Lightweight authentication and key management of wireless sensor networks for Internet of things

Abstract The concept of the Internet of Things (IoT) is driven by advancements of the Internet with the interconnection of heterogeneous smart objects using different networking and communication technologies. Among many underlying networking technologies for the IoT, Wireless Sensor Network (WSN) technology has become an integral building block. IoT enabled sensor networks provide a wide range of application areas such as smart homes, connected healthcare, smart cities and various solutions for the manufacturing industry. The integration of WSNs in IoT will also create new security challenges for establishing secure channels between low power sensor nodes and Internet hosts. This will lead to many challenges in designing new key establishment and authentication protocols and redefining the existing ones. This dissertation addresses how to integrate lightweight key management and authentication solutions in the resource constrained sensor networks deployed in IoT domains. Firstly, this thesis elaborates how to exploit the implicit certificates to initiate secure End-to-End (E2E) communication channels between the resource constrained sensor nodes in IoT networks. Implicit certificates are used for authentication and key establishment purposes. The compliance of the security schemes is proven through performance evaluations and by discussing the security properties. Secondly, this dissertation presents the design of two lightweight group key establishment protocols for securing group communications between resource-constrained IoT devices. Finally, the thesis explores promising approaches on how to tailor the existing security protocols in accordance with IoT device and network characteristics. In particular, variants of Host Identity Protocol (HIP) are adopted for constructing dynamic and secure E2E connections between the heterogeneous network devices with imbalanced resource profiles and less or no previous knowledge about each other. A solutions called Collaborative HIP (CHIP) is proposed with an efficient key establishment component for the high resource-constrained devices on the IoT. The applicability of the keying mechanism is demonstrated with the implementation and the performance measurements results.Tiivistelmä Esineiden internet (IoT) on viime aikoina yleistynyt konsepti älykkäiden objektien (smart objects) liittämiseksi internetiin käyttämällä erilaisia verkko- ja kommunikaatioteknologioita. Olennaisimpia esineiden internetin pohjalla toimivia teknologioita ovat langattomat sensoriverkot (WSN), jotka ovat esineiden internetin perusrakennuspalikoita. Esineiden internetiin kytketyt langattomat sensoriverkot mahdollistavat laajan joukon erilaisia sovelluksia, kuten älykodit, etäterveydenhuollon, älykkäät kaupungit sekä älykkäät teollisuuden sovellukset. Langattomien sensoriverkkojen ja esineiden internetin yhdistäminen tuo mukanaan myös tietoturvaan liittyviä haasteita, sillä laskentateholtaan yleensä heikot anturit ja toimilaitteet eivät kykene kovin vaativiin tietoturvaoperaatioihin, joihin lukeutuvat mm. tietoturva-avaimen muodostus ja käyttäjäntunnistus. Tässä väitöskirjassa pyritään vastaamaan haasteeseen käyttämällä kevyitä avaimenmuodostus- ja käyttäjäntunnistusratkaisuja esineiden internetiin kytketyissä resurssirajoitetuissa sensoriverkoissa. Väitöstutkimuksessa keskitytään aluksi implisiittisten sertifikaattien käyttöön tietoturvallisten end-to-end-kommunikaatiokanavien alustamisessa resurssirajoitettujen sensori- ja muiden IoT-laitteiden välillä. Implisiittisiä sertifikaatteja käytetään käyttäjäntunnistuksessa sekä avaimenmuodostuksessa. Kehitettyjen ratkaisujen soveltuvuus tarkoitukseen osoitetaan suorituskykymittauksilla sekä vertaamalla niiden tietoturvaomi- naisuuksia. Seuraavaksi väitöskirjassa esitellään kaksi kevyttä ryhmäavaimenmuodostus- protokollaa tietoturvalliseen ryhmäkommunikaatioon resurssirajoitettujen IoT-laitteiden välillä. Lopuksi väitöskirjassa tarkastellaan lupaavia lähestymistapoja olemassa olevien tietoturvaprotokollien räätäläintiin IoT-laitteiden ja -verkkojen ominaisuuksille sopiviksi. Erityistä huomiota kiinnitetään Host Identity -protokollan (HIP) eri versioiden käyttöön dynaamisten ja tietoturvallisten end-to-end-yhteyksien luomiseen toisilleen ennestään tuntemattomien erityyppisten IoT-laitteiden välillä, joiden laitteistoresurssiprofiilit voivat olla hyvin erilaiset. Väitöskirjan keskeinen tulos on väitöskirjatyössä kehitetty Colla- borative HIP (CHIP) -protokolla, joka on resurssitehokas avaimenmuodostusteknologia resurssirajoitetuille IoT-laitteille. Kehitetyn teknologian soveltuvuutta tarkoitukseensa demonstroidaan prototyyppitoteutuksella tehtyjen suorituskykymittausten avulla

Convergence of ICN and MEC for 5G:opportunities and challenges

Abstract Information-centric networking (ICN) builds on a content-centric network architecture to overcome the shortcomings of host-centric routing/operation and realize efficient pervasive and ubiquitous networking. Similarly, multi-access edge computing (MEC) is another key technology to fulfill the stringent requirements of 5G to offer anytime-anywhere connected services for massive numbers of devices with ultra-low delay and very large bandwidths. The amalgamation of the ICN paradigm with MEC opens up new opportunities as well some challenges to realize 5G vision and advance beyond 5G systems. The key motivation of this article is to discuss and elaborate the convergence of ICN and MEC for better future networks, and to identify the current standardization efforts. Moreover, the article renders the key use cases and identifies potential research directions with the coexistence of ICN and MEC

Energy consumption analysis of high quality multi-tier wireless multimedia sensor network

Abstract Video surveillance is one of the promising applications of the Internet of Things paradigm. We see heterogeneous deployment of sensor platforms in a multi-tier network architecture as a key enabler for energy optimization of battery powered high-quality video surveillance applications. In this paper, we propose a heterogeneous wireless multimedia sensor network (WMSN) prototype composed of constrained low-power scalar sensor nodes and single board computers (SBCs). Whereas constrained nodes are used for preliminary motion detection, more capable SBCs are used as camera nodes. The camera nodes stream full HD (1080 pixels) video to a remote laptop during occurrence of an event (when motion is detected). We also present a simple power model and simulation results of battery life of the motes for variable event interval and event duration

A survey on mobile augmented reality with 5G mobile edge computing:architectures, applications and technical aspects

Abstract The Augmented Reality (AR) technology enhances the human perception of the world by combining the real environment with the virtual space. With the explosive growth of powerful, less expensive mobile devices, and the emergence of sophisticated communication infrastructure, Mobile Augmented Reality (MAR) applications are gaining increased popularity. MAR allows users to run AR applications on mobile devices with greater mobility and at a lower cost. The emerging 5G communication technologies act as critical enablers for future MAR applications to achieve ultra-low latency and extremely high data rates while Multi-access Edge Computing (MEC) brings enhanced computational power closer to the users to complement MAR. This paper extensively discusses the landscape of MAR through the past and its future prospects with respect to the 5G systems and complementary technology MEC. The paper especially provides an informative analysis of the network formation of current and future MAR systems in terms of cloud, edge, localized, and hybrid architectural options. The paper discusses key application areas for MAR and their future with the advent of 5G technologies. The paper also discusses the requirements and limitations of MAR technical aspects such as communication, mobility management, energy management, service offloading and migration, security, and privacy and analyzes the role of 5G technologies

A comprehensive analysis on network slicing for smart hospital applications

Abstract Network slicing (NS) is technology that enables emerging smart applications and use cases in Fifth Generation (5G) and beyond networks. One such application is smart hospitals, which has diverse network requirements for applications ranging from Augmented Reality (AR) and robot assisted surgeries to connecting large numbers of medical wearables and sensors. NS can be performed in smart hospitals under different strategies based on dynamicity, ownership, and application. This paper investigates how these strategies can be utilized in different smart hospital applications. The performance of each slicing strategy in a hospital network is analyzed under three matrices: bandwidth utilization, handover count, and block count

Performance analysis of local 5G operator architectures for industrial Internet

Abstract 5G calls for a network architecture that ensures ultraresponsive and ultrareliable communication links, in addition to the high degree of flexibility and customization required by different vertical sectors. The novel concept called local 5G networks enables a versatile set of stakeholders to operate 5G networks within their premises with guaranteed quality and reliability to complement mobile network operators’ (MNOs) offerings. This article proposes a descriptive architecture for a local 5G operator which provides user specific and location-specific services in a spatially confined environment, i.e., industrial Internet environment. In addition to that, the article proposes hybrid architecture options where both the local 5G operator and MNO collaboratively contribute to establish the core network to cater to such communications. The architecture is discussed in terms of network functions (NFs) and the operational units which entail the core and radio access networks in a smart factory environment which supports Industry 4.0 standards. Moreover, to realize the conceptual design, the article provides simulation results for the latency measurements of the proposed architecture options with respect to an augmented reality (AR), massive wireless sensor networks, and mobile robots use cases. Thereby the article discusses the benefits of deploying core NFs locally to cater to specialized user requirements, rather than continuing with the conventional approach where only MNOs can deploy cellular networks

AI and 6G security:opportunities and challenges

Abstract While 5G is well-known for network cloudification with micro-service based architecture, the next generation networks or the 6G era is closely coupled with intelligent network orchestration and management. Hence, the role of Artificial Intelligence (AI) is immense in the envisioned 6G paradigm. However, the alliance between 6G and AI may also be a double-edged sword in many cases as AI’s applicability for protecting or infringing security and privacy. In particular, the end-to-end automation of future networks demands proactive threats discovery, application of mitigation intelligent techniques and making sure the achievement of self-sustaining networks in 6G. Therefore, to consolidate and solidify the role of AI in securing 6G networks, this article presents how AI can be leveraged in 6G security, possible challenges and solutions

Performance analysis of softwarized local mobile networks

Abstract The ever growing and revolutionizing demands in telecommunication industry to facilitate numerous business verticals are pushing towards more softwarized mobile communication technologies. Utilizing the capabilities of network softwarization, a novel telecommunication concept of local mobile network has been developed. The local mobile networks are getting popular due to their capability of providing efficient and reliable local services to a focused use case with higher flexibility. This paper presents the practical implementation aspects of a softwarized local mobile network and compare its performance with a conventional mobile network and a hybrid network

Robust and resilient federated learning for securing future networks

Abstract Machine Learning (ML) and Artificial Intelligence (AI) techniques are widely adopted in the telecommunication industry, especially to automate beyond 5G networks. Federated Learning (FL) recently emerged as a distributed ML approach that enables localized model training to keep data decentralized to ensure data privacy. In this paper, we identify the applicability of FL for securing future networks and its limitations due to the vulnerability to poisoning attacks. First, we investigate the shortcomings of state-of-the-art security algorithms for FL and perform an attack to circumvent FoolsGold algorithm, which is known as one of the most promising defense techniques currently available. The attack is launched with the addition of intelligent noise at the poisonous model updates. Then we propose a more sophisticated defense strategy, a threshold-based clustering mechanism to complement FoolsGold. Moreover, we provide a comprehensive analysis of the impact of the attack scenario and the performance of the defense mechanism

ESSMAR:edge supportive secure mobile augmented reality architecture for healthcare

Abstract The recent advances in mobile devices and wireless communication sector transformed Mobile Augmented Reality (MAR) from science fiction to reality. Among the other MAR use cases, the incorporation of this MAR technology in the healthcare sector can elevate the quality of diagnosis and treatment for the patients. However, due to the highly sensitive nature of the data available in this process, it is also highly vulnerable to all types of security threats. In this paper, an edge-based secure architecture is presented for a MAR healthcare application. Based on the ESSMAR architecture, a secure key management scheme is proposed for both the registration and authentication phases. Then the security of the proposed scheme is validated using formal and informal verification methods