SECURE BOOTSTRAPPING AND ACCESS CONTROL IN NDN-BASED SMART HOME SYSTEMS

Smart home systems utilize network-enabled sensors to collect environmental data and provide various services to home residents. Such a system must be designed with security mechanisms to protect the safety and privacy of the residents. More specifically, we need to secure the production, dissemination, and consumption of smart home data, as well as prevent any unauthorized access to the services provided by the system. In this work, we study how to build a secure smart home system in the context of Named Data Networking, a future Internet architecture that has unique advantages in securing Internet of Things. We focus on solving two security problems: (a) mutual authentication between a new device and an existing smart home system to bootstrap the device, and (b) controlling access to smart home data. We designed a naming hierarchy for a smart home system and the corresponding trust model. Based on the naming and trust model, we designed bootstrapping protocols which enforce mutual cryptographic challenges, and a programming template which facilitates Name-based Access Control. We have designed and implemented an application that incorporates these solutions. Evaluation result shows: (a) the bootstrapping protocols can defend against replay attacks with a small computation overhead, and (b) Name-Based Access Control can provide accurate time schedules to restrict access to fine-grained data types with a small computation overhead

On the Security Bootstrapping in Named Data Networking

By requiring all data packets been cryptographically authenticatable, the Named Data Networking (NDN) architecture design provides a basic building block for secured networking. This basic NDN function requires that all entities in an NDN network go through a security bootstrapping process to obtain the initial security credentials. Recent years have witnessed a number of proposed solutions for NDN security bootstrapping protocols. Built upon the existing results, in this paper we take the next step to develop a systematic model of security bootstrapping: Trust-domain Entity Bootstrapping (TEB). This model is based on the emerging concept of trust domain and describes the steps and their dependencies in the bootstrapping process. We evaluate the expressiveness and sufficiency of this model by using it to describe several current bootstrapping protocols

Securing the Internet of Things Communication Using Named Data Networking Approaches

The rapid advancement in sensors and their use in devices has led to the drastic increase of Internet-of-Things (IoT) device applications and usage. A fundamental requirement of an IoT-enabled ecosystem is the device’s ability to communicate with other devices, humans etc. IoT devices are usually highly resource constrained and come with varying capabilities and features. Hence, a host-based communication approach defined by the TCP/IP architecture relying on securing the communication channel between the hosts displays drawbacks especially when working in a highly chaotic environment (common with IoT applications). The discrepancies between requirements of the application and the network supporting the communication demands for a fundamental change in securing the communication in IoT applications. This research along with identifying the fundamental security problems in IoT device lifecycle in the context of secure communication also explores the use of a data-centric approach advocated by a modern architecture called Named Data Networking (NDN). The use of NDN modifies the basis of communication and security by defining data-centric security where the data chunks are secured directly and retrieved using specialized requests in a pull-based approach. This work also identifies the advantages of using semantically-rich names as the basis for IoT communication in the current client-driven environment and reinforces it with best-practices from the existing host-based approaches for such networks. We present in this thesis a number of solutions built to automate and securely onboard IoT devices; encryption, decryption and access control solutions based on semantically rich names and attribute-based schemes. We also provide the design details of solutions to sup- port trustworthy and conditionally private communication among highly resource constrained devices through specialized signing techniques and automated certificate generation and distribution with minimal use of the network resources. We also explore the design solutions for rapid trust establishment and vertically securing communication in applications including smart-grid operations and vehicular communication along with automated and lightweight certificate generation and management techniques. Through all these design details and exploration, we identify the applicability of the data-centric security techniques presented by NDN in securing IoT communication and address the shortcoming of the existing approaches in this area

Enhancing NAC-ABE to Support Access Control for mHealth Applications and Beyond

Name-based access control (NAC) over NDN provides fine-grained data confidentiality and access control by encrypting and signing data at the time of data production. NAC utilizes specially crafted naming conventions to define and enforce access control policies. NAC-ABE, an extension to NAC, uses an attribute-based encryption (ABE) scheme to support access control with improved scalability and flexibility. However, existing NAC-ABE libraries are based on ciphertext-policy ABE (CP-ABE), which requires knowledge of the access policy when encrypting data packets. In some applications, including mHealth, the data access policy is unknown at the time of data generation, while data attributes and properties are known. In this paper, we present an extension to the existing NDN-ABE library which can be used by mHealth and other applications to enforce fine-granularity access control in data sharing. We also discuss the challenges we encountered during the application deployment, and remaining open issues together with potential solution directions

Distributed Data-Gathering and -Processing in Smart Cities: An Information-Centric Approach

The technological advancements along with the proliferation of smart and connected devices (things) motivated the exploration of the creation of smart cities aimed at improving the quality of life, economic growth, and efficient resource utilization. Some recent initiatives defined a smart city network as the interconnection of the existing independent and heterogeneous networks and the infrastructure. However, considering the heterogeneity of the devices, communication technologies, network protocols, and platforms the interoperability of these networks is a challenge requiring more attention. In this paper, we propose the design of a novel Information-Centric Smart City architecture (iSmart), focusing on the demand of the future applications, such as efficient machineto-machine communication, low latency computation offloading, large data communication requirements, and advanced security. In designing iSmart, we use the Named-Data Networking (NDN) architecture as the underlying communication substrate to promote semantics-based communication and achieve seamless compute/data sharing