Exploring Potential 6LoWPAN Traffic Side Channels.

The Internet of Things (IoT) has become a reality: small connected devices feature in everyday objects including childrens’ toys, TVs, fridges, heating control units, etc. Supply chains feature sensors throughout, and significant investments go into researching next-generation healthcare, where sensors monitor wellbeing. A future in which sensors and other (small) devices interact to create sophisticated applications seems just around the corner. All of these applications have a fundamental need for security and privacy and thus cryptography is deployed as part of an attempt to secure them. In this paper we explore a particular type of flaw, namely side channel information, on the protocol level that can exist despite the use of cryptography. Our research investigates the potential for utilising packet length and timing information (both are easily obtained) to extract interesting information from a system. We find that using these side channels we can distinguish between devices, different programs running on the same device including which sensor is accessed. We also find it is possible to distinguish between different types of ICMP messages despite the use of encryption. Based on our findings, we provide a set of recommendations to efficiently mitigate these side channels in the IoT context.</p

Low-Power Wireless for the Internet of Things: Standards and Applications: Internet of Things, IEEE 802.15.4, Bluetooth, Physical layer, Medium Access Control,coexistence, mesh networking, cyber-physical systems, WSN, M2M

International audienceThe proliferation of embedded systems, wireless technologies, and Internet protocols have enabled the Internet of Things (IoT) to bridge the gap between the virtual and physical world through enabling the monitoring and actuation of the physical world controlled by data processing systems. Wireless technologies, despite their offered convenience, flexibility, low cost, and mobility pose unique challenges such as fading, interference, energy, and security, which must be carefully addressed when using resource-constrained IoT devices. To this end, the efforts of the research community have led to the standardization of several wireless technologies for various types of application domains depending on factors such as reliability, latency, scalability, and energy efficiency. In this paper, we first overview these standard wireless technologies, and we specifically study the MAC and physical layer technologies proposed to address the requirements and challenges of wireless communications. Furthermore, we explain the use of these standards in various application domains, such as smart homes, smart healthcare, industrial automation, and smart cities, and discuss their suitability in satisfying the requirements of these applications. In addition to proposing guidelines to weigh the pros and cons of each standard for an application at hand, we also examine what new strategies can be exploited to overcome existing challenges and support emerging IoT applications

Towards the simulation of cooperative perception applications by leveraging distributed sensing infrastructures

With the rapid development of Automated Vehicles (AV), the boundaries of their function alities are being pushed and new challenges are being imposed. In increasingly complex and dynamic environments, it is fundamental to rely on more powerful onboard sensors and usually AI. However, there are limitations to this approach. As AVs are increasingly being integrated in several industries, expectations regarding their cooperation ability is growing, and vehicle-centric approaches to sensing and reasoning, become hard to integrate. The proposed approach is to extend perception to the environment, i.e. outside of the vehicle, by making it smarter, via the deployment of wireless sensors and actuators. This will vastly improve the perception capabilities in dynamic and unpredictable scenarios and often in a cheaper way, relying mostly in the use of lower cost sensors and embedded devices, which rely on their scale deployment instead of centralized sensing abilities. Consequently, to support the development and deployment of such cooperation actions in a seamless way, we require the usage of co-simulation frameworks, that can encompass multiple perspectives of control and communications for the AVs, the wireless sensors and actuators and other actors in the environment. In this work, we rely on ROS2 and micro-ROS as the underlying technologies for integrating several simulation tools, to construct a framework, capable of supporting the development, test and validation of such smart, cooperative environments. This endeavor was undertaken by building upon an existing simulation framework known as AuNa. We extended its capabilities to facilitate the simulation of cooperative scenarios by incorporat ing external sensors placed within the environment rather than just relying on vehicle-based sensors. Moreover, we devised a cooperative perception approach within this framework, showcasing its substantial potential and effectiveness. This will enable the demonstration of multiple cooperation scenarios and also ease the deployment phase by relying on the same software architecture.Com o rápido desenvolvimento dos Veículos Autónomos (AV), os limites das suas funcional idades estão a ser alcançados e novos desafios estão a surgir. Em ambientes complexos e dinâmicos, é fundamental a utilização de sensores de alta capacidade e, na maioria dos casos, inteligência artificial. Mas existem limitações nesta abordagem. Como os AVs estão a ser integrados em várias indústrias, as expectativas quanto à sua capacidade de cooperação estão a aumentar, e as abordagens de perceção e raciocínio centradas no veículo, tornam-se difíceis de integrar. A abordagem proposta consiste em extender a perceção para o ambiente, isto é, fora do veículo, tornando-a inteligente, através do uso de sensores e atuadores wireless. Isto irá melhorar as capacidades de perceção em cenários dinâmicos e imprevisíveis, reduzindo o custo, pois a abordagem será baseada no uso de sensores low-cost e sistemas embebidos, que dependem da sua implementação em grande escala em vez da capacidade de perceção centralizada. Consequentemente, para apoiar o desenvolvimento e implementação destas ações em cooperação, é necessária a utilização de frameworks de co-simulação, que abranjam múltiplas perspetivas de controlo e comunicação para os AVs, sensores e atuadores wireless, e outros atores no ambiente. Neste trabalho será utilizado ROS2 e micro-ROS como as tecnologias subjacentes para a integração das ferramentas de simulação, de modo a construir uma framework capaz de apoiar o desenvolvimento, teste e validação de ambientes inteligentes e cooperativos. Esta tarefa foi realizada com base numa framework de simulação denominada AuNa. Foram expandidas as suas capacidades para facilitar a simulação de cenários cooperativos através da incorporação de sensores externos colocados no ambiente, em vez de depender apenas de sensores montados nos veículos. Além disso, concebemos uma abordagem de perceção cooperativa usando a framework, demonstrando o seu potencial e eficácia. Isto irá permitir a demonstração de múltiplos cenários de cooperação e também facilitar a fase de implementação, utilizando a mesma arquitetura de software

Secure data sharing and analysis in cloud-based energy management systems

Analysing data acquired from one or more buildings (through specialist sensors, energy generation capability such as PV panels or smart meters) via a cloud-based Local Energy Management System (LEMS) is increasingly gaining in popularity. In a LEMS, various smart devices within a building are monitored and/or controlled to either investigate energy usage trends within a building, or to investigate mechanisms to reduce total energy demand. However, whenever we are connecting externally monitored/controlled smart devices there are security and privacy concerns. We describe the architecture and components of a LEMS and provide a survey of security and privacy concerns associated with data acquisition and control within a LEMS. Our scenarios specifically focus on the integration of Electric Vehicles (EV) and Energy Storage Units (ESU) at the building premises, to identify how EVs/ESUs can be used to store energy and reduce the electricity costs of the building. We review security strategies and identify potential security attacks that could be carried out on such a system, while exploring vulnerable points in the system. Additionally, we will systematically categorize each vulnerability and look at potential attacks exploiting that vulnerability for LEMS. Finally, we will evaluate current counter measures used against these attacks and suggest possible mitigation strategies

Discovery and Group Communication for Constrained Internet of Things Devices using the Constrained Application Protocol

The ubiquitous Internet is rapidly spreading to new domains. This expansion of the Internet is comparable in scale to the spread of the Internet in the ’90s. The resulting Internet is now commonly referred to as the Internet of Things (IoT) and is expected to connect about 50 billion devices by the year 2020. This means that in just five years from the time of writing this PhD the number of interconnected devices will exceed the number of humans by sevenfold. It is further expected that the majority of these IoT devices will be resource constrained embedded devices such as sensors and actuators. Sensors collect information about the physical world and inject this information into the virtual world. Next processing and reasoning can occur and decisions can be taken to enact upon the physical world by injecting feedback to actuators. The integration of embedded devices into the Internet introduces new challenges, since many of the existing Internet technologies and protocols were not designed for this class of constrained devices. These devices are typically optimized for low cost and power consumption and thus have very limited power, memory, and processing resources and have long sleep periods. The networks formed by these embedded devices are also constrained and have different characteristics than those typical in todays Internet. These constrained networks have high packet loss, low throughput, frequent topology changes and small useful payload sizes. They are referred to as LLN. Therefore, it is in most cases unfeasible to run standard Internet protocols on this class of constrained devices and/or LLNs. New or adapted protocols that take into consideration the capabilities of the constrained devices and the characteristics of LLNs, are required. In the past few years, there were many efforts to enable the extension of the Internet technologies to constrained devices. Initially, most of these efforts were focusing on the networking layer. However, the expansion of the Internet in the 90s was not due to introducing new or better networking protocols. It was a result of introducing the World Wide Web (WWW), which made it easy to integrate services and applications. One of the essential technologies underpinning the WWW was the Hypertext Transfer Protocol (HTTP). Today, HTTP has become a key protocol in the realization of scalable web services building around the Representational State Transfer (REST) paradigm. The REST architectural style enables the realization of scalable and well-performing services using uniform and simple interfaces. The availability of an embedded counterpart of HTTP and the REST architecture could boost the uptake of the IoT. Therefore, more recently, work started to allow the integration of constrained devices in the Internet at the service level. The Internet Engineering Task Force (IETF) Constrained RESTful Environments (CoRE) working group has realized the REST architecture in a suitable form for the most constrained nodes and networks. To that end the Constrained Application Protocol (CoAP) was introduced, a specialized RESTful web transfer protocol for use with constrained networks and nodes. CoAP realizes a subset of the REST mechanisms offered by HTTP, but is optimized for Machine-to-Machine (M2M) applications. This PhD research builds upon CoAP to enable a better integration of constrained devices in the IoT and examines proposed CoAP solutions theoretically and experimentally proposing alternatives when appropriate. The first part of this PhD proposes a mechanism that facilitates the deployment of sensor networks and enables the discovery, end-to-end connectivity and service usage of newly deployed sensor nodes. The proposed approach makes use of CoAP and combines it with Domain Name System (DNS) in order to enable the use of userfriendly Fully Qualified Domain Names (FQDNs) for addressing sensor nodes. It includes the automatic discovery of sensors and sensor gateways and the translation of HTTP to CoAP, thus making the sensor resources globally discoverable and accessible from any Internet-connected client using either IPv6 addresses or DNS names both via HTTP or CoAP. As such, the proposed approach provides a feasible and flexible solution to achieve hierarchical self-organization with a minimum of pre-configuration. By doing so we minimize costly human interventions and eliminate the need for introducing new protocols dedicated for the discovery and organization of resources. This reduces both cost and the implementation footprint on the constrained devices. The second, larger, part of this PhD focuses on using CoAP to realize communication with groups of resources. In many IoT application domains, sensors or actuators need to be addressed as groups rather than individually, since individual resources might not be sufficient or useful. A simple example is that all lights in a room should go on or off as a result of the user toggling the light switch. As not all IoT applications may need group communication, the CoRE working group did not include it in the base CoAP specification. This way the base protocol is kept as efficient and as simple as possible so it would run on even the most constrained devices. Group communication and other features that might not be needed by all devices are standardized in a set of optional separate extensions. We first examined the proposed CoAP extension for group communication, which utilizes Internet Protocol version 6 (IPv6) multicasts. We highlight its strengths and weaknesses and propose our own complementary solution that uses unicast to realize group communication. Our solution offers capabilities beyond simple group communication. For example, we provide a validation mechanism that performs several checks on the group members, to make sure that combining them together is possible. We also allow the client to request that results of the individual members are processed before they are sent to the client. For example, the client can request to obtain only the maximum value of all individual members. Another important optional extension to CoAP allows clients to continuously observe resources by registering their interest in receiving notifications from CoAP servers once there are changes to the values of the observed resources. By using this publish/subscribe mechanism the client does not need to continuously poll the resource to find out whether it has changed its value. This typically leads to more efficient communication patterns that preserve valuable device and LLN resources. Unfortunately CoAP observe does not work together with the CoAP group communication extension, since the observe extension assumes unicast communication while the group communication extension only support multicast communication. In this PhD we propose to extend our own group communication solution to offer group observation capabilities. By combining group observation with group processing features, it becomes possible to notify the client only about certain changes to the observed group (e.g., the maximum value of all group members has changed). Acknowledging that the use of multicast as well as unicast has strengths and weaknesses we propose to extend our unicast based solution with certain multicast features. By doing so we try to combine the strengths of both approaches to obtain a better overall group communication that is flexible and that can be tailored according to the use case needs. Together, the proposed mechanisms represent a powerful and comprehensive solution to the challenging problem of group communication with constrained devices. We have evaluated the solutions proposed in this PhD extensively and in a variety of forms. Where possible, we have derived theoretical models and have conducted numerous simulations to validate them. We have also experimentally evaluated those solutions and compared them with other proposed solutions using a small demo box and later on two large scale wireless sensor testbeds and under different test conditions. The first testbed is located in a large, shielded room, which allows testing under controlled environments. The second testbed is located inside an operational office building and thus allows testing under normal operation conditions. Those tests revealed performance issues and some other problems. We have provided some solutions and suggestions for tackling those problems. Apart from the main contributions, two other relevant outcomes of this PhD are described in the appendices. In the first appendix we review the most important IETF standardization efforts related to the IoT and show that with the introduction of CoAP a complete set of standard protocols has become available to cover the complete networking stack and thus making the step from the IoT into the Web of Things (WoT). Using only standard protocols makes it possible to integrate devices from various vendors into one bigWoT accessible to humans and machines alike. In the second appendix, we provide an alternative solution for grouping constrained devices by using virtualization techniques. Our approach focuses on the objects, both resource-constrained and non-constrained, that need to cooperate by integrating them into a secured virtual network, named an Internet of Things Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication can take place through the use of protocols that take the limitations of the most resource-constrained devices into account. We describe how this concept maps to several generic use cases and, as such, can constitute a valid alternative approach for supporting selected applications

Discovery and group communication for constrained Internet of Things devices using the Constrained Application Protocol

The ubiquitous Internet is rapidly spreading to new domains. This expansion of the Internet is comparable in scale to the spread of the Internet in the ’90s. The resulting Internet is now commonly referred to as the Internet of Things (IoT) and is expected to connect about 50 billion devices by the year 2020. This means that in just five years from the time of writing this PhD the number of interconnected devices will exceed the number of humans by sevenfold. It is further expected that the majority of these IoT devices will be resource constrained embedded devices such as sensors and actuators. Sensors collect information about the physical world and inject this information into the virtual world. Next processing and reasoning can occur and decisions can be taken to enact upon the physical world by injecting feedback to actuators. The integration of embedded devices into the Internet introduces new challenges, since many of the existing Internet technologies and protocols were not designed for this class of constrained devices. These devices are typically optimized for low cost and power consumption and thus have very limited power, memory, and processing resources and have long sleep periods. The networks formed by these embedded devices are also constrained and have different characteristics than those typical in todays Internet. These constrained networks have high packet loss, low throughput, frequent topology changes and small useful payload sizes. They are referred to as LLN. Therefore, it is in most cases unfeasible to run standard Internet protocols on this class of constrained devices and/or LLNs. New or adapted protocols that take into consideration the capabilities of the constrained devices and the characteristics of LLNs, are required. In the past few years, there were many efforts to enable the extension of the Internet technologies to constrained devices. Initially, most of these efforts were focusing on the networking layer. However, the expansion of the Internet in the 90s was not due to introducing new or better networking protocols. It was a result of introducing the World Wide Web (WWW), which made it easy to integrate services and applications. One of the essential technologies underpinning the WWW was the Hypertext Transfer Protocol (HTTP). Today, HTTP has become a key protocol in the realization of scalable web services building around the Representational State Transfer (REST) paradigm. The REST architectural style enables the realization of scalable and well-performing services using uniform and simple interfaces. The availability of an embedded counterpart of HTTP and the REST architecture could boost the uptake of the IoT. Therefore, more recently, work started to allow the integration of constrained devices in the Internet at the service level. The Internet Engineering Task Force (IETF) Constrained RESTful Environments (CoRE) working group has realized the REST architecture in a suitable form for the most constrained nodes and networks. To that end the Constrained Application Protocol (CoAP) was introduced, a specialized RESTful web transfer protocol for use with constrained networks and nodes. CoAP realizes a subset of the REST mechanisms offered by HTTP, but is optimized for Machine-to-Machine (M2M) applications. This PhD research builds upon CoAP to enable a better integration of constrained devices in the IoT and examines proposed CoAP solutions theoretically and experimentally proposing alternatives when appropriate. The first part of this PhD proposes a mechanism that facilitates the deployment of sensor networks and enables the discovery, end-to-end connectivity and service usage of newly deployed sensor nodes. The proposed approach makes use of CoAP and combines it with Domain Name System (DNS) in order to enable the use of userfriendly Fully Qualified Domain Names (FQDNs) for addressing sensor nodes. It includes the automatic discovery of sensors and sensor gateways and the translation of HTTP to CoAP, thus making the sensor resources globally discoverable and accessible from any Internet-connected client using either IPv6 addresses or DNS names both via HTTP or CoAP. As such, the proposed approach provides a feasible and flexible solution to achieve hierarchical self-organization with a minimum of pre-configuration. By doing so we minimize costly human interventions and eliminate the need for introducing new protocols dedicated for the discovery and organization of resources. This reduces both cost and the implementation footprint on the constrained devices. The second, larger, part of this PhD focuses on using CoAP to realize communication with groups of resources. In many IoT application domains, sensors or actuators need to be addressed as groups rather than individually, since individual resources might not be sufficient or useful. A simple example is that all lights in a room should go on or off as a result of the user toggling the light switch. As not all IoT applications may need group communication, the CoRE working group did not include it in the base CoAP specification. This way the base protocol is kept as efficient and as simple as possible so it would run on even the most constrained devices. Group communication and other features that might not be needed by all devices are standardized in a set of optional separate extensions. We first examined the proposed CoAP extension for group communication, which utilizes Internet Protocol version 6 (IPv6) multicasts. We highlight its strengths and weaknesses and propose our own complementary solution that uses unicast to realize group communication. Our solution offers capabilities beyond simple group communication. For example, we provide a validation mechanism that performs several checks on the group members, to make sure that combining them together is possible. We also allow the client to request that results of the individual members are processed before they are sent to the client. For example, the client can request to obtain only the maximum value of all individual members. Another important optional extension to CoAP allows clients to continuously observe resources by registering their interest in receiving notifications from CoAP servers once there are changes to the values of the observed resources. By using this publish/subscribe mechanism the client does not need to continuously poll the resource to find out whether it has changed its value. This typically leads to more efficient communication patterns that preserve valuable device and LLN resources. Unfortunately CoAP observe does not work together with the CoAP group communication extension, since the observe extension assumes unicast communication while the group communication extension only support multicast communication. In this PhD we propose to extend our own group communication solution to offer group observation capabilities. By combining group observation with group processing features, it becomes possible to notify the client only about certain changes to the observed group (e.g., the maximum value of all group members has changed). Acknowledging that the use of multicast as well as unicast has strengths and weaknesses we propose to extend our unicast based solution with certain multicast features. By doing so we try to combine the strengths of both approaches to obtain a better overall group communication that is flexible and that can be tailored according to the use case needs. Together, the proposed mechanisms represent a powerful and comprehensive solution to the challenging problem of group communication with constrained devices. We have evaluated the solutions proposed in this PhD extensively and in a variety of forms. Where possible, we have derived theoretical models and have conducted numerous simulations to validate them. We have also experimentally evaluated those solutions and compared them with other proposed solutions using a small demo box and later on two large scale wireless sensor testbeds and under different test conditions. The first testbed is located in a large, shielded room, which allows testing under controlled environments. The second testbed is located inside an operational office building and thus allows testing under normal operation conditions. Those tests revealed performance issues and some other problems. We have provided some solutions and suggestions for tackling those problems. Apart from the main contributions, two other relevant outcomes of this PhD are described in the appendices. In the first appendix we review the most important IETF standardization efforts related to the IoT and show that with the introduction of CoAP a complete set of standard protocols has become available to cover the complete networking stack and thus making the step from the IoT into the Web of Things (WoT). Using only standard protocols makes it possible to integrate devices from various vendors into one bigWoT accessible to humans and machines alike. In the second appendix, we provide an alternative solution for grouping constrained devices by using virtualization techniques. Our approach focuses on the objects, both resource-constrained and non-constrained, that need to cooperate by integrating them into a secured virtual network, named an Internet of Things Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication can take place through the use of protocols that take the limitations of the most resource-constrained devices into account. We describe how this concept maps to several generic use cases and, as such, can constitute a valid alternative approach for supporting selected applications

Security Management for The Internet of Things

The expansion of Internet connected automation provides a number of opportunities and applications that were not imaginable before. A prominent example is the Internet of things (IoT). IoT is a network system that consists of many wired or wireless smart sensors and applications. The development of IoT has been taking decades. However, cyberattacks threat the IoT since the day it was born; different threats and attacks may cause serious disasters to the network system without the essential security protection. Thus, the security and the management of the IoT security system become quite significant. This research work into security management of IoT involves five sections. We first point out the conception and background of the IoT. Then, the security requirements for the IoT have been discussed intensively. Next a proposed layered-security management architecture has been outlined and described. An example of how conveniently this proposed architecture can be used to come up with the security management for a network of the IoT is explained in detail. Finally, summarise the results of implementing the proposed security functions architecture to obtain the efficient and strong security in an IoT environment