Sammanfattning
During the last decades, more and more devices have been connected to the Internet.
Today, there are more devices connected to the Internet than humans.
An increasingly more common type of devices are cyber-physical devices.
A device that interacts with its environment is called a cyber-physical device.
Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.
Devices connected to the Internet risk being compromised by threat actors such as hackers.
Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.
Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.
Many cyber-physical devices are categorized as constrained devices.
A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.
Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.
Devices must be efficient to make the most of the limited resources.
Mitigating cyber attacks is a complex task, requiring technical and organizational measures.
Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.
In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.
We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.
These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.
Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.
In our work, we present a novel attack against the protocol.
We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.
Using a state synchronization protocol, we propagate state changes between the digital and physical twins.
The Digital Twin can then monitor and manage devices.
We have also designed a protocol for secure ownership transfer of constrained wireless devices.
Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.
With a formal protocol verification, we can guarantee the security of both the old and new owners.
Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.
PSA allows devices to send encrypted measurements to an aggregator.
The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.
No party will learn the measurement except the device that generated it.
Today, there are more devices connected to the Internet than humans.
An increasingly more common type of devices are cyber-physical devices.
A device that interacts with its environment is called a cyber-physical device.
Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.
Devices connected to the Internet risk being compromised by threat actors such as hackers.
Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.
Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.
Many cyber-physical devices are categorized as constrained devices.
A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.
Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.
Devices must be efficient to make the most of the limited resources.
Mitigating cyber attacks is a complex task, requiring technical and organizational measures.
Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.
In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.
We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.
These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.
Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.
In our work, we present a novel attack against the protocol.
We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.
Using a state synchronization protocol, we propagate state changes between the digital and physical twins.
The Digital Twin can then monitor and manage devices.
We have also designed a protocol for secure ownership transfer of constrained wireless devices.
Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.
With a formal protocol verification, we can guarantee the security of both the old and new owners.
Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.
PSA allows devices to send encrypted measurements to an aggregator.
The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.
No party will learn the measurement except the device that generated it.
Originalspråk | engelska |
---|---|
Kvalifikation | Doktor |
Tilldelande institution |
|
Handledare |
|
Tilldelningsdatum | 2023 mars 21 |
Utgivningsort | Lund |
Förlag | |
ISBN (tryckt) | 978-91-8039-570-0 |
ISBN (elektroniskt) | 978-91-8039-571-7 |
Status | Published - 2023 feb. 23 |
Bibliografisk information
Defence detailsDate: 2023-03-21
Time: 09:15
Place: Lecture Hall E:1406, building E, Ole Römers väg 3, Faculty of Engineering LTH, Lund University, Lund. The dissertation will be live streamed, but part of the premises is to be excluded from the live stram.
External reviewer(s)
Name: Delsing, Jerker
Title: Prof.
Affiliation: Luleå University of Technology, Sweden.
---
Ämnesklassifikation (UKÄ)
- Inbäddad systemteknik
- Annan data- och informationsvetenskap