The findings in this thesis clearly indicate that the IoT is not yet ready to be deployed. However, it clearly is being deployed, therefore attackers can exploit its lack of security for malicious purposes. The trust management frameworks that are currently avail- able are not capable of fully creating trust relationships among objects, which leads to the need for further investigations in this direction. For this purpose, a standardised architectural reference model for the IoT and M2M communications is needed. This void prevents researchers from creating a proper security level in the IoT architecture, nurturing the development of ad hoc solutions.
The solution proposed in this thesis for detecting forged embedded machines in the IoT can be used as a method of pre-trust evaluation. However, it must be included as part of a high-level trust management framework. This trust management framework can use the proposed solution and at the same time detect other attacks. The combi- nation of multi-layer metrics to detect attacks against trust mechanisms has not been properly studied yet. Similarly, studies about propagating trust to other M2M devices depending on the pre-trust evaluation must be carried out.
The binary classification approach used in this thesis can be modified to a multiclass classification to recognise the specific system type used by REMs and VESs. In this scenario, a further trust assessment can be created by exchanging the embedded machine type during the initial interaction. The trustor will request details of the trustee’s system
type and will be able to detect if the trustee is providing the timing information that corresponds to that system. Therefore, the trustor will be able to determine if the trustee is using a specific embedded machine, such as Raspberry Pi, Arduino etc., or a specific virtual or an emulated system to create forged embedded machines, such as VirtualBox, QEMU etc.
This solution can also be modified for application to other fields. For example, it can be used to detect the Android’s Dalvik virtual machine more quickly than existing heuristic detection methods [219, 220], which require around 20 minutes. By contrast, the proposed solution requires only circa 40 seconds, and is therefore more than 20 times faster.
The application of IoT mobile trust agents could be further investigated by applying the proposed solution to different IoT scenarios. Its application can also be evaluated with both open and closed networks in order to properly appreciate the dangerousness of the attack and the effectiveness of the solution. The ratio between ODP and ODS used in Equation 4.4 (Section 4.2.6) should be changed in order to identify the best classifier for each level of security required (Table 4.8). Further tests with high priority traffic should be performed during the simulations of the proposed solution in order to check if this affects the kernel behaviour and therefore detection results. Finally, other solutions based on timing behaviours should be evaluated for M2M-embedded devices that do not support the ping command locally, such as devices based only on IEEE 802.15.4, LoRa, LTE etc.
6.4
Summary
In this thesis, an overview of the Internet of Things is provided. The focus is on is- sues which prevent the creation of trusted relationships among IoT-embedded machines in M2M communications. It has been shown that the lack of a standard architectural reference model for incorporating trust prevents researchers from providing an optimal Trust Management Framework for the IoT. A new threat consisting of forged embedded machines used by attackers to subvert M2M communication has been identified. Sev- eral new solutions were proposed as part of IoT mobile trust agents in order to allow M2M-embedded machines and the IoT core to identify this attack. This is achieved by performing a pre-trust evaluation in order to save energy and computational resources when creating trust relationships.
Evaluations and results of the final proposed solution show its efficiency in terms of overall detection speed, overall detection performance and resilience against attacks, independent of the machine architecture and its OS. The detection of unknown embedded machines demonstrates its easy applicability to future IoT-embedded machines and also in a final standardised architecture reference model for M2M communications in the IoT. Finally, as demonstrated, this trust evaluation can be used by IoT applications to
preserve their operations in real-life scenarios. These are very important aspects because IoT does not connect only machines, but also people’s lives.
Appendices
A.1
Characterisation Algorithm
# !/ bin / sh #
# C o p y r i g h t 2 0 1 5 V a l e r i o S e l i s #
# T h i s p r o g r a m is f r e e s o f t w a r e ; you can r e d i s t r i b u t e it and / or m o d i f y
# it u n d e r the t e r m s of the GNU G e n e r a l P u b l i c L i c e n s e as p u b l i s h e d by
# the F r e e S o f t w a r e F o u n d a t i o n ; e i t h e r v e r s i o n 2 of the License , or
# ( at y o u r o p t i o n ) any l a t e r v e r s i o n . #
# T h i s p r o g r a m is d i s t r i b u t e d in the h o p e t h a t it w i l l be useful , # but W I T H O U T ANY W A R R A N T Y ; w i t h o u t e v e n the i m p l i e d w a r r a n t y of # M E R C H A N T A B I L I T Y or F I T N E S S FOR A P A R T I C U L A R P U R P O S E . See the # GNU G e n e r a l P u b l i c L i c e n s e for m o r e d e t a i l s .
#
# You s h o u l d h a v e r e c e i v e d a c o p y of the GNU G e n e r a l P u b l i c L i c e n s e
# a l o n g w i t h t h i s p r o g r a m ; if not , see < h t t p :// www . gnu . org / l i c e n s e s / >. # # U s a g e : c h a r a c t e r i s a t i o n . sh < s i m _ n u m b e r > < p i n g _ n u m b e r > < p i n g _ i n t e r v a l > < p i n g _ p k t _ s i z e > # # C h e c k if the OS is A n d r o i d c h e c k _ a n d r o i d =$(ls / sdcard ) # C h e c k if the OS is N e t B S D
c h e c k _ n e t b s d =$( uname -a | grep " evb ")
# C h e c k if W N D R 4 7 0 0 is the r e a l e m b e d d e d m a c h i n e
c h e c k _ W N D R 4 7 0 0 =$( uname -a | grep " W N D R 4 7 0 0 ")
# S e l e c t the f o l d e r for s a v i n g the log f i l e
if [ "$check_android " = " " ];t h e n if [ "$check_WNDR4700 " = " " ];t h e n m a i n _ l o g =" / tmp / s i m p i n g . log " m a i n _ d i r =" / tmp / " e l s e # W N D R 4 7 0 0 m a i n _ l o g =" / tmp / mnt / s d a 1 / s i m p i n g . log " m a i n _ d i r =" / tmp / mnt / s d a 1 / " fi e l s e # A n d r o i d OS m a i n _ l o g =" / s d c a r d / s i m p i n g . log " m a i n _ d i r =" / s d c a r d / " fi e c h o " S t a r t i n g $( date ) - $( date +%s) ... "
e c h o " S t a r t i n g $( date ) - $( date +%s) ... " > > $main_log
# R e t r i e v e n u m b e r of C P U s and c o r e s
if [ "$check_netbsd " = " " ];t h e n
c p u s =$(cat / p r o c / c p u i n f o | g r e p p r o c e s s o r | awk ’{ p r i n t $NF }’)
e l s e
c p u s =$( sysctl -a | egrep -i ’hw. machine |hw. model |hw.ncpu ’ |
g r e p " hw . n c p u : " | awk { ’ p r i n t $NF ’}) fi m a x _ c p u s =$(e c h o $cpus | awk { ’ p r i n t $NF ’}) if [ "$max_cpus " = " " ];t h e n c p u s =0 m a x _ c p u s =0 fi # N u m b e r of s i m u l a t i o n loops , m i n i m u m 1 l o o p n u m b e r _ s t a r t =0 n u m b e r _ e n d =1 if [ "$1" != " " ];t h e n # N u m b e r of l o o p s g i v e n in i n p u t n u m b e r _ e n d =$1 fi # N u m b e r of pings , d e f a u l t 1 0 0 0 n u m b e r _ p i n g s = 1 0 0 0 if [ "$2" != " " ];t h e n # N u m b e r of p i n g s g i v e n in i n p u t n u m b e r _ p i n g s =$2
fi # I n t e r v a l n u m b e r b e t w e e n pings , d e f a u l t 0.2 i n t e r v a l _ p i n g s = 0 . 2 if [ "$3" != " " ];t h e n # I n t e r v a l n u m b e r b e t w e e n p i n g s g i v e n in i n p u t i n t e r v a l _ p i n g s =$3 fi # P i n g p a c k e t size , d e f a u l t 56 b y t e s p k t _ s i z e =56 if [ "$4" != " " ];t h e n # P i n g p a c k e t s i z e g i v e n in i n p u t p k t _ s i z e =$4 fi e n d _ s i m = ’ n ’ w h i l e [ $end_sim != ’y’ ];do # E x e c u t e 2 s i m u l a t i o n s # - Sim 0: p i n g
# - Sim 1: p i n g and CPU u n d e r s t r e s s
e c h o " S i m u l a t i o n l o o p #$number_start $( date ) - $( date +%s)" > > $main_log s i m _ c o u n t =0 r e a d y = ’ n ’ w h i l e [ $ready != ’y’ ];do ts =$( date +%s) sim =" " s i m _ d i r =" "
# S t a r t the dd c o m m a n d if n e c e s s a r y for s t r e s s i n g the CPU
if [ $sim_count -eq 1 ];t h e n
for e a c h in $cpus ;do
dd if=/ dev / u r a n d o m of =/ dev / n u l l &
d o n e
sim =" 02 _$ts "
s i m _ d i r =" p i n g _ d d _$sim "
e c h o " Sim #$sim_count : ping -c $number_pings -i $interval_pings -s $pkt_size 127.0.0.1 with dd ( $ts )" > > $main_log
e l s e
sim =" 1 0 0 0 _$ts "
s i m _ d i r =" p i n g _$sim "
e c h o " Sim #$sim_count : ping -c $number_pings -i $interval_pings -s $pkt_size 127.0.0.1 ( $ts )" > > $main_log
fi
if [ "$check_netbsd " = " " ];t h e n
# S t a r t the c h a r a c t e r i s a t i o n a l g o r i t h m
e c h o " S t a r t c h a r a c t e r i s a t i o n : $( date ) - $( date +%s)" e c h o " S t a r t c h a r a c t e r i s a t i o n : $( date ) - $( date +%s)"
> > " /$main_dir / $sim_dir / log "
p i n g - c $number_pings -i $interval_pings -s $pkt_size
1 2 7 . 0 . 0 . 1 | w h i l e r e a d L I N E
do
# S t o r e p i n g r e s p o n s e t i m e
e c h o "$LINE "
# S t o r e t i m e s t a m p v a l u e
e c h o "$( date +%s)" > > " /$main_dir / $sim_dir / lo_ts " # S t o r e CPU u s a g e
cat / p r o c / s t a t | g r e p ’^ cpu ’ > > " /$main_dir / $sim_dir / lo_cpu "
d o n e > " /$main_dir / $sim_dir / lo_ping " # S t o p the c h a r a c t e r i s a t i o n a l g o r i t h m
e c h o " C h a r a c t e r i s a t i o n f i n i s h e d ! $( date ) - $( date +%s) "
e c h o " C h a r a c t e r i s a t i o n f i n i s h e d ! $( date ) - $( date +%s) " > > " /$main_dir / $sim_dir / log "
s l e e p 1 s
e l s e
# S t a r t i o s t a t for r e t r i e v i n g the CPU u s a g e
i o s t a t - C 1 > " /$main_dir / $dir / iostat . txt " & i o s t a t _ p i d =$! # M a k e s u r e i o s t a t . txt c o n t a i n s an up to d a t e CPU u s a g e s l e e p 1 s # S t a r t the c h a r a c t e r i s a t i o n for N e t B S D e c h o " S t a r t c h a r a c t e r i s a t i o n : $( date ) - $( date +%s)" e c h o " S t a r t c h a r a c t e r i s a t i o n : $( date ) - $( date +%s)"
> > " /$main_dir / $sim_dir / log "
p i n g - c $number_pings -i $interval_pings -s $pkt_size
1 2 7 . 0 . 0 . 1 | w h i l e r e a d L I N E
do
# S t o r e p i n g r e s p o n s e t i m e
e c h o "$LINE "
# S t o r e t i m e s t a m p v a l u e
e c h o "$( date +%s)" > > " /$main_dir / $sim_dir / lo_ts " # S t o r e CPU u s a g e
t a i l -1 " /$main_dir / $dir / iostat . txt " | tr " \ n " " "
> > " /$main_dir / $sim_dir / lo_cpu "
d o n e > " /$main_dir / $sim_dir / lo_ping "
# S t o p the c h a r a c t e r i s a t i o n a l g o r i t h m for N e t B S D
e c h o " C h a r a c t e r i s a t i o n f i n i s h e d ! $( date ) - $( date +%s) "
e c h o " C h a r a c t e r i s a t i o n f i n i s h e d ! $( date ) - $( date +%s) " > > " /$main_dir / $sim_dir / log "
# K i l l i o s t a t k i l l $iostat_pid s l e e p 1 s fi # K i l l all dd c o m m a n d s if it is Sim 1 if [ $sim_count -eq 1 ];t h e n k i l l a l l dd fi # I n c r e a s e the s i m u l a t i o n n u m b e r