| Summary: | <p>The phrase 'Internet of Things' refers to the pervasive instrumentation of physical objects with sensors and actuators, and the connection of those sensors and actuators to the Internet. These sensors and actuators are generally based on similar hardware as, and have similar capabilities to, wireless sensor network nodes. However, they operate in a completely different network environment: wireless sensor network nodes all generally belong to a single entity, whereas Internet of Things endpoints can belong to different, even competing, ones. This difference has profound implications for the design of security mechanisms in these environments. Wireless sensor network security is generally focused on defence against attack by external parties. On the Internet of Things, such an insider/outsider distinction is impossible; every entity is both an endpoint for legitimate communications, and a possible source of attack. We argue that that under such conditions, the centralised models that underpin current networking standards and protocols for embedded systems are simply not appropriate, because they require such an insider/outsider distinction.</p> <p>This thesis serves as an exposition in the design of decentralised security mechanisms, applied both to applications, which must perform access control, and networks, which must guarantee communications security. It contains three main contributions. The first is a threat model for Internet of Things networks. The second is BottleCap, a capability-based access control module, and an exemplar of decentralised security architecture at the application layer. The third is StarfishNet, a network-layer protocol for Internet of Things wireless networks, and a similar exemplar of decentralised security architecture at the network layer. Both are evaluated with microbenchmarks on prototype implementations; StarfishNet's association protocol is additionally validated using formal verification in the protocol verification tool Tamarin. </p>
|
|---|