DHP Framework: Digital Health Passports Using Blockchain - Use case on international tourism during the COVID-19 pandemic

In order to contain the COVID-19 pandemic, several countries enforced extended social distancing measures for several weeks, effectively pausing the majority of economic activities. In an effort to resume economic activity safely, several Digital Contact Tracing applications and protocols have been introduced with success. However, DCT is a reactive method, as it aims to break existing chains of disease transmission in a population. Therefore DCT is not suitable for proactively preventing the spread of a disease; an approach that relevant to certain use cases, such as international tourism, where individuals travel across borders. In this work, we first identify the limitations characterising DCT related to privacy issues, unwillingness of the public to use DCT mobile apps due to privacy concerns, lack of interoperability among different DCT applications and protocols, and the assumption that there is limited, local mobility in the population. We then discuss the concept of a Health Passport as a means of verifying that individuals are disease risk-free and how it could be used to resume the international tourism sector. Following, we present the DHP Framework that uses a private blockchain and Proof of Authority for issuing Digital Health Passports. The framework provides a distributed infrastructure supporting the issuance of DHPs by foreign health systems and their verification by relevant stakeholders, such as airline companies and border control authorities. We discuss the attributes of the system in terms of its usability and performance, security and privacy. Finally, we conclude by identifying future extensions of our work on formal security and privacy properties that need to be rigorously guaranteed via appropriate security protocols

Modelled testbeds: Visualizing and augmenting physical testbeds with virtual resources

Testbed facilities play a major role in the study and evolution of emerging technologies, such as those related to the Internet of Things. In this work we introduce the concept of modelled testbeds, which are 3D interactive representations of physical testbeds where the addition of virtual resources mimicking the physical ones is made possible thanks to back-end infrastructure. We present the architecture of the Syndesi testbed, deployed at the premises of University of Geneva, which was used for the prototype modelled testbed. We investigate several extrapolation techniques towards realistic value assignment for virtual sensor measurements. K-fold cross validation is performed in a dataset comprising of nearly 300’000 measurements of temperature, illuminance and humidity sensors collected from the physical sensors of the Syndesi testbed, in order to evaluate the accuracy of the methods. We obtain strong results including Mean Absolute Percentage Error (MAPE) levels below 7%

Addressing the Security Gap in IoT: Towards an IoT Cyber Range.

The paradigm of Internet of Things has now reached a maturity level where the pertinent research goal is the successful application of IoT technologies in systems of high technological readiness level. However, while basic aspects of IoT connectivity and networking have been well studied and adequately addressed, this has not been the case for cyber security aspects of IoT. This is nicely demonstrated by the number of IoT testbeds focusing on networking aspects and the lack of IoT testbeds focusing on security aspects. Towards addressing the existing and growing skills-shortage in IoT cyber security, we present an IoT Cyber Range (IoT-CR); an IoT testbed designed for research and training in IoT security. The IoT-CR allows the user to specify and work on customisable IoT networks, both virtual and physical, and supports the concurrent execution of multiple scenarios in a scalable way following a modular architecture. We first provide an overview of existing, state of the art IoT testbeds and cyber security related initiatives. We then present the design and architecture of the IoT Cyber Range, also detailing the corresponding RESTful APIs that help de-associate the IoT-CR tiers and obfuscate underlying complexities. The design is focused around the end-user and is based on the four design principles for Cyber Range development discussed in the introduction. Finally, we demonstrate the use of the facility via a red/blue team scenario involving a variant of man-in-the-middle attack using IoT devices. Future work includes the use of the IoT-CR by cohorts of trainees in order to evaluate the effectiveness of specific scenarios in acquiring IoT-related cyber-security knowledge and skills, as well as the IoT-CR integration with a pan-European cyber-security competence network

Efficient Intrusion Detection in P2P IoT Networks

We study efficient and lightweight Intrusion Detection Systems for Ad-Hoc networks via the prism of IPv6- enabled Wireless Sensor Networks. These networks consist of highly constrained devices organised in mesh networks following ad-hoc architectures, and as such carry specific characteristics that are not efficiently addressed by current state-of-the-art. In this work we first identify a trade-off between the communication and energy overhead of an IDS (as captured by the number of active IDS agents in the network) and the performance of the system in terms of successfully identifying attacks. In order to fine tune this trade-off, we first model such networks with the use of Random Geometric Graphs as this is a rigorous approach that allows us to capture underlying structural properties of the network. We then introduce a novel architectural approach for IDS by having only a subset of the nodes acting as IDS agents. These nodes are able to efficiently detect attacks at the networking layer in a collaborative manner by monitoring locally available network information provided by IoT routing protocols such as RPL. Our detailed experimental evaluation demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates

Improving sensor network performance with wireless energy transfer

Through recent technology advances in the field of wireless energy transmission Wireless Rechargeable Sensor Networks have emerged. In this new paradigm for wireless sensor networks a mobile entity called mobile charger (MC) traverses the network and replenishes the dissipated energy of sensors. In this work we first provide a formal definition of the charging dispatch decision problem and prove its computational hardness. We then investigate how to optimise the trade-offs of several critical aspects of the charging process such as: a) the trajectory of the charger; b) the different charging policies; c) the impact of the ratio of the energy the Mobile Charger may deliver to the sensors over the total available energy in the network. In the light of these optimisations, we then study the impact of the charging process to the network lifetime for three characteristic underlying routing protocols; a Greedy protocol, a clustering protocol and an energy balancing protocol. Finally, we propose a mobile charging protocol that locally adapts the circular trajectory of the MC to the energy dissipation rate of each sub-region of the network. We compare this protocol against several MC trajectories for all three routing families by a detailed experimental evaluation. The derived findings demonstrate significant performance gains, both with respect to the no charger case as well as the different charging alternatives; in particular, the performance improvements include the network lifetime, as well as connectivity, coverage and energy balance properties

An Architecture for Resilient Intrusion Detection in IoT Networks

We introduce a lightweight architecture of Intrusion Detection Systems (IDS) for ad-hoc IoT networks. Current state-of-the-art IDS have been designed based on assumptions holding from conventional computer networks, and therefore, do not properly address the nature of IoT networks. In this work, we first identify the correlation between the communication overheads and the placement of an IDS (as captured by proper placement of active IDS agents in the network). We model such networks as Random Geometric Graphs. We then introduce a novel IDS architectural approach by having only a minimum subset of the nodes acting as IDS agents. These nodes are able to monitor the network and detect attacks at the networking layer in a collaborative manner by monitoring 1-hop network information provided by routing protocols such as RPL. Conducted experiments show that our proposed IDS architecture is resilient and robust against frequent topology changes due to node failures. Our detailed experimental evaluation demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates

An Architecture for Blockchain over Edge-enabled IoT for Smart Circular Cities

Circular Economy is a novel economic model, where every ‘asset’ is not wasted but reused and upscaled. The Internet of Things-IoT paradigm can underpin the transition to a Circular Economy by enabling fine-grained and continuous asset tracking. However, there are issues related to security and privacy of IoT devices that generate and handle sensitive and personal data. The use of Blockchain technology provides an answer to this issue, however, its application raises issues related to the highly-constrained nature of these networks. In this paper, Edge Computing is presented as a solution to this issue, providing a way in which Blockchain and Edge Computing can be used together to address the constrained nature of IoT. Furthermore, we present the challenges that this combination poses and the opportunities that it brings. We propose an architecture that decreases the IoT devices requirements for memory capacity and increases the overall performance. We also discuss the architecture design and the challenges that it has, comparing it to the traditional Blockchain architecture as well as an Edge Computing architecture for Mobile Blockchain. The paper closes with a discussion and future extensions of our work are presented, as well

An Architecture for Resilient Intrusion Detection in Ad-hoc Networks

We study efficient and lightweight Intrusion Detection Systems (IDS) for ad-hoc networks via the prism of IPv6-enabled Wireless Sensor Actuator Networks. These networks consist of highly constrained devices able to communicate wirelessly in an ad-hoc fashion, thus following the architecture of ad-hoc networks. Current state-of-the-art (IDS) has been developed taking into consideration the architecture of conventional computer networks, and as such they do not efficiently address the paradigm of ad-hoc networks, that is highly relevant in emergent networks, such as the Internet of Things (IoT). In this context, the network properties of resilience and redundancy have not been studied yet. In this work, we firstly identify a trade-off between the communication overhead and energy consumption of an IDS (as captured by the number of active IDS agents in the network) and the performance of the system in terms of successfully identifying attacks. In order to fine tune this trade-off, we model such networks as Random Geometric Graphs; a rigorous approach that allows us to capture underlying structural properties of the network. We then introduce a novel IDS architectural approach that consists of a central IDS agent a set of distributed IDS agents deployed uniformly at random over the network area. These nodes are able to efficiently detect attacks at the networking layer in a collaborative manner by monitoring locally available network information provided by IoT routing protocols such as RPL. Our detailed experimental evaluation demonstrates significant performance gains in terms of communication overhead and energy consumption while maintaining high detection rates. We also show that the performance of our IDS in ad-hoc networks does not rely on the size of the network but on fundamental underling network properties, such as the network topology and the average degree of the nodes. Conducted experiments show that our proposed IDS architecture is resilient against frequent topology changes due to nodes failures

Threat Modelling of IoT Systems Using Distributed Ledger Technologies and IOTA

Internet of Things has emerged as a key techno-logical enabler for broader socio-technical and socio-economic paradigms, such as smart cities and Circular Economy. However, IoT systems are characterised by constraints and limitations which in order to be overcome they need to be deployed in conjunction and in synergy with other emerging ICT. Distributed Ledger Technologies (DLT) can help overcome challenges pertaining to data immutability, timeliness and security. However, the use of DLT does not satisfactorily mitigate security risks and vulnerabilities per se and currently cybersecurity aspects of IoT systems are addressed in a fragmented way. Furthermore, the conflict between the resource demanding Blockchains and the highly constrained nature of IoT devices hinders implementation efforts of corresponding systems. We consider networked systems that comprise both IoT and DLT technologies via the prism of Intelligent Transportation Systems (ITS). We elicit a three-tier threat model identifying attack vectors at the Device, the Network and the DLT layers. The identified attacks are then ranked by using the DREAD ranking scheme. The use of the threat model is demonstrated on a novel proof-of-concept IoT networked system implemented using the IOTA Tangle distributed ledger, where it helps to critically appraise the design of the system against the most critical attacks. Furthermore, the developed system is among the first in the literature to demonstrate the synergy of IoT and DLT on actual constrained embedded devices. The performance evaluation provides insights showing that such systems can be efficient and suitable for real-life deployment

ISUMS: Indoor Space Usage Monitoring System for Sustainable Built Environment Using LoRaWAN

In this work we investigate how IoT in conjunction with the data-driven Circular Economy (CE) model can contribute towards a more sustainable Built Environment (). We address longstanding challenges related to the distribution of resources and the multi-sectoral impact of the buildings sector. We first discuss recent developments in policy making that underpin the recently introduced Green Deal by the European Commission and the paradigm of Circular Economy. This motivates the development of ISUMS; an Indoor Space Usage Monitoring System. The system provides the facilities and the estates management teams of commercial and office buildings with an IoT-enabled system able to provide fine grained and timely data on occupancy rates of shared building spaces. This type of data can then be used to develop new or inform existing action plans towards increasing building sustainability. The development of the system comprises a) a Pre-Analysis Plan (PAP) for a smart campus use case at the Talbot Campus of Bournemouth University; b) a proof of concept IoT end-device that can be integrated in pieces of furniture for occupancy monitoring; and c) a measurements campaign for evaluating the use of LoRaWAN in indoor environments. ISUMS expands the notions of smart buildings and buildings management beyond interconnected actuators and towards adaptive space management with dynamic changes in the use requirements