Scalable Framework for Securing Constrained Edge Devices into an Information-Centric Network of Things



Journal Title

Journal ISSN

Volume Title



This thesis provides a framework with associated implementation support, based on Information-Centric Networking (ICN), to address security, efficiency, and scalability challenges in the Internet of Things (IoT). IoT is an important development that aims to interconnect billions of internet-connected devices and sensors and requires extremely high scalability and comprehensive security. The central premise behind ICN is a fundamental change from host-centric-based communication to content-centric with named-driven networking primitives that natively support multicast, mobility, and content-oriented security. ICN has been advanced as an alternative Future Internet architecture based on scalability required for IoT, but as proposed, cannot meet the security needs of IoT. Most IoT devices are heterogeneous and constrained in their available memory, computational, and energy capabilities. Because these devices are so numerous and can provide critical sensitive information needed to make real-world decisions, special consideration is required in securing them into an ICN-based IoT. In this thesis, I present a framework and supporting protocols to address authentication registration, secure forwarding, service authorization and discovery of constrained devices into an ICN based IoT in a way that is efficient and highly scalable. To achieve this, I leverage a mesh network with a hierarchical structure to enhance scalability. The device nodes participating in my architecture are assumed to be constrained, so cryptographic operations are kept to a minimum by using lightweight symmetric encryption functions that rely on unconstrained coordinating nodes, in concert with a security manager service to manage authentication and key distribution. This framework works in four stages for a device to securely join the ICN-IoT. It begins with network discovery and registration, followed by device authentication, secure forwarding setup, and service discovery. When the joining process is completed, the device will be able to fully participate in its local ICN-IoT enclave network securely. The framework works by using established secure cryptographic mechanisms and algorithms applied in a novel and efficient way to an ICN while utilizing the interest/data oriented communication model. A case study in the context of a smart city is used to demonstrate the premise. I extend this with a novel approach to allowing the constrained device nodes to improve their security and general computation abilities through secure collaboration and delegation of heavy computational tasks, such as certain cryptographic functions, through the ICN to less constrained edge device nodes. I propose a scheme to enhance security against insider threats by deploying trust-based access control based on behavioral monitoring of quality-of-service characteristics of the device nodes over time. My framework and supporting protocols allow these constrained devices operating in low power lossy networks to securely integrate into an ICN-based IoT in the language and style of ICN communications. I accomplish this by using a hierarchical network architecture that consists of enclave networks existing at the internet edge. These enclave networks incorporate coordinating nodes that facilitate the constrained device nodes using an ICN protocol, which I introduce. I demonstrate the security of the framework and protocols using an informal threat-based evaluation and formal security verification, which is presented. The efficiency and scalability are evaluated based on a simulation model.



Data networking, Information Security, Internet of Things