Targeted content delivery to IoT devices using bloom filters

© Springer International Publishing AG 2017. The increasing number of smart interactive devices connected to the network opens new business opportunities for digital content and advertisement providers, interested in reaching out to new customer audiences. To this end, they employ various device discovery and data collection techniques to gather user- and device-specific information in order to build a user profile and deliver targeted content accordingly. However, the extreme (and constantly growing) number of smart devices, dynamically connecting to and disconnecting from a network in the IoT scenario, renders existing routing techniques, such as multicasting and broadcasting, unscalable, especially when using the IPv6 128-bit addresses. Moreover, these existing solutions can hardly provide information about technical capabilities of end devices. To address this limitation, this paper discusses the potential of implementing the IoT device discovery for device-specific content delivery, based on device properties, such as screen size and resolution, network connectivity, presence of speakers, supported languages, etc., and presents an approach to enable property-based access to IoT nodes using Bloom filters. The proposed approach demonstrates space- and network-efficient characteristics, as well as provides an opportunity to perform device discovery at various granularity levels

Towards a Sustainable IoT with Last-Mile Software Deployment

Billions of sensor-enabled IoT devices generate extreme amounts of e- waste. Because of the low cost and short lifespan of electronic components, it is often more convenient for consumers to buy a new device instead of re-using or re-purposing the old one. With the increased computing and connectivity capabilities, IoT devices can already receive code updates for new purposes (and thus extend their lifespan), but the cost of such operations often exceeds the price of device replacement due to constrained resources, hindered network connectivity, and distributed placement. This paper describes how these existing capabilities can enable last-mile software deployment at scale. We propose a hierarchical architecture for provisioning software updates from the cloud to terminal devices via edge gateways in a scalable and targeted manner. By enabling such an end-to-end software deployment architecture, the approach promotes hardware re-use via re-purposing and thus contributes to the creation of a more sustainable IoT.acceptedVersio

Efficient Key Management Schemes for Smart Grid

With the increasing digitization of different components of Smart Grid by incorporating smart(er) devices, there is an ongoing effort to deploy them for various applications. However, if these devices are compromised, they can reveal sensitive information from such systems. Therefore, securing them against cyber-attacks may represent the first step towards the protection of the critical infrastructure. Nevertheless, realization of the desirable security features such as confidentiality, integrity and authentication relies entirely on cryptographic keys that can be either symmetric or asymmetric. A major need, along with this, is to deal with managing these keys for a large number of devices in Smart Grid. While such key management can be easily addressed by transferring the existing protocols to Smart Grid domain, this is not an easy task, as one needs to deal with the limitations of the current communication infrastructures and resource-constrained devices in Smart Grid. In general, effective mechanisms for Smart Grid security must guarantee the security of the applications by managing (1) key revocation; and (2) key exchange. Moreover, such management should be provided without compromising the general performance of the Smart Grid applications and thus needs to incur minimal overhead to Smart Grid systems. This dissertation aims to fill this gap by proposing specialized key management techniques for resource and communication constrained Smart Grid environments. Specifically, motivated by the need of reducing the revocation management overhead, we first present a distributed public key revocation management scheme for Advanced Metering Infrastructure (AMI) by utilizing distributed hash trees (DHTs). The basic idea is to enable sharing of the burden among smart meters to reduce the overall overhead. Second, we propose another revocation management scheme by utilizing cryptographic accumulators, which reduces the space requirements for revocation information significantly. Finally, we turn our attention to symmetric key exchange problem and propose a 0-Round Trip Time (RTT) message exchange scheme to minimize the message exchanges. This scheme enables a lightweight yet secure symmetric key-exchange between field devices and the control center in Smart Gird by utilizing a dynamic hash chain mechanism. The evaluation of the proposed approaches show that they significantly out-perform existing conventional approaches

A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions

One of the significant challenges that smart grid networks face is cyber-security. Several studies have been conducted to highlight those security challenges. However, the majority of these surveys classify attacks based on the security requirements, confidentiality, integrity, and availability, without taking into consideration the accountability requirement. In addition, some of these surveys focused on the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which does not differentiate between the application, session, and presentation and the data link and physical layers of the Open System Interconnection (OSI) model. In this survey paper, we provide a classification of attacks based on the OSI model and discuss in more detail the cyber-attacks that can target the different layers of smart grid networks communication. We also propose new classifications for the detection and countermeasure techniques and describe existing techniques under each category. Finally, we discuss challenges and future research directions

Intermediate Certificate Suppression in Post-Quantum TLS: An Approximate Membership Querying Approach

Quantum computing advances threaten the security of today\u27s public key infrastructure, and have led to the pending standardization of alternative, quantum-resistant key encapsulation and digital signature cryptography schemes. Unfortunately, authentication algorithms based on the new post-quantum (PQ) cryptography create significant performance bottlenecks for TLS due to larger certificate chains which introduce additional packets and round-trips. The TLS handshake slowdown will be unacceptable to many applications, and detrimental to the broader adoption of quantum safe cryptography standards. In this paper, we propose a novel framework for Intermediate Certificate Authority (ICA) certificate suppression in TLS that reduces the authentication message size and prevents excessive round-trip delays. Our approach utilizes an approximate membership query (AMQ) data structure (probabilistic filter) to advertise known ICA certs to remote TLS endpoints so that unnecessary ICA certificates are omitted from the TLS handshake exchange. We showcase the extend of the PQ authentication overhead challenge in TLS, and evaluate the feasibility of AMQ filters for ICA suppression in terms of space and computational overhead. Finally, we experimentally evaluate the potential gains form our approach and showcase a $70\%$ reduction in exchanged ICA cert data that translates to 15-50 MB of savings in PQ TLS and for certain Web-based application scenarios

Hardware-Aware Algorithm Designs for Efficient Parallel and Distributed Processing

The introduction and widespread adoption of the Internet of Things, together with emerging new industrial applications, bring new requirements in data processing. Specifically, the need for timely processing of data that arrives at high rates creates a challenge for the traditional cloud computing paradigm, where data collected at various sources is sent to the cloud for processing. As an approach to this challenge, processing algorithms and infrastructure are distributed from the cloud to multiple tiers of computing, closer to the sources of data. This creates a wide range of devices for algorithms to be deployed on and software designs to adapt to.In this thesis, we investigate how hardware-aware algorithm designs on a variety of platforms lead to algorithm implementations that efficiently utilize the underlying resources. We design, implement and evaluate new techniques for representative applications that involve the whole spectrum of devices, from resource-constrained sensors in the field, to highly parallel servers. At each tier of processing capability, we identify key architectural features that are relevant for applications and propose designs that make use of these features to achieve high-rate, timely and energy-efficient processing.In the first part of the thesis, we focus on high-end servers and utilize two main approaches to achieve high throughput processing: vectorization and thread parallelism. We employ vectorization for the case of pattern matching algorithms used in security applications. We show that re-thinking the design of algorithms to better utilize the resources available in the platforms they are deployed on, such as vector processing units, can bring significant speedups in processing throughout. We then show how thread-aware data distribution and proper inter-thread synchronization allow scalability, especially for the problem of high-rate network traffic monitoring. We design a parallelization scheme for sketch-based algorithms that summarize traffic information, which allows them to handle incoming data at high rates and be able to answer queries on that data efficiently, without overheads.In the second part of the thesis, we target the intermediate tier of computing devices and focus on the typical examples of hardware that is found there. We show how single-board computers with embedded accelerators can be used to handle the computationally heavy part of applications and showcase it specifically for pattern matching for security-related processing. We further identify key hardware features that affect the performance of pattern matching algorithms on such devices, present a co-evaluation framework to compare algorithms, and design a new algorithm that efficiently utilizes the hardware features.In the last part of the thesis, we shift the focus to the low-power, resource-constrained tier of processing devices. We target wireless sensor networks and study distributed data processing algorithms where the processing happens on the same devices that generate the data. Specifically, we focus on a continuous monitoring algorithm (geometric monitoring) that aims to minimize communication between nodes. By deploying that algorithm in action, under realistic environments, we demonstrate that the interplay between the network protocol and the application plays an important role in this layer of devices. Based on that observation, we co-design a continuous monitoring application with a modern network stack and augment it further with an in-network aggregation technique. In this way, we show that awareness of the underlying network stack is important to realize the full potential of the continuous monitoring algorithm.The techniques and solutions presented in this thesis contribute to better utilization of hardware characteristics, across a wide spectrum of platforms. We employ these techniques on problems that are representative examples of current and upcoming applications and contribute with an outlook of emerging possibilities that can build on the results of the thesis

Model-based fleet deployment in the IoT–edge–cloud continuum

With the increasing computing and networking capabilities, IoT devices and edge gateways have become part of a larger IoT–edge–cloud computing continuum, where processing and storage tasks are distributed across the whole network hierarchy, not concentrated only in the cloud. At the same time, this also introduced continuous delivery practices to the development of software components for network-connected gateways and sensing/actuating nodes. These devices are placed on end users’ premises and are characterized by continuously changing cyber-physical contexts, forcing software developers to maintain multiple application versions and frequently redeploy them on a distributed fleet of devices with respect to their current contexts. Doing this correctly and efficiently goes beyond manual capabilities and requires an intelligent and reliable automated solution. This paper describes a model-based approach to automatically assigning multiple software deployment plans to hundreds of edge gateways and connected IoT devices implemented in collaboration with a smart healthcare application provider. From a platform-specific model of an existing edge computing platform, we extract a platform-independent model that describes a list of target devices and a pool of available deployment plans. Next, we use constraint solving to automatically assign deployment plans to devices at once with respect to their specific contexts. The result is transformed back into the platform-specific model and includes a suitable deployment plan for each device, which is then consumed by our engine to deploy software components not only on edge gateways but also on their downstream IoT devices with constrained resources and connectivity. We validate the approach with a fleet deployment prototype integrated into a DevOps toolchain used by the partner application provider. Initial experiments demonstrate the viability of the approach and its usefulness in supporting DevOps for edge and IoT software development.publishedVersio