Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures

Wireless Sensor Networks (WSNs) constitute one of the most promising third-millennium technologies and have wide range of applications in our surrounding environment. The reason behind the vast adoption of WSNs in various applications is that they have tremendously appealing features, e.g., low production cost, low installation cost, unattended network operation, autonomous and longtime operation. WSNs have started to merge with the Internet of Things (IoT) through the introduction of Internet access capability in sensor nodes and sensing ability in Internet-connected devices. Thereby, the IoT is providing access to huge amount of data, collected by the WSNs, over the Internet. Hence, the security of IoT should start with foremost securing WSNs ahead of the other components. However, owing to the absence of a physical line-of-defense, i.e., there is no dedicated infrastructure such as gateways to watch and observe the flowing information in the network, security of WSNs along with IoT is of a big concern to the scientific community. More specifically, for the application areas in which CIA (confidentiality, integrity, availability) has prime importance, WSNs and emerging IoT technology might constitute an open avenue for the attackers. Besides, recent integration and collaboration of WSNs with IoT will open new challenges and problems in terms of security. Hence, this would be a nightmare for the individuals using these systems as well as the security administrators who are managing those networks. Therefore, a detailed review of security attacks towards WSNs and IoT, along with the techniques for prevention, detection, and mitigation of those attacks are provided in this paper. In this text, attacks are categorized and treated into mainly two parts, most or all types of attacks towards WSNs and IoT are investigated under that umbrella: “Passive Attacks” and “Active Attacks”. Understanding these attacks and their associated defense mechanisms will help paving a secure path towards the proliferation and public acceptance of IoT technology

Differential Privacy for Industrial Internet of Things: Opportunities, Applications and Challenges

The development of Internet of Things (IoT) brings new changes to various fields. Particularly, industrial Internet of Things (IIoT) is promoting a new round of industrial revolution. With more applications of IIoT, privacy protection issues are emerging. Specially, some common algorithms in IIoT technology such as deep models strongly rely on data collection, which leads to the risk of privacy disclosure. Recently, differential privacy has been used to protect user-terminal privacy in IIoT, so it is necessary to make in-depth research on this topic. In this paper, we conduct a comprehensive survey on the opportunities, applications and challenges of differential privacy in IIoT. We firstly review related papers on IIoT and privacy protection, respectively. Then we focus on the metrics of industrial data privacy, and analyze the contradiction between data utilization for deep models and individual privacy protection. Several valuable problems are summarized and new research ideas are put forward. In conclusion, this survey is dedicated to complete comprehensive summary and lay foundation for the follow-up researches on industrial differential privacy

Cryptographic security mechanism of the next generation digital tachograph system

JRC is in the process of evaluating the impact of update of the cryptographic security mechanisms for the next generation Digital Tachograph. The purpose of this document is to give background information about the cryptographic security mechanisms and vulnerabilities regarding the security mechanisms of the current Digital Tachograph System along with suggestions for the next generation Digital Tachograph security mechanisms. This document can be referred as an important reference to update the technical appendixes of the Tachograph regulation.JRC.G.7-Digital Citizen Securit

A mobile agent and message ferry mechanism based routing for delay tolerant network

Delay Tolerant Network (DTN) is a class of networks characterized by long delays, frequent disconnections and partitioning of communication paths between network nodes. Due to the frequent disconnection and network partitioning, the overall performance of the network will be deteriorated sharply. The problem is how to make the network fairly connected to optimize data routing and enhance the performance of a network. The aim of this study is to improve the performance of DTN by minimizing end-to-end delivery time and increasing message delivery ratio. Therefore, this research tackles the problem of intermittent connectivity and network partitioning by introducing Agents and Ferry Mechanism based Routing (AFMR). The AFMR comprises of two stages by applying two schemes: mobile agents and ferry mechanism. The agents' scheme is proposed to deal with intermittent connectivity and network partitioning by collecting the basic information about network connection such as signal strength, nodes position in the network and distance to the destination nodes to minimize end-to-end delivery time. The second stage is to increase the message delivery ratio by moving the nodes towards the path with available network connectivity based on agents' feedback. The AFMR is evaluated through simulations and the results are compared with those of Epidemic, PRoPHET and Message Ferry (MF). The findings demonstrate that AFMR is superior to all three, with respect to the average end-to-end delivery time, message delivery ratio, network load and message drop ratio, which are regarded as extremely important metrics for the evaluation of DTN routing protocols. The AFMR achieves improved network performance in terms of end-to-end delivery time (56.3%); enhanced message delivery ratio (60.0%); mitigation of message drop (63.5%) and reduced network load (26.1 %). The contributions of this thesis are to enhance the performance of DTN by significantly overcoming the intermittent connectivity and network partitioning problems in the network

End-to-End Resilience Mechanisms for Network Transport Protocols

The universal reliance on and hence the need for resilience in network communications has been well established. Current transport protocols are designed to provide fixed mechanisms for error remediation (if any), using techniques such as ARQ, and offer little or no adaptability to underlying network conditions, or to different sets of application requirements. The ubiquitous TCP transport protocol makes too many assumptions about underlying layers to provide resilient end-to-end service in all network scenarios, especially those which include significant heterogeneity. Additionally the properties of reliability, performability, availability, dependability, and survivability are not explicitly addressed in the design, so there is no support for resilience. This dissertation presents considerations which must be taken in designing new resilience mechanisms for future transport protocols to meet service requirements in the face of various attacks and challenges. The primary mechanisms addressed include diverse end-to-end paths, and multi-mode operation for changing network conditions

Machine Learning for Unmanned Aerial System (UAS) Networking

Fueled by the advancement of 5G new radio (5G NR), rapid development has occurred in many fields. Compared with the conventional approaches, beamforming and network slicing enable 5G NR to have ten times decrease in latency, connection density, and experienced throughput than 4G long term evolution (4G LTE). These advantages pave the way for the evolution of Cyber-physical Systems (CPS) on a large scale. The reduction of consumption, the advancement of control engineering, and the simplification of Unmanned Aircraft System (UAS) enable the UAS networking deployment on a large scale to become feasible. The UAS networking can finish multiple complex missions simultaneously. However, the limitations of the conventional approaches are still a big challenge to make a trade-off between the massive management and efficient networking on a large scale. With 5G NR and machine learning, in this dissertation, my contributions can be summarized as the following: I proposed a novel Optimized Ad-hoc On-demand Distance Vector (OAODV) routing protocol to improve the throughput of Intra UAS networking. The novel routing protocol can reduce the system overhead and be efficient. To improve the security, I proposed a blockchain scheme to mitigate the malicious basestations for cellular connected UAS networking and a proof-of-traffic (PoT) to improve the efficiency of blockchain for UAS networking on a large scale. Inspired by the biological cell paradigm, I proposed the cell wall routing protocols for heterogeneous UAS networking. With 5G NR, the inter connections between UAS networking can strengthen the throughput and elasticity of UAS networking. With machine learning, the routing schedulings for intra- and inter- UAS networking can enhance the throughput of UAS networking on a large scale. The inter UAS networking can achieve the max-min throughput globally edge coloring. I leveraged the upper and lower bound to accelerate the optimization of edge coloring. This dissertation paves a way regarding UAS networking in the integration of CPS and machine learning. The UAS networking can achieve outstanding performance in a decentralized architecture. Concurrently, this dissertation gives insights into UAS networking on a large scale. These are fundamental to integrating UAS and National Aerial System (NAS), critical to aviation in the operated and unmanned fields. The dissertation provides novel approaches for the promotion of UAS networking on a large scale. The proposed approaches extend the state-of-the-art of UAS networking in a decentralized architecture. All the alterations can contribute to the establishment of UAS networking with CPS

A survey of evaluation platforms for ad hoc routing protocols: a resilience perspective

Routing protocols allow for the spontaneous formation of wireless multi-hop networks without dedicated infrastructure, also known as ad hoc networks. Despite significant technological advances, difficulties associated with the evaluation of ad hoc routing protocols under realistic conditions, still hamper their maturation and significant roll out in real world deployments. In particular, the resilience evaluation of ad hoc routing protocols is essential to determine their ability of keeping the routing service working despite the presence of changes, such as accidental faults or malicious ones (attacks). However, the resilience dimension is not always addressed by the evaluation platforms that are in charge of assessing these routing protocols. In this paper, we provide a survey covering current state-of-the-art evaluation platforms in the domain of ad hoc routing protocols paying special attention to the resilience dimension. The goal is threefold. First, we identify the most representative evaluation platforms and the routing protocols they have evaluated. Then, we analyse the experimental methodologies followed by such evaluation platforms. Finally, we create a taxonomy to characterise experimental properties of such evaluation platforms.This work is partially supported by the Spanish Project ARENES (TIN2012-38308-C02-01), the ANR French Project AMORES (ANR-11-INSE-010), and the Intel Doctoral Student Honour Programme 2012.Friginal López, J.; Andrés Martínez, DD.; Ruiz García, JC.; Martínez Raga, M. (2014). A survey of evaluation platforms for ad hoc routing protocols: a resilience perspective. Computer Networks. 75(A):395-413. https://doi.org/10.1016/j.comnet.2014.09.010S39541375

Air Traffic Management Blockchain Infrastructure for Security, Authentication, and Privacy

Current radar-based air traffic service providers may preserve privacy for military and corporate operations by procedurally preventing public release of selected flight plans, position, and state data. The FAA mandate for national adoption of Automatic Dependent Surveillance Broadcast (ADS-B) in 2020 does not include provisions for maintaining these same aircraft-privacy options, nor does it address the potential for spoofing, denial of service, and other well-documented risk factors. This paper presents an engineering prototype that embodies a design and method that may be applied to mitigate these ADS-B security issues. The design innovation is the use of an open source permissioned blockchain framework to enable aircraft privacy and anonymity while providing a secure and efficient method for communication with Air Traffic Services, Operations Support, or other authorized entities. This framework features certificate authority, smart contract support, and higher-bandwidth communication channels for private information that may be used for secure communication between any specific aircraft and any particular authorized member, sharing data in accordance with the terms specified in the form of smart contracts. The prototype demonstrates how this method can be economically and rapidly deployed in a scalable modular environment

Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks

A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays