Evaluating the impact of malicious spoofing attacks on Bluetooth low energy based occupancy detection systems

Occupancy detection of a building has a wide range of applications. Areas such as emergency management, home automation and building energy management can benefit from the knowledge of occupants' locations to provide better results and improve their efficiency. Bluetooth Low Energy (BLE) beacons installed inside a building are able to provide information on an occupant's location. Since, however, their operation is based on broadcasting advertisements, they are vulnerable to network security breaches. In this work, we evaluate the effect of two types of spoofing attacks on a BLE based occupancy detection system. The system is composed of BLE beacons installed inside the building, a mobile application installed on occupants’ mobile phones and a remote control server. Occupancy detection is performed by a classifier installed on the remote server. We use our real-world experimental results to evaluate the impact of these attacks on the system's operation, particularly in terms of the accuracy with which it can provide location information

A Context-Aware System to Secure Enterprise Content: Incorporating Reliability Specifiers

The sensors of a context-aware system extract contextual information from the environment and relay that information to higher-level processes of the system so to influence the system\u2019s control decisions. However, an adversary can maliciously influence such controls indirectly by manipulating the environment in which the sensors are monitoring, thereby granting privileges the adversary would otherwise not normally have. To address such context monitoring issues, we extend CASSEC by incorporating sentience-like constructs, which enable the emulation of \u201dconfidence\u201d, into our proximity-based access control model to grant the system the ability to make more inferable decisions based on the degree of reliability of extracted contextual information. In CASSEC 2.0, we evaluate our confidence constructs by implementing two new authentication mechanisms. Co-proximity authentication employs our time-based challenge-response protocol, which leverages Bluetooth Low Energy beacons as its underlying occupancy detection technology. Biometric authentication relies on the accelerometer and fingerprint sensors to measure behavioral and physiological user features to prevent unauthorized users from using an authorized user\u2019s device. We provide a feasibility study demonstrating how confidence constructs can improve the decision engine of context-aware access control systems

How Physicality Enables Trust: A New Era of Trust-Centered Cyberphysical Systems

Multi-agent cyberphysical systems enable new capabilities in efficiency, resilience, and security. The unique characteristics of these systems prompt a reevaluation of their security concepts, including their vulnerabilities, and mechanisms to mitigate these vulnerabilities. This survey paper examines how advancement in wireless networking, coupled with the sensing and computing in cyberphysical systems, can foster novel security capabilities. This study delves into three main themes related to securing multi-agent cyberphysical systems. First, we discuss the threats that are particularly relevant to multi-agent cyberphysical systems given the potential lack of trust between agents. Second, we present prospects for sensing, contextual awareness, and authentication, enabling the inference and measurement of ``inter-agent trust" for these systems. Third, we elaborate on the application of quantifiable trust notions to enable ``resilient coordination," where ``resilient" signifies sustained functionality amid attacks on multiagent cyberphysical systems. We refer to the capability of cyberphysical systems to self-organize, and coordinate to achieve a task as autonomy. This survey unveils the cyberphysical character of future interconnected systems as a pivotal catalyst for realizing robust, trust-centered autonomy in tomorrow's world

Enhancing service quality and reliability in intelligent traffic system

Intelligent Traffic Systems (ITS) can manage on-road traffic efficiently based on real-time traffic conditions, reduce delay at the intersections, and maintain the safety of the road users. However, emergency vehicles still struggle to meet their targeted response time, and an ITS is vulnerable to various types of attacks, including cyberattacks. To address these issues, in this dissertation, we introduce three techniques that enhance the service quality and reliability of an ITS. First, an innovative Emergency Vehicle Priority System (EVPS) is presented to assist an Emergency Vehicle (EV) in attending the incident place faster. Our proposed EVPS determines the proper priority codes of EV based on the type of incidents. After priority code generation, EVPS selects the number of traffic signals needed to be turned green considering the impact on other vehicles gathered in the relevant adjacent cells. Second, for improving reliability, an Intrusion Detection System for traffic signals is proposed for the first time, which leverages traffic and signal characteristics such as the flow rate, vehicle speed, and signal phase time. Shannon’s entropy is used to calculate the uncertainty associated with the likelihood of particular evidence and Dempster-Shafer (DS) decision theory is used to fuse the evidential information. Finally, to improve the reliability of a future ITS, we introduce a model that assesses the trust level of four major On-Board Units (OBU) of a self-driving car along with Global Positioning System (GPS) data and safety messages. Both subjective logic (DS theory) and CertainLogic are used to develop the theoretical underpinning for estimating the trust value of a self-driving car by fusing the trust value of four OBU components, GPS data and safety messages. For evaluation and validation purposes, a popular and widely used traffic simulation package, namely Simulation of Urban Mobility (SUMO), is used to develop the simulation platform using a real map of Melbourne CBD. The relevant historical real data taken from the VicRoads website were used to inject the traffic flow and density in the simulation model. We evaluated the performance of our proposed techniques considering different traffic and signal characteristics such as occupancy rate, flow rate, phase time, and vehicle speed under many realistic scenarios. The simulation result shows the potential efficacy of our proposed techniques for all selected scenarios.Doctor of Philosoph

Novel Attacks and Defenses for Enterprise Internet-of-Things (E-IoT) Systems

This doctoral dissertation expands upon the field of Enterprise Internet-of-Things (E-IoT) systems, one of the most ubiquitous and under-researched fields of smart systems. E-IoT systems are specialty smart systems designed for sophisticated automation applications (e.g., multimedia control, security, lighting control). E-IoT systems are often closed source, costly, require certified installers, and are more robust for their specific applications. This dissertation begins with an analysis of the current E-IoT threat landscape and introduces three novel attacks and defenses under-studied software and protocols heavily linked to E-IoT systems. For each layer, we review the literature for the threats, attacks, and countermeasures. Based on the systematic knowledge we obtain from the literature review, we propose three novel attacks and countermeasures to protect E-IoT systems. In the first attack, we present PoisonIvy, several attacks developed to show that malicious E-IoT drivers can be used to compromise E-IoT. In response to PoisonIvy threats, we describe Ivycide, a machine-learning network-based solution designed to defend E-IoT systems against E-IoT driver threats. As multimedia control is a significant application of E-IoT, we introduce is HDMI-Walk, a novel attack vector designed to demonstrate that HDMI\u27s Consumer Electronics Control (CEC) protocol can be used to compromise multiple devices through a single connection. To defend devices from this threat, we introduce HDMI-Watch, a standalone intrusion detection system (IDS) designed to defend HDMI-enabled devices from HDMI-Walk-style attacks. Finally, this dissertation evaluates the security of E-IoT proprietary protocols with LightingStrike, a series of attacks used to demonstrate that popular E-IoT proprietary communication protocols are insecure. To address LightningStrike threats, we introduce LGuard, a complete defense framework designed to defend E-IoT systems from LightingStrike-style attacks using computer vision, traffic obfuscation, and traffic analysis techniques. For each contribution, all of the defense mechanisms proposed are implemented without any modification to the underlying hardware or software. All attacks and defenses in this dissertation were performed with implementations on widely-used E-IoT devices and systems. We believe that the research presented in this dissertation has notable implications on the security of E-IoT systems by exposing novel threat vectors, raising awareness, and motivating future E-IoT system security research

CPS Attacks Mitigation Approaches on Power Electronic Systems with Security Challenges for Smart Grid Applications: A Review

This paper presents an inclusive review of the cyber-physical (CP) attacks, vulnerabilities, mitigation approaches on the power electronics and the security challenges for the smart grid applications. With the rapid evolution of the physical systems in the power electronics applications for interfacing renewable energy sources that incorporate with cyber frameworks, the cyber threats have a critical impact on the smart grid performance. Due to the existence of electronic devices in the smart grid applications, which are interconnected through communication networks, these networks may be subjected to severe cyber-attacks by hackers. If this occurs, the digital controllers can be physically isolated from the control loop. Therefore, the cyber-physical systems (CPSs) in the power electronic systems employed in the smart grid need special treatment and security. In this paper, an overview of the power electronics systems security on the networked smart grid from the CP perception, as well as then emphases on prominent CP attack patterns with substantial influence on the power electronics components operation along with analogous defense solutions. Furthermore, appraisal of the CPS threats attacks mitigation approaches, and encounters along the smart grid applications are discussed. Finally, the paper concludes with upcoming trends and challenges in CP security in the smart grid applications

Napredna (edge computing) softverska arhitektura za upravljanje resursima i unutrašnje pozicioniranje

In Part I, this thesis aims to shed light on IoT and edge com-puting systems and accompanying computing and architectural paradigms, their definition, areas of application, and common use-cases, as well as operational, business, economical, social challenges and benefits. It illustrates modern needs and requests in building IoT systems and current State-of-The-Art (SoTA) approaches to designing them. Additionally, it discusses the security and privacy topics of IoT and edge computing systems. It also encompasses research, design, and implementation of an MQTT-based Resource Management Framework for Edge Com-puting systems that handle: resource management, failover detection and handover administration, logical and physical workload balancing and protection, and monitoring of physical and logical system resources designed for a real-world IoT platform. The thesis offers insights into modern requests for such frameworks, current SoTA approaches, and offer a solution in the form of a software framework, with minimal implementation and communication overhead. In Part II, the thesis elaborates on IPS, their definition, deploy-ment types, commonly used positioning techniques, areas of application, and common use-cases, as well as operational, business, economic, social challenges, and benefits. It specifically discusses designing IPS for the typical IoT infrastructure. It offers insights to modern IPS requests, current SoTA in solving them, and under-line original approaches from this thesis. It elaborates on the research, design and authors’ implementation of an IPS for the IoT – Bluetooth LowEnergyMicrolocation Asset Tracking (BLEMAT), including its software engines (collections of software components) for: indoor positioning, occupancy detection, visualization, pattern discovery and prediction, geofencing, movement pattern detection, visualization, discovery and prediction, social dynamics analysis, and indoor floor plan layout detection.Deo I teze ima je za cilj da rasvetli IoT i edge computing računarske sisteme i prateće računarske paradigme softverskih arhitektura, njihovu definiciju, područja primene i slučajeve uobičajene upotrebe, kao i operativne, poslovne, ekonomske, i socijalne izazove i koristi. Teza ilustruje savremene potrebe i zahtevi u izgradnji IoT sistema i najsavremeniji pristupi u njihovom dizajniranju. Raspravlja se o temama bezbednosti i privatnosti u IoT i edge computing računarskim sistemima. Kao još jedan glavni zadatak, teza je obuhvata istraživanje, dizajn i implementaciju softverske arhitekture za upravljanje resursima zasnovanim na MQTT komunikacionom protokolu za edge computing računarske sisteme koja se bavi: upravljanjem resursima, detekcijom prestanka rada upravljačkih algoritama i administracijom primopredaje tj. transporta upravljačkih algoritama, i logičkim i fizičkim balansiranjem i zaštitom radnog opterećenja sistema. Diskutuju se savremeni zahtevi za takve softverske arhitekture, trenutni pristupi. Na kraju, prikazuje se rešenje sa minimalnim troškovima implementacije i  komunikacije. Deo II teze ima za cilj da objasni sisteme za unutrašnje pozicioniranje, njihovu definiciju, vrste primene, najčešće korišćene tehnike pozicioniranja, područja primene i uobičajene slučajeve upotrebe, kao i operativne, poslovne, ekonomske, i socijalne izazove i koristi. Posebno se diskutuje o dizajniranju ovakvih sistema za tipičnu IoT infrastrukturu. Nudi se uvid u savremene zahteve sisteme za unutrašnje pozicioniranje, trenutne pristupe u rešavanju istih, i naglašeni su originalni pristupe iz ove teze. Dalje je fokus na istraživanju, dizajniranju i implementaciji sistema za unutrašnje pozicioniranje (BLEMAT), uključujući njegove softverske podsisteme (kolekcije softverskih komponenti) za: pozicioniranje u zatvorenom prostoru, detekciju zauzeća prostorija, vizualizaciju, otkrivanje i predviđanje obrazaca kretanja, geofencing, vizualizaciju i analizu društvene dinamike i detekciju rasporeda prostorija unutrašnjeg prostora