Abstract

In this dissertation, we present the Black Networks solution to protect both the data and the metadata for mobile ad-hoc Internet of Things (IoT) networks in Smart Cities. IoT networks are gaining popularity with billions of deployed nodes, and increasingly carrying mission-critical data, whose compromise can lead to catastrophic consequences. IoT nodes are resource-constrained and often exist within insecure environments, making them vulnerable to a broad range of active and passive attacks. Black IoT networks are designed to mitigate multiple communication-based attacks by encrypting the data and the metadata, within a communication frame or packet, while remaining compatible with the existing IoT protocol.

A network of IoT nodes communicating using Black packets is called a Black Network. We transform IoT communications protocol packets into Black packets. This mechanism secures (encrypts using an authenticating cipher like Grain-128a or AES in the EAX mode) the metadata for an IoT communications protocol, in fixed-length packets (maximum allowed packet size by the protocol in use), while remaining compatible with the existing IoT protocol in use. We demonstrate Black packet design for IEEE 802.15.4, ZigBee, 6LoWPAN, Bluetooth Low Energy (BLE) and IPv6 (broadband, non-IoT communications).

We extend Black IoT packets to simple nodal communications (point to point). Simple Black network communications are inefficient, and either don't reach their destination (IoT nodes sleep a majority of the time to save power) or have high communications overhead, rendering them impractical for deployment. We present a practical, gateway-based, star network topology, towards a Black network solution to overcome the inefficient broadcast and flooding IoT communications. We simulate simple Black communications for Flooding, Broadcast and Black Gateway and demonstrate the practicality and efficiency of Black gateway communications, compared to Shortest Path routing.

We evolve the Black IoT communication mechanisms to mesh networks which require routing. Securing the metadata (encrypted headers) creates significant challenges in routing Black packets, using traditional routing mechanisms. We present Black SDN, a Software Defined Networking (SDN) architecture for a secure Internet of Things (IoT) networking and communications. SDN architectures were developed to provide improved routing and networking performance for broadband networks by separating the control plane from the data plane. This basic SDN concept is applicable to broadband networks. However, the common SDN implementations designed for wired networks are not directly amenable to the distributed, ad hoc, low-power, mesh networks commonly found in IoT systems. SDN promises to improve the overall lifespan and performance of IoT networks. However, the SDN architecture changes the IoT network's communication patterns, allowing new types of attacks, and necessitating a new approach to securing the IoT network. Black SDN is a novel SDN-based secure networking architecture that secures both the metadata and the payload within each layer of an IoT communication packet while utilizing the SDN centralized controller as a trusted third party for secure routing, key management and optimized system performance management. We demonstrate the feasibility of Black SDN in IoT networks where nodes are asleep most of their lives, and specifically examine a Black SDN IoT network based upon the IEEE 802.15.4 LR WPAN (Low Rate - Wireless Personal Area Network) protocol, through simulations.

We extend the Black SDNs to route Black packets in a mesh network, called Black routing. This novel approach uses an SDN-based architecture for routing fixed-length, metadata-secured, Black packets from source to destination, using a ciphertext-based forwarding algorithm. Both data and control Black packets hide all information on communicating parties and communication type. Fixed length packets prevent the packet-length based attacks (and prevent inference of the type of communications). Black routing configurations are extensively simulated to prove feasibility and measure the efficiency compared to traditional Shortest Path routing.

Completely secured metadata is insufficient to hide the communicating parties from sustained traffic analysis, when nodal transmission and receptions are observed. We present Node Obscuring, using tokens and a subway-model, where empty tokens traverse the network, on fixed routes, and pick up and drop off data between source and destination. Since the tokens originate at a node different from the source, and continue to traverse the network after passing thru the destination node, an external observer is unable to determine the source and the destination. This is akin to a subway picking up and dropping off passengers (data) between two stations (source and destination), while the subway (token) originates and terminates at fixed locations. We present Black routing and node obscuring algorithms, for various configurations as a part of our research. Our simulations reveal that Black routing and Node Obscuring are feasible, and can provide for much higher levels of confidentiality and privacy, resistance to a range of attacks, with a cost trade-off in overhead traffic, travel and wait times with an increase in the number of nodes.

We conclude this dissertation by applying Black networks to the Smart Cities domain, enabling secure smart cities. Smart Cities have IoT-enabled critical infrastructure (such as energy, transportation and environmental monitoring), that have already been subject to cyber attacks. Our dissertation proposes a secure IoT framework for Smart Cities that includes Black Networks, SDN Control, Key Management and Unified Registry. We further improve availability and privacy of Secure Smart City services by offering key management and mobile node authentication using distributed ledger technologies.

Degree Date

Fall 12-14-2018

Document Type

Dissertation

Degree Name

Ph.D.

Department

Computer Science and Engineering

Advisor

Daniel W. Engels

Second Advisor

Sukumaran V.S. Nair

Subject Area

Computer Science

Notes

Key Words: Internet of Things, Security, Smart Cities, Black Networks, Black Routing

Number of Pages

192

Format

.pdf

Creative Commons License

Creative Commons Attribution-Noncommercial 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License

Download

Share

COinS