BLEND: Efficient and blended IoT data storage and communication with application layer security

Many IoT use cases demand both secure storage and secure communication. Resource-constrained devices cannot afford having one set of crypto protocols for storage and another for communication. Lightweight application layer security standards are being developed for IoT communication. Extending these protocols for secure storage can significantly reduce communication latency and local processing. We present BLEND, combining secure storage and communication by storing IoT data as pre-computed encrypted network packets. Unlike local methods, BLEND not only eliminates separate crypto for secure storage needs, but also eliminates a need for real-time crypto operations, reducing the communication latency significantly. Our evaluation shows that compared with a local solution, BLEND reduces send latency from 630 microseconds to 110 microseconds per packet. BLEND enables PKI based key management while being sufficiently lightweight for IoT. BLEND doesn't need modifications to communication standards used when extended for secure storage, and can therefore preserve underlying protocols' security guarantees.Comment: Accepted in IEEE CSR 2022. 10 pages, 7 figure

Towards Automated PKI Trust Transfer for IoT

IoT deployments grow in numbers and size and questions of long time support and maintainability become increasingly important. To prevent vendor lock-in, standard compliant capabilities to transfer control of IoT devices between service providers must be offered. We propose a lightweight protocol for transfer of control, and we show that the overhead for the involved IoT devices is small and the overall required manual overhead is minimal. We analyse the fulfilment of the security requirements to verify that the stipulated requirements are satisfied.Comment: Accepted at 2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA). 8 pages, 4 figure

Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services

Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings

Poster Abstract: Interconnecting Low-Power Wireless and Power-Line Communications using IPv6

Wireless sensor networks for building automation and energy management has made great progress in recent years, but the inherent indoor radio range limitations can make communication unpredictable and system deployments difficult. Low-power radio can be combined with low-power Power-Line Communication (PLC) to extend the range and predictability of indoor communication for building management and automation systems. We take the first steps towards exploring the system implications for integration of low-power wireless and PLC in the same network. We leverage IPv6, which allow networks to exist over multiple physical communication media as well as the RPL routing protocol for low-power lossy networks

Understanding the evolution of immune genes in jawed vertebrates

Driven by co-evolution with pathogens, host immunity continuously adapts to optimize defence against pathogens within a given environment. Recent advances in genetics, genomics and transcriptomics have enabled a more detailed investigation into how immunogenetic variation shapes the diversity of immune responses seen across domestic and wild animal species. However, a deeper understanding of the diverse molecular mechanisms that shape immunity within and among species is still needed to gain insight into-and generate evolutionary hypotheses on-the ultimate drivers of immunological differences. Here, we discuss current advances in our understanding of molecular evolution underpinning jawed vertebrate immunity. First, we introduce the immunome concept, a framework for characterizing genes involved in immune defence from a comparative perspective, then we outline how immune genes of interest can be identified. Second, we focus on how different selection modes are observed acting across groups of immune genes and propose hypotheses to explain these differences. We then provide an overview of the approaches used so far to study the evolutionary heterogeneity of immune genes on macro and microevolutionary scales. Finally, we discuss some of the current evidence as to how specific pathogens affect the evolution of different groups of immune genes. This review results from the collective discussion on the current key challenges in evolutionary immunology conducted at the ESEB 2021 Online Satellite Symposium: Molecular evolution of the vertebrate immune system, from the lab to natural populations

Public Key Infrastructure and its applications for resource-constrained IoT

The Internet of Things (IoT) is rapidly expanding and IoT devices are being deployed in security-critical scenarios, such as in critical infrastructure monitoring and within e-health, and privacy-sensitive applications in hospitals and homes. With this, questions of security and safety become paramount. The overall theme of the research presented here is to bridge some of the identified gaps in IoT security, with a particular focus on enabling Public Key Infrastructure (PKI) functionality for constrained IoT devices. The contributions of this dissertation are made through six research papers that address identified shortcomings and challenges. The focus is on protocols, mechanisms, and efficient encodings rather than specific cryptographic solutions. The work to improve the state-of-art regarding PKI for IoT includes enrollment, revocation and trust transfer. We design and implement integrated lightweight certificate enrollment solutions for IoT devices and new compact certificate formats. This brings the total communication costs of session establishment and enrollment operations down to feasible levels for constrained IoT devices. An improved design is made to benefit from application layer security, enabling end-to-end communication capable of proxy traversal. To handle revocation of trust, we propose and design lightweight certificate revocation. We show how significant performance improvements compared with existing solutions can be made without sacrificing functionality or compromising security. To address the long-time maintainability of IoT systems, we design a lightweight schema for trust transfer, which allows control of IoT deployments to shift between service providers in a highly automated manner. In addition to improving PKI functionality, we propose mechanisms for secure storage and updates, which complement and strengthen the overall IoT security landscape. We show that standard-based application-layer security mechanisms can be extended to enable secure storage and communication, reducing the memory required for cryptographic solutions and the latency when sending sensor data onto the network. In our last contribution, we propose a design for secure software updates. Based on the existing ACE framework, we use token-based access control to fulfil the need for both authentication and authorisation security services. We have been working with industry partners to share our work in the shape of new standards for a better potential for industrial impact. In summary, several new building blocks required to create, maintain and support secure PKIs capable of including constrained IoT devices are proposed, forming important steps towards making IoT devices first-class Internet citizens

PKI4IoT : Towards public key infrastructure for the Internet of Things

Public Key Infrastructure is the state-of-the-art credential management solution on the Internet. However, the millions of constrained devices that make of the Internet of Things currently lack a centralized, scalable system for managing keys and identities. Modern PKI is built on a set of protocols which were not designed for constrained environments, and as a result many small, battery-powered IoT devices lack the required computing resources. In this paper, we develop an automated certificate enrollment protocol light enough for highly constrained devices, which provides end-to-end security between certificate authorities (CA) and the recipient IoT devices. We also design a lightweight profile for X.509 digital certificates with CBOR encoding, called XIOT. Existing CAs can now issue traditional X.509 to IoT devices. These are converted to and from the XIOT format by edge devices on constrained networks. This procedure preserves the integrity of the original CA signature, so the edge device performing certificate conversion need not be trusted. We implement these protocols within the Contiki embedded operating system and evaluate their performance on an ARM Cortex-M3 platform. Our evaluation demonstrates reductions in energy expenditure and communication latency. The RAM and ROM required to implement these protocols are on par with the other lightweight protocols in Contiki’s network stack

Event-driven IPv6 Communication for the Smart Grid Infrastructure

Abstract—There is a common understanding that we need to use energy in smarter and more efficient ways. In order to achieve increased energy efficiency for households there is a need to adjust energy consumption based on the dynamic needs of the people living there, and the available energy and costs at a specific time. Involved energy devices, such as electricity, gas and water meters, need to have a certain amount of “smartness”; however without a common way to integrate them we risk ending up with a multitude of heterogeneous smart devices that need to be manually controlled one by one via device-specific interfaces and protocols. We believe that using IPv6 on every device is an important step towards creating a controllable and interoperable energy infrastructure. When every device can publish data and be directly addressed globally, real time monitoring and control becomes possible and more sophisticated as other parties can easily interact with it over Internet and integrate its functionality. Additionally the user is in control over which data to share, with whom and for what purpose (e.g. with the energy providers for billing), as well as which policy should be used when conditions change. In this demo we show how a Smart Home with an IPv6equipped electricity smart meter prototype can report meter readings to cloud hosted business services, which collect readings from a number of meters, and can detect deviations from expected usage. In case of unexpected power shortage or surplus, the tariff is accordingly adjusted and the smart meters are informed. In the case of a price increase, it is up to the user to either pay the higher price, or to reduce her consumption (automatically based on their predefined policy). Similarly for a price drop, the user can choose to execute energy-hungry tasks. By allowing a energy gateway to control not only electricity but also other devices in the household infrastructure such as heating, the energy management can be made more efficient. I