Security for the Industrial IoT: The Case for Information-Centric Networking

Industrial production plants traditionally include sensors for monitoring or documenting processes, and actuators for enabling corrective actions in cases of misconfigurations, failures, or dangerous events. With the advent of the IoT, embedded controllers link these `things' to local networks that often are of low power wireless kind, and are interconnected via gateways to some cloud from the global Internet. Inter-networked sensors and actuators in the industrial IoT form a critical subsystem while frequently operating under harsh conditions. It is currently under debate how to approach inter-networking of critical industrial components in a safe and secure manner. In this paper, we analyze the potentials of ICN for providing a secure and robust networking solution for constrained controllers in industrial safety systems. We showcase hazardous gas sensing in widespread industrial environments, such as refineries, and compare with IP-based approaches such as CoAP and MQTT. Our findings indicate that the content-centric security model, as well as enhanced DoS resistance are important arguments for deploying Information Centric Networking in a safety-critical industrial IoT. Evaluation of the crypto efforts on the RIOT operating system for content security reveal its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201

Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks

Recently, the Internet of Things (IoT) has emerged as a significant advancement for Internet and mobile networks with various public safety network applications. An important use of IoT-based solutions is its application in post-disaster management, where the traditional telecommunication systems may be either completely or partially damaged. Since enabling technologies have restricted authentication privileges for mobile users, in this paper, a strategy of mobile-sink is introduced for the extension of user authentication over cloud-based environments. A seamless secure authentication and key agreement (S-SAKA) approach using bilinear pairing and elliptic-curve cryptosystems is presented. It is shown that the proposed S-SAKA approach satisfies the security properties, and as well as being resilient to nodecapture attacks, it also resists significant numbers of other well-known potential attacks related with data confidentiality, mutual authentication, session-key agreement, user anonymity, password guessing, and key impersonation. Moreover, the proposed approach can provide a seamless connectivity through authentication over wireless sensor networks to alleviate the computation and communication cost constraints in the system. In addition, using Burrows–Abadi–Needham logic, it is demonstrated that the proposed S-SAKA framework offers proper mutual authentication and session key agreement between the mobile-sink and the base statio

Software Defined Networks based Smart Grid Communication: A Comprehensive Survey

The current power grid is no longer a feasible solution due to ever-increasing user demand of electricity, old infrastructure, and reliability issues and thus require transformation to a better grid a.k.a., smart grid (SG). The key features that distinguish SG from the conventional electrical power grid are its capability to perform two-way communication, demand side management, and real time pricing. Despite all these advantages that SG will bring, there are certain issues which are specific to SG communication system. For instance, network management of current SG systems is complex, time consuming, and done manually. Moreover, SG communication (SGC) system is built on different vendor specific devices and protocols. Therefore, the current SG systems are not protocol independent, thus leading to interoperability issue. Software defined network (SDN) has been proposed to monitor and manage the communication networks globally. This article serves as a comprehensive survey on SDN-based SGC. In this article, we first discuss taxonomy of advantages of SDNbased SGC.We then discuss SDN-based SGC architectures, along with case studies. Our article provides an in-depth discussion on routing schemes for SDN-based SGC. We also provide detailed survey of security and privacy schemes applied to SDN-based SGC. We furthermore present challenges, open issues, and future research directions related to SDN-based SGC.Comment: Accepte

Seamless key agreement framework for mobile-sink in IoT based cloud-centric secured public safety sensor networks

Recently, the Internet of Things (IoT) has emerged as a significant advancement for Internet and mobile networks with various public safety network applications. An important use of IoT-based solutions is its application in post-disaster management, where the traditional telecommunication systems may be either completely or partially damaged. Since enabling technologies have restricted authentication privileges for mobile users, in this paper, a strategy of mobile-sink is introduced for the extension of user authentication over cloud-based environments. A seamless secure authentication and key agreement (S-SAKA) approach using bilinear pairing and elliptic-curve cryptosystems is presented. It is shown that the proposed S-SAKA approach satisfies the security properties, and as well as being resilient to nodecapture attacks, it also resists significant numbers of other well-known potential attacks related with data confidentiality, mutual authentication, session-key agreement, user anonymity, password guessing, and key impersonation. Moreover, the proposed approach can provide a seamless connectivity through authentication over wireless sensor networks to alleviate the computation and communication cost constraints in the system. In addition, using Burrows–Abadi–Needham logic, it is demonstrated that the proposed S-SAKA framework offers proper mutual authentication and session key agreement between the mobile-sink and the base statio

EC-CENTRIC: An Energy- and Context-Centric Perspective on IoT Systems and Protocol Design

The radio transceiver of an IoT device is often where most of the energy is consumed. For this reason, most research so far has focused on low power circuit and energy efficient physical layer designs, with the goal of reducing the average energy per information bit required for communication. While these efforts are valuable per se, their actual effectiveness can be partially neutralized by ill-designed network, processing and resource management solutions, which can become a primary factor of performance degradation, in terms of throughput, responsiveness and energy efficiency. The objective of this paper is to describe an energy-centric and context-aware optimization framework that accounts for the energy impact of the fundamental functionalities of an IoT system and that proceeds along three main technical thrusts: 1) balancing signal-dependent processing techniques (compression and feature extraction) and communication tasks; 2) jointly designing channel access and routing protocols to maximize the network lifetime; 3) providing self-adaptability to different operating conditions through the adoption of suitable learning architectures and of flexible/reconfigurable algorithms and protocols. After discussing this framework, we present some preliminary results that validate the effectiveness of our proposed line of action, and show how the use of adaptive signal processing and channel access techniques allows an IoT network to dynamically tune lifetime for signal distortion, according to the requirements dictated by the application

A network-aware framework for energy-efficient data acquisition in wireless sensor networks

Wireless sensor networks enable users to monitor the physical world at an extremely high fidelity. In order to collect the data generated by these tiny-scale devices, the data management community has proposed the utilization of declarative data-acquisition frameworks. While these frameworks have facilitated the energy-efficient retrieval of data from the physical environment, they were agnostic of the underlying network topology and also did not support advanced query processing semantics. In this paper we present KSpot+, a distributed network-aware framework that optimizes network efficiency by combining three components: (i) the tree balancing module, which balances the workload of each sensor node by constructing efficient network topologies; (ii) the workload balancing module, which minimizes data reception inefficiencies by synchronizing the sensor network activity intervals; and (iii) the query processing module, which supports advanced query processing semantics. In order to validate the efficiency of our approach, we have developed a prototype implementation of KSpot+ in nesC and JAVA. In our experimental evaluation, we thoroughly assess the performance of KSpot+ using real datasets and show that KSpot+ provides significant energy reductions under a variety of conditions, thus significantly prolonging the longevity of a WSN

HoPP: Robust and Resilient Publish-Subscribe for an Information-Centric Internet of Things

This paper revisits NDN deployment in the IoT with a special focus on the interaction of sensors and actuators. Such scenarios require high responsiveness and limited control state at the constrained nodes. We argue that the NDN request-response pattern which prevents data push is vital for IoT networks. We contribute HoP-and-Pull (HoPP), a robust publish-subscribe scheme for typical IoT scenarios that targets IoT networks consisting of hundreds of resource constrained devices at intermittent connectivity. Our approach limits the FIB tables to a minimum and naturally supports mobility, temporary network partitioning, data aggregation and near real-time reactivity. We experimentally evaluate the protocol in a real-world deployment using the IoT-Lab testbed with varying numbers of constrained devices, each wirelessly interconnected via IEEE 802.15.4 LowPANs. Implementations are built on CCN-lite with RIOT and support experiments using various single- and multi-hop scenarios