Service architecting and dynamic composition in pervasive smart ecosystems for the Internet of things based on sensor network technology

Why pervasive awareness and Ambient Intelligence are perceived by a great part of the academia and industry as a massive revolution in the short-term? In our best knowledge, a cornerstone of this thought is based on the fact that the ultimate nature of the smart environment paradigm is not in the technology itself, but on a people-centered approach. Perhaps, is in this apparently simple conception where precisely lies the boldness of this promising vision, which has been consolidated in recent years with the emerging proliferation of mobile, personal, portable, wearable and sensory computing: to reach everyone and everywhere. On the one hand, it touches our daily lives in a close manner, minimizing the required attention from the users, anticipating to their needs with the main intention of redefining our idea of Quality of Experience. On the other hand, this new wave impacts everywhere at both global and personal scales allowing expanded connectivity between devices and smart objects, in a dynamic and ubiquitous manner, as a natural extension of the physical world around us. According to the above, this doctoral dissertation focuses on contributing to the integration of software and networking engineering advances in the field of pervasive smart spaces and environment using sensor networks. This is founded on the convergence of some information technology and computer science paradigms, such as service and agent orientation, semantic technologies and knowledge management in the framework of pervasive computing and the Internet of Things. To this end, the nSOM (nano Service-Oriented Middleware) and nSOL (nano Semantics-Oriented Language) approaches are presented. Firstly, the nSOM proposal defines a service-oriented platform for the implementation, deployment and exposure of agent-based in-network services to the Internet cloud on heterogeneous sensor devices. Secondly, the nSOL solution enables an abstraction for supporting ubiquitous service composition based on semantic knowledge management. The integration of both contributions leads to the formal modelling and practical development of adaptive virtual sensor services for pervasive Ambient Intelligence ecosystems. This work includes also the related performance characterization of the resulting prototype according to several metrics such as code size, volatile memory footprint, CPU overhead, service time delay and battery lifetime. Main foundations and outcomes presented in this essay are contextualized in the following European Research Projects: μSWN (FP6 code: IST-034642), DiYSE (ITEA2 code: 08005) and LifeWear (ITEA2 code: 09026). --------------------¿Por qué la sensibilidad ubicua y la inteligencia ambiental son percibidas por una gran parte de las comunidades académica e industrial como una revolución masiva en el corto plazo? En nuestra opinión, una piedra angular de este pensamiento es el hecho de que la naturaleza última del paradigma de entornos inteligentes no reside en la tecnología en sí misma, sino en una aproximación centrada en las personas. Y es quizá en esta aparente simple concepción donde se halla precisamente el atrevimiento de esta prometedora visión, consolidada en los últimos años con la emergente proliferación de la computación móvil, personal, portable, llevable y sensorial: llegar a todos y a todas partes. Por un lado, esta alcanza nuestras vidas de una manera cercana, minimizando la atención requerida por los usuarios, anticipándose a sus necesidades con el objetivo de redefinir nuestra idea de calidad de experiencia. Por otro lado, esta impacta en todas partes tanto a escala global como personal, con una conectividad expandida entre dispositivos y objetos inteligentes, de un modo ubicuo y dinámico, como una extensión natural del mundo que nos rodea. Conforme a lo anterior, esta tesis doctoral se centra en contribuir en la integración de los avances de ingeniería de redes y software en el ámbito de los espacios y entornos inteligentes ubicuos basados en redes de sensores. Esto se fundamenta en la convergencia de diversos paradigmas de las tecnologías de la información y ciencia de la computación, tales como orientación a servicios y agentes, tecnologías semánticas y de gestión del conocimiento en el contento de la computación ubicua en la Internet de las Cosas. Para este fin, se presentan las aproximaciones nSOM (nano Service-Oriented Middleware) y nSOL (nano Semantics-Oriented Language). En primer lugar, nSOM define una plataforma orientada a servicios para la implementación, despliegue y exposición a la nube de servicios basados en agentes e implementados en red sobre dispositivos heterogéneos de sensores. En segundo lugar, nSOL habilita una abstracción para proporcionar composición ubicua de servicios basada en gestión semántica del conocimiento. La integración de ambas contribuciones conduce a un modelado formal y de implementación práctica de servicios de sensor virtual adaptativos para ecosistemas de inteligencia ambiental. Este trabajo incluye la caracterización del rendimiento del prototipo resultante, basándonos para ello en métricas tales como tamaño de código, tamaño de memoria volátil, sobrecarga de procesamiento, retardo en tiempo de servicio y autonomía de baterías. Los principales fundamentos y resultados discutidos en este ensayo están contextualizados en los siguientes Proyectos de Investigación Europeos: μSWN (FP6 código: IST-034642), DiYSE (ITEA2 código: 08005) y LifeWear (ITEA2 código: 09026).Presidente: Juan Ramón Velasco Pérez; Vocal: Juan Carlos Dueñas; Secretario: Mario Muñoz Organer

Sécurité et performances des réseaux de nouvelle génération

L’IMS (IP Multimedia Subsystem) constitue l’architecture clé de contrôle pour les réseaux de nouvelle génération (NGN : Next Generation Network). IMS offre aux opérateurs réseaux la possibilité d'étendre leurs services, en intégrant la voix et des communications multimédia et de les livrer dans de nouveaux environnements avec de nouveaux objectifs. Sa sécurité totale mais à moindre coût est donc primordiale, principalement l’authentification. En IMS l’authentification est divisée en deux phases, une au niveau du domaine PS (Packet-Switch) avec le protocole 3GPP-AKA, et l’autre au niveau IMS en utilisant le protocole IMS-AKA. Dans notre première contribution, nous proposons un nouveau protocole d’authentification plus sécurisé que celui utilisé en IMS (IMS-AKA) et plus performant en termes d’utilisation de la bande passante et de temps de traitement. Notre méthode d’analyse repose sur la quantification de la signalisation induite par l’authentification IMS. La quantification est effectuée à l’aide d’expérimentations réelles. Sur la base des résultats obtenues, nous pouvons confirmer que notre protocole (1) peut économiser au moins 21,5% du trafic SIP/Cx par rapport à l’IMS-AKA, (2) permet de réduire la consommation de la bande passante de 27% par rapport à l’IMS-AKA, (3) résiste aux attaques atteignant la confidentialité et l’intégrité des données lors d’un enregistrement IMS (validé par AVISPA). Dans notre seconde contribution, nous avons présenté un nouveau modèle, nommé virtual walled-garden, de fourniture de services centré sur l'utilisateur en IMS. Ce modèle de fourniture de service permet d'offrir plus de liberté d'utiliser les services de tout fournisseur de contenu en fonction des besoins et préférences des utilisateurs. De cette manière les trois parties (utilisateur, fournisseurs de services et opérateur IMS) sont satisfaites. Les utilisateurs auront accès à un plus large éventail de services soutenus par l'IMS, les fournisseurs de services peuvent mettre en œuvre un large éventail de services IMS/SIP sans aucun investissement sur la mise en œuvre d'un réseau de cœur IMS ou de sa maintenance. Quant aux opérateurs cette façon de faire constitue une nouvelle forme de partenariat d'affaires avec les fournisseurs de services. Le modèle virtual walled-garden se base sur une fédération d'identité multi niveaux pour prendre en considération plusieurs niveaux de sécurité selon la criticité des applications sollicitées. ABSTRACT : The IMS (IP Multimedia Subsystem) architecture is the key control for next generation networks (NGN). IMS gives network operators the opportunity to extend their services, including voice and multimedia communications and deliver them in new environments with new goals. Its security is paramount, especially authentication. In IMS, authentication is divided into two phases a PS (Packet-Switch) domain-level with the 3GPP-AKA protocol, and a second at IMS level using the IMS-AKA protocol. In our first contribution, we propose a new IMS authentication mechanism that improves the IMS-AKA in terms of security and more efficient in the use of bandwidth and processing time. Based on the results obtained, we can confirm that our protocol can save at least 21.5% of SIP/Cx traffic compared to the IMS-AKA and resists to attack reaching the confidentiality and integrity of data in an IMS registration (validated by AVISPA). In our second contribution, we propose a new Service provisioning model: Virtual Walled-Garden. This new model allows the user accessing all the applications, even the external ones transparently, simulating a walled-garden environment. This model will create a trust link between IMS domain and external services, and will reduce the burden of both end users and SPs through a Single Sign-On (SSO) feature, using identity federation. We also introduce the notion of security level to classify the SPs in a Multi-level model

Design, Fabrication, and Run-time Strategies for Hardware-Assisted Security

Today, electronic computing devices are critically involved in our daily lives, basic infrastructure, and national defense systems. With the growing number of threats against them, hardware-based security features offer the best chance for building secure and trustworthy cyber systems. In this dissertation, we investigate ways of making hardware-based security into a reality with primary focus on two areas: Hardware Trojan Detection and Physically Unclonable Functions (PUFs). Hardware Trojans are malicious modifications made to original IC designs or layouts that can jeopardize the integrity of hardware and software platforms. Since most modern systems critically depend on ICs, detection of hardware Trojans has garnered significant interest in academia, industry, as well as governmental agencies. The majority of existing detection schemes focus on test-time because of the limited hardware resources available at run-time. In this dissertation, we explore innovative run-time solutions that utilize on-chip thermal sensor measurements and fundamental estimation/detection theory to expose changes in IC power/thermal profile caused by Trojan activation. The proposed solutions are low overhead and also generalizable to many other sensing modalities and problem instances. Simulation results using state-of-the-art tools on publicly available Trojan benchmarks verify that our approaches can detect Trojans quickly and with few false positives. Physically Unclonable Functions (PUFs) are circuits that rely on IC fabrication variations to generate unique signatures for various security applications such as IC authentication, anti-counterfeiting, cryptographic key generation, and tamper resistance. While the existence of variations has been well exploited in PUF design, knowledge of exactly how variations come into existence has largely been ignored. Yet, for several decades the Design-for-Manufacturability (DFM) community has actually investigated the fundamental sources of these variations. Furthermore, since manufacturing variations are often harmful to IC yield, the existing DFM tools have been geared towards suppressing them (counter-intuitive for PUFs). In this dissertation, we make several improvements over current state-of-the-art work in PUFs. First, our approaches exploit existing DFM models to improve PUFs at physical layout and mask generation levels. Second, our proposed algorithms reverse the role of standard DFM tools and extend them towards improving PUF quality without harming non-PUF portions of the IC. Finally, since our approaches occur after design and before fabrication, they are applicable to all types of PUFs and have little overhead in terms of area, power, etc. The innovative and unconventional techniques presented in this dissertation should act as important building blocks for future work in cyber security

CITIES: Energetic Efficiency, Sustainability; Infrastructures, Energy and the Environment; Mobility and IoT; Governance and Citizenship

This book collects important contributions on smart cities. This book was created in collaboration with the ICSC-CITIES2020, held in San José (Costa Rica) in 2020. This book collects articles on: energetic efficiency and sustainability; infrastructures, energy and the environment; mobility and IoT; governance and citizenship

A User Centric Security Model for Tamper-Resistant Devices

In this thesis we propose a design for a ubiquitous and interoperable device based on the smart card architecture to meet the challenges of privacy, trust, and security for traditional and emerging technologies like personal computers, smart phones and tablets. Such a de- vice is referred a User Centric Tamper-Resistant Device (UCTD). To support the smart card architecture for the UCTD initiative, we propose the delegation of smart card owner- ship from a centralised authority (i.e. the card issuer) to users. This delegation mandated a review of existing smart card mechanisms and their proposals for modifications/improve- ments to their operation. Since the inception of smart card technology, the dominant ownership model in the smart card industry has been refer to as the Issuer Centric Smart Card Ownership Model (ICOM). The ICOM has no doubt played a pivotal role in the proliferation of the technology into various segments of modern life. However, it has been a barrier to the convergence of different services on a smart card. In addition, it might be considered as a hurdle to the adaption of smart card technology into a general-purpose security device. To avoid these issues, we propose citizen ownership of smart cards, referred as the User Centric Smart Card Ownership Model (UCOM). Contrary to the ICOM, it gives the power of decision to install or delete an application on a smart card to its user. The ownership of corresponding applications remains with their respective application providers along with the choice to lease their application to a card or not. In addition, based on the UCOM framework, we also proposed the Coopetitive Architecture for Smart Cards (CASC) that merges the centralised control of card issuers with the provision of application choice to the card user. In the core of the thesis, we analyse the suitability of the existing smart card architectures for the UCOM. This leads to the proposal of three major contributions spanning the smart card architecture, the application management framework, and the execution environment. Furthermore, we propose protocols for the application installation mechanism and the application sharing mechanism (i.e. smart card firewall). In addition to this, we propose a framework for backing-up, migrating, and restoring the smart card contents. Finally, we provide the test implementation results of the proposed protocols along with their performance measures. The protocols are then compared in terms of features and performance with existing smart cards and internet protocols. In order to provide a more detailed analysis of proposed protocols and for the sake of completeness, we performed mechanical formal analysis using the CasperFDR.EThOS - Electronic Theses Online ServiceGBUnited Kingdo