Verifying and Monitoring IoTs Network Behavior using MUD Profiles

IoT devices are increasingly being implicated in cyber-attacks, raising community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously. This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies and track devices network behavior based on their MUD profile. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates the MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is to apply a formal semantic framework that not only validates a given MUD profile for consistency, but also checks its compatibility with a given organizational policy. We apply our framework to representative organizations and selected devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance testing. Finally, we show how operators can dynamically identify IoT devices using known MUD profiles and monitor their behavioral changes on their network.Comment: 17 pages, 17 figures. arXiv admin note: text overlap with arXiv:1804.0435

Assessing Code Authorship: The Case of the Linux Kernel

Code authorship is a key information in large-scale open source systems. Among others, it allows maintainers to assess division of work and identify key collaborators. Interestingly, open-source communities lack guidelines on how to manage authorship. This could be mitigated by setting to build an empirical body of knowledge on how authorship-related measures evolve in successful open-source communities. Towards that direction, we perform a case study on the Linux kernel. Our results show that: (a) only a small portion of developers (26 %) makes significant contributions to the code base; (b) the distribution of the number of files per author is highly skewed --- a small group of top authors (3 %) is responsible for hundreds of files, while most authors (75 %) are responsible for at most 11 files; (c) most authors (62 %) have a specialist profile; (d) authors with a high number of co-authorship connections tend to collaborate with others with less connections.Comment: Accepted at 13th International Conference on Open Source Systems (OSS). 12 page

Design and Implementation of CI/CD over LoRaWAN : Continuous Integration and Deployment in LoRaWAN Edge Computing Applications

The recent rise of IoT devices in commercial and industrial spaces has created a demand for energy-efficient and reliable communication solutions. Communication solutions used on IoT devices vary depending on the applications. Wireless Low Power Wide Area Network (LPWAN) technologies have proven benefits, including long-range, low power, and low-cost communication alternatives for IoT devices. These benefits come at the cost of limitations, such as lower data rates. At the same time, the demand for faster, cheaper, and more reliable software deployment is becoming more critical than ever before. This thesis aims to find a way of having an automated process where software could be remotely deployed into LoRa nodes and investigate whether it is possible to implement a DevOps pipeline with both Continuous Integration (CI) and Continuous Deployment (CD) over LoRaWAN. For this thesis, an IoT LoRaWAN Edge computing application was chosen to determine how to design and implement a CI/CD pipeline to ensure a dependable and a continuous software deployment to the LoRaWAN nodes. Designing and implementing a Continuous Deployment pipeline for this IoT application was made possible with the integration of DevOps tools like GitHub and a TeamCity automation server. Additionally, a series of scripts have been designed and developed for this case, including automated tests, integration to cloud services, and file fragmentation and defragmentation tools. For software deployment and verification to the LoRaWAN network, a program was designed to communicate with the LoRaWAN network server over the WebSocket communication protocol. The implementation of DevOps in LoRaWAN applications is affected by the limitations of the LoRaWAN protocol. This thesis argues that these limitations can be eliminated using modular software and file fragmentation techniques. The implementation presented in this work can be extended for various time-critical use cases. The solution presented in this thesis also opens the door to combining LoRaWAN with other LPWAN technologies, like NB-IoT, that can be activated on demand

Firmware de seleção de célula para redes 5G não-terrestres

The integration of satellite technology in 5G will enable networks to become more ubiquitous and reliable, extending coverage to previously underserved areas and making the network more resilient to natural catastrophes. The nonterrestrial networks (NTN) are expected to co-exist with the current terrestrial infrastructures, sharing much of the same requirements. This in turn will allow the User Equipment to connect to both, opening up new use cases and possibilities. The intent of this dissertation is to design a firmware that prepares these devices to take advantage of this new paradigm. This firmware implements an extended, radio access and backhaul-aware cell selection scheme, that chooses either to connect to terrestrial or non-terrestrial cells. The selection is based on metrics, such as, the latency and packet loss of the link, in addition to the traditional signal strength indicators. Testing the solution required deploying an end-to-end 5G network which includes not only a gNodeB (gNB) capable of simulating the propagation delay induced by long distances but also a terrestrial node. This deployment uses the OpenAirInterface (OAI) 5G software stack. With the use of this testbench, the implemented firmware was tested against key network degradation scenarios. These scenarios include, for example, the total failure of the terrestrial gNB and the steady increase of latency. The results show that this use of the firmware might help upkeep the quality of service for the User Equipment using it.A integração de tecnologias satélite nas redes 5G vai permitir que estas se tornem mais seguras e omnipresentes, estendendo a cobertura de forma a abranger áreas remotas e tornando estas redes mais resilientes contra catástrofes naturais. É expectado que as redes não-terrestres venham a coexistir com as atuais redes terrestres, partilhando os mesmos requisitos. Por sua vez isto vai permitir que os terminais se conectem a ambos, abrindo assim novas possibilidades e casos de uso. Com esta dissertação pretende-se projetar um firmware que prepare estes dispositivos para tomar partido deste novo paradigma. Este firmware funciona como uma versão estendida, ciente do backhaul, do esquema de cell selection, de forma a que este possa decidir entre conectar cells terrestres ou não terrestres. Esta decisão é informada por métricas como a latência e a perda de pacotes da ligação, além dos indicadores de força de sinal tradicionais. Para a validação desta solução foi necessário a instalação de uma rede 5G end-to-end que incluísse tanto um gNodeB (gNB) capaz de simular atraso de propagação induzido pelas longas distâncias, tal como um nó terrestre. Esta instalação usa o OpenAirInterface (OAI), uma implementação da stack 5G. Usando esta testbench, a implementação do firmware projetado foi testada face a cenários de degradação da rede. Estes incluem, por exemplo, a falha total do gNB terrestre ou um aumento crescente da latência. Os resultados obtidos mostram que o uso deste firmware poderá ajudar a manter a qualidade de serviço de um terminal que o utilize.Mestrado em Engenharia de Computadores e Telemátic

Wireless Link Quality Prediction in IoT Networks

International audienceThe knowledge of link quality in IoT networks will allow a more accurate selection of wireless links to build the routes used by data gathering. Therefore, the number of retransmissions on these links is decreased, leading to a shorter end-to-end latency, a better end-to-end reliability and a larger network lifetime. In this paper, we propose to predict link quality by means of machine learning techniques applied on two metrics: RSSI and PDR. The accuracy obtained by Logistic Regression, Linear Support Vector Machine, Support Vector Machine and Random Forest classifier is obtained on the traces of a real IoT network deployed at Grenoble

Detection Of VulnerabilitIies in 5G Femtocell Firmware Using Static Analysis Tools

The purpose of this study is to support fifth generation (5G) wireless network security by identifying vulnerabilities in 5G femtocell firmware. It addresses the problem of whether 5G femtocells are shipped to customers with firmware that contains vulnerabilities. This is a subproblem of supply chain security. The problem is significant because exploitation of latent vulnerabilities in the firmware of 5G network access points (such as femtocells) could compromise the security of network communications. This study employs a design science research methodology consisting of a quasi-experiment which applies static analysis tools to 5G femtocell firmware samples. It seeks to answer the research question “can security vulnerabilities in 5G femtocell firmware be detected by static analysis tools?”. The presence of vulnerabilities would imply that the firmware is insecure. This question directly supports the purpose of this research. The quasi-experiment applied four commercially available static analysis security tools to five 5G femtocell firmware samples harvested from used 5G equipment. The static analysis tools were able to identify several known CVEs in each firmware sample. To lessen the chances of reporting false positives, each CVE reported by the tools was assigned a “confidence rating” corresponding to the number of tools reporting the presence of that CVE. The study found several CVEs in each firmware sample with confidence ratings of 1.0 (i.e., every tool in the study had reported the presence of that CVE). Further, many of these CVEs were publicly documented prior to the deployment of the firmware into the field. Because of these findings, the study was able to answer the research question in the affirmative