A sensor node soC architecture for extremely autonomous wireless sensor networks

Tese de Doutoramento em Engenharia Eletrónica e de Computadores (PDEEC) (especialidade em Informática Industrial e Sistemas Embebidos)The Internet of Things (IoT) is revolutionizing the Internet of the future and the way new smart objects and people are being connected into the world. Its pervasive computing and communication technologies connect myriads of smart devices, presented at our everyday things and surrounding objects. Big players in the industry forecast, by 2020, around 50 billion of smart devices connected in a multitude of scenarios and heterogeneous applications, sharing data over a true worldwide network. This will represent a trillion dollar market that everyone wants to take a share. In a world where everything is being connected, device security and device interoperability are a paramount. From the sensor to the cloud, this triggers several technological issues towards connectivity, interoperability and security requirements on IoT devices. However, fulfilling such requirements is not straightforward. While the connectivity exposes the device to the Internet, which also raises several security issues, deploying a standardized communication stack on the endpoint device in the network edge, highly increases the data exchanged over the network. Moreover, handling such ever-growing amount of data on resource-constrained devices, truly affects the performance and the energy consumption. Addressing such issues requires new technological and architectural approaches to help find solutions to leverage an accelerated, secure and energy-aware IoT end-device communication. Throughout this thesis, the developed artifacts triggered the achievement of important findings that demonstrate: (1) how heterogeneous architectures are nowadays a perfect solution to deploy endpoint devices in scenarios where not only (heavy processing) application-specific operations are required, but also network-related capabilities are major concerns; (2) how accelerating network-related tasks result in a more efficient device resources utilization, which combining better performance and increased availability, contributed to an improved overall energy utilization; (3) how device and data security can benefit from modern heterogeneous architectures that rely on secure hardware platforms, which are also able to provide security-related acceleration hardware; (4) how a domain-specific language eases the co-design and customization of a secure and accelerated IoT endpoint device at the network edge.Internet of Things (IoT) é o conceito que está a revolucionar a Internet do futuro e a forma como coisas, processos e pessoas se conectam e se relacionam numa infraestrutura de rede global que interligará, num futuro próximo, um vasto número de dispositivos inteligentes e de utilização diária. Com uma grande aposta no mercado IoT por parte dos grandes líderes na industria, algumas visões otimistas preveem para 2020 mais de 50 mil milhões de dispositivos ligados na periferia da rede, partilhando grandes volumes de dados importantes através da Internet, representando um mercado multimilionário com imensas oportunidades de negócio. Num mundo interligado de dispositivos, a interoperabilidade e a segurança é uma preocupação crescente. Tal preocupação exige inúmeros esforços na exploração de novas soluções, quer a nível tecnológico quer a nível arquitetural, que visem impulsionar o desenvolvimento de dispositivos embebidos com maiores capacidades de desempenho, segurança e eficiência energética, não só apenas do dispositivo em si, mas também das camadas e protocolos de rede associados. Apesar da integração de pilhas de comunicação e de protocolos standard das camadas de rede solucionar problemas associados à conectividade e a interoperabilidade, adiciona a sobrecarga inerente dos protocolos de comunicação e do crescente volume de dados partilhados entre os dispositivos e a Internet, afetando severamente o desempenho e a disponibilidade do mesmo, refletindo-se num maior consumo energético global. As soluções apresentadas nesta tese permitiram obter resultados que demonstram: (1) a viabilidade de soluções heterogéneas no desenvolvimento de dispositivos IoT, onde não só tarefas inerentes à aplicação podem ser aceleradas, mas também tarefas relacionadas com a comunicação do dispositivo; (2) os benefícios da aceleração de tarefas e protocolos da pilha de rede, que se traduz num melhor desempenho do dispositivo e aumento da disponibilidade do mesmo, contribuindo para uma melhor eficiência energética; (3) que plataformas de hardware modernas oferecem mecanismos de segurança que podem ser utilizados não apenas em prol da segurança do dispositivo, mas também nas capacidades de comunicação do mesmo; (4) que o desenvolvimento de uma linguagem de domínio específico permite de forma mais eficaz e eficiente o desenvolvimento e configuração de dispositivos IoT inteligentes.This thesis was supported by a PhD scholarship from Fundação para a Ciência e Tecnologia, SFRH/BD/90162/201

Practical Encryption Gateways to Integrate Legacy Industrial Machinery

Future industrial networks will consist of a mixture of old and new components, due to the very long life-cycles of industrial machines on the one hand and the need to change in the face of trends like Industry 4.0 or the industrial Internet of things on the other. These networks will be very heterogeneous and will serve legacy as well as new use cases in parallel. This will result in an increased demand for network security and precisely within this domain, this thesis tries to answer one specific question: how to make it possible for legacy industrial machines to run securely in those future heterogeneous industrial networks. The need for such a solution arises from the fact, that legacy machines are very outdated and hence vulnerable systems, when assessing them from an IT security standpoint. For various reasons, they cannot be easily replaced or upgraded and with the opening up of industrial networks to the Internet, they become prime attack targets. The only way to provide security for them, is by protecting their network traffic. The concept of encryption gateways forms the basis of our solution. These are special network devices, that are put between the legacy machine and the network. The gateways encrypt data traffic from the machine before it is put on the network and decrypt traffic coming from the network accordingly. This results in a separation of the machine from the network by virtue of only decrypting and passing through traffic from other authenticated gateways. In effect, they protect communication data in transit and shield the legacy machines from potential attackers within the rest of the network, while at the same time retaining their functionality. Additionally, through the specific placement of gateways inside the network, fine-grained security policies become possible. This approach can reduce the attack surface of the industrial network as a whole considerably. As a concept, this idea is straight forward and not new. Yet, the devil is in the details and no solution specifically tailored to the needs of the industrial environment and its legacy components existed prior to this work. Therefore, we present in this thesis concrete building blocks in the direction of a generally applicable encryption gateway solution that allows to securely integrate legacy industrial machinery and respects industrial requirements. This not only entails works in the direction of network security, but also includes works in the direction of guaranteeing the availability of the communication links that are protected by the gateways, works to simplify the usability of the gateways as well as the management of industrial data flows by the gateways

Flexi-WVSNP-DASH: A Wireless Video Sensor Network Platform for the Internet of Things

abstract: Video capture, storage, and distribution in wireless video sensor networks (WVSNs) critically depends on the resources of the nodes forming the sensor networks. In the era of big data, Internet of Things (IoT), and distributed demand and solutions, there is a need for multi-dimensional data to be part of the Sensor Network data that is easily accessible and consumable by humanity as well as machinery. Images and video are expected to become as ubiquitous as is the scalar data in traditional sensor networks. The inception of video-streaming over the Internet, heralded a relentless research for effective ways of distributing video in a scalable and cost effective way. There has been novel implementation attempts across several network layers. Due to the inherent complications of backward compatibility and need for standardization across network layers, there has been a refocused attention to address most of the video distribution over the application layer. As a result, a few video streaming solutions over the Hypertext Transfer Protocol (HTTP) have been proposed. Most notable are Apple’s HTTP Live Streaming (HLS) and the Motion Picture Experts Groups Dynamic Adaptive Streaming over HTTP (MPEG-DASH). These frameworks, do not address the typical and future WVSN use cases. A highly flexible Wireless Video Sensor Network Platform and compatible DASH (WVSNP-DASH) are introduced. The platform's goal is to usher video as a data element that can be integrated into traditional and non-Internet networks. A low cost, scalable node is built from the ground up to be fully compatible with the Internet of Things Machine to Machine (M2M) concept, as well as the ability to be easily re-targeted to new applications in a short time. Flexi-WVSNP design includes a multi-radio node, a middle-ware for sensor operation and communication, a cross platform client facing data retriever/player framework, scalable security as well as a cohesive but decoupled hardware and software design.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

Infrastructure sharing of 5G mobile core networks on an SDN/NFV platform

When looking towards the deployment of 5G network architectures, mobile network operators will continue to face many challenges. The number of customers is approaching maximum market penetration, the number of devices per customer is increasing, and the number of non-human operated devices estimated to approach towards the tens of billions, network operators have a formidable task ahead of them. The proliferation of cloud computing techniques has created a multitude of applications for network services deployments, and at the forefront is the adoption of Software-Defined Networking (SDN) and Network Functions Virtualisation (NFV). Mobile network operators (MNO) have the opportunity to leverage these technologies so that they can enable the delivery of traditional networking functionality in cloud environments. The benefit of this is reductions seen in the capital and operational expenditures of network infrastructure. When going for NFV, how a Virtualised Network Function (VNF) is designed, implemented, and placed over physical infrastructure can play a vital role on the performance metrics achieved by the network function. Not paying careful attention to this aspect could lead to the drastically reduced performance of network functions thus defeating the purpose of going for virtualisation solutions. The success of mobile network operators in the 5G arena will depend heavily on their ability to shift from their old operational models and embrace new technologies, design principles and innovation in both the business and technical aspects of the environment. The primary goal of this thesis is to design, implement and evaluate the viability of data centre and cloud network infrastructure sharing use case. More specifically, the core question addressed by this thesis is how virtualisation of network functions in a shared infrastructure environment can be achieved without adverse performance degradation. 5G should be operational with high penetration beyond the year 2020 with data traffic rates increasing exponentially and the number of connected devices expected to surpass tens of billions. Requirements for 5G mobile networks include higher flexibility, scalability, cost effectiveness and energy efficiency. Towards these goals, Software Defined Networking (SDN) and Network Functions Virtualisation have been adopted in recent proposals for future mobile networks architectures because they are considered critical technologies for 5G. A Shared Infrastructure Management Framework was designed and implemented for this purpose. This framework was further enhanced for performance optimisation of network functions and underlying physical infrastructure. The objective achieved was the identification of requirements for the design and development of an experimental testbed for future 5G mobile networks. This testbed deploys high performance virtualised network functions (VNFs) while catering for the infrastructure sharing use case of multiple network operators. The management and orchestration of the VNFs allow for automation, scalability, fault recovery, and security to be evaluated. The testbed developed is readily re-creatable and based on open-source software

Low-complexity, low-area computer architectures for cryptographic application in resource constrained environments

RCE (Resource Constrained Environment) is known for its stringent hardware design requirements. With the rise of Internet of Things (IoT), low-complexity and low-area designs are becoming prominent in the face of complex security threats. Two low-complexity, low-area cryptographic processors based on the ultimate reduced instruction set computer (URISC) are created to provide security features for wireless visual sensor networks (WVSN) by using field-programmable gate array (FPGA) based visual processors typically used in RCEs. The first processor is the Two Instruction Set Computer (TISC) running the Skipjack cipher. To improve security, a Compact Instruction Set Architecture (CISA) processor running the full AES with modified S-Box was created. The modified S-Box achieved a gate count reduction of 23% with no functional compromise compared to Boyar’s. Using the Spartan-3L XC3S1500L-4-FG320 FPGA, the implementation of the TISC occupies 71 slices and 1 block RAM. The TISC achieved a throughput of 46.38 kbps at a stable 24MHz clock. The CISA which occupies 157 slices and 1 block RAM, achieved a throughput of 119.3 kbps at a stable 24MHz clock. The CISA processor is demonstrated in two main applications, the first in a multilevel, multi cipher architecture (MMA) with two modes of operation, (1) by selecting cipher programs (primitives) and sharing crypto-blocks, (2) by using simple authentication, key renewal schemes, and showing perceptual improvements over direct AES on images. The second application demonstrates the use of the CISA processor as part of a selective encryption architecture (SEA) in combination with the millions instructions per second set partitioning in hierarchical trees (MIPS SPIHT) visual processor. The SEA is implemented on a Celoxica RC203 Vertex XC2V3000 FPGA occupying 6251 slices and a visual sensor is used to capture real world images. Four images frames were captured from a camera sensor, compressed, selectively encrypted, and sent over to a PC environment for decryption. The final design emulates a working visual sensor, from on node processing and encryption to back-end data processing on a server computer

Building the Infrastructure for Cloud Security

Computer scienc