Denial of service mitigation approach for IPv6-enabled smart object networks

Denial of service (DoS) attacks can be defined as any third-party action aiming to reduce or eliminate a network's capability to perform its expected functions. Although there are several standard techniques in traditional computing that mitigate the impact of some of the most common DoS attacks, this still remains a very important open problem to the network security community. DoS attacks are even more troublesome in smart object networks because of two main reasons. First, these devices cannot support the computational overhead required to implement many of the typical counterattack strategies. Second, low traffic rates are enough to drain sensors' battery energy making the network inoperable in short times. To realize the Internet of Things vision, it is necessary to integrate the smart objects into the Internet. This integration is considered an exceptional opportunity for Internet growth but, also, a security threat, because more attacks, including DoS, can be conducted. For these reasons, the prevention of DoS attacks is considered a hot topic in the wireless sensor networks scientific community. In this paper, an approach based on 6LowPAN neighbor discovery protocol is proposed to mitigate DoS attacks initiated from the Internet, without adding additional overhead on the 6LoWPAN sensor devices.This work has been partially supported by the Instituto de Telecomunicacoes, Next Generation Networks and Applications Group (NetGNA), Portugal, and by National Funding from the FCT - Fundacao para a Ciencia e Tecnologia through the Pest-OE/EEI/LA0008/2011.Oliveira, LML.; Rodrigues, JJPC.; De Sousa, AF.; Lloret, J. (2013). Denial of service mitigation approach for IPv6-enabled smart object networks. Concurrency and Computation: Practice and Experience. 25(1):129-142. doi:10.1002/cpe.2850S129142251Gershenfeld, N., Krikorian, R., & Cohen, D. (2004). The Internet of Things. Scientific American, 291(4), 76-81. doi:10.1038/scientificamerican1004-76Akyildiz, I. F., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). Wireless sensor networks: a survey. Computer Networks, 38(4), 393-422. doi:10.1016/s1389-1286(01)00302-4Karl, H., & Willig, A. (2005). Protocols and Architectures for Wireless Sensor Networks. doi:10.1002/0470095121IEEE Std 802.15.4-2006 Part 15.4: wireless medium access control (MAC) and physical layer (PHY) specificationsfor low-rate wireless personal area networks (LR-WPANs) 2006ZigBee Alliance ZigBee Specification 2007WirelessHARThomepage 2012 http://www.hartcomm.org/Hui, J. W., & Culler, D. E. (2008). Extending IP to Low-Power, Wireless Personal Area Networks. IEEE Internet Computing, 12(4), 37-45. doi:10.1109/mic.2008.79Kushalnagar N Montenegro G Schumacher C IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals 2007Montenegro G Kushalnagar N Hui J Culler D Transmission of IPv6 Packets over IEEE 802.15.4 Networks 2007Shelby Z Thubert P Hui J Chakrabarti S Bormann C Nordmark E 6LoWPAN Neighbor Discovery 2011Zhou, L., Chao, H.-C., & Vasilakos, A. V. (2011). Joint Forensics-Scheduling Strategy for Delay-Sensitive Multimedia Applications over Heterogeneous Networks. IEEE Journal on Selected Areas in Communications, 29(7), 1358-1367. doi:10.1109/jsac.2011.110803Roman, R., & Lopez, J. (2009). Integrating wireless sensor networks and the internet: a security analysis. Internet Research, 19(2), 246-259. doi:10.1108/10662240910952373Wang, Y., Attebury, G., & Ramamurthy, B. (2006). A survey of security issues in wireless sensor networks. IEEE Communications Surveys & Tutorials, 8(2), 2-23. doi:10.1109/comst.2006.315852Xiaojiang Du, & Hsiao-Hwa Chen. (2008). Security in wireless sensor networks. IEEE Wireless Communications, 15(4), 60-66. doi:10.1109/mwc.2008.4599222Pelechrinis, K., Iliofotou, M., & Krishnamurthy, S. V. (2011). Denial of Service Attacks in Wireless Networks: The Case of Jammers. IEEE Communications Surveys & Tutorials, 13(2), 245-257. doi:10.1109/surv.2011.041110.00022Zhou, L., Wang, X., Tu, W., Muntean, G., & Geller, B. (2010). Distributed scheduling scheme for video streaming over multi-channel multi-radio multi-hop wireless networks. IEEE Journal on Selected Areas in Communications, 28(3), 409-419. doi:10.1109/jsac.2010.100412Lin, K., Lai, C.-F., Liu, X., & Guan, X. (2010). Energy Efficiency Routing with Node Compromised Resistance in Wireless Sensor Networks. Mobile Networks and Applications, 17(1), 75-89. doi:10.1007/s11036-010-0287-xLi, H., Lin, K., & Li, K. (2011). Energy-efficient and high-accuracy secure data aggregation in wireless sensor networks. Computer Communications, 34(4), 591-597. doi:10.1016/j.comcom.2010.02.026Oliveira, L. M. L., de Sousa, A. F., & Rodrigues, J. J. P. C. (2011). Routing and mobility approaches in IPv6 over LoWPAN mesh networks. International Journal of Communication Systems, 24(11), 1445-1466. doi:10.1002/dac.1228Narten T Nordmark E Simpson W Soliman H Neighbor Discovery for IP version 6 (IPv6) 2007Singh H Beebee W Nordmark E IPv6 Subnet Model: The Relationship between Links and Subnet Prefixes 2010Roman, R., Lopez, J., & Gritzalis, S. (2008). Situation awareness mechanisms for wireless sensor networks. IEEE Communications Magazine, 46(4), 102-107. doi:10.1109/mcom.2008.4481348Sakarindr, P., & Ansari, N. (2007). Security services in group communications over wireless infrastructure, mobile ad hoc, and wireless sensor networks. IEEE Wireless Communications, 14(5), 8-20. doi:10.1109/mwc.2007.4396938Tsao T Alexander R Dohler M Daza V Lozano A A Security Framework for Routing over Low Power and Lossy Networks 2009Karlof C Wagner D Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 2003 113 127 10.1109/SNPA.2003.1203362Hui J Thubert P Compression Format for IPv6 Datagrams in 6LoWPAN Networks 2009Elaine Shi, & Perrig, A. (2004). Designing Secure Sensor Networks. IEEE Wireless Communications, 11(6), 38-43. doi:10.1109/mwc.2004.1368895Akkaya, K., & Younis, M. (2005). A survey on routing protocols for wireless sensor networks. Ad Hoc Networks, 3(3), 325-349. doi:10.1016/j.adhoc.2003.09.01

Robust, Resilient Networked Communication in Challenged Environments

In challenged environments, digital communication infrastructure may be difficult or even impossible to access. This is especially true in rural and developing regions, as well as in any region during a time of political or environmental crisis. We advance the state of the art in wireless networking and security to design networks and applications that rapidly assess changing networking conditions to restore communication and provide local situational awareness. This dissertation examines new systems for responding to current and emerging needs for wireless networks. This work looks across the wireless ecosystem of widely deployed standards. We develop new tools to improve network assessment and to provide robust and reliable network communication. By incorporating new technological breakthroughs, such as the wide commercial success of Unmanned Aircraft Systems (UAS), we introduce novel methods and systems for existing wireless standards for these challenged networks. We assess how existing technologies and standards function in difficult environments: lacking end-end Internet connectivity, experiencing overload or other resource constraints, and operating in three dimensional space. Through this lens, we demonstrate how to optimize networks to serve marginalized communities outside of first world urban cities and make our networks resilient to natural and political crisis that threaten communication

Mesh Networking in Cyber-Physical Production Systems: Towards Modular Industrial Equipment Integration

Ensuring uninterrupted interaction of modular industrial equipment units is one of the most important engineering tasks. The concept of Cyber-Physical Production Systems (CPPS) assumes that the distributed network should correspond to the current industrial process and be able to quickly reorganize it when changes occur. If composition of the equipment becomes more complicated, a standard topology with one central control node might get ineffective. This article describes the application of mesh-network technology to ensure the interaction of industrial devices and sensors included in the modular equipment. Virtual deployment of the network and a description network nodes interaction including new node registration in the dispatcher registry are given

Managing Mobility for Distributed Smart Cities Services

The IoT refers to the idea of internetworking physical devices, vehicles, buildings, and any other item embedded with the appropriate electronics, software, sensors, actuators, and network connectivity to allows them to interchange data and to provide highly effective new services. In this thesis we focus on the communications issues of the IoT in relation to mobility and we provide different solutions to alleviate the impact of these potential problems and to guarantee the information delivery in mobile scenarios. Our reference context is a Smart City where various mobile devices collaboratively participate, periodically sending information from their sensors. We assume that these services are located in platforms based in cloud infrastructures where the information is protected through the use of virtualisation ensuring their security and privacy. This thesis is structured into seven chapters. We first detail our objectives and identify the current problems we intend to address. Next, we provide a thorough review of the state of the art of all the areas involved in our work, highlighting how we improved the existing solutions with our research. The overall approach of the solutions we propose in this thesis use prototypes that encompasses and integrates different technologies and standards in a small infrastructure, using real devices in real scenarios with two of the most commonly used networks around the world: WiFi and 802.15.4 to efficiently solve the problems we originally identified. We focussed on protocols based on a producer/consumer paradigm, namely AMQP and particularly MQTT. We observed the behaviour of these protocols using in lab experiments and in external environments, using a mesh wireless network as the backbone network. Various issues raised by mobility were taken into consideration, and thus, we repeated the tests with different messages sizes and different inter-message periodicity, in order to model different possible applications. We also present a model for dimensioning the number of sources for mobile nodes and calculating the number of buffers required in the mobile node as a function of the number of sources and the size of the messages. We included a mechanism for avoiding data loss based on intermediate buffering adapted to the MQTT protocol that, in conjunction with the use of an alternative to the Network Manager in certain contexts, improves the connection establishment for wireless mobile clients. We also performed a detailed study of the jitter behaviour of a mobile node when transmitting messages with this proposal while moving through a real outdoor scenario. To emulate simple IoT networks we used the Cooja simulator to study and determine the effects on the probability of delivering messages when both publishers and subscribers were added to different scenarios. Finally we present an approach that combines the MQTT protocol with DTN which we specifically designed for constrained environments and guarantees that important information will never be lost. The advantage of our proposed solutions is that they make an IoT system more resilient to changes in the point of attachment of the mobile devices in an IoT network without requiring IoT application & service developers to explicitly consider this issue. Moreover, our solutions do not require additional support from the network through protocols such as MobileIP or LISP. We close the thesis by providing some conclusions, and identifying future lines of work which we unable to address here.Internet de las cosas (IoT) se refiere a la idea de interconectar sensores, actuadores, dispositivos físicos, vehículos, edificios y cualquier elemento dotado de la electrónica, así como del software y de la conectividad de red que los hace capaces de intercambiar datos para proporcionar servicios altamente efectivos. En esta tesis nos centramos en temas relacionados con la comunicación de sistemas IoT, específicamente en situaciones de movilidad y en los problemas que esto conlleva. Con este fin ofrecemos diferentes soluciones que alivian su impacto y garantizan la entrega de información en estas situaciones. El contexto de referencia es una ciudad inteligente donde varios dispositivos móviles participan de forma colaborativa enviando periódicamente información desde sus sensores hacia servicios ubicados en plataformas en la nube (cloud computing) donde mediante el uso de virtualización, la información está protegida garantizando su seguridad y privacidad. Las soluciones propuestas en esta tesis se enfocan en probar sobre una pequeña infraestructura un prototipo que abarca e integra diferentes tecnologías y estándares para resolver eficientemente los problemas previamente identificados. Hemos enfocado nuestro esfuerzo en el uso de dispositivos sobre escenarios reales con dos de las redes más extendidas en todo el mundo: WiFi y enlaces 802.15.4. Nos enfocamos en protocolos que ofrecen el paradigma productor/consumidor como el protocolo avanzado de colas de mensajes (AMQP) y particularmente el protocolo de transporte de mensajes telemétricos (MQTT), observamos su comportamiento a través de experimentos en laboratorio y en pruebas al aire libre, repitiendo las pruebas con diferentes tamaños de mensajes y diferente periodicidad entre mensajes. Para modelar las diferentes posibles aplicaciones de la propuesta, se tomaron en consideración varias cuestiones planteadas por la movilidad, resultando en un modelo para dimensionar eficientemente el número de fuentes para un nodo móvil y para calcular el tamaño requerido del buffer, en función del número de fuentes y del tamaño de los mensajes. Proponemos un mecanismo adaptado al protocolo MQTT que evita la pérdida de datos en clientes móviles, basado en un buffer intermedio entre la producción y publicación de mensajes que, en conjunto con el uso de una alternativa al gestor de conexiones inalámbricas "Network Manager", en ciertos contextos mejora el establecimiento de las conexiones. Para la evaluación de esta propuesta se presenta un estudio detallado de un nodo móvil que se mueve en un escenario real al aire libre, donde estudiamos el comportamiento del jitter y la transmisión de mensajes. Además, hemos utilizado emuladores de redes IoT para estudiar y determinar los efectos sobre la probabilidad de entrega de mensajes, cuando se agregan tanto publicadores como suscriptores a diferentes escenarios. Finalmente, se presenta una solución totalmente orientada a entornos con dispositivos de recursos limitados que combina los protocolos MQTT con redes tolerantes a retardos (DTN) para garantizar la entrega de información. La ventaja de las soluciones que proponemos reside en el hecho de que los sistemas IoT se vuelven resilientes a la movilidad y a los cambios de punto de acceso, permitiendo así que los desarrolladores creen fácilmente aplicaciones y servicios IoT evitando considerar estos problema. Otra ventaja de nuestras soluciones es que no necesitan soporte adicional de la red como sucede con protocolos como MobileIP o el protocolo que separa el identificador del localizador (LISP). Se destaca cómo hemos mejorado las soluciones existentes hasta el momento de la escritura de esta disertación, y se identifican futuras líneas de actuación que no han sido contempladas.Internet de les coses (IoT) es refereix a la idea d'interconnectar sensors, actuadors, dispositius físics, vehicles, edificis i qualsevol element dotat de l'electrònica, així com del programari i de la connectivitat de xarxa que els fa capaces d'intercanviar dades per proporcionar serveis altament efectius. En aquesta tesi ens centrem en temes relacionats amb la comunicació de sistemes IoT, específicament en situacions de mobilitat i en els problemes que això comporta. A aquest efecte oferim diferents solucions que alleugeren el seu impacte i garanteixen el lliurament d'informació en aquestes situacions. El context de referència és una ciutat intel·ligent on diversos dispositius mòbils participen de forma col·laborativa enviant periòdicament informació des dels seus sensors cap a serveis situats en plataformes en el núvol (cloud computing) on mitjançant l'ús de virtualització, la informació està protegida garantint la seva seguretat i privadesa. Les solucions proposades en aquesta tesi s'enfoquen a provar sobre una xicoteta infraestructura un prototip que abasta i integra diferents tecnologies i estàndards per a resoldre eficientment els problemes prèviament identificats. Hem enfocat el nostre esforç en l'ús de dispositius sobre escenaris reals amb dos de les xarxes més esteses a tot el món: WiFi i enllaços 802.15.4. Ens enfoquem en protocols que ofereixen el paradigma productor/consumidor com el protocol avançat de cues de missatges (AMQP) i particularment el protocol de transport de missatges telemètrics (MQTT), observem el seu comportament a través d'experiments en laboratori i en proves a l'aire lliure, repetint les proves amb diferents grandàries de missatges i diferent periodicitat entre missatges. Per a modelar les diferents possibles aplicacions de la proposta, es van prendre en consideració diverses qüestions plantejades per la mobilitat, resultant en un model per a dimensionar eficientment el nombre de fonts per a un node mòbil i per a calcular la grandària requerida del buffer, en funció del nombre de fonts i de la grandària dels missatges. Proposem un mecanisme adaptat al protocol MQTT que evita la pèrdua de dades per a clients mòbils, basat en un buffer intermedi entre la producció i publicació de missatges que en conjunt amb l'ús d'una alternativa al gestor de connexions sense fils "Network Manager'', en certs contextos millora l'establiment de les connexions. Per a l'avaluació d'aquesta proposta es presenta un estudi detallat d'un node mòbil que es mou en un escenari real a l'aire lliure, on estudiem el comportament del jitter i la transmissió de missatges. A més, hem utilitzat emuladors de xarxes IoT per a estudiar i determinar els efectes sobre la probabilitat de lliurament de missatges, quan s'agreguen tant publicadors com subscriptors a diferents escenaris. Finalment, es presenta una solució totalment orientada a entorns amb dispositius de recursos limitats que combina els protocols MQTT amb xarxes tolerants a retards (DTN) per a garantir el lliurament d'informació. L'avantatge de les solucions que proposem resideix en el fet que els sistemes IoT es tornen resilients a la mobilitat i als canvis de punt d'accés, permetent així que els desenvolupadors creuen fàcilment aplicacions i serveis IoT evitant considerar aquests problema. Un altre avantatge de les nostres solucions és que no necessiten suport addicional de la xarxa com succeeix amb protocols com MobileIP o el protocol que separa l'identificador del localitzador (LISP). Es destaca com hem millorat les solucions existents fins al moment de l'escriptura d'aquesta dissertació, i s'identifican futures línies d'actuació que no han sigut contemplades.Luzuriaga Quichimbo, JE. (2017). Managing Mobility for Distributed Smart Cities Services [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/84744TESI

Cloud Computing

In the recent years, Cloud Computing has become very popular and an interesting subject in the field of science and technology. The research efforts in the Cloud Computing have led to a number of applications used for the convenience in daily life. Cloud Computing is not only providing solutions at the enterprise level but it is also suitable in organizing a centralized database which is accessible from every corner of the world. It is said that, 10 to 15 years later when all the enterprises have adopted the Cloud Computing, there will be no more perception for the data center in the company. The aim of this Master’s thesis “Cloud Computing: Server Configuration and Software Implementation for the Data Collection with Wireless Sensor Nodes” was to integrate the Wireless Sensor Network with Cloud Computing in a such a way that the data received from the Sensor node can be access able from anywhere in the world. To accomplish this task, a Wireless Sensor Network was deployed to measure the environmental conditions such as Temperature, Light and the Sensor’s battery information and the measured values are sent to a web server from where the data can be accessed. The project also includes the software implementation to collect the sensor’s measurements and a Graphical User Interface (GUI) application which reads the values from the sensor network and stores it to the database.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Simulation of attacks for security in wireless sensor network

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node?s software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work.This work has been funded by the Spanish MICINN under the TEC2011-28666-C04-02 and TEC2014-58036-C4-3-R project

Analytic Conditions for Energy Neutrality in Uniformly-Formed Wireless Sensor Networks

Future deployments of wireless sensor network (WSN) infrastructures for environmental or event monitoring are expected to be equipped with energy harvesters (e.g. piezoelectric, thermal, photovoltaic) in order to substantially increase their autonomy. In this paper we derive conditions for energy neutrality, i.e. perpetual energy autonomy per sensor node, by balancing the node's expected energy consumption with its expected energy harvesting capability. Our analysis assumes a uniformly-formed WSN, i.e. a network comprising identical transmitter sensor nodes and identical receiver/relay sensor nodes with a balanced cluster-tree topology. The proposed framework is parametric to: (i) the duty cycle for the network activation; (ii) the number of nodes in the same tier of the cluster-tree topology; (iii) the consumption rate of the receiver node(s) that collect (and possibly relay) data along with their own; (iv) the marginal probability density function (PDF) characterizing the data transmission rate per node; (v) the expected amount of energy harvested by each node. Based on our analysis, we obtain the number of nodes leading to the minimumenergy harvestingrequirement for each tier of the WSN cluster-tree topology. We also derive closed-form expressions for the difference in the minimum energy harvesting requirements between four transmission rate PDFs in function of the WSN parameters. Our analytic results are validated via experiments using TelosB sensor nodes and an energy measurement testbed. Our framework is useful for feasibility studies on energy harvesting technologies in WSNs and for optimizing the operational settings of hierarchical WSN-based monitoring infrastructures prior to time-consuming testing and deployment within the application environment