PADS: Practical Attestation for Highly Dynamic Swarm Topologies

Remote attestation protocols are widely used to detect device configuration (e.g., software and/or data) compromise in Internet of Things (IoT) scenarios. Unfortunately, the performances of such protocols are unsatisfactory when dealing with thousands of smart devices. Recently, researchers are focusing on addressing this limitation. The approach is to run attestation in a collective way, with the goal of reducing computation and communication. Despite these advances, current solutions for attestation are still unsatisfactory because of their complex management and strict assumptions concerning the topology (e.g., being time invariant or maintaining a fixed topology). In this paper, we propose PADS, a secure, efficient, and practical protocol for attesting potentially large networks of smart devices with unstructured or dynamic topologies. PADS builds upon the recent concept of non-interactive attestation, by reducing the collective attestation problem into a minimum consensus one. We compare PADS with a state-of-the art collective attestation protocol and validate it by using realistic simulations that show practicality and efficiency. The results confirm the suitability of PADS for low-end devices, and highly unstructured networks.Comment: Submitted to ESORICS 201

Graph-Based Multi-Label Classification for WiFi Network Traffic Analysis

Network traffic analysis, and specifically anomaly and attack detection, call for sophisticated tools relying on a large number of features. Mathematical modeling is extremely difficult, given the ample variety of traffic patterns and the subtle and varied ways that malicious activity can be carried out in a network. We address this problem by exploiting data-driven modeling and computational intelligence techniques. Sequences of packets captured on the communication medium are considered, along with multi-label metadata. Graph-based modeling of the data are introduced, thus resorting to the powerful GRALG approach based on feature information granulation, identification of a representative alphabet, embedding and genetic optimization. The obtained classifier is evaluated both under accuracy and complexity for two different supervised problems and compared with state-of-the-art algorithms. We show that the proposed preprocessing strategy is able to describe higher level relations between data instances in the input domain, thus allowing the algorithms to suitably reconstruct the structure of the input domain itself. Furthermore, the considered Granular Computing approach is able to extract knowledge on multiple semantic levels, thus effectively describing anomalies as subgraphs-based symbols of the whole network graph, in a specific time interval. Interesting performances can thus be achieved in identifying network traffic patterns, in spite of the complexity of the considered traffic classes

Routing, Localization And Positioning Protocols For Wireless Sensor And Actor Networks

Wireless sensor and actor networks (WSANs) are distributed systems of sensor nodes and actors that are interconnected over the wireless medium. Sensor nodes collect information about the physical world and transmit the data to actors by using one-hop or multi-hop communications. Actors collect information from the sensor nodes, process the information, take decisions and react to the events. This dissertation presents contributions to the methods of routing, localization and positioning in WSANs for practical applications. We first propose a routing protocol with service differentiation for WSANs with stationary nodes. In this setting, we also adapt a sports ranking algorithm to dynamically prioritize the events in the environment depending on the collected data. We extend this routing protocol for an application, in which sensor nodes float in a river to gather observations and actors are deployed at accessible points on the coastline. We develop a method with locally acting adaptive overlay network formation to organize the network with actor areas and to collect data by using locality-preserving communication. We also present a multi-hop localization approach for enriching the information collected from the river with the estimated locations of mobile sensor nodes without using positioning adapters. As an extension to this application, we model the movements of sensor nodes by a subsurface meandering current mobility model with random surface motion. Then we adapt the introduced routing and network organization methods to model a complete primate monitoring system. A novel spatial cut-off preferential attachment model and iii center of mass concept are developed according to the characteristics of the primate groups. We also present a role determination algorithm for primates, which uses the collection of spatial-temporal relationships. We apply a similar approach to human social networks to tackle the problem of automatic generation and organization of social networks by analyzing and assessing interaction data. The introduced routing and localization protocols in this dissertation are also extended with a novel three dimensional actor positioning strategy inspired by the molecular geometry. Extensive simulations are conducted in OPNET simulation tool for the performance evaluation of the proposed protocol

Communication between nodes for autonomic and distributed management

Doutoramento conjunto MAPi em InformáticaOver the last decade, the most widespread approaches for traditional management were based on the Simple Network Management Protocol (SNMP) or Common Management Information Protocol (CMIP). However, they both have several problems in terms of scalability, due to their centralization characteristics. Although the distributed management approaches exhibit better performance in terms of scalability, they still underperform regarding communication costs, autonomy, extensibility, exibility, robustness, and cooperation between network nodes. The cooperation between network nodes normally requires excessive overheads for synchronization and dissemination of management information in the network. For emerging dynamic and large-scale networking environments, as envisioned in Next Generation Networks (NGNs), exponential growth in the number of network devices and mobile communications and application demands is expected. Thus, a high degree of management automation is an important requirement, along with new mechanisms that promote it optimally and e ciently, taking into account the need for high cooperation between the nodes. Current approaches for self and autonomic management allow the network administrator to manage large areas, performing fast reaction and e ciently facing unexpected problems. The management functionalities should be delegated to a self-organized plane operating within the network, that decrease the network complexity and the control information ow, as opposed to centralized or external servers. This Thesis aims to propose and develop a communication framework for distributed network management which integrates a set of mechanisms for initial communication, exchange of management information, network (re) organization and data dissemination, attempting to meet the autonomic and distributed management requirements posed by NGNs. The mechanisms are lightweight and portable, and they can operate in di erent hardware architectures and include all the requirements to maintain the basis for an e cient communication between nodes in order to ensure autonomic network management. Moreover, those mechanisms were explored in diverse network conditions and events, such as device and link errors, di erent tra c/network loads and requirements. The results obtained through simulation and real experimentation show that the proposed mechanisms provide a lower convergence time, smaller overhead impact in the network, faster dissemination of management information, increase stability and quality of the nodes associations, and enable the support for e cient data information delivery in comparison to the base mechanisms analyzed. Finally, all mechanisms for communication between nodes proposed in this Thesis, that support and distribute the management information and network control functionalities, were devised and developed to operate in completely decentralized scenarios.Durante a última década, protocolos como Simple Network Management Protocol (SNMP) ou Common Management Information Protocol (CMIP) foram as abordagens mais comuns para a gestão tradicional de redes. Essas abordagens têm vários problemas em termos de escalabilidade, devido às suas características de centralização. Apresentando um melhor desempenho em termos de escalabilidade, as abordagens de gestão distribuída, por sua vez, são vantajosas nesse sentido, mas também apresentam uma série de desvantagens acerca do custo elevado de comunicação, autonomia, extensibilidade, exibilidade, robustez e cooperação entre os nós da rede. A cooperação entre os nós presentes na rede é normalmente a principal causa de sobrecarga na rede, uma vez que necessita de colectar, sincronizar e disseminar as informações de gestão para todos os nós nela presentes. Em ambientes dinâmicos, como é o caso das redes atuais e futuras, espera-se um crescimento exponencial no número de dispositivos, associado a um grau elevado de mobilidade dos mesmos na rede. Assim, o grau elevado de funções de automatiza ção da gestão da rede é uma exigência primordial, bem como o desenvolvimento de novos mecanismos e técnicas que permitam essa comunicação de forma optimizada e e ciente. Tendo em conta a necessidade de elevada cooperação entre os elementos da rede, as abordagens atuais para a gestão autonómica permitem que o administrador possa gerir grandes áreas de forma rápida e e ciente frente a problemas inesperados, visando diminuir a complexidade da rede e o uxo de informações de controlo nela gerados. Nas gestões autonómicas a delegação de operações da rede é suportada por um plano auto-organizado e não dependente de servidores centralizados ou externos. Com base nos tipos de gestão e desa os acima apresentados, esta Tese tem como principal objetivo propor e desenvolver um conjunto de mecanismos necessários para a criação de uma infra-estrutura de comunicação entre nós, na tentativa de satisfazer as exigências da gestão auton ómica e distribuída apresentadas pelas redes de futura geração. Nesse sentido, mecanismos especí cos incluindo inicialização e descoberta dos elementos da rede, troca de informação de gestão, (re) organização da rede e disseminação de dados foram elaborados e explorados em diversas condições e eventos, tais como: falhas de ligação, diferentes cargas de tráfego e exigências de rede. Para além disso, os mecanismos desenvolvidos são leves e portáveis, ou seja, podem operar em diferentes arquitecturas de hardware e contemplam todos os requisitos necessários para manter a base de comunicação e ciente entre os elementos da rede. Os resultados obtidos através de simulações e experiências reais comprovam que os mecanismos propostos apresentam um tempo de convergência menor para descoberta e troca de informação, um menor impacto na sobrecarga da rede, disseminação mais rápida da informação de gestão, aumento da estabilidade e a qualidade das ligações entre os nós e entrega e ciente de informações de dados em comparação com os mecanismos base analisados. Finalmente, todos os mecanismos desenvolvidos que fazem parte da infrastrutura de comunicação proposta foram concebidos e desenvolvidos para operar em cenários completamente descentralizados

Security techniques for sensor systems and the Internet of Things

Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We develop nesCheck, a novel approach that combines static analysis and dynamic checking to efficiently enforce memory safety on TinyOS applications. As security guarantees come at a cost, determining which resources to protect becomes important. Our solution, OptAll, leverages game-theoretic techniques to determine the optimal allocation of security resources in IoT networks, taking into account fixed and variable costs, criticality of different portions of the network, and risk metrics related to a specified security goal. Monitoring IoT devices and sensors during operation is necessary to detect incidents. We design Kalis, a knowledge-driven intrusion detection technique for IoT that does not target a single protocol or application, and adapts the detection strategy to the network features. As the scale of IoT makes the devices good targets for botnets, we design Heimdall, a whitelist-based anomaly detection technique for detecting and protecting against IoT-based denial of service attacks. Once our monitoring tools detect an attack, determining its actual cause is crucial to an effective reaction. We design a fine-grained analysis tool for sensor networks that leverages resident packet parameters to determine whether a packet loss attack is node- or link-related and, in the second case, locate the attack source. Moreover, we design a statistical model for determining optimal system thresholds by exploiting packet parameters variances. With our techniques\u27 diagnosis information, we develop Kinesis, a security incident response system for sensor networks designed to recover from attacks without significant interruption, dynamically selecting response actions while being lightweight in communication and energy overhead