Heterogeneous computing devices are surrounding us in our day-to-day life at an unprecedented rate and they are showing promising capabilities. For example, the drone Loon Copter is one such device providing an unrestricted mobility in air, surface and underwater. Similarly, smartphones and IoT are also enabling to sense our environment. Many of these devices are embedded with processing, sensing, software and communication capabilities, allowing many services to be built on top. In the near future these connected devices will be everywhere from smart cities, factories to our homes and even on our bodies. In order to reach the full potential of these emerging devices, a prominent requirement, “security by design", must be fulfilled to make the technology ready for mass adaptation. Following this direction, we focus on security and privacy issues of three heterogeneous devices: (i) Smartphone related security and privacy issues; (ii) Application of drones for secure localization; and (iii) IoT related security issues. In the first part of this dissertation, we look into security and privacy challenges in smartphones. Smartphones are taking a leading role in binding most of the heterogeneous computing devices and also getting cluttered with a lot of personal data. We investigated three security related issues in smartphones: i) malware detection, ii) preserving anonymity in mobile cloud communications, and iii) analyzing the energy consumption of cryptographic protocols to improve user experiences. As for point i), in most attack scenarios an adversary takes local or remote control of a mobile device (by leveraging system vulnerabilities via malicious apps), and sends the collected information from the smartphone to a remote web server. This undermines the users security and privacy, and we propose a new approach for detecting malware by focusing on network communications. As for point ii), Smartphone applications are increasingly relying on cloud services such as online banking, instant messaging and file exchange. For an external observer, this communication side channel may reveal a lot of information. Strong adversaries like government agencies are also proposing these channels as a means to monitor their surveillance targets. Similarly, if the mobile network providers and cloud service providers collude together, they can violate the privacy of the users. We propose an end-to-end anonymous communications protocol for delay-tolerant applications (similar to Whatsapp or Email), to protect user privacy and prove the security properties of the protocol under this strong attack model. Finally, as for point iii), we analyze the energy consumption of cryptographic protocols running on smartphones. The number of web services accessed over encrypted traffic is rapidly growing, especially via SSL/TLS. In our investigation, we focused on TLS and show how TLS session resume can greatly save energy by avoiding asymmetric cryptographic operations. We further propose Cloud aided TLS (CaT). In the second part of this dissertation, we explore the possibility of using the emerging drone technology to solve the secure location verification problem. Many innovations are emerging using drones such as last mile delivery and emergency response. Many dependable distributed systems are vulnerable to node displacement attacks. For example, a hostile actor physically moving few sensors in a pollution monitoring system can easily disrupt the monitoring. This displacement attack is simple, but difficult to detect. Current solutions require several fixed anchor nodes with trusted positions. We propose VerifierBee, which replace all the fixed anchors with a single drone that flies through a sequence of waypoints. VerifierBee, finds a good approximation of the shortest path, and at the same time it respects a set of requirements about drone controllability, localization precision and communication range. The third part of this dissertation focuses on IoT related security issues. In many scenarios, IoT systems comprise of widely deployed sensors and actuators with connectivity. Many of these sensors are battery operated, with low processing power and left unattended after deployment. Therefore, lightweight low-power security protocols are needed. In this part of the dissertation we propose a framework to detect IoT sensor node actions by observing the encrypted communication traffic. In particular, IETF standardized DTLS encrypted traffic. There are many recent incidents about DDoS attacks using compromised IoT devices and our work steps in this direction to detect any compromised nodes.
Smartphones, Drones and IoT: Security and Privacy in Heterogeneous Smart Devices / Kanishka, Ariyapala. - (2017).
Smartphones, Drones and IoT: Security and Privacy in Heterogeneous Smart Devices
ARIYAPALA, DALUWATHUMULLA GAMAGE KANISHKA
2017
Abstract
Heterogeneous computing devices are surrounding us in our day-to-day life at an unprecedented rate and they are showing promising capabilities. For example, the drone Loon Copter is one such device providing an unrestricted mobility in air, surface and underwater. Similarly, smartphones and IoT are also enabling to sense our environment. Many of these devices are embedded with processing, sensing, software and communication capabilities, allowing many services to be built on top. In the near future these connected devices will be everywhere from smart cities, factories to our homes and even on our bodies. In order to reach the full potential of these emerging devices, a prominent requirement, “security by design", must be fulfilled to make the technology ready for mass adaptation. Following this direction, we focus on security and privacy issues of three heterogeneous devices: (i) Smartphone related security and privacy issues; (ii) Application of drones for secure localization; and (iii) IoT related security issues. In the first part of this dissertation, we look into security and privacy challenges in smartphones. Smartphones are taking a leading role in binding most of the heterogeneous computing devices and also getting cluttered with a lot of personal data. We investigated three security related issues in smartphones: i) malware detection, ii) preserving anonymity in mobile cloud communications, and iii) analyzing the energy consumption of cryptographic protocols to improve user experiences. As for point i), in most attack scenarios an adversary takes local or remote control of a mobile device (by leveraging system vulnerabilities via malicious apps), and sends the collected information from the smartphone to a remote web server. This undermines the users security and privacy, and we propose a new approach for detecting malware by focusing on network communications. As for point ii), Smartphone applications are increasingly relying on cloud services such as online banking, instant messaging and file exchange. For an external observer, this communication side channel may reveal a lot of information. Strong adversaries like government agencies are also proposing these channels as a means to monitor their surveillance targets. Similarly, if the mobile network providers and cloud service providers collude together, they can violate the privacy of the users. We propose an end-to-end anonymous communications protocol for delay-tolerant applications (similar to Whatsapp or Email), to protect user privacy and prove the security properties of the protocol under this strong attack model. Finally, as for point iii), we analyze the energy consumption of cryptographic protocols running on smartphones. The number of web services accessed over encrypted traffic is rapidly growing, especially via SSL/TLS. In our investigation, we focused on TLS and show how TLS session resume can greatly save energy by avoiding asymmetric cryptographic operations. We further propose Cloud aided TLS (CaT). In the second part of this dissertation, we explore the possibility of using the emerging drone technology to solve the secure location verification problem. Many innovations are emerging using drones such as last mile delivery and emergency response. Many dependable distributed systems are vulnerable to node displacement attacks. For example, a hostile actor physically moving few sensors in a pollution monitoring system can easily disrupt the monitoring. This displacement attack is simple, but difficult to detect. Current solutions require several fixed anchor nodes with trusted positions. We propose VerifierBee, which replace all the fixed anchors with a single drone that flies through a sequence of waypoints. VerifierBee, finds a good approximation of the shortest path, and at the same time it respects a set of requirements about drone controllability, localization precision and communication range. The third part of this dissertation focuses on IoT related security issues. In many scenarios, IoT systems comprise of widely deployed sensors and actuators with connectivity. Many of these sensors are battery operated, with low processing power and left unattended after deployment. Therefore, lightweight low-power security protocols are needed. In this part of the dissertation we propose a framework to detect IoT sensor node actions by observing the encrypted communication traffic. In particular, IETF standardized DTLS encrypted traffic. There are many recent incidents about DDoS attacks using compromised IoT devices and our work steps in this direction to detect any compromised nodes.
| File | Dimensione | Formato | |
|---|---|---|---|
|
ARIYAPALA_TESI_FINALE.pdf
accesso aperto
Descrizione: Thesis - Main Article
Tipologia:
Pdf editoriale (Version of record)
Licenza:
Open Access
Dimensione
5.4 MB
Formato
Adobe PDF
|
5.4 MB | Adobe PDF |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
