A Misuse-Based Intrusion Detection System for ITU-T G.9959 Wireless Networks

Wireless Sensor Networks (WSNs) provide low-cost, low-power, and low-complexity systems tightly integrating control and communication. Protocols based on the ITU-T G.9959 recommendation specifying narrow-band sub-GHz communications have significant growth potential. The Z-Wave protocol is the most common implementation. Z-Wave developers are required to sign nondisclosure and confidentiality agreements, limiting the availability of tools to perform open source research. This work discovers vulnerabilities allowing the injection of rogue devices or hiding information in Z-Wave packets as a type of covert channel attack. Given existing vulnerabilities and exploitations, defensive countermeasures are needed. A Misuse-Based Intrusion Detection System (MBIDS) is engineered, capable of monitoring Z-Wave networks. Experiments are designed to test the detection accuracy of the system against attacks. Results from the experiments demonstrate the MBIDS accurately detects intrusions in a Z-Wave network with a mean misuse detection rate of 99%. Overall, this research contributes new Z-Wave exploitations and an MBIDS to detect rogue devices and packet injection attacks, enabling a more secure Z-Wave network

Internet of Things for enabling smart environments: a technology-centric perspective

The Internet of Things (IoT) is a computing paradigm whereby everyday life objects are augmented with computational and wireless communication capabilities, typically through the incorporation of resource-constrained devices including sensors and actuators, which enable their connection to the Internet. The IoT is seen as the key ingredient for the development of smart environments. Nevertheless, the current IoT ecosystem offers many alternative communication solutions with diverse performance characteristics. This situation presents a major challenge to identifying the most suitable IoT communication solution(s) for a particular smart environment. In this paper we consider the distinct requirements of key smart environments, namely the smart home, smart health, smart cities and smart factories, and relate them to current IoT communication solutions. Specifically, we describe the core characteristics of these smart environments and then proceed to provide a comprehensive survey of relevant IoT communication technologies and architectures. We conclude with our reflections on the crucial features of IoT solutions in this setting and a discussion of challenges that remain open for research

Air Force Institute of Technology Research Report 2016

This Research Report presents the FY16 research statistics and contributions of the Graduate School of Engineering and Management (EN) at AFIT. AFIT research interests and faculty expertise cover a broad spectrum of technical areas related to USAF needs, as reflected by the range of topics addressed in the faculty and student publications listed in this report. In most cases, the research work reported herein is directly sponsored by one or more USAF or DOD agencies. AFIT welcomes the opportunity to conduct research on additional topics of interest to the USAF, DOD, and other federal organizations when adequate manpower and financial resources are available and/or provided by a sponsor. In addition, AFIT provides research collaboration and technology transfer benefits to the public through Cooperative Research and Development Agreements (CRADAs)

A Practical Wireless Exploitation Framework for Z-Wave Networks

Wireless Sensor Networks (WSN) are a growing subset of the emerging Internet of Things (IoT). WSNs reduce the cost of deployment over wired alternatives; consequently, use is increasing in home automation, critical infrastructure, smart metering, and security solutions. Few published works evaluate the security of proprietary WSN protocols due to the lack of low-cost and effective research tools. One such protocol is ITU-T G.9959-based Z-Wave, which maintains wide acceptance within the IoT market. This research utilizes an open source toolset, presented herein, called EZ-Wave to identify methods for exploiting Z-Wave devices and networks using Software-Defined Radios (SDR). Herein, techniques enabling active network reconnaissance, including network enumeration and device interrogation, are presented. Furthermore, a fuzzing framework is presented and utilized to identify three packet malformations resulting in anomalous device behavior. Finally, a method for classifying the three most common Z-Wave transceivers with \u3e99% accuracy using preamble manipulation is identified and tested

Standardization Roadmap for Unmanned Aircraft Systems, Version 2.0

This Standardization Roadmap for Unmanned Aircraft Systems, Version 2.0 (“roadmap”) is an update to version 1.0 of this document published in December 2018. It identifies existing standards and standards in development, assesses gaps, and makes recommendations for priority areas where there is a perceived need for additional standardization and/or pre-standardization R&D. The roadmap has examined 78 issue areas, identified a total of 71 open gaps and corresponding recommendations across the topical areas of airworthiness; flight operations (both general concerns and application-specific ones including critical infrastructure inspections, commercial services, and public safety operations); and personnel training, qualifications, and certification. Of that total, 47 gaps/recommendations have been identified as high priority, 21 as medium priority, and 3 as low priority. A “gap” means no published standard or specification exists that covers the particular issue in question. In 53 cases, additional R&D is needed. As with the earlier version of this document, the hope is that the roadmap will be broadly adopted by the standards community and that it will facilitate a more coherent and coordinated approach to the future development of standards for UAS. To that end, it is envisioned that the roadmap will continue to be promoted in the coming year. It is also envisioned that a mechanism may be established to assess progress on its implementation

Pervasive service discovery in low-power and lossy networks

Pervasive Service Discovery (SD) in Low-power and Lossy Networks (LLNs) is expected to play a major role in realising the Internet of Things (IoT) vision. Such a vision aims to expand the current Internet to interconnect billions of miniature smart objects that sense and act on our surroundings in a way that will revolutionise the future. The pervasiveness and heterogeneity of such low-power devices requires robust, automatic, interoperable and scalable deployment and operability solutions. At the same time, the limitations of such constrained devices impose strict challenges regarding complexity, energy consumption, time-efficiency and mobility. This research contributes new lightweight solutions to facilitate automatic deployment and operability of LLNs. It mainly tackles the aforementioned challenges through the proposition of novel component-based, automatic and efficient SD solutions that ensure extensibility and adaptability to various LLN environments. Building upon such architecture, a first fully-distributed, hybrid pushpull SD solution dubbed EADP (Extensible Adaptable Discovery Protocol) is proposed based on the well-known Trickle algorithm. Motivated by EADPs’ achievements, new methods to optimise Trickle are introduced. Such methods allow Trickle to encompass a wide range of algorithms and extend its usage to new application domains. One of the new applications is concretized in the TrickleSD protocol aiming to build automatic, reliable, scalable, and time-efficient SD. To optimise the energy efficiency of TrickleSD, two mechanisms improving broadcast communication in LLNs are proposed. Finally, interoperable standards-based SD in the IoT is demonstrated, and methods combining zero-configuration operations with infrastructure-based solutions are proposed. Experimental evaluations of the above contributions reveal that it is possible to achieve automatic, cost-effective, time-efficient, lightweight, and interoperable SD in LLNs. These achievements open novel perspectives for zero-configuration capabilities in the IoT and promise to bring the ‘things’ to all people everywhere

Air Force Institute of Technology Research Report 2015

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems Engineering and Management, Operational Sciences, Mathematics, Statistics and Engineering Physics

Air Force Institute of Technology Research Report 2015

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems Engineering and Management, Operational Sciences, Mathematics, Statistics and Engineering Physics

Pattern-of-Life Modeling using Data Leakage in Smart Homes

This work investigates data leakage in smart homes by providing a Smart Home Automation Architecture (SHAA) and a device classifier and pattern-of-life analysis tool, CITIoT (Classify, Identify, and Track Internet of things). CITIoT was able to capture traffic from SHAA and classify 17 of 18 devices, identify 95% of the events that occurred, and track when users were home or away with near 100% accuracy. Additionally, a mitigation tool, MIoTL (Mitigation of IoT Leakage) is provided to defend against smart home data leakage. With mitigation, CITIoT was unable to identify motion and camera devices and was inundated with an average of 221 false positives per day that made it ineffective at identifying real events. Also, CITIoT was only able to recognize 8 minutes of 24 hours that the user was away from the smart home. This work closes by stressing the vulnerabilities presented through the demonstration of how an adversary can use CITIoT to crack a BLE lock and gain access to the home. Lastly, security recommendations are provided to defend against vulnerabilities presented in this work and create a safer smart home environment

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions