Intégration de la blockchain à l'Internet des objets

L'Internet des objets (IdO) est en train de transformer l'industrie traditionnelle en une industrie intelligente où les décisions sont prises en fonction des données. L'IdO interconnecte de nombreux objets (ou dispositifs) qui effectuent des tâches complexes (e.g., la collecte de données, l'optimisation des services, la transmission de données). Toutefois, les caractéristiques intrinsèques de l'IdO entraînent plusieurs problèmes, tels que la décentralisation, une faible interopérabilité, des problèmes de confidentialité et des failles de sécurité. Avec l'évolution attendue de l'IdO dans les années à venir, il est nécessaire d'assurer la confiance dans cette énorme source d'informations entrantes. La blockchain est apparue comme une technologie clé pour relever les défis de l'IdO. En raison de ses caractéristiques saillantes telles que la décentralisation, l'immuabilité, la sécurité et l'auditabilité, la blockchain a été proposée pour établir la confiance dans plusieurs applications, y compris l'IdO. L'intégration de la blockchain a l'IdO ouvre la porte à de nouvelles possibilités qui améliorent intrinsèquement la fiabilité, la réputation, et la transparence pour toutes les parties concernées, tout en permettant la sécurité. Cependant, les blockchains classiques sont coûteuses en calcul, ont une évolutivité limitée, et nécessitent une bande passante élevée, ce qui les rend inadaptées aux environnements IdO à ressources limitées. L'objectif principal de cette thèse est d'utiliser la blockchain comme un outil clé pour améliorer l'IdO. Pour atteindre notre objectif, nous relevons les défis de la fiabilité des données et de la sécurité de l'IdO en utilisant la blockchain ainsi que de nouvelles technologies émergentes, notamment l'intelligence artificielle (IA). Dans la première partie de cette thèse, nous concevons une blockchain qui garantit la fiabilité des données, adaptée à l'IdO. Tout d'abord, nous proposons une architecture blockchain légère qui réalise la décentralisation en formant un réseau superposé où les dispositifs à ressources élevées gèrent conjointement la blockchain. Ensuite, nous présentons un algorithme de consensus léger qui réduit la puissance de calcul, la capacité de stockage, et la latence de la blockchain. Dans la deuxième partie de cette thèse, nous concevons un cadre sécurisé pour l'IdO tirant parti de la blockchain. Le nombre croissant d'attaques sur les réseaux IdO, et leurs graves effets, rendent nécessaire la création d'un IdO avec une sécurité plus sophistiquée. Par conséquent, nous tirons parti des modèles IA pour fournir une intelligence intégrée dans les dispositifs et les réseaux IdO afin de prédire et d'identifier les menaces et les vulnérabilités de sécurité. Nous proposons un système de détection d'intrusion par IA qui peut détecter les comportements malveillants et contribuer à renforcer la sécurité de l'IdO basé sur la blockchain. Ensuite, nous concevons un mécanisme de confiance distribué basé sur des contrats intelligents de blockchain pour inciter les dispositifs IdO à se comporter de manière fiable. Les systèmes IdO existants basés sur la blockchain souffrent d'une bande passante de communication et d’une évolutivité limitée. Par conséquent, dans la troisième partie de cette thèse, nous proposons un apprentissage machine évolutif basé sur la blockchain pour l'IdO. Tout d'abord, nous proposons un cadre IA multi-tâches qui exploite la blockchain pour permettre l'apprentissage parallèle de modèles. Ensuite, nous concevons une technique de partitionnement de la blockchain pour améliorer l'évolutivité de la blockchain. Enfin, nous proposons un algorithme d'ordonnancement des dispositifs pour optimiser l'utilisation des ressources, en particulier la bande passante de communication.Abstract : The Internet of Things (IoT) is reshaping the incumbent industry into a smart industry featured with data-driven decision making. The IoT interconnects many objects (or devices) that perform complex tasks (e.g., data collection, service optimization, data transmission). However, intrinsic features of IoT result in several challenges, such as decentralization, poor interoperability, privacy issues, and security vulnerabilities. With the expected evolution of IoT in the coming years, there is a need to ensure trust in this huge source of incoming information. Blockchain has emerged as a key technology to address the challenges of IoT. Due to its salient features such as decentralization, immutability, security, and auditability, blockchain has been proposed to establish trust in several applications, including IoT. The integration of IoT and blockchain opens the door for new possibilities that inherently improve trustworthiness, reputation, and transparency for all involved parties, while enabling security. However, conventional blockchains are computationally expensive, have limited scalability, and incur significant bandwidth, making them unsuitable for resource-constrained IoT environments. The main objective of this thesis is to leverage blockchain as a key enabler to improve the IoT. Toward our objective, we address the challenges of data reliability and IoT security using the blockchain and new emerging technologies, including machine learning (ML). In the first part of this thesis, we design a blockchain that guarantees data reliability, suitable for IoT. First, we propose a lightweight blockchain architecture that achieves decentralization by forming an overlay network where high-resource devices jointly manage the blockchain. Then, we present a lightweight consensus algorithm that reduces blockchain computational power, storage capability, and latency. In the second part of this thesis, we design a secure framework for IoT leveraging blockchain. The increasing number of attacks on IoT networks, and their serious effects, make it necessary to create an IoT with more sophisticated security. Therefore, we leverage ML models to provide embedded intelligence in the IoT devices and networks to predict and identify security threats and vulnerabilities. We propose a ML intrusion detection system that can detect malicious behaviors and help further bolster the blockchain-based IoT’s security. Then, we design a distributed trust mechanism based on blockchain smart contracts to incite IoT devices to behave reliably. Existing blockchain-based IoT systems suffer from limited communication bandwidth and scalability. Therefore, in the third part of this thesis, we propose a scalable blockchain-based ML for IoT. First, we propose a multi-task ML framework that leverages the blockchain to enable parallel model learning. Then, we design a blockchain partitioning technique to improve the blockchain scalability. Finally, we propose a device scheduling algorithm to optimize resource utilization, in particular communication bandwidth

Security challenges and solutions for e-business

The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated

Machine Learning based Attacks Detection and Countermeasures in IoT

While the IoT offers important benefits and opportunities for users, the technology raises various security issues and threats. These threats may include spreading IoT botnets through IoT devices which are the common and most malicious security threat in the world of internet. Protecting the IoT devices against these threats and attacks requires efficient detection. While we need to take into consideration IoT devices memory capacity limitation and low power processors. In this paper, we will focus in proposing low power consumption Machine Learning (ML) techniques for detecting IoT botnet attacks using Random forest as ML-based detection method and describing IoT common attacks with its countermeasures. The experimental result of our proposed solution shows higher accuracy. From the results, we conclude that IoT botnet detection is possible; achieving a higher accuracy rate as an experimental result indicates an accuracy rate of over 99.99% where the true positive rate is 1.000 and the false-negative rate is 0.000

SUTMS - Unified Threat Management Framework for Home Networks

Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

Cybersecurity of Digital Service Chains

This open access book presents the main scientific results from the H2020 GUARD project. The GUARD project aims at filling the current technological gap between software management paradigms and cybersecurity models, the latter still lacking orchestration and agility to effectively address the dynamicity of the former. This book provides a comprehensive review of the main concepts, architectures, algorithms, and non-technical aspects developed during three years of investigation; the description of the Smart Mobility use case developed at the end of the project gives a practical example of how the GUARD platform and related technologies can be deployed in practical scenarios. We expect the book to be interesting for the broad group of researchers, engineers, and professionals daily experiencing the inadequacy of outdated cybersecurity models for modern computing environments and cyber-physical systems

Security of Cyber-Physical Systems

Cyber-physical system (CPS) innovations, in conjunction with their sibling computational and technological advancements, have positively impacted our society, leading to the establishment of new horizons of service excellence in a variety of applicational fields. With the rapid increase in the application of CPSs in safety-critical infrastructures, their safety and security are the top priorities of next-generation designs. The extent of potential consequences of CPS insecurity is large enough to ensure that CPS security is one of the core elements of the CPS research agenda. Faults, failures, and cyber-physical attacks lead to variations in the dynamics of CPSs and cause the instability and malfunction of normal operations. This reprint discusses the existing vulnerabilities and focuses on detection, prevention, and compensation techniques to improve the security of safety-critical systems

Cybersecurity of Digital Service Chains

This open access book presents the main scientific results from the H2020 GUARD project. The GUARD project aims at filling the current technological gap between software management paradigms and cybersecurity models, the latter still lacking orchestration and agility to effectively address the dynamicity of the former. This book provides a comprehensive review of the main concepts, architectures, algorithms, and non-technical aspects developed during three years of investigation; the description of the Smart Mobility use case developed at the end of the project gives a practical example of how the GUARD platform and related technologies can be deployed in practical scenarios. We expect the book to be interesting for the broad group of researchers, engineers, and professionals daily experiencing the inadequacy of outdated cybersecurity models for modern computing environments and cyber-physical systems

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks