The term ‘‘Internet-of-Things’’ is used as an umbrella keyword for covering various aspects related to the extension of the Internet and the Web into the physical realm, by means of the widespread deployment of spatially distributed devices with embedded identification, sensing and/or actuation capabilities. Internet-of-Things envisions a future in which digital and physical entities can be linked, by means of appropriate information and communication technologies, to enable a whole new class of applications and services. In this article, we present a survey of technologies, applications and research challenges for Internetof-Things.

/pdf/internet-of-things-vision-applications-and-research-4xfstaiv80.pdf

Internet of things: Vision, applications and research challenges

We design a novel, communication-efficient, failure-robust protocol for secure aggregation of high-dimensional data. Our protocol allows a server to compute the sum of large, user-held data vectors from mobile devices in a secure manner (i.e. without learning each user's individual contribution), and can be used, for example, in a federated learning setting, to aggregate user-provided model updates for a deep neural network. We prove the security of our protocol in the honest-but-curious and active adversary settings, and show that security is maintained even if an arbitrarily chosen subset of users drop out at any time. We evaluate the efficiency of our protocol and show, by complexity analysis and a concrete implementation, that its runtime and communication overhead remain low even on large data sets and client pools. For 16-bit input values, our protocol offers $1.73 x communication expansion for 210 users and 220-dimensional vectors, and 1.98 x expansion for 214 users and 224-dimensional vectors over sending data in the clear.

https://dl.acm.org/doi/pdf/10.1145/3133956.3133982

Practical Secure Aggregation for Privacy-Preserving Machine Learning

Federated learning (FL) is a machine learning setting where many clients (e.g. mobile devices or whole organizations) collaboratively train a model under the orchestration of a central server (e.g. service provider), while keeping the training data decentralized. FL embodies the principles of focused data collection and minimization, and can mitigate many of the systemic privacy risks and costs resulting from traditional, centralized machine learning and data science approaches. Motivated by the explosive growth in FL research, this paper discusses recent advances and presents an extensive collection of open problems and challenges.

Advances and Open Problems in Federated Learning

Internet of Things (IoT) is playing a more and more important role after its showing up, it covers from traditional equipment to general household objects such as WSNs and RFID. With the great potential of IoT, there come all kinds of challenges. This paper focuses on the security problems among all other challenges. As IoT is built on the basis of the Internet, security problems of the Internet will also show up in IoT. And as IoT contains three layers: perception layer, transportation layer and application layer, this paper will analyze the security problems of each layer separately and try to find new problems and solutions. This paper also analyzes the cross-layer heterogeneous integration issues and security issues in detail and discusses the security issues of IoT as a whole and tries to find solutions to them. In the end, this paper compares security issues between IoT and traditional network, and discusses opening security issues of IoT.

https://csi.dgist.ac.kr/uploads/Seminar/1407_IoT_SSH.pdf

Security of the Internet of Things: perspectives and challenges

A seamless solution transparently addresses the characteristics of nomadic systems, and enables existing network applications to run reliably in mobile environments. The solution extends the enterprise network, letting network managers provide mobile users with easy access to the same applications as stationary users without sacrificing reliability or centralized management. The solution combines advantages of existing wire-line network standards with emerging mobile standards to create a solution that works with existing network applications. A Mobility Management Server coupled to the mobile network maintains the state of each of any number of Mobile End Systems and handles the complex session management required to maintain persistent connections to the network and to other peer processes. If a Mobile End System becomes unreachable, suspends, or changes network address (e.g., due to roaming from one network interconnect to another), the Mobility Management Server maintains the connection to the associated peer task—allowing the Mobile End System to maintain a continuous connection even though it may temporarily lose contact with its network medium. In one example, Mobility Management Server communicates with Mobile End Systems using Remote Procedure Call and Internet Mobility Protocols.

Method and apparatus for providing mobile and other intermittent connectivity in a computing environment

We analyzed the RATP App, both Android and iOS versions, using our instrumented versions of these mobile OSs. Our analysis reveals that both versions of this App leak private data to third-party servers, which is in total contradiction to the In-App privacy policy. The iOS version of this App doesn’t even respect Apple guidelines on cross-App user tracking for advertising purposes and employs various other cross-App tracking mechanisms that are not supposed to be used by Apps. Even if this work is illustrated with a single App, we describe an approach that is generic and can be used to detect privacy leaks from other Apps. In addition, our findings are representative of a trend in Advertising and Analytics (A&A) libraries that try to collect as much information as possible regarding the smartphone and its user to have a better profile of the user’s interests and behaviors. In fact, in case of iOS, these libraries even generate their own persistent identifiers and share it with other Apps through covert channels to better track the user, and this happens even if the user has opted-out of device tracking for advertising purposes. Above all, this happens without the user knowledge, and sometimes even without the App developer’s knowledge who might have naively included these libraries during the App development. Therefore this article raises many questions concerning both the bad practices employed in the world of smartphones and the limitations of the privacy control features proposed by Android/iOS Mobile OSs.

/pdf/detecting-privacy-leaks-in-the-ratp-app-how-we-proceeded-and-2pm4vc82hp.pdf

Detecting privacy leaks in the RATP App: how we proceeded and what we found

Much of today's distributed computing takes place in a client /server model. Despite advances in fault tolerance - in particular, replication and load distribution -- server overload remains to be a major problem. In the Web context, one of the main overload factors is the direct consequence of expensive Public Key operations performed by servers as part of each SSL handshake. Since most SSL-enabled servers use RSA, the burden of performing many costly decryption operations can be very detrimental to server performance. This paper examines a promising technique for re-balancing RSA-based client/server handshakes. This technique facilitates more favorable load distribution by requiring clients to perform more work (as part of encryption) and servers to perform commensurately less work, thus resulting in better SSL throughput. Proposed techniques are based on careful adaptation of variants of Server-Aided RSA originally constructed by Matsumoto, et al. [1]. Experimental results demonstrate that suggested methods (termed Client-Aided RSA) can speed up processing of RSA private key operations by a factor of between 11 to 19, depending on the RSA key size. This represents a considerable improvement. Furthermore, proposed techniques can be a useful companion tool for SSL Client Puzzles in defense against DoS and DDoS attacks.

/pdf/improving-secure-server-performance-by-re-balancing-ssl-tls-1qonihs8ru.pdf

Improving Secure Server Performance by Re-balancing SSL/TLS Handshakes.

IEEE 802.11 is the most deployed wireless local area networking standard nowadays. It uses carrier sense multiple access with collision avoldance (CSMA/CA) to, resolve contention between nodes. Contention windows (CW) change dynamically to adapt to the contention level: Upon each collision a node doubles itsCW to, reduce further collision risks. Upon a successful transmission theCW is reset, assuming the contention level dropped. However, contention level is more likely to change slowly, and resetting theCW causes new collisions and retransmissions before reaching the optimal value again. This wastes bandwidth and increases delays. In this paper we propose simple slowCW decrease functions and compare their performances to the legacy standard. We analyze them through simulation and show their considerable enhancement at all congestion levels and transient phases.

EnhancingIEEE 802.11 performance in congested environments

This paper presents and evaluates Hash-Based DSR, an extension of the DSR protocol. This protocol reduces the per-packet control overhead of DSR by compressing the source-route with a Bloom filter. Simulations on large networks show that HB-DSR increases the network capacity by a factor of up to 15. HB-DSR is an attractive alternative to DSR for large ad-hoc networks. Another important property of HB-DSR is that, as opposed to DSR, its performan- ce is similar for IPv4 and IPv6. While IPv6 large addresses is a show-stopper for DSR, we show by simulations that HB-DSR performs as well for both IP versions. This is important contribution considering the growing interest of the wireless network community for IPv6.

https://hal.inria.fr/inria-00071802/document

Hash-Based Dynamic Source Routing (HB-DSR)

In today’s digital society, increasing amounts of contextually rich spatio-temporal information are collected and used, e.g., for knowledge-based decision making, research purposes, optimizing operational phases of city management, planning infrastructure networks, or developing timetables for public transportation with an increasingly autonomous vehicle fleet. At the same time, however, publishing or sharing spatio-temporal data, even in aggregated form, is not always viable owing to the danger of violating individuals’ privacy, along with the related legal and ethical repercussions. In this chapter, we review some fundamental approaches for anonymizing and releasing spatio-temporal density, i.e., the number of individuals visiting a given set of locations as a function of time. These approaches follow different privacy models providing different privacy guarantees as well as accuracy of the released anonymized data. We demonstrate some sanitization (anonymization) techniques with provable privacy guarantees by releasing the spatio-temporal density of Paris, in France. We conclude that, in order to achieve meaningful accuracy, the sanitization process has to be carefully customized to the application and public characteristics of the spatio-temporal data.

/pdf/privacy-preserving-release-of-spatio-temporal-density-2ak9x55udg.pdf

Claude Castelluccia

Papers

Detecting privacy leaks in the RATP App: how we proceeded and what we found

Improving Secure Server Performance by Re-balancing SSL/TLS Handshakes.

EnhancingIEEE 802.11 performance in congested environments

Hash-Based Dynamic Source Routing (HB-DSR)

Privacy-Preserving Release of Spatio-Temporal Density