Modelling the Integrated QoS for Wireless Sensor Networks with Heterogeneous Data Traffic

The future of Internet of Things (IoT) is envisaged to consist of a high amount of wireless resource-constrained devices connected to the Internet. Moreover, a lot of novel real-world services offered by IoT devices are realized by wireless sensor networks (WSNs). Integrating WSN to the Internet has therefore brought forward the requirements of an end-to-end quality of service (QoS) guarantee. In this paper, the QoS requirements for the WSN-Internet integration are investigated by first distinguishing the Internet QoS from the WSN QoS. Next, this study emphasizes on WSN applications that involve traffic with different levels of importance, thus the way realtime traffic and delay-tolerant traffic are handled to guarantee QoS in the network is studied. Additionally, an overview of the integration strategies is given, and the delay-tolerant network (DTN) gateway, being one of the desirable approaches for integrating WSNs to the Internet, is discussed. Next, the implementation of the service model is presented, by considering both traffic prioritization and service differentiation. Based on the simulation results in OPNET Modeler, it is observed that real-time traffic achieve low bound delay while delay-tolerant traffic experience a lower packet dropped, hence indicating that the needs of real-time and delay-tolerant traffic can be better met by treating both packet types differently. Furthermore, a vehicular network is used as an example case to describe the applicability of the framework in a real IoT application environment, followed by a discussion on the future work of this research

An Enhanced Algorithm to Find Dominating Set Nodes in Ad Hoc Wireless Networks

A wireless ad hoc network is a collection of wireless mobile nodes forming a temporary network without the aid of any established infrastructure or centralized administration. A connection is achieved between two nodes through a single hop transmission if they are directly connected or multi-hop transmission if they are not. The wireless networks face challenges to form an optimal routing protocol. Some approaches are based on a dominating set, which has all the nodes either in the set or within its neighborhood. The proposed algorithm is an enhancement of the distributed algorithm proposed by Wu and Li. The simulation results from the new algorithm are compared to results from Wu and Li’s algorithm. The simulation results show that the average dominating set of nodes decreased considerable after applying the new algorithm. The decrease in number of dominate set nodes is not very much noticeable in low density space

A survey on Bluetooth multi-hop networks

Bluetooth was firstly announced in 1998. Originally designed as cable replacement connecting devices in a point-to-point fashion its high penetration arouses interest in its ad-hoc networking potential. This ad-hoc networking potential of Bluetooth is advertised for years - but until recently no actual products were available and less than a handful of real Bluetooth multi-hop network deployments were reported. The turnaround was triggered by the release of the Bluetooth Low Energy Mesh Profile which is unquestionable a great achievement but not well suited for all use cases of multi-hop networks. This paper surveys the tremendous work done on Bluetooth multi-hop networks during the last 20 years. All aspects are discussed with demands for a real world Bluetooth multi-hop operation in mind. Relationships and side effects of different topics for a real world implementation are explained. This unique focus distinguishes this survey from existing ones. Furthermore, to the best of the authors’ knowledge this is the first survey consolidating the work on Bluetooth multi-hop networks for classic Bluetooth technology as well as for Bluetooth Low Energy. Another individual characteristic of this survey is a synopsis of real world Bluetooth multi-hop network deployment efforts. In fact, there are only four reports of a successful establishment of a Bluetooth multi-hop network with more than 30 nodes and only one of them was integrated in a real world application - namely a photovoltaic power plant. © 2019 The Author

Diversification and obfuscation techniques for software security: A systematic literature review

Context: Diversification and obfuscation are promising techniques for securing software and protecting computers from harmful malware. The goal of these techniques is not removing the security holes, but making it difficult for the attacker to exploit security vulnerabilities and perform successful attacks.Objective: There is an increasing body of research on the use of diversification and obfuscation techniques for improving software security; however, the overall view is scattered and the terminology is unstructured. Therefore, a coherent review gives a clear statement of state-of-the-art, normalizes the ongoing discussion and provides baselines for future research.Method: In this paper, systematic literature review is used as the method of the study to select the studies that discuss diversification/obfuscation techniques for improving software security. We present the process of data collection, analysis of data, and report the results.Results: As the result of the systematic search, we collected 357 articles relevant to the topic of our interest, published between the years 1993 and 2017. We studied the collected articles, analyzed the extracted data from them, presented classification of the data, and enlightened the research gaps.Conclusion: The two techniques have been extensively used for various security purposes and impeding various types of security attacks. There exist many different techniques to obfuscate/diversify programs, each of which targets different parts of the programs and is applied at different phases of software development life-cycle. Moreover, we pinpoint the research gaps in this field, for instance that there are still various execution environments that could benefit from these two techniques, including cloud computing, Internet of Things (IoT), and trusted computing. We also present some potential ideas on applying the techniques on the discussed environments.</p

Optimization and Learning in Energy Efficient Cognitive Radio System

Energy efficiency and spectrum efficiency are two biggest concerns for wireless communication. The constrained power supply is always a bottleneck to the modern mobility communication system. Meanwhile, spectrum resource is extremely limited but seriously underutilized. Cognitive radio (CR) as a promising approach could alleviate the spectrum underutilization and increase the quality of service. In contrast to traditional wireless communication systems, a distinguishing feature of cognitive radio systems is that the cognitive radios, which are typically equipped with powerful computation machinery, are capable of sensing the spectrum environment and making intelligent decisions. Moreover, the cognitive radio systems differ from traditional wireless systems that they can adapt their operating parameters, i.e. transmission power, channel, modulation according to the surrounding radio environment to explore the opportunity. In this dissertation, the study is focused on the optimization and learning of energy efficiency in the cognitive radio system, which can be considered to better utilize both the energy and spectrum resources. Firstly, drowsy transmission, which produces optimized idle period patterns and selects the best sleep mode for each idle period between two packet transmissions through joint power management and transmission power control/rate selection, is introduced to cognitive radio transmitter. Both the optimal solution by dynamic programming and flexible solution by reinforcement learning are provided. Secondly, when cognitive radio system is benefited from the theoretically infinite but unsteady harvested energy, an innovative and flexible control framework mainly based on model predictive control is designed. The solution to combat the problems, such as the inaccurate model and myopic control policy introduced by MPC, is given. Last, after study the optimization problem for point-to-point communication, multi-objective reinforcement learning is applied to the cognitive radio network, an adaptable routing algorithm is proposed and implemented. Epidemic propagation is studied to further understand the learning process in the cognitive radio network

Performance metrics and routing in vehicular ad hoc networks

The aim of this thesis is to propose a method for enhancing the performance of Vehicular Ad hoc Networks (VANETs). The focus is on a routing protocol where performance metrics are used to inform the routing decisions made. The thesis begins by analysing routing protocols in a random mobility scenario with a wide range of node densities. A Cellular Automata algorithm is subsequently applied in order to create a mobility model of a highway, and wide range of density and transmission range are tested. Performance metrics are introduced to assist the prediction of likely route failure. The Good Link Availability (GLA) and Good Route Availability (GRA) metrics are proposed which can be used for a pre-emptive action that has the potential to give better performance. The implementation framework for this method using the AODV routing protocol is also discussed. The main outcomes of this research can be summarised as identifying and formulating methods for pre-emptive actions using a Cellular Automata with NS-2 to simulate VANETs, and the implementation method within the AODV routing protocol

MP-CFM: MPTCP-Based communication functional module for next generation ERTMS

184 p. El contenido de los capítulos 4,5,6,7,8 y 9 está sujeto a confidencialidadEl Sistema Europeo de Gestión del Tráfico Ferroviario (ERTMS, por sus siglasen inglés), fue originalmente diseñado para los ferrocarriles europeos. Sinembargo, a lo largo de las dos últimas décadas, este sistema se ha convertidoen el estándar de-facto para los servicios de Alta Velocidad en la mayoría depaíses desarrollados.El sistema ERTMS se compone de tres subsistemas principales: 1) el Sistemade Control Ferroviario Europeo (ETCS, por sus siglas en inglés), que actúacomo aplicación de señalización; 2) el sistema Euroradio, que a su vez estádividido en dos subsistemas, el Módulo de Seguridad Funcional (SFM, porsus siglas en inglés), y el Módulo de Comunicación Funcional (CFM, porsus siglas en inglés); y 3) el sistema de comunicaciones subyacente, GSM-R,que transporta la información intercambiada entre el sistema embarcado enel tren (OBU, por sus siglas en inglés) y el Centro de Bloqueo por Radio(RBC, por sus siglas en inglés). El sistema de señalización ETCS soporta tresniveles dependiendo del nivel de prestaciones soportadas. En el nivel 3 seintroduce la posibilidad de trabajar con bloques móviles en lugar de bloquesfijos definidos en la vía. Esto implica que la distancia de avance entre dos trenesconsecutivos puede ser reducida a una distancia mínima en la que se garanticela seguridad del servicio, aumentando por tanto la capacidad del corredorferroviario. Esta distancia de seguridad viene determinada por la combinaciónde la distancia de frenado del tren y el retraso de las comunicaciones deseñalización. Por lo tanto, se puede afirmar que existe una relación directaentre los retrasos y la confiabilidad de las transmisiones de las aplicaciones deseñalización y la capacidad operacional de un corredor ferroviario. Así pues,el estudio y mejora de los sistemas de comunicaciones utilizados en ERTMSjuegan un papel clave en la evolución del sistema ERTMS. Asimismo, unaoperatividad segura en ERTMS, desde el punto de vista de las comunicacionesimplicadas en la misma, viene determinada por la confiabilidad de lascomunicaciones, la disponibilidad de sus canales de comunicación, el retrasode las comunicaciones y la seguridad de sus mensajes.Unido este hecho, la industria ferroviaria ha venido trabajando en ladigitalización y la transición al protocolo IP de la mayor parte de los sistemasde señalización. Alineado con esta tendencia, el consorcio industrial UNISIGha publicado recientemente un nuevo modelo de comunicaciones para ERTMSque incluye la posibilidad, no solo de operar con el sistema tradicional,basado en tecnología de conmutación de circuitos, sino también con un nuevosistema basado en IP. Esta tesis está alineada con el contexto de migraciónactual y pretende contribuir a mejorar la disponibilidad, confiabilidad yseguridad de las comunicaciones, tomando como eje fundamental los tiemposde transmisión de los mensajes, con el horizonte puesto en la definición deuna próxima generación de ERTMS, definida en esta tesis como NGERTMS.En este contexto, se han detectado tres retos principales para reforzar laresiliencia de la arquitectura de comunicaciones del NGERTMS: 1) mejorarla supervivencia de las comunicaciones ante disrupciones; 2) superar laslimitaciones actuales de ERTMS para enviar mensajes de alta prioridad sobretecnología de conmutación de paquetes, dotando a estos mensajes de un mayorgrado de resiliencia y menor latencia respecto a los mensajes ordinarios; y3) el aumento de la seguridad de las comunicaciones y el incremento de ladisponibilidad sin que esto conlleve un incremento en la latencia.Considerando los desafíos previamente descritos, en esta tesis se proponeuna arquitectura de comunicaciones basada en el protocolo MPTCP, llamadaMP-CFM, que permite superar dichos desafíos, a la par que mantener laretrocompatibilidad con el sistema de comunicaciones basado en conmutaciónde paquetes recientemente propuesto por UNISIG. Hasta el momento, esta esla primera vez que se propone una arquitectura de comunicaciones completacapaz de abordar los desafíos mencionados anteriormente. Esta arquitecturaimplementa cuatro tipos de clase de servicio, los cuales son utilizados porlos paquetes ordinarios y de alta prioridad para dos escenarios distintos; unescenario en el que ambos extremos, el sistema embarcado o OBU y el RBC,disponen de múltiples interfaces de red; y otro escenario transicional en el cualel RBC sí tiene múltiples interfaces de red pero el OBU solo dispone de unaúnica interfaz. La arquitectura de comunicaciones propuesta para el entornoferroviario ha sido validada mediante un entorno de simulación desarrolladopara tal efecto. Es más, dichas simulaciones demuestran que la arquitecturapropuesta, ante disrupciones de canal, supera con creces en términos derobustez el sistema diseñado por UNISIG. Como conclusión, se puede afirmarque en esta tesis se demuestra que una arquitectura de comunicaciones basadade MPTCP cumple con los exigentes requisitos establecidos para el NGERTMSy por tanto dicha propuesta supone un avance en la evolución del sistema deseñalización ferroviario europeo

Security and trust in cloud computing and IoT through applying obfuscation, diversification, and trusted computing technologies

Cloud computing and Internet of Things (IoT) are very widely spread and commonly used technologies nowadays. The advanced services offered by cloud computing have made it a highly demanded technology. Enterprises and businesses are more and more relying on the cloud to deliver services to their customers. The prevalent use of cloud means that more data is stored outside the organization’s premises, which raises concerns about the security and privacy of the stored and processed data. This highlights the significance of effective security practices to secure the cloud infrastructure. The number of IoT devices is growing rapidly and the technology is being employed in a wide range of sectors including smart healthcare, industry automation, and smart environments. These devices collect and exchange a great deal of information, some of which may contain critical and personal data of the users of the device. Hence, it is highly significant to protect the collected and shared data over the network; notwithstanding, the studies signify that attacks on these devices are increasing, while a high percentage of IoT devices lack proper security measures to protect the devices, the data, and the privacy of the users. In this dissertation, we study the security of cloud computing and IoT and propose software-based security approaches supported by the hardware-based technologies to provide robust measures for enhancing the security of these environments. To achieve this goal, we use obfuscation and diversification as the potential software security techniques. Code obfuscation protects the software from malicious reverse engineering and diversification mitigates the risk of large-scale exploits. We study trusted computing and Trusted Execution Environments (TEE) as the hardware-based security solutions. Trusted Platform Module (TPM) provides security and trust through a hardware root of trust, and assures the integrity of a platform. We also study Intel SGX which is a TEE solution that guarantees the integrity and confidentiality of the code and data loaded onto its protected container, enclave. More precisely, through obfuscation and diversification of the operating systems and APIs of the IoT devices, we secure them at the application level, and by obfuscation and diversification of the communication protocols, we protect the communication of data between them at the network level. For securing the cloud computing, we employ obfuscation and diversification techniques for securing the cloud computing software at the client-side. For an enhanced level of security, we employ hardware-based security solutions, TPM and SGX. These solutions, in addition to security, ensure layered trust in various layers from hardware to the application. As the result of this PhD research, this dissertation addresses a number of security risks targeting IoT and cloud computing through the delivered publications and presents a brief outlook on the future research directions.Pilvilaskenta ja esineiden internet ovat nykyään hyvin tavallisia ja laajasti sovellettuja tekniikkoja. Pilvilaskennan pitkälle kehittyneet palvelut ovat tehneet siitä hyvin kysytyn teknologian. Yritykset enenevässä määrin nojaavat pilviteknologiaan toteuttaessaan palveluita asiakkailleen. Vallitsevassa pilviteknologian soveltamistilanteessa yritykset ulkoistavat tietojensa käsittelyä yrityksen ulkopuolelle, minkä voidaan nähdä nostavan esiin huolia taltioitavan ja käsiteltävän tiedon turvallisuudesta ja yksityisyydestä. Tämä korostaa tehokkaiden turvallisuusratkaisujen merkitystä osana pilvi-infrastruktuurin turvaamista. Esineiden internet -laitteiden lukumäärä on nopeasti kasvanut. Teknologiana sitä sovelletaan laajasti monilla sektoreilla, kuten älykkäässä terveydenhuollossa, teollisuusautomaatiossa ja älytiloissa. Sellaiset laitteet keräävät ja välittävät suuria määriä informaatiota, joka voi sisältää laitteiden käyttäjien kannalta kriittistä ja yksityistä tietoa. Tästä syystä johtuen on erittäin merkityksellistä suojata verkon yli kerättävää ja jaettavaa tietoa. Monet tutkimukset osoittavat esineiden internet -laitteisiin kohdistuvien tietoturvahyökkäysten määrän olevan nousussa, ja samaan aikaan suuri osuus näistä laitteista ei omaa kunnollisia teknisiä ominaisuuksia itse laitteiden tai niiden käyttäjien yksityisen tiedon suojaamiseksi. Tässä väitöskirjassa tutkitaan pilvilaskennan sekä esineiden internetin tietoturvaa ja esitetään ohjelmistopohjaisia tietoturvalähestymistapoja turvautumalla osittain laitteistopohjaisiin teknologioihin. Esitetyt lähestymistavat tarjoavat vankkoja keinoja tietoturvallisuuden kohentamiseksi näissä konteksteissa. Tämän saavuttamiseksi työssä sovelletaan obfuskaatiota ja diversifiointia potentiaalisiana ohjelmistopohjaisina tietoturvatekniikkoina. Suoritettavan koodin obfuskointi suojaa pahantahtoiselta ohjelmiston takaisinmallinnukselta ja diversifiointi torjuu tietoturva-aukkojen laaja-alaisen hyödyntämisen riskiä. Väitöskirjatyössä tutkitaan luotettua laskentaa ja luotettavan laskennan suoritusalustoja laitteistopohjaisina tietoturvaratkaisuina. TPM (Trusted Platform Module) tarjoaa turvallisuutta ja luottamuksellisuutta rakentuen laitteistopohjaiseen luottamukseen. Pyrkimyksenä on taata suoritusalustan eheys. Työssä tutkitaan myös Intel SGX:ää yhtenä luotettavan suorituksen suoritusalustana, joka takaa suoritettavan koodin ja datan eheyden sekä luottamuksellisuuden pohjautuen suojatun säiliön, saarekkeen, tekniseen toteutukseen. Tarkemmin ilmaistuna työssä turvataan käyttöjärjestelmä- ja sovellusrajapintatasojen obfuskaation ja diversifioinnin kautta esineiden internet -laitteiden ohjelmistokerrosta. Soveltamalla samoja tekniikoita protokollakerrokseen, työssä suojataan laitteiden välistä tiedonvaihtoa verkkotasolla. Pilvilaskennan turvaamiseksi työssä sovelletaan obfuskaatio ja diversifiointitekniikoita asiakaspuolen ohjelmistoratkaisuihin. Vankemman tietoturvallisuuden saavuttamiseksi työssä hyödynnetään laitteistopohjaisia TPM- ja SGX-ratkaisuja. Tietoturvallisuuden lisäksi nämä ratkaisut tarjoavat monikerroksisen luottamuksen rakentuen laitteistotasolta ohjelmistokerrokseen asti. Tämän väitöskirjatutkimustyön tuloksena, osajulkaisuiden kautta, vastataan moniin esineiden internet -laitteisiin ja pilvilaskentaan kohdistuviin tietoturvauhkiin. Työssä esitetään myös näkemyksiä jatkotutkimusaiheista

Proposta de um protocolo de roteamento autoconfigurável para redes mesh em Bluetooth Low Energy (BLE) baseado em proactive source routing

Orientador: Yuzo IanoTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: A Internet das Coisas (Internet of Things ¿ IoT) visa a criação de ambientes inteligentes como domótica, comunicação intra-veicular e redes de sensores sem fio (Wireless Sensor Network ¿ WSN), sendo que atualmente essa tecnologia vem crescendo de forma rápida. Uma das tecnologias sem fio utilizada para aplicações de curta distância que se encontra mais acessível à população, em geral, é o Bluetooth. No final de 2010, o Bluetooth Special Interest Group (Bluetooth SIG), lançou a especificação Bluetooth 4.0 e, como parte dessa especificação, tem-se o Bluetooth Low Energy (BLE). O BLE é uma tecnologia sem fio de baixíssimo consumo de potência, que pode ser alimentada por uma bateria tipo moeda, ou até mesmo por indução elétrica (energy harvesting). A natureza do Bluetooth (e BLE) é baseada na conexão do tipo Mestre/Escravo. Muitos estudos mostram como criar redes mesh baseadas no Bluetooth clássico, que são conhecidas como Scatternets, onde alguns nós são utilizados como escravos com o objetivo de repassar os dados entre os mestres. Contudo, o BLE não tinha suporte para a mudança entre mestre e escravo até o lançamento da especificação Bluetooth 4.1, em 2013. A capacidade de uma tecnologia sem fio para IoT de criar uma rede ad-hoc móvel (Mobile Ad-hoc Network ¿ MANET) é vital para poder suportar uma grande quantidade de sensores, periféricos e dispositivos que possam coexistir em qualquer ambiente. Este trabalho visa propor um novo método de autoconfiguração para BLE, com descoberta de mapa de roteamento e manutenção, sem a necessidade de mudanças entre mestre e escravo, sendo compatível com os dispositivos Bluetooth 4.0, assim como com os 4.1 e mais recentes. Qualquer protocolo de mensagens pode aproveitar o método proposto para descobrir e manter a topologia de rede mesh em cada um dos seus nósAbstract: Nowadays, the Internet of Things (IoT) is spreading rapidly towards creating smart environments. Home automation, intra-vehicular interaction, and wireless sensor networks (WSN) are among the most popular applications discussed in IoT literature. One of the most available and popular wireless technologies for short-range operations is Bluetooth. In late 2010, the Bluetooth Special Interest Group (SIG) launched the Bluetooth 4.0 Specification, which brings Bluetooth Low Energy (BLE) as part of the specification. BLE characterises as being a very low power wireless technology, capable of working on a coin-cell or even by energy scavenging. Nevertheless, the nature of Bluetooth (and BLE) has always been a connection-oriented communication in a Master/Slave configuration. Several studies exist showing how to create mesh networks for Classic Bluetooth, called Scatternets, by utilizing some nodes as slaves to relay data between Masters. However, BLE didn¿t support role changing until the 4.1 Specification released in 2013. The capability of a wireless technology to create a Mobile Ad-Hoc Network (MANET) is vital for supporting the plethora of sensors, peripherals, and devices that could coexist in any IoT environment. This work focuses on proposing a new autoconfiguring dynamic address allocation scheme for a BLE Ad-Hoc network, and a network map discovery and maintenance mechanism that doesn¿t require role changing, thus being possible to implement it in 4.0 compliant devices as well as 4.1 or later to develop a MANET. Any ad-hoc routing protocol can utilise the proposed method to discover, keep track, and maintain the mesh network node topology in each of their nodesDoutoradoTelecomunicações e TelemáticaDoutor em Engenharia ElétricaCAPE