Data centric trust evaluation and prediction framework for IOT

© 2017 ITU. Application of trust principals in internet of things (IoT) has allowed to provide more trustworthy services among the corresponding stakeholders. The most common method of assessing trust in IoT applications is to estimate trust level of the end entities (entity-centric) relative to the trustor. In these systems, trust level of the data is assumed to be the same as the trust level of the data source. However, most of the IoT based systems are data centric and operate in dynamic environments, which need immediate actions without waiting for a trust report from end entities. We address this challenge by extending our previous proposals on trust establishment for entities based on their reputation, experience and knowledge, to trust estimation of data items [1-3]. First, we present a hybrid trust framework for evaluating both data trust and entity trust, which will be enhanced as a standardization for future data driven society. The modules including data trust metric extraction, data trust aggregation, evaluation and prediction are elaborated inside the proposed framework. Finally, a possible design model is described to implement the proposed ideas

Leveraging and Fusing Civil and Military Sensors to support Disaster Relief Operations in Smart Environments

Natural disasters occur unpredictably and can range in severity from something locally manageable to large scale events that require external intervention. In particular, when large scale disasters occur, they can cause widespread damage and overwhelm the ability of local governments and authorities to respond. In such situations, Civil-Military Cooperation (CIMIC) is essential for a rapid and robust Humanitarian Assistance and Disaster Relief (HADR) operation. These type of operations bring to bear the Command and Control (C2) and Logistics capabilities of the military to rapidly deploy assets to help with the disaster relief activities. Smart Cities and Smart Environments, embedded with IoT, introduce multiple sensing modalities that typically provide wide coverage over the deployed area. Given that the military does not own or control these assets, they are sometimes referred to as gray assets, which are not as trustworthy as blue assets, owned by the military. However, leveraging these gray assets can significantly improve the ability for the military to quickly obtain Situational Awareness (SA) about the disaster and optimize the planning of rescue operations and allocation of resources to achieve the best possible effects. Fusing the information from the civilian IoT sensors with the custom military sensors could help validate and improve trust in the information from the gray assets. The focus of this paper is to further examine this challenge of achieving Civil-Military cooperation for HADR operations by leveraging and fusing information from gray and blue assets

Trustworthy Wireless Personal Area Networks

In the Internet of Things (IoT), everyday objects are equipped with the ability to compute and communicate. These smart things have invaded the lives of everyday people, being constantly carried or worn on our bodies, and entering into our homes, our healthcare, and beyond. This has given rise to wireless networks of smart, connected, always-on, personal things that are constantly around us, and have unfettered access to our most personal data as well as all of the other devices that we own and encounter throughout our day. It should, therefore, come as no surprise that our personal devices and data are frequent targets of ever-present threats. Securing these devices and networks, however, is challenging. In this dissertation, we outline three critical problems in the context of Wireless Personal Area Networks (WPANs) and present our solutions to these problems. First, I present our Trusted I/O solution (BASTION-SGX) for protecting sensitive user data transferred between wirelessly connected (Bluetooth) devices. This work shows how in-transit data can be protected from privileged threats, such as a compromised OS, on commodity systems. I present insights into the Bluetooth architecture, Intel’s Software Guard Extensions (SGX), and how a Trusted I/O solution can be engineered on commodity devices equipped with SGX. Second, I present our work on AMULET and how we successfully built a wearable health hub that can run multiple health applications, provide strong security properties, and operate on a single charge for weeks or even months at a time. I present the design and evaluation of our highly efficient event-driven programming model, the design of our low-power operating system, and developer tools for profiling ultra-low-power applications at compile time. Third, I present a new approach (VIA) that helps devices at the center of WPANs (e.g., smartphones) to verify the authenticity of interactions with other devices. This work builds on past work in anomaly detection techniques and shows how these techniques can be applied to Bluetooth network traffic. Specifically, we show how to create normality models based on fine- and course-grained insights from network traffic, which can be used to verify the authenticity of future interactions

Attestation Mechanisms for Trusted Execution Environments Demystified

Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees the genuineness of the code executed against powerful attackers and threats, paving the way for adoption in several sensitive application domains. This paper reviews remote attestation principles and explains how the modern and industrially well-established trusted execution environments Intel SGX, Arm TrustZone and AMD SEV, as well as emerging RISC-V solutions, leverage these mechanisms.Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197. arXiv admin note: substantial text overlap with arXiv:2204.0679

Towards a secure service provisioning framework in a Smart city environment

© 2017 Elsevier B.V. Over the past few years the concept of Smart cities has emerged to transform urban areas into connected and well informed spaces. Services that make smart cities “smart” are curated by using data streams of smart cities i.e., inhabitants’ location information, digital engagement, transportation, environment and local government data. Accumulating and processing of these data streams raise security and privacy concerns at individual and community levels. Sizeable attempts have been made to ensure the security and privacy of inhabitants’ data. However, the security and privacy issues of smart cities are not only confined to inhabitants; service providers and local governments have their own reservations — service provider trust, reliability of the sensed data, and data ownership, to name a few. In this research we identified a comprehensive list of stakeholders and modelled their involvement in smart cities by using the Onion Model approach. Based on the model we present a security and privacy-aware framework for service provisioning in smart cities, namely the ‘Smart Secure Service Provisioning’ (SSServProv) Framework. Unlike previous attempts, our framework provides end-to-end security and privacy features for trustable data acquisition, transmission, processing and legitimate service provisioning. The proposed framework ensures inhabitants’ privacy, and also guarantees integrity of services. It also ensures that public data is never misused by malicious service providers. To demonstrate the efficacy of SSServProv we developed and tested core functionalities of authentication, authorisation and lightweight secure communication protocol for data acquisition and service provisioning. For various smart cities service provisioning scenarios we verified these protocols by an automated security verification tool called Scyther