Securing Real-Time Internet-of-Things

Modern embedded and cyber-physical systems are ubiquitous. A large number of critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality requires real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However RT- IoT are also increasingly becoming targets for cyber-attacks which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT- IoT frameworks

Analysing and modelling train driver performance

Arguments for the importance of contextual factors in understanding human performance have been made extremely persuasive in the context of the process control industries. This paper puts these arguments into the context of the train driving task, drawing on an extensive analysis of driver performance with the Automatic Warning System (AWS). The paper summarises a number of constructs from applied psychological research which are thought to be important in understanding train driver performance. A “Situational Model” is offered as a framework for investigating driver performance. The model emphasises the importance of understanding the state of driver cognition at a specific time (“Now”) in a specific situation and a specific context

Secure data sharing and analysis in cloud-based energy management systems

Analysing data acquired from one or more buildings (through specialist sensors, energy generation capability such as PV panels or smart meters) via a cloud-based Local Energy Management System (LEMS) is increasingly gaining in popularity. In a LEMS, various smart devices within a building are monitored and/or controlled to either investigate energy usage trends within a building, or to investigate mechanisms to reduce total energy demand. However, whenever we are connecting externally monitored/controlled smart devices there are security and privacy concerns. We describe the architecture and components of a LEMS and provide a survey of security and privacy concerns associated with data acquisition and control within a LEMS. Our scenarios specifically focus on the integration of Electric Vehicles (EV) and Energy Storage Units (ESU) at the building premises, to identify how EVs/ESUs can be used to store energy and reduce the electricity costs of the building. We review security strategies and identify potential security attacks that could be carried out on such a system, while exploring vulnerable points in the system. Additionally, we will systematically categorize each vulnerability and look at potential attacks exploiting that vulnerability for LEMS. Finally, we will evaluate current counter measures used against these attacks and suggest possible mitigation strategies

Patterns for building dependable systems with trusted bases

We propose a set of patterns for structuring a system to be dependable by design. The key idea is to localize the system's most critical requirements into small, reliable parts called trusted bases. We describe two instances of trusted bases: (1) the end-to-end check, which localizes the correctness checking of a computation to end points of a system, and (2) the trusted kernel, which ensures the safety of a set of resources with a small core of a system.Northrop Grumman Cybersecurity Research ConsortiumNational Science Foundation (U.S.) (Deep and Scalable Analysis of Software Grant 0541183)National Science Foundation (U.S.) (CRI: CRD - Development of Alloy Technology and Materials Grant 0707612

Trust Repair in Human-Swarm Teams+

Swarm robots are coordinated via simple control laws to generate emergent behaviors such as flocking, rendezvous, and deployment. Human-swarm teaming has been widely proposed for scenarios, such as human-supervised teams of unmanned aerial vehicles (UAV) for disaster rescue, UAV and ground vehicle cooperation for building security, and soldier-UAV teaming in combat. Effective cooperation requires an appropriate level of trust, between a human and a swarm. When an UAV swarm is deployed in a real-world environment, its performance is subject to real-world factors, such as system reliability and wind disturbances. Degraded performance of a robot can cause undesired swarm behaviors, decreasing human trust. This loss of trust, in turn, can trigger human intervention in UAVs' task executions, decreasing cooperation effectiveness if inappropriate. Therefore, to promote effective cooperation we propose and test a trust-repairing method (Trust-repair) restoring performance and human trust in the swarm to an appropriate level by correcting undesired swarm behaviors. Faulty swarms caused by both external and internal factors were simulated to evaluate the performance of the Trust-repair algorithm in repairing swarm performance and restoring human trust. Results show that Trust-repair is effective in restoring trust to a level intermediate between normal and faulty conditions

Ad hoc cloud computing

Commercial and private cloud providers offer virtualized resources via a set of co-located and dedicated hosts that are exclusively reserved for the purpose of offering a cloud service. While both cloud models appeal to the mass market, there are many cases where outsourcing to a remote platform or procuring an in-house infrastructure may not be ideal or even possible. To offer an attractive alternative, we introduce and develop an ad hoc cloud computing platform to transform spare resource capacity from an infrastructure owner’s locally available, but non-exclusive and unreliable infrastructure, into an overlay cloud platform. The foundation of the ad hoc cloud relies on transferring and instantiating lightweight virtual machines on-demand upon near-optimal hosts while virtual machine checkpoints are distributed in a P2P fashion to other members of the ad hoc cloud. Virtual machines found to be non-operational are restored elsewhere ensuring the continuity of cloud jobs. In this thesis we investigate the feasibility, reliability and performance of ad hoc cloud computing infrastructures. We firstly show that the combination of both volunteer computing and virtualization is the backbone of the ad hoc cloud. We outline the process of virtualizing the volunteer system BOINC to create V-BOINC. V-BOINC distributes virtual machines to volunteer hosts allowing volunteer applications to be executed in the sandbox environment to solve many of the downfalls of BOINC; this however also provides the basis for an ad hoc cloud computing platform to be developed. We detail the challenges of transforming V-BOINC into an ad hoc cloud and outline the transformational process and integrated extensions. These include a BOINC job submission system, cloud job and virtual machine restoration schedulers and a periodic P2P checkpoint distribution component. Furthermore, as current monitoring tools are unable to cope with the dynamic nature of ad hoc clouds, a dynamic infrastructure monitoring and management tool called the Cloudlet Control Monitoring System is developed and presented. We evaluate each of our individual contributions as well as the reliability, performance and overheads associated with an ad hoc cloud deployed on a realistically simulated unreliable infrastructure. We conclude that the ad hoc cloud is not only a feasible concept but also a viable computational alternative that offers high levels of reliability and can at least offer reasonable performance, which at times may exceed the performance of a commercial cloud infrastructure

Intelligent and Low Overhead Network Synchronization over Large-Scale Industrial Internet of Things Systems

With the extensive development of information and communication technologies and vertical industry applications, industrial IoT (IIoT) systems are expected to enable a wide variety of applications, including advanced manufacturing, networked control, and smart supply chain, which all exclusively hinge on the efficient cooperation and coordination among the involved IIoT machines and infrastructures. The ubiquitous connection among IIoT entities and the associated exchange of collaborative information necessitate the achievement of accurate network synchronization, which can guarantee the temporal alignment of the critical information. To enhance the temporal correlation of heterogeneous devices in large-scale IIoT systems, this thesis aims at designing industry-oriented network synchronization protocols in terms of accuracy improvement, resource-saving, and security enhancement with the assistance of learning-based methods. Initially, the real-time timestamps and historical information of each IIoT devices are collected and analyzed to explore the varying rate of the skew (VRS) at each enclosed clock. K-means clustering algorithm is adopted to organize the distributed devices into a few groups, and each of them is assigned with an optimized synchronization frequency to avoid potential resource waste while ensuring synchronization accuracy. Historical VRS values are further utilized as the identification of each clock for providing verification information so that the security against message manipulation attacks during network synchronization can be enhanced. Moreover, a digital twin-enabled clock model is established by comprehensively investigating the characteristics of each clock with diversified operating environments. A cloud-edge-collaborative system architecture is orchestrated to enhance the efficiency of data gathering and processing. With the assistance of the accurate estimation generated by the digital twin model for each clock, the situation-awareness of network synchronization is enhanced in terms of a better understanding of the clock feature and necessary synchronization frequency. Meanwhile, since temporal information generated at each local IIoT devices are efficiently gathered at the edge devices, the effect of packet delay variation is significantly reduced while the synchronization performance under various network conditions can be guaranteed. To further reduce the network resource consumption and improvement the performance under abnormal behaviors during network synchronization, a passive network synchronization protocol based on concurrent observations is proposed, where timestamps are exchanged without occupying dedicated network resources during synchronization. The proposed scheme is established based on the fact that a group of IIoT devices close to each other can observe the same physical phenomena, e.g., electromagnetic signal radiation, almost simultaneously. Moreover, multiple relay nodes are coordinated by the cloud center to disseminate the reference time information throughout the IIoT system in accomplishing global network synchronization. Additionally, a principal component analysis-assisted outlier detection mechanism is designed to tackle untrustworthy timestamps in the network according to the historical observation instants recorded in the cloud center. Simulation results indicate that accurate network synchronization can be achieved with significantly reduced explicit interactions