497 research outputs found
Implementation of network moving target defense in embedded systems
Moving target defense provides opportunities for adaptive defense in embedded systems. A great deal of work has been done on incorporating moving target defense techniques into enterprise systems to increase the cost to attackers and level the playing field. A smaller body of work focuses on implementing these techniques in embedded systems, which can greatly benefit from adaptive self-defense techniques. This work implements a network shuffling proof of concept in the Zephyr real time operating system to tackle the challenge of incorporating shuffling techniques into embedded systems. A host-centric, high security implementation is provided which maximizes attacker uncertainty and minimizes the impact of host compromise. Identifiers are utilized at the datalink, network, and transport layers and rotated per connection using keys shared between host pairs.Existing shuffling schemes are explored, including those targeted to IoT contexts. Existing limitations in protecting embedded systems are considered along with the presented by moving target defense. The design details and implementation of incorporating a moving target defense module to in the Zephyr networking stack is provided. The protection provided by the scheme is evaluated and it is compared to existing address shuffling schemes. Future work in better handling data forwarding and collisions in the proof of concept scheme are considered. Options for adapting and building on the scheme to meet the needs of system designers are explored. This work provides system designers with insights into implementing address shuffling in embedded systems
The world of IoT
This book describes the world of Internet of things (IoT). Main technologies involved in the use of IoT are introduced. Moreover, IoT devices and platforms are also described in this module. Finally, a list of real IoT applications is shown for several typical IoT fields.Peer ReviewedPostprint (published version
On Communication Privacy in the Internet of Things
We tackle the problem of privacy breaching in IPv6 Low power Wireless Personal Area Networks (6LoWPAN)-based Internet of Things (IoT) networks where an attacker may be able to
identify the communicating entities.
We propose three contributions which are: (i) survey: we thoroughly expose the prime focus of
the existing solutions on communication identifiers privacy in 6LoWPANs, clarifying the important information about: at which layer the solutions operate, based on which protocol, against
which attack, for which application, based on simulations or real prototypes, which sensitive
information or communication identifiers are protected, which Privacy-Preserving Technique
(PPT) is used, and how long is the duration of the protection against privacy attacks. (ii) uOTA:
based on the One Time Address (OTA) approach proposed for the traditional Internet, with a
focus on low complexity, memory footprint, and energy consumption, uOTA uses just one IPv6
address to send or to receive one packet. (iii) ACFI which is based on: (1) anonymizing both IP
and MAC addresses, as well as port number at the source host, using a random pseudonyming
scheme, and (2) anonymizing the IP address and port number of the destination host, using a
Tor-like network. We analysed the effect of the Tor entry node location on the performance of
our solution in three different scenarios: the Tor entry node is located (a) inside the 6LoWPAN,
(b) at the 6LBR gateway, or (c) completely outside the 6LoWPAN.
Using Cooja simulator, we showed that our solutions (uOTA and ACFI) outperformed stateof-the-art solutions by making it more difficult to identify communication flows by improving
the anonymity and unlinkability of the communicating entities without significantly affecting
energy consumption, communication delay, and network bandwidth
Features, operation principle and limits of SPI and I2C communication protocols for smart objects: a novel SPI-based hybrid protocol especially suitable for IoT applications
The Internet of Things (IoT) is an expression, sometimes abused by companies given the absence of an unambiguous meaning, that indicates the upcoming evolution of Internet as it has been known so far. In fact, all objects will have network capabilities which will be exploited to overcome, in certain situations, human intervention. Thanks to the direct cooperation of new class of devices, aware of their operating scenario and interconnected in subnetworks, our life style will be strongly enhanced and simplified. IoT, however, is not yet the “El Dorado” of technology, capable of revolutionizing everyday life: some aspects and open issues have to be carefully
analyzed. The huge complexity of this new technology forces companies to select a specific research field: for this reason, they focus only on some features that an IoT device should have to guarantee fulfillment of requirements. In this context, this research work concerns an analysis of features, operation principle and limits of SPI and I2C communication protocols followed by the proposal of
a new hybrid protocol suited for embedded systems, named FlexSPI, thought as an evolution of the classic SPI. Thanks to a robust software architecture, it is able to provide many features that can be used by smart objects to enhance their capabilities. In this way, sensors and actuators or, more in general, subsystems, can quickly exchange data and efficiently react to malfunctioning; moreover,
number of devices on bus can be safely increased even while smart object is performing operations
Internet Predictions
More than a dozen leading experts give their opinions on where the Internet is headed and where it will be in the next decade in terms of technology, policy, and applications. They cover topics ranging from the Internet of Things to climate change to the digital storage of the future. A summary of the articles is available in the Web extras section
Routing and Mobility on IPv6 over LoWPAN
The IoT means a world-wide network of interconnected objects based on standard communication
protocols. An object in this context is a quotidian physical device augmented with
sensing/actuating, processing, storing and communication capabilities. These objects must be
able to interact with the surrounding environment where they are placed and to cooperate with
neighbouring objects in order to accomplish a common objective. The IoT objects have also the
capabilities of converting the sensed data into automated instructions and communicating them
to other objects through the communication networks, avoiding the human intervention in several
tasks. Most of IoT deployments are based on small devices with restricted computational
resources and energy constraints. For this reason, initially the scientific community did not
consider the use of IP protocol suite in this scenarios because there was the perception that it
was too heavy to the available resources on such devices. Meanwhile, the scientific community
and the industry started to rethink about the use of IP protocol suite in all IoT devices and now
it is considered as the solution to provide connectivity between the IoT devices, independently
of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite
protocol in all devices and the amount of solutions proposed, many open issues remain unsolved
in order to reach a seamless integration between the IoT and the Internet and to provide the
conditions to IoT service widespread. This thesis addressed the challenges associated with the
interconnectivity between the Internet and the IoT devices and with the security aspects of
the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how
to provide valuable information to the Internet connected devices, independently of the supported
IP protocol version, without being necessary accessed directly to the IoT nodes. In order
to solve this problem, solutions based on Representational state transfer (REST) web services
and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web
service and the transition mechanism runs only at the border router without penalizing the IoT
constrained devices. The mitigation of the effects of internal and external security attacks
minimizing the overhead imposed on the IoT devices is the security challenge addressed in this
thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely
initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to
manage traditional firewalls. It is based on filtering at the border router the traffic received
from the Internet and destined to the IoT network according to the conditions announced by
each IoT device. The second is a network access security framework that can be used to control
the nodes that have access to the network, based on administrative approval, and to enforce
security compliance to the authorized nodes. The third is a network admission control framework
that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with
the Internet, which drastically reduces the number of possible security attacks. The network
admission control was also exploited as a management mechanism as it can be used to manage
the network size in terms of number of nodes, making the network more manageable, increasing
its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como
da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos
que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede
global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos
standard. Neste contexto, um objeto é um objeto físico do dia a dia ao qual foi adicionada a
capacidade de medir e de atuar sobre variáveis físicas, de processar e armazenar dados e de
comunicar. Estes objetos têm a capacidade de interagir com o meio ambiente envolvente e de
cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos
também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros
objetos através da rede de comunicações, evitando desta forma a intervenção humana em
diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos
dispositivos autónomos com restrições ao nível dos recursos computacionais e de retenção de
energia. Por esta razão, inicialmente a comunidade científica não considerou adequado o uso
da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito
pesada para os recursos computacionais disponíveis. Entretanto, a comunidade científica e a
indústria retomaram a discussão acerca dos benefícios do uso da pilha protocolar em todos os
dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre
os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar à
Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de
soluções propostas, são vários os problemas por resolver no que concerne à integração contínua
e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste
tipo de tecnologias.
Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de
segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer
informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo
IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram
propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição
IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são
suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne
à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos
iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um
mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e
que evita o uso de mecanismos de firewalls ineficientes e de gestão complexa. Este mecanismo
filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo
com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução,
é uma framework de network admission control que controla quais os dispositivos que podem
aceder à rede com base na autorização administrativa e que aplica políticas de conformidade
relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network
admission control para redes 6LoWPAN que evita que dispositivos não autorizados comuniquem
com outros dispositivos legítimos e com a Internet o que reduz drasticamente o número de
ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma
vez que pode ser utilizado a dimensão da rede quanto ao número de dispositivos, tornando-a
mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida
- …