294 research outputs found
Exploring Potential 6LoWPAN Traffic Side Channels.
The Internet of Things (IoT) has become a reality: small connected devices feature in everyday objects including childrens’ toys, TVs, fridges, heating control units, etc. Supply chains feature sensors throughout, and significant investments go into researching next-generation healthcare, where sensors monitor wellbeing. A future in which sensors and other (small) devices interact to create sophisticated applications seems just around the corner. All of these applications have a fundamental need for security and privacy and thus cryptography is deployed as part of an attempt to secure them. In this paper we explore a particular type of flaw, namely side channel information, on the protocol level that can exist despite the use of cryptography. Our research investigates the potential for utilising packet length and timing information (both are easily obtained) to extract interesting information from a system. We find that using these side channels we can distinguish between devices, different programs running on the same device including which sensor is accessed. We also find it is possible to distinguish between different types of ICMP messages despite the use of encryption. Based on our findings, we provide a set of recommendations to efficiently mitigate these side channels in the IoT context.</p
Low-Power Wireless for the Internet of Things: Standards and Applications: Internet of Things, IEEE 802.15.4, Bluetooth, Physical layer, Medium Access Control,coexistence, mesh networking, cyber-physical systems, WSN, M2M
International audienceThe proliferation of embedded systems, wireless technologies, and Internet protocols have enabled the Internet of Things (IoT) to bridge the gap between the virtual and physical world through enabling the monitoring and actuation of the physical world controlled by data processing systems. Wireless technologies, despite their offered convenience, flexibility, low cost, and mobility pose unique challenges such as fading, interference, energy, and security, which must be carefully addressed when using resource-constrained IoT devices. To this end, the efforts of the research community have led to the standardization of several wireless technologies for various types of application domains depending on factors such as reliability, latency, scalability, and energy efficiency. In this paper, we first overview these standard wireless technologies, and we specifically study the MAC and physical layer technologies proposed to address the requirements and challenges of wireless communications. Furthermore, we explain the use of these standards in various application domains, such as smart homes, smart healthcare, industrial automation, and smart cities, and discuss their suitability in satisfying the requirements of these applications. In addition to proposing guidelines to weigh the pros and cons of each standard for an application at hand, we also examine what new strategies can be exploited to overcome existing challenges and support emerging IoT applications
Towards the simulation of cooperative perception applications by leveraging distributed sensing infrastructures
With the rapid development of Automated Vehicles (AV), the boundaries of their function alities are being pushed and new challenges are being imposed. In increasingly complex
and dynamic environments, it is fundamental to rely on more powerful onboard sensors and
usually AI. However, there are limitations to this approach. As AVs are increasingly being
integrated in several industries, expectations regarding their cooperation ability is growing,
and vehicle-centric approaches to sensing and reasoning, become hard to integrate. The
proposed approach is to extend perception to the environment, i.e. outside of the vehicle,
by making it smarter, via the deployment of wireless sensors and actuators. This will vastly
improve the perception capabilities in dynamic and unpredictable scenarios and often in a
cheaper way, relying mostly in the use of lower cost sensors and embedded devices, which rely
on their scale deployment instead of centralized sensing abilities. Consequently, to support
the development and deployment of such cooperation actions in a seamless way, we require
the usage of co-simulation frameworks, that can encompass multiple perspectives of control
and communications for the AVs, the wireless sensors and actuators and other actors in the
environment. In this work, we rely on ROS2 and micro-ROS as the underlying technologies
for integrating several simulation tools, to construct a framework, capable of supporting the
development, test and validation of such smart, cooperative environments. This endeavor
was undertaken by building upon an existing simulation framework known as AuNa. We
extended its capabilities to facilitate the simulation of cooperative scenarios by incorporat ing external sensors placed within the environment rather than just relying on vehicle-based
sensors. Moreover, we devised a cooperative perception approach within this framework,
showcasing its substantial potential and effectiveness. This will enable the demonstration of
multiple cooperation scenarios and also ease the deployment phase by relying on the same
software architecture.Com o rápido desenvolvimento dos Veículos Autónomos (AV), os limites das suas funcional idades estão a ser alcançados e novos desafios estão a surgir. Em ambientes complexos
e dinâmicos, é fundamental a utilização de sensores de alta capacidade e, na maioria dos
casos, inteligência artificial. Mas existem limitações nesta abordagem. Como os AVs estão
a ser integrados em várias indústrias, as expectativas quanto à sua capacidade de cooperação estão a aumentar, e as abordagens de perceção e raciocínio centradas no veículo,
tornam-se difíceis de integrar. A abordagem proposta consiste em extender a perceção para
o ambiente, isto é, fora do veículo, tornando-a inteligente, através do uso de sensores e
atuadores wireless. Isto irá melhorar as capacidades de perceção em cenários dinâmicos e
imprevisíveis, reduzindo o custo, pois a abordagem será baseada no uso de sensores low-cost
e sistemas embebidos, que dependem da sua implementação em grande escala em vez da
capacidade de perceção centralizada. Consequentemente, para apoiar o desenvolvimento
e implementação destas ações em cooperação, é necessária a utilização de frameworks de
co-simulação, que abranjam múltiplas perspetivas de controlo e comunicação para os AVs,
sensores e atuadores wireless, e outros atores no ambiente. Neste trabalho será utilizado
ROS2 e micro-ROS como as tecnologias subjacentes para a integração das ferramentas de
simulação, de modo a construir uma framework capaz de apoiar o desenvolvimento, teste e
validação de ambientes inteligentes e cooperativos. Esta tarefa foi realizada com base numa
framework de simulação denominada AuNa. Foram expandidas as suas capacidades para
facilitar a simulação de cenários cooperativos através da incorporação de sensores externos
colocados no ambiente, em vez de depender apenas de sensores montados nos veículos.
Além disso, concebemos uma abordagem de perceção cooperativa usando a framework,
demonstrando o seu potencial e eficácia. Isto irá permitir a demonstração de múltiplos
cenários de cooperação e também facilitar a fase de implementação, utilizando a mesma
arquitetura de software
Secure data sharing and analysis in cloud-based energy management systems
Analysing data acquired from one or more buildings (through specialist sensors, energy generation capability such as PV panels or smart meters) via a cloud-based Local Energy Management System (LEMS) is increasingly gaining in popularity. In a LEMS, various smart devices within a building are monitored and/or controlled to either investigate energy usage trends within a building, or to investigate mechanisms to reduce total energy demand. However, whenever we are connecting externally monitored/controlled smart devices there are security and privacy concerns. We describe the architecture and components of a LEMS and provide a survey of security and privacy concerns associated with data acquisition and control within a LEMS. Our scenarios specifically focus on the integration of Electric Vehicles (EV) and Energy Storage Units (ESU) at the building premises, to identify how EVs/ESUs can be used to store energy and reduce the electricity costs of the building. We review security strategies and identify potential security attacks that could be carried out on such a system, while exploring vulnerable points in the system. Additionally, we will systematically categorize each vulnerability and look at potential attacks exploiting that vulnerability for LEMS. Finally, we will evaluate current counter measures used against these attacks and suggest possible mitigation strategies
Discovery and Group Communication for Constrained Internet of Things Devices using the Constrained Application Protocol
The ubiquitous Internet is rapidly spreading to new domains. This expansion of
the Internet is comparable in scale to the spread of the Internet in the ’90s. The
resulting Internet is now commonly referred to as the Internet of Things (IoT) and
is expected to connect about 50 billion devices by the year 2020. This means that
in just five years from the time of writing this PhD the number of interconnected
devices will exceed the number of humans by sevenfold. It is further expected that
the majority of these IoT devices will be resource constrained embedded devices
such as sensors and actuators. Sensors collect information about the physical world
and inject this information into the virtual world. Next processing and reasoning
can occur and decisions can be taken to enact upon the physical world by injecting
feedback to actuators.
The integration of embedded devices into the Internet introduces new challenges,
since many of the existing Internet technologies and protocols were not
designed for this class of constrained devices. These devices are typically optimized
for low cost and power consumption and thus have very limited power,
memory, and processing resources and have long sleep periods. The networks
formed by these embedded devices are also constrained and have different characteristics
than those typical in todays Internet. These constrained networks have
high packet loss, low throughput, frequent topology changes and small useful payload
sizes. They are referred to as LLN. Therefore, it is in most cases unfeasible to
run standard Internet protocols on this class of constrained devices and/or LLNs.
New or adapted protocols that take into consideration the capabilities of the constrained
devices and the characteristics of LLNs, are required.
In the past few years, there were many efforts to enable the extension of the
Internet technologies to constrained devices. Initially, most of these efforts were
focusing on the networking layer. However, the expansion of the Internet in the
90s was not due to introducing new or better networking protocols. It was a result
of introducing the World Wide Web (WWW), which made it easy to integrate services
and applications. One of the essential technologies underpinning the WWW
was the Hypertext Transfer Protocol (HTTP). Today, HTTP has become a key
protocol in the realization of scalable web services building around the Representational
State Transfer (REST) paradigm. The REST architectural style enables
the realization of scalable and well-performing services using uniform and simple
interfaces. The availability of an embedded counterpart of HTTP and the REST
architecture could boost the uptake of the IoT.
Therefore, more recently, work started to allow the integration of constrained
devices in the Internet at the service level. The Internet Engineering Task Force
(IETF) Constrained RESTful Environments (CoRE) working group has realized
the REST architecture in a suitable form for the most constrained nodes and networks.
To that end the Constrained Application Protocol (CoAP) was introduced,
a specialized RESTful web transfer protocol for use with constrained networks and
nodes. CoAP realizes a subset of the REST mechanisms offered by HTTP, but is
optimized for Machine-to-Machine (M2M) applications.
This PhD research builds upon CoAP to enable a better integration of constrained
devices in the IoT and examines proposed CoAP solutions theoretically
and experimentally proposing alternatives when appropriate. The first part of this
PhD proposes a mechanism that facilitates the deployment of sensor networks
and enables the discovery, end-to-end connectivity and service usage of newly
deployed sensor nodes. The proposed approach makes use of CoAP and combines
it with Domain Name System (DNS) in order to enable the use of userfriendly
Fully Qualified Domain Names (FQDNs) for addressing sensor nodes. It
includes the automatic discovery of sensors and sensor gateways and the translation
of HTTP to CoAP, thus making the sensor resources globally discoverable and
accessible from any Internet-connected client using either IPv6 addresses or DNS
names both via HTTP or CoAP. As such, the proposed approach provides a feasible
and flexible solution to achieve hierarchical self-organization with a minimum
of pre-configuration. By doing so we minimize costly human interventions and
eliminate the need for introducing new protocols dedicated for the discovery and
organization of resources. This reduces both cost and the implementation footprint
on the constrained devices.
The second, larger, part of this PhD focuses on using CoAP to realize communication
with groups of resources. In many IoT application domains, sensors
or actuators need to be addressed as groups rather than individually, since individual
resources might not be sufficient or useful. A simple example is that all
lights in a room should go on or off as a result of the user toggling the light switch.
As not all IoT applications may need group communication, the CoRE working
group did not include it in the base CoAP specification. This way the base protocol
is kept as efficient and as simple as possible so it would run on even the most
constrained devices. Group communication and other features that might not be
needed by all devices are standardized in a set of optional separate extensions. We
first examined the proposed CoAP extension for group communication, which utilizes
Internet Protocol version 6 (IPv6) multicasts. We highlight its strengths and
weaknesses and propose our own complementary solution that uses unicast to realize
group communication. Our solution offers capabilities beyond simple group
communication. For example, we provide a validation mechanism that performs
several checks on the group members, to make sure that combining them together
is possible. We also allow the client to request that results of the individual members
are processed before they are sent to the client. For example, the client can
request to obtain only the maximum value of all individual members.
Another important optional extension to CoAP allows clients to continuously
observe resources by registering their interest in receiving notifications from CoAP
servers once there are changes to the values of the observed resources. By using
this publish/subscribe mechanism the client does not need to continuously poll the
resource to find out whether it has changed its value. This typically leads to more
efficient communication patterns that preserve valuable device and LLN resources.
Unfortunately CoAP observe does not work together with the CoAP group communication
extension, since the observe extension assumes unicast communication
while the group communication extension only support multicast communication.
In this PhD we propose to extend our own group communication solution to offer
group observation capabilities. By combining group observation with group
processing features, it becomes possible to notify the client only about certain
changes to the observed group (e.g., the maximum value of all group members has
changed).
Acknowledging that the use of multicast as well as unicast has strengths and
weaknesses we propose to extend our unicast based solution with certain multicast
features. By doing so we try to combine the strengths of both approaches to obtain
a better overall group communication that is flexible and that can be tailored
according to the use case needs.
Together, the proposed mechanisms represent a powerful and comprehensive
solution to the challenging problem of group communication with constrained devices.
We have evaluated the solutions proposed in this PhD extensively and in
a variety of forms. Where possible, we have derived theoretical models and have
conducted numerous simulations to validate them. We have also experimentally
evaluated those solutions and compared them with other proposed solutions using
a small demo box and later on two large scale wireless sensor testbeds and under
different test conditions. The first testbed is located in a large, shielded room,
which allows testing under controlled environments. The second testbed is located
inside an operational office building and thus allows testing under normal operation
conditions. Those tests revealed performance issues and some other problems.
We have provided some solutions and suggestions for tackling those problems.
Apart from the main contributions, two other relevant outcomes of this PhD are
described in the appendices. In the first appendix we review the most important
IETF standardization efforts related to the IoT and show that with the introduction
of CoAP a complete set of standard protocols has become available to cover the
complete networking stack and thus making the step from the IoT into the Web
of Things (WoT). Using only standard protocols makes it possible to integrate
devices from various vendors into one bigWoT accessible to humans and machines
alike.
In the second appendix, we provide an alternative solution for grouping constrained
devices by using virtualization techniques. Our approach focuses on the
objects, both resource-constrained and non-constrained, that need to cooperate
by integrating them into a secured virtual network, named an Internet of Things
Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication
can take place through the use of protocols that take the limitations of the most
resource-constrained devices into account. We describe how this concept maps to
several generic use cases and, as such, can constitute a valid alternative approach
for supporting selected applications
Discovery and group communication for constrained Internet of Things devices using the Constrained Application Protocol
The ubiquitous Internet is rapidly spreading to new domains. This expansion of
the Internet is comparable in scale to the spread of the Internet in the ’90s. The
resulting Internet is now commonly referred to as the Internet of Things (IoT) and
is expected to connect about 50 billion devices by the year 2020. This means that
in just five years from the time of writing this PhD the number of interconnected
devices will exceed the number of humans by sevenfold. It is further expected that
the majority of these IoT devices will be resource constrained embedded devices
such as sensors and actuators. Sensors collect information about the physical world
and inject this information into the virtual world. Next processing and reasoning
can occur and decisions can be taken to enact upon the physical world by injecting
feedback to actuators.
The integration of embedded devices into the Internet introduces new challenges,
since many of the existing Internet technologies and protocols were not
designed for this class of constrained devices. These devices are typically optimized
for low cost and power consumption and thus have very limited power,
memory, and processing resources and have long sleep periods. The networks
formed by these embedded devices are also constrained and have different characteristics
than those typical in todays Internet. These constrained networks have
high packet loss, low throughput, frequent topology changes and small useful payload
sizes. They are referred to as LLN. Therefore, it is in most cases unfeasible to
run standard Internet protocols on this class of constrained devices and/or LLNs.
New or adapted protocols that take into consideration the capabilities of the constrained
devices and the characteristics of LLNs, are required.
In the past few years, there were many efforts to enable the extension of the
Internet technologies to constrained devices. Initially, most of these efforts were
focusing on the networking layer. However, the expansion of the Internet in the
90s was not due to introducing new or better networking protocols. It was a result
of introducing the World Wide Web (WWW), which made it easy to integrate services
and applications. One of the essential technologies underpinning the WWW
was the Hypertext Transfer Protocol (HTTP). Today, HTTP has become a key
protocol in the realization of scalable web services building around the Representational
State Transfer (REST) paradigm. The REST architectural style enables
the realization of scalable and well-performing services using uniform and simple
interfaces. The availability of an embedded counterpart of HTTP and the REST
architecture could boost the uptake of the IoT.
Therefore, more recently, work started to allow the integration of constrained
devices in the Internet at the service level. The Internet Engineering Task Force
(IETF) Constrained RESTful Environments (CoRE) working group has realized
the REST architecture in a suitable form for the most constrained nodes and networks.
To that end the Constrained Application Protocol (CoAP) was introduced,
a specialized RESTful web transfer protocol for use with constrained networks and
nodes. CoAP realizes a subset of the REST mechanisms offered by HTTP, but is
optimized for Machine-to-Machine (M2M) applications.
This PhD research builds upon CoAP to enable a better integration of constrained
devices in the IoT and examines proposed CoAP solutions theoretically
and experimentally proposing alternatives when appropriate. The first part of this
PhD proposes a mechanism that facilitates the deployment of sensor networks
and enables the discovery, end-to-end connectivity and service usage of newly
deployed sensor nodes. The proposed approach makes use of CoAP and combines
it with Domain Name System (DNS) in order to enable the use of userfriendly
Fully Qualified Domain Names (FQDNs) for addressing sensor nodes. It
includes the automatic discovery of sensors and sensor gateways and the translation
of HTTP to CoAP, thus making the sensor resources globally discoverable and
accessible from any Internet-connected client using either IPv6 addresses or DNS
names both via HTTP or CoAP. As such, the proposed approach provides a feasible
and flexible solution to achieve hierarchical self-organization with a minimum
of pre-configuration. By doing so we minimize costly human interventions and
eliminate the need for introducing new protocols dedicated for the discovery and
organization of resources. This reduces both cost and the implementation footprint
on the constrained devices.
The second, larger, part of this PhD focuses on using CoAP to realize communication
with groups of resources. In many IoT application domains, sensors
or actuators need to be addressed as groups rather than individually, since individual
resources might not be sufficient or useful. A simple example is that all
lights in a room should go on or off as a result of the user toggling the light switch.
As not all IoT applications may need group communication, the CoRE working
group did not include it in the base CoAP specification. This way the base protocol
is kept as efficient and as simple as possible so it would run on even the most
constrained devices. Group communication and other features that might not be
needed by all devices are standardized in a set of optional separate extensions. We
first examined the proposed CoAP extension for group communication, which utilizes
Internet Protocol version 6 (IPv6) multicasts. We highlight its strengths and
weaknesses and propose our own complementary solution that uses unicast to realize
group communication. Our solution offers capabilities beyond simple group
communication. For example, we provide a validation mechanism that performs
several checks on the group members, to make sure that combining them together
is possible. We also allow the client to request that results of the individual members
are processed before they are sent to the client. For example, the client can
request to obtain only the maximum value of all individual members.
Another important optional extension to CoAP allows clients to continuously
observe resources by registering their interest in receiving notifications from CoAP
servers once there are changes to the values of the observed resources. By using
this publish/subscribe mechanism the client does not need to continuously poll the
resource to find out whether it has changed its value. This typically leads to more
efficient communication patterns that preserve valuable device and LLN resources.
Unfortunately CoAP observe does not work together with the CoAP group communication
extension, since the observe extension assumes unicast communication
while the group communication extension only support multicast communication.
In this PhD we propose to extend our own group communication solution to offer
group observation capabilities. By combining group observation with group
processing features, it becomes possible to notify the client only about certain
changes to the observed group (e.g., the maximum value of all group members has
changed).
Acknowledging that the use of multicast as well as unicast has strengths and
weaknesses we propose to extend our unicast based solution with certain multicast
features. By doing so we try to combine the strengths of both approaches to obtain
a better overall group communication that is flexible and that can be tailored
according to the use case needs.
Together, the proposed mechanisms represent a powerful and comprehensive
solution to the challenging problem of group communication with constrained devices.
We have evaluated the solutions proposed in this PhD extensively and in
a variety of forms. Where possible, we have derived theoretical models and have
conducted numerous simulations to validate them. We have also experimentally
evaluated those solutions and compared them with other proposed solutions using
a small demo box and later on two large scale wireless sensor testbeds and under
different test conditions. The first testbed is located in a large, shielded room,
which allows testing under controlled environments. The second testbed is located
inside an operational office building and thus allows testing under normal operation
conditions. Those tests revealed performance issues and some other problems.
We have provided some solutions and suggestions for tackling those problems.
Apart from the main contributions, two other relevant outcomes of this PhD are
described in the appendices. In the first appendix we review the most important
IETF standardization efforts related to the IoT and show that with the introduction
of CoAP a complete set of standard protocols has become available to cover the
complete networking stack and thus making the step from the IoT into the Web
of Things (WoT). Using only standard protocols makes it possible to integrate
devices from various vendors into one bigWoT accessible to humans and machines
alike.
In the second appendix, we provide an alternative solution for grouping constrained
devices by using virtualization techniques. Our approach focuses on the
objects, both resource-constrained and non-constrained, that need to cooperate
by integrating them into a secured virtual network, named an Internet of Things
Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication
can take place through the use of protocols that take the limitations of the most
resource-constrained devices into account. We describe how this concept maps to
several generic use cases and, as such, can constitute a valid alternative approach
for supporting selected applications
Security Management for The Internet of Things
The expansion of Internet connected automation provides a number of opportunities and applications that were not imaginable before. A prominent example is the Internet of things (IoT). IoT is a network system that consists of many wired or wireless smart sensors and applications. The development of IoT has been taking decades. However, cyberattacks threat the IoT since the day it was born; different threats and attacks may cause serious disasters to the network system without the essential security protection. Thus, the security and the management of the IoT security system become quite significant. This research work into security management of IoT involves five sections. We first point out the conception and background of the IoT. Then, the security requirements for the IoT have been discussed intensively. Next a proposed layered-security management architecture has been outlined and described. An example of how conveniently this proposed architecture can be used to come up with the security management for a network of the IoT is explained in detail. Finally, summarise the results of implementing the proposed security functions architecture to obtain the efficient and strong security in an IoT environment
- …