globalment distribuint equitativament el consum energètic de totes les motes, disminuint el nombre d'intervencions necessàries per a canviar bateries i el cost associat. Per tal d'afavorir la difusió de la informació provinent d'una WSN, hem proposat jxSensor, una capa d'integració entre les WSN i el conegut sistema P2P JXTA. Com que tractem informació sensible, hem proposat una capa d'anonimat a JXTA i un mecanisme d'autenticació lleuger per a la seva versió mòbil.Esta tesis trata las diferentes limitaciones encontradas en WSN para habilitar su despliegue en nuevos escenarios, así como facilitar la diseminación de la información obtenida. A bajo nivel, nos centramos en el consumo de energía, mientras que, a un nivel más alto, nos focalizamos en la diseminación y seguridad de la información. Reducimos el consumo de una mota individual en redes con patrones de tráfico dinámico mediante la definición de una función de planificación basada en el conocido controlador PID y alargamos la vida de una WSN globalmente distribuyendo equitativamente el consumo energético de todas las motas, disminuyendo el número de intervenciones requeridas para cambiar baterías y su coste asociado. Para favorecer la diseminación de la información procedente de una WSN hemos propuesto jxSensor, una capa de integración entre las WSN y el conocido sistema P2P JXTA. Como estamos tratando con información sensible, hemos propuesto una capa de anonimato en JXTA y un mecanismo de autenticación ligero para su versión móvil.This thesis addresses different limitations found in WSNs in order to enable their deployment in new scenarios as well as to make it easier to disseminate the gathered information. At a lower level, we concentrate on energy consumption while, at a higher level, we focus on the dissemination and security of information. The consumption of an individual mote in networks with dynamic traffic patterns is reduced by defining a scheduling function based on the well-known PID controller. Additionally, the life of a WSN is extended by equally distributing the consumption of all the motes, which reduces the number of interventions required to replace batteries as well as the associated cost. To help the dissemination of information coming from a WSN we have proposed jxSensor, which is an integration layer between WSNs and the well-known JXTA P2P system. As we are dealing with sensitive information, we have proposed an anonymity layer in JXTA and a light authentication method in its mobile version

Requirements for a Lightweight AKE for OSCORE: IETF Internet Draft

draft-ietf-lake-reqs-04This document compiles the requirements for a lightweight authenticated key exchange protocol for OSCORE. This draft has completed a working group last call (WGLC) in the LAKE working group. Post-WGLC, the requirements are considered sufficiently stable for the working group to proceed with its work. It is not currently planned to publish this draft as an RFC

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

Kommunikation und Bildverarbeitung in der Automation

In diesem Open-Access-Tagungsband sind die besten Beiträge des 9. Jahreskolloquiums "Kommunikation in der Automation" (KommA 2018) und des 6. Jahreskolloquiums "Bildverarbeitung in der Automation" (BVAu 2018) enthalten. Die Kolloquien fanden am 20. und 21. November 2018 in der SmartFactoryOWL, einer gemeinsamen Einrichtung des Fraunhofer IOSB-INA und der Technischen Hochschule Ostwestfalen-Lippe statt. Die vorgestellten neuesten Forschungsergebnisse auf den Gebieten der industriellen Kommunikationstechnik und Bildverarbeitung erweitern den aktuellen Stand der Forschung und Technik. Die in den Beiträgen enthaltenen anschaulichen Beispiele aus dem Bereich der Automation setzen die Ergebnisse in den direkten Anwendungsbezug

Vulnerabilities of the 6P protocol for the Industrial Internet of Things: Impact analysis and mitigation

The 6TiSCH architecture defined by the IETF provides a standard solution for extending the Internet of Things (IoT) paradigm to industrial applications with stringent reliability and timeliness requirements. In this context, communication security is another crucial requirement, which is currently less investigated in the literature. In this article, we present a deep assessment of the security vulnerabilities of 6P, the protocol used for resource negotiation at the core of the 6TiSCH architecture. Specifically, we highlight two possible attacks against 6P, namely the Traffic Dispersion and the Overloading attacks. These two attacks effectively and stealthy alter the communication schedule of victim nodes and severely thwart network basic functionalities and efficiency, by specifically impacting network availability and energy consumption of victim nodes. To assess the impact of the attacks two analytical models have been defined, while, to demonstrate their feasibility, they have been implemented in Contiki-NG. The implementation has been used to quantitatively evaluate the impact of the two attacks by both simulations and measurements in a real testbed. Our results show that the impact of both attacks may be very significant. The impact, however, strongly depends on the position of the victim node(s) in the network and it is highly influenced by the dynamics of the routing protocol. We have investigated mitigation strategies to alleviate this impact and proposed an extended version of the Minimal Scheduling Function (MSF), i.e., the reference scheduling algorithm for 6TiSCH. This allows network nodes to early detect anomalies in their schedules possibly due to an Overloading attack, and thus curb the attack impact by appropriately revising their schedule

Energy aware optimization for low power radio technologies

The explosive growth of IoT is pushing the market towards cheap, very low power devices with a strong focus on miniaturization, for applications such as in-body sensors, personal health monitoring and microrobots. Proposing procedures for energy efficiency in IoT is a difficult task, as it is a rapidly growing market comprised of many and very diverse product categories using technologies that are not stable, evolving at a high pace. The research in this field proposes solutions that go from physical layer optimization up to the network layer, and the sensor network designer has to select the techniques that are best for its application specific architecture and radio technology used. This work is focused on exploring new techniques for enhancing the energy efficiency and user experience of IoT networks. We divide the proposed techniques in frame and chip level optimization techniques, respectively. While the frame level techniques are meant to improve the performance of existing radio technologies, the chip level techniques aim at replacing them with crystal-free architectures. The identified frame level techniques are the use of preamble authentication and packet fragmentation, advisable for Low Power Wide Area Networks (LPWANs), a technology that offers the lowest energy consumption per provided service, but is vulnerable in front of energy exhaustion attacks and does not perform well in dense networks. The use of authenticated preambles between the sensors and gateways becomes a defence mechanism against the battery draining intended by attackers. We show experimentally that this approach is able to reduce with 91% the effect of an exhaustion attack, increasing the device's lifetime from less than 0.24 years to 2.6 years. The experiments were conducted using Loadsensing sensor nodes, commercially used for critical infrastructure control and monitoring. Even if exemplified on LoRaWAN, the use of preamble authentication is extensible to any wireless protocol. The use of packet fragmentation despite the packet fits the frame, is shown to reduce the probability of collisions while the number of users in the duty-cycle restricted network increases. Using custom-made Matlab simulations, important goodput improvement was obtained with fragmentation, with higher impact in slower and denser networks. Using NS3 simulations, we showed that combining packet fragmentation with group NACK can increase the network reliability, while reducing the energy consumed for retransmissions, at the cost of adding small headers to each fragment. It is a strategy that proves to be effective in dense duty-cycle restricted networks only, where the headers overhead is negligible compared to the network traffic. As a chip level technique, we consider using radios for communication that do not use external frequency references such as crystal oscillators. This would enable having all sensor's elements on a single piece of silicon, rendering it even ten times more energy efficient due to the compactness of the chip. The immediate consequence is the loss of communication accuracy and ability to easily switch communication channels. In this sense, we propose a sequence of frequency synchronization algorithms and phases that have to be respected by a crystal-free device so that it can be able to join a network by finding the beacon channel, synthesize all communication channels and then maintain their accuracy against temperature change. The proposed algorithms need no additional network overhead, as they are using the existing network signaling. The evaluation is made in simulations and experimentally on a prototype implementation of an IEEE802.15.4 crystal-free radio. While in simulations we are able to change to another communication channel with very good frequency accuracy, the results obtained experimentally show an initial accuracy slightly above 40ppm, which will be later corrected by the chip to be below 40 ppm.El crecimiento significativo de la IoT está empujando al mercado hacia el desarrollo de dispositivos de bajo coste, de muy bajo consumo energético y con un fuerte enfoque en la miniaturización, para aplicaciones que requieran sensores corporales, monitoreo de salud personal y micro-robots. La investigación en el campo de la eficiencia energética en la IoT propone soluciones que van desde la optimización de la capa física hasta la capa de red. Este trabajo se centra en explorar nuevas técnicas para mejorar la eficiencia energética y la experiencia del usuario de las redes IoT. Dividimos las técnicas propuestas en técnicas de optimización de nivel de trama de red y chip, respectivamente. Si bien las técnicas de nivel de trama están destinadas a mejorar el rendimiento de las tecnologías de radio existentes, las técnicas de nivel de chip tienen como objetivo reemplazarlas por arquitecturas que no requieren de cristales. Las técnicas de nivel de trama desarrolladas en este trabajo son el uso de autenticación de preámbulos y fragmentación de paquetes, aconsejables para redes LPWAN, una tecnología que ofrece un menor consumo de energía por servicio prestado, pero es vulnerable frente a los ataques de agotamiento de energía y no escalan frente la densificación. El uso de preámbulos autenticados entre los sensores y las pasarelas de enlace se convierte en un mecanismo de defensa contra el agotamiento del batería previsto por los atacantes. Demostramos experimentalmente que este enfoque puede reducir con un 91% el efecto de un ataque de agotamiento, aumentando la vida útil del dispositivo de menos de 0.24 años a 2.6 años. Los experimentos se llevaron a cabo utilizando nodos sensores de detección de carga, utilizados comercialmente para el control y monitoreo de infrastructura crítica. Aunque la técnica se ejemplifica en el estándar LoRaWAN, el uso de autenticación de preámbulo es extensible a cualquier protocolo inalámbrico. En esta tesis se muestra también que el uso de la fragmentación de paquetes a pesar de que el paquete se ajuste a la trama, reduce la probabilidad de colisiones mientras aumenta el número de usuarios en una red con restricciones de ciclos de transmisión. Mediante el uso de simulaciones en Matlab, se obtiene una mejora importante en el rendimiento de la red con la fragmentación, con un mayor impacto en redes más lentas y densas. Usando simulaciones NS3, demostramos que combinar la fragmentación de paquetes con el NACK en grupo se puede aumentar la confiabilidad de la red, al tiempo que se reduce la energía consumida para las retransmisiones, a costa de agregar pequeños encabezados a cada fragmento. Como técnica de nivel de chip, consideramos el uso de radios para la comunicación que no usan referencias de frecuencia externas como los osciladores basados en un cristal. Esto permitiría tener todos los elementos del sensor en una sola pieza de silicio, lo que lo hace incluso diez veces más eficiente energéticamente debido a la integración del chip. La consecuencia inmediata, en el uso de osciladores digitales en vez de cristales, es la pérdida de precisión de la comunicación y la capacidad de cambiar fácilmente los canales de comunicación. En este sentido, proponemos una secuencia de algoritmos y fases de sincronización de frecuencia que deben ser respetados por un dispositivo sin cristales para que pueda unirse a una red al encontrar el canal de baliza, sintetizar todos los canales de comunicación y luego mantener su precisión contra el cambio de temperatura. Los algoritmos propuestos no necesitan una sobrecarga de red adicional, ya que están utilizando la señalización de red existente. La evaluación se realiza en simulaciones y experimentalmente en una implementación prototipo de una radio sin cristal IEEE802.15.4. Los resultados obtenidos experimentalmente muestran una precisión inicial ligeramente superior a 40 ppm, que luego será corregida por el chip para que sea inferior a 40 ppm.Postprint (published version

Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures

Wireless Sensor Networks (WSNs) constitute one of the most promising third-millennium technologies and have wide range of applications in our surrounding environment. The reason behind the vast adoption of WSNs in various applications is that they have tremendously appealing features, e.g., low production cost, low installation cost, unattended network operation, autonomous and longtime operation. WSNs have started to merge with the Internet of Things (IoT) through the introduction of Internet access capability in sensor nodes and sensing ability in Internet-connected devices. Thereby, the IoT is providing access to huge amount of data, collected by the WSNs, over the Internet. Hence, the security of IoT should start with foremost securing WSNs ahead of the other components. However, owing to the absence of a physical line-of-defense, i.e., there is no dedicated infrastructure such as gateways to watch and observe the flowing information in the network, security of WSNs along with IoT is of a big concern to the scientific community. More specifically, for the application areas in which CIA (confidentiality, integrity, availability) has prime importance, WSNs and emerging IoT technology might constitute an open avenue for the attackers. Besides, recent integration and collaboration of WSNs with IoT will open new challenges and problems in terms of security. Hence, this would be a nightmare for the individuals using these systems as well as the security administrators who are managing those networks. Therefore, a detailed review of security attacks towards WSNs and IoT, along with the techniques for prevention, detection, and mitigation of those attacks are provided in this paper. In this text, attacks are categorized and treated into mainly two parts, most or all types of attacks towards WSNs and IoT are investigated under that umbrella: “Passive Attacks” and “Active Attacks”. Understanding these attacks and their associated defense mechanisms will help paving a secure path towards the proliferation and public acceptance of IoT technology