Vulnerabilities of the 6P protocol for the Industrial Internet of Things: Impact analysis and mitigation

The 6TiSCH architecture defined by the IETF provides a standard solution for extending the Internet of Things (IoT) paradigm to industrial applications with stringent reliability and timeliness requirements. In this context, communication security is another crucial requirement, which is currently less investigated in the literature. In this article, we present a deep assessment of the security vulnerabilities of 6P, the protocol used for resource negotiation at the core of the 6TiSCH architecture. Specifically, we highlight two possible attacks against 6P, namely the Traffic Dispersion and the Overloading attacks. These two attacks effectively and stealthy alter the communication schedule of victim nodes and severely thwart network basic functionalities and efficiency, by specifically impacting network availability and energy consumption of victim nodes. To assess the impact of the attacks two analytical models have been defined, while, to demonstrate their feasibility, they have been implemented in Contiki-NG. The implementation has been used to quantitatively evaluate the impact of the two attacks by both simulations and measurements in a real testbed. Our results show that the impact of both attacks may be very significant. The impact, however, strongly depends on the position of the victim node(s) in the network and it is highly influenced by the dynamics of the routing protocol. We have investigated mitigation strategies to alleviate this impact and proposed an extended version of the Minimal Scheduling Function (MSF), i.e., the reference scheduling algorithm for 6TiSCH. This allows network nodes to early detect anomalies in their schedules possibly due to an Overloading attack, and thus curb the attack impact by appropriately revising their schedule

Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures

Wireless Sensor Networks (WSNs) constitute one of the most promising third-millennium technologies and have wide range of applications in our surrounding environment. The reason behind the vast adoption of WSNs in various applications is that they have tremendously appealing features, e.g., low production cost, low installation cost, unattended network operation, autonomous and longtime operation. WSNs have started to merge with the Internet of Things (IoT) through the introduction of Internet access capability in sensor nodes and sensing ability in Internet-connected devices. Thereby, the IoT is providing access to huge amount of data, collected by the WSNs, over the Internet. Hence, the security of IoT should start with foremost securing WSNs ahead of the other components. However, owing to the absence of a physical line-of-defense, i.e., there is no dedicated infrastructure such as gateways to watch and observe the flowing information in the network, security of WSNs along with IoT is of a big concern to the scientific community. More specifically, for the application areas in which CIA (confidentiality, integrity, availability) has prime importance, WSNs and emerging IoT technology might constitute an open avenue for the attackers. Besides, recent integration and collaboration of WSNs with IoT will open new challenges and problems in terms of security. Hence, this would be a nightmare for the individuals using these systems as well as the security administrators who are managing those networks. Therefore, a detailed review of security attacks towards WSNs and IoT, along with the techniques for prevention, detection, and mitigation of those attacks are provided in this paper. In this text, attacks are categorized and treated into mainly two parts, most or all types of attacks towards WSNs and IoT are investigated under that umbrella: “Passive Attacks” and “Active Attacks”. Understanding these attacks and their associated defense mechanisms will help paving a secure path towards the proliferation and public acceptance of IoT technology

Industry 4.0: Industrial IoT Enhancement and WSN Performance Analysis

L'abstract è presente nell'allegato / the abstract is in the attachmen

Towards reliable logging in the internet of things networks

The internet of things is one of the most rapidly developing technologies, and its low cost and usability make it applicable to various critical disciplines. Being a component of such critical infrastructure needs, these networks have to be dependable and offer the best outcome. Keeping track of network events is one method for enhancing network reliability, as network event logging supports essential processes such as debugging, checkpointing, auditing, root-cause analysis, and forensics. However, logging in the IoT networks is not a simple task. IoT devices are positioned in remote places with unstable connectivity and inadequate security protocols, making them vulnerable to environmental flaws and security breaches. This thesis investigates the problem of reliable logging in IoT networks. We concentrate on the problem in the presence of Byzantine behaviour and the integration of logging middleware into the network stack. To overcome these concerns, we propose a technique for distributed logging by distributing loggers around the network. We define the logger selection problem and the collection problem, and show that only the probabilistic weak variant can solve the problem. We examine the performance of the Collector algorithm in several MAC setups. We then explore the auditability notion in IoT; we show how safety specification can be enforced through the analogies of fair exchange. Next, we review our findings and their place in the existing body of knowledge. We also explore the limits we faced when investigating this problem, and we finish this thesis by providing opportunities for future work

A Survey on Layer-Wise Security Attacks in IoT: Attacks, Countermeasures, and Open-Issues

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).Security is a mandatory issue in any network, where sensitive data are transferred safely in the required direction. Wireless sensor networks (WSNs) are the networks formed in hostile areas for different applications. Whatever the application, the WSNs must gather a large amount of sensitive data and send them to an authorized body, generally a sink. WSN has integrated with Internet-of-Things (IoT) via internet access in sensor nodes along with internet-connected devices. The data gathered with IoT are enormous, which are eventually collected by WSN over the Internet. Due to several resource constraints, it is challenging to design a secure sensor network, and for a secure IoT it is essential to have a secure WSN. Most of the traditional security techniques do not work well for WSN. The merger of IoT and WSN has opened new challenges in designing a secure network. In this paper, we have discussed the challenges of creating a secure WSN. This research reviews the layer-wise security protocols for WSN and IoT in the literature. There are several issues and challenges for a secure WSN and IoT, which we have addressed in this research. This research pinpoints the new research opportunities in the security issues of both WSN and IoT. This survey climaxes in abstruse psychoanalysis of the network layer attacks. Finally, various attacks on the network using Cooja, a simulator of ContikiOS, are simulated.Peer reviewe

Energy aware optimization for low power radio technologies

The explosive growth of IoT is pushing the market towards cheap, very low power devices with a strong focus on miniaturization, for applications such as in-body sensors, personal health monitoring and microrobots. Proposing procedures for energy efficiency in IoT is a difficult task, as it is a rapidly growing market comprised of many and very diverse product categories using technologies that are not stable, evolving at a high pace. The research in this field proposes solutions that go from physical layer optimization up to the network layer, and the sensor network designer has to select the techniques that are best for its application specific architecture and radio technology used. This work is focused on exploring new techniques for enhancing the energy efficiency and user experience of IoT networks. We divide the proposed techniques in frame and chip level optimization techniques, respectively. While the frame level techniques are meant to improve the performance of existing radio technologies, the chip level techniques aim at replacing them with crystal-free architectures. The identified frame level techniques are the use of preamble authentication and packet fragmentation, advisable for Low Power Wide Area Networks (LPWANs), a technology that offers the lowest energy consumption per provided service, but is vulnerable in front of energy exhaustion attacks and does not perform well in dense networks. The use of authenticated preambles between the sensors and gateways becomes a defence mechanism against the battery draining intended by attackers. We show experimentally that this approach is able to reduce with 91% the effect of an exhaustion attack, increasing the device's lifetime from less than 0.24 years to 2.6 years. The experiments were conducted using Loadsensing sensor nodes, commercially used for critical infrastructure control and monitoring. Even if exemplified on LoRaWAN, the use of preamble authentication is extensible to any wireless protocol. The use of packet fragmentation despite the packet fits the frame, is shown to reduce the probability of collisions while the number of users in the duty-cycle restricted network increases. Using custom-made Matlab simulations, important goodput improvement was obtained with fragmentation, with higher impact in slower and denser networks. Using NS3 simulations, we showed that combining packet fragmentation with group NACK can increase the network reliability, while reducing the energy consumed for retransmissions, at the cost of adding small headers to each fragment. It is a strategy that proves to be effective in dense duty-cycle restricted networks only, where the headers overhead is negligible compared to the network traffic. As a chip level technique, we consider using radios for communication that do not use external frequency references such as crystal oscillators. This would enable having all sensor's elements on a single piece of silicon, rendering it even ten times more energy efficient due to the compactness of the chip. The immediate consequence is the loss of communication accuracy and ability to easily switch communication channels. In this sense, we propose a sequence of frequency synchronization algorithms and phases that have to be respected by a crystal-free device so that it can be able to join a network by finding the beacon channel, synthesize all communication channels and then maintain their accuracy against temperature change. The proposed algorithms need no additional network overhead, as they are using the existing network signaling. The evaluation is made in simulations and experimentally on a prototype implementation of an IEEE802.15.4 crystal-free radio. While in simulations we are able to change to another communication channel with very good frequency accuracy, the results obtained experimentally show an initial accuracy slightly above 40ppm, which will be later corrected by the chip to be below 40 ppm.El crecimiento significativo de la IoT está empujando al mercado hacia el desarrollo de dispositivos de bajo coste, de muy bajo consumo energético y con un fuerte enfoque en la miniaturización, para aplicaciones que requieran sensores corporales, monitoreo de salud personal y micro-robots. La investigación en el campo de la eficiencia energética en la IoT propone soluciones que van desde la optimización de la capa física hasta la capa de red. Este trabajo se centra en explorar nuevas técnicas para mejorar la eficiencia energética y la experiencia del usuario de las redes IoT. Dividimos las técnicas propuestas en técnicas de optimización de nivel de trama de red y chip, respectivamente. Si bien las técnicas de nivel de trama están destinadas a mejorar el rendimiento de las tecnologías de radio existentes, las técnicas de nivel de chip tienen como objetivo reemplazarlas por arquitecturas que no requieren de cristales. Las técnicas de nivel de trama desarrolladas en este trabajo son el uso de autenticación de preámbulos y fragmentación de paquetes, aconsejables para redes LPWAN, una tecnología que ofrece un menor consumo de energía por servicio prestado, pero es vulnerable frente a los ataques de agotamiento de energía y no escalan frente la densificación. El uso de preámbulos autenticados entre los sensores y las pasarelas de enlace se convierte en un mecanismo de defensa contra el agotamiento del batería previsto por los atacantes. Demostramos experimentalmente que este enfoque puede reducir con un 91% el efecto de un ataque de agotamiento, aumentando la vida útil del dispositivo de menos de 0.24 años a 2.6 años. Los experimentos se llevaron a cabo utilizando nodos sensores de detección de carga, utilizados comercialmente para el control y monitoreo de infrastructura crítica. Aunque la técnica se ejemplifica en el estándar LoRaWAN, el uso de autenticación de preámbulo es extensible a cualquier protocolo inalámbrico. En esta tesis se muestra también que el uso de la fragmentación de paquetes a pesar de que el paquete se ajuste a la trama, reduce la probabilidad de colisiones mientras aumenta el número de usuarios en una red con restricciones de ciclos de transmisión. Mediante el uso de simulaciones en Matlab, se obtiene una mejora importante en el rendimiento de la red con la fragmentación, con un mayor impacto en redes más lentas y densas. Usando simulaciones NS3, demostramos que combinar la fragmentación de paquetes con el NACK en grupo se puede aumentar la confiabilidad de la red, al tiempo que se reduce la energía consumida para las retransmisiones, a costa de agregar pequeños encabezados a cada fragmento. Como técnica de nivel de chip, consideramos el uso de radios para la comunicación que no usan referencias de frecuencia externas como los osciladores basados en un cristal. Esto permitiría tener todos los elementos del sensor en una sola pieza de silicio, lo que lo hace incluso diez veces más eficiente energéticamente debido a la integración del chip. La consecuencia inmediata, en el uso de osciladores digitales en vez de cristales, es la pérdida de precisión de la comunicación y la capacidad de cambiar fácilmente los canales de comunicación. En este sentido, proponemos una secuencia de algoritmos y fases de sincronización de frecuencia que deben ser respetados por un dispositivo sin cristales para que pueda unirse a una red al encontrar el canal de baliza, sintetizar todos los canales de comunicación y luego mantener su precisión contra el cambio de temperatura. Los algoritmos propuestos no necesitan una sobrecarga de red adicional, ya que están utilizando la señalización de red existente. La evaluación se realiza en simulaciones y experimentalmente en una implementación prototipo de una radio sin cristal IEEE802.15.4. Los resultados obtenidos experimentalmente muestran una precisión inicial ligeramente superior a 40 ppm, que luego será corregida por el chip para que sea inferior a 40 ppm.Postprint (published version