Enhancing Trust in Devices and Transactions of the Internet of Things

With the rise of the Internet of Things (IoT), billions of smart embedded devices will interact frequently.These interactions will produce billions of transactions.With IoT, users can utilize their phones, home appliances, wearables, or any other wireless embedded device to conduct transactions.For example, a smart car and a parking lot can utilize their sensors to negotiate the fees of a parking spot.The success of IoT applications highly depends on the ability of wireless embedded devices to cope with a large number of transactions.However, these devices face significant constraints in terms of memory, computation, and energy capacity.With our work, we target the challenges of accurately recording IoT transactions from resource-constrained devices. We identify three domain-problems: a) malicious software modification, b) non-repudiation of IoT transactions, and c) inability of IoT transactions to include sensors readings and actuators.The motivation comes from two key factors.First, with Internet connectivity, IoT devices are exposed to cyber-attacks.Internet connectivity makes it possible for malicious users to find ways to connect and modify the software of a device.Second, we need to store transactions from IoT devices that are owned or operated by different stakeholders.The thesis includes three papers. In the first paper, we perform an empirical evaluation of Secure Boot on embedded devices.In the second paper, we propose IoTLogBlock, an architecture to record off-line transactions of IoT devices.In the third paper, we propose TinyEVM, an architecture to execute off-chain smart contracts on IoT devices with an ability to include sensor readings and actuators as part of IoT transactions

Self-Reliance for the Internet of Things: Blockchains and Deep Learning on Low-Power IoT Devices

The rise of the Internet of Things (IoT) has transformed common embedded devices from isolated objects to interconnected devices, allowing multiple applications for smart cities, smart logistics, and digital health, to name but a few. These Internet-enabled embedded devices have sensors and actuators interacting in the real world. The IoT interactions produce an enormous amount of data typically stored on cloud services due to the resource limitations of IoT devices. These limitations have made IoT applications highly dependent on cloud services. However, cloud services face several challenges, especially in terms of communication, energy, scalability, and transparency regarding their information storage. In this thesis, we study how to enable the next generation of IoT systems with transaction automation and machine learning capabilities with a reduced reliance on cloud communication. To achieve this, we look into architectures and algorithms for data provenance, automation, and machine learning that are conventionally running on powerful high-end devices. We redesign and tailor these architectures and algorithms to low-power IoT, balancing the computational, energy, and memory requirements.The thesis is divided into three parts:Part I presents an overview of the thesis and states four research questions addressed in later chapters.Part II investigates and demonstrates the feasibility of data provenance and transaction automation with blockchains and smart contracts on IoT devices.Part III investigates and demonstrates the feasibility of deep learning on low-power IoT devices.We provide experimental results for all high-level proposed architectures and methods. Our results show that algorithms of high-end cloud nodes can be tailored to IoT devices, and we quantify the main trade-offs in terms of memory, computation, and energy consumption

Performance of deep neural networks on low-power IoT devices

Advances in deep learning have revolutionized machine learning by solving complex tasks such as image, speech, and text recognition. However, training and inference of deep neural networks are resource-intensive. Recently, researchers made efforts to bring inference to IoT edge and sensor devices which have become the prime data sources nowadays. However, running deep neural networks on low-power IoT devices is challenging due to their resource-constraints in memory, compute power, and energy. This paper presents a benchmark to grasp these trade-offs by evaluating three representative deep learning frameworks: uTensor, TF-Lite-Micro, and CMSIS-NN. Our benchmark reveals significant differences and trade-offs for each framework and its tool-chain: (1) We find that uTensor is the most straightforward framework to use, followed by TF-Micro, and then CMSIS-NN. (2) Our evaluation shows large differences in energy, RAM, and Flash footprints. For example, in terms of energy, CMSIS-NN is the most efficient, followed by TF-Micro and then uTensor, each with a significant gap

MicroTL: Transfer Learning on Low-Power IoT Devices

Deep Neural Networks (DNNs) on IoT devices are becoming readily available for classification tasks using sensor data like images and audio. However, DNNs are trained using extensive computational resources such as GPUs on cloud services, and once being quantized and deployed on the IoT device remain unchanged. We argue in this paper, that this approach leads to three disadvantages. First, IoT devices are deployed in real-world scenarios where the initial problem may shift over time (e.g., to new or similar classes), but without re-training, DNNs cannot adapt to such changes. Second, IoT devices need to use energy-preserving communication with limited reliability and network bandwidth, which can delay or restrict the transmission of essential training sensor data to the cloud. Third, collecting and storing training sensor data in the cloud poses privacy concerns. A promising technique to mitigate these concerns is to utilize on-device Transfer Learning (TL). However, bringing TL to resource-constrained devices faces challenges and tradeoffs in computational, energy, and memory constraints, which this paper addresses. This paper introduces MicroTL, Transfer Learning (TL) on low-power IoT devices. MicroTL tailors TL to IoT devices without the communication requirement with the cloud. Notably, we found that the MicroTL takes 3x less energy and 2.8x less time than transmitting all data to train an entirely new model in the cloud, showing that it is more efficient to retrain parts of an existing neural network on the IoT device

IoTLogBlock: Recording Off-line Transactions of Low-Power IoT Devices Using a Blockchain

For any distributed system, and especially for the\ua0Internet of Things, recording interactions between devices is\ua0essential. At first glance, blockchains seem to be suitable for\ua0storing these interactions, as they allow multiple parties to share\ua0a distributed ledger. However, at a closer look, blockchains require heavy computations, large memory capacity, and alwayson communication to the cloud; these are three properties that\ua0are challenging for IoT devices with limited resources.In this paper, we present IoTLogBlock to address these challenges. IoTLogBlock connects resource-constrained IoT devices\ua0to the blockchain, and it consists of three building blocks jointly\ua0enabling recording transactions: a lightweight contract signing\ua0protocol, a blockchain network, and a smart contract. The\ua0contract signing protocol allows devices to interact locally to\ua0perform transactions, even if no communication to the cloud\ua0and the blockchain exists at that moment. At a later time, devices\ua0forward the stored transactions to the blockchain, where a smart\ua0contract ultimately verifies the transactions.We evaluate our design on low-power devices and quantify\ua0the performance in terms of memory, computation, and energy\ua0consumption. Our results show that a constrained device can\ua0create and sign a transaction within 3 s on average. Finally, we\ua0expose the devices to network scenarios with edge connections\ua0ranging from 10 s to over 2 h

TinyEVM: Off-Chain Smart Contracts on Low-Power IoT Devices

With the rise of the Internet of Things (IoT), billions of devices ranging from simple sensors to smart-phones will participate in billions of micropayments. However, current centralized solutions are unable to handle a massive number of micropayments from untrusted devices.Blockchains are promising technologies suitable for solving some of these challenges.Particularly, permissionless blockchains such as Ethereum and Bitcoin have drawn the attention of the research community.However, the increasingly large-scale deployments of blockchain reveal some of their scalability limitations. Prominent proposals to scale the payment system include off-chain protocols such as payment channels. However, the leading proposals assume powerful nodes with an always-on connection and frequent synchronization. These assumptions require in practice significant communication, memory, and computation capacity, whereas IoT devices face substantial constraints in these areas. Existing approaches also do not capture the logic and process of IoT, where applications need to process locally collected sensor data to allow for full use of IoT micro-payments.In this paper, we present TinyEVM, a novel system to generate and execute off-chain smart contracts based on sensor data.TinyEVM\u27s goal is to enable IoT devices to perform micro-payments and, at the same time, address the device constraints.We investigate the trade-offs of executing smart contracts on low-power IoT devices using TinyEVM.We test our system with 7,000 publicly verified smart contracts, where TinyEVM achieves to deploy 93 % of them without any modification.Finally, we evaluate the execution of off-chain smart contracts in terms of run-time performance, energy, and memory requirements on IoT devices.Notably, we find that low-power devices can deploy a smart contract in 215 ms on average, and they can complete an off-chain payment in 584 ms on average

Performance of Secure Boot in Embedded Systems

With the proliferation of the Internet of Things (IoT), the need to prioritize the overall system security is more imperative than ever. The IoT will profoundly change the established usage patterns of embedded systems, where devices traditionally operate in relative isolation.Internet connectivity brought by the IoT exposes such previously isolated internal device structures to cyber-attacks through the Internet, which opens new attack vectors and vulnerabilities. For example, a malicious user can modify the firmware or operating system by using a remote connection, aiming to deactivate standard defenses against malware. The criticality of applications, for example, in the Industrial IoT (IIoT) further underlines the need to ensure the integrity of the embedded software. One common approach to ensure system integrity is to verify the operating system and application software during the boot process. However, safety-critical IoT devices have constrained boot-up times, and home IoT devices should become available quickly after being turned on. Therefore, the boot-time can affect the usability of a device.This paper analyses performance trade-offs of secure boot for medium-scale embedded systems, such as Beaglebone and Raspberry Pi. We evaluate two secure boot techniques, one is only software-based, and the second is supported by a hardware-based cryptographic storage unit.For the software-based method, we show that secure boot merely increases the overall boot time by 4 %.Moreover, the additional cryptographic hardware storage increases the boot-up time by 36 %

Verified Boot in IoT Devices with Low Power Consumption

In this paper, we describe our ongoing research regarding the security of operating systems for IoT devices. We try to highlight energy consumption issues posed by security measures. We start by securing the device boot-up process to provide the necessary dependency towards a trustful operating system. Lastly, our focus is a holistic view of the security model, which combines security measures and energy consumption in IoT devices