4,339 research outputs found
Verifying and Monitoring IoTs Network Behavior using MUD Profiles
IoT devices are increasingly being implicated in cyber-attacks, raising
community concern about the risks they pose to critical infrastructure,
corporations, and citizens. In order to reduce this risk, the IETF is pushing
IoT vendors to develop formal specifications of the intended purpose of their
IoT devices, in the form of a Manufacturer Usage Description (MUD), so that
their network behavior in any operating environment can be locked down and
verified rigorously. This paper aims to assist IoT manufacturers in developing
and verifying MUD profiles, while also helping adopters of these devices to
ensure they are compatible with their organizational policies and track devices
network behavior based on their MUD profile. Our first contribution is to
develop a tool that takes the traffic trace of an arbitrary IoT device as input
and automatically generates the MUD profile for it. We contribute our tool as
open source, apply it to 28 consumer IoT devices, and highlight insights and
challenges encountered in the process. Our second contribution is to apply a
formal semantic framework that not only validates a given MUD profile for
consistency, but also checks its compatibility with a given organizational
policy. We apply our framework to representative organizations and selected
devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance
testing. Finally, we show how operators can dynamically identify IoT devices
using known MUD profiles and monitor their behavioral changes on their network.Comment: 17 pages, 17 figures. arXiv admin note: text overlap with
arXiv:1804.0435
Assessing Code Authorship: The Case of the Linux Kernel
Code authorship is a key information in large-scale open source systems.
Among others, it allows maintainers to assess division of work and identify key
collaborators. Interestingly, open-source communities lack guidelines on how to
manage authorship. This could be mitigated by setting to build an empirical
body of knowledge on how authorship-related measures evolve in successful
open-source communities. Towards that direction, we perform a case study on the
Linux kernel. Our results show that: (a) only a small portion of developers (26
%) makes significant contributions to the code base; (b) the distribution of
the number of files per author is highly skewed --- a small group of top
authors (3 %) is responsible for hundreds of files, while most authors (75 %)
are responsible for at most 11 files; (c) most authors (62 %) have a specialist
profile; (d) authors with a high number of co-authorship connections tend to
collaborate with others with less connections.Comment: Accepted at 13th International Conference on Open Source Systems
(OSS). 12 page
Design and Implementation of CI/CD over LoRaWAN : Continuous Integration and Deployment in LoRaWAN Edge Computing Applications
The recent rise of IoT devices in commercial and industrial spaces has created a demand for energy-efficient and reliable communication solutions. Communication solutions used on IoT devices vary depending on the applications. Wireless Low Power Wide Area Network (LPWAN) technologies have proven benefits, including long-range, low power, and low-cost communication alternatives for IoT devices. These benefits come at the cost of limitations, such as lower data rates. At the same time, the demand for faster, cheaper, and more reliable software deployment is becoming more critical than ever before.
This thesis aims to find a way of having an automated process where software could be remotely deployed into LoRa nodes and investigate whether it is possible to implement a DevOps pipeline with both Continuous Integration (CI) and Continuous Deployment (CD) over LoRaWAN. For this thesis, an IoT LoRaWAN Edge computing application was chosen to determine how to design and implement a CI/CD pipeline to ensure a dependable and a continuous software deployment to the LoRaWAN nodes.
Designing and implementing a Continuous Deployment pipeline for this IoT application was made possible with the integration of DevOps tools like GitHub and a TeamCity automation server. Additionally, a series of scripts have been designed and developed for this case, including automated tests, integration to cloud services, and file fragmentation and defragmentation tools. For software deployment and verification to the LoRaWAN network, a program was designed to communicate with the LoRaWAN network server over the WebSocket communication protocol.
The implementation of DevOps in LoRaWAN applications is affected by the limitations of the LoRaWAN protocol. This thesis argues that these limitations can be eliminated using modular software and file fragmentation techniques. The implementation presented in this work can be extended for various time-critical use cases. The solution presented in this thesis also opens the door to combining LoRaWAN with other LPWAN technologies, like NB-IoT, that can be activated on demand
Firmware de seleção de célula para redes 5G não-terrestres
The integration of satellite technology in 5G will enable networks to become
more ubiquitous and reliable, extending coverage to previously underserved
areas and making the network more resilient to natural catastrophes. The nonterrestrial
networks (NTN) are expected to co-exist with the current terrestrial
infrastructures, sharing much of the same requirements. This in turn will allow
the User Equipment to connect to both, opening up new use cases and possibilities.
The intent of this dissertation is to design a firmware that prepares
these devices to take advantage of this new paradigm. This firmware implements
an extended, radio access and backhaul-aware cell selection scheme,
that chooses either to connect to terrestrial or non-terrestrial cells. The selection
is based on metrics, such as, the latency and packet loss of the link, in addition
to the traditional signal strength indicators. Testing the solution required
deploying an end-to-end 5G network which includes not only a gNodeB (gNB)
capable of simulating the propagation delay induced by long distances but
also a terrestrial node. This deployment uses the OpenAirInterface (OAI) 5G
software stack. With the use of this testbench, the implemented firmware was
tested against key network degradation scenarios. These scenarios include,
for example, the total failure of the terrestrial gNB and the steady increase of
latency. The results show that this use of the firmware might help upkeep the
quality of service for the User Equipment using it.A integração de tecnologias satélite nas redes 5G vai permitir que estas se
tornem mais seguras e omnipresentes, estendendo a cobertura de forma a
abranger áreas remotas e tornando estas redes mais resilientes contra catástrofes
naturais. É expectado que as redes não-terrestres venham a coexistir
com as atuais redes terrestres, partilhando os mesmos requisitos. Por sua
vez isto vai permitir que os terminais se conectem a ambos, abrindo assim
novas possibilidades e casos de uso. Com esta dissertação pretende-se projetar
um firmware que prepare estes dispositivos para tomar partido deste
novo paradigma. Este firmware funciona como uma versão estendida, ciente
do backhaul, do esquema de cell selection, de forma a que este possa decidir
entre conectar cells terrestres ou não terrestres. Esta decisão é informada
por métricas como a latência e a perda de pacotes da ligação, além dos indicadores
de força de sinal tradicionais. Para a validação desta solução foi
necessário a instalação de uma rede 5G end-to-end que incluísse tanto um
gNodeB (gNB) capaz de simular atraso de propagação induzido pelas longas
distâncias, tal como um nó terrestre. Esta instalação usa o OpenAirInterface
(OAI), uma implementação da stack 5G. Usando esta testbench, a implementação
do firmware projetado foi testada face a cenários de degradação da
rede. Estes incluem, por exemplo, a falha total do gNB terrestre ou um aumento
crescente da latência. Os resultados obtidos mostram que o uso deste
firmware poderá ajudar a manter a qualidade de serviço de um terminal que
o utilize.Mestrado em Engenharia de Computadores e Telemátic
Wireless Link Quality Prediction in IoT Networks
International audienceThe knowledge of link quality in IoT networks will allow a more accurate selection of wireless links to build the routes used by data gathering. Therefore, the number of retransmissions on these links is decreased, leading to a shorter end-to-end latency, a better end-to-end reliability and a larger network lifetime. In this paper, we propose to predict link quality by means of machine learning techniques applied on two metrics: RSSI and PDR. The accuracy obtained by Logistic Regression, Linear Support Vector Machine, Support Vector Machine and Random Forest classifier is obtained on the traces of a real IoT network deployed at Grenoble
Detection Of VulnerabilitIies in 5G Femtocell Firmware Using Static Analysis Tools
The purpose of this study is to support fifth generation (5G) wireless network security by identifying vulnerabilities in 5G femtocell firmware. It addresses the problem of whether 5G femtocells are shipped to customers with firmware that contains vulnerabilities. This is a subproblem of supply chain security. The problem is significant because exploitation of latent vulnerabilities in the firmware of 5G network access points (such as femtocells) could compromise the security of network communications.
This study employs a design science research methodology consisting of a quasi-experiment which applies static analysis tools to 5G femtocell firmware samples. It seeks to answer the research question “can security vulnerabilities in 5G femtocell firmware be detected
by static analysis tools?”. The presence of vulnerabilities would imply that the firmware is insecure. This question directly supports the purpose of this research.
The quasi-experiment applied four commercially available static analysis security tools to five 5G femtocell firmware samples harvested from used 5G equipment. The static analysis tools were able to identify several known CVEs in each firmware sample. To lessen the chances of reporting false positives, each CVE reported by the tools was assigned a “confidence rating” corresponding to the number of tools reporting the presence of that CVE. The study found several CVEs in each firmware sample with confidence ratings of 1.0 (i.e., every tool in the study had reported the presence of that CVE). Further, many of these CVEs were publicly documented prior to the deployment of the firmware into the field. Because of these findings, the study was able to answer the research question in the affirmative
- …