Segurança e privacidade em terminologia de rede

Security and Privacy are now at the forefront of modern concerns, and drive a significant part of the debate on digital society. One particular aspect that holds significant bearing in these two topics is the naming of resources in the network, because it directly impacts how networks work, but also affects how security mechanisms are implemented and what are the privacy implications of metadata disclosure. This issue is further exacerbated by interoperability mechanisms that imply this information is increasingly available regardless of the intended scope. This work focuses on the implications of naming with regards to security and privacy in namespaces used in network protocols. In particular on the imple- mentation of solutions that provide additional security through naming policies or increase privacy. To achieve this, different techniques are used to either embed security information in existing namespaces or to minimise privacy ex- posure. The former allows bootstraping secure transport protocols on top of insecure discovery protocols, while the later introduces privacy policies as part of name assignment and resolution. The main vehicle for implementation of these solutions are general purpose protocols and services, however there is a strong parallel with ongoing re- search topics that leverage name resolution systems for interoperability such as the Internet of Things (IoT) and Information Centric Networks (ICN), where these approaches are also applicable.Segurança e Privacidade são dois topicos que marcam a agenda na discus- são sobre a sociedade digital. Um aspecto particularmente subtil nesta dis- cussão é a forma como atribuímos nomes a recursos na rede, uma escolha com consequências práticas no funcionamento dos diferentes protocols de rede, na forma como se implementam diferentes mecanismos de segurança e na privacidade das várias partes envolvidas. Este problema torna-se ainda mais significativo quando se considera que, para promover a interoperabili- dade entre diferentes redes, mecanismos autónomos tornam esta informação acessível em contextos que vão para lá do que era pretendido. Esta tese foca-se nas consequências de diferentes políticas de atribuição de nomes no contexto de diferentes protocols de rede, para efeitos de segurança e privacidade. Com base no estudo deste problema, são propostas soluções que, através de diferentes políticas de atribuição de nomes, permitem introdu- zir mecanismos de segurança adicionais ou mitigar problemas de privacidade em diferentes protocolos. Isto resulta na implementação de mecanismos de segurança sobre protocolos de descoberta inseguros, assim como na intro- dução de mecanismos de atribuiçao e resolução de nomes que se focam na protecçao da privacidade. O principal veículo para a implementação destas soluções é através de ser- viços e protocolos de rede de uso geral. No entanto, a aplicabilidade destas soluções extende-se também a outros tópicos de investigação que recorrem a mecanismos de resolução de nomes para implementar soluções de intero- perabilidade, nomedamente a Internet das Coisas (IoT) e redes centradas na informação (ICN).Programa Doutoral em Informátic

Is DNS Ready for Ubiquitous Internet of Things?

The vision of the Internet of Things (IoT) covers not only the well-regulated processes of specific applications in different areas but also includes ubiquitous connectivity of more generic objects (or things and devices) in the physical world and the related information in the virtual world. For example, a typical IoT application, such as a smart city, includes smarter urban transport networks, upgraded water supply, and waste-disposal facilities, along with more efficient ways to light and heat buildings. For smart city applications and others, we require unique naming of every object and a secure, scalable, and efficient name resolution which can provide access to any object\u27s inherent attributes with its name. Based on different motivations, many naming principles and name resolution schemes have been proposed. Some of them are based on the well-known domain name system (DNS), which is the most important infrastructure in the current Internet, while others are based on novel designing principles to evolve the Internet. Although the DNS is evolving in its functionality and performance, it was not originally designed for the IoT applications. Then, a fundamental question that arises is: can current DNS adequately provide the name service support for IoT in the future? To address this question, we analyze the strengths and challenges of DNS when it is used to support ubiquitous IoT. First, we analyze the requirements of the IoT name service by using five characteristics, namely security, mobility, infrastructure independence, localization, and efficiency, which we collectively refer to as SMILE. Then, we discuss the pros and cons of the DNS in satisfying SMILE in the context of the future evolution of the IoT environment

MARGOT: Dynamic IoT Resource Discovery for HADR Environments

Smart City services leverage sophisticated IT architectures whose assets are deployed in dynamic and heterogeneous computing and communication scenarios. Those services are particularly interesting for Humanitarian Assistance and Disaster Relief (HADR) operations in urban environments, which could improve Situation Awareness by exploiting the Smart City IT infrastructure. To this end, an enabling requirement is the discovery of the available Internet-of-Things (IoT) resources, including sensors, actuators, services, and computing resources, based on a variety of criteria, such as geographical location, proximity, type of device, type of capability, coverage, resource availability, and communication topology / quality of network links. To date, no single standard has emerged that has been widely adopted to solve the discovery challenge. Instead, a variety of different standards have been proposed and cities have either adopted one that is convenient or reinvented a new standard just for themselves. Therefore, enabling discovery across different standards and administrative domains is a fundamental requirement to enable HADR operations in Smart Cities. To address these challenges, we developed MARGOT (Multi-domain Asynchronous Gateway Of Things), a comprehensive solution for resource discovery in Smart City environments that implements a distributed and federated architecture and supports a wide range of discovery protocols

Informacijski servisni sustav za poljoprivredni IoT

Internet of Things (IoT) was faced with some difficulties which contained mass data management, various standards of object identification, data fusion of multiple sources, business data management and information service providing. In China, some safety monitoring systems of agricultural product always adopt centralized system architecture in which the data is stored concentratively. These systems could not be connected with or accessed by each other. This paper proposed an information system of agriculture Internet of Things based on distributed architecture. A distributed information service system based on IoT-Information Service, Object Naming Service, Discovery Service is designed to provide public information service including of capturing, standardizing, managing and querying of massive business data of agriculture production. A coding scheme for agricultural product, business location and logistic unit is provided for data identification. A business event model of agriculture IoT is presented for business data management. The whole system realizes the tracking and tracing of agricultural products, and quality monitoring of agriculture production. The implementation of this information service system is introduced.Internet stvari suočen je s poteškoćama poput upravljanja s velikom količinom podataka, različitim standardnima identifikacije objekata, fuzije podataka iz više izvora, upravljanja poslovnim podatcima i pružanje informacijskih usluga. Sigurnosno nadgledanje poljoprivrednih proizvoda u Kini uvijek podliježe centraliziranoj arhitekturi gdje su podatci koncentrirani na jednom mjestu. Takvi sustavi ne mogu biti povezani jedni s drugim te jedan drugome ne mogu pristupati. U ovome radu predložen je informacijski sustav za poljoprivredni internet stvari temeljen na distribuiranoj arhitekturi. Distribuirani informacijski servisni sustav baziran na IoT (Internet stvari), sustav za imenovanje objekata i sustav za otkrivanje omogućuju javni informacijski servis uključujući prikupljanje, standardizaciju, upravljanje i ispitivanje velikih količina podataka o poljoprivrednim proizvodima. Prikazana je shema kodiranja za poljopoprivredne proizvode, poslovne lokacije i logističke jedinice za identifikaciju podataka. Poslovni model doga.aja za poljoprivredni IoT je prezentiran za upravljanje poslovnim podatcima. Cjelokupni sustav omogućuje praćenje poljoprivrednih proizvoda te nadgledanje njihove kvalitete. Rad tako.er daje uvid u implementaciju informacijskog servisnog sustava

The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions

In recent years, the current Internet has experienced an unexpected paradigm shift in the usage model, which has pushed researchers towards the design of the Information-Centric Networking (ICN) paradigm as a possible replacement of the existing architecture. Even though both Academia and Industry have investigated the feasibility and effectiveness of ICN, achieving the complete replacement of the Internet Protocol (IP) is a challenging task. Some research groups have already addressed the coexistence by designing their own architectures, but none of those is the final solution to move towards the future Internet considering the unaltered state of the networking. To design such architecture, the research community needs now a comprehensive overview of the existing solutions that have so far addressed the coexistence. The purpose of this paper is to reach this goal by providing the first comprehensive survey and classification of the coexistence architectures according to their features (i.e., deployment approach, deployment scenarios, addressed coexistence requirements and architecture or technology used) and evaluation parameters (i.e., challenges emerging during the deployment and the runtime behaviour of an architecture). We believe that this paper will finally fill the gap required for moving towards the design of the final coexistence architecture.Comment: 23 pages, 16 figures, 3 table

CREATING SYNTHETIC ATTACKS WITH EVOLUTIONARY ALGORITHMS FOR INDUSTRIAL-CONTROL-SYSTEM SECURITY TESTING

Cybersecurity defenders can use honeypots (decoy systems) to capture and study adversarial activities. An issue with honeypots is obtaining enough data on rare attacks. To improve data collection, we created a tool that uses machine learning to generate plausible artificial attacks on two protocols, Hypertext Transfer Protocol (HTTP) and IEC 60870-5-104 (“IEC 104” for short, an industrial-control-system protocol). It uses evolutionary algorithms to create new variants of two cyberattacks: Log4j exploits (described in CVE-2021-44228 as severely critical) and the Industroyer2 malware (allegedly used in Russian attacks on Ukrainian power grids). Our synthetic attack generator (SAGO) effectively created synthetic attacks at success rates up to 70 and 40 percent for Log4j and IEC 104, respectively. We tested over 5,200 unique variations of Log4j exploits and 256 unique variations of the approach used by Industroyer2. Based on a power-grid honeypot’s response to these attacks, we identified changes to improve interactivity, which should entice intruders to mount more revealing attacks and aid defenders in hardening against new attack variants. This work provides a technique to proactively identify cybersecurity weaknesses in critical infrastructure and Department of Defense assets.Captain, United States Marine CorpsApproved for public release. Distribution is unlimited