Adaptation of the human nervous system for self-aware secure mobile and IoT systems

IT systems have been deployed across several domains, such as hospitals and industries, for the management of information and operations. These systems will soon be ubiquitous in every field due to the transition towards the Internet of Things (IoT). The IoT brings devices with sensory functions into IT systems through the process of internetworking. The sensory functions of IoT enable them to generate and process information automatically, either without human contribution or having the least human interaction possible aside from the information and operations management tasks. Security is crucial as it prevents system exploitation. Security has been employed after system implementation, and has rarely been considered as a part of the system. In this dissertation, a novel solution based on a biological approach is presented to embed security as an inalienable part of the system. The proposed solution, in the form of a prototype of the system, is based on the functions of the human nervous system (HNS) in protecting its host from the impacts caused by external or internal changes. The contributions of this work are the derivation of a new system architecture from HNS functionalities and experiments that prove the implementation feasibility and efficiency of the proposed HNS-based architecture through prototype development and evaluation. The first contribution of this work is the adaptation of human nervous system functions to propose a new architecture for IT systems security. The major organs and functions of the HNS are investigated and critical areas are identified for the adaptation process. Several individual system components with similar functions to the HNS are created and grouped to form individual subsystems. The relationship between these components is established in a similar way as in the HNS, resulting in a new system architecture that includes security as a core component. The adapted HNS-based system architecture is employed in two the experiments prove its implementation capability, enhancement of security, and overall system operations. The second contribution is the implementation of the proposed HNS-based security solution in the IoT test-bed. A temperature-monitoring application with an intrusion detection system (IDS) based on the proposed HNS architecture is implemented as part of the test-bed experiment. Contiki OS is used for implementation, and the 6LoWPAN stack is modified during the development process. The application, together with the IDS, has a brain subsystem (BrSS), a spinal cord subsystem (SCSS), and other functions similar to the HNS whose names are changed. The HNS functions are shared between an edge router and resource-constrained devices (RCDs) during implementation. The experiment is evaluated in both test-bed and simulation environments. Zolertia Z1 nodes are used to form a 6LoWPAN network, and an edge router is created by combining Pandaboard and Z1 node for a test-bed setup. Two networks with different numbers of sensor nodes are used as simulation environments in the Cooja simulator. The third contribution of this dissertation is the implementation of the proposed HNS-based architecture in the mobile platform. In this phase, the Android operating system (OS) is selected for experimentation, and the proposed HNS-based architecture is specifically tailored for Android. A context-based dynamically reconfigurable access control system (CoDRA) is developed based on the principles of the refined HNS architecture. CoDRA is implemented through customization of Android OS and evaluated under real-time usage conditions in test-bed environments. During the evaluation, the implemented prototype mimicked the nature of the HNS in securing the application under threat with negligible resource requirements and solved the problems in existing approaches by embedding security within the system. Furthermore, the results of the experiments highlighted the retention of HNS functions after refinement for different IT application areas, especially the IoT, due to its resource-constrained nature, and the implementable capability of our proposed HNS architecture.--- IT-järjestelmiä hyödynnetään tiedon ja toimintojen hallinnassa useilla aloilla, kuten sairaaloissa ja teollisuudessa. Siirtyminen kohti esineiden Internetiä (Internet of Things, IoT) tuo tällaiset laitteet yhä kiinteämmäksi osaksi jokapäiväistä elämää. IT-järjestelmiin liitettyjen IoT-laitteiden sensoritoiminnot mahdollistavat tiedon automaattisen havainnoinnin ja käsittelyn osana suurempaa järjestelmää jopa täysin ilman ihmisen myötävaikutusta, poislukien mahdolliset ylläpito- ja hallintatoimenpiteet. Turvallisuus on ratkaisevan tärkeää IT-järjestelmien luvattoman käytön estämiseksi. Valitettavan usein järjestelmäsuunnittelussa turvallisuus ei ole osana ydinsuunnitteluprosessia, vaan otetaan huomioon vasta käyttöönoton jälkeen. Tässä väitöskirjassa esitellään uudenlainen biologiseen lähestymistapaan perustuva ratkaisu, jolla turvallisuus voidaan sisällyttää erottamattomaksi osaksi järjestelmää. Ehdotettu prototyyppiratkaisu perustuu ihmisen hermoston toimintaan tilanteessa, jossa se suojelee isäntäänsä ulkoisten tai sisäisten muutosten vaikutuksilta. Tämän työn keskeiset tulokset ovat uuden järjestelmäarkkitehtuurin johtaminen ihmisen hermoston toimintaperiaatteesta sekä tällaisen järjestelmän toteutettavuuden ja tehokkuuden arviointi kokeellisen prototyypin kehittämisen ja toiminnan arvioinnin avulla. Tämän väitöskirjan ensimmäinen kontribuutio on ihmisen hermoston toimintoihin perustuva IT-järjestelmäarkkitehtuuri. Tutkimuksessa arvioidaan ihmisen hermoston toimintaa ja tunnistetaan keskeiset toiminnot ja toiminnallisuudet, jotka mall-innetaan osaksi kehitettävää järjestelmää luomalla näitä vastaavat järjestelmäkomponentit. Nä-istä kootaan toiminnallisuudeltaan hermostoa vastaavat osajärjestelmät, joiden keskinäinen toiminta mallintaa ihmisen hermoston toimintaa. Näin luodaan arkkitehtuuri, jonka keskeisenä komponenttina on turvallisuus. Tämän pohjalta toteutetaan kaksi prototyyppijärjestelmää, joiden avulla arvioidaan arkkitehtuurin toteutuskelpoisuutta, turvallisuutta sekä toimintakykyä. Toinen kontribuutio on esitetyn hermostopohjaisen turvallisuusratkaisun toteuttaminen IoT-testialustalla. Kehitettyyn arkkitehtuuriin perustuva ja tunkeutumisen estojärjestelmän (intrusion detection system, IDS) sisältävä lämpötilan seurantasovellus toteutetaan käyttäen Contiki OS -käytöjärjestelmää. 6LoWPAN protokollapinoa muokataan tarpeen mukaan kehitysprosessin aikana. IDS:n lisäksi sovellukseen kuuluu aivo-osajärjestelmä (Brain subsystem, BrSS), selkäydinosajärjestelmä (Spinal cord subsystem, SCSS), sekä muita hermoston kaltaisia toimintoja. Nämä toiminnot jaetaan reunareitittimen ja resurssirajoitteisten laitteiden kesken. Tuloksia arvioidaan sekä simulaatioiden että testialustan tulosten perusteella. Testialustaa varten 6LoWPAN verkon toteutukseen valittiin Zolertia Z1 ja reunareititin on toteutettu Pandaboardin ja Z1:n yhdistelmällä. Cooja-simulaattorissa käytettiin mallinnukseen ymp-äristönä kahta erillistä ja erikokoisuta sensoriverkkoa. Kolmas tämän väitöskirjan kontribuutio on kehitetyn hermostopohjaisen arkkitehtuurin toteuttaminen mobiilialustassa. Toteutuksen alustaksi valitaan Android-käyttöjärjestelmä, ja kehitetty arkkitehtuuri räätälöidään Androidille. Tuloksena on kontekstipohjainen dynaamisesti uudelleen konfiguroitava pääsynvalvontajärjestelmä (context-based dynamically reconfigurable access control system, CoDRA). CoDRA toteutetaan mukauttamalla Androidin käyttöjärjestelmää ja toteutuksen toimivuutta arvioidaan reaaliaikaisissa käyttöolosuhteissa testialustaympäristöissä. Toteutusta arvioitaessa havaittiin, että kehitetty prototyyppi jäljitteli ihmishermoston toimintaa kohdesovelluksen suojaamisessa, suoriutui tehtävästään vähäisillä resurssivaatimuksilla ja onnistui sisällyttämään turvallisuuden järjestelmän ydintoimintoihin. Tulokset osoittivat, että tämän tyyppinen järjestelmä on toteutettavissa sekä sen, että järjestelmän hermostonkaltainen toiminnallisuus säilyy siirryttäessä sovellusalueelta toiselle, erityisesti resursseiltaan rajoittuneissa IoT-järjestelmissä

Design and Implementation of Large-Scale Wireless Sensor Networks for Environmental Monitoring Applications

Environmental monitoring represents a major application domain for wireless sensor networks (WSN). However, despite significant advances in recent years, there are still many challenging issues to be addressed to exploit the full potential of the emerging WSN technology. In this dissertation, we introduce the design and implementation of low-power wireless sensor networks for long-term, autonomous, and near-real-time environmental monitoring applications. We have developed an out-of-box solution consisting of a suite of software, protocols and algorithms to provide reliable data collection with extremely low power consumption. Two wireless sensor networks based on the proposed solution have been deployed in remote field stations to monitor soil moisture along with other environmental parameters. As parts of the ever-growing environmental monitoring cyberinfrastructure, these networks have been integrated into the Texas Environmental Observatory system for long-term operation. Environmental measurement and network performance results are presented to demonstrate the capability, reliability and energy-efficiency of the network

Mitigating the Impact of Physical Layer Capture and ACK Interference in Wireless 802.11 Networks

Ph.DDOCTOR OF PHILOSOPH

Reliable Message Dissemination in Mobile Vehicular Networks

Les réseaux véhiculaires accueillent une multitude d’applications d’info-divertissement et de sécurité. Les applications de sécurité visent à améliorer la sécurité sur les routes (éviter les accidents), tandis que les applications d’info-divertissement visent à améliorer l'expérience des passagers. Les applications de sécurité ont des exigences rigides en termes de délais et de fiabilité ; en effet, la diffusion des messages d’urgence (envoyés par un véhicule/émetteur) devrait être fiable et rapide. Notons que, pour diffuser des informations sur une zone de taille plus grande que celle couverte par la portée de transmission d’un émetteur, il est nécessaire d’utiliser un mécanisme de transmission multi-sauts. De nombreuses approches ont été proposées pour assurer la fiabilité et le délai des dites applications. Toutefois, ces méthodes présentent plusieurs lacunes. Cette thèse, nous proposons trois contributions. La première contribution aborde la question de la diffusion fiable des messages d’urgence. A cet égard, un nouveau schéma, appelé REMD, a été proposé. Ce schéma utilise la répétition de message pour offrir une fiabilité garantie, à chaque saut, tout en assurant un court délai. REMD calcule un nombre optimal de répétitions en se basant sur l’estimation de la qualité de réception de lien dans plusieurs locations (appelées cellules) à l’intérieur de la zone couverte par la portée de transmission de l’émetteur. REMD suppose que les qualités de réception de lien des cellules adjacentes sont indépendantes. Il sélectionne, également, un nombre de véhicules, appelés relais, qui coopèrent dans le contexte de la répétition du message d’urgence pour assurer la fiabilité en multi-sauts. La deuxième contribution, appelée BCRB, vise à améliorer REMD ; elle suppose que les qualités de réception de lien des cellules adjacentes sont dépendantes ce qui est, généralement, plus réaliste. BCRB utilise les réseaux Bayésiens pour modéliser les dépendances en vue d’estimer la qualité du lien de réception avec une meilleure précision. La troisième contribution, appelée RICS, offre un accès fiable à Internet. RICS propose un modèle d’optimisation, avec une résolution exacte optimale à l'aide d’une technique de réduction de la dimension spatiale, pour le déploiement des passerelles. Chaque passerelle utilise BCRB pour établir une communication fiable avec les véhicules.Vehicular networks aim to enable a plethora of safety and infotainment applications. Safety applications aim to preserve people's lives (e.g., by helping in avoiding crashes) while infotainment applications focus on enhancing the passengers’ experience. These applications, especially safety applications, have stringent requirements in terms of reliability and delay; indeed, dissemination of an emergency message (e.g., by a vehicle/sender involved in a crash) should be reliable while satisfying short delay requirements. Note, that multi-hop dissemination is needed to reach all vehicles, in the target area, that may be outside the transmission range of the sender. Several schemes have been proposed to provide reliability and short delay for vehicular applications. However, these schemes have several limitations. Thus, the design of new solutions, to meet the requirement of vehicular applications in terms of reliability while keeping low end-to-end delay, is required. In this thesis, we propose three schemes. The first scheme is a multi-hop reliable emergency message dissemination scheme, called REMD, which guarantees a predefined reliability , using message repetitions/retransmissions, while satisfying short delay requirements. It computes an optimal number of repetitions based on the estimation of link reception quality at different locations (called cells) in the transmission range of the sender; REMD assumes that link reception qualities of adjacent cells are independent. It also adequately selects a number of vehicles, called forwarders, that cooperate in repeating the emergency message with the objective to satisfy multi-hop reliability requirements. The second scheme, called BCRB, overcomes the shortcoming of REMD by assuming that link reception qualities of adjacent cells are dependent which is more realistic in real-life scenarios. BCRB makes use of Bayesian networks to model these dependencies; this allows for more accurate estimation of link reception qualities leading to better performance of BCRB. The third scheme, called RICS, provides internet access to vehicles by establishing multi-hop reliable paths to gateways. In RICS, the gateway placement is modeled as a k-center optimisation problem. A space dimension reduction technique is used to solve the problem in exact time. Each gateway makes use of BCRB to establish reliable communication paths to vehicles

The Internet of Everything

In the era before IoT, the world wide web, internet, web 2.0 and social media made people’s lives comfortable by providing web services and enabling access personal data irrespective of their location. Further, to save time and improve efficiency, there is a need for machine to machine communication, automation, smart computing and ubiquitous access to personal devices. This need gave birth to the phenomenon of Internet of Things (IoT) and further to the concept of Internet of Everything (IoE)

Simulation of attacks for security in wireless sensor network

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node?s software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work.This work has been funded by the Spanish MICINN under the TEC2011-28666-C04-02 and TEC2014-58036-C4-3-R project