This PhD disseration is focused on the topic of Internet of Things (IoT) technology, with specific focus on security issues and localization functionalities in IoT deployments composed by many constrained devices. In fact, the last decade has been the witness of the explosion of the IoT, and today billions of smart devices are hitting the market. They are equipped with sensing and actuating capabilities and they have the capabilities to interact between them over the Internet. This phenomenon paves the way to a variety of innovative applications in different contexts, such as environmental monitoring, smart building, home automation, health care, logistics and energy management, to name a few. Moreover, the innovations provided by such technological evolution especially in industrial applications is currently enabling a wide set of advanced services, indicated as the forth industrial revolution, Industry 4.0, that will leverage on the new specific paradigm of the, Industrial Internet of Things (IIoT). Also, the major leading companies of the sector expect up to 50 billion of smart devices connected by 2020. In this ebullient context, the need for developing accurate and tailored services, resized on the requirements and features of the constrained devices at the basis of IoT technology, is still an incumbent hurdle. From one side, security aspects stand in a prominent position. In fact, the unique features of the involved devices require the design of tailored routines and protocols, able to minimally affect the regular communications, operations and the execution of the standard protocol stack. From the other side, the deployment of mobile sensor nodes requires the presence of smart and lightweight static and dynamic localization techniques, able to provide instant-by-instant the position of the sensing entities, without affecting the execution of their fundamental tasks and the lifetime of battery-powered devices. Starting from these premises, the present PhD thesis wraps around the main topic of providing advanced services for IoT networks, with the aim of affecting the normal network operations only in a minimal part. With the focus on security aspects, the procedures and services recommended by one of the most important standard for IoT protocol stack, IEEE 802.15.4e, have been implemented. The overhead of link-layer security in IIoT networks has been evaluated, in terms of minimal timeslot length and memory footprint. The provided implementation of link-layer security covers a range of hardware platforms, exploring different hardware/software implementation strategies. Through an extensive measurement campaign, the advantage of hardware accelerators for link-layer security have been precisely quantified. Furthermore, the impact that the resulting timeslot duration has on both high-level application design and energy consumption have been investigated. Moreover, starting from a careful inquiry about the gaps left open by the MAC layer standard IEEE 802.15.4, a lightweight and standard compatible framework, namely “LICITUS”, has been developed, with the aim of providing a wide variety of security configurations in homogeneous and heterogeneous scenarios, integration support for adaptation to dynamic networks, lean and scalable initialization functionalities, a lightweight Key Management Protocol (KMP) and resilience to several attacks. Starting from the KMP developed in the LICITUS framework, an advanced version has been designed. It integrates implicit Elliptic Curve Qu-Vanstone (ECQV) certificates with a standard Elliptic Curve Diffie-Hellman (ECDH) exchange. From a security perspective, it performs authentication and key derivation between any two peers an IIoT network. As confirmed by a proof-of-concept implementation and relevant experimental results, this innovative KMP guarantees the minimal airtime consumption with respect to conventional approaches, while providing also robust key negotiation, fast re-keying, and efficient protection against replay attacks. The research activity about security has also covered the authorization problem, which is quickly emerging as one of the most important barrier to protect against external threats coming from the public Internet. Within the context of the symbIoTe H2020 European project, an authorization architecture based on the widely known OAuth 2.0 authorization framework has been proposed. Thanks to security services provided by the OAuth 2.0 Authorization Server deployed at the edge of the IoT network, the proposed solution assures the precise identification of all accesses to resources exposed by the smart devices, while not affecting in any way their computational burden. As regarding localization solutions, a 4-months period of research abroad at the Faculty of Computer and Information Science in Ljubljana (Slovenia) have been conducted to study and provide a lightweight off-line algorithm that addresses the problem of estimating the position and velocity of a radio transmitter moving with a constant, unknown speed. The provided technique is based on arrival timestamps gathered by fixed sensor nodes. The technique is completely asynchronous in its logic, because no assumption is made about any time synchronization between the involved devices. The performances of this solution have been investigated not only through a wide set of Monte-Carlo simulations, but also by using real data provided by off-the-shelf Wi-Fi devices, demonstrating its feasibility for adoption in specific IoT services. To conclude, a brief description of the structure of the thesis is provided below: 1. Chapter 1: The Internet of Things technology. It introduces the main features of the upcoming IoT technology, with a focus on the standardized protocol stack and the variety of hardware devices specifically designed for such applications. 2. Chapter 2: Security issues in IoT networks. It provides an extensive summary of the state of the art in the IoT security area, discussing the most adopted solutions and algorithms. 3. Chapter 3: MAC-layer security in IoT networks. In this chapter the implementation of security procedures, services and algorithm recommended by the IEEE 802.15.4 standard is detailed, as well as a lightweight security framework that integrates and smartly uses such services. 4. Chapter 4: Security solutions at the application layer for the IoT. It discusses the solutions specifically designed to address security issues at the application layer, starting from a lightweight KMP guaranteeing the minimal airtime consumption, up to advanced solutions addressing the authorization problem. 5. Chapter 5: Time-based wireless localization techniques. It focuses on an algorithm developed to estimate the position and velocity of a node moving at a constant, unknown velocity. The performance evaluation of the algorithm is described, both in a simulated environment and through real Wi-Fi data, along with the advantages derived by its adoption in the IoT context.

From Security to Localization: Advanced Services for Large-Scale IoT Networks

SCIANCALEPORE, Savio
2017

Abstract

This PhD disseration is focused on the topic of Internet of Things (IoT) technology, with specific focus on security issues and localization functionalities in IoT deployments composed by many constrained devices. In fact, the last decade has been the witness of the explosion of the IoT, and today billions of smart devices are hitting the market. They are equipped with sensing and actuating capabilities and they have the capabilities to interact between them over the Internet. This phenomenon paves the way to a variety of innovative applications in different contexts, such as environmental monitoring, smart building, home automation, health care, logistics and energy management, to name a few. Moreover, the innovations provided by such technological evolution especially in industrial applications is currently enabling a wide set of advanced services, indicated as the forth industrial revolution, Industry 4.0, that will leverage on the new specific paradigm of the, Industrial Internet of Things (IIoT). Also, the major leading companies of the sector expect up to 50 billion of smart devices connected by 2020. In this ebullient context, the need for developing accurate and tailored services, resized on the requirements and features of the constrained devices at the basis of IoT technology, is still an incumbent hurdle. From one side, security aspects stand in a prominent position. In fact, the unique features of the involved devices require the design of tailored routines and protocols, able to minimally affect the regular communications, operations and the execution of the standard protocol stack. From the other side, the deployment of mobile sensor nodes requires the presence of smart and lightweight static and dynamic localization techniques, able to provide instant-by-instant the position of the sensing entities, without affecting the execution of their fundamental tasks and the lifetime of battery-powered devices. Starting from these premises, the present PhD thesis wraps around the main topic of providing advanced services for IoT networks, with the aim of affecting the normal network operations only in a minimal part. With the focus on security aspects, the procedures and services recommended by one of the most important standard for IoT protocol stack, IEEE 802.15.4e, have been implemented. The overhead of link-layer security in IIoT networks has been evaluated, in terms of minimal timeslot length and memory footprint. The provided implementation of link-layer security covers a range of hardware platforms, exploring different hardware/software implementation strategies. Through an extensive measurement campaign, the advantage of hardware accelerators for link-layer security have been precisely quantified. Furthermore, the impact that the resulting timeslot duration has on both high-level application design and energy consumption have been investigated. Moreover, starting from a careful inquiry about the gaps left open by the MAC layer standard IEEE 802.15.4, a lightweight and standard compatible framework, namely “LICITUS”, has been developed, with the aim of providing a wide variety of security configurations in homogeneous and heterogeneous scenarios, integration support for adaptation to dynamic networks, lean and scalable initialization functionalities, a lightweight Key Management Protocol (KMP) and resilience to several attacks. Starting from the KMP developed in the LICITUS framework, an advanced version has been designed. It integrates implicit Elliptic Curve Qu-Vanstone (ECQV) certificates with a standard Elliptic Curve Diffie-Hellman (ECDH) exchange. From a security perspective, it performs authentication and key derivation between any two peers an IIoT network. As confirmed by a proof-of-concept implementation and relevant experimental results, this innovative KMP guarantees the minimal airtime consumption with respect to conventional approaches, while providing also robust key negotiation, fast re-keying, and efficient protection against replay attacks. The research activity about security has also covered the authorization problem, which is quickly emerging as one of the most important barrier to protect against external threats coming from the public Internet. Within the context of the symbIoTe H2020 European project, an authorization architecture based on the widely known OAuth 2.0 authorization framework has been proposed. Thanks to security services provided by the OAuth 2.0 Authorization Server deployed at the edge of the IoT network, the proposed solution assures the precise identification of all accesses to resources exposed by the smart devices, while not affecting in any way their computational burden. As regarding localization solutions, a 4-months period of research abroad at the Faculty of Computer and Information Science in Ljubljana (Slovenia) have been conducted to study and provide a lightweight off-line algorithm that addresses the problem of estimating the position and velocity of a radio transmitter moving with a constant, unknown speed. The provided technique is based on arrival timestamps gathered by fixed sensor nodes. The technique is completely asynchronous in its logic, because no assumption is made about any time synchronization between the involved devices. The performances of this solution have been investigated not only through a wide set of Monte-Carlo simulations, but also by using real data provided by off-the-shelf Wi-Fi devices, demonstrating its feasibility for adoption in specific IoT services. To conclude, a brief description of the structure of the thesis is provided below: 1. Chapter 1: The Internet of Things technology. It introduces the main features of the upcoming IoT technology, with a focus on the standardized protocol stack and the variety of hardware devices specifically designed for such applications. 2. Chapter 2: Security issues in IoT networks. It provides an extensive summary of the state of the art in the IoT security area, discussing the most adopted solutions and algorithms. 3. Chapter 3: MAC-layer security in IoT networks. In this chapter the implementation of security procedures, services and algorithm recommended by the IEEE 802.15.4 standard is detailed, as well as a lightweight security framework that integrates and smartly uses such services. 4. Chapter 4: Security solutions at the application layer for the IoT. It discusses the solutions specifically designed to address security issues at the application layer, starting from a lightweight KMP guaranteeing the minimal airtime consumption, up to advanced solutions addressing the authorization problem. 5. Chapter 5: Time-based wireless localization techniques. It focuses on an algorithm developed to estimate the position and velocity of a node moving at a constant, unknown velocity. The performance evaluation of the algorithm is described, both in a simulated environment and through real Wi-Fi data, along with the advantages derived by its adoption in the IoT context.
IoT, M2M, IEEE 802.15.4, Security, Wireless Localization
File in questo prodotto:
File Dimensione Formato  
Thesis_Sciancalepore_Savio_final.pdf

accesso aperto

Descrizione: Articolo Principale
Tipologia: Tesi di dottorato
Licenza: Creative commons
Dimensione 9.69 MB
Formato Adobe PDF
9.69 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11589/98114
Citazioni
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact