A policy-based security framework for ad-hoc networks

Imperial Users onl

Personalized Ambience: An Integration of Learning Model and Intelligent Lighting Control

The number of households and offices adopting automation system is on the rise. Although devices and actuators can be controlled through wireless transmission, they are mostly static with preset schedules, or at different times it requires human intervention. This paper presents a smart ambience system that analyzes the user’s lighting habits, taking into account different environmental context variables and user needs in order to automatically learn about the user’s preferences and automate the room ambience dynamically. Context information is obtained from Yahoo Weather and environmental data pertaining to the room is collected via Cubesensors to study the user’s lighting habits. We employs a learning model known as the Reduced Error Prune Tree (REPTree) to analyze the users’ preferences, and subsequently predicts the preferred lighting condition to be actuated in real time through Philips Hue. The system is able to ensure the user’s comfort at all time by performing a closed feedback control loop which checks and maintains a suitable lighting ambience at optimal level

Towards secure end-to-end data aggregation in AMI through delayed-integrity-verification

The integrity and authenticity of the energy usage data in Advanced Metering Infrastructure (AMI) is crucial to ensure the correct energy load to facilitate generation, distribution and customer billing. Any malicious tampering to the data must be detected immediately. This paper introduces secure end-to-end data aggregation for AMI, a security protocol that allows the concentrators to securely aggregate the data collected from the smart meters, while enabling the utility back-end that receives the aggregated data to verify the integrity and data originality. Compromise of concentrators can be detected. The aggregated data is protected using Chameleon Signatures and then forwarded to the utility back-end for verification, accounting, and analysis. Using the Trapdoor Chameleon Hash Function, the smart meters can periodically send an evidence to the utility back-end, by computing an alternative message and a random value (m', r) such that m' consists of all previous energy usage measurements of the smart meter in a specified period of time. By verifying that the Chameleon Hash Value of (m', r) and that the energy usage matches those aggregated by the concentrators, the utility back-end is convinced of the integrity and authenticity of the data from the smart meters. Any data anomaly between smart meters and concentrators can be detected, thus indicating potential compromise of concentrators

ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability

Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to effi- ciently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/- client ticket. Unlike PKI certificates, SOC’s authentication time and handshake packet overhead stays constant regardless of each capability’s delegation hop distance from the root delegator. The paper compares SOC’s security bene- fits with Kerberos and the experimental results show SOC’s authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos

A Non-GPS Based Location Tracking of Public Buses using Bluetooth Proximity Beacons

Tracking of public bus location requires a GPS device to be installed, and many bus operators in developing countries do not have such a solution in place to provide an accurate estimation of bus arrival time (ETA). Without ETA information, it is very difficult for the general public to plan their journey effectively. This paper proposes an innovative IoT solution to track the location of buses without requiring the deployment of a GPS device. It uses Bluetooth Low Energy (BLE) proximity beacon to track the journey of a bus by deploying an Estimote location beacon on the bus. BLE detection devices (Raspberry Pi 3) are installed at selected bus stops along the bus route to detect the arrival of buses. Once detected, the location of the bus is submitted to a cloud server to compute the bus ETAs. A field trial is currently being conducted in Johor, Malaysia in collaboration with a local bus operator on one single bus route. Our test results showed that the detection of BLE beacons is very accurate and it is feasible to track the location of buses without using a GPS device in a cost effective way. A mobile app - myBusz has been developed as well to allow for passengers to check the bus ETA in real-time

A Lightweight Privacy-Preserved Spatial and Temporal Aggregation of Energy Data

Smart grid provides fine-grained real time energy consumption, and it is able to improve the efficiency of energy management. It enables the collection of energy consumption data from consumer and hence has raised serious privacy concerns. Energy consumption data, a form of personal information that reveals behavioral patterns can be used to identify electrical appliances being used by the user through the electricity load signature, thus making it possible to further reveal the residency pattern of a consumer’s household or appliances usage habit. This paper proposes to enhance the privacy of energy con- sumption data by enabling the utility to retrieve the aggregated spatial and temporal consumption without revealing individual energy consumption. We use a lightweight cryptographic mech- anism to mask the energy consumption data by adding random noises to each energy reading and use Paillier’s additive homo- morphic encryption to protect the noises. When summing up the masked energy consumption data for both Spatial and Temporal aggregation, the noises cancel out each other, hence resulting in either the total sum of energy consumed in a neighbourhood at a particular time, or the total sum of energy consumed by a household in a day. No third party is able to derive the energy consumption pattern of a household in real time. A proof-of- concept was implemented to demonstrate the feasibility of the system, and the results show that the system can be efficiently deployed on a low-cost computing platform

Secure Data Provenance in Home Energy Monitoring Networks

Smart grid empowers home owners to efficiently manage their smart home appliances within a Home Area Network (HAN), by real time monitoring and fine-grained control. However, it offers the possibility for a malicious user to intrude into the HAN and deceive the smart metering system with fraudulent energy usage report. While most of the existing works have focused on how to prevent data tampering in HAN's communication channel, this paper looks into a relatively less studied security aspect namely data provenance. We propose a novel solution based on Shamir's secret sharing and threshold cryptography to guarantee that the reported energy usage is collected from the specific appliance as claimed at a particular location, and that it reflects the real consumption of the energy. A byproduct of the proposed security solution is a guarantee of data integrity. A prototype implementation is presented to demonstrate the feasibility and practicality of the proposed solution

Deployment of Facial Recognition Models at the Edge: a Feasibility Study

Model training and inference in Artificial Intelligence (AI) applications are typically performed in the cloud. There is a paradigm shift in moving AI closer to the edge, allowing for IoT devices to perform AI function onboard without incurring network latency. With the exponential increase of edge devices and data generated, capabilities of cloud computing would eventually be limited by the bandwidth and latency of the network. To mitigate the potential risks posed by cloud computing, this paper discusses the feasibility of deploying inference onboard the device where data is being generated. A secure access management system using MobileNet facial recognition was implemented and the preliminary results showed that the deployment at the edge outperformed the cloud deployment in terms of overall response speed while maintaining the same recognition accuracy. Thus, management of the automated deployment of inference models at the edge is required

Autonomous Vehicle Ultrasonic Sensor Vulnerability and Impact Assessment

Vehicles today are relying more on technologies to bring about fully autonomous features. The conventional wirings within are being simplified into a network of electronic components, and this network is controlled via advanced sensing of the environment to make decisions in real-time. However, with the heavy reliance on the sensor readings, any inaccurate reading from the sensors could result in decisions that may cause life-threatening incidents. As such, this research focuses on the in-depth assessment of potential vulnerabilities of an important and commonly used obstacle sensing device, which is the ultrasonic sensor, in modern as well as autonomous vehicles. This research will help bring awareness to the car manufacturers and AV researchers so as to mitigate such issues

SEABASS: Symmetric-keychain Encryption and Authentication for Building Automation Systems

There is an increasing security risk in Building Automation Systems (BAS) in that its communication is unprotected, resulting in the adversary having the capability to inject spurious commands to the actuators to alter the behaviour of BAS. The communication between the Human-Machine-Interface (HMI) and the controller (PLC) is vulnerable as there is no secret key being used to protect the authenticity, confidentiality and integrity of the sensor data and commands. We propose SEABASS, a lightweight key management scheme to distribute and manage session keys between HMI and PLCs, providing a secure communication channel between any two communicating devices in BAS through a symmetric-key based hash-chain encryption and authentication of message exchange. Our scheme facilitates automatic renewal of session keys periodically based on the use of a reversed hash-chain. A prototype was implemented using the BACnet/IP communication protocol and the preliminary results show that the symmetric keychain approach is lightweight and incurs low latency