Spamming the Internet of Things: A Possibility and its probable Solution

AbstractThe Internet of Things (IoT) enabled users to bring physical objects into the sphere of cyber world. This was made possible by different tagging technologies like NFC, RFID and 2D barcode which allowed physical objects to be identified and referred over the Internet. Due to less complexity and low development and deployment cost of 2D barcodes, they have become modus operandi for building an IoT system. This paper explores the possibility of spamming the Internet of Things. It tries to establish that web spammers can use 2D barcodes to flood the physical side of the IoT, trick users to see or reach unsolicited and unrelated content over the Internet and possibly destroy the legitimacy of correct content. Preliminary results from an experiment establishing the possibility of the problem are outlined. This paper also proposes the use of digital signatures (ECDSA) to address the problem of spamming the IoT. A prototype implementation of the solution and its experimental results are given in this paper

Securing Communication Channels in IoT using an Android Smart Phone

In today's world, smart devices are a necessity to have, and represent an essential tool for performing daily activities. With this comes the need to secure the communication between the IoT devices in the consumer's home, to prevent attacks that may jeopardize the confidentiality and integrity of communication between the IoT devices. The life cycle of a a simple device includes a series of stages that the device undergoes: from construction and production to decommissioning. In this thesis, the Manufacturing, Bootstrapping and Factory Reset parts of IoT device's life cycle are considered, focusing on security. For example, the Controller of user's home network (e.g., user's smart phone) should bootstrap the ``right'' IoT device and the IoT device should bootstrap with the ``right'' Controller. The security is based on device credentials, such as the device certificate during the bootstrapping process, and the operational credentials that are provisioned to the IoT device from the Controller during the bootstrapping. The goal of this thesis is to achieve easy-to-use and secure procedure for setting up the IoT device into a home network, and for controlling that IoT device from an Android mobile phone (Controller). The objectives are: (1) explore the different aspects of using a smartphone as a Controller device to securely manage the life cycle of a simple device; (2) propose a system design for securely managing the life cycle of a simple device from a Controller compliant with existing standards, (e.g. Lightweight Machine to Machine (LwM2M) is an industrial standard used to manage and control industrial IoT Devices); (3) implement a proof of concept based on the system design; (4) provide a user-friendly interface for a better experience for the user by using popular bootsrapping methods such as QR code scanning; (5) discuss the choices regarding securing credentials and managing data, and achieve a good balance between usability and security during the bootstrapping process. In order to achieve those goals, the state-of-art technologies for IoT device management were studied. Then an Android application that uses LwM2M standard in consumer's home setting was specified, designed and implemented. The Android application is wrapped in a smooth user interface that allows the user a good experience when attempting to connect and control the target IoT device

Designing an architecture for secure sharing of personal health records : a case of developing countries

Includes bibliographical references.While there has been an increase in the design and development of Personal Health Record (PHR) systems in the developed world, little has been done to explore the utility of these systems in the developing world. Despite the usual problems of poor infrastructure, PHR systems designed for the developing world need to conform to users with different models of security and literacy than those designed for developed world. This study investigated a PHR system distributed across mobile devices with a security model and an interface that supports the usage and concerns of low literacy users in developing countries. The main question addressed in this study is: “Can personal health records be stored securely and usefully on mobile phones?” In this study, mobile phones were integrated into the PHR architecture that we/I designed because the literature reveals that the majority of the population in developing countries possess mobile phones. Additionally, mobile phones are very flexible and cost efficient devices that offer adequate storage and computing capabilities to users for typically communication operations. However, it is also worth noting that, mobile phones generally do not provide sufficient security mechanisms to protect the user data from unauthorized access

Pervasive Services for Flexible Spaces

Shared spaces are increasingly being used in working environments to cope with the limitations in the available facilities, in terms of both square meters and costs. One important example of shared resource is represented by a meeting room that can be booked and used by several actors, for instance, companies co-located in a business hub. To this end, current reservation systems have several limitations. First, access control is not really enforced based on the owner of the booking. Second, it is difficult to monitor the utilization of resources unless occupancy sensors are deployed, thus incurring in additional costs. In this thesis we have realized a cloud-based reservation and access system for shared rooms. Our solution is based on an electronic lock and a digital sign together with a reservation server. Users can book a room by using third-party authentication and can access the room by a simple and usable method that involves scanning a QR Code with a mobile phone. We have designed the sys- tem architecture and have implemented the service by using modern mobile web technologies. We have also analyzed the economic feasibility of our approach and developed a supporting business model. Our system has been piloted in the Learning Hub of the Computer Science library as part of the Flexible Spaces Service project sponsored by the EIT ICT Labs