Pervasive handheld computing systems

The technological role of handheld devices is fundamentally changing. Portable computers were traditionally application specific. They were designed and optimised to deliver a specific task. However, it is now commonly acknowledged that future handheld devices need to be multi-functional and need to be capable of executing a range of high-performance applications. This thesis has coined the term pervasive handheld computing systems to refer to this type of mobile device. Portable computers are faced with a number of constraints in trying to meet these objectives. They are physically constrained by their size, their computational power, their memory resources, their power usage, and their networking ability. These constraints challenge pervasive handheld computing systems in achieving their multi-functional and high-performance requirements. This thesis proposes a two-pronged methodology to enable pervasive handheld computing systems meet their future objectives. The methodology is a fusion of two independent and yet complementary concepts. The first step utilises reconfigurable technology to enhance the physical hardware resources within the environment of a handheld device. This approach recognises that reconfigurable computing has the potential to dynamically increase the system functionality and versatility of a handheld device without major loss in performance. The second step of the methodology incorporates agent-based middleware protocols to support handheld devices to effectively manage and utilise these reconfigurable hardware resources within their environment. The thesis asserts the combined characteristics of reconfigurable computing and agent technology can meet the objectives of pervasive handheld computing systems

Cooperative intrusion detection for the next generation carrier: ethernet

Tese de mestrado em Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2007Hoje em dia os elementos de rede (NEs) da camada 2 do modelo OSI, bridges ou switches, são componentes complexos, com centenas de milhares de linhas de código, que podem ser vulneráveis a ataques, permitindo até a execçuão remota de código. Este trabalho tem como objectivo a criação de um sistema para proteger infra-estruturas de rede Carrier Ethernet de ataques lançados por NEs maliciosos contra o protocolo de gestão de ligações, o Spanning Tree Protocol, e as sua variantes. Na tese é proposto que os NEs sejam equipados com um componente de detecção de intrusões. Cada um dos detectores utiliza um mecanismo da detecção de intrusões baseada em especificacão e inspecciona o comportamento dos outros NEs através da análise das mensagens recebidas. O comportamento correcto dos NEs é descrito tendo em conta a especificação normalizada do protocolo STP. Se existir um desvio entre um comportamento esperado e o actual, o NE é suspeito de ser malicioso. A especificação é estendida com anotações de padrões temporais, de modo a detectar desvios do protocolo por parte dos NEs localmente. Os resultados da detecção local nos NEs são enviados para os outros, para que todos possam correlacionar a informação da detecção, diagnosticar quais são os NEs maliciosos e logicamente removê-los da rede, desligando todas as portas a eles ligadas.Current OSI model layer 2 network elements (NEs, e.g., bridges, switches) are complex hardware and software boxes, often running an operating system, service and administration software, that can be vulnerable to attacks, including to remote code execution inside them. The purpose of this thesis is to present an architecture to protect the Carrier Ethernet network infrastructure from attacks performed by malicious NEs against the link management protocol, Spanning Tree Protocol, and its variations. This thesis proposes that NEs are equipped with an intrusion detection component. Each detector uses a specification-based intrusion detection mechanism in order to inspect the behaviour of other NEs through the analysis of the received messages. The correct behaviour of the NEs is crafted from the standard specification of the STP protocol. If there is a deviation between current and expected behaviour, then the NE is considered to be malicious. The specification is extended with temporal pattern annotations, in order to detect certain deviations from the protocol. The results of the local detection are then transmitted to the other NEs, in order to cooperatively establish a correlation between all the NEs, so that malicious NEs can be logically removed from the network (disconnecting the ports connected to them)

ENABLING IOT AUTHENTICATION, PRIVACY AND SECURITY VIA BLOCKCHAIN

Although low-power and Internet-connected gadgets and sensors are increasingly integrated into our lives, the optimal design of these systems remains an issue. In particular, authentication, privacy, security, and performance are critical success factors. Furthermore, with emerging research areas such as autonomous cars, advanced manufacturing, smart cities, and building, usage of the Internet of Things (IoT) devices is expected to skyrocket. A single compromised node can be turned into a malicious one that brings down whole systems or causes disasters in safety-critical applications. This dissertation addresses the critical problems of (i) device management, (ii) data management, and (iii) service management in IoT systems. In particular, we propose an integrated platform solution for IoT device authentication, data privacy, and service security via blockchain-based smart contracts. We ensure IoT device authentication by blockchain-based IC traceability system, from its fabrication to its end-of-life, allowing both the supplier and a potential customer to verify an IC’s provenance. Results show that our proposed consortium blockchain framework implementation in Hyperledger Fabric for IC traceability achieves a throughput of 35 transactions per second (tps). To corroborate the blockchain information, we authenticate the IC securely and uniquely with an embedded Physically Unclonable Function (PUF). For reliable Weak PUF-based authentication, our proposed accelerated aging technique reduces the cumulative burn-in cost by ∼ 56%. We also propose a blockchain-based solution to integrate the privacy of data generated from the IoT devices by giving users control of their privacy. The smart contract controlled trust-base ensures that the users have private access to their IoT devices and data. We then propose a remote configuration of IC features via smart contracts, where an IC can be programmed repeatedly and securely. This programmability will enable users to upgrade IC features or rent upgraded IC features for a fixed period after users have purchased the IC. We tailor the hardware to meet the blockchain performance. Our on-die hardware module design enforces the hardware configuration’s secure execution and uses only 2,844 slices in the Xilinx Zedboard Zynq Evaluation board. The blockchain framework facilitates decentralized IoT, where interacting devices are empowered to execute digital contracts autonomously

Wireless Communication Technologies for Safe Cooperative Cyber Physical Systems

Cooperative Cyber-Physical Systems (Co-CPSs) can be enabled using wireless communication technologies, which in principle should address reliability and safety challenges. Safety for Co-CPS enabled by wireless communication technologies is a crucial aspect and requires new dedicated design approaches. In this paper, we provide an overview of five Co-CPS use cases, as introduced in our SafeCOP EU project, and analyze their safety design requirements. Next, we provide a comprehensive analysis of the main existing wireless communication technologies giving details about the protocols developed within particular standardization bodies. We also investigate to what extent they address the non-functional requirements in terms of safety, security and real time, in the different application domains of each use case. Finally, we discuss general recommendations about the use of different wireless communication technologies showing their potentials in the selected real-world use cases. The discussion is provided under consideration in the 5G standardization process within 3GPP, whose current efforts are inline to current gaps in wireless communications protocols for Co-CPSs including many future use casesinfo:eu-repo/semantics/publishedVersio

Trust-based mechanisms for secure communication in cognitive radio networks

Cognitive radio (CR) technology was introduced to solve the problem of spectrum scarcity to support the growth of wireless communication. However, the inherent properties of CR technology make such networks more vulnerable to attacks. This thesis is an effort to develop a trust-based framework to ensure secure communication in CRN by authenticating trustworthy nodes to share spectrum securely and increasing system's availability and reliability by selecting the trustworthy key nodes in CRNs