A survey on wireless ad hoc networks

A wireless ad hoc network is a collection of wireless nodes that can dynamically self-organize into an arbitrary and temporary topology to form a network without necessarily using any pre-existing infrastructure. These characteristics make ad hoc networks well suited for military activities, emergency operations, and disaster recoveries. Nevertheless, as electronic devices are getting smaller, cheaper, and more powerful, the mobile market is rapidly growing and, as a consequence, the need of seamlessly internetworking people and devices becomes mandatory. New wireless technologies enable easy deployment of commercial applications for ad hoc networks. The design of an ad hoc network has to take into account several interesting and difficult problems due to noisy, limited-range, and insecure wireless transmissions added to mobility and energy constraints. This paper presents an overview of issues related to medium access control (MAC), routing, and transport in wireless ad hoc networks and techniques proposed to improve the performance of protocols. Research activities and problems requiring further work are also presented. Finally, the paper presents a project concerning an ad hoc network to easily deploy Internet services on low-income habitations fostering digital inclusion8th IFIP/IEEE International conference on Mobile and Wireless CommunicationRed de Universidades con Carreras en Informática (RedUNCI

Anticipation of ETX Metric to manage Mobility in Ad Hoc Wireless Networks

International audienceWhen a node is moving in a wireless network, the routing metrics associated to its wireless links may reflect link quality degrada- tions and help the routing process to adapt its routes. Unfortunately, an important delay between the metric estimation and its inclusion in the routing process makes this approach inefficient. In this paper, we intro- duce an algorithm that predicts metric values a few seconds in advance, in order to compensate the delay involved by the link quality measurement and their dissemination by the routing protocol. We consider classical metrics, in particular ETX (Expected Transmission Count) and ETT (Expected Transmission Time), but we combine their computations to our prediction algorithm. Extensive simulations show the route enhance- ment as the Packet Delivery Ratio (PDR) is close to 1 in presence of mobility

A survey on wireless ad hoc networks

A wireless ad hoc network is a collection of wireless nodes that can dynamically self-organize into an arbitrary and temporary topology to form a network without necessarily using any pre-existing infrastructure. These characteristics make ad hoc networks well suited for military activities, emergency operations, and disaster recoveries. Nevertheless, as electronic devices are getting smaller, cheaper, and more powerful, the mobile market is rapidly growing and, as a consequence, the need of seamlessly internetworking people and devices becomes mandatory. New wireless technologies enable easy deployment of commercial applications for ad hoc networks. The design of an ad hoc network has to take into account several interesting and difficult problems due to noisy, limited-range, and insecure wireless transmissions added to mobility and energy constraints. This paper presents an overview of issues related to medium access control (MAC), routing, and transport in wireless ad hoc networks and techniques proposed to improve the performance of protocols. Research activities and problems requiring further work are also presented. Finally, the paper presents a project concerning an ad hoc network to easily deploy Internet services on low-income habitations fostering digital inclusion8th IFIP/IEEE International conference on Mobile and Wireless CommunicationRed de Universidades con Carreras en Informática (RedUNCI

Tecnologias IoT para pastoreio e controlo de postura animal

The unwanted and adverse weeds that are constantly growing in vineyards, force wine producers to repeatedly remove them through the use of mechanical and chemical methods. These methods include machinery such as plows and brushcutters, and chemicals as herbicides to remove and prevent the growth of weeds both in the inter-row and under-vine areas. Nonetheless, such methods are considered very aggressive for vines, and, in the second case, harmful for the public health, since chemicals may remain in the environment and hence contaminate water lines. Moreover, such processes have to be repeated over the year, making it extremely expensive and toilsome. Using animals, usually ovines, is an ancient practice used around the world. Animals, grazing in vineyards, feed from the unwanted weeds and fertilize the soil, in an inexpensive, ecological and sustainable way. However, sheep may be dangerous to vines since they tend to feed on grapes and on the lower branches of the vines, which causes enormous production losses. To overcome that issue, sheep were traditionally used to weed vineyards only before the beginning of the growth cycle of grapevines, thus still requiring the use of mechanical and/or chemical methods during the remainder of the production cycle. To mitigate the problems above, a new technological solution was investigated under the scope of the SheepIT project and developed in the scope of this thesis. The system monitors sheep during grazing periods on vineyards and implements a posture control mechanism to instruct them to feed only from the undesired weeds. This mechanism is based on an IoT architecture, being designed to be compact and energy efficient, allowing it to be carried by sheep while attaining an autonomy of weeks. In this context, the thesis herein sustained states that it is possible to design an IoT-based system capable of monitoring and conditioning sheep’s posture, enabling a safe weeding process in vineyards. Moreover, we support such thesis in three main pillars that match the main contributions of this work and that are duly explored and validated, namely: the IoT architecture design and required communications, a posture control mechanism and the support for a low-cost and low-power localization mechanism. The system architecture is validated mainly in simulation context while the posture control mechanism is validated both in simulations and field experiments. Furthermore, we demonstrate the feasibility of the system and the contribution of this work towards the first commercial version of the system.O constante crescimento de ervas infestantes obriga os produtores a manter um processo contínuo de remoção das mesmas com recurso a mecanismos mecânicos e/ou químicos. Entre os mais populares, destacam-se o uso de arados e roçadores no primeiro grupo, e o uso de herbicidas no segundo grupo. No entanto, estes mecanismos são considerados agressivos para as videiras, assim como no segundo caso perigosos para a saúde pública, visto que os químicos podem permanecer no ambiente, contaminando frutos e linhas de água. Adicionalmente, estes processos são caros e exigem mão de obra que escasseia nos dias de hoje, agravado pela necessidade destes processos necessitarem de serem repetidos mais do que uma vez ao longo do ano. O uso de animais, particularmente ovelhas, para controlar o crescimento de infestantes é uma prática ancestral usada em todo o mundo. As ovelhas, enquanto pastam, controlam o crescimento das ervas infestantes, ao mesmo tempo que fertilizam o solo de forma gratuita, ecológica e sustentável. Não obstante, este método foi sendo abandonado visto que os animais também se alimentam da rama, rebentos e frutos da videira, provocando naturais estragos e prejuízos produtivos. Para mitigar este problema, uma nova solução baseada em tecnologias de Internet das Coisas é proposta no âmbito do projeto SheepIT, cuja espinha dorsal foi construída no âmbito desta tese. O sistema monitoriza as ovelhas enquanto estas pastoreiam nas vinhas, e implementam um mecanismo de controlo de postura que condiciona o seu comportamento de forma a que se alimentem apenas das ervas infestantes. O sistema foi incorporado numa infraestrutura de Internet das Coisas com comunicações sem fios de baixo consumo para recolha de dados e que permite semanas de autonomia, mantendo os dispositivos com um tamanho adequado aos animais. Neste contexto, a tese suportada neste trabalho defende que é possível projetar uma sistema baseado em tecnologias de Internet das Coisas, capaz de monitorizar e condicionar a postura de ovelhas, permitindo que estas pastem em vinhas sem comprometer as videiras e as uvas. A tese é suportada em três pilares fundamentais que se refletem nos principais contributos do trabalho, particularmente: a arquitetura do sistema e respetivo sistema de comunicações; o mecanismo de controlo de postura; e o suporte para implementação de um sistema de localização de baixo custo e baixo consumo energético. A arquitetura é validada em contexto de simulação, e o mecanismo de controlo de postura em contexto de simulação e de experiências em campo. É também demonstrado o funcionamento do sistema e o contributo deste trabalho para a conceção da primeira versão comercial do sistema.Programa Doutoral em Informátic

Next-Generation Public Safety Systems Based on Autonomous Vehicles and Opportunistic Communications

An emergency scenario is characterized by the unpredictability of the environment conditions and by the scarcity of the available communication infrastructures. After a natural or human disaster, the main public and private infrastructures are partially damaged or totally destroyed. These infrastructures include roads, bridges, water supplies, electrical grids, telecommunications and so on. In these conditions, the first rescue operations executed by the public safety organizations can be very difficult, due to the unpredictability of the disaster area environment and the lack in the communications systems. The aim of this work is to introduce next-generation public safety systems where the main focus is the use of unmanned vehicles that are able to exploit the self-organizing characteristics of such autonomous systems. With the proposed public safety systems, a team of autonomous vehicles will be able to overcome the hazardous environments of a post disaster scenario by introducing a temporary dynamic network infrastructure which enables the first responders to cooperate and to communicate with the victims involved. Furthermore, given the pervasive penetration of smart end-user devices, the emergence of spontaneous networks could constitute promising solutions to implement emergency communication systems. With these systems the survivors will be able to self-organize in a communication network that allows them to send alerts and information messages towards the rescue teams, even in absence of communication infrastructures

Digitising the Industry Internet of Things Connecting the Physical, Digital and VirtualWorlds

This book provides an overview of the current Internet of Things (IoT) landscape, ranging from the research, innovation and development priorities to enabling technologies in a global context. A successful deployment of IoT technologies requires integration on all layers, be it cognitive and semantic aspects, middleware components, services, edge devices/machines and infrastructures. It is intended to be a standalone book in a series that covers the Internet of Things activities of the IERC - Internet of Things European Research Cluster from research to technological innovation, validation and deployment. The book builds on the ideas put forward by the European Research Cluster and the IoT European Platform Initiative (IoT-EPI) and presents global views and state of the art results on the challenges facing the research, innovation, development and deployment of IoT in the next years. The IoT is bridging the physical world with virtual world and requires sound information processing capabilities for the "digital shadows" of these real things. The research and innovation in nanoelectronics, semiconductor, sensors/actuators, communication, analytics technologies, cyber-physical systems, software, swarm intelligent and deep learning systems are essential for the successful deployment of IoT applications. The emergence of IoT platforms with multiple functionalities enables rapid development and lower costs by offering standardised components that can be shared across multiple solutions in many industry verticals. The IoT applications will gradually move from vertical, single purpose solutions to multi-purpose and collaborative applications interacting across industry verticals, organisations and people, being one of the essential paradigms of the digital economy. Many of those applications still have to be identified and involvement of end-users including the creative sector in this innovation is crucial. The IoT applications and deployments as integrated building blocks of the new digital economy are part of the accompanying IoT policy framework to address issues of horizontal nature and common interest (i.e. privacy, end-to-end security, user acceptance, societal, ethical aspects and legal issues) for providing trusted IoT solutions in a coordinated and consolidated manner across the IoT activities and pilots. In this, context IoT ecosystems offer solutions beyond a platform and solve important technical challenges in the different verticals and across verticals. These IoT technology ecosystems are instrumental for the deployment of large pilots and can easily be connected to or build upon the core IoT solutions for different applications in order to expand the system of use and allow new and even unanticipated IoT end uses. Technical topics discussed in the book include: • Introduction• Digitising industry and IoT as key enabler in the new era of Digital Economy• IoT Strategic Research and Innovation Agenda• IoT in the digital industrial context: Digital Single Market• Integration of heterogeneous systems and bridging the virtual, digital and physical worlds• Federated IoT platforms and interoperability• Evolution from intelligent devices to connected systems of systems by adding new layers of cognitive behaviour, artificial intelligence and user interfaces.• Innovation through IoT ecosystems• Trust-based IoT end-to-end security, privacy framework• User acceptance, societal, ethical aspects and legal issues• Internet of Things Application

Digitising the Industry Internet of Things Connecting the Physical, Digital and VirtualWorlds

This book provides an overview of the current Internet of Things (IoT) landscape, ranging from the research, innovation and development priorities to enabling technologies in a global context. A successful deployment of IoT technologies requires integration on all layers, be it cognitive and semantic aspects, middleware components, services, edge devices/machines and infrastructures. It is intended to be a standalone book in a series that covers the Internet of Things activities of the IERC - Internet of Things European Research Cluster from research to technological innovation, validation and deployment. The book builds on the ideas put forward by the European Research Cluster and the IoT European Platform Initiative (IoT-EPI) and presents global views and state of the art results on the challenges facing the research, innovation, development and deployment of IoT in the next years. The IoT is bridging the physical world with virtual world and requires sound information processing capabilities for the "digital shadows" of these real things. The research and innovation in nanoelectronics, semiconductor, sensors/actuators, communication, analytics technologies, cyber-physical systems, software, swarm intelligent and deep learning systems are essential for the successful deployment of IoT applications. The emergence of IoT platforms with multiple functionalities enables rapid development and lower costs by offering standardised components that can be shared across multiple solutions in many industry verticals. The IoT applications will gradually move from vertical, single purpose solutions to multi-purpose and collaborative applications interacting across industry verticals, organisations and people, being one of the essential paradigms of the digital economy. Many of those applications still have to be identified and involvement of end-users including the creative sector in this innovation is crucial. The IoT applications and deployments as integrated building blocks of the new digital economy are part of the accompanying IoT policy framework to address issues of horizontal nature and common interest (i.e. privacy, end-to-end security, user acceptance, societal, ethical aspects and legal issues) for providing trusted IoT solutions in a coordinated and consolidated manner across the IoT activities and pilots. In this, context IoT ecosystems offer solutions beyond a platform and solve important technical challenges in the different verticals and across verticals. These IoT technology ecosystems are instrumental for the deployment of large pilots and can easily be connected to or build upon the core IoT solutions for different applications in order to expand the system of use and allow new and even unanticipated IoT end uses. Technical topics discussed in the book include: • Introduction• Digitising industry and IoT as key enabler in the new era of Digital Economy• IoT Strategic Research and Innovation Agenda• IoT in the digital industrial context: Digital Single Market• Integration of heterogeneous systems and bridging the virtual, digital and physical worlds• Federated IoT platforms and interoperability• Evolution from intelligent devices to connected systems of systems by adding new layers of cognitive behaviour, artificial intelligence and user interfaces.• Innovation through IoT ecosystems• Trust-based IoT end-to-end security, privacy framework• User acceptance, societal, ethical aspects and legal issues• Internet of Things Application

A quantum-resistant advanced metering infrastructure

This dissertation focuses on discussing and implementing a Quantum-Resistant Advanced Metering Infrastructure (QR-AMI) that employs quantum-resistant asymmetric and symmetric cryptographic schemes to withstand attacks from both quantum and classical computers. The proposed solution involves the integration of Quantum-Resistant Dedicated Cryptographic Modules (QR-DCMs) within Smart Meters (SMs). These QR-DCMs are designed to embed quantum-resistant cryptographic schemes suitable for AMI applications. In this sense, it investigates quantum-resistant asymmetric cryptographic schemes based on strong cryptographic principles and a lightweight approach for AMIs. In addition, it examines the practical deployment of quantum-resistant schemes in QR-AMIs. Two candidates from the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) standardization process, FrodoKEM and CRYSTALS-Kyber, are assessed due to their adherence to strong cryptographic principles and lightweight approach. The feasibility of embedding these schemes within QRDCMs in an AMI context is evaluated through software implementations on low-cost hardware, such as microcontroller and processor, and hardware/software co-design implementations using System-on-a-Chip (SoC) devices with Field-Programmable Gate Array (FPGA) components. Experimental results show that the execution time for FrodoKEM and CRYSTALS-Kyber schemes on SoC FPGA devices is at least one-third faster than software implementations. Furthermore, the achieved execution time and resource usage demonstrate the viability of these schemes for AMI applications. The CRYSTALS-Kyber scheme appears to be a superior choice in all scenarios, except when strong cryptographic primitives are necessitated, at least theoretically. Due to the lack of off-the-shelf SMs supporting quantum-resistant asymmetric cryptographic schemes, a QRDCM embedding quantum-resistant scheme is implemented and evaluated. Regarding hardware selection for QR-DCMs, microcontrollers are preferable in situations requiring reduced processing power, while SoC FPGA devices are better suited for those demanding high processing power. The resource usage and execution time outcomes demonstrate the feasibility of implementing AMI based on QR-DCMs (i.e., QR-AMI) using microcontrollers or SoC FPGA devices.Esta tese de doutorado foca na discussão e implementação de uma Infraestrutura de Medição Avançada com Resistência Quântica (do inglês, Quantum-Resistant Advanced Metering Infrastructure - QR-AMI), que emprega esquemas criptográficos assimétricos e simétricos com resistência quântica para suportar ataques proveniente tanto de computadores quânticos, como clássicos. A solução proposta envolve a integração de um Módulo Criptográfico Dedicado com Resistência Quântica (do inglês, Quantum-Resistant Dedicated Cryptographic Modules - QR-DCMs) com Medidores Inteligentes (do inglês, Smart Meter - SM). Os QR-DCMs são projetados para embarcar esquemas criptográficos com resistência quântica adequados para aplicação em AMI. Nesse sentido, é investigado esquemas criptográficos assimétricos com resistência quântica baseado em fortes princípios criptográficos e abordagem com baixo uso de recursos para AMIs. Além disso, é analisado a implantação prática de um esquema com resistência quântica em QR-AMIs. Dois candidatos do processo de padronização da criptografia pós-quântica (do inglês, post-quantum cryptography - PQC) do Instituto Nacional de Padrões e Tecnologia (do inglês, National Institute of Standards and Technology - NIST), FrodoKEM e CRYSTALS-Kyber, são avaliados devido à adesão a fortes princípios criptográficos e abordagem com baixo uso de recursos. A viabilidade de embarcar esses esquemas em QR-DCMs em um contexto de AMI é avaliado por meio de implementação em software em hardwares de baixo custo, como um microcontrolador e processador, e implementações conjunta hardware/software usando um sistema em um chip (do inglês, System-on-a-Chip - SoC) com Arranjo de Porta Programável em Campo (do inglês, Field-Programmable Gate Array - FPGA). Resultados experimentais mostram que o tempo de execução para os esquemas FrodoKEM e CRYSTALSKyber em dispositivos SoC FPGA é, ao menos, um terço mais rápido que implementações em software. Além disso, os tempos de execuções atingidos e o uso de recursos demonstram a viabilidade desses esquemas para aplicações em AMI. O esquema CRYSTALS-Kyber parece ser uma escolha superior em todos os cenários, exceto quando fortes primitivas criptográficas são necessárias, ao menos teoricamente. Devido à falta de SMs no mercado que suportem esquemas criptográficos assimétricos com resistência quântica, um QR-DCM embarcando esquemas com resistência quântica é implementado e avaliado. Quanto à escolha do hardware para os QR-DCMs, microcontroladores são preferíveis em situações que requerem poder de processamento reduzido, enquanto dispositivos SoC FPGA são mais adequados para quando é demandado maior poder de processamento. O uso de recurso e o resultado do tempo de execução demonstram a viabilidade da implementação de AMI baseada em QR-DCMs, ou seja, uma QR-AMI, usando microcontroladores e dispositivos SoC FPGA

SECURITY AND PRIVACY ASPECTS OF MOBILE PLATFORMS AND APPLICATIONS

Mobile smart devices (such as smartphones and tablets) emerged to dominant computing platforms for end-users. The capabilities of these convenient mini-computers seem nearly boundless: They feature compelling computing power and storage resources, new interfaces such as Near Field Communication (NFC) and Bluetooth Low Energy (BLE), connectivity to cloud services, as well as a vast number and variety of apps. By installing these apps, users can turn a mobile device into a music player, a gaming console, a navigation system, a business assistant, and more. In addition, the current trend of increased screen sizes make these devices reasonable replacements for traditional (mobile) computing platforms such as laptops. On the other hand, mobile platforms process and store the extensive amount of sensitive information about their users, ranging from the user’s location data to credentials for online banking and enterprise Virtual Private Networks (VPNs). This raises many security and privacy concerns and makes mobile platforms attractive targets for attackers. The rapid increase in number, variety and sophistication of attacks demonstrate that the protection mechanisms offered by mobile systems today are insufficient and improvements are necessary in order to make mobile devices capable of withstanding modern security and privacy threats. This dissertation focuses on various aspects of security and privacy of mobile platforms. In particular, it consists of three parts: (i) advanced attacks on mobile platforms and countermeasures; (ii) online authentication security for mobile systems, and (iii) secure mobile applications and services. Specifically, the first part of the dissertation concentrates on advanced attacks on mobile platforms, such as code re-use attacks that hijack execution flow of benign apps without injecting malicious code, and application-level privilege escalation attacks that allow malicious or compromised apps to gain more privileges than were initially granted. In this context, we develop new advanced code re-use attack techniques that can bypass deployed protection mechanisms (e.g., Address Space Layout Randomization (ASLR)) and cannot be detected by any of the existing security tools (e.g., return address checkers). Further, we investigate the problem of application-level privilege escalation attacks on mobile platforms like Android, study and classify them, develop proof of concept exploits and propose countermeasures against these attacks. Our countermeasures can mitigate all types of application-level privilege escalation attacks, in contrast to alternative solutions proposed in literature. In the second part of the dissertation we investigate online authentication schemes frequently utilized by mobile users, such as the most common web authentication based upon the user’s passwords and the recently widespread mobile 2-factor authentication (2FA) which extends the password-based approach with a secondary authenticator sent to a user’s mobile device or generated on it (e.g, a One-time Password (OTP) or Transaction Authentication Number (TAN)). In this context we demonstrate various weaknesses of mobile 2FA schemes deployed for login verification by global Internet service providers (such as Google, Dropbox, Twitter, and Facebook) and by a popular Google Authenticator app. These weaknesses allow an attacker to impersonate legitimate users even if their mobile device with the secondary authenticator is not compromised. We then go one step further and develop a general attack method for bypassing mobile 2FA schemes. Our method relies on a cross-platform infection (mobile-to-PC or PC-to-mobile) as a first step in order to compromise the Personal Computer (PC) and a mobile device of the same user. We develop proof-of-concept prototypes for a cross-platform infection and show how an attacker can bypass various instantiations of mobile 2FA schemes once both devices, PC and the mobile platform, are infected. We then deliver proof-of-concept attack implementations that bypass online banking solutions based on SMS-based TANs and visual cryptograms, as well as login verification schemes deployed by various Internet service providers. Finally, we propose a wallet-based secure solution for password-based authentication which requires no secondary authenticator, and yet provides better security guaranties than, e.g., mobile 2FA schemes. The third part of the dissertation concerns design and development of security sensitive mobile applications and services. In particular, our first application allows mobile users to replace usual keys (for doors, cars, garages, etc.) with their mobile devices. It uses electronic access tokens which are generated by the central key server and then downloaded into mobile devices for user authentication. Our solution protects access tokens in transit (e.g., while they are downloaded on the mobile device) and when they are stored and processed on the mobile platform. The unique feature of our solution is offline delegation: Users can delegate (a portion of) their access rights to other users without accessing the key server. Further, our solution is efficient even when used with constraint communication interfaces like NFC. The second application we developed is devoted to resource sharing among mobile users in ad-hoc mobile networks. It enables users to, e.g., exchange files and text messages, or share their tethering connection. Our solution addresses security threats specific to resource sharing and features the required security mechanisms (e.g., access control of resources, pseudonymity for users, and accountability for resource use). One of the key features of our solution is a privacy-preserving access control of resources based on FoF Finder (FoFF) service, which provides a user-friendly means to configure access control based upon information from social networks (e.g., friendship information) while preserving user privacy (e.g., not revealing their social network identifiers). The results presented in this dissertation were included in several peer-reviewed publications and extended technical reports. Some of these publications had significant impact on follow up research. For example, our publications on new forms of code re-use attacks motivated researchers to develop more advanced forms of ASLR and to re-consider the idea of using Control-Flow Integrity (CFI). Further, our work on application-level privilege escalation attacks was followed by many other publications addressing this problem. Moreover, our access control solution using mobile devices as access tokens demonstrated significant practical impact: in 2013 it was chosen as a highlight of CeBIT – the world’s largest international computer expo, and was then deployed by a large enterprise to be used by tens of thousands of company employees and millions of customers