Internet of Things Automatic Security Testbed

  • The goal of the automatic security testbed is to test for security and privacy of various state of the art IoT devices existing in the market. The testbed setup consists of a shielded room, three different stand-alone machines to perform the tests, access point within the shielded room and various state of the art IoT devices. Currently the testbed can perform various tests to show how vulnerable the IoT devices are. The testbed is also focusing on developing a system architecture that can allow various testing modules to be called for any kinds of tests. The testbed can support various communication protocols such as Wi-Fi, ZigBee, and Bluetooth etc. Furthermore, the testbed will also be focusing on developing various attack and defense models to expose and find the vulnerabilities of the IoT devices. In future, the testbed will be open and made available to anyone who is willing to test their own IoT devices. The long term vision of the testbed and the lab itself will be to provide certification to any IoT devices in the market to check if it is secure or not.
  • Keywords: Internet of Things, Vulnerabilities, Security, Privacy.

  • Privacy-Preserving Detection of IoT Devices Connected Behind a NAT in a Smart Home Setup

  • Today, telcos are exposed to cyberattacks executed by compromised IoT devices connected to their customers’ networks. We propose a privacy-preserving method that can detect devices of specific vulnerable IoT models connected behind a NAT, thereby identifying home networks that pose a risk to the telco’s infrastructure and availability of services.
  • Keywords: Internet of Things, Identification, Anomaly Detection, Security, Privacy.
  • Decentralized Access Control for Internet of Things

  • Security is one of the major research issues in IoT paradigm. Most of the security solutions proposed for IoT in the state-of-the-art literature use centralized approach with traditional authentication and authorization protocols. However, the resource-constraint nature of the IoT devices are not suitable for public key cryptosystems like RSA, Diffie-Hellman, ElGamal, etc. which require very large keys to enforce encryption and signature verification. Moreover, authorization models such as RBAC, ABAC, OrBAC, etc. have not been designed keeping in mind the resource-constrained nature of the IoT devices. Nonetheless, centralized approaches have several limitations such as, single point failure, scalability issue in scenarios where large number of IoT devices are connected, procurement and managing of additional hardwares, lack of security while the central system talks to other devices, and so on.

    This work proposes a decentralized security framework (comprising of both authentication and authorization mechanisms) for securing IoT systems. It is expected to address the scalability issue, facilitates decision making at the device level, and leverages machine-to-machine (M2M) communications to ensure end-to-end security. M2M communication is an essential feature for reducing human interventions and perceiving a smart environment. However, the challenge with decentralized approach is that we need to propose new authentication and authorization scheme which preserves device autonomy and also conforms to the resource-constrained nature of the IoT devices.

    Thus, the broad scope of this work will be to design a decentralized, and light-weighted security framework for IoT devices, which enables establishment of secure communication channel, identity verification of requesting subjects (viz., smartphone app, or another device, or a remote server program), and make authorization decisions locally.
  • Keywords: Internet of Things, Access Control, Authorization, Authentication, Security, Privacy.

  • PIT: A Probe into Internet of Things by Comprehensive Security Analysis

  • One of the major issues which are hindering widespread and seamless adoption of Internet of Thing (IoT) is security. The IoT devices are vulnerable and susceptible to attacks which became evident from a series of recent large-scale distributed denial-of-service (DDoS) attacks, leading to substantial business and financial losses. However, in order to find vulnerabilities in IoT, there is a lack of comprehensive security analysis framework. In this work, we present a modular, adaptable and tunable framework, called PIT, to probe vulnerabilities at different layers of design and implementation of IoT systems. It consists of several security analysis engines, viz.,penetration testing, fuzzing, static analysis,and dynamic analysis and a exploitation engine to detect and exercise multiple IoT system-based vulnerabilities, respectively. We also develop a novel grey-box fuzzer, called Applica, as a part of the fuzzing engine to overcome the limitations of the present day fuzzers. The proposed framework has been evaluated on a real-world IoT testbed comprising of the state-of-the-art devices. We discovered several network and system-level vulnerabilities such as Buffer Overflow, Denial-of-Service, SQL Injection, etc., and successfully exploited them to demonstrate the presence of security loopholes in the IoT devices.
  • Keywords: Internet of Things, Security Analysis, Vulnerabilities, Security, Privacy.
  • Internet of Things Automatic Identification

  • Many organizations nowadays deploy IoT devices across their IT infrastructure and this trend is expected to further accelerate in the coming years. Security experts have demonstrated the risk posed by IoT devices to organizations. Due to the widespread adoption of such devices, their diversity, standardization obstacles and inherent mobility, organizations are in need of an intelligent mechanism capable of detecting suspicious IoT devices connected to the network while not registered in a list of trustworthy IoT devices (white list) allowed to be used within the organization. In this research, we apply machine learning algorithms with the purpose of accurately identifying IoT devices listed in the approved white list and identifying other IoT devices.
  • Keywords: Internet of Things, White Listing, Anomaly Detection, Security, Privacy.
  • Decentralized Localization and tracking in Wireless Sensor Networks.

  • A decentralized location estimation protocol is developed which relies only on local data, local communication, beacon and mobile nodes. The location signature database is replicated on beacon nodes. Beacon node estimates the location of Mobile Node when requested, using its database and calculating the centroid (Triangulation). A GUI in Java has been developed at the mobile node to display its location information obtained from the beacon nodes. The system has been developed on TinyOS using NesC. The system has an accuracy of two to three meters in various environments.
  • Languages: NesC, Java.
  • Platform: TinyOS-1.x, Cygwin Hardware: Arslogic-3Tec, TelosSky Moteiv.
  • Information Quality Aware Cross-layer Techniques in Wireless Sensor Networks

  • The key objective of the project is to provide the desired Quality of Information (QoI) to the user/application. In Wireless Sensor Networks (WSNs), various applications require specific information of different types. User requirements regarding information are evolvable having specified information with a certain quality. We refer to quality as the degree or grade of excellence, and QoI is the quality experienced/perceived by the user concerning the received information. We consider that QoI can satisfy the user evolvable requirements when all or combinational blocks are considered. On the other hand, the quality indicators such as accuracy, reliability and timeliness have to be considered to provide user required quality. Providing tuning of reliability and timeliness in composition for a maximized efficiency and to avoid over- and under-provision of information is necessary. On the other hand, the optimized solution for sampling accuracy and transport reliability in composition for a maximized efficiency is a challenge. Approach featuring a message efficiency that optimally meets application requirements with the online adaptation and appropriate tradeoff between accuracy and reliability is trivial.
  • Keywords: Wireless Sensor Networks, Quality of Information, Optimization, Information Attributes.
  • CoMiFin (Communication Middleware for Monitoring Financial Critical Infrastructure)

  • A key objective of CoMiFin is to prove the advantages of having a cooperative approach in the rapid detection of threats. Specifically, CoMiFin demonstrates the effectiveness of its approach by addressing the problem of protecting financial critical infrastructure. This allows groups of financial actors to take advantage of the Semantic Room abstraction for exchanging and processing information, thereby allowing them to take proactive steps in protecting their business continuity, for example, through generating fast and accurate intruder blacklists.
  • Keywords: Financial Information infrastructure, collaborative security, critical infrastructure protection and distributed massive event processing.
  • INSPIRE (INcreasing Security and Protection through Infrastructure REsilience)

  • The INSPIRE project aims at identifying techniques to enhance the reliability of communications over unreliable and/or insecure links (WAN, wireless), so that critical control loops become possible over a WAN. INSPIRE aimed at designing and implementing: (a) A method to identify and assess vulnerabilities. This method should be extended in a sense that not only the number and level of vulnerabilities be identified but also the impact on the service provided by the CI (e.g. expected duration of power outage and size of area/ population affected). (b) Implementation of multi-path techniques to enhance the robustness to attacks to the confidentiality of SCADA traffic. (c) A self-configurable (SCADA-communications) architecture for SCADA system resilience. (d) A P2P like overlay communication architecture for SCADA systems to enhance dependability of data transport by fulfilling the timeliness and reliability requirements for both sensor data and actuator commands in presence of failures/attacks.
  • Keywords: Supervisory Control and Data Acquisition systems, Peer to Peer Networks.
  • Model for Understanding the Spread of Epidemics in Mobile Networks

  • This project introduces a model for analyzing the spread of epidemics in a disconnected mobile network. The work is based on an extension, to a dynamic setting, of the eigenvector centrality principle for the case of static networks. The extension builds on a new definition of connectivity matrix for a highly partitioned mobile system, where the connectivity between a pair of nodes is defined as the number of contacts taking place over a time window. The connectivity matrix is then used to evaluate the eigenvector centrality of the various nodes. Numerical results from real-world traces are used. The model is built for wireless mobile networks on eigenvector centrality, clustering and topography.
  • Language: Java Mathematical computing Environment: MATLAB
  • Installing Asterisk and Interaction with SIP SER in UNITN (University Of Trento)

  • The project was to set up asterisk (the Open Source PBX & Telephony Platform) in the UNITN and make it to work with SIP SER (a high-performance, configurable, free SIP server)
  • Phase I: To modify the configuration file of the network for assigning one static ip to the machine and then connecting to the LAN through switch.
  • Phase II: Connecting to the switch gateway Cisco ATA 188 and one analog phone was connected to one of RJ 11 port of the ATA and used X-Lite softphone to call from one notebook to another, from X-lite to Analog phone and to the SIP phone in the university.
  • Language: Asterisk Extension Language. Server: AsteriskNOW. Platform: Linux Hardware: TIM Analog Phone, CISCO ATA, CISCO VOIP phone. Software: X-lite SIP softphone.
  • Secure Network Access Protocol (SNAP)

  • SNAP - distributed authentication protocol, is based on secret sharing that have quorum access structure. The Project Deals about developing a cryptosystem that facilitate secure communication between parties that uses a distributed authentication protocol called Secure Network Access Protocol.
  • Client View: The client authenticates to the system and user needs key to start a private communication, the key which is private to the user and the public key generated by the server.
  • Server View: The server has the responsibility to authenticate the client and then generate the public key for the client so it can help the client to establish a secure channel between two users. Here the key generation is mainly based on RSA.
  • Language: JAVA, Platform: Windows
  • Embedded Hot Spot Information System

    The project was my Bachelor’s final year industrial research project. The project is based on the localization and providing the position of the user.

  • Embedded module: The ARM board has to be programmed, where the user end data is embedded into the board and then configured so as to integrate with the server. When user requests for a location, the request is sent via Bluetooth and then to server.
  • Server module: The server processes the request for the location estimation, which maintains the database and the local map of the particular area registered with the server, so when the request is given to the server, the server will reply back with location estimation via Bluetooth.
  • Platform: Embedded Arm Linux.
  • Language: C, JAVA.
  • Hardware: Bluetooth(802.15.1), LCD Display, Atmel ARM processor board.
  • Company: Accent e Technology Private Limited.
  • Lexical Analyzer

  • The project named “LEXICAL ANALYSER” is a package; the purpose of the project is to partition the input text, delivering a sequence of comments and basic symbols. Comments are character sequences to be ignored, while basic symbols are character sequences that correspond to terminal symbols of the grammar defining the phrase structure of the input. A user must define the forms of comments and the forms of all basic symbols corresponding to non-literal terminal symbols of the grammar.
  • Platform: DOS platform, Language: C
  • STATUS (Net of sensors for asset management of server farm)

  • A wireless sensor network has been deployed in server room for monitoring the state and the location of the servers in a server farm of whichever dimension any; each rack is equipped with a cluster of nodes. A battery powered node is attached to each server (CN: Cluster Node).
  • Periodically, every CN sends a “presence message” to one cable powered node (CH: Cluster Head) located inside each rack. One (or more) gateway collects data coming from the wireless mesh network and forwards them to a (remote) base station. At start-up the CHs listen for CNs and create a list of the servers located in their own rack (Discovery Phase). Then, they inform the base station of their work (send event messages). Completed the discovery phase the CHs continue to listen for CNs, but they send to base station only alarm messages.
  • Languages: NesC, Java. Platform: TinyOS-1.x, Cygwin Hardware: Arslogic-3Tec, TelosSky Moteiv.