HoPP: Robust and Resilient Publish-Subscribe for an Information-Centric Internet of Things

This paper revisits NDN deployment in the IoT with a special focus on the interaction of sensors and actuators. Such scenarios require high responsiveness and limited control state at the constrained nodes. We argue that the NDN request-response pattern which prevents data push is vital for IoT networks. We contribute HoP-and-Pull (HoPP), a robust publish-subscribe scheme for typical IoT scenarios that targets IoT networks consisting of hundreds of resource constrained devices at intermittent connectivity. Our approach limits the FIB tables to a minimum and naturally supports mobility, temporary network partitioning, data aggregation and near real-time reactivity. We experimentally evaluate the protocol in a real-world deployment using the IoT-Lab testbed with varying numbers of constrained devices, each wirelessly interconnected via IEEE 802.15.4 LowPANs. Implementations are built on CCN-lite with RIOT and support experiments using various single- and multi-hop scenarios

A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

Information-Centric Design and Implementation for Underwater Acoustic Networks

Over the past decade, Underwater Acoustic Networks (UANs) have received extensive attention due to their vast benefits in academia and industry alike. However, due to the overall magnitude and harsh characteristics of underwater environments, standard wireless network techniques will fail because current technology and energy restrictions limit underwater devices due to delayed acoustic communications. To help manage these limitations we utilize Information-Centric Networking (ICN). More importantly, we look at ICN\u27s paradigm shift from traditional TCP/IP architecture to improve data handling and enhance network efficiency. By utilizing some of ICN\u27s techniques, such as data naming hierarchy, we can reevaluate each component of the network\u27s protocol stack given current underwater limitations to study the vast solutions and perspectives Information-Centric architectures can provide to UANs. First, we propose a routing strategy used to manage and route large data files in a network prone to high mobility. Therefore, due to UANs limited transmitting capability, we passively store sensed data and adaptively find the best path. Furthermore, we introduce adapted Named Data Networking (NDN) components to improve upon routing robustness and adaptiveness. Beyond naming data, we use tracers to assist in tracking stored data locations without using other excess means such as flooding. By collaborating tracer consistency with routing path awareness our protocol can adaptively manage faulty or high mobility nodes. Through this incorporation of varied NDN techniques, we are able to see notable improvements in routing efficiency. Second, we analyze the effects of Denial of Service (DoS) attacks on upper layer protocols. Since UANs are typically resource restrained, malicious users can advantageously create fake traffic to burden the already constrained network. While ICN techniques only provide basic DoS restriction we must expand our detection and restriction technique to meet the unique demands of UANs. To provide enhanced security against DoS we construct an algorithm to detect and restrict against these types of attacks while adapting to meet acoustic characteristics. To better extend this work we incorporate three node behavior techniques using probabilistic, adaptive, and predictive approaches for detecting malicious traits. Thirdly, to depict and test protocols in UANs, simulators are commonly used due to their accessibility and controlled testing aspects. For this section, we review Aqua-Sim, a discrete event-driven open-source underwater simulator. To enhance the core aspect of this simulator we first rewrite the current architecture and transition Aqua-Sim to the newest core simulator, NS-3. Following this, we clean up redundant features spread out between the various underwater layers. Additionally, we fully integrate the diverse NS-3 API within our simulator. By revamping previous code layout we are able to improve architecture modularity and child class expandability. New features are also introduced including localization and synchronization support, busy terminal problem support, multi-channel support, transmission range uncertainty modules, external noise generators, channel trace-driven support, security module, and an adapted NDN module. Additionally, we provide extended documentation to assist in user development. Simulation testing shows improved memory management and continuous validity in comparison to other underwater simulators and past iterations of Aqua-Sim

GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks

In the context of Information-Centric Networking, Interest Flooding Attacks (IFAs) represent a new and dangerous sort of distributed denial of service. Since existing proposals targeting IFAs mainly focus on local information, in this paper we propose GNN4IFA as the first mechanism exploiting complex non-local knowledge for IFA detection by leveraging Graph Neural Networks (GNNs) handling the overall network topology. In order to test GNN4IFA, we collect SPOTIFAI, a novel dataset filling the current lack of available IFA datasets by covering a variety of IFA setups, including ?40 heterogeneous scenarios over three network topologies. We show that GNN4IFA performs well on all tested topologies and setups, reaching over 99% detection rate along with a negligible false positive rate and small computational costs. Overall, GNN4IFA overcomes state-of-the-art detection mechanisms both in terms of raw detection and flexibility, and – unlike all previous solutions in the literature – also enables the transfer of its detection on network topologies different from the one used in its design phase

Availability, Integrity, and Confidentiality for Content Centric Network internet architectures

The Internet as we know it today, despite being ``the result of a series of accidents of choices'' in Prof. Jon Crowcroft's words, has undoubtedly been an amazing success story. However, it has been constantly challenged by the demands of the overwhelming evolution of data traffic types, non-functional needs of applications and users, and device diversity. The phrase ``future internet architecture'' can be interpreted as referring to a revised set of design principles. As Dr David Clark rightfully suggested, we need to ``allow for the future in the face of the present''. Content Centric Networking (CCN) is one of the candidates for a future internet architecture. Security is one of the most significant considerations while designing a future internet architecture. Availability, Integrity, and Confidentiality (AIC) are considered the three most crucial components of security: 1) availability is the assurance of continuous, reliable, and uninterrupted access to the information by authorized people, 2) integrity is the preservation of information and prevention of any change in it caused via accident or malicious intent, and 3) confidentiality is the ability to keep the information secret from unintended audience, intruders, and adversaries. This thesis discusses AIC related security threats and corresponding remedies for Named Data Networking (NDN) which is a promising example of CCN. It also presents a system dynamics modelling approach to bridge the gap between the technical solutions and business strategy by quantifying some of the qualitative variables salient to technology architects, policymakers, lawmakers, regulators, and internet service providers for the design of a future-proof internet architecture

Study and analysis of innovative network protocols and architectures

In the last years, some new paradigms are emerging in the networking area as inspiring models for the definition of future communications networks. A key example is certainly the Content Centric Networking (CCN) protocol suite, namely a novel network architecture that aims to supersede the current TCP/IP stack in favor of a name based routing algorithm, also introducing in-network caching capabilities. On the other hand, much interest has been placed on Software Defined Networking (SDN), namely the set of protocols and architectures designed to make network devices more dynamic and programmable. Given this complex arena, the thesis focuses on the analysis of these innovative network protocols, with the aim of exploring possible design flaws and hence guaranteeing their proper operation when actually deployed in the network. Particular emphasis is given to the security of these protocols, for its essential role in every wide scale application. Some work has been done in this direction, but all these solutions are far to be considered fully investigated. In the CCN case, a closer investigation on problems related to possible DDoS attacks due to the stateful nature of the protocol, is presented along with a full-fledged proposal to support scalable PUSH application on top of CCN. Concerning SDN, instead, we present a tool for the verification of network policies in complex graphs containing dynamic network functions. In order to obtain significant results, we leverage different tools and methodologies: on the one hand, we assess simulation software as very useful tools for representing the most common use cases for the various technologies. On the other hand, we exploit more sophisticated formal methods to ensure a higher level of confidence for the obtained results