On-device Security and Privacy Mechanisms for Resource-limited Devices: A Bottom-up Approach

This doctoral dissertation introduces novel mechanisms to provide on-device security and privacy for resource-limited smart devices and their applications. These mechanisms aim to cover five fundamental contributions in the emerging Cyber-Physical Systems (CPS), Internet of Things (IoT), and Industrial IoT (IIoT) fields. First, we present a host-based fingerprinting solution for device identification that is complementary to other security services like device authentication and access control. Then, we design a kernel- and user-level detection framework that aims to discover compromised resource-limited devices based on behavioral analysis. Further we apply dynamic analysis of smart devices’ applications to uncover security and privacy risks in real-time. Then, we describe a solution to enable digital forensics analysis on data extracted from interconnected resource-limited devices that form a smart environment. Finally, we offer to researchers from industry and academia a collection of benchmark solutions for the evaluation of the discussed security mechanisms on different smart domains. For each contribution, this dissertation comprises specific novel tools and techniques that can be applied either independently or combined to enable a broader security services for the CPS, IoT, and IIoT domains

Extended Coverage for Public Safety and Critical Communications Using Multi-hop and D2D Communications

In this thesis, we proposed the use of device-to-device (D2D) communications for extending the coverage area of active base stations, for public safety communications with partial coverage. A 3GPP standard compliant D2D system level simulator is developed for HetNets and public safety scenarios and used to evaluate the performance of D2D discovery and communications underlying cellular networks. For D2D discovery, the benefits of time-domain inter-cell interference coordi- nation (ICIC) approaches by using almost blank subframes were evaluated. Also, the use of multi-hop is proposed to improve, even further, the performance of the D2D discovery process. Finally, the possibility of using multi-hop D2D communications for extending the coverage area of active base stations was evaluated. Improvements in energy and spectral efficiency, when compared with the case of direct UE-eNB communi- cations, were demonstrated. Moreover, UE power control techniques were applied to reduce the effects of interference from neighboring D2D links

Real-time Analysis of Privacy-(un)aware IoT Applications

Abstract: Users trust IoT apps to control and automate their smart devices. These apps necessarily have access to sensitive data to implement their functionality. However, users lack visibility into how their sensitive data is used, and often blindly trust the app developers. In this paper, we present IoTWATcH, a dynamic analysis tool that uncovers the privacy risks of IoT apps in real-time. We have designed and built IoTWATcH through a comprehensive IoT privacy survey addressing the privacy needs of users. IoTWATCH operates in four phases: (a) it provides users with an interface to specify their privacy preferences at app install time, (b) it adds extra logic to an app’s source code to collect both IoT data and their recipients at runtime, (c) it uses Natural Language Processing (NLP) techniques to construct a model that classifies IoT app data into intuitive privacy labels, and (d) it informs the users when their preferences do not match the privacy labels, exposing sensitive data leaks to users. We implemented and evaluated IoTWATcH on real IoT applications. Specifically, we analyzed 540 IoT apps to train the NLP model and evaluate its effectiveness. IoTWATcH yields an average 94.25% accuracy in classifying IoT app data into privacy labels with only 105 ms additional latency to an app’s execution