On Information-centric Resiliency and System-level Security in Constrained, Wireless Communication

The Internet of Things (IoT) interconnects many heterogeneous embedded devices either locally between each other, or globally with the Internet. These things are resource-constrained, e.g., powered by battery, and typically communicate via low-power and lossy wireless links. Communication needs to be secured and relies on crypto-operations that are often resource-intensive and in conflict with the device constraints. These challenging operational conditions on the cheapest hardware possible, the unreliable wireless transmission, and the need for protection against common threats of the inter-network, impose severe challenges to IoT networks. In this thesis, we advance the current state of the art in two dimensions. Part I assesses Information-centric networking (ICN) for the IoT, a network paradigm that promises enhanced reliability for data retrieval in constrained edge networks. ICN lacks a lower layer definition, which, however, is the key to enable device sleep cycles and exclusive wireless media access. This part of the thesis designs and evaluates an effective media access strategy for ICN to reduce the energy consumption and wireless interference on constrained IoT nodes. Part II examines the performance of hardware and software crypto-operations, executed on off-the-shelf IoT platforms. A novel system design enables the accessibility and auto-configuration of crypto-hardware through an operating system. One main focus is the generation of random numbers in the IoT. This part of the thesis further designs and evaluates Physical Unclonable Functions (PUFs) to provide novel randomness sources that generate highly unpredictable secrets, on low-cost devices that lack hardware-based security features. This thesis takes a practical view on the constrained IoT and is accompanied by real-world implementations and measurements. We contribute open source software, automation tools, a simulator, and reproducible measurement results from real IoT deployments using off-the-shelf hardware. The large-scale experiments in an open access testbed provide a direct starting point for future research

HoPP: Robust and Resilient Publish-Subscribe for an Information-Centric Internet of Things

This paper revisits NDN deployment in the IoT with a special focus on the interaction of sensors and actuators. Such scenarios require high responsiveness and limited control state at the constrained nodes. We argue that the NDN request-response pattern which prevents data push is vital for IoT networks. We contribute HoP-and-Pull (HoPP), a robust publish-subscribe scheme for typical IoT scenarios that targets IoT networks consisting of hundreds of resource constrained devices at intermittent connectivity. Our approach limits the FIB tables to a minimum and naturally supports mobility, temporary network partitioning, data aggregation and near real-time reactivity. We experimentally evaluate the protocol in a real-world deployment using the IoT-Lab testbed with varying numbers of constrained devices, each wirelessly interconnected via IEEE 802.15.4 LowPANs. Implementations are built on CCN-lite with RIOT and support experiments using various single- and multi-hop scenarios

PUF for the Commons: Enhancing Embedded Security on the OS Level

Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT that supports about 250 platforms. Our approach leverages uninitialized SRAM to act as the digital fingerprint for heterogeneous devices. We ground our design on an extensive study of PUF performance in the wild, which involves SRAM measurements on more than 700 IoT nodes that aged naturally in the real-world. We quantify static SRAM bias, as well as the aging effects of devices and incorporate the results in our system. This work closes a previously identified gap of missing statistically significant sample sizes for testing the unpredictability of PUFs. Our experiments on COTS devices of 64 kB SRAM indicate that secure random seeds derived from the SRAM PUF provide 256 Bits-, and device unique keys provide more than 128 Bits of security. In a practical security assessment we show that SRAM PUFs resist moderate attack scenarios, which greatly improves the security of low-end IoT devices.Comment: 18 pages, 12 figures, 3 table

A Guideline on Pseudorandom Number Generation (PRNG) in the IoT

Random numbers are an essential input to many functions on the Internet of Things (IoT). Common use cases of randomness range from low-level packet transmission to advanced algorithms of artificial intelligence as well as security and trust, which heavily rely on unpredictable random sources. In the constrained IoT, though, unpredictable random sources are a challenging desire due to limited resources, deterministic real-time operations, and frequent lack of a user interface. In this paper, we revisit the generation of randomness from the perspective of an IoT operating system (OS) that needs to support general purpose or crypto-secure random numbers. We analyse the potential attack surface, derive common requirements, and discuss the potentials and shortcomings of current IoT OSs. A systematic evaluation of current IoT hardware components and popular software generators based on well-established test suits and on experiments for measuring performance give rise to a set of clear recommendations on how to build such a random subsystem and which generators to use.Comment: 43 pages, 11 figures, 11 table

Security for the Industrial IoT: The Case for Information-Centric Networking

Industrial production plants traditionally include sensors for monitoring or documenting processes, and actuators for enabling corrective actions in cases of misconfigurations, failures, or dangerous events. With the advent of the IoT, embedded controllers link these `things' to local networks that often are of low power wireless kind, and are interconnected via gateways to some cloud from the global Internet. Inter-networked sensors and actuators in the industrial IoT form a critical subsystem while frequently operating under harsh conditions. It is currently under debate how to approach inter-networking of critical industrial components in a safe and secure manner. In this paper, we analyze the potentials of ICN for providing a secure and robust networking solution for constrained controllers in industrial safety systems. We showcase hazardous gas sensing in widespread industrial environments, such as refineries, and compare with IP-based approaches such as CoAP and MQTT. Our findings indicate that the content-centric security model, as well as enhanced DoS resistance are important arguments for deploying Information Centric Networking in a safety-critical industrial IoT. Evaluation of the crypto efforts on the RIOT operating system for content security reveal its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201

Connecting the World of Embedded Mobiles: The RIOT Approach to Ubiquitous Networking for the Internet of Things

The Internet of Things (IoT) is rapidly evolving based on low-power compliant protocol standards that extend the Internet into the embedded world. Pioneering implementations have proven it is feasible to inter-network very constrained devices, but had to rely on peculiar cross-layered designs and offer a minimalistic set of features. In the long run, however, professional use and massive deployment of IoT devices require full-featured, cleanly composed, and flexible network stacks. This paper introduces the networking architecture that turns RIOT into a powerful IoT system, to enable low-power wireless scenarios. RIOT networking offers (i) a modular architecture with generic interfaces for plugging in drivers, protocols, or entire stacks, (ii) support for multiple heterogeneous interfaces and stacks that can concurrently operate, and (iii) GNRC, its cleanly layered, recursively composed default network stack. We contribute an in-depth analysis of the communication performance and resource efficiency of RIOT, both on a micro-benchmarking level as well as by comparing IoT communication across different platforms. Our findings show that, though it is based on significantly different design trade-offs, the networking subsystem of RIOT achieves a performance equivalent to that of Contiki and TinyOS, the two operating systems which pioneered IoT software platforms

Delay-Tolerant ICN and Its Application to LoRa

Connecting long-range wireless networks to the Internet imposes challenges due to vastly longer round-trip-times (RTTs). In this paper, we present an ICN protocol framework that enables robust and efficient delay-tolerant communication to edge networks. Our approach provides ICN-idiomatic communication between networks with vastly different RTTs. We applied this framework to LoRa, enabling end-to-end consumer-to-LoRa-producer interaction over an ICN-Internet and asynchronous data production in the LoRa edge. Instead of using LoRaWAN, we implemented an IEEE 802.15.4e DSME MAC layer on top of the LoRa PHY and ICN protocol mechanisms in RIOT OS. Executed on off-the-shelf IoT hardware, we provide a comparative evaluation for basic NDN-style ICN [60], RICE [31]-like pulling, and reflexive forwarding [46]. This is the first practical evaluation of ICN over LoRa using a reliable MAC. Our results show that periodic polling in NDN works inefficiently when facing long and differing RTTs. RICE reduces polling overhead and exploits gateway knowledge, without violating ICN principles. Reflexive forwarding reflects sporadic data generation naturally. Combined with a local data push, it operates efficiently and enables lifetimes of >1 year for battery powered LoRa-ICN nodes.Comment: 12 pages, 7 figures, 2 table

Ageing Analysis of Embedded SRAM on a Large-Scale Testbed Using Machine Learning

Ageing detection and failure prediction are essential in many Internet of Things (IoT) deployments, which operate huge quantities of embedded devices unattended in the field for years. In this paper, we present a large-scale empirical analysis of natural SRAM wear-out using 154 boards from a general-purpose testbed. Starting from SRAM initialization bias, which each node can easily collect at startup, we apply various metrics for feature extraction and experiment with common machine learning methods to predict the age of operation for this node. Our findings indicate that even though ageing impacts are subtle, our indicators can well estimate usage times with an $R^2$ score of 0.77 and a mean error of 24% using regressors, and with an F1 score above 0.6 for classifiers applying a six-months resolution

Biodistribution, biocompatibility and targeted accumulation of magnetic nanoporous silica nanoparticles as drug carrier in orthopedics

Background: In orthopedics, the treatment of implant-associated infections represents a high challenge. Especially, potent antibacterial effects at implant surfaces can only be achieved by the use of high doses of antibiotics, and still often fail. Drug-loaded magnetic nanoparticles are very promising for local selective therapy, enabling lower systemic antibiotic doses and reducing adverse side effects. The idea of the following study was the local accumulation of such nanoparticles by an externally applied magnetic field combined with a magnetizable implant. The examination of the biodistribution of the nanoparticles, their effective accumulation at the implant and possible adverse side effects were the focus. In a BALB/c mouse model (n = 50) ferritic steel 1.4521 and Ti90Al6V4 (control) implants were inserted subcutaneously at the hindlimbs. Afterwards, magnetic nanoporous silica nanoparticles (MNPSNPs), modified with rhodamine B isothiocyanate and polyethylene glycol-silane (PEG), were administered intravenously. Directly/1/7/21/42 day(s) after subsequent application of a magnetic field gradient produced by an electromagnet, the nanoparticle biodistribution was evaluated by smear samples, histology and multiphoton microscopy of organs. Additionally, a pathohistological examination was performed. Accumulation on and around implants was evaluated by droplet samples and histology. Results: Clinical and histological examinations showed no MNPSNP-associated changes in mice at all investigated time points. Although PEGylated, MNPSNPs were mainly trapped in lung, liver, and spleen. Over time, they showed two distributional patterns: early significant drops in blood, lung, and kidney and slow decreases in liver and spleen. The accumulation of MNPSNPs on the magnetizable implant and in its area was very low with no significant differences towards the control. Conclusion: Despite massive nanoparticle capture by the mononuclear phagocyte system, no significant pathomorphological alterations were found in affected organs. This shows good biocompatibility of MNPSNPs after intravenous administration. The organ uptake led to insufficient availability of MNPSNPs in the implant region. For that reason, among others, the nanoparticles did not achieve targeted accumulation in the desired way, manifesting future research need. However, with different conditions and dimensions in humans and further modifications of the nanoparticles, this principle should enable reaching magnetizable implant surfaces at any time in any body region for a therapeutic reason. © 2020 The Author(s)

Increased accumulation of magnetic nanoparticles by magnetizable implant materials for the treatment of implant-associated complications

Background: In orthopaedic surgery, accumulation of agents such as anti-infectives in the bone as target tissue is difficult. The use of magnetic nanoparticles (MNPs) as carriers principally enables their accumulation via an externally applied magnetic field. Magnetizable implants are principally able to increase the strength of an externally applied magnetic field to reach also deep-seated parts in the body. Therefore, the integration of bone-addressed therapeutics in MNPs and their accumulation at a magnetic orthopaedic implant could improve the treatment of implant related infections. In this study a martensitic steel platelet as implant placeholder was used to examine its accumulation and retention capacity of MNPs in an in vitro experimental set up considering different experimental frame conditions as magnet quantity and distance to each other, implant thickness and flow velocity.Results: The magnetic field strength increased to approximately 112% when a martensitic stainless steel platelet was located between the magnet poles. Therewith a significantly higher amount of magnetic nanoparticles could be accumulated in the area of the platelet compared to the sole magnetic field. During flushing of the tube system mimicking the in vivo blood flow, the magnetized platelet was able to retain a higher amount of MNPs without an external magnetic field compared to the set up with no mounted platelet during flushing of the system. Generally, a higher flow velocity led to lower amounts of accumulated MNPs. A higher quantity of magnets and a lower distance between magnets led to a higher magnetic field strength. Albeit not significantly the magnetic field strength tended to increase with thicker platelets.Conclusion: A martensitic steel platelet significantly improved the attachment of magnetic nanoparticles in an in vitro flow system and therewith indicates the potential of magnetic implant materials in orthopaedic surgery. The use of a remanent magnetic implant material could improve the efficiency of capturing MNPs especially when the external magnetic field is turned off thus facilitating and prolonging the effect. In this way higher drug levels in the target area might be attained resulting in lower inconveniences for the patient