Poster Abstract: Security Comes First, A Public-key Cryptography Framework for the Internet of Things

Abstract—Novel Internet services are emerging around an increasing number of sensors and actuators in our surroundings, commonly referred to as smart devices. Smart devices, which form the backbone of the Internet of Things (IoT), enable alternative forms of user experience by means of automation, convenience, and efficiency. At the same time new security and safety issues arise, given the Internet-connectivity and the interaction possibility of smart devices with human’s proximate living space. Hence, security is a fundamental requirement of the IoT design. In order to remain interoperable with the existing infrastructure, we postulate a security framework compatible to standard IP-based security solutions, yet optimized to meet the constraints of the IoT ecosystem. In this ongoing work, we first identify necessary components of an interoperable secure End-to-End communication while incorporating Public-key Cryptography (PKC). To this end, we tackle involved computational and communication overheads. The required components on the hardware side are the affordable hardware acceleration engines for cryptographic operations and on the software side header compression and long-lasting secure sessions. In future work, we focus on integration of these components into a framework and the evaluation of an early prototype of this framework. I

Droplet: Decentralized Authorization for IoT Data Streams

This paper presents Droplet, a decentralized data access control service, which operates without intermediate trust entities. Droplet enables data owners to securely and selectively share their encrypted data while guaranteeing data confidentiality against unauthorized parties. Droplet's contribution lies in coupling two key ideas: (i) a new cryptographically-enforced access control scheme for encrypted data streams that enables users to define fine-grained stream-specific access policies, and (ii) a decentralized authorization service that handles user-defined access policies. In this paper, we present Droplet's design, the reference implementation of Droplet, and experimental results of three case-study apps atop of Droplet: Fitbit activity tracker, Ava health tracker, and ECOviz smart meter dashboard

Towards Blockchain-based Auditable Storage and Sharing of IoT Data

International audienceToday the cloud plays a central role in storing, processing , and distributing data. Despite contributing to the rapid development of various applications, including the IoT, the current centralized storage architecture has led into a myriad of isolated data silos and is preventing the full potential of holistic data-driven analytics for IoT data. In this abstract, we advocate a data-centric design for IoT with focus on resilience, sharing, and auditable protection of information. We introduce the initial design of our blockchain-based end-to-end encrypted data storage system. We enable a secure and persistent data management, by utilizing the blockchain as an auditable access control layer to a decentralized storage layer

Evaluation of Yield and Growth of Dragon’s Head (Lallemantia iberica (M. Bieb.) Fisch. & C.A. Mey.) Intercropped with Purslane (Portulaca oleracea L.) Under the Application of Nitroxin Biofertilizer and Urea

Nowadays, application of intercropping and biofertilizers play an important role in sustainable agriculture. Thus, in order to evaluate the effect of application of chemical and biological fertilizers on purslane/dragon’s head intercropping, a factorial experiment was conducted on the basis of completely randomized block design with three replications at the Agricultural and Environmental Research station of Hamadan in 2015. The first factor had five levels, including purslane monoculture, dragon’s head monoculture, and purslane/dragon’s head intercropping with ratios of 100:25, 100:50, 100:75 (purslane:dragons’head, respectively). The second factor had four levels, including no application of fertilizers and application of nitrogenous chemical fertilizer (urea), nitroxin biofertilizer inoculation and combination of 50% urea + nitroxin inoculation. Results showed that intercropping increased relative chlorophyll of the both species. The highest seed yield of dragon’s head (172.80 g.m-2) was recorded in monocultured dragon’s head with the application of 50% urea + nitroxin inoculation. Fertilizers increased seed mucilage yield in dragon’s head. The highest mucilage yield (3.04 g.m-2) was also observed in 50% urea + nitroxin inoculation. Evaluation of relative yield total (RYT) and land equivalent ratio (LER) showed that intercropping of 50% dragons’ head + 100% purslane and 50% urea + nitroxin inoculation had more efficient compared to other treatments

Retaining Data Ownership in the Internet of Things

As Internet of Things (IoT) systems further emerge, we face unprecedented security and privacy challenges, especially with regards to the collected data. This data typically consists of sensor readings, tagged with metadata. For scalability, ubiquitous access, and sharing possibilities, the data is most often stored in the cloud. Securing date while in transit and in particular when being stored in the cloud is of utmost importance, as the data can be used to infer privacy-sensitive information. Moreover, transparent and secure data sharing (e.g., sharing with friends or domain experts) is considered a key requirement for the practicality and success of typical IoT systems. In today’s cloud-centric designs, users have no choice but to trust centralized parties. The increased number of security and privacy incidents, such as system compromises or unauthorized trade with users data, show that this trust is not always justified. Despite varying levels of privacy-awareness among users of different age and geopolitical groups, and even societal shifts towards privacy pragmatism and indifference, the security and privacy threats do usually have far-reaching implications, demanding adequate mechanisms and measures to address them. In this dissertation, we investigate building secure IoT systems that protect data confidentiality and retain data ownership. We build secure systems that allow reducing the trust end-users are required to put into third parties within the IoT ecosystem, specifically towards the cloud storage and service providers. More importantly, we take a new approach on empowering the user with ownership and fine-grained access control for IoT data without sacrificing performance or security. In particular, we present three approaches to enabling a secure IoT ecosystem: (i) Talos: Talos is a system that stores IoT data securely in a cloud database while still allowing query processing over the encrypted data. Talos protects data even if the server is compromised. We enable this by encrypting IoT data with a set of cryptographic schemes such as order- preserving and partially homomorphic encryption. We tailor Talos to accommodate for the resource asymmetry of the IoT, particularly towards constrained IoT devices. We assess the feasibility of Talos on low-power devices with and without cryptographic hardware accelerators and quantify its overhead concerning energy consumption, computation time, and latency. With a thorough evaluation of our prototype implementation, we show that Talos is a practical system that can provide a high level of security with reasonable overhead. (ii) Pilatus: Storage of data on cloud services naturally facilitates data sharing with third-party services and other users, but bears privacy risks. We present Pilatus, a data protection platform that extends Talos where the cloud stores only encrypted data, yet is still able to process a defined set of database queries (e.g., range or sum). Pilatus features a novel encrypted data sharing scheme based on re-encryption, with revocation capabilities and in situ key-update. Our solution includes a suite of novel techniques that enable efficient partially homomorphic encryption, decryption, and sharing. We present performance optimizations that render these cryptographic tools practical for mobile platforms. We implement a prototype of Pilatus and evaluate it thoroughly. Our optimizations achieve a performance gain within one order of magnitude compared to state-of-the-art realizations. (iii) Droplet: Droplet is a secure data management system that we designed from the ground up to accommodate for the distributed nature of the IoT and revive the IoT from the current vertical design paradigm. The consequent myriad of isolated data silos of classical vertical architectures is hard to manage and prevent heterogeneous applications from interacting with our IoT data. To address this challenge, we leverage the blockchain technology to bootstrap trust for a distributed, secure, and resilient access control and data management scheme. Droplet handles time series data, enables reliable sharing among heterogeneous applications without intermediate trust entities, and features a cryptographically-protected fine-grained and scalable access control mechanism to data streams. We leverage a hash-chain-based key management mechanism to enable interval sharing and compact key distribution. The built-in cryptocurrency feature of blockchains allows the integration of economic incentives into our system. These properties enable a variety of applications that are presently not easily realizable using existing systems. The systems proposed and discussed in this dissertation demonstrate that end-to-end encryption with secure sharing can be achieved in IoT ecosystems with a modest overhead, while maintaining a consistent user- experience

Marble: Making fully homomorphic encryption accessible to all

With the recent explosion of data breaches and data misuse cases, there is more demand than ever for secure system designs that fundamentally tackle today's data trust models. One promising alternative to today's trust model is true end-to-end encryption without however compromising user experience nor data utility. Fully homomorphic encryption (FHE) provides a powerful tool in empowering users with more control over their data, while still benefiting from computing services of remote services, though without trusting them with plaintext data. However, due to the complexity of fully homomorphic encryption, it has remained reserved exclusively for a small group of domain experts. With our system Marble, we make FHE accessible to the broader community of researchers and developers. Marble takes away the complexity of setup and configuration associated with FHE schemes. It provides a familiar programming environment. Marble allows rapid feasibility assessment and development of FHE-based applications. More importantly, Marble benchmarks the overall performance of an FHE-based application, as part of the feasibility assessment. With real-world application case-studies, we show the practicality of Marble

Poster Abstract: Low-Power Wireless Channel Quality Estimation in the Presence of RF Smog

Low-power wireless networks deployed in indoor environments inevitably encounter high-power Cross Technology Interference (CTI) from a wide range of wireless devices operating in the shared RF spectrum bands. This severely reduces the performance of such networks and possibly causes loss of connectivity, which affects their availability and drains their resources. In this work, to address the channel uncertainty, a consequence of CTI, we propose a novel channel metric that (i) harnesses the local knowledge of a node about the wireless channel to discern the presence of persistent high-power interferers, and (ii) assists the node in inferring its proximity to the dominant interference sources in the physical space. In order to motivate and validate the necessity of such a metric, we empirically characterize the impact of the interaction between high/low-power cross technology interferers and IEEE 802.15.4