ENABLING IOT AUTHENTICATION, PRIVACY AND SECURITY VIA BLOCKCHAIN

Although low-power and Internet-connected gadgets and sensors are increasingly integrated into our lives, the optimal design of these systems remains an issue. In particular, authentication, privacy, security, and performance are critical success factors. Furthermore, with emerging research areas such as autonomous cars, advanced manufacturing, smart cities, and building, usage of the Internet of Things (IoT) devices is expected to skyrocket. A single compromised node can be turned into a malicious one that brings down whole systems or causes disasters in safety-critical applications. This dissertation addresses the critical problems of (i) device management, (ii) data management, and (iii) service management in IoT systems. In particular, we propose an integrated platform solution for IoT device authentication, data privacy, and service security via blockchain-based smart contracts. We ensure IoT device authentication by blockchain-based IC traceability system, from its fabrication to its end-of-life, allowing both the supplier and a potential customer to verify an IC’s provenance. Results show that our proposed consortium blockchain framework implementation in Hyperledger Fabric for IC traceability achieves a throughput of 35 transactions per second (tps). To corroborate the blockchain information, we authenticate the IC securely and uniquely with an embedded Physically Unclonable Function (PUF). For reliable Weak PUF-based authentication, our proposed accelerated aging technique reduces the cumulative burn-in cost by ∼ 56%. We also propose a blockchain-based solution to integrate the privacy of data generated from the IoT devices by giving users control of their privacy. The smart contract controlled trust-base ensures that the users have private access to their IoT devices and data. We then propose a remote configuration of IC features via smart contracts, where an IC can be programmed repeatedly and securely. This programmability will enable users to upgrade IC features or rent upgraded IC features for a fixed period after users have purchased the IC. We tailor the hardware to meet the blockchain performance. Our on-die hardware module design enforces the hardware configuration’s secure execution and uses only 2,844 slices in the Xilinx Zedboard Zynq Evaluation board. The blockchain framework facilitates decentralized IoT, where interacting devices are empowered to execute digital contracts autonomously

Confidentiality, integrity and non-repudiation in smartgrids

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011No actual contexto macroeconómico mundial é essencial a adopção de novas formas de geração de energia, alternativas à utilização de recursos fósseis, combinada com os objectivos de fiabilidade e qualidade dos fornecimentos e de indução de competitividade nos mercados. Torna-se necessário produzir, transportar e distribuir energia de forma sustentável sem prejudicar o ecossistema. A visão de uma infraestrutura com maior controlo, onde redes, produtores e consumidores têm papeis significativamente mais activos, está a provocar uma mudança de paradigma nas redes eléctricas e na sua gestão que se materializa no conceito das Smart Grids. Para obter um elevado nível de controlo de operação da rede, necessário para a concretização das funcionalidades prometidas pelas Smart Grids, a arquitectura terá que evoluir de modo a comportar um maior número de unidades remotas inteligentes, o desenvolvimento de novos sistemas técnicos e comerciais, o aumento de trocas de mensagens entre aplicações e a interligações entre diversas redes. Esta complexidade é bastante maior daquela que poderemos encontrar nas actuais infra-estruturas de sistemas de informação para a transmissão e distribuição de energia eléctrica e apresenta novos desafios no que diz respeito à disponibilidade da rede e, em particular, à sua segurança. Os novos equipamentos, aplicações, hardware, protocolos de comunicação, operação e administração da rede vão introduzir novas potenciais vulnerabilidades que podem ser exploradas por indivíduos mal intencionados ou simplesmente por erros de operação. Esta preocupação acerca da disponibilidade e segurança da rede de energia eléctrica do futuro evidenciam a importância que assumem a segurança e disponibilidade da infra-estrutura dos sistemas de informação e comunicações que a suportam. Este trabalho propõem-se analisar a confiabilidade das Smart Grids no que diz respeito aos seus aspectos de segurança de tecnologias de informação, incidindo em particular no projecto Português de Smart Grid denominado InovGrid. Este projecto de investigação irá descrever as funcionalidades da arquitectura InovGrid fazendo uma análise detalhada dos vectores de ataque e os riscos eminentes associados à sua implementação. Este estudo irá avaliar e propor soluções no domínio da autenticidade, confidencialidade e não-repudiação de informação numa arquitectura peculiar e heterogenia com a das Smart Grids.In the current global macroeconomic context is essential to adopt new ways of generating energy alternatives to fossil fuels, combined with the objectives of reliability and quality of delivery and induction of competitiveness in markets. It is necessary to produce, transport and distribute energy in a sustainable way without harming the ecosystem. The vision of an infrastructure with more control, where networks, producers and consumers have significantly more active roles, is causing a paradigm shift in electricity networks and their operations that is embodied in the concept of Smart Grids. To obtain a high level of control required to achieve the new features promised by Smart Grids, the architecture will need to comprise more intelligent remote terminal units, the development of new technical and commercial systems, the increase of the number of messages exchange between applications and also interconnections between enterprise networks. This complexity, far higher than found in present transmission and distribution infrastructures, will bring several challenges considering network reliability and security in particular. All the new devices, applications, hardware, communication protocols, network operations and administration will introduce potential vulnerabilities that might be explored by malicious users or simple by erroneous actions from a variety of external and internal sources. This concern about security and reliability of the future power grids increase the importance of the information technology and communications infrastructures and their security. This work proposes to analyze Smart Grid’s reliability regarding its information technology security but focusing the study in the Portuguese Smart Grid project implementation, named as InovGrid. It will describe the functionalities of the InovGrid architecture providing a detailed analysis of its attack vectors and the eminent risks associated with the implementation. It will propose and analysis solutions for confidentiality, authenticity and non-repudiation aspects in such peculiar and heterogeneous networks

Wireless sensors and IoT platform for intelligent HVAC control

Energy consumption of buildings (residential and non-residential) represents approximately 40% of total world electricity consumption, with half of this energy consumed by HVAC systems. Model-Based Predictive Control (MBPC) is perhaps the technique most often proposed for HVAC control, since it offers an enormous potential for energy savings. Despite the large number of papers on this topic during the last few years, there are only a few reported applications of the use of MBPC for existing buildings, under normal occupancy conditions and, to the best of our knowledge, no commercial solution yet. A marketable solution has been recently presented by the authors, coined the IMBPC HVAC system. This paper describes the design, prototyping and validation of two components of this integrated system, the Self-Powered Wireless Sensors and the IOT platform developed. Results for the use of IMBPC in a real building under normal occupation demonstrate savings in the electricity bill while maintaining thermal comfort during the whole occupation schedule.QREN SIDT [38798]; Portuguese Foundation for Science & Technology, through IDMEC, under LAETA [ID/EMS/50022/2013

Holistic security 4.0

The future computer climate will represent an ever more aligned world of integrating technologies, affecting consumer, business and industry sectors. The vision was first outlined in the Industry 4.0 conception. The elements which comprise smart systems or embedded devices have been investigated to determine the technological climate. The emerging technologies revolve around core concepts, and specifically in this project, the uses of Internet of Things (IoT), Industrial Internet of Things (IIoT) and Internet of Everything (IoE). The application of bare metal and logical technology qualities are put under the microscope to provide an effective blue print of the technological field. The systems and governance surrounding smart systems are also examined. Such an approach helps to explain the beneficial or negative elements of smart devices. Consequently, this ensures a comprehensive review of standards, laws, policy and guidance to enable security and cybersecurity of the 4.0 systems

An Approach to Semi-Autonomous Indoor Drone System: Software Architecture and Integration Testing

To address these problems, we establish a semi-autonomous functionality by removing the RC transmitter, and remotely connecting the Drone System to track status and executing user-based input commands. In order to resolve the limitation in hardware connections on the Flight Controller, we integrated the sonar sensor into a companion computer, from where the data is continuously fed to an embedded system through MAVLink (Micro Aerial Vehicle Link) network communication protocol. In this study, we also implemented a modular architecture which enables scalable integration of sensor modules into the Drone System to streamline the process of development, deployment, testing and debugging

An Electricity Price-Aware Open-Source Smart Socket for the Internet of Energy

[Abstracts] The Internet of Energy (IoE) represents a novel paradigm where electrical power systems work cooperatively with smart devices to increase the visibility of energy consumption and create safer, cleaner and sustainable energy systems. The implementation of IoE services involves the use of multiple components, like embedded systems, power electronics or sensors, which are an essential part of the infrastructure dedicated to the generation and distribution energy and the one required by the final consumer. This article focuses on the latter and presents a smart socket system that collects the information about energy price and makes use of sensors and actuators to optimize home energy consumption according to the user preferences. Specifically, this article provides three main novel contributions. First, what to our knowledge is the first hardware prototype that manages in a practical real-world scenario the price values obtained from a public electricity operator is presented. The second contribution is related to the definition of a novel wireless sensor network communications protocol based on Wi-Fi that allows for creating an easy-to-deploy smart plug system that self-organizes and auto-configures to collect the sensed data, minimizing user intervention. Third, it is provided a thorough description of the design of one of the few open-source smart plug systems, including its communications architecture, the protocols implemented, the main sensing and actuation components and the most relevant pieces of the software. Moreover, with the aim of illustrating the capabilities of the smart plug system, the results of different experiments performed are shown. Such experiments evaluate in real-world scenarios the system’s ease of use, its communications range and its performance when using HTTPS. Finally, the economic savings are estimated for different appliances, concluding that, in the practical situation proposed, the smart plug system allows certain energy-demanding appliances to save almost €70 per yearGalicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED431C 2016-045Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED341D R2016/012Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED431G/01Agencia Estatal de Investigación; TEC2013-47141-C4-1-RAgencia Estatal de Investigación; TEC2015-69648-REDCAgencia Estatal de Investigación; TEC2016-75067-C4-1-

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

A cooperative cellular and broadcast conditional access system for Pay-TV systems

This is the author's accepted manuscript. The final published article is available from the link below. Copyright @ 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.The lack of interoperability between Pay-TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay-TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay-TV systems. As a result, this paper presents the Mobile Conditional Access System (MICAS) as an end-to-end access control solution for Pay-TV systems. It incorporates the mobile and broadcasting systems and provides a platform whereby service providers can effectively interact with their customers, personalize their services and adopt appropriate security measurements. This would result in the decrease of operating expenses and increase of customers' satisfaction in the system. The paper provides an overview of state-of-the-art conditional access solutions followed by detailed description of design, reference model implementation and analysis of possible MICAS security architectures.Strategy & Technology (S&T) Lt

External Verification of SCADA System Embedded Controller Firmware

Critical infrastructures such as oil and gas pipelines, the electric power grid, and railways, rely on the proper operation of supervisory control and data acquisition (SCADA) systems. Current SCADA systems, however, do not have sufficient tailored electronic security solutions. Solutions available are developed primarily for information technology (IT) systems. Indeed, the toolkit for SCADA incident prevention and response is unavailing as the operating parameters associated with SCADA systems are different from IT systems. The unique environment necessitates tailored solutions. Consider the programmable logic controllers (PLCs) that directly connect to end physical systems for control and monitoring of operating parameters -- the compromise of a PLC could result in devastating physical consequences. Yet PLCs remain particularly vulnerable due to a lack of firmware auditing capabilities. This research presents a tool we developed specifically for the SCADA environment to verify PLC firmware. The tool does not require any modifications to the SCADA system and can be implemented on a variety of systems and platforms. The tool captures serial data during firmware uploads and then verifies them against a known good firmware baseline. Attempts to inject modified and/or malicious firmware are identified by the tool. Additionally, the tool can replay and analyze captured data by emulating a PLC during firmware upload. The emulation capability enables verification of the firmware upload from an interface computer without requiring modifications to or interactions with the operational SCADA system. The ability to isolate the tool from production systems and verify the validity of firmware makes the tool a viable application for SCADA incident response teams and security engineers