Data Mining Practical Machine Learning Tools and Techniques

A survey on trust management for Internet of Things

In the last few years, many smart objects found in the physical world are interconnected and communicate through the existing internet infrastructure which creates a global network infrastructure called the Internet of Things (IoT). Research has shown a substantial development of solutions for a wide range of devices and IoT platforms over the past 6-7 years. However, each solution provides its own IoT infrastructure, devices, APIs, and data formats leading to interoperability issues. Such interoperability issues are the consequence of many critical issues such as vendor lock-in, impossibility to develop IoT application exposing cross-platform, and/or cross-domain, difficulty in plugging non-interoperable IoT devices into different IoT platforms, and ultimately prevents the emergence of IoT technology at a large-scale. To enable seamless resource sharing between different IoT vendors, efforts by several academia, industry, and standardization bodies have emerged to help IoT interoperability, i.e., the ability for multiple IoT platforms from different vendors to work together. This paper performs a comprehensive survey on the state-of-the-art solutions for facilitating interoperability between different IoT platforms. Also, the key challenges in this topic is presented.

/pdf/interoperability-in-internet-of-things-taxonomies-and-open-3ve4smuwsl.pdf

Interoperability in Internet of Things: Taxonomies and Open Challenges

The increased penetration of Distributed Energy Resources (DER) is challenging the entire architecture of conventional electrical power system. Microgrid paradigm, featuring higher flexibility and reliability, becomes an attractive candidate for the future power grid. In this paper, an overview of microgrid configurations is given. Then, possible structure options and control methods of DER units are presented, which is followed by the descriptions of system controls and power management strategies for AC microgrids. Finally, future trends of microgrids are discussed pointing out how this concept can be a key to achieve a more intelligent and flexible power system.

A Review of Power Electronics Based Microgrids

Packet parsing is necessary at all points in the modern networking infrastructure, to support packet classification and security functions, as well as for protocol implementation. Increasingly high line rates call for advanced hardware packet processing solutions, while increasing rates of change call for high-level programmability of these solutions. This paper presents an approach for harnessing modern Field Programmable Gate Array (FPGA) devices, which are a natural technology for implementing the necessary high-speed programmable packet processing. The paper introduces PP: a simple high-level language for describing packet parsing algorithms in an implementation-independent manner. It demonstrates that this language can be compiled to give high-speed FPGA-based packet parsers that can be integrated alongside other packet processing components to build network nodes. Compilation involves generating virtual processing architectures tailored to specific packet parsing requirements. Scalability of these architectures allows parsing at line rates from 1 to 400 Gb/s as required in different network contexts. Run-time programmability of these architectures allows dynamic updating of parsing algorithms during operation in the field. Implementation results show that programmable packet parsing of 600 million small packets per second can be supported on a single Xilinx Virtex-7 FPGA device handling a 400 Gb/s line rate.

http://cial.csie.ncku.edu.tw/st2011/pdf/400%20Gbs%20Programmable%20Packet%20Parsing%20on%20a%20Single%20FPGA.pdf

400 Gb/s Programmable Packet Parsing on a Single FPGA

The internet of things (IoT) is emerging as a popular future internet paradigm, in which physical entities and cyber entities are connected to form a network of networks. It is expected to enable mass participation of 'things' on mission critical services such as energy, mobility, healthcare, to name a few. Therefore, it is a matter of time for the IoT network to grow to billions of connected nodes. This leads to a variety of new, as well as existent, potential security risks whose severity depends on the environment in which the internet of things is deployed. This paper categorises the major components in the IoT domain and provides a classification of security requirements and security threats applicable to each component. It also discusses open security problems and provides directions for future research in order to address scalability and efficiency concerns, while allowing seamless introduction of new applications in this domain.

Security challenges in the internet of things

Security issues in computer networks have focused on attacks on end systems and the control plane. An entirely new class of emerging network attacks aims at the data plane of the network. Data plane forwarding in network routers has traditionally been implemented with custom-logic hardware, but recent router designs increasingly use software-programmable network processors for packet forwarding. These general-purpose processing devices exhibit software vulnerabilities and are susceptible to attacks. We demonstrate-to our knowledge the first-practical attack that exploits a vulnerability in packet processing software to launch a devastating denial-of-service attack from within the network infrastructure. This attack uses only a single attack packet to consume the full link bandwidth of the router's outgoing link. We also present a hardware-based defense mechanism that can detect situations where malicious packets try to change the operation of the network processor. Using a hardware monitor, our NetFPGA-based prototype system checks every instruction executed by the network processor and can detect deviations from correct processing within four clock cycles. A recovery system can restore the network processor to a safe state within six cycles. This high-speed detection and recovery system can ensure that network processors can be protected effectively and efficiently from this new class of attacks.

/pdf/attacks-and-defenses-in-the-data-plane-of-networks-3m1vx2kfri.pdf

Attacks and Defenses in the Data Plane of Networks

We present the first practical example of an entirely new class of network attacks -- attacks that target the network infrastructure. Modern routers in computer networks use general-purpose programmable packet processors. The software used for packet processing on these systems is potentially vulnerable to remote exploits. In this paper, we demonstrate a specific attack that can launch a devastating denial-of-service attack by sending just a single packet. We show that vulnerable packet processing code can be exploited on a Click modular router as well as on a custom packet processor on the NetFPGA platform. We also show that defense techniques based on processor monitoring that we have proposed in prior work can help in detecting and avoiding such attacks.

/pdf/attacks-on-network-infrastructure-2rf62e52pv.pdf

Attacks on Network Infrastructure

Programmability in the data path of routers provides the basis for modern router implementations that can adapt to new functional requirements. This programmability is typically achieved through software-programmable packet processing systems. One key concern with the proliferation of these programmable devices throughout the Internet is the potential impact of software vulnerabilities that can be exploited remotely. We present a design and proof-of-concept implementation of a packet processing system that uses two security techniques to defend against potential attacks: a processing monitor is used to track operations on each processor core to detect attacks at the processing instruction level; an I/O monitor is used to track operations of the router to detect attacks at the protocol level. Our prototype implementation on the NetFPGA system shows that these monitors can be implemented to operate at high data rates and with little additional hardware resources.

/pdf/design-of-a-secure-packet-processor-1t7g1ak7sp.pdf

Design of a secure packet processor

In this paper, we present some initial results about vulnerability of control systems that can be used in Internet of Things (IoT) applications. Up to our best knowledge, this paper is the first study about vulnerability of applied control systems in general, and especially in the IoT environment. The purpose of this paper is to examine fundamentals of linear control systems and consider vulnerability of its main features and concepts used in IoT applications under potential malicious attacks. We examine vulnerabilities of system stability, controllability, observability, design of feedback loops, and design and placement of sensors and controllers (actuators). The detailed study is limited to the most important vulnerability issues in time-invariant, unconstrained, deterministic, and linear physical systems. Several interesting and motivating examples are provided. We have outlined also some basic vulnerability studies for time-invariant nonlinear unconstrained systems, and indicate that such a study is particularly needed for distributed parameter systems that are very prone to outside physical and cyber-attacks.

Danai Chasaki

Papers

Security challenges in the internet of things

Attacks and Defenses in the Data Plane of Networks

Attacks on Network Infrastructure

Design of a secure packet processor

Vulnerabilities of Control Systems in Internet of Things Applications