Enhancing Block-Wise Transfer with Network Coding in CoAP

CoAP (Constrained Application Protocol) with block-wise transfer (BWT) option is a known protocol choice for large data transfer in general lossy IoT network environments. Lossy transmission environments on the other hand lead to CoAP resending multiple blocks, which creates overheads. To tackle this problem, we design a BWT with network coding (NC), with the goal to reducing the number of unnecessary retransmissions. The results show the reduction in the number of block retransmissions for different values of blocksize, implying the reduced transfer time. For the maximum blocksize of 1024 bytes and total probability loss of 0.5, CoAP with NC can resend up to 5 times less blocks.Comment: 4 pages, 2 figures, submitted to Euro-Par 201

An Experimental Study of Network Coded REST HTTP in Dynamic IoT Systems

REST HTTP is the communication protocol of choice for software developers today. In IoT systems with unreliable connectivity, however, a stateless protocol like REST HTTP needs to send a request message multiple times, and it only stops the retransmissions when an acknowledgement arrives at the sender. In our previous work, we studied the usage of random linear network coding (RLNC) for REST HTTP protocol to reducing the amount of unnecessarily retransmissions. In this paper, we experimentally validate the study and analyze REST HTTP with and without RLNC in a simple testbed in dynamic IoT systems. The measurements show notable improvements in bandwidth utilization in terms of reducing the retransmissions and delay when using network-coded REST HTTP.Comment: 7 pages, 5 figures, accepted at IEEE International Conference on Communications (ICC), Dublin, Ireland, 202

Network coding for reliable wireless sensor networks

Wireless sensor networks are used in many applications and are now a key element in the increasingly growing Internet of Things. These networks are composed of small nodes including wireless communication modules, and in most of the cases are able to autonomously con gure themselves into networks, to ensure sensed data delivery. As more and more sensor nodes and networks join the Internet of Things, collaboration between geographically distributed systems are expected. Peer to peer overlay networks can assist in the federation of these systems, for them to collaborate. Since participating peers/proxies contribute to storage and processing, there is no burden on speci c servers and bandwidth bottlenecks are avoided. Network coding can be used to improve the performance of wireless sensor networks. The idea is for data from multiple links to be combined at intermediate encoding nodes, before further transmission. This technique proved to have a lot of potential in a wide range of applications. In the particular case of sensor networks, network coding based protocols and algorithms try to achieve a balance between low packet error rate and energy consumption. For network coding based constrained networks to be federated using peer to peer overlays, it is necessary to enable the storage of encoding vectors and coded data by such distributed storage systems. Packets can arrive to the overlay through any gateway/proxy (peers in the overlay), and lost packets can be recovered by the overlay (or client) using original and coded data that has been stored. The decoding process requires a decoding service at the overlay network. Such architecture, which is the focus of this thesis, will allow constrained networks to reduce packet error rate in an energy e cient way, while bene ting from an e ective distributed storage solution for their federation. This will serve as a basis for the proposal of mathematical models and algorithms that determine the most e ective routing trees, for packet forwarding toward sink/gateway nodes, and best amount and placement of encoding nodes.As redes de sensores sem fios são usadas em muitas aplicações e são hoje consideradas um elemento-chave para o desenvolvimento da Internet das Coisas. Compostas por nós de pequena dimensão que incorporam módulos de comunicação sem fios, grande parte destas redes possuem a capacidade de se configurarem de forma autónoma, formando sistemas em rede para garantir a entrega dos dados recolhidos. (…

Installer un Ordonnancement dans un Réseau 6TiSCH Contraint Multi-Saut en utilisant CoAP (Version Etendue)

Scheduling in a IEEE802.15.4e TSCH (6TiSCH) low-power wireless network can be done in a centralized or distributed way. When using centralized scheduling, a scheduler installs a communication schedule into the network. This can be done in a standards-based way usingCoAP. In this report, we compute the number of packets and the latency this takes, on real-world examples. The result is that the cost is very high using today's standards, much higher than when using an ad-hoc solution such as OCARI. We conclude by making recommendations to drastically reduce the number of messages and improve the efficiency of the standardized approach.Dans ce rapport de recherche, nous montrons comment installer un ordonnancement d'activités des noeuds dans un réseau contraint radio multi-sauts IEEE802.15.4e TSCH en utilisant le standard CoAP. A travers un exemple illustratif simple, nous calculons le nombre de messages véhiculés dans l'ensemble du réseau pour différentes méthodes compatibles avec ces standards existants. Nous notons que l'utilisation des standards existants se traduit par un coût très important en terme de nombre de messages et en latence. Ce coût est bien superieur à celuid'une solution ad-hoc comme OCARI. Nous concluons en faisant différentes recommandations pour réduire ce nombre de messages et donc améliorer l'efficacité des protocoles standardisés

A context -and template- based data compression approach to improve resource-constrained IoT systems interoperability.

170 p.El objetivo del Internet de las Cosas (the Internet of Things, IoT) es el de interconectar todo tipo de cosas, desde dispositivos simples, como una bombilla o un termostato, a elementos más complejos y abstractoscomo una máquina o una casa. Estos dispositivos o elementos varían enormemente entre sí, especialmente en las capacidades que poseen y el tipo de tecnologías que utilizan. Esta heterogeneidad produce una gran complejidad en los procesos integración en lo que a la interoperabilidad se refiere.Un enfoque común para abordar la interoperabilidad a nivel de representación de datos en sistemas IoT es el de estructurar los datos siguiendo un modelo de datos estándar, así como formatos de datos basados en texto (e.g., XML). Sin embargo, el tipo de dispositivos que se utiliza normalmente en sistemas IoT tiene capacidades limitadas, así como recursos de procesamiento y de comunicación escasos. Debido a estas limitaciones no es posible integrar formatos de datos basados en texto de manera sencilla y e1ciente en dispositivos y redes con recursos restringidos. En esta Tesis, presentamos una novedosa solución de compresión de datos para formatos de datos basados en texto, que está especialmente diseñada teniendo en cuenta las limitaciones de dispositivos y redes con recursos restringidos. Denominamos a esta solución Context- and Template-based Compression (CTC). CTC mejora la interoperabilidad a nivel de los datos de los sistemas IoT a la vez que requiere muy pocos recursos en cuanto a ancho de banda de las comunicaciones, tamaño de memoria y potencia de procesamiento

A context -and template- based data compression approach to improve resource-constrained IoT systems interoperability.

170 p.El objetivo del Internet de las Cosas (the Internet of Things, IoT) es el de interconectar todo tipo de cosas, desde dispositivos simples, como una bombilla o un termostato, a elementos más complejos y abstractoscomo una máquina o una casa. Estos dispositivos o elementos varían enormemente entre sí, especialmente en las capacidades que poseen y el tipo de tecnologías que utilizan. Esta heterogeneidad produce una gran complejidad en los procesos integración en lo que a la interoperabilidad se refiere.Un enfoque común para abordar la interoperabilidad a nivel de representación de datos en sistemas IoT es el de estructurar los datos siguiendo un modelo de datos estándar, así como formatos de datos basados en texto (e.g., XML). Sin embargo, el tipo de dispositivos que se utiliza normalmente en sistemas IoT tiene capacidades limitadas, así como recursos de procesamiento y de comunicación escasos. Debido a estas limitaciones no es posible integrar formatos de datos basados en texto de manera sencilla y e1ciente en dispositivos y redes con recursos restringidos. En esta Tesis, presentamos una novedosa solución de compresión de datos para formatos de datos basados en texto, que está especialmente diseñada teniendo en cuenta las limitaciones de dispositivos y redes con recursos restringidos. Denominamos a esta solución Context- and Template-based Compression (CTC). CTC mejora la interoperabilidad a nivel de los datos de los sistemas IoT a la vez que requiere muy pocos recursos en cuanto a ancho de banda de las comunicaciones, tamaño de memoria y potencia de procesamiento

Contributions to Securing Software Updates in IoT

The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate

DeepSHARQ: hybrid error coding using deep learning

Cyber-physical systems operate under changing environments and on resource-constrained devices. Communication in these environments must use hybrid error coding, as pure pro- or reactive schemes cannot always fulfill application demands or have suboptimal performance. However, finding optimal coding configurations that fulfill application constraints—e.g., tolerate loss and delay—under changing channel conditions is a computationally challenging task. Recently, the systems community has started addressing these sorts of problems using hybrid decomposed solutions, i.e., algorithmic approaches for wellunderstood formalized parts of the problem and learning-based approaches for parts that must be estimated (either for reasons of uncertainty or computational intractability). For DeepSHARQ, we revisit our own recent work and limit the learning problem to block length prediction, the major contributor to inference time (and its variation) when searching for hybrid error coding configurations. The remaining parameters are found algorithmically, and hence we make individual contributions with respect to finding close-to-optimal coding configurations in both of these areas—combining them into a hybrid solution. DeepSHARQ applies block length regularization in order to reduce the neural networks in comparison to purely learningbased solutions. The hybrid solution is nearly optimal concerning the channel efficiency of coding configurations it generates, as it is trained so deviations from the optimum are upper bound by a configurable percentage. In addition, DeepSHARQ is capable of reacting to channel changes in real time, thereby enabling cyber-physical systems even on resource-constrained platforms. Tightly integrating algorithmic and learning-based approaches allows DeepSHARQ to react to channel changes faster and with a more predictable time than solutions that rely only on either of the two approaches

Efficient Security Protocols for Constrained Devices

During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it