In Search of a Scalable Distributed Security Framework for Future IoT Networks
Lead Research Organisation:
University of Oxford
Department Name: Engineering Science
Abstract
The growing number of people and devices in our world has created a need for automation and self-management of the "systems" by which we live. This includes personal systems (e.g. electronic medical records, finances, smart homes), supply and delivery systems (e.g. Amazon, emergency response, National Grid), the data collection systems (e.g. voting, animal population tracking, sensor networks), and so on. The Internet of Things (IoT) is the use of interconnected devices to automate the information collection, processing and response in each of these systems.
Traditional systems tend to have a central authoritative "hub" which regulates exchanges between the other nodes in order to ensure quality of service and security, but the speed and accuracy of the hub limits the scalability of the network. Secondly, the hub forms a single point-of-failure, which makes the network more vulnerable to malicious attacks. In contrast, a distributed system allows nodes in a network to directly communicate with each other and lacks a single point-of-failure. However, in the absence of a central hub, distributed networks require decentralised security protocols to facilitate the exchange of correct data.
In this project, we aim to investigate distributed security frameworks such that we may determine how best to provide reliability to large-scale distributed IoT networks. Existing literature on this topic presents various approaches to adapting traditional security protocols for use in distributed networks. However, the majority of these approaches continue to rely on some minimum level of centralisation and thus there still remains a question of how to provide security in a fully decentralised approach.
One idea in literature is to adapt blockchain (BC) for use in resource-restricted IoT networks, as BC is a fully decentralised security framework. Most novel approaches assume the existence of at least one trustworthy entity in the network that can aid in BC processing, data storage or rooting as these are tasks which place a large computational burden on IoT devices. However, this goes against the distributed nature of BC and reintroduces a singular point-of-failure in the system. In response, we proposed a novel fully lightweight approach in which a cluster of nodes could divide the BC storage responsibility randomly between themselves but such that each data point is still stored at multiple nodes across the network, thus retaining the distributed nature of BC. This gave promising results but posed further questions regarding what to do when the nodes are not intrinsically trustworthy, for which we turn to trust inference. A node X's trust in another node Y represents the probability that the next time X communicates with Y, Y will behave as X expects it to.
Our approach to finding a truly distributed and reliable security framework begins by investigating generalised distributed networks such that we can identify the behavioural patterns using statistical analysis. This includes the intermittency of IoT device connections, rate and nature of communications as well as other error factors such as the communication channel. This allows us to accurately model not only the behaviour of distributed IoT networks but also to make more accurate predictions about how malicious nodes would behave in the network. By creating mathematical models out of these behaviours, we aim to design a distributed security protocol that suitably takes these behaviours into account and responds by utilising and adapting distributed network tools such as BC and trust inference.
This work is being completed with funding from Toshiba Research Europe Ltd. and the EPSRC. The project falls within the EPSRC 'ICT Networks & Distributed Systems' research area under the Engineering category.
Traditional systems tend to have a central authoritative "hub" which regulates exchanges between the other nodes in order to ensure quality of service and security, but the speed and accuracy of the hub limits the scalability of the network. Secondly, the hub forms a single point-of-failure, which makes the network more vulnerable to malicious attacks. In contrast, a distributed system allows nodes in a network to directly communicate with each other and lacks a single point-of-failure. However, in the absence of a central hub, distributed networks require decentralised security protocols to facilitate the exchange of correct data.
In this project, we aim to investigate distributed security frameworks such that we may determine how best to provide reliability to large-scale distributed IoT networks. Existing literature on this topic presents various approaches to adapting traditional security protocols for use in distributed networks. However, the majority of these approaches continue to rely on some minimum level of centralisation and thus there still remains a question of how to provide security in a fully decentralised approach.
One idea in literature is to adapt blockchain (BC) for use in resource-restricted IoT networks, as BC is a fully decentralised security framework. Most novel approaches assume the existence of at least one trustworthy entity in the network that can aid in BC processing, data storage or rooting as these are tasks which place a large computational burden on IoT devices. However, this goes against the distributed nature of BC and reintroduces a singular point-of-failure in the system. In response, we proposed a novel fully lightweight approach in which a cluster of nodes could divide the BC storage responsibility randomly between themselves but such that each data point is still stored at multiple nodes across the network, thus retaining the distributed nature of BC. This gave promising results but posed further questions regarding what to do when the nodes are not intrinsically trustworthy, for which we turn to trust inference. A node X's trust in another node Y represents the probability that the next time X communicates with Y, Y will behave as X expects it to.
Our approach to finding a truly distributed and reliable security framework begins by investigating generalised distributed networks such that we can identify the behavioural patterns using statistical analysis. This includes the intermittency of IoT device connections, rate and nature of communications as well as other error factors such as the communication channel. This allows us to accurately model not only the behaviour of distributed IoT networks but also to make more accurate predictions about how malicious nodes would behave in the network. By creating mathematical models out of these behaviours, we aim to design a distributed security protocol that suitably takes these behaviours into account and responds by utilising and adapting distributed network tools such as BC and trust inference.
This work is being completed with funding from Toshiba Research Europe Ltd. and the EPSRC. The project falls within the EPSRC 'ICT Networks & Distributed Systems' research area under the Engineering category.
People |
ORCID iD |
| Justin Coon (Primary Supervisor) | |
| Tanmayee Deshprabhu (Student) |