Securing Real-Time Internet-of-Things

Modern embedded and cyber-physical systems are ubiquitous. A large number of critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality requires real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However RT- IoT are also increasingly becoming targets for cyber-attacks which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT- IoT frameworks

Integrating security into real-time cyber-physical systems

Cyber-physical systems (CPS) such as automobiles, power plants, avionics systems, unmanned vehicles, medical devices, manufacturing and home automation systems have distinct cyber and physical components that must work cohesively with each other to ensure correct operation. Many cyber-physical applications have “real-time” constraints, i.e., they must function correctly within predetermined time scales. A failure to protect these systems could result in significant harm to humans, the system or even the environment. While traditionally such systems were isolated from external accesses and used proprietary components and protocols, modern CPS use off-the-shelf components and are increasingly interconnected, often via networks such as the Internet. As a result, they are exposed to additional attack surfaces and have become increasingly vulnerable to cyber attacks. Enhancing security for real-time CPS, however, is not an easy task due to limited resource availability (e.g., processing power, memory, storage, energy) and stringent timing/safety requirements. Security monitoring techniques for cyber-physical platforms (a) must execute with existing real-time tasks, (b) operate without impacting the timing and safety constraints of the control logic and (c) have to be designed and executed in a way that an adversary cannot easily evade it. The objective of my research is to increase security posture of embedded real-time CPS by integrating monitoring/detection techniques that defeat cyber attacks without violating timing/safety constraints of existing tasks. My dissertation work explores the real-time security domain and shows that by employing a combination of multiple scheduling/analysis techniques and interactions between hardware/software-based security extensions, it becomes feasible to integrate security monitoring mechanisms in real-time CPS without compromising timing/safety requirements of existing tasks. In this research, I (a) develop techniques to raise the responsiveness of security monitoring tasks by increasing their frequency of execution, (b) design a hardware-supported framework to prevent falsification of actuation commands — i.e., commands that control the state of the physical system and (c) propose metrics to trade-off security with real-time guarantees. The solutions presented in this dissertation require minimal changes to system components/parameters and thus compatible for legacy systems. My proposed frameworks and results are evaluated through both, simulations and experiments on real off-the-shelf cyber-physical platforms. The development of analysis techniques and design frameworks proposed in this dissertation will inherently make such systems more secure and hence, safer. I believe my dissertation work will bring researchers and system engineers one step closer to understand how to integrate two seemingly diverse yet important fields — real-time CPS and cyber-security — while gaining a better understanding of both areas

Real-Time Guarantees For Wireless Networked Sensing And Control

Wireless networks are increasingly being explored for mission-critical sensing and control in emerging domains such as connected and automated vehicles, Industrial 4.0, and smart city. In wireless networked sensing and control (WSC) systems, reliable and real- time delivery of sensed data plays a crucial role for the control decision since out-of-date information will often be irrelevant and even leads to negative effects to the system. Since WSC differs dramatically from the traditional real-time (RT) systems due to its wireless nature, new design objective and perspective are necessary to achieve real-time guarantees. First, we proposed Optimal Node Activation Multiple Access (ONAMA) scheduling protocol that activates as many nodes as possible while ensuring transmission reliability (in terms of packets delivery ratio). We implemented and tested ONAMA on two testbeds both with 120+ sensor nodes. Second, we proposed algorithms to address the problem of clustering heterogeneous reliability requirements into a limit set of service levels. Our solutions are optimal, and they also provide guaranteed reliability, which is critical for wireless sensing and control. Third, we proposed a probabilistic real-time wireless communication framework that effectively integrates real-time scheduling theory with wireless communication. The per- packet probabilistic real-time QoS was formally modeled. By R3 mapping, the upper-layer requirement and the lower-layer link reliability are translated into the number of trans- mission opportunities needed. By optimal real-time communication scheduling as well as admission test and traffic period optimization, the system utilization is maximized while the schedulability is maintained. Finally, we further investigated the problem of how to minimize delay variation (i.e., jitter) while ensuring that packets are delivered by their deadlines

Design and Implementation of a Self Adaptive Architecture for QoS (SAAQ) in IoT based Wireless Networks

The rapid growth of Internet of Things (IoT) applications has made ensuring quality of service (QoS) in wireless networks essential. This paper presents the design and implementation of a Self-Adaptive Architecture for QoS (SAAQ) in IoT-based wireless networks, using the NS-2 simulation tool as a foundation for analysis and evaluation. The SAAQ framework is carefully tailored to meet the dynamic demands of IoT applications, enabling real-time adjustment of QoS parameters such as packet delivery ratio, throughput, end-to-end delay, packet loss ratio, energy consumption and routing overhead. By integrating with NS-2, a simulation tool in network research, we conduct extensive simulations and experiments to evaluate the SAAQ's effectiveness in diverse IoT scenarios. This paper explores the adaptability and scalability of the SAAQ architecture and results of experiments reveal the practical benefits of the SAAQ in enhancing QoS in a simulated IoT application over other methods such as AODV, AOMDV, and LEACH

Why (and How) Networks Should Run Themselves

The proliferation of networked devices, systems, and applications that we depend on every day makes managing networks more important than ever. The increasing security, availability, and performance demands of these applications suggest that these increasingly difficult network management problems be solved in real time, across a complex web of interacting protocols and systems. Alas, just as the importance of network management has increased, the network has grown so complex that it is seemingly unmanageable. In this new era, network management requires a fundamentally new approach. Instead of optimizations based on closed-form analysis of individual protocols, network operators need data-driven, machine-learning-based models of end-to-end and application performance based on high-level policy goals and a holistic view of the underlying components. Instead of anomaly detection algorithms that operate on offline analysis of network traces, operators need classification and detection algorithms that can make real-time, closed-loop decisions. Networks should learn to drive themselves. This paper explores this concept, discussing how we might attain this ambitious goal by more closely coupling measurement with real-time control and by relying on learning for inference and prediction about a networked application or system, as opposed to closed-form analysis of individual protocols

Integrating Edge Computing and Software Defined Networking in Internet of Things: A Systematic Review

The Internet of Things (IoT) has transformed our interaction with the world by connecting devices, sensors, and systems to the Internet, enabling real-time monitoring, control, and automation in various applications such as smart cities, healthcare, transportation, homes, and grids. However, challenges related to latency, privacy, and bandwidth have arisen due to the massive influx of data generated by IoT devices and the limitations of traditional cloud-based architectures. Moreover, network management, interoperability, security, and scalability issues have emerged due to the rapid growth and heterogeneous nature of IoT devices. To overcome such problems, researchers proposed a new architecture called Software Defined Networking for Edge Computing in the Internet of Things (SDN-EC-IoT), which combines Edge Computing for the Internet of Things (EC-IoT) and Software Defined Internet of Things (SDIoT). Although researchers have studied EC-IoT and SDIoT as individual architectures, they have not yet addressed the combination of both, creating a significant gap in our understanding of SDN-EC-IoT. This paper aims to fill this gap by presenting a comprehensive review of how the SDN-EC-IoT paradigm can solve IoT challenges. To achieve this goal, this study conducted a literature review covering 74 articles published between 2019 and 2023. Finally, this paper identifies future research directions for SDN-EC-IoT, including the development of interoperability platforms, scalable architectures, low latency and Quality of Service (QoS) guarantees, efficient handling of big data, enhanced security and privacy, optimized energy consumption, resource-aware task offloading, and incorporation of machine learnin

QoS multicast tree construction in IP/DWDM optical internet by bio-inspired algorithms

Copyright @ Elsevier Ltd. All rights reserved.In this paper, two bio-inspired Quality of Service (QoS) multicast algorithms are proposed in IP over dense wavelength division multiplexing (DWDM) optical Internet. Given a QoS multicast request and the delay interval required by the application, both algorithms are able to find a flexible QoS-based cost suboptimal routing tree. They first construct the multicast trees based on ant colony optimization and artificial immune algorithm, respectively. Then a dedicated wavelength assignment algorithm is proposed to assign wavelengths to the trees aiming to minimize the delay of the wavelength conversion. In both algorithms, multicast routing and wavelength assignment are integrated into a single process. Therefore, they can find the multicast trees on which the least wavelength conversion delay is achieved. Load balance is also considered in both algorithms. Simulation results show that these two bio-inspired algorithms can construct high performance QoS routing trees for multicast applications in IP/DWDM optical Internet.This work was supported in part ny the Program for New Century Excellent Talents in University, the Engineering and Physical Sciences Research Council (EPSRC) of UK under Grant EP/E060722/1, the National Natural Science Foundation of China under Grant no. 60673159 and 70671020, the National High-Tech Reasearch and Development Plan of China under Grant no. 2007AA041201, and the Specialized Research Fund for the Doctoral Program of Higher Education under Grant no. 20070145017

Flow control of real-time unicast multimedia applications in best-effort networks

One of the fastest growing segments of Internet applications are real-time mul- timedia applications, like Voice over Internet Protocol (VoIP). Real-time multimedia applications use the User Datagram Protocol (UDP) as the transport protocol because of the inherent conservative nature of the congestion avoidance schemes of Transmis- sion Control Protocol (TCP). The e®ects of uncontrolled °ows on the Internet have not yet been felt because UDP tra±c frequently constitutes only » 20% of the total Internet tra±c. It is pertinent that real-time multimedia applications become better citizens of the Internet, while at the same time deliver acceptable Quality of Service (QoS). Traditionally, packet losses and the increase in the end-to-end delay experienced by some of the packets characterizes congestion in the network. These two signals have been used to develop most known °ow control schemes. The current research considers the °ow accumulation in the network as the signal for use in °ow control. The most signi¯cant contribution of the current research is to propose novel end- to-end °ow control schemes for unicast real-time multimedia °ows transmitting over best-e®ort networks. These control schemes are based on predictive control of the accumulation signal. The end-to-end control schemes available in the literature are based on reactive control that do not take into account the feedback delay existing between the sender and the receiver nor the forward delay in the °ow dynamics. The performance of the proposed control schemes has been evaluated using the ns-2 simulation environment. The research concludes that active control of hard real- time °ows delivers the same or somewhat better QoS as High Bit Rate (HBR, no control), but with a lower average bit rate. Consequently, it helps reduce bandwidth use of controlled real-time °ows by anywhere between 31:43% to 43:96%. Proposed reactive control schemes deliver good QoS. However, they do not scale up as well as the predictive control schemes. Proposed predictive control schemes are e®ective in delivering good quality QoS while using up less bandwidth than even the reactive con- trol schemes. They scale up well as more real-time multimedia °ows start employing them