Edge Infrastructure Testbeds as Tools for Understanding Security Management in IoT
Kolehmainen, Antti (2024)
Kolehmainen, Antti
Tampere University
2024
Tieto- ja sähkötekniikan tohtoriohjelma - Doctoral Programme in Computing and Electrical Engineering
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Väitöspäivä
2024-12-19
Julkaisun pysyvä osoite on
https://urn.fi/URN:ISBN:978-952-03-3709-4
https://urn.fi/URN:ISBN:978-952-03-3709-4
Tiivistelmä
As network infrastructures of modern systems are getting more complex every year, new technologies are being introduced almost daily and as the networking world is in constant state of change, a way to see how these infrastructures work and respond to different scenarios is needed. Furthermore, the addition of edge computing and Internet of Things add more variables that the modern networks have to take into consideration in design and physical build can not be bypassed.
These complex, multi-device type network infrastructures furthermore expose even more possibilities for malicious activities to occur due environment that can go from small sensors to big iron server machinery. The ways of old for security management are not enough anymore and new ways to monitor and detect anomalous activity are a must to handle the requirements of these modern IoT and edge-computing based infrastructures.
How can one be prepared for these issues brought on by these modern network architectures? The answer is simulating conditions and scenarios with the good old way of building testbeds. This dissertation tackles the subject with the main research question: "Regarding IoT Edge networks, how do simulation of infrastructure scenarios using testbed-paradigms help in understanding related security matters?"
The research question is answered within three themes found throughout the dissertation research, presented in a way of top-down approach. The first is testbed applications which represents the topmost building-block of a testbed, the matter that it was built to test. The next theme is device management which is an important part of a testbed as it is of a real-world network infrastructure as well. The final theme, and indeed the lower-most part of a testbed itself is the physical infrastructure. The concept of a testbed is one that is in constant change due the fast changing landscape of technology bringing in new ways for both the adversary and the defender to affect the operability and for this a testbed can provide an excellent way to prepare for the attacks and anomalies of the present and the future.
The results and contributions of this dissertation are derived from two sub-themes: theoretical design and physical construction. In the theoretical design sub-theme, the focus was on surveying then current state-of-the-art in firmware update methods in IoT and modeling of different infrastructures and devices. The contribution derived from these are the literature survey, a model for IoT targeted firmware update architecture and model of a secure machine learning enabled network infrastructure for maritime vessels. In addition, a Lightweight Machine to Machine object model was developed for a custom energy measurement device.
For the physical construction sub-theme, the contributions are in network testbeds used to simulate different infrastructures. For experimenting with different link conditions and mesh networking in context of maritime vessels in and out of port, a testbed was built with a capability to simulate different types of network connections. Another testbed investigated how AAA services could be developed for resiliency surviving loss of connectivity between main and remote sites. The work in the third testbed focused on proof-of-concept maritime vessel network with security automation based on Machine Learning. This network could make decisions based on traffic classification on where to flow traffic, especially in the case of suspected anomalous activity.
The results presented in the dissertation were verified by proof-of-concept builds designed specifically for each of the use cases provided a well defined slice of several different types of network infrastructures for the experiments.
These complex, multi-device type network infrastructures furthermore expose even more possibilities for malicious activities to occur due environment that can go from small sensors to big iron server machinery. The ways of old for security management are not enough anymore and new ways to monitor and detect anomalous activity are a must to handle the requirements of these modern IoT and edge-computing based infrastructures.
How can one be prepared for these issues brought on by these modern network architectures? The answer is simulating conditions and scenarios with the good old way of building testbeds. This dissertation tackles the subject with the main research question: "Regarding IoT Edge networks, how do simulation of infrastructure scenarios using testbed-paradigms help in understanding related security matters?"
The research question is answered within three themes found throughout the dissertation research, presented in a way of top-down approach. The first is testbed applications which represents the topmost building-block of a testbed, the matter that it was built to test. The next theme is device management which is an important part of a testbed as it is of a real-world network infrastructure as well. The final theme, and indeed the lower-most part of a testbed itself is the physical infrastructure. The concept of a testbed is one that is in constant change due the fast changing landscape of technology bringing in new ways for both the adversary and the defender to affect the operability and for this a testbed can provide an excellent way to prepare for the attacks and anomalies of the present and the future.
The results and contributions of this dissertation are derived from two sub-themes: theoretical design and physical construction. In the theoretical design sub-theme, the focus was on surveying then current state-of-the-art in firmware update methods in IoT and modeling of different infrastructures and devices. The contribution derived from these are the literature survey, a model for IoT targeted firmware update architecture and model of a secure machine learning enabled network infrastructure for maritime vessels. In addition, a Lightweight Machine to Machine object model was developed for a custom energy measurement device.
For the physical construction sub-theme, the contributions are in network testbeds used to simulate different infrastructures. For experimenting with different link conditions and mesh networking in context of maritime vessels in and out of port, a testbed was built with a capability to simulate different types of network connections. Another testbed investigated how AAA services could be developed for resiliency surviving loss of connectivity between main and remote sites. The work in the third testbed focused on proof-of-concept maritime vessel network with security automation based on Machine Learning. This network could make decisions based on traffic classification on where to flow traffic, especially in the case of suspected anomalous activity.
The results presented in the dissertation were verified by proof-of-concept builds designed specifically for each of the use cases provided a well defined slice of several different types of network infrastructures for the experiments.
Kokoelmat
- Väitöskirjat [4929]