82 research outputs found
COSMOS: Centinela colaborativa, perfecta y adaptable para la Internet de las cosas
The Internet of Things (IoT) became established during the last decade as an emerging technology with considerable potentialities and applicability. Its paradigm of everything connected together penetrated the real world, with smart devices located in several daily appliances. Such intelligent objects are able to communicate autonomously through already existing network infrastructures, thus generating a more concrete integration between real world and computer-based systems. On the downside, the great benefit carried by the IoT paradigm in our life brings simultaneously severe security issues, since the information exchanged among the objects frequently remains unprotected from malicious attackers. The paper at hand proposes COSMOS (Collaborative, Seamless and Adaptive Sentinel for the Internet of Things), a novel sentinel to protect smart environments from cyber threats. Our sentinel shields the IoT devices using multiple defensive rings, resulting in a more accurate and robust protection. Additionally, we discuss the current deployment of the sentinel on a commodity device (i.e., Raspberry Pi). Exhaustive experiments are conducted on the sentinel, demonstrating that it performs meticulously even in heavily stressing conditions. Each defensive layer is tested, reaching a remarkable performance, thus proving the applicability of COSMOS in a distributed and dynamic scenario such as IoT. With the aim of easing the enjoyment of the proposed sentinel, we further developed a friendly and ease-to-use COSMOS App, so that end-users can manage sentinel(s) directly using their own devices (e.g., smartphone)
Cooperative Abnormal Node Detection with Adversary Resistance: A Probabilistic Approach
This paper presents a novel probabilistic detection scheme called Cooperative
Statistical Detection (CSD) for abnormal node detection while defending against
adversarial attacks in cluster-tree networks. The CSD performs a two-phase
process: 1) designing a likelihood ratio test (LRT) for a non-root node at its
children from the perspective of packet loss; 2) making an overall decision at
the root node based on the aggregated detection data of the nodes over tree
branches. In most adversarial scenarios, malicious children knowing the
detection policy can generate falsified data to protect the abnormal parent
from being detected or frame its normal parent as an anomalous node. To resolve
this issue, a modified Z-score-based falsification-resistant mechanism is
presented in the CSD to remove untrustworthy information. Through theoretical
analysis, we show that the LRT-based method achieves perfect detection, i.e.,
both the false alarm and missed detection probabilities decay exponentially to
zero. Furthermore, the optimal removal threshold of the modified Z-score method
is derived for falsifications with uncertain strategies and guarantees perfect
detection of the CSD. As our simulation results show, the CSD approach is
robust to falsifications and can rapidly reach detection accuracy, even
in existing adversarial scenarios, which outperforms state-of-the-art
technology
Context and communication profiling for IoT security and privacy: techniques and applications
During the last decade, two major technological changes have profoundly changed the way in which users consume and interact with on-line services and applications. The first of these has been the success of mobile computing, in particular that of smartphones, the primary end device used by many users for access to the Internet and various applications. The other change is the emergence of the so-called Internet-of-Things (IoT), denoting a technological transition in which everyday objects like household appliances that traditionally have been seen as stand-alone devices, are given network connectivity by introducing digital communication capabilities to those devices. The topic of this dissertation is related to a core challenge that the emergence of these technologies is introducing: how to effectively manage the security and privacy settings of users and devices in a user-friendly manner in an environment in which an ever-growing number of heterogeneous devices live and co-exist with each other?
In particular we study approaches for utilising profiling of contextual parameters and device communications
in order to make autonomous security decisions with the goal of striking a better balance between a system's security on one hand, and, its usability on the other. We introduce four distinct novel approaches utilising profiling for this end. First, we introduce ConXsense, a system demonstrating the use of user-specific longitudinal profiling of contextual information for modelling the usage context of mobile computing devices. Based on this ConXsense can probabilistically automate security policy decisions affecting security settings of the device.
Further we develop an approach utilising the similarity of contextual parameters observed with on-board sensors of co-located devices to construct proofs of presence that are resilient to context-guessing attacks by adversaries that seek to fool a device into believing the adversary is co-located with it, even though it is in reality not.
We then extend this approach to a context-based key evolution approach that allows IoT devices that are co-present in the same physical environment like the same room to use passively observed context measurements to iteratively authenticate their co-presence and thus gradually establish confidence in the other device being part of the same trust domain, e.g., the set of IoT devices in a user's home. We further analyse the relevant constraints that need to be taken into account to ensure security and usability of context-based authentication.
In the final part of this dissertation we extend the profiling approach to network communications of IoT devices and utilise it to realise the design of the IoTSentinel system for autonomous security policy adaptation in IoT device networks. We show that by monitoring the inherent network traffic of IoT devices during their initial set-up, we can automatically identify the type of device newly added to the network. The device-type information is then used by IoTSentinel to adapt traffic filtering rules automatically to provide isolation of devices that are potentially vulnerable to known attacks, thereby protecting the device itself and the rest of the network from threats arising from possible compromise of vulnerable devices
Unmanned Aerial Vehicle for Internet of Everything: Opportunities and Challenges
The recent advances in information and communication technology (ICT) have
further extended Internet of Things (IoT) from the sole "things" aspect to the
omnipotent role of "intelligent connection of things". Meanwhile, the concept
of internet of everything (IoE) is presented as such an omnipotent extension of
IoT. However, the IoE realization meets critical challenges including the
restricted network coverage and the limited resource of existing network
technologies. Recently, Unmanned Aerial Vehicles (UAVs) have attracted
significant attentions attributed to their high mobility, low cost, and
flexible deployment. Thus, UAVs may potentially overcome the challenges of IoE.
This article presents a comprehensive survey on opportunities and challenges of
UAV-enabled IoE. We first present three critical expectations of IoE: 1)
scalability requiring a scalable network architecture with ubiquitous coverage,
2) intelligence requiring a global computing plane enabling intelligent things,
3) diversity requiring provisions of diverse applications. Thereafter, we
review the enabling technologies to achieve these expectations and discuss four
intrinsic constraints of IoE (i.e., coverage constraint, battery constraint,
computing constraint, and security issues). We then present an overview of
UAVs. We next discuss the opportunities brought by UAV to IoE. Additionally, we
introduce a UAV-enabled IoE (Ue-IoE) solution by exploiting UAVs's mobility, in
which we show that Ue-IoE can greatly enhance the scalability, intelligence and
diversity of IoE. Finally, we outline the future directions in Ue-IoE.Comment: 21 pages, 9 figure
A Survey on Energy Optimization Techniques in UAV-Based Cellular Networks: From Conventional to Machine Learning Approaches
Wireless communication networks have been witnessing an unprecedented demand
due to the increasing number of connected devices and emerging bandwidth-hungry
applications. Albeit many competent technologies for capacity enhancement
purposes, such as millimeter wave communications and network densification,
there is still room and need for further capacity enhancement in wireless
communication networks, especially for the cases of unusual people gatherings,
such as sport competitions, musical concerts, etc. Unmanned aerial vehicles
(UAVs) have been identified as one of the promising options to enhance the
capacity due to their easy implementation, pop up fashion operation, and
cost-effective nature. The main idea is to deploy base stations on UAVs and
operate them as flying base stations, thereby bringing additional capacity to
where it is needed. However, because the UAVs mostly have limited energy
storage, their energy consumption must be optimized to increase flight time. In
this survey, we investigate different energy optimization techniques with a
top-level classification in terms of the optimization algorithm employed;
conventional and machine learning (ML). Such classification helps understand
the state of the art and the current trend in terms of methodology. In this
regard, various optimization techniques are identified from the related
literature, and they are presented under the above mentioned classes of
employed optimization methods. In addition, for the purpose of completeness, we
include a brief tutorial on the optimization methods and power supply and
charging mechanisms of UAVs. Moreover, novel concepts, such as reflective
intelligent surfaces and landing spot optimization, are also covered to capture
the latest trend in the literature.Comment: 41 pages, 5 Figures, 6 Tables. Submitted to Open Journal of
Communications Society (OJ-COMS
IoT-inspired Framework for Real-time Prediction of Forest Fire
Wildfires are one of the most devastating catastrophes and can inflict tremendous losses to life and nature. Moreover, the loss of civilization is incomprehensible, potentially extending suddenly over vast land sectors. Global warming has contributed to increased forest fires, but it needs immediate attention from the organizations involved. This analysis aims to forecast forest fires to reduce losses and take decisive measures in the direction of protection. Specifically, this study suggests an energy-efficient IoT architecture for the early detection of wildfires backed by fog-cloud computing technologies. To evaluate the repeatable information obtained from IoT sensors in a time-sensitive manner, Jaccard similarity analysis is used. This data is assessed in the fog processing layer and reduces the single value of multidimensional data called the Forest Fire Index. Finally, based on Wildfire Triggering Criteria, the Artificial Neural Network (ANN) is used to simulate the susceptibility of the forest area. ANN are intelligent techniques for inferring future outputs as these can be made hybrid with fuzzy methods for decision-modeling. For productive visualization of the geographical location of wildfire vulnerability, the Self-Organized Mapping Technique is used. Simulation of the implementation is done over multiple datasets. For total efficiency assessment, outcomes are contrasted in comparison to other techniqueS
Automatic Ownership Change Detection for IoT devices
Considering the constant increases in Internet Of Things (IoT) smart home devices prevalence, their ownership is likely to change. This introduces novel privacy issues. Smart home devices store owner’s sensitive information, which needs to be handled securely in case of change in device ownership. Currently employed smart home devices cannot detect changes in their ownership, which raises a great number of privacy and security issues. To address this problem, we propose a system called FoundIoT for automatic detection of IoT device ownership change. FoundIoT provides a technique to detect change of ownership based on device context, which is inferred by monitoring wireless communication channels. Finally, we present a prototype implementation of FoundIoT for the proposed automatic ownership change detection technique. We show that FoundIoT achieves a satisfactory performance. The implementation is supported by a wide range of IoT devices and demonstrates a high speed (up to 1 minute 39 seconds) and 100% accuracy of ownership change detection
Recommended from our members
A pattern-based framework for the design of secure and dependable SDN/NFV-enabled networks
As the world becomes an interconnected network where objects and humans interact, cyber and physical networks appear to play an important role in smart ecosystems due to their increasing use on critical infrastructure and smart cities. Software Defined Networking (SDN) and Network Function Virtualisation (NFV) are a promising combination for programmable connectivity, rapid service provisioning and service chaining as they offer the necessary end-to-end optimisations. However, with the actual exponential growth of connected devices, future networks, such as SDN and NFV, require open architectures, facilitated by standards and a strong ecosystem.In this thesis, a model-based approach is proposed to support the design and verification of secure and dependable SDN/NFV-enabled networks. The model is based on the development of a pattern-based approach to design executable patterns as solutions for reusable designs and interactions of objects, encoded in a rule based reasoning system, able to guarantee security and dependability (S&D) properties in SDN/NFV enabled networks. To execute S&D patterns, a pattern based framework is implemented for the insertion of patterns at design and at runtime level. The developed pattern framework highlights also the benefit of leveraging the flexibility of SDN/NFV-enabled networks to deploy enhanced reactive security mechanisms for the protection of the industrial network via the use of service function chaining (SFC). To prove the importance of this approach and the functionality of the pattern framework, different pattern instances are implemented to guarantee S&D in network infrastructures. The developed design patterns are able to design network topologies, guarantee network properties and offer security service provisioning and chaining. Finally, in order to evaluate the developed patterns in the pattern framework, three different use cases are described, where a number of usage scenarios are deployed and evaluated experimentally
A Hybrid SDN-based Architecture for Wireless Networks
With new possibilities brought by the Internet of Things (IoT) and edge computing, the traffic demand of wireless networks increases dramatically. A more sophisticated network management framework is required to handle the flow routing and resource allocation for different users and services. By separating the network control and data planes, Software-defined Networking (SDN) brings flexible and programmable network control, which is considered as an appropriate solution in this scenario.Although SDN has been applied in traditional networks such as data centers with great successes, several unique challenges exist in the wireless environment. Compared with wired networks, wireless links have limited capacity. The high mobility of IoT and edge devices also leads to network topology changes and unstable link qualities. Such factors restrain the scalability and robustness of an SDN control plane. In addition, the coexistence of heterogeneous wireless and IoT protocols with distinct representations of network resources making it difficult to process traffic with state-of-the-art SDN standards such as OpenFlow. In this dissertation, we design a novel architecture for the wireless network management. We propose multiple techniques to better adopt SDN to relevant scenarios. First, while maintaining the centralized control plane logically, we deploy multiple SDN controller instances to ensure their scalability and robustness. We propose algorithms to determine the controllers\u27 locations and synchronization rates that minimize the communication costs. Then, we consider handling heterogeneous protocols in Radio Access Networks (RANs). We design a network slicing orchestrator enabling allocating resources across different RANs controlled by SDN, including LTE and Wi-Fi. Finally, we combine the centralized controller with local intelligence, including deploying another SDN control plane in edge devices locally, and offloading network functions to a programmable data plane. In all these approaches, we evaluate our solutions with both large-scale emulations and prototypes implemented in real devices, demonstrating the improvements in multiple performance metrics compared with state-of-the-art methods
- …