Privacy preservation in internet of things : a game theory based approach / Protection de la vie privée dans internet des objets : une approche basée théorie des jeux

Riahi Sfar, Arbia

16 November 2017

La question de sécurité a toujours constitué un défi pour les chercheurs dans le domaine des réseaux de communication. L’apparition de nouveaux paradigmes, applications et des technologies d’un côté ; l’ubiquité et l’hétérogénéité des entités communicantes d’un autre côté, ont induit des problèmes de sécurité très complexes. Les préjudices engendrés sur la vie privée des utilisateurs peuvent être irréparables. D’abord, nous avons proposé une approche systémique et cognitive permettant d’inclure les aspects de sécurité d’Internet des Objets (IdO) dans un cadre cohérent. Comparé à l’approche analytique, elle peut manquer de rigueur théorique, mais reste flexible et utilisable dans la prise de décision dans l’environnement ubiquitaire d’IdO. Ensuite, nous avons défini des questions liées aux menaces accidentelles ou intentionnelles, pouvant arriver en cas de compromission de données privées échangées. La caractérisation du problème a eu lieu en étudiant les concepts fondamentaux dans IdO et les travaux de recherche effectués dans le contexte de la sécurité. En examinant les différents travaux de recherche, nous avons constaté que plusieurs solutions classiques restent applicables de point de vue sécurité mais sont limitées par des contraintes d’énergie, de mémoire et de capacité de calcul. Pour y remédier, nous avons visé à construire une réponse pragmatique en utilisant la théorie des jeux. L’avantage de cette approche réside dans ses bases mathématiques et formelles solides permettant d’atteindre les meilleurs équilibres. Après, nous avons justifié analytiquement nos choix portant sur des éléments essentiels de notre système, leurs interactions et leurs objectifs. Nous avons utilisé un calcul probabiliste basé sur un processus Markovien. Dans notre approche, nous avons défini trois scénarios différents (e-santé, commerce et transport intelligent), deux acteurs principaux (DH : Data Holder, et DR : Data Requester), ayant des comportements de types différents (trusted-regular, trusted-curious, untrusted-curious et untrusted-malicious), et un ensemble de stratégies dépendant de quatre paramètres (moyens de communication, détection d’attaque, motivation financière, et concession sur les données privées). Enfin, nous avons montré l’existence d’un équilibre du jeu avec une valeur de motivation financière et un niveau de protection des données privées satisfaisants, et en calculant les probabilités correspondantes. Nous avons validé notre modèle en obtenant des résultats numériques conformes à ceux tirés du modèle théorique. / Security questions have always constituted a research challenge in the field of communication networks. The appearance of new paradigms, concepts, applications and technologies from one hand, and the ubiquity and the heterogeneity of the communicating entities from another hand, led to new complex problems of security. In some cases, the damages caused to the private life of every user can be irreparable. First, we propose a systemic and cognitive approach to include all Internet of Things (henceforth IoT) security aspects in a coherent framework. Compared to the analytic approach, our vision may lack theoretical rigor, but remains a flexible approach that may be required during decision making in ubiquitous environment. Next, we identify precise questions related to accidental or intentional threats, which may lead to private data breach during their exchange over networks. Then, we characterize the privacy problem by studying the fundamental concepts of IoT and the research activities related to security. By examining the related research work, it has been noticed that several classical solutions remain applicable but are limited by energy constraints, memory space, and calculation capacities. To overcome this problem, we propose a logical and controllable solution based on game theory approach. The advantage of this choice resides in its solid mathematical and formal basis. Then, we analytically explain the choice of the main system components, their interactions and their objectives. We used a probabilistic approach using a Markovian process, where we define three different application scenarios (e-health, trade and intelligent transport), two main actors (private data owner and requester) with different player’s types (trusted-regular, trusted-curious, untrusted-curious and untrusted-malicious), and a set of strategies depending on communication facilities, attack detection, incentive motivation and privacy concession. Finally, we evaluate the model by demonstrating the existence of an equilibrium solution with a satisfactory value of incentive motivation and data privacy concession, and by calculating the final state probabilities. We validate the proposed model through numerical results obtained from the theoretical model.

Chaînes de Markov

Protection de la vie privée

Internet of things

Privacy

Game theory

Markov chains

Internet of things security : towards a robust interaction of systems of systems / Sécurité d’internet des objets : vers une interaction robuste des systèmes de systèmes

Touati, Lyes

21 November 2016

Cette thèse traite des problèmes et des défis de sécurité dans l’Internet des Objets (IdO). L’évolution de l’Internet classique vers l’Internet des Objets crée de nombreux challenges dans la manière de sécuriser les communications et soulève des problèmes liés au contraintes de l’internet des objets à savoir : objets à faibles ressources d’énergie et de calculs, hétérogénéité nuisant à l’interopérabilité des objets, taille du réseau de plus en plus grande, ... etc. En effet, Internet s’est développé d’un réseau d’ordinateurs personnels et de serveurs vers un immense réseau connectant des milliards d’objets intelligents communicants. Ces objets seront intégrés dans des systèmes complexes et utiliseront des capteurs et actionneurs pour observer et interagir avec leur environnement physique. Les exigences des interactions entre objets communicants en termes de sécurité dépendent du contexte qui évolue dans l’espace et le temps. Par conséquent, la définition de la politique de sécurité doit être adaptative et sensible au contexte. Un des problèmes auxquels nous nous sommes intéressés est le contrôle d’accès efficace à base de cryptographie d’attributs : « Attributes Based Encryption (ABE) ». Les schémas ABE (CP-ABE et KP-ABE) présentent plusieurs atouts pour l’implémentation d’un contrôle d’accès cryptographique. Par contre, ces schémas posent des défis opérationnels à cause de leurs complexités et leur surcoût élevé en termes de temps d’exécution et consommation énergétique. Pour pallier cet inconvénient, nous avons exploité l’hétérogénéité d’environnement Internet des Objets pour proposer des versions collaboratives et distribuées de ces schémas de contrôle d’accès cryptographique. Nos solutions réduisent considérablement le coût en termes d’énergie nécessaire à l’exécution. Le deuxième inconvénient des schémas ABE est l’inexistence de mécanismes efficaces de gestion de clés. Nous avons proposé des solutions pour le problème de révocation d’attributs dans le schéma CP-ABE, Ces solutions, en plus de leur efficacité, répondent à des exigences de sécurité différentes selon le cas d’applications. Nous avons proposé également, une solution à base de CP-ABE pour le problème du « grouping proof ». Le « grouping proof » consiste à fournir une preuve sur la coexistence, dans le temps et l’espace, d’un ensemble d’objets. Parmi les applications de notre solution, on peut citer le payement NFC et la sécurisation de l’accès aux locaux sensibles. / In this thesis, we deal with security challenges in the Internet of Things. The evolution of the Internet toward an Internet of Things created new challenges relating to the way to secure communications given the new constraints of IoT, namely: resource constrained objects, heterogeneity of network components, the huge size of the network, etc. Indeed, the Internet evolved from a network of computers and servers toward a huge network connecting billions of smart communicating objects. These objects will be integrated into complex systems and use sensors and actuators to observe and interact with their physical environment. The security requirements of the interactions between smart objects depend on the context which evolves in time and space. Consequently, the definition of the security policies should be adaptive and context-aware. In this thesis, we were interested in the problem of access control in IoT relying on Attribute based Encryption (ABE). Indeed, ABE schemes present many advantages in implementing a cryptographic fine-grained access control. However, these schemes raise many implementation challenges because of their complexity and high computation and energy overheads. To overcome this challenge, we leveraged the heterogeneity of IoT to develop collaborative and distributed versions of ABE schemes. Our solutions reduce remarkably the overhead in terms of energy consumption and computation. The second limitation of ABE schemes is the absence of efficient attribute/key revocation techniques. We have proposed batch based mechanisms for attribute/key revocation in CP-ABE. We demonstrated the efficiency of the proposed solutions through simulations. Finally, we have proposed a CP-ABE based solution for the problem of grouping proof. This problem consists of providing the proof that a set of objects are present simultaneously (same time and same location). The propose solution has many applications such as enforcing the security of NFC based payments and the access to sensitive locations.

Gestion de clés

Contrôle d'accès cryptographique

Internet of things

Cryptography

Data protection

Data encryption

Smart Homes : Human interactions and IoT

Kamatsos, Paraskevas

January 2016

This thesis studies the phenomenon of human-system interaction in smart homes as a practice of Internet of Things. The research was conducted through interviews, workshops and observations and followed an interpretive research paradigm of phenomenologically-situated paradigm of HCI and a qualitative research approach. The theories of Phenomenology and Postphenomenology were used to interpret the experiences, beliefs and views of the participants. The empirical findings were processed and a thematic analysis was followed in order to identify the main themes that emerged out of the interviews, workshops and observations. The discussion of the findings showed that the research questions were answered to the grade that the participants of the research design, use and interact with smart homes in a multiple and complex way.

Human-System Interaction

Smart Homes

Internet of Things

Postphenomenology

Technological Mediation

Information Systems

Security concerns regarding connected embedded systems

Mårdsjö, Jon

January 2013

Embedded systems have been present in our daily lives for some time, but trends clearly show a rise in inter-connectivity in such devices. This presents promising new applications and possibilities, but also opens up a lot attack surface. Our goal in this thesis is to find out how you can develop such interconnected embedded systems in a way that guarantees the three major components of information security: Confidentialy, Integrity and Availability. The main focus of security is networked security. In this thesis, a dual approach is taken: investigate the development process of building secure systems, and perform such an implementation. The artifacts produced as byproducts, the software itself, deployment instructions and lessons learned are all presented. It is shown that the process used helps businesses find a somewhat deterministic approach to security, have a higher level of confidence, helps justify the costs that security work entails and helps in seeing security as a business decision. Embedded systems were also shown to present unforeseen obstacles, such as how the lack of a motherboard battery clashes with X.509. In the end, a discussion is made about how far the system can guarantee information security, what problems still exist and what could be done to mitigate them.

Embedded security

network security

risk management

untrusted domains

interconnected systems

Internet of Things (IoT).

Computer Engineering

Datorteknik

An Anomaly Behavior Analysis Methodology for the Internet of Things: Design, Analysis, and Evaluation

Pacheco Ramirez, Jesus Horacio, Pacheco Ramirez, Jesus Horacio

January 2017

Advances in mobile and pervasive computing, social network technologies and the exponential growth in Internet applications and services will lead to the development of the Internet of Things (IoT). The IoT services will be a key enabling technology to the development of smart infrastructures that will revolutionize the way we do business, manage critical services, and how we secure, protect, and entertain ourselves. Large-scale IoT applications, such as critical infrastructures (e.g., smart grid, smart transportation, smart buildings, etc.) are distributed systems, characterized by interdependence, cooperation, competition, and adaptation. The integration of IoT premises with sensors, actuators, and control devices allows smart infrastructures to achieve reliable and efficient operations, and to significantly reduce operational costs. However, with the use of IoT, we are experiencing grand challenges to secure and protect such advanced information services due to the significant increase in the attack surface. The interconnections between a growing number of devices expose the vulnerability of IoT applications to attackers. Even devices which are intended to operate in isolation are sometimes connected to the Internet due to careless configuration or to satisfy special needs (e.g., they need to be remotely managed). The security challenge consists of identifying accurately IoT devices, promptly detect vulnerabilities and exploitations of IoT devices, and stop or mitigate the impact of cyberattacks. An Intrusion Detection System (IDS) is in charge of monitoring the behavior of protected systems and is looking for malicious activities or policy violations in order to produce reports to a management station or even perform proactive countermeasures against the detected threat. Anomaly behavior detection is a technique that aims at creating models for the normal behavior of the network and detects any significant deviation from normal operations. With the ability to detect new and novel attacks, the anomaly detection is a promising IDS technique that is actively pursued by researchers. Since each IoT application has its own specification, it is hard to develop a single IDS which works properly for all IoT layers. A better approach is to design customized intrusion detection engines for different layers and then aggregate the analysis results from these engines. On the other hand, it would be cumbersome and takes a lot of effort and knowledge to manually extract the specification of each system. So it will be appropriate to formulate our methodology based on machine learning techniques which can be applied to produce efficient detection engines for different IoT applications. In this dissertation we aim at formalizing a general methodology to perform anomaly behavior analysis for IoT. We first introduce our IoT architecture for smart infrastructures that consists of four layers: end nodes (devices), communications, services, and application. Then we show our multilayer IoT security framework and IoT architecture that consists of five planes: function specification or model plane, attack surface plane, impact plane, mitigation plane, and priority plane. We then present a methodology to develop a general threat model in order to recognize the vulnerabilities in each layer and the possible countermeasures that can be deployed to mitigate their exploitation. In this scope, we show how to develop and deploy an anomaly behavior analysis based intrusion detection system (ABA-IDS) to detect anomalies that might be triggered by attacks against devices, protocols, information or services in our IoT framework. We have evaluated our approach by launching several cyberattacks (e.g. Sensor Impersonation, Replay, and Flooding attacks) against our testbeds developed at the University of Arizona Center for Cloud and Autonomic Computing. The results show that our approach can be used to deploy effective security mechanisms to protect the normal operations of smart infrastructures integrated to the IoT. Moreover, our approach can detect known and unknown attacks against IoT with high detection rate and low false alarms.

Abnormal Behavior Analysis

Autonomic Computing

Cybersecurity

Internet of Things

Security Framework

Threat Model

A Context Aware Anomaly Behavior Analysis Methodology for Building Automation Systems

Pan, Zhiwen, Pan, Zhiwen

January 2017

Advances in mobile and pervasive computing, electronics technology, and the exponential growth in Internet of Things (IoT) applications and services has led to Building Automation System (BAS) that enhanced the buildings we live by delivering more energy-saving, intelligent, comfortable, and better utilization. Through the use of integrated protocols, a BAS can interconnects a wide range of building assets so that the control and management of asset operations and their services can be performed in one protocol. Moreover, through the use of distributed computing and IP based communication, a BAS can implement remote monitor and control in adaptive and real-time manner. However, the use of IoT and distributed computing techniques in BAS are leading to challenges to secure and protect information and services due to the significant increase in the attack surface and the inherent vulnerabilities of BAS integrated protocols. Since there is no intrusion detection and prevention available for BAS network, proposing a reliable security mechanism which can monitor the behavior of BAS assets becomes a major design issue. Anomaly Based Intrusion Detection is a security mechanism that uses baseline model to describe the normal behaviors of a system, so that malicious behaviors occurred in a system can be detected by comparing the observed behavior to the baseline model. With its ability of detecting novel and new attacks, Anomaly based Behavior Analysis (ABA) has been actively pursued by researchers for designing Intrusion Detection Systems. Since the information acquired from a BAS system can be from a variety of sources (e.g. sensors, network protocols, temporal and spatial information), the traditional ABA methodology which merely focuses on analyzing the behavior of communication protocols will not be effective in protecting BAS networks. In this dissertation we aim at developing a general methodology named Context Aware Anomaly based Behavior Analysis (CAABA) which combines Context Awareness technique with Anomaly based Behavior Analysis in order to detect any type of anomaly behaviors occurred in Building Automation Systems. Context Awareness is a technique which is widely used in pervasive computing and it aims at gathering information about a system's environment so it can accurately characterize the current operational context of the BAS network and its services. The CAABA methodology can be used to protect a variety of BAS networks in a sustainable and reliable way. To handle the heterogeneous BAS information, we developed a novel Context Aware Data Structure to represent the information acquired from the sensors and resources during execution of the BAS system which can explicitly describe the system's behavior. By performing Anomaly based Behavior Analysis over the set of context arrays using either data mining algorithm or statistical functions, the BAS baseline models are generated. To validate our methodology, we have applied it to two different building application scenarios: a smart building system which is usually implemented in industrial and commercial office buildings and a smart home system which is implemented in residential buildings, where we have achieved good detection results with low detection errors.

Building Automation Systems

Context Awareness

Cyber Security

Internet of Things

Intrusion Detection System

Smart Buildings

Performance evaluation of scalable and distributed iot platforms for smart regions

Araujo Soto, Víctor Estuardo

January 2017

As the vision of the Internet of Things (IoT) becomes a reality, thousands of devices will beconnected to IoT platforms in smart cities and regions. These devices will actively send dataupdates to cloud-based platforms, as part of smart applications in domains like healthcare, trafficand pollution monitoring. Therefore, it is important to study the ability of modern IoT systemsto handle high rates of data updates coming from devices. In this work we evaluated the per-formance of components of the Internet of Things Services Enablement Architecture of theEuropean initiative FIWARE. We developed a testbed that is able to inject data updates usingMQTT and the CoAP-based Lightweight M2M protocols, simulating large scale IoT deploy-ments. Our extensive tests considered the vertical and horizontal scalability of the componentsof the platform. Our results found the limits of the components when handling the load, and thescaling strategies that should be targeted by implementers. We found that vertical scaling is notan effective strategy in comparison to the gains achieved by horizontally scaling the databaselayer. We reflect about the load testing methodology for IoT systems, the scalability needs ofdifferent layers and conclude with future challenges in this topic.

IOT

performance

FIWARE

Internet of Things

QoS

testbed

monitoring

Computer Systems

Datorsystem

[en] CONTEXT DRIVEN THINGS SOCIAL NETWORK / [pt] REDES SOCIAIS DIRIGIDAS AO CONTEXTO DAS COISAS

MARCIO LUIZ COELHO CUNHA

09 February 2017

[pt] A cada dia mais e mais brasileiros possuem um telefone celular de última geração com conexão à internet. Estes novos aparelhos são capazes de ler diferentes tipos de etiquetas usadas para armazenar, recuperar e gerenciar informações, e estão conosco em toda parte para apoiar nossas tarefas diárias. Estes pequenos computadores são conscientes de seu entorno, e propícios à comunicação e colaboração com o mundo real. Devido a sua popularidade, disponibilidade e massa crítica de usuários atingida, novos serviços são desenvolvidos baseados no conceito da computação ubíqua, onde computadores e seres humanos são unificados em torno da noção de ambiente. Estes sistemas pervasivos lidam com questões de interação de contexto e reconhecimento de ambientes, e se adaptam de acordo com as preferências do usuário. Nesta dissertação são descritos o desenvolvimento e testes de usabilidade de uma rede social que é fundamentada nos conceitos da computação ubíqua e Internet das Coisas. Esta rede social, dirigida para o tema da enogastronomia, é acessível por dispositivos móveis e utiliza códigos de duas dimensões colados nas garrafas dos vinhos para através do software e da câmera do celular trazer informações de acordo com o contexto do objeto, lugar e preferência do usuário. / [en] Every day more and more Brazilians have a next generation mobile phone with an internet connection. These new devices are able to read different types of labels used to store, retrieve and manage information; they are with us everywhere to support our daily tasks. These small computers are aware of their surroundings and propitious to communication and collaboration with the real world. Due to their popularity, availability and critical mass of users reached, new services are developed based on the concept of ubiquitous computing, where computers and humans are unified around the concept of environment. These systems deal with issues of pervasive interaction of context, recognition of environments and adapt according to user preferences. This thesis presents a description of the development and usability testing of a social network that is based on the concepts of ubiquitous computing and the Internet of Things. This social network, addressed to the theme of enogastronomy, is accessible by mobile devices and uses twodimensional codes pasted on the bottles of wine for using the software and the phone s camera to bring information in accordance with the context of the object, place and user preference.

[pt] COMERCIO ELETRONICO

[en] E COMMERCE

[pt] INTERNET DAS COISAS

[en] INTERNET OF THINGS

[pt] REDES SOCIAIS

[pt] INTERNET MOVEL

Koncepce Industry 4.0, její dosavadní uplatnění a stav na trhu / Description of the Industry 4.0 concept, current application and market status

Hušek, Jiří

January 2017

This master thesis maps contemporary situation linked to the Industry 4.0 topic and sets it into connections and define its relations. The first part is dedicated to describing the beginning and nature of Industry 4.0. Next part shows main national initiatives of several countries. In the other part of thesis there is specific description of terms connected to this concept. Next part is about evaluating benefits, risks and restrictions. After that there is description of present use on market. The last part sums some predictions about Industry 4.0.

Towards Cloud-based Vehicular Cyber-physical Systems

Alam, Kazi Masudul

January 2017

We are living in the age of information technology, where we are fully occupied with the revolutionary innovations of the last few decades such as the Internet, mobile devices, wireless communications, social networks, wearables, cloud computing, etc. While these technologies have become integral part of our daily life, we are now anxiously waiting to embrace Internet-of-Things (IoT), intelligent digital assistants, driver-less cars, drone deliveries, virtual reality, and smart city applications. Recently, research community is demonstrating increasing interests about Cyber-Physical Systems (CPS) that resides in the cross-section of embedded systems, network communications, and scalable distributed infrastructures. The main responsibility of a CPS is to collect sensory data about the physical world and to inform the computation module using communication technologies that processes the data, identifies important insights and notifies back using a feedback loop. These notifications can however be control commands to reconfigure the physical world. Such a setup is a useful method to deploy smart city applications. In this dissertation, we keep our focus onto the smart transport objective using vehicular CPS (VCPS) based systems organization. We have compiled this dissertation with our research contributions in this growing field of VCPS. One of our key contributions in this field is an architecture reference model for the cloud-based CPS, C2PS, where we analytically describe the key properties of a CPS: computation, communication and control, while integrating cloud features to it. We have identified various types of computation and interaction modes of this paradigm as well as describe Bayesian network and fuzzy logic based smart connection to select a mode at any time. It is considered that the true adoption of CPS is only possible through the deployment of the IoT systems. Thus, it is important to have IoT as a foundation in the CPS architectures. Our next contribution is to leverage existing Vehicular Adhoc Network (VANET) technologies and map them with the standard IoT-Architecture reference model to design the VCPS, Social Internet-of-Vehicles (SIoV). In this process, we have identified the social structures and system interactions among the subsystems involved in the SIoV. We also present a message structure to facilitate different types of SIoV interactions. The ability of dynamic reconfiguration in a C2PS is very appealing. We capture this feature in the VCPS by designing a model-based reconfiguration scheme for the SIoV, where we measure the data workloads of distinct subsystems involved in various types of SIoV interactions. We further use these models to design dynamic adaptation schemes for the subsystems involved in VCPS interactions. Our final contribution is an application development platform based on C2PS design technique that uses server-client based system communications. In this platform, server side is built using JAVA, client side uses Android, message communication uses JSON and every component has its own MySQL database to store the interactions. We use this platform to emulate and deploy SIoV related applications and scenarios. Such a platform is necessary to continue C2PS related research and developments in the laboratory environment.

Cyber-physical Systems

Vehicular Cyber-physical Systems

Social Internet of Vehicles

Internet of Things

Internet of Vehicles