The Internet of Things (IoT) is an innovative paradigm involving both industries and humans' every-day life. With the wide adoption of IoT, security becomes a crucial aspect due to the high level of heterogeneity of the involved devices and the managed information's sensitivity. With multiple and varying devices and entities involved, the system needs to be trustless as the participants involved do not need to know or trust each other or a third party for the system to function. Blockchain is a cryptographically, secure distributed data structure shared across a p2p network peers, where trust among peers is built to achieve consensus between peers. By relocating the trust agency to the cryptographically verifiable system, the need to trust any single entity in the system is removed. The thesis addresses the challenges related to access control, data acquisition, storage and dissemination, and security patching among various IoT challenges. We address these challenges in a trustless manner for IoT systems. The thesis is organized into three sections. In the first section, we focus on protecting the IoT devices against unauthorized access and information leakage. A distributed access control mechanism is required to protect the devices. The capability of the devices should also be considered while designing the protocol. In the second section, we address the challenges related to protecting the entire data supply chain from sensing to storage and visualization. We need a trustless mechanism to protect a system against misbehavior. There are several trustiness issues in any IoT framework. During the data generation, contributors cannot necessarily be trusted. Data can either be unreliable or can voluntarily be forged. Then there is a single point of trust at the data storage level where the data is collected in the cloud, and again the hosting entity is in charge of secure storage. The same thing is valid for data retrieval and visualization. Also, there is no way for consumers to audit data in the centralized approach and, thus, to be sure that everybody is behaving correctly. In the final section, we focus on the challenges faced to protect an IoT device over an extended period. A distributed, secure, and trustless patching mechanism is required to secure the IoT devices. The thesis presents the design and implementation of security primitives tailored to IoT application domains focusing on extending trustlessness to access control, data acquisition, storage, visualization, and security patching. The proposed solution's effectiveness is evaluated qualitatively and quantitatively evaluated employing a set of prototypes, case studies, modeling, and real measurements.
Toward trustless internet of things: a blockchain-based approach
Tapas, Nachiket
2021-01-28
Abstract
The Internet of Things (IoT) is an innovative paradigm involving both industries and humans' every-day life. With the wide adoption of IoT, security becomes a crucial aspect due to the high level of heterogeneity of the involved devices and the managed information's sensitivity. With multiple and varying devices and entities involved, the system needs to be trustless as the participants involved do not need to know or trust each other or a third party for the system to function. Blockchain is a cryptographically, secure distributed data structure shared across a p2p network peers, where trust among peers is built to achieve consensus between peers. By relocating the trust agency to the cryptographically verifiable system, the need to trust any single entity in the system is removed. The thesis addresses the challenges related to access control, data acquisition, storage and dissemination, and security patching among various IoT challenges. We address these challenges in a trustless manner for IoT systems. The thesis is organized into three sections. In the first section, we focus on protecting the IoT devices against unauthorized access and information leakage. A distributed access control mechanism is required to protect the devices. The capability of the devices should also be considered while designing the protocol. In the second section, we address the challenges related to protecting the entire data supply chain from sensing to storage and visualization. We need a trustless mechanism to protect a system against misbehavior. There are several trustiness issues in any IoT framework. During the data generation, contributors cannot necessarily be trusted. Data can either be unreliable or can voluntarily be forged. Then there is a single point of trust at the data storage level where the data is collected in the cloud, and again the hosting entity is in charge of secure storage. The same thing is valid for data retrieval and visualization. Also, there is no way for consumers to audit data in the centralized approach and, thus, to be sure that everybody is behaving correctly. In the final section, we focus on the challenges faced to protect an IoT device over an extended period. A distributed, secure, and trustless patching mechanism is required to secure the IoT devices. The thesis presents the design and implementation of security primitives tailored to IoT application domains focusing on extending trustlessness to access control, data acquisition, storage, visualization, and security patching. The proposed solution's effectiveness is evaluated qualitatively and quantitatively evaluated employing a set of prototypes, case studies, modeling, and real measurements.| File | Dimensione | Formato | |
|---|---|---|---|
|
PhD_Thesis_Tapas.pdf
accesso aperto
Tipologia:
Tesi di dottorato
Licenza:
Creative commons
Dimensione
11 MB
Formato
Adobe PDF
|
11 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
