End-to-End IoT Security: Authentication, Vulnerability Exploration and Data Analysis

Arockia Baskaran, Annie Gilda Roselin

End-to-End IoT Security: Authentication, Vulnerability Exploration and Data Analysis

Arockia Baskaran, Annie Gilda Roselin

Permalink

Publication Type:: Thesis
Issue Date:: 2020

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download contents and abstractAdobe PDF (216.83 kB)

Adobe PDF

Download thesisAdobe PDF (4.62 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Arockia Baskaran, Annie Gilda Roselin
dc.date.accessioned	2021-05-07T01:44:58Z
dc.date.available	2021-05-07T01:44:58Z
dc.date.issued	2020
dc.identifier.uri	http://hdl.handle.net/10453/148762
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_US.UTF-8
dc.description.abstract	Wireless 6LoWPAN networks consist of resource-starved, small sensor nodes. Secure sensors’ communication is necessary to avoid threats such as a replay attack and a Man-in-the-Middle (MITM) attack. This research has three major parts. The first part of the research focuses on developing a lightweight authentication algorithm and key management of sensors within the 6LoWPAN network. Before transmitting sensible information, sensors must prove that they are the legal transmitting entity to the Edge Router. The second part of the research exploits the vulnerability of CoAP (Constrained Application Protocol) on the application layer of the 6LoWPAN protocol. We also investigate how 6LoWPAN with CoAP protocol withstands the off-path pin code injection threat while the 6LoWPAN sensor communicates with the legacy Internet. The Third part of the research deals with intelligent intrusion detection techniques using deep learning and clustering algorithms. The first part, Lightweight Authentication Protocol (LAUP), uses the symmetric key method with no pre-shared keys. It comprises four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight of LAUP uses freshly derived keys from existing information such as PAN ID (Personal Area Network Identification) and device identities. The second part involves the CoAP protocol that resides in an application layer protocol of the 6LoWPAN protocol stack. The widely available CoAP implementations failed to validate the remote CoAP clients. We exploit the combination of IP Spoofing vulnerability and cross-protocol vulnerability of CoAP along with the remote server access support to launch the off-path attack. The off-path attack is considered a weak attack on a constrained network, and it receives less attention from the research community. However, the consequences resulting from such an attack cannot be ignored in practice. In the third part, we propose a two-fold network traffic analysis method for anomaly detection with Optimized Deep Clustering (ODC), which involves an optimized deep autoencoder and BIRCH clustering algorithm. We observed that our ODC deep clustering algorithm outperforms the existing deep clustering methods for anomaly detection. As a result of this research, we achieve an end-to-end secure communication of sensors within the 6LoWPAN constrained network and when the 6LoWPAN network devices interact with the legacy Internet. This research is a concrete contribution to the IoT Cyber Security community. Also, we ensure the secure communication of IoT by investigating the network traffic dataset despite any malfunction caused by an intruder.	en_US.UTF-8
dc.format	Thesis (PhD)
dc.language.iso	en_US	en_US.UTF-8
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/148762/2/02whole.pdf
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	au.edu.uts.lib/ppc
dc.rights	info:eu-repo/semantics/openAccess
dc.title	End-to-End IoT Security: Authentication, Vulnerability Exploration and Data Analysis	en_US.UTF-8
dc.type	Thesis
utslib.copyright.status	open_access	*

Abstract:

Wireless 6LoWPAN networks consist of resource-starved, small sensor nodes. Secure sensors’ communication is necessary to avoid threats such as a replay attack and a Man-in-the-Middle (MITM) attack. This research has three major parts. The first part of the research focuses on developing a lightweight authentication algorithm and key management of sensors within the 6LoWPAN network. Before transmitting sensible information, sensors must prove that they are the legal transmitting entity to the Edge Router. The second part of the research exploits the vulnerability of CoAP (Constrained Application Protocol) on the application layer of the 6LoWPAN protocol. We also investigate how 6LoWPAN with CoAP protocol withstands the off-path pin code injection threat while the 6LoWPAN sensor communicates with the legacy Internet. The Third part of the research deals with intelligent intrusion detection techniques using deep learning and clustering algorithms. The first part, Lightweight Authentication Protocol (LAUP), uses the symmetric key method with no pre-shared keys. It comprises four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight of LAUP uses freshly derived keys from existing information such as PAN ID (Personal Area Network Identification) and device identities. The second part involves the CoAP protocol that resides in an application layer protocol of the 6LoWPAN protocol stack. The widely available CoAP implementations failed to validate the remote CoAP clients. We exploit the combination of IP Spoofing vulnerability and cross-protocol vulnerability of CoAP along with the remote server access support to launch the off-path attack. The off-path attack is considered a weak attack on a constrained network, and it receives less attention from the research community. However, the consequences resulting from such an attack cannot be ignored in practice. In the third part, we propose a two-fold network traffic analysis method for anomaly detection with Optimized Deep Clustering (ODC), which involves an optimized deep autoencoder and BIRCH clustering algorithm. We observed that our ODC deep clustering algorithm outperforms the existing deep clustering methods for anomaly detection. As a result of this research, we achieve an end-to-end secure communication of sensors within the 6LoWPAN constrained network and when the 6LoWPAN network devices interact with the legacy Internet. This research is a concrete contribution to the IoT Cyber Security community. Also, we ensure the secure communication of IoT by investigating the network traffic dataset despite any malfunction caused by an intruder.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/148762