2,815 research outputs found
Secure communication in IP-based wireless sensor network via a trusted gateway
As the IP-integration of wireless sensor networks enables end-to-end interactions, solutions to appropriately secure these interactions with hosts on the Internet are necessary. At the same time, burdening wireless sensors with heavy security protocols should be avoided. While Datagram TLS (DTLS) strikes a good balance between these requirements, it entails a high cost for setting up communication sessions. Furthermore, not all types of communication have the same security requirements: e.g. some interactions might only require authorization and do not need confidentiality. In this paper we propose and evaluate an approach that relies on a trusted gateway to mitigate the high cost of the DTLS handshake in the WSN and to provide the flexibility necessary to support a variety of security requirements. The evaluation shows that our approach leads to considerable energy savings and latency reduction when compared to a standard DTLS use case, while requiring no changes to the end hosts themselves
IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT
With the rapid growth of the Internet-of-Things (IoT), concerns about the
security of IoT devices have become prominent. Several vendors are producing
IP-connected devices for home and small office networks that often suffer from
flawed security designs and implementations. They also tend to lack mechanisms
for firmware updates or patches that can help eliminate security
vulnerabilities. Securing networks where the presence of such vulnerable
devices is given, requires a brownfield approach: applying necessary protection
measures within the network so that potentially vulnerable devices can coexist
without endangering the security of other devices in the same network. In this
paper, we present IOT SENTINEL, a system capable of automatically identifying
the types of devices being connected to an IoT network and enabling enforcement
of rules for constraining the communications of vulnerable devices so as to
minimize damage resulting from their compromise. We show that IOT SENTINEL is
effective in identifying device types and has minimal performance overhead
Sensor function virtualization to support distributed intelligence in the internet of things
It is estimated that-by 2020-billion devices will be connected to the Internet. This number not only includes TVs, PCs, tablets and smartphones, but also billions of embedded sensors that will make up the "Internet of Things" and enable a whole new range of intelligent services in domains such as manufacturing, health, smart homes, logistics, etc. To some extent, intelligence such as data processing or access control can be placed on the devices themselves. Alternatively, functionalities can be outsourced to the cloud. In reality, there is no single solution that fits all needs. Cooperation between devices, intermediate infrastructures (local networks, access networks, global networks) and/or cloud systems is needed in order to optimally support IoT communication and IoT applications. Through distributed intelligence the right communication and processing functionality will be available at the right place. The first part of this paper motivates the need for such distributed intelligence based on shortcomings in typical IoT systems. The second part focuses on the concept of sensor function virtualization, a potential enabler for distributed intelligence, and presents solutions on how to realize it
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Demo Abstract: Securing Communication in 6LoWPAN with Compressed IPsec
With the inception of IPv6 it is possible to assign
a unique ID to each device on planet. Recently, wireless sensor
networks and traditional IP networks are more tightly integrated
using IPv6 and 6LoWPAN. Real-world deployments of WSN
demand secure communication. The receiver should be able to
verify that sensor data is generated by trusted nodes and/or
it may also be necessary to encrypt sensor data in transit.
Available IPv6 protocol stacks can use IPsec to secure data
exchanges. Thus, it is desirable to extend 6LoWPAN such that
IPsec communication with IPv6 nodes is possible. It is beneficial
to use IPsec because the existing end-points on the Internet do
not need to be modified to communicate securely with the WSN.
Moreover, using IPsec, true end-to-end security is implemented
and the need for a trustworthy gateway is removed.
In this demo we will show the usage of our implemented
lightweight IPsec. We will show how IPsec ensures end-to-end
security between an IP enabled sensor networks and the
traditional Internet. This is the first compressed lightweight
design, implementation, and evaluation of a 6LoWPAN extension
for IPsec. This demo complements the full paper that will appear
in the parent conference, DCOSS’11
Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities
Optimization of energy consumption in future intelligent energy networks (or
Smart Grids) will be based on grid-integrated near-real-time communications
between various grid elements in generation, transmission, distribution and
loads. This paper discusses some of the challenges and opportunities of
communications research in the areas of smart grid and smart metering. In
particular, we focus on some of the key communications challenges for realizing
interoperable and future-proof smart grid/metering networks, smart grid
security and privacy, and how some of the existing networking technologies can
be applied to energy management. Finally, we also discuss the coordinated
standardization efforts in Europe to harmonize communications standards and
protocols.Comment: To be published in IEEE Communications Surveys and Tutorial
Security for the Industrial IoT: The Case for Information-Centric Networking
Industrial production plants traditionally include sensors for monitoring or
documenting processes, and actuators for enabling corrective actions in cases
of misconfigurations, failures, or dangerous events. With the advent of the
IoT, embedded controllers link these `things' to local networks that often are
of low power wireless kind, and are interconnected via gateways to some cloud
from the global Internet. Inter-networked sensors and actuators in the
industrial IoT form a critical subsystem while frequently operating under harsh
conditions. It is currently under debate how to approach inter-networking of
critical industrial components in a safe and secure manner.
In this paper, we analyze the potentials of ICN for providing a secure and
robust networking solution for constrained controllers in industrial safety
systems. We showcase hazardous gas sensing in widespread industrial
environments, such as refineries, and compare with IP-based approaches such as
CoAP and MQTT. Our findings indicate that the content-centric security model,
as well as enhanced DoS resistance are important arguments for deploying
Information Centric Networking in a safety-critical industrial IoT. Evaluation
of the crypto efforts on the RIOT operating system for content security reveal
its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201
Managed ecosystems of networked objects
Small embedded devices such as sensors and actuators will become the cornerstone of the Future Internet. To this end, generic, open and secure communication and service platforms are needed in order to be able to exploit the new business opportunities these devices bring. In this paper, we evaluate the current efforts to integrate sensors and actuators into the Internet and identify the limitations at the level of cooperation of these Internet-connected objects and the possible intelligence at the end points. As a solution, we propose the concept of Managed Ecosystem of Networked Objects, which aims to create a smart network architecture for groups of Internet-connected objects by combining network virtualization and clean-slate end-to-end protocol design. The concept maps to many real-life scenarios and should empower application developers to use sensor data in an easy and natural way. At the same time, the concept introduces many new challenging research problems, but their realization could offer a meaningful contribution to the realization of the Internet of Things
- …