Security techniques for sensor systems and the Internet of Things

Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We develop nesCheck, a novel approach that combines static analysis and dynamic checking to efficiently enforce memory safety on TinyOS applications. As security guarantees come at a cost, determining which resources to protect becomes important. Our solution, OptAll, leverages game-theoretic techniques to determine the optimal allocation of security resources in IoT networks, taking into account fixed and variable costs, criticality of different portions of the network, and risk metrics related to a specified security goal. Monitoring IoT devices and sensors during operation is necessary to detect incidents. We design Kalis, a knowledge-driven intrusion detection technique for IoT that does not target a single protocol or application, and adapts the detection strategy to the network features. As the scale of IoT makes the devices good targets for botnets, we design Heimdall, a whitelist-based anomaly detection technique for detecting and protecting against IoT-based denial of service attacks. Once our monitoring tools detect an attack, determining its actual cause is crucial to an effective reaction. We design a fine-grained analysis tool for sensor networks that leverages resident packet parameters to determine whether a packet loss attack is node- or link-related and, in the second case, locate the attack source. Moreover, we design a statistical model for determining optimal system thresholds by exploiting packet parameters variances. With our techniques\u27 diagnosis information, we develop Kinesis, a security incident response system for sensor networks designed to recover from attacks without significant interruption, dynamically selecting response actions while being lightweight in communication and energy overhead

Security and Privacy in Heterogeneous Wireless and Mobile Networks: Challenges and Solutions

abstract: The rapid advances in wireless communications and networking have given rise to a number of emerging heterogeneous wireless and mobile networks along with novel networking paradigms, including wireless sensor networks, mobile crowdsourcing, and mobile social networking. While offering promising solutions to a wide range of new applications, their widespread adoption and large-scale deployment are often hindered by people's concerns about the security, user privacy, or both. In this dissertation, we aim to address a number of challenging security and privacy issues in heterogeneous wireless and mobile networks in an attempt to foster their widespread adoption. Our contributions are mainly fivefold. First, we introduce a novel secure and loss-resilient code dissemination scheme for wireless sensor networks deployed in hostile and harsh environments. Second, we devise a novel scheme to enable mobile users to detect any inauthentic or unsound location-based top-k query result returned by an untrusted location-based service providers. Third, we develop a novel verifiable privacy-preserving aggregation scheme for people-centric mobile sensing systems. Fourth, we present a suite of privacy-preserving profile matching protocols for proximity-based mobile social networking, which can support a wide range of matching metrics with different privacy levels. Last, we present a secure combination scheme for crowdsourcing-based cooperative spectrum sensing systems that can enable robust primary user detection even when malicious cognitive radio users constitute the majority.Dissertation/ThesisPh.D. Electrical Engineering 201

Employing multi-modal sensors for personalised smart home health monitoring.

Smart home systems are employed worldwide for a variety of automated monitoring tasks. FITsense is a system that performs personalised smart home health monitoring using sensor data. In this thesis, we expand upon this system by identifying the limits of health monitoring using simple IoT sensors, and establishing deployable solutions for new rich sensing technologies. The FITsense system collects data from FitHomes and generates behavioural insights for health monitoring. To allow the system to expand to arbitrary home layouts, sensing applications must be delivered while relying on sparse "ground truth" data. An enhanced data representation was tested for improving activity recognition performance by encoding observed temporal dependencies. Experiments showed an improvement in activity recognition accuracy over baseline data representations with standard classifiers. Channel State Information (CSI) was chosen as our rich sensing technology for its ambient nature and potential deployability. We developed a novel Python toolkit, called CSIKit, to handle various CSI software implementations, including automatic detection for off-the-shelf CSI formats. Previous researchers proposed a method to address AGC effects on COTS CSI hardware, which we tested and found to improve correlation with a baseline without AGC. This implementation was included in the public release of CSIKit. Two sensing applications were delivered using CSIKit to demonstrate its functionality. Our statistical approach to motion detection with CSI data showed a 32% increase in accuracy over an infrared sensor-based solution using data from 2 unique environments. We also demonstrated the first CSI activity recognition application on a Raspberry Pi 4, which achieved an accuracy of 92% with 11 activity classes. An application was then trained to support movement detection using data from all COTS CSI hardware. This was combined with our signal divider implementation to compare CSI wireless and sensing performance characteristics. The IWL5300 exhibited the most consistent wireless performance, while the ESP32 was found to produce viable CSI data for sensing applications. This establishes the ESP32 as a low-cost high-value hardware solution for CSI sensing. To complete this work, an in-home study was performed using real-world sensor data. An ESP32-based CSI sensor was developed to be integrated into our IoT network. This sensor was tested in a FitHome environment to identify how the data from our existing simple sensors could aid sensor development. We performed an experiment to demonstrate that annotations for CSI data could be gathered with infrared motion sensors. Results showed that our new CSI sensor collected real-world data of similar utility to that collected manually in a controlled environment

Performance assessment of a distributed intrusion detection system in a real network scenario

The heterogeneity and complexity of modern networks and services urge the requirement for flexible and scalable security systems, which can be dynamically configured to suit the everchanging nature of security threats and user behavior patterns. In this paper we present a distributed architecture for an Intrusion Detection System, allowing for traffic analysis at different granularity levels, performed by using the best available techniques. Such architecture leverages the principle of separation of concerns, and hence proposes to build up a system comprising entities specialized in performing different tasks, appropriately orchestrated by a broker entity playing the crucial role of the mediator. This paper stresses the point that a distributed system, besides being inherently more scalable than a centralized one, allows for better detection capabilities thanks to the effective exploitation of the inner heterogeneity of the involved detection engines. In order to support our findings, we will describe the design, implementation and deployment of the proposed solution in the framework of the INTERSECTION FP7 European Project

Modelado robusto para la extracción de información en entornos biofísicos y críticos

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Informática, Departamento de Arquitectura de Computadores y Automática, leída el 12/07/2018The era of information and Big Data is an environment where multiple devices, always connected, generate huge volumes of information (paradigm of the Internet of Things). This paradigm is present in different areas: the Smart Cities, sport tracking, lifestyle, or health. The goal of this thesis is the development and implementation of a Robust predictive modeling methodology using low cost wearable devices in biophysical and critical scenarios. In this manuscript we present a multilevel architecture that covers from the on-node data processing, up to the data management in Data Centers. The methodology applies energy aware optimization techniques at each level of the network. And the decision system makes use of data from different sources leading to expert decision system...La era de la información y el Big Data, se sustenta en un entorno en el que múltiples dispositivos, siempre conectados, generan ingentes volúmenes de información (paradigma del Internet de las Cosas). Este paradigma ha llegado diversos entornos: las denominadas ciudades inteligentes, monitorización deportiva, estilo de vida, o salud. El objetivo de esta tesis es el desarrollo e implementación de una metodología de modelado predictivo robusto mediante dispositivos wearable de bajo coste en entornos biofísicos y críticos. A lo largo de este manuscrito se presenta una arquitectura multinivel que abarca desde el tratamiento de los datos en los dispositivos sensores hasta el manejo de éstos en centros de datos. La metodología cubre la optimización energética a todos los niveles con consciencia del estado de la red. Y el sistema de decisión hace uso de datos de distintas fuentes para conformar un sistema experto de decisión...Fac. de InformáticaTRUEunpu

SimHumalator: An Open Source End-to-End Radar Simulator For Human Activity Recognition

Radio-frequency based non-cooperative monitor ing of humans has numerous applications ranging from law enforcement to ubiquitous sensing applications such as ambient assisted living and bio-medical applications for non-intrusively monitoring patients. Large training datasets, almost unlimited memory capacity, and ever- increasing processing speeds of computers could drive forward the data- driven deep-learning focused research in the above applications. However, generating and labeling large volumes of high-quality, diverse radar datasets is an onerous task. Furthermore, unlike the fields of vision and image processing, the radar community has limited access to databases that contain large volumes of experimental data. Therefore, in this article, we present an open-source motion capture data-driven simulation tool, SimHumalator, that can generate large volumes of human micro-Doppler radar data in passive WiFi scenarios. The simulator integrates IEEE 802.11 WiFi standard(IEEE 802.11g, n, and ad) compliant transmissions with the human animation data to generate the micro-Doppler features that incorporate the diversity of human motion characteristics and the sensor parameters. The simulated signatures have been validated with experimental data gathered using an in-house-built hardware prototype. This article describes simulation methodology in detail and provides case studies on the feasibility of using simulated micro-Doppler spectrograms for data augmentation tasks