Discovery of and Access to Resources between Entities within IoT Systems
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
The rapid increase in the use of connected devices (e.g., wearables, smart locks) and cloud applications (e.g., collaboration platforms, big data tools) established trends for a fully programmed and distance manageable lifestyle and shifted the character of the society to be open and network-oriented. The proliferation on connectivity combined with the increase in cyber-crime and the terrorism expansion in cyber space have created an urgent need to rapidly advance our security countermeasures and re-think of traditional approaches.
Recognising this need, this DPhil thesis is going to explore and propose the deployment of security infrastructures in connected environments, many times referred to as the Internet of Things. In particular, the objective is to develop secure and resilient to attacks protocols that enable effective discovery and access to resources between entities within IoT systems. Entities include devices (such as sensors, actuators, embedded systems), but also include software-only virtual entities (such as virtual service instances in a cloud or fog computing context).
This research comes under the EPSRC theme of Cyber Security
Recognising this need, this DPhil thesis is going to explore and propose the deployment of security infrastructures in connected environments, many times referred to as the Internet of Things. In particular, the objective is to develop secure and resilient to attacks protocols that enable effective discovery and access to resources between entities within IoT systems. Entities include devices (such as sensors, actuators, embedded systems), but also include software-only virtual entities (such as virtual service instances in a cloud or fog computing context).
This research comes under the EPSRC theme of Cyber Security
Planned Impact
It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
Organisations
People |
ORCID iD |
| Kasper Rasmussen (Primary Supervisor) | |
| Angeliki Aktypi (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/P00881X/1 | 01/10/2016 | 31/03/2023 | |||
| 1775543 | Studentship | EP/P00881X/1 | 01/10/2016 | 30/09/2020 | Angeliki Aktypi |
| Description | Up to date, we have researched the information leakage that can occur by the use of different IoT devices. In particular, we examined the potential exposure of users' identity that is caused by information that they share online and personal data that are stored by their fitness-trackers. We have published a research paper with our finding in the International Workshop on Multimedia Privacy and Security that was organised in conjunction with the 24th ACM Conference on Computer and Communication Security (CCS 2017). Also, we have investigated how we can allow for secure and efficient cooperation among the many different IoT devices that belong to the same ownership domain. Providing device collaboration based on a P2P mechanism can limit user involvement, single points of failure and spatial constraints, weaknesses that restrict the effectiveness of already proposed device control architectures. Two of the fundamental security issues on which we focused were the identification of the different devices that exist in the network and the authentication of the messages that are exchanged among them. Our research paper on this project is going to be published in CODASPY'20. |
| Exploitation Route | Broadening our scope we want to allow for a secure discovery of distinct services provided by a large number of various devices belonging to different ownership domains. We aim to design a middleware that will abstract developers from the complexity of the underlying global security infrastructure while providing them with open interfaces for secure P2P application development. Developers will be able to build their applications by adopting different security mechanisms from the ones provided that will enable them to reach the level of security that satisfies their goal. Users will be able to use applications that are based on devices they exist in the network which may fall within their own or others possession. |
| Sectors | Aerospace, Defence and Marine,Agriculture, Food and Drink,Communities and Social Services/Policy,Creative Economy,Digital/Communication/Information Technologies (including Software),Education,Electronics,Energy,Environment,Healthcare,Leisure Activities, including Sports, Recreation and Tourism,Manufacturing, including Industrial Biotechology,Culture, Heritage, Museums and Collections,Security and Diplomacy,Transport |