BASTION
About project
New communication and computing technologies are changing at a rate that was never seen before. Constant miniaturization and performance improvements led us to the place that it is possible to embed "intelligence" in literally everything. Those "intelligent" things will be able to communicate with outer world using new communication technologies, create vast and complex networks that will subsequently form the Internet of Things (IoT). Incredible amount of new devices will require outer world communications using efficient and secure methods, with high constraints on computational power, maintenance and power consumption. This brings exciting new challenges that need to be faced by the research community today.
Manually managing such vast amount of device will be completely impossible or at least extremely expensive. New commissioning and managing mechanisms that maximally reduce human intervention are needed. Those mechanisms should be flexible, robust and secure. I am able to come up with the solution for these issues by combining the Extensible Authentication Protocol with TEPANOM protocol and optimize them for the needs of the IoT devices. These solutions will be fully integrated and thoroughly tested with new IoT platform based on Real-Time operating system. And finally they will be adapted as a Cloud based service for the flexibility and easier application in future deployments of the solutions based on IoT technology. This problematic is not well investigated by the IoT research community. The outcome of this project will have great impact for business and research community.
Aims of the project:
Goal of this project is to analyze, design and evaluate the Bootstrapping, Authentication, Security and Trust mechanisms for the Internet of Things Networks. The outcome of the research will provide secure mechanisms for Authentication, Authorization, Configuration, Management, Usage and Data Processing for the future Internet of Things (IoT) applications.
First and major part of the research (WP 1) is devoted to the adaptation and optimization of the Extensible Authentication Protocol (EAP) [6] for the purposes of IoT. The EAP protocol has great capabilities that could be easily reused in IoT networks. But it also has drawbacks like incompatibility with constrains inherited from IoT networks. The analysis will be both theoretical (conceptual) and experimental and by this we should define and implement optimizations for EAP protocol. The optimization will focus on minimization of the communication overhead and power consumption. Then I will address EAP Methods. These are special algorithms which goal is to provide secure way to authenticate the device. All EAP Methods have substantially bigger requirements in terms of processing capabilities than IoT devices could deliver. I want to achieve this goal by analyzing different cryptographic systems that are applicable as EAP-Methods. Those methods should be characterized as low-power and high-security. Then I will be responsible for the integration of developed solution with TEPANOM protocol. My Host Supervisor, Professor Jara is an author of the Trust Extension Protocol for the Authentication of New deployed Objects and sensors through the Manufacturer (TEPANOM). This protocol allows, on the one hand, the identity verification and authentication in the system, and on the other hand the bootstrapping, configuration and trust extension of the deployment and management domains to the new device. This protocol definition focuses mostly on high-level aspects of bootstrapping procedure and does not cover details of data transmission through 6LoWPAN network. Additionally the ways of transferring the authentication data from the device to the system are not thoroughly defined. Parts of this protocol will require adaptation to the optimized EAP protocol. The equivalent of EAP Methods for TEPANOM authorization procedure needs to be created. We will need to create new schemes of authentication data transfers from device to the authorization system. The role of end user should be as minimal as possible in this process.
Second part of the research (WP 2) will be devoted for analysis of real-time aspects of EAP and TEPANOM in newly designed platform. Professors Dedieu team currently has ongoing effort of producing new development board that will be used for this research. One of the unique features of new platform will be full compatibility with the FreeRTOS – real time operating systems. This will require to investigate and adaptation of optimized EAP and TEPANOM for the real-time needs of the new platform. The real-time paradigm was not yet investigated regarding to EAP and TEPANOM especially in 6LoWPAN environment.
Last part of the research (WP3) will address the issues connected with security of Cloud based services for IoT. Polish team is responsible for the investigating of the best architecture and platform for Cloud Computing data processing. I have already contributed to this goal by investigating performance capabilities of Xen virtualization environment. For the purpose of this project I will adapt TEPANOM as a Cloud service and analyze security impact of the Cloud based provisioning and management services for IoT.
Fellow Mr.: Pawłowski Marcin Piotr
Mentors:
Swiss side: Prof. Antonio Jara
Polish side: Prof. Maciej Ogorzałek
Project title: BASTION - Analysis, design and evaluation of Bootstrapping, Authentication, Security and Trust for the Internet of Things Networks.
Project duration: 18 months
Project start: 1 May 2014
Project ends: 31 October 2016
