92 research outputs found

    Efficient Security Protocols for Constrained Devices

    Get PDF
    During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it

    An Internet of Things (IoT) based wide-area Wireless Sensor Network (WSN) platform with mobility support.

    Get PDF
    Wide-area remote monitoring applications use cellular networks or satellite links to transfer sensor data to the central storage. Remote monitoring applications uses Wireless Sensor Networks (WSNs) to accommodate more Sensor Nodes (SNs) and for better management. Internet of Things (IoT) network connects the WSN with the data storage and other application specific services using the existing internet infrastructure. Both cellular networks, such as the Narrow-Band IoT (NB-IoT), and satellite links will not be suitable for point-to-point connections of the SNs due to their lack of coverage, high cost, and energy requirement. Low Power Wireless Area Network (LPWAN) is used to interconnect all the SNs and accumulate the data to a single point, called Gateway, before sending it to the IoT network. WSN implements clustering of the SNs to increase the network coverage and utilizes multiple wireless links between the repeater nodes (called hops) to reach the gateway at a longer distance. Clustered WSN can cover up to a few km using the LPWAN technologies such as Zigbee using multiple hops. Each Zigbee link can be from 200 m to 500 m long. Other LPWAN technologies, such as LoRa, can facilitate an extended range from 1km to 15km. However, the LoRa will not be suitable for the clustered WSN due to its long Time on Air (TOA) which will introduce data transmission delay and become severe with the increase of hop count. Besides, a sensor node will need to increase the antenna height to achieve the long-range benefit of Lora using a single link (hop) instead of using multiple hops to cover the same range. With the increased WSN coverage area, remote monitoring applications such as smart farming may require mobile sensor nodes. This research focuses on the challenges to overcome LoRa’s limitations (long TOA and antenna height) and accommodation of mobility in a high-density and wide-area WSN for future remote monitoring applications. Hence, this research proposes lightweight communication protocols and networking algorithms using LoRa to achieve mobility, energy efficiency and wider coverage of up to a few hundred km for the WSN. This thesis is divided into four parts. It presents two data transmission protocols for LoRa to achieve a higher data rate and wider network coverage, one networking algorithm for wide-area WSN and a channel synchronization algorithm to improve the data rate of LoRa links. Part one presents a lightweight data transmission protocol for LoRa using a mobile data accumulator (called data sink) to increase the monitoring coverage area and data transmission energy efficiency. The proposed Lightweight Dynamic Auto Reconfigurable Protocol (LDAP) utilizes direct or single hop to transmit data from the SNs using one of them as the repeater node. Wide-area remote monitoring applications such as Water Quality Monitoring (WQM) can acquire data from geographically distributed water resources using LDAP, and a mobile Data Sink (DS) mounted on an Unmanned Aerial Vehicle (UAV). The proposed LDAP can acquire data from a minimum of 147 SNs covering 128 km in one direction reducing the DS requirement down to 5% comparing other WSNs using Zigbee for the same coverage area with static DS. Applications like smart farming and environmental monitoring may require mobile sensor nodes (SN) and data sinks (DS). The WSNs for these applications will require real-time network management algorithms and routing protocols for the dynamic WSN with mobility that is not feasible using static WSN technologies. This part proposes a lightweight clustering algorithm for the dynamic WSN (with mobility) utilizing the proposed LDAP to form clusters in real-time during the data accumulation by the mobile DS. The proposed Lightweight Dynamic Clustering Algorithm (LDCA) can form real-time clusters consisting of mobile or stationary SNs using mobile DS or static GW. WSN using LoRa and LDCA increases network capacity and coverage area reducing the required number of DS. It also reduces clustering energy to 33% and shows clustering efficiency of up to 98% for single-hop clustering covering 100 SNs. LoRa is not suitable for a clustered WSN with multiple hops due to its long TOA, depending on the LoRa link configurations (bandwidth and spreading factor). This research proposes a channel synchronization algorithm to improve the data rate of the LoRa link by combining multiple LoRa radio channels in a single logical channel. This increased data rate will enhance the capacity of the clusters in the WSN supporting faster clustering with mobile sensor nodes and data sink. Along with the LDCA, the proposed Lightweight Synchronization Algorithm for Quasi-orthogonal LoRa channels (LSAQ) facilitating multi-hop data transfer increases WSN capacity and coverage area. This research investigates quasi-orthogonality features of LoRa in terms of radio channel frequency, spreading factor (SF) and bandwidth. It derived mathematical models to obtain the optimal LoRa parameters for parallel data transmission using multiple SFs and developed a synchronization algorithm for LSAQ. The proposed LSAQ achieves up to a 46% improvement in network capacity and 58% in data rate compared with the WSN using the traditional LoRa Medium Access Control (MAC) layer protocols. Besides the high-density clustered WSN, remote monitoring applications like plant phenotyping may require transferring image or high-volume data using LoRa links. Wireless data transmission protocols used for high-volume data transmission using the link with a low data rate (like LoRa) requiring multiple packets create a significant amount of packet overload. Besides, the reliability of these data transmission protocols is highly dependent on acknowledgement (ACK) messages creating extra load on overall data transmission and hence reducing the application-specific effective data rate (goodput). This research proposes an application layer protocol to improve the goodput while transferring an image or sequential data over the LoRa links in the WSN. It uses dynamic acknowledgement (DACK) protocol for the LoRa physical layer to reduce the ACK message overhead. DACK uses end-of-transmission ACK messaging and transmits multiple packets as a block. It retransmits missing packets after receiving the ACK message at the end of multiple blocks. The goodput depends on the block size and the number of lossy packets that need to be retransmitted. It shows that the DACK LoRa can reduce the total ACK time 10 to 30 times comparing stop-wait protocol and ten times comparing multi-packet ACK protocol. The focused wide-area WSN and mobility requires different matrices to be evaluated. The performance evaluation matrices used for the static WSN do not consider the mobility and the related parameters, such as clustering efficiency in the network and hence cannot evaluate the performance of the proposed wide-area WSN platform supporting mobility. Therefore, new, and modified performance matrices are proposed to measure dynamic performance. It can measure the real-time clustering performance using the mobile data sink and sensor nodes, the cluster size, the coverage area of the WSN and more. All required hardware and software design, dimensioning, and performance evaluation models are also presented

    An Evidence-based Roadmap for IoT Software Systems Engineering

    Full text link
    Context: The Internet of Things (IoT) has brought expectations for software inclusion in everyday objects. However, it has challenges and requires multidisciplinary technical knowledge involving different areas that should be combined to enable IoT software systems engineering. Goal: To present an evidence-based roadmap for IoT development to support developers in specifying, designing, and implementing IoT systems. Method: An iterative approach based on experimental studies to acquire evidence to define the IoT Roadmap. Next, the Systems Engineering Body of Knowledge life cycle was used to organize the roadmap and set temporal dimensions for IoT software systems engineering. Results: The studies revealed seven IoT Facets influencing IoT development. The IoT Roadmap comprises 117 items organized into 29 categories representing different concerns for each Facet. In addition, an experimental study was conducted observing a real case of a healthcare IoT project, indicating the roadmap applicability. Conclusions: The IoT Roadmap can be a feasible instrument to assist IoT software systems engineering because it can (a) support researchers and practitioners in understanding and characterizing the IoT and (b) provide a checklist to identify the applicable recommendations for engineering IoT software systems

    Optimized Monitoring and Detection of Internet of Things resources-constraints Cyber Attacks

    Get PDF
    This research takes place in the context of the optimized monitoring and detec- tion of Internet of Things (IoT) resource-constraints attacks. Meanwhile, the In- ternet of Everything (IoE) concept is presented as a wider extension of IoT. How- ever, the IoE realization meets critical challenges, including the limited network coverage and the limited resources of existing network technologies and smart devices. The IoT represents a network of embedded devices that are uniquely identifiable and have embedded software required to communicate between the transient states. The IoT enables a connection between billions of sensors, actu- ators, and even human beings to the Internet, creating a wide range of services, some of which are mission-critical. However, IoT networks are faulty; things are resource-constrained in terms of energy and computational capabilities. For IoT systems performing a critical mission, it is crucial to ensure connectivity, availability, and device reliability, which requires proactive device state moni- toring. This dissertation presents an approach to optimize the monitoring and detection of resource-constraints attacks in IoT and IoE smart devices. First, it has been shown that smart devices suffer from resource-constraints problems; therefore, using lightweight algorithms to detect and mitigate the resource-constraints at- tack is essential. Practical analysis and monitoring of smart device resources’ are included and discussed to understand the behaviour of the devices before and after attacking real smart devices. These analyses are straightforwardly extended for building lightweight detection and mitigation techniques against energy and memory attacks. Detection of energy consumption attacks based on monitoring the package reception rate of smart devices is proposed to de- tect energy attacks in smart devices effectively. The proposed lightweight algo- rithm efficiently detects energy attacks for different protocols, e.g., TCP, UDP, and MQTT. Moreover, analyzing memory usage attacks is also considered in this thesis. Therefore, another lightweight algorithm is also built to detect the memory-usage attack once it appears and stops. This algorithm considers mon- itoring the memory usage of the smart devices when the smart devices are Idle, Active, and Under attack. Based on the presented methods and monitoring analysis, the problem of resource-constraint attacks in IoT systems is systemat- ically eliminated by parameterizing the lightweight algorithms to adapt to the resource-constraint problems of the smart devices

    DIPSAUCE: Efficient Private Stream Aggregation Without Trusted Parties

    Get PDF
    Private Stream Aggregation (PSA) schemes are efficient protocols for distributed data analytics. In a PSA scheme, a set of data producers can encrypt data for a central party so that it learns the sum of all (encrypted) values, but nothing about each individual value. Due to this ability to efficiently enable central data analytics without leaking individual user data, PSA schemes are often used for IoT data analytics scenarios where privacy is important, such as smart metering. However, all known PSA schemes require a trusted party for key generation, which is undesirable from a privacy standpoint. Further, even though the main benefit of PSA schemes over alternative technologies such as Functional Encryption is that they are efficient enough to run on IoT devices, there exists no evaluation of the efficiency of existing PSA schemes on realistic IoT devices. In this paper, we address both these issues. We first evaluate the efficiency of the state of the art PSA schemes on realistic IoT devices. We then propose, implement and evaluate a DIstributed setup PSA scheme for Use in Constrained Environments (DIPSAUCE). DIPSAUCE is the first PSA scheme that does not rely on a trusted party. Our security and efficiency evaluation shows that it is indeed possible to construct an efficient PSA scheme without a trusted central party. Surprisingly, our results also show that, a side effect, our method for distributing the setup procedure also makes the encryption procedure more efficient than the state of the art PSA schemes which rely on trusted parties

    Integration of ICN and MEC in 5G and beyond networks : mutual benefits, use cases, challenges, standardization, and future research

    Get PDF
    Multi-access Edge Computing (MEC) is a novel edge computing paradigm that moves cloudbased processing and storage capabilities closer to mobile users by implementing server resources in the access nodes. MEC helps fulfill the stringent requirements of 5G and beyond networks to offer anytimeanywhere connectivity for many devices with ultra-low delay and huge bandwidths. Information-Centric Networking (ICN) is another prominent network technology that builds on a content-centric network architecture to overcome host-centric routing/operation shortcomings and to realize efficient pervasive and ubiquitous networking. It is envisaged to be employed in Future Internet including Beyond 5G (B5G) networks. The consolidation of ICN with MEC technology offers new opportunities to realize that vision and serve advanced use cases. However, various integration challenges are yet to be addressed to enable the wide-scale co-deployment of ICN with MEC in future networks. In this paper, we discuss and elaborate on ICN MEC integration to provide a comprehensive survey with a forward-looking perspective for B5G networks. In that regard, we deduce lessons learned from related works (for both 5G and B5G networks). We present ongoing standardization activities to highlight practical implications of such efforts. Moreover, we render key B5G use cases and highlight the role for ICN MEC integration for addressing their requirements. Finally, we layout research challenges and identify potential research directions. For this last contribution, we also provide a mapping of the latter to ICN integration challenges and use cases

    Contributions to Securing Software Updates in IoT

    Get PDF
    The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate

    Deep Learning and parallelization of Meta-heuristic Methods for IoT Cloud

    Get PDF
    Healthcare 4.0 is one of the Fourth Industrial Revolution’s outcomes that make a big revolution in the medical field. Healthcare 4.0 came with more facilities advantages that improved the average life expectancy and reduced population mortality. This paradigm depends on intelligent medical devices (wearable devices, sensors), which are supposed to generate a massive amount of data that need to be analyzed and treated with appropriate data-driven algorithms powered by Artificial Intelligence such as machine learning and deep learning (DL). However, one of the most significant limits of DL techniques is the long time required for the training process. Meanwhile, the realtime application of DL techniques, especially in sensitive domains such as healthcare, is still an open question that needs to be treated. On the other hand, meta-heuristic achieved good results in optimizing machine learning models. The Internet of Things (IoT) integrates billions of smart devices that can communicate with one another with minimal human intervention. IoT technologies are crucial in enhancing several real-life smart applications that can improve life quality. Cloud Computing has emerged as a key enabler for IoT applications because it provides scalable and on-demand, anytime, anywhere access to the computing resources. In this thesis, we are interested in improving the efficacity and performance of Computer-aided diagnosis systems in the medical field by decreasing the complexity of the model and increasing the quality of data. To accomplish this, three contributions have been proposed. First, we proposed a computer aid diagnosis system for neonatal seizures detection using metaheuristics and convolutional neural network (CNN) model to enhance the system’s performance by optimizing the CNN model. Secondly, we focused our interest on the covid-19 pandemic and proposed a computer-aided diagnosis system for its detection. In this contribution, we investigate Marine Predator Algorithm to optimize the configuration of the CNN model that will improve the system’s performance. In the third contribution, we aimed to improve the performance of the computer aid diagnosis system for covid-19. This contribution aims to discover the power of optimizing the data using different AI methods such as Principal Component Analysis (PCA), Discrete wavelet transform (DWT), and Teager Kaiser Energy Operator (TKEO). The proposed methods and the obtained results were validated with comparative studies using benchmark and public medical data
    • …
    corecore