Skip navigation
Please use this identifier to cite or link to this item: http://arks.princeton.edu/ark:/88435/dsp01fn107145x
Title: Addressing Security and Privacy Challenges in Internet of Things
Authors: Mosenia, Arsalan
Advisors: Jha, Niraj K
Contributors: Electrical Engineering Department
Keywords: Internet of Things
Privacy
Security
Subjects: Computer engineering
Electrical engineering
Computer science
Issue Date: 2017
Publisher: Princeton, NJ : Princeton University
Abstract: Internet of Things (IoT), also referred to as the Internet of Objects, is envisioned as a holistic and transformative approach for providing numerous services. The rapid development of various communication protocols and miniaturization of transceivers along with recent advances in sensing technologies offer the opportunity to transform isolated devices into communicating smart things. Smart things, that can sense, store, and even process electrical, thermal, optical, chemical, and other signals to extract user-/environment-related information, have enabled services only limited by human imagination. Despite picturesque promises of IoT-enabled systems, the integration of smart things into the standard Internet introduces several security challenges because the majority of Internet technologies, communication protocols, and sensors were not designed to support IoT. Several recent research studies have demonstrated that launching security/privacy attacks against IoT-enabled systems, in particular wearable medical sensor (WMS)-based systems, may lead to catastrophic situations and life-threatening conditions. Therefore, security threats and privacy concerns in the IoT domain need to be proactively studied and aggressively addressed. In this thesis, we tackle several domain-specific security/privacy challenges associated with IoT-enabled systems. We first target health monitoring systems that are one of the most widely-used types of IoT-enabled systems. We discuss and evaluate several energy-efficient schemes and algorithms, which significantly reduce total energy consumption of different implantable and wearable medical devices (IWMDs). The proposed schemes make continuous long-term health monitoring feasible while providing spare energy needed for data encryption. Furthermore, we present two energy-efficient protocols for implantable medical devices (IMDs), which are essential for data encryption: (i) a secure wakeup protocol that is resilient against battery draining attacks, along with (ii) a low-power key exchange protocol that shares the encryption key between the IMD and the external device while ensuring confidentiality of the key. Moreover, we introduce a new class of attacks against the privacy of a patient who is carrying IWMDs. We describe how an attacker can infer private information about the patient by exploiting physiological information leakage, i.e., signals that continuously emanate from the human body due to the normal functioning of organs or IWMDs attached to (or implanted in) the body. Further, we propose a new generic class of security attacks, called dedicated intelligent security attacks against sensor-triggered emergency responses (DISASTER), that is applicable to a variety of sensor-based systems. DISASTER exploits design flaws and security weaknesses of safety mechanisms deployed in cyber-physical systems (CPSs) to trigger emergency responses even in the absence of a real emergency. In addition to introducing DISASTER, we comprehensively describe its serious consequences and demonstrate the possibility of launching such attacks against the two most widely-used CPSs: residential and industrial automation/monitoring systems. Finally, we present a continuous authentication system based on BioAura, i.e., information that is already gathered by WMSs for diagnostic and therapeutic purposes. We extensively examine the proposed authentication system and demonstrate that it offers promising advantages over one-time knowledge-based authentication systems, e.g., password-/pattern-based systems, and may potentially be used to protect personal computing devices and servers, software applications, and restricted physical spaces.
URI: http://arks.princeton.edu/ark:/88435/dsp01fn107145x
Alternate format: The Mudd Manuscript Library retains one bound copy of each dissertation. Search for these copies in the library's main catalog: catalog.princeton.edu
Type of Material: Academic dissertations (Ph.D.)
Language: en
Appears in Collections:Electrical Engineering

Files in This Item:
File Description SizeFormat 
Mosenia_princeton_0181D_12036.pdf23.15 MBAdobe PDFView/Download


Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.