Defense Against Integrity and Privacy Attacks in The Internet of Things

Makhdoom, Imran

Defense Against Integrity and Privacy Attacks in The Internet of Things

Makhdoom, Imran

Permalink

Publication Type:: Thesis
Issue Date:: 2020

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download contents and abstractAdobe PDF (288.68 kB)

Adobe PDF

Download thesisAdobe PDF (16.63 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Makhdoom, Imran
dc.date.accessioned	2020-11-10T03:30:42Z
dc.date.available	2020-11-10T03:30:42Z
dc.date.issued	2020
dc.identifier.uri	http://hdl.handle.net/10453/143868
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_AU
dc.description.abstract	The world is resorting to the Internet of Things for ease of control and monitoring of smart devices. The ubiquitous use of the Internet of Things ranges from Industrial Control Systems to e-Health, e-Commerce, smart cities, supply chain management, smart cars, and a lot more. Such reliance on the Internet of Things is resulting in a significant amount of data to be generated, collected, processed, and analyzed. The big data analytics is no doubt beneficial for business development. However, at the same time, numerous threats such as attacks on message and device integrity, the vulnerability of end-devices to malware attacks, physical compromise of devices, and threats to user data security and privacy pose a great danger to the sustenance of Internet of Things. Therefore, it is the need of the hour to develop a security mechanism for the Internet of Things systems to ensure the integrity and privacy of data being processed by these systems. This study thus endeavors to highlight most of the known threats at various layers of the Internet of Things architecture with a focus on the anatomy of some of the significant attacks. The research also construes a detailed attack methodology adopted by some of the most successful malware attacks on the Internet of Things, including Industrial Control Systems and Cyber Physical Systems. The study further infers an attack strategy of a Distributed Denial of Service attack through the Internet of Things botnet followed by requisite security measures. The illustration of attack methodologies is followed by a composite guideline for the development of an Internet of Things security framework based on industry best practices. Sequel to the Internet of Things threat modeling, this research investigates the use of blockchain technology to protect the Internet of Things against data integrity and privacy attacks. Hence, to arrive at intelligible conclusions, a systematic study of the peculiarities of the Internet of Things environment, including its security and performance requirements and progression in blockchain technologies, is carried out. Moreover, this thesis also identifies unique challenges to blockchain’s adoption in the Internet of Things and recommends a possible way forward. Based on a systematic and analytical review of blockchain technology, this study proposes a privacy-preserving and secure data sharing framework for smart cities. The proposed scheme preserves user data privacy by dividing the blockchain network into various channels, where every channel comprises a finite number of authorized organizations and processes a specific type of data such as health, smart car, smart energy, or financial details. Moreover, access to users’ data within a channel is controlled by embedding access control rules in the smart contracts. The devised solution also conforms to some of the essential requirements outlined in the European Union General Data Protection Regulation. Another important contribution of this work is the conception and design of a novel Internet of Things centric consensus protocol with the Internet of Things focused transaction validation rules. The proposed Proof-of-Honesty consensus protocol not only reduces the possibility of Byzantine behavior by block proposers (validator/mining nodes) during the consensus process but is also scalable with low communication complexity. It is believed that the proposed consensus protocol will prove to be a governing factor for the Internet of Things systems considering to adopt blockchain technology. Correspondingly, the main conclusion of this research and evaluation is that a sensibly selected and carefully designed blockchain-based IoT application can provide some assurance to the users concerning the security and privacy of their data. In this context, the focus should be on developing an IoT-centric consensus protocol with an intelligent misbehavior detection mechanism to detect and identify malicious miner/validator nodes. Moreover, validation of IoT devices’ integrity is also an open challenge that requires due attention.	en_AU
dc.format	Thesis (PhD)
dc.language.iso	en_US	en_US
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/143868/2/02whole.pdf
dc.rights	au.edu.uts.lib/ppc
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	info:eu-repo/semantics/openAccess
dc.title	Defense Against Integrity and Privacy Attacks in The Internet of Things	en_AU
dc.type	Thesis
utslib.copyright.status	open_access	*

Abstract:

The world is resorting to the Internet of Things for ease of control and monitoring of smart devices. The ubiquitous use of the Internet of Things ranges from Industrial Control Systems to e-Health, e-Commerce, smart cities, supply chain management, smart cars, and a lot more. Such reliance on the Internet of Things is resulting in a significant amount of data to be generated, collected, processed, and analyzed. The big data analytics is no doubt beneficial for business development. However, at the same time, numerous threats such as attacks on message and device integrity, the vulnerability of end-devices to malware attacks, physical compromise of devices, and threats to user data security and privacy pose a great danger to the sustenance of Internet of Things. Therefore, it is the need of the hour to develop a security mechanism for the Internet of Things systems to ensure the integrity and privacy of data being processed by these systems. This study thus endeavors to highlight most of the known threats at various layers of the Internet of Things architecture with a focus on the anatomy of some of the significant attacks. The research also construes a detailed attack methodology adopted by some of the most successful malware attacks on the Internet of Things, including Industrial Control Systems and Cyber Physical Systems. The study further infers an attack strategy of a Distributed Denial of Service attack through the Internet of Things botnet followed by requisite security measures. The illustration of attack methodologies is followed by a composite guideline for the development of an Internet of Things security framework based on industry best practices. Sequel to the Internet of Things threat modeling, this research investigates the use of blockchain technology to protect the Internet of Things against data integrity and privacy attacks. Hence, to arrive at intelligible conclusions, a systematic study of the peculiarities of the Internet of Things environment, including its security and performance requirements and progression in blockchain technologies, is carried out. Moreover, this thesis also identifies unique challenges to blockchain’s adoption in the Internet of Things and recommends a possible way forward. Based on a systematic and analytical review of blockchain technology, this study proposes a privacy-preserving and secure data sharing framework for smart cities. The proposed scheme preserves user data privacy by dividing the blockchain network into various channels, where every channel comprises a finite number of authorized organizations and processes a specific type of data such as health, smart car, smart energy, or financial details. Moreover, access to users’ data within a channel is controlled by embedding access control rules in the smart contracts. The devised solution also conforms to some of the essential requirements outlined in the European Union General Data Protection Regulation. Another important contribution of this work is the conception and design of a novel Internet of Things centric consensus protocol with the Internet of Things focused transaction validation rules. The proposed Proof-of-Honesty consensus protocol not only reduces the possibility of Byzantine behavior by block proposers (validator/mining nodes) during the consensus process but is also scalable with low communication complexity. It is believed that the proposed consensus protocol will prove to be a governing factor for the Internet of Things systems considering to adopt blockchain technology. Correspondingly, the main conclusion of this research and evaluation is that a sensibly selected and carefully designed blockchain-based IoT application can provide some assurance to the users concerning the security and privacy of their data. In this context, the focus should be on developing an IoT-centric consensus protocol with an intelligent misbehavior detection mechanism to detect and identify malicious miner/validator nodes. Moreover, validation of IoT devices’ integrity is also an open challenge that requires due attention.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/143868