Resilient IoT Systems – Issues and Solutions

The Internet of Thing (IoT) has been one of the main focus areas of the research community in recent years, their peculiar requirements help net- work administrators to design and ensure the functionalities and resources of each device. Generally, two types of devices—constrained and uncon- strained devices—are typical in the IoT environment. Devices with limited resources—for example, sensors and actuators—are known as constrained de- vices. The unconstrained devices include gateways or border routers. Such devices are challenging in terms of their deployment because of their con- nectivity, channel selection, multiple interfaces, local and global address as- signment, address resolution, remote access, mobility, routing, border router scope, and security. To deal with these peculiar services, the availability of the IoT system ensures that the desired network services are available even in the presence of denial-of-service attacks, and the use of the system has become a difficult but mandatory task for network designers. To this end, I present a novel design for Wireless Sensor Networks (WSNs) which is the subsystem of IoTs, to address these challenges by shifting mandatory functionalities from unreliable to reliable and stable domains. Moreover, energy conservation is another aspect that is one of the main constraints and the traditional IPv6 Neighbor Discovery (IPv6-ND) is not designed nor suitable to cope with it. In spite of that, non-transitive wireless links and the use of heavy multicast transmission make it inefficient and sometimes impractical in a Low-Power and Lossy Network (LLN). Due to these peculiarities, significant work has been done by the Internet Engineering Task Force (IETF) to optimize IPv6-ND, known as IPv6 over Low power Wireless Personal Area Network - Neighbor Discovery (6LoWPAN-ND). The implementation of the 6LoWPAN-ND protocol in mesh-under works totally opposite to its main purpose because it reduces the multicast transmission but increases the unicast transmission in a drastic way. On the other hand, IPv6-ND works in a reactive way but the network resilience in terms of re- liability and robustness becomes questionable. Obtained results prove to answer a few questions. For example, is there a need for a 6LoWPAN-ND protocol for a given LLN or not? What would be the benefits or drawbacks if we utilize it? What will happen if we are not interested to adopt this protocol for LLNs and keep using the IPv6-ND protocol? All these questions addresses in terms of IoT resiliency. Another aspect is the availability of the application services and user privacy in IoT systems. Due to the drastic increase of IoT devices, increasing demand for application services with strict Quality of Service (QoS) requirements. Therefore, service providers are dealing with the functional integration of the classical cloud computing architecture with edge computing networks. However, considering the limited capacity of the edge nodes requires a proper virtual functions allotment to advance the user satisfaction and service perfection. However, demand prediction is crucial but essential in services management. High variability of application requests that result in inaccurate forecasts becomes a big challenge. The Federated learning methods provide a solution to train mathematical learning models at the end-user sites. Network functions virtualization leverages the IT virtualization technologies to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create and deliver communication services. To preserve the data security and maximize service provider revenue, I use the federated learning approach for the prediction of virtual functions demand in the Internet of Everything (IoE) based edge-cloud computing systems. Additionally, my work proposes a matching-based tasks allocation with some numerical results that validate the proposed approach by comparing it with a chaos theory prediction scheme. The services offered through IoT systems, much like any system on the Internet, must not only be studied and improved, they must be continuously monitored to ensure security and resilience. It is important to know what kind of services they provide, how they evolve, and what is the network performance? One of the most promising ways to enable continuous QoE monitor is to use a novel IPv6 extension header called Performance and Diagnostic Metrics (PDM) Destination Option header, defined in RFC8250. This IETF standard defines an optional header that is included in each packet to offer sequence numbers and timing information for measurement purposes. These measurements can be analyzed in real-time or later. Currently, PDM data is provided in clear text so malicious actors may be able to gather information for future assaults. The standard proposal, which is still being worked on, uses a lightweight handshake (registration procedure) and encryption to safeguard data. It also includes a list of additional performance measures that might be useful for further performance evaluation of IoT systems. My proposal uses the Internet Research Task Force (IRTF) Hybrid Public Key Encryption (HPKE) framework [23] to provide confidentiality and integrity to PDM data and is currently the candidate system to secure both PDMv2 [46] and Messaging Layer Security (MLS) [22].