MRI: Development of an Information Assurance and Performance Infrastructure for the Internet of Things

List of personnel

Principal Investigators:Xiaojiang Du, Principal Investigator (Temple University); Jie Wu, Co-Principal Investigator (Temple University); Xubin He, Co-Principal Investigator (Temple University); Jamie Payton, Co-Principal Investigator (Temple University).

Vision

This project will develop a novel infrastructure (also referred to as the testbed) to support Information Assurance and Performance (IAP) in the Internet of Things (IoT). The testbed will enable novel research for secure IoT communication, task-resource allocation, robust data storage, and computation offloading in IoT systems.

Specific Objectives

The specific objectives are:

(1) Enhancing IoT security. A key challenge is the ability to protect the privacy of sensitive data in IoT networks and to secure IoT-enabled networks, particularly when used to support safety critical applications like emergency response. Because IoT-enabled devices are often resource-limited in terms of computational power and storage, it is not straightforward to apply existing security architectures and protocols. Furthermore, IoT systems are susceptible to new kinds of threats that target their specific capabilities, such as GPS spoofing attacks that comprise location-aware operation in IoT systems. Existing IoT protocols, like the popular MQTT communication protocol, do not address these issues. New authentication, threat detection approaches, and other security schemes are needed to protect IoT networks. A scalable, trustworthy IoT system architecture and networking protocols are urgently needed. Specifically, we have the following objectives on IoT security:

  • Identify threat models for IoT networks
  • Identify potential IoT threat detection approaches
  • Identify potential IoT security solutions

(2) Improving IoT performance. IoT deployments generate streaming data at large scales over extended time frames. As a result, they are typically supported by a cloud-based infrastructure. Within cloud-based data centers, open research challenges remain in storing large amounts of data reliably and efficiently. Additionally, task-resource allocation remains an open issue. Often, allocation of resources is static, requiring a priori knowledge of program behavior. However, the computational load, communication load, and the volume of data produced in IoT systems is highly dynamic. For example, on a smart campus, the population may sharply increase when there is a basketball game held in the campus arena. As fans enter the arena for the game, they trigger sensors (e.g., security cameras, acoustic sensors that monitor crowd excitement, floor pressure sensors that detect stationary and mobile groups) and actuators; as a result, the volume of IoT data will sharply increase and demand for network communication changes. Similarly, the need for other kinds of resources can rapidly and dramatically vary over time in response to changes in the IoT network. For example, in a campus emergency response scenario, increased computational resources may be needed to rapidly track persons of interest using wearable body cameras and campus security cameras. In such settings, load distribution is required, which results in increased overhead and latency.

Major Activities

The major activities carried out by four PIs are summarized below.

  • We have purchased a number of new Internet of Things (IoT) devices, including smart locks, smart light, multi-purpose sensors, smart speakers, motion sensors, arrival sensors, smart outlets, etc.

  • As IoT devices are integrated via automation and coupled with the physical environment, anomalies in an appified smart home, whether due to attacks or device malfunctions, may lead to severe consequences. Prior works that utilize data mining techniques to detect anomalies suffer from high false alarm rates and missing many real anomalies. Our observation is that data mining-based approaches miss a large chunk of information about automation programs (also called smart apps) and devices. We design Home Automation Watcher (HAWatcher), a semantics-aware anomaly detection system for appified smart homes.

  • Internet of Things (IoT) platforms enable users to deploy home automation applications. As IoT device data flow outside, protecting user privacy becomes critical. Existing work protects user privacy from malicious application developers or eavesdroppers. However, it is surprising that, while a platform receives huge amounts of privacy-sensitive data from bound IoT devices, few works regard the platform as untrustworthy and provide privacy protection solutions. In fact, it is baseless to assume the platform is trustworthy and its data access protection is flawless, and thus we should consider that the rich data may be exposed to attackers. Furthermore, many IoT platforms share user data with partners (e.g., advertisers) for the expansion of businesses; any improper handling may disclose privacy-sensitive data to third parties. In this work, we design an effective scheme to protect user privacy while not affecting the IoT smart home automation

  • With the rapid growth of Internet of Things (IoTs), Internet-connected devices and home appliances gain popularity on the consumer electronic market. New home IoT products with built-in network connections and intelligent functionalities are quickly rolled out to the market. As predicted by Gartner, there will be more than 500 IoT devices deployed in a typical household by 2022. The easy device integration and advanced automation logic also brings new challenges with regard to security and privacy. IoT devices have been reported as unreliable because of the constraints in costs and resources. Anomalies of IoT devices include malfunctions of the physical part or the cyber part of an IoT device, as well as abnormal behaviors due to malicious attacks. Abnormal IoT devices could cause severe consequences, because they reside in the home environment and have critical functions that can change the physical world, such as door (smart lock) opening, smart oven burning (which could cause fire), or smart water valve opening (which could cause flooding). In this work, we design a decision-tree based root cause localization scheme for anomalies in smart IoT systems.

  • As the complexity of network control grows, it is more important to apply software-defined (SDN) networking to control a complex network. In this project, we studied two issues related to network control and configuration management. (1) Link congestion due to regular traffic and link flooding attacks (LFA) are two major problems in datacenters. Recent usage growth of SDN in datacenters enables dynamic and convenient configuration management that makes it easy to reconfigure the network to mitigate the LFA. The reconfiguration that redirects some of the traffic can be done in two ways: the shortest alternative path and the minimum changes in rule path. The SDN switches have a limited capacity for the rules and the performance dramatically drops when the number of stored rules is higher. Besides, it takes some time to adopt the changes by the SDN switches which causes interruption in flow. You proposed a method for minimizing rule changes in redirecting traffic; and the results are reported in NAS’2021. (2) The number of multi-controller datacenters is increasing with the increasing size of SDN datacenters. The performance of an SDN datacenter depends largely on the delay of response from the controller. The delay of response depends on the controller load and the distance from the SDN switch. The load of a controller depends on the number of requests it receives from the switches it controls. Therefore, a good switch-controller assignment is very important for load balancing the controller and the performance of an SDN datacenter. We proposed a multiple-controller architecture that supports scalability of network management; and the results are reported in ITC’2021.

  • Scientific simulations and various IoT devices and applications have generated huge amount of data. How to effectively store and process the data is a big challenge. To mitigate the data storage bottleneck and lower the data volume, it is common for compressors to be employed. As compared to lossless compressors, lossy compressors can reduce data volume more aggressively while maintaining the usefulness of the data. However, a reduction ratio of more than two orders of magnitude is almost impossible without seriously distorting the data. In deep learning, the autoencoder technique has shown great potential for data compression, in particular with images. Whether the autoencoder can deliver similar performance on scientific data, however, is unknown. We for the first time conduct a comprehensive study on the use of autoencoders to compress real-world scientific data and illustrate several key findings on using autoencoders for scientific data reduction. We implement an autoencoder-based compression prototype to reduce data (IEEE TBD’2021) and also design a scheme to reduce the training overhead (IEEE NAS’2021)

Publications

Journal

  1. Tong Liu, Jinzhen Wang, Qing Liu, Shakeel Alibhai, Tao Lu, Xubin He, “High-Ratio Lossy Compression: Exploring the Autoencoder to Compress Scientific Data,” IEEE Transactions on Big Data (TBD), DOI: 10.1109/TBDATA.2021.3066151, 2021.

  2. Golam Kayas, Mahmud Hossain, Jamie Payton, and S. M. Riazul Islam, “SUPnP: Secure Service Registration and Discovery for UPnP-Enabled Internet of Things,” submitted to the Internet of Things Journal, under review, August 2020.

  3. Jinzhen Wang, Tong Liu, Qing Liu, Xubin He, Huizhang Luo, Weiming He, “Compression Ratio Modeling and Estimation Across Error Bounds for Lossy Compression,” IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 31, No. 7, 2020.

  4. Y. Chen, H. Zheng and J. Wu, "Consistency, Feasibility, and Optimality of Network Update in SDNs," accepted in April 2019, to appear in IEEE Transactions on Network Science and Engineering.

Conference

  1. C. Fu, Q. Zeng, X. Du, "HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes", USENIX Security 2021, Aug. 2021. (The Acceptance rate is 16%).

  2. H. Chi, Q. Zeng, X. Du, L. Luo, "PFirewall: Semantics-Aware Customizable Data Flow Control for Home Automation Systems", NDSS 2021, Feb. 2021. (Acceptance rate = 15.2%).

  3. M. Wang, C. Fu, X. Du, “Decision-Tree Based Root Cause Localization for Anomalies in Smart IoT Systems,” in Proc. of  the IEEE ICC 2021, Montreal, Canada, June 2021.

  4. Hossain, Mahmud, Golam Kayas, Yasser Karim, Ragib Hasan, Jamie Payton, and SM Riazul Islam. "CATComp: A Compression-aware Authorization Protocol for Resource-efficient Communications in IoT Networks." IEEE Internet of Things Journal, June 2021, DOI: 10.1109/JIOT.2021.3092183

  5. Ali, Zaire, and Jamie Payton. "Task-Based Continuous Authentication Using Wrist-Worn Devices." In 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), pp. 642-647. IEEE, March 2021.

  6. Kayas, Golam, Mahmud Hossain, Jamie Payton, and SM Riazul Islam. "An overview of UPnP-based IoT security: threats, vulnerabilities, and prospective solutions." In 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pp. 0452-0460. IEEE, Oct. 2020.

  7. Kayas, Golam, Mahmud Hossain, Jamie Payton, and SM Riazul Islam. "Vsdm: A virtual service device management scheme for upnp-based iot networks." In 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), pp. 0426-0433. IEEE, Dec. 2020.

  8. R. Biswas and J. Wu, "Minimizing the Number of Rules to Mitigate Link Congestion in SDN-based Datacenters," Proc. of the 15th International Conference on Networking, Architecture, and Storage (NAS 2021), Oct 24-26, 2021.

  9. R. Biswas and J. Wu, "Efficient Switch Migration for Controller Load Balancing in Software Defined Networking," Proc. of the ITC 33 - Networked Systems and Services, Aug. 31 - Sept. 3, 2021.

  10. Tong Liu, Shakeel Alibhai, Jinzhen Wang, Qing Liu and Xubin He, “Reducing the Training Overhead of the HPC Compression Autoencoder via Dataset Proportioning”, Proc. Of the 15th IEEE International Conference on Networking, Architecture, and Storage (NAS), Riverside, CA, October 24-26, 2021.

  11. H. Chi, Q. Zeng, X. Du, J. Yu, "Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling," in Proc. of 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2020), Valencia, Spain, June 2020. (Acceptance rate: 48/291 = 16.5%)

  12. X. Xu, C. Fu, X. Du, P. Ratazzi, ”Effective UAV and Ground Sensor Authentication, ” Proceedings of the IEEE Globecom 2019, Hawaii, USA, December 2019.

  13. Tong Liu, Shakeel Alibhai, and Xubin He, “A Rack-aware Pipeline Repair Scheme for Erasure-coded Distributed Storage Systems,” Proceedings of the 49th International Conference on Parallel Processing (ICPP), August 17-20, 2020.

  14. Wenjie Liu, Ping Huang, and Xubin He, “StragglerHelper: Alleviating Straggling in Computing Clusters via Sharing Memory Access Patterns”, Proceedings of the 34th IEEE International Parallel and Distributed Processing Symposium (IPDPS), New Orleans, May 2020 (acceptance rate: 110/446=24.7%).

  15. J. Shang and J. Wu, "LightDefender: Protecting PIN Input using Ambient Light Sensor," Proc. of the 18th IEEE International Conference on Pervasive Computing and Communications (PerCom 2020), March 23-27, 2020.

  16. J. Shang and J. Wu, "Protecting Real-time Video Chat against Fake Facial Videos Generated by Face Reenactment," Proc. of the 40th IEEE International Conference on Distributed Computing Systems (ICDCS 2020), July 8-10, 2020

  17. Y. Chen, J. Wu, and B. Ji, "Optimizing Flow Bandwidth Consumption with Traffic-diminishing Middlebox Placement," Proc. of the 49th International Conference on Parallel Processing (ICPP 2020), August 17-20, 2020.