NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT

This paper takes a comprehensive view on the protocol stacks that are under debate for a future Internet of Things (IoT). It addresses the holistic question of which solution is beneficial for common IoT use cases. We deploy NDN and the two popular IP-based application protocols, CoAP and MQTT, in its different variants on a large-scale IoT testbed in single- and multi-hop scenarios. We analyze the use cases of scheduled periodic and unscheduled traffic under varying loads. Our findings indicate that (a) NDN admits the most resource-friendly deployment on nodes, and (b) shows superior robustness and resilience in multi-hop scenarios, while (c) the IP protocols operate at less overhead and higher speed in single-hop deployments. Most strikingly we find that NDN-based protocols are in significantly better flow balance than the UDP-based IP protocols and require less corrective actions

Considerations on the Adoption of Named Data Networking (NDN) in Tactical Environments

Mobile military networks are uniquely challenging to build and maintain, because of their wireless nature and the unfriendliness of the environment, resulting in unreliable and capacity limited performance. Currently, most tactical networks implement TCP/IP, which was designed for fairly stable, infrastructure-based environments, and requires sophisticated and often application-specific extensions to address the challenges of the communication scenario. Information Centric Networking (ICN) is a clean slate networking approach that does not depend on stable connections to retrieve information and naturally provides support for node mobility and delay/disruption tolerant communications - as a result it is particularly interesting for tactical applications. However, despite ICN seems to offer some structural benefits for tactical environments over TCP/IP, a number of challenges including naming, security, performance tuning, etc., still need to be addressed for practical adoption. This document, prepared within NATO IST-161 RTG, evaluates the effectiveness of Named Data Networking (NDN), the de facto standard implementation of ICN, in the context of tactical edge networks and its potential for adoption

Decentralized Identity and Access Management Framework for Internet of Things Devices

The emerging Internet of Things (IoT) domain is about connecting people and devices and systems together via sensors and actuators, to collect meaningful information from the devices surrounding environment and take actions to enhance productivity and efficiency. The proliferation of IoT devices from around few billion devices today to over 25 billion in the next few years spanning over heterogeneous networks defines a new paradigm shift for many industrial and smart connectivity applications. The existing IoT networks faces a number of operational challenges linked to devices management and the capability of devices’ mutual authentication and authorization. While significant progress has been made in adopting existing connectivity and management frameworks, most of these frameworks are designed to work for unconstrained devices connected in centralized networks. On the other hand, IoT devices are constrained devices with tendency to work and operate in decentralized and peer-to-peer arrangement. This tendency towards peer-to-peer service exchange resulted that many of the existing frameworks fails to address the main challenges faced by the need to offer ownership of devices and the generated data to the actual users. Moreover, the diversified list of devices and offered services impose that more granular access control mechanisms are required to limit the exposure of the devices to external threats and provide finer access control policies under control of the device owner without the need for a middleman. This work addresses these challenges by utilizing the concepts of decentralization introduced in Distributed Ledger (DLT) technologies and capability of automating business flows through smart contracts. The proposed work utilizes the concepts of decentralized identifiers (DIDs) for establishing a decentralized devices identity management framework and exploits Blockchain tokenization through both fungible and non-fungible tokens (NFTs) to build a self-controlled and self-contained access control policy based on capability-based access control model (CapBAC). The defined framework provides a layered approach that builds on identity management as the foundation to enable authentication and authorization processes and establish a mechanism for accounting through the adoption of standardized DLT tokenization structure. The proposed framework is demonstrated through implementing a number of use cases that addresses issues related identity management in industries that suffer losses in billions of dollars due to counterfeiting and lack of global and immutable identity records. The framework extension to support applications for building verifiable data paths in the application layer were addressed through two simple examples. The system has been analyzed in the case of issuing authorization tokens where it is expected that DLT consensus mechanisms will introduce major performance hurdles. A proof of concept emulating establishing concurrent connections to a single device presented no timed-out requests at 200 concurrent connections and a rise in the timed-out requests ratio to 5% at 600 connections. The analysis showed also that a considerable overhead in the data link budget of 10.4% is recorded due to the use of self-contained policy token which is a trade-off between building self-contained access tokens with no middleman and link cost

Investigating seamless handover in VANET systems

Wireless communications have been extensively studied for several decades, which has led to various new advancements, including new technologies in the field of Intelligent Transport Systems. Vehicular Ad hoc Networks or VANETs are considered to be a long-term solution, contributing significantly towards Intelligent Transport Systems in providing access to critical life-safety applications and infotainment services. These services will require ubiquitous connectivity and hence there is a need to explore seamless handover mechanisms. Although VANETs are attracting greater commercial interest, current research has not adequately captured the realworld constraints in Vehicular Ad hoc Network handover techniques. Due to the high velocity of the vehicles and smaller coverage distances, there are serious challenges in providing seamless handover from one Road Side Unit (RSU) to another and this comes at the cost of overlapping signals of adjacent RSUs. Therefore, a framework is needed to be able to calculate the regions of overlap in adjacent RSU coverage ranges to guarantee ubiquitous connectivity. This thesis is about providing such a framework by analysing in detail the communication mechanisms in a VANET network, firstly by means of simulations using the VEINs framework via OMNeT++ and then using analytical analysis of the probability of successful packet reception. Some of the concepts of the Y-Comm architecture such as Network Dwell Time, Time Before Handover and Exit Times have been used to provide a framework to investigate handover issues and these parameters are also used in this thesis to explore handover in highly mobile environments such as VANETs. Initial investigation showed that seamless communication was dependant on the beacon frequency, length of the beacon and the velocity of the vehicle. The effects of each of these parameters are explored in detail and results are presented which show the need for a more probabilistic approach to handover based on cumulative probability of successful packet reception. In addition, this work shows how the length of the beacon affects the rate of change of the Signal-to-Noise ratio or SNR as the vehicle approaches the Road-Side Unit. However, the velocity of the vehicle affects both the cumulative probability as well as the Signal-to-Noise ratio as the vehicle approaches the Road-Side Unit. The results of this work will enable systems that can provide ubiquitous connectivity via seamless handover using proactive techniques because traditional models of handover are unable to cope with the high velocity of the vehicles and relatively small area of coverage in these environments. Finally, a testbed has been set-up at the Middlesex University, Hendon campus for the purpose of achieving a better understanding of VANET systems operating in an urban environment. Using the testbed, it was observed that environmental effects have to be taken into considerations in real-time deployment studies to see how these parameters can affect the performance of VANET systems under different scenarios. This work also highlights the fact that in order to build a practical system better propagation models are required in the urban context for highly mobile environments such as VANETs

Understanding Security Threats in Cloud

As cloud computing has become a trend in the computing world, understanding its security concerns becomes essential for improving service quality and expanding business scale. This dissertation studies the security issues in a public cloud from three aspects. First, we investigate a new threat called power attack in the cloud. Second, we perform a systematical measurement on the public cloud to understand how cloud vendors react to existing security threats. Finally, we propose a novel technique to perform data reduction on audit data to improve system capacity, and hence helping to enhance security in cloud. In the power attack, we exploit various attack vectors in platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS) cloud environments. to demonstrate the feasibility of launching a power attack, we conduct series of testbed based experiments and data-center-level simulations. Moreover, we give a detailed analysis on how different power management methods could affect a power attack and how to mitigate such an attack. Our experimental results and analysis show that power attacks will pose a serious threat to modern data centers and should be taken into account while deploying new high-density servers and power management techniques. In the measurement study, we mainly investigate how cloud vendors have reacted to the co-residence threat inside the cloud, in terms of Virtual Machine (VM) placement, network management, and Virtual Private Cloud (VPC). Specifically, through intensive measurement probing, we first profile the dynamic environment of cloud instances inside the cloud. Then using real experiments, we quantify the impacts of VM placement and network management upon co-residence, respectively. Moreover, we explore VPC, which is a defensive service of Amazon EC2 for security enhancement, from the routing perspective. Advanced Persistent Threat (APT) is a serious cyber-threat, cloud vendors are seeking solutions to ``connect the suspicious dots\u27\u27 across multiple activities. This requires ubiquitous system auditing for long period of time, which in turn causes overwhelmingly large amount of system audit logs. We propose a new approach that exploits the dependency among system events to reduce the number of log entries while still supporting high quality forensics analysis. In particular, we first propose an aggregation algorithm that preserves the event dependency in data reduction to ensure high quality of forensic analysis. Then we propose an aggressive reduction algorithm and exploit domain knowledge for further data reduction. We conduct a comprehensive evaluation on real world auditing systems using more than one-month log traces to validate the efficacy of our approach

A use case of low power wide area networks in future 5G healthcare applications

Abstract. The trend in all cellular evolution to the Long-Term Evolution (LTE) has always been to offer users continuously increasing data rates. However, the next leap forwards towards the 5th Generation Mobile Networks (5G) will be mainly addressing the needs of devices. Machines communicating with each other, sensors reporting to a server, or even machines communicating with humans, these are all different aspects of the same technology; the Internet of Things (IoT). The key differentiator between Machine-to-Machine (M2M) communications and IoT will be the added -feature of connecting devices and sensors not only to themselves, but also to the internet. The appropriate communications network is the key to allow this connectivity. Local Area Networks (LANs) and Wide Area Networks (WANs) have been thought of as enablers for IoT, but since they both suffered from limitations in IoT aspects, the need for a new enabling technology was evident. LPWANs are networks dedicated to catering for the needs of IoT such as providing low energy consumption for wireless devices. LPWANs can be categorized into proprietary LPWANs and cellular LPWANs. Proprietary LPWANs are created by an alliance of companies working together on creating a communications standard operating in unlicensed frequency bands. An example of proprietary LPWANs is LoRa. Whereas cellular LPWANs are standardized by the 3rd Partnership Project (3GPP) and they are basically versions of the LTE standard especially designed for machine communications. An example of cellular LPWANs is Narrowband IoT (NB IoT). This diploma thesis documents the usage of LoRa and NB IoT in a healthcare use case of IoT. It describes the steps and challenges of deploying an LTE network at a target site, which will be used by the LoRa and NB IoT sensors to transmit data through the 5G test network (5GTN) to a desired server location for storing and later analysis.Matalan tehonkulutuksen ja pitkänkantaman teknologian käyttötapaus tulevaisuuden 5G:tä hyödyntävissä terveydenhoidon sovelluksissa. Tiivistelmä. Pitemmän aikavälin tarkastelussa matkaviestintäteknologian kehittyminen nykyisin käytössä olevaan Long-Term Evolution (LTE) teknologiaan on tarkoittanut käyttäjille yhä suurempia datanopeuksia. Seuraavassa askeleessa kohti 5. sukupolven matkaviestintäverkkoja (5G) lähestytään kehitystä myös laitteiden tarpeiden lähtökohdista. Toistensa kanssa kommunikoivat koneet, palvelimille dataa lähettävät anturit tai jopa ihmisten kanssa kommunikoivat koneet ovat kaikki eri puolia samasta teknologisesta käsitteestä; esineiden internetistä (IoT). Oleellisin ero koneiden välisessä kommunikoinnissa (M2M) ja IoT:ssä on, että erinäiset laitteet tulevat olemaan yhdistettyinä paitsi toisiinsa myös internettiin. Tätä kytkentäisyyttä varten tarvitaan tarkoitukseen kehitetty matkaviestinverkko. Sekä lähiverkkoja (LAN) että suuralueverkkoja (WAN) on pidetty mahdollisina IoT mahdollistajina, mutta näiden molempien käsitteiden alle kuuluvissa teknologioissa on rajoitteita IoT:n vaatimusten lähtökohdista, joten uuden teknologian kehittäminen oli tarpeellista. Matalan tehonkulutuksen suuralueverkko (LP-WAN) on käsite, johon luokitellaan eri teknologioita, joita on kehitetty erityisesti IoT:n tarpeista lähtien. LP-WAN voidaan jaotella ainakin itse kehitettyihin ja matkaviestinverkkoihin perustuviin teknologisiin ratkaisuihin. Itse kehitetyt ratkaisut on luotu lukuisten yritysten yhteenliittymissä eli alliansseissa ja nämä ratkaisut keskittyvät lisensoimattomilla taajuuksilla toimiviin langattomiin ratkaisuihin, joista esimerkkinä laajasti käytössä oleva LoRa. Matkaviestinverkkoihin perustuvat lisensoiduilla taajuuksilla toimivat ratkaisut on puolestaan erikseen standardoitu 3GPP-nimisessä yhteenliittymässä, joka nykyisellään vastaa 2G, 3G ja LTE:n standardoiduista päätöksistä. Esimerkki 3GPP:n alaisesta LPWAN-luokkaan kuuluvasta teknologiasta on kapea kaistainen IoT-teknologia, NB-IoT. Tässä diplomityössä keskitytään terveydenhoidon käyttötapaukseen, missä antureiden mittaamaa tietoa siirretään langattomasti käyttäen sekä LoRa että NB-IoT teknologioita. Työssä kuvataan eri vaiheet ja haasteet, joita liittyi kun rakennetaan erikseen tiettyyn kohteeseen LTE-verkon radiopeitto, jotta LoRa:a ja NB-IoT:a käyttävät anturit saadaan välittämään mitattua dataa halutulle palvelimelle säilytykseen ja myöhempää analysointia varten. LTE-radiopeiton rakensi Oulun yliopiston omistama 5G testiverkko, jonka tarkoitus on tukea sekä tutkimusta että ympäröivää ekosysteemiä tulevaisuuden 5G:n kehityksessä