Advisory Committee Chair
Ragib Hasan
Advisory Committee Members
Alan Sprague
Allen Johnston
Anthony Skjellum
Purushotham Bangalore
Document Type
Dissertation
Date of Award
2018
Degree Name by School
Doctor of Philosophy (PhD) College of Arts and Sciences
Abstract
The increased deployment of Internet of Things (IoT) based systems make smart devices target for malicious attacks. These devices can also be used as tools for committing crimes, such as cyber espionage and user-targeted attacks. However, IoT devices cannot adopt the conventional security protocols as is to defend against malicious activities. The existing security schemes are primarily designed for resource-rich computing devices, such as personal computers, laptops, and smartphones, while IoT devices are resource-constrained and operate in low power and lossy networks. Additionally, traditional digital forensics tools and techniques are not suitable to investigate cybercrime in IoT. These tools and techniques are not intended to handle the mobile and distributed IoT infrastructure, which generates a massive amount of data every day. In this dissertation, we explore resource efficient techniques for ensuring security, privacy, and trustworthiness of IoT computations and communications. We propose IoTCurator – a holistic security framework for low-powered IoT devices and lossy networks. IoTCurator provides lightweight cryptographic schemes for authentication, access control, network attack mitigation, and forensic investigation. IoTCurator presents a secure network admission scheme that authenticates an IoT device by verifying the integrity of its hardware and software before giving it access to network resources. IoTCurator provides a peer-to-peer authentication scheme that ensures privacy-preserving identity use. IoTCurator presents a delegation-based access control model that unburdens resource-limited devices from communication and computation overheads involved in making authorization decisions. IoTCurator proposes modifications in the packet fragmentation mechanism to mitigate fragmentation attacks in lossy networks. IoTCurator enables forensic investigation in the IoT environment by providing methods for collecting evidence from the IoT infrastructure, maintaining secure provenance of evidence, and obtaining evidence relevant to an incident. We implement prototypes of the proposed security schemes included in IoTCurator using IoT devices powered by Contiki operating system. We evaluate the performance of these schemes regarding computation costs, communication overheads, energy consumption, and memory requirements. The evaluation results show that the proposed schemes are resource efficient compared to the conventional security methods. We also perform a security analysis of each of our proposed schemes to demonstrate that IoTCurator is secure against strong adversarial scenarios.
Recommended Citation
Hossain, Md Mahmud, "Towards A Holistic Framework For Secure, Privacy-Aware, And Trustworthy Internet Of Things Using Resource-Efficient Cryptographic Schemes" (2018). All ETDs from UAB. 1968.
https://digitalcommons.library.uab.edu/etd-collection/1968