The Internet of Things (IoT) is an emerging technology that aims to connect our environment to the internet in the same way that personal computers connected people. As this technology progresses, the IoT paradigm becomes more prevalent in our everyday lives. The nature of IoT applications necessitates devices that are low-cost, power-sensitive, integrated, unobtrusive, and interoperable with existing cloud platforms and services, for example, Amazon AWS IoT, IBM Watson IoT. As a result, these devices are often small in size, with just enough computing power needed for their specific tasks. These resource-constrained devices are often unable to implement traditional network security measures and represent a vulnerability to network attackers as a result. Few frameworks are positioned to handle the influx of this new technology and the security concerns associated with it. Current solutions fail to provide a comprehensive and multi-layer solution to these inherent IoT security vulnerabilities. This paper presents a layered approach to IoT testbed that aims to bridge multiple connection standards and cloud platforms. To solve challenges surrounding this multi-layer IoT testbed, we propose a mesh inside a mesh IoT network architecture. Our designed "edge router" incorporates two mesh networks together and performs seamlessly transmission of multi-standard packets. The proposed IoT testbed interoperates with existing multi-standards (Wi-Fi, 6LoWPAN) and segments of networks, and provides both Internet and resilient sensor coverage to the cloud platform. To ensure confidentiality and authentication of IoT devices when interoperating with multiple service platforms, we propose optimized cryptographic techniques and software frameworks for IoT devices. We propose to extend and modify the existing open-source IDS platforms such as Snort to support IoT platforms and environments. We validate the efficacy of the proposed system by evaluating its performance and effect on key system resources. The work within this testbed design and implementation provides a solid foundation for further IoT system development.
more »
« less
Blockchain-based Sensor Data Validation for Security in the Future Electric Grid
This paper explores the feasibility of using blockchain technology to validate that measured sensor data approximately follows a known accepted model to enhance sensor data security in electricity grid systems. This provides a more robust information infrastructure that can be secured against not only failures but also malicious attacks. Such robustness is valuable in envisioned electricity grids that are distributed at a global scale including both small and large nodes. While this may be valuable, blockchain’s security benefits come at the cost of computation of cryptographic functions and the cost of reaching distributed consensus. We report experimental results showing that, for the proposed application and assumptions, the time for these computations is small enough to not negatively impact the overall system operation. From this we conclude that it is indeed worthwhile to further study the application of blockchain technology in the electricity grid, removing the assumptions we make and integrating blockchain in a much more extensive manner. To the best of our knowledge, this is the first instance where blockchain is used to validate the measured sensor data in the electricity grid thus providing security to other system operations.
more »
« less
- Award ID(s):
- 1744129
- NSF-PAR ID:
- 10148821
- Date Published:
- Journal Name:
- Integrated Smart Grid Technologies
- Page Range / eLocation ID:
- 271 to 272
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
This article presents a novel hardware-assisted distributed ledger-based solution for simultaneous device and data security in smart healthcare. This article presents a novel architecture that integrates PUF, blockchain, and Tangle for Security-by-Design (SbD) of healthcare cyber–physical systems (H-CPSs). Healthcare systems around the world have undergone massive technological transformation and have seen growing adoption with the advancement of Internet-of-Medical Things (IoMT). The technological transformation of healthcare systems to telemedicine, e-health, connected health, and remote health is being made possible with the sophisticated integration of IoMT with machine learning, big data, artificial intelligence (AI), and other technologies. As healthcare systems are becoming more accessible and advanced, security and privacy have become pivotal for the smooth integration and functioning of various systems in H-CPSs. In this work, we present a novel approach that integrates PUF with IOTA Tangle and blockchain and works by storing the PUF keys of a patient’s Body Area Network (BAN) inside blockchain to access, store, and share globally. Each patient has a network of smart wearables and a gateway to obtain the physiological sensor data securely. To facilitate communication among various stakeholders in healthcare systems, IOTA Tangle’s Masked Authentication Messaging (MAM) communication protocol has been used, which securely enables patients to communicate, share, and store data on Tangle. The MAM channel works in the restricted mode in the proposed architecture, which can be accessed using the patient’s gateway PUF key. Furthermore, the successful verification of PUF enables patients to securely send and share physiological sensor data from various wearable and implantable medical devices embedded with PUF. Finally, healthcare system entities like physicians, hospital admin networks, and remote monitoring systems can securely establish communication with patients using MAM and retrieve the patient’s BAN PUF keys from the blockchain securely. Our experimental analysis shows that the proposed approach successfully integrates three security primitives, PUF, blockchain, and Tangle, providing decentralized access control and security in H-CPS with minimal energy requirements, data storage, and response time.more » « less
-
more » « less
Abstract Double auction mechanisms have been designed to trade a variety of divisible resources (e.g., electricity, mobile data, and cloud resources) among distributed agents. In such divisible double auction, all the agents (both buyers and sellers) are expected to submit their bid profiles, and dynamically achieve the best responses. In practice, these agents may not trust each other without a market mediator. Fortunately, smart contract is extensively used to ensure digital agreement among mutually distrustful agents. The consensus protocol helps the smart contract execution on the blockchain to ensure strong integrity and availability. However, severe privacy risks would emerge in the divisible double auction since all the agents should disclose their sensitive data such as the bid profiles (i.e., bid amount and prices in different iterations) to other agents for resource allocation and such data are replicated on all the nodes in the network. Furthermore, the consensus requirements will bring a huge burden for the blockchain, which impacts the overall performance. To address these concerns, we propose a hybridized TEE-Blockchain system (system and auction mechanism co-design) to privately execute the divisible double auction. The designed hybridized system ensures privacy, honesty and high efficiency among distributed agents. The bid profiles are sealed for optimally allocating divisible resources while ensuring truthfulness with a Nash Equilibrium. Finally, we conduct experiments and empirical studies to validate the system and auction performance using two real-world applications.
-
As Blockchain technology become more understood in recent years and its capability to solve enterprise business use cases become evident, technologist have been exploring Blockchain technology to solve use cases that have been daunting industries for years. Unlike existing technologies, one of the key features of blockchain technology is its unparalleled capability to provide, traceability, accountability and immutable records that can be accessed at any point in time. One application area of interest for blockchain is securing heterogenous networks. This paper explores the security challenges in a heterogonous network of IoT devices and whether blockchain can be a viable solution. Using an experimental approach, we explore the possibility of using blockchain technology to secure IoT devices, validate IoT device transactions, and establish a chain of trust to secure an IoT device mesh network, as well as investigate the plausibility of using immutable transactions for forensic analysis.more » « less
-
null (Ed.)Blockchain technology has recently gained high popularity in data security, primarily to mitigate against data breach and manipulation. Since its inception in 2008, it has been applied in different areas mainly to maintain data integrity and consistency. Blockchain has been tailored to secure data due to its data immutability and distributive technology. Despite the high success rate in data security, the inability to identify compromised insider nodes is one of the significant problems encountered in blockchain architectures. A Blockchain network is made up of nodes that initiate, verify and validate transactions. If compromised, these nodes can manipulate submitted transactions, inject fake transactions, or retrieve unauthorized information that might eventually compromise the stored data's integrity and consistency. This paper proposes a novel method of detecting these compromised blockchain nodes using a server-side authentication process and thwart their activities before getting updated in the blockchain ledger. In evaluating the proposed system, we perform four common insider attacks, which fall under the following three categories: (1)Those attacks targeting the Blockchain to bring it down. (2) the attacks that attempt to inject fake data into the database. (3) The attacks that attempt to hijack or retrieve unauthorized data. We described how we implement the attacks and how our architecture detects them before they impact the network. Finally, we displayed the attack detection time for each attack and compared our approach with other existing methods.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/ISOCC47750.2019.9078509
