Security for the Industrial IoT: The Case for Information-Centric Networking

Industrial production plants traditionally include sensors for monitoring or documenting processes, and actuators for enabling corrective actions in cases of misconfigurations, failures, or dangerous events. With the advent of the IoT, embedded controllers link these `things' to local networks that often are of low power wireless kind, and are interconnected via gateways to some cloud from the global Internet. Inter-networked sensors and actuators in the industrial IoT form a critical subsystem while frequently operating under harsh conditions. It is currently under debate how to approach inter-networking of critical industrial components in a safe and secure manner. In this paper, we analyze the potentials of ICN for providing a secure and robust networking solution for constrained controllers in industrial safety systems. We showcase hazardous gas sensing in widespread industrial environments, such as refineries, and compare with IP-based approaches such as CoAP and MQTT. Our findings indicate that the content-centric security model, as well as enhanced DoS resistance are important arguments for deploying Information Centric Networking in a safety-critical industrial IoT. Evaluation of the crypto efforts on the RIOT operating system for content security reveal its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201

Will Wi-Fi Make Your Private Network Public? Wardriving, Criminal and Civil Liability, and the Security Risks of Wireless Networks

Wireless networking is growing in popularity because it is often cheaper and more convenient than other computer networking systems. Wireless networks, however, are also very hard to secure. Locating insecure wireless networks and advertising their locations is an activity known as “wardriving.” Exploiting the vulnerability of a wireless network to hack into the computer system or to monitor the wireless transmissions can give rise to liability under federal felony and misdemeanor statutes, as well as federal civil liability and liability under state law private causes of action. When introducing wireless networking into business information systems, system administrators should use all possible care to secure the network, and IT policies and practices should be updated to make sure that wireless networking risks that cannot be eliminated through technology are managed prudently

Verifiably-safe software-defined networks for CPS

Next generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., not requiring manual intervention at any stage), but still maintain iron-clad safety guarantees. Software-defined networking standards like OpenFlow provide a means for scalably building tailor-made network architectures, but there is no guarantee that these systems are safe, correct, or secure. In this work we propose a methodology and accompanying tools for specifying and modeling distributed systems such that existing formal verification techniques can be transparently used to analyze critical requirements and properties prior to system implementation. We demonstrate this methodology by iteratively modeling and verifying an OpenFlow learning switch network with respect to network correctness, network convergence, and mobility-related properties. We posit that a design strategy based on the complementary pairing of software-defined networking and formal verification would enable the CPS community to build next-generation systems without sacrificing the safety and reliability that these systems must deliver

Named data networking for efficient IoT-based disaster management in a smart campus

Disasters are uncertain occasions that can impose a drastic impact on human life and building infrastructures. Information and Communication Technology (ICT) plays a vital role in coping with such situations by enabling and integrating multiple technological resources to develop Disaster Management Systems (DMSs). In this context, a majority of the existing DMSs use networking architectures based upon the Internet Protocol (IP) focusing on location-dependent communications. However, IP-based communications face the limitations of inefficient bandwidth utilization, high processing, data security, and excessive memory intake. To address these issues, Named Data Networking (NDN) has emerged as a promising communication paradigm, which is based on the Information-Centric Networking (ICN) architecture. An NDN is among the self-organizing communication networks that reduces the complexity of networking systems in addition to provide content security. Given this, many NDN-based DMSs have been proposed. The problem with the existing NDN-based DMS is that they use a PULL-based mechanism that ultimately results in higher delay and more energy consumption. In order to cater for time-critical scenarios, emergence-driven network engineering communication and computation models are required. In this paper, a novel DMS is proposed, i.e., Named Data Networking Disaster Management (NDN-DM), where a producer forwards a fire alert message to neighbouring consumers. This makes the nodes converge according to the disaster situation in a more efficient and secure way. Furthermore, we consider a fire scenario in a university campus and mobile nodes in the campus collaborate with each other to manage the fire situation. The proposed framework has been mathematically modeled and formally proved using timed automata-based transition systems and a real-time model checker, respectively. Additionally, the evaluation of the proposed NDM-DM has been performed using NS2. The results prove that the proposed scheme has reduced the end-to-end delay up from 2% to 10% and minimized up to 20% energy consumption, as energy improved from 3% to 20% compared with a state-of-the-art NDN-based DMS

Utilizing the Messaging Layer Security Protocol in a Lossy Communications Aerial Swarm

Recent advancements in unmanned aerial vehicle (UAV) capabilities have led to increasing research into swarming systems. Unfortunately, efforts to date have not resulted in viable secure communications frameworks, and the limited processing power and constrained networking environments that characterize these systems preclude the use of many existing secure group communications protocols. The Messaging Layer Security (MLS) protocol, currently under development at the Internet Engineering Task Force (IETF), offers some attractive properties for these types of systems. This work looks at integrating MLS into the Advanced Robotic Systems Engineering Laboratory (ARSENL) UAV swarm system as a means of assessing its efficacy. Implementation test results are presented both for experiments conducted in a simulation environment and with physical UAVs

UTILIZING THE MESSAGING LAYER SECURITY PROTOCOL IN A LOSSY COMMUNICATIONS AERIAL SWARM

Recent advancements in unmanned aerial vehicle (UAV) capabilities have led to increasing research into swarming systems. Tactical employment of UAV swarms, however, will require secure communications. Unfortunately, efforts to date have not resulted in viable secure communications frameworks. Furthermore, the limited processing power and constrained networking environments that characterize these systems preclude the use of many existing secure group communications protocols. Recent research in secure group communications indicates that the Messaging Layer Security (MLS) protocol might provide an attractive option for these types of systems. This thesis documents the integration of MLS into the Advanced Robotic Systems Engineering Laboratory (ARSENL) UAV swarm system. The ARSENL implementation is intended as a proof-of-concept demonstration of the efficacy of MLS for secure swarm communications. Implementation test results are presented both for experiments conducted in a simulation environment and experiments with physical UAVs. These results indicate that MLS is suitable for a swarm, with the caveat that testing did not implement a delivery mechanism to ensure reliable packet delivery. For future work, mitigation of unreliable communications paths is required if a reliable MLS system is to be maintained.Civilian, CyberCorps: Scholarship for ServiceApproved for public release. Distribution is unlimited

Security and Privacy in Heterogeneous Wireless and Mobile Networks: Challenges and Solutions

abstract: The rapid advances in wireless communications and networking have given rise to a number of emerging heterogeneous wireless and mobile networks along with novel networking paradigms, including wireless sensor networks, mobile crowdsourcing, and mobile social networking. While offering promising solutions to a wide range of new applications, their widespread adoption and large-scale deployment are often hindered by people's concerns about the security, user privacy, or both. In this dissertation, we aim to address a number of challenging security and privacy issues in heterogeneous wireless and mobile networks in an attempt to foster their widespread adoption. Our contributions are mainly fivefold. First, we introduce a novel secure and loss-resilient code dissemination scheme for wireless sensor networks deployed in hostile and harsh environments. Second, we devise a novel scheme to enable mobile users to detect any inauthentic or unsound location-based top-k query result returned by an untrusted location-based service providers. Third, we develop a novel verifiable privacy-preserving aggregation scheme for people-centric mobile sensing systems. Fourth, we present a suite of privacy-preserving profile matching protocols for proximity-based mobile social networking, which can support a wide range of matching metrics with different privacy levels. Last, we present a secure combination scheme for crowdsourcing-based cooperative spectrum sensing systems that can enable robust primary user detection even when malicious cognitive radio users constitute the majority.Dissertation/ThesisPh.D. Electrical Engineering 201

Secure Space Mesh Networking

Innoflight’s Secure Space Mesh Networking development and prototyping efforts started at its incorporation over 15 years ago with a vision of establishing end-to-end Internet Protocol (IP) connectivity in and through space. A number of space industry trends have accelerated the demand for space networking: (a) the widespread adoption of enterprise-grade and cloud-based, IP-centric ground system architectures; (b) the accelerated growth of both commercial and government proliferated Low Earth Orbit (pLEO) constellations leveraging small satellites (SmallSats); (c) the maturation, miniaturization and commoditization of high-speed Radio Frequency (RF), Free Space Optical (FSO) Inter-Satellite Links (ISLs), and high-performance flight processors for aforementioned SmallSats; and (d) the need for All-Domain Operations (ADO) seamlessly and autonomously integrating space, airborne, terrestrial, maritime and underwater networks. Furthermore, data encryption, for reasons of either National Security or monetized mission data protection, creates additional challenges to effectively switch/route and encrypt/decrypt ciphertext data across a mesh network. Lastly, with the projection of multiple and multi-national pLEO constellations, it is critical to negotiate link security real-time for dynamic, trusted nodes, and prevent inadvertent or intentional networking with unknown/untrusted nodes. Innoflight will discuss the aforementioned relevant space industry trends and commercial and government initiatives, including DARPA (Defense Advanced Research Projects Agency) Blackjack and Space Development Agency’s (SDA) National Defense Space Architecture (NDSA), and then identify the technical challenges for secure space mesh networking and decompose these challenges with two popular frameworks: (a) the individual layers, especially Layer 2 (data/link layer) and Layer 3 (network layer), within the Open Systems Interconnection (OSI) model; and (b) the control and data planes within the Software Defined Networking (SDN) model. Innoflight will present its development and prototyping efforts, specific to these challenges, including recent work funded under a 2019 Space Pitch Day award and leveraging its general-purpose processing and networking CFC-400X platform, and conclude by identifying remaining gaps: including technical, commercial and policy; to fully realize interoperable secure space mesh networking.