End-to-End IoT Security: Authentication, Vulnerability Exploration and Data Analysis

Publication Type:
Issue Date:
Full metadata record
Wireless 6LoWPAN networks consist of resource-starved, small sensor nodes. Secure sensors’ communication is necessary to avoid threats such as a replay attack and a Man-in-the-Middle (MITM) attack. This research has three major parts. The first part of the research focuses on developing a lightweight authentication algorithm and key management of sensors within the 6LoWPAN network. Before transmitting sensible information, sensors must prove that they are the legal transmitting entity to the Edge Router. The second part of the research exploits the vulnerability of CoAP (Constrained Application Protocol) on the application layer of the 6LoWPAN protocol. We also investigate how 6LoWPAN with CoAP protocol withstands the off-path pin code injection threat while the 6LoWPAN sensor communicates with the legacy Internet. The Third part of the research deals with intelligent intrusion detection techniques using deep learning and clustering algorithms. The first part, Lightweight Authentication Protocol (LAUP), uses the symmetric key method with no pre-shared keys. It comprises four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight of LAUP uses freshly derived keys from existing information such as PAN ID (Personal Area Network Identification) and device identities. The second part involves the CoAP protocol that resides in an application layer protocol of the 6LoWPAN protocol stack. The widely available CoAP implementations failed to validate the remote CoAP clients. We exploit the combination of IP Spoofing vulnerability and cross-protocol vulnerability of CoAP along with the remote server access support to launch the off-path attack. The off-path attack is considered a weak attack on a constrained network, and it receives less attention from the research community. However, the consequences resulting from such an attack cannot be ignored in practice. In the third part, we propose a two-fold network traffic analysis method for anomaly detection with Optimized Deep Clustering (ODC), which involves an optimized deep autoencoder and BIRCH clustering algorithm. We observed that our ODC deep clustering algorithm outperforms the existing deep clustering methods for anomaly detection. As a result of this research, we achieve an end-to-end secure communication of sensors within the 6LoWPAN constrained network and when the 6LoWPAN network devices interact with the legacy Internet. This research is a concrete contribution to the IoT Cyber Security community. Also, we ensure the secure communication of IoT by investigating the network traffic dataset despite any malfunction caused by an intruder.
Please use this identifier to cite or link to this item: