Thesis of Xiaoyang Zhu

Towards Secured M2M-based Service-Oriented Cyber-Physical Systems


The premise of the Internet of Things (IoT) is to interconnect not only sensors, mobile devices, and computers but also individuals, homes, smart buildings, and cities, as well as electrical grids, automobiles, and airplanes, to mention a few. However, realizing the extensive connectivity of IoT while ensuring user security and privacy still remains a challenge. There are many unconventional characteristics in IoT systems such as scalability, heterogeneity, mobility, and limited resources, which render existing Internet security solutions inadequate to IoT-based systems. Besides, the IoT advocates for peer-to-peer networks where users as owners intend to set security policies to control their devices or services instead of relying on some centralized third parties. By focusing on scientific challenges related to the IoT unconventional characteristics and user-centric security, we propose an IoT secure infrastructure enabled by the blockchain technology and driven by trust- less peer-to-peer networks. Our IoT secure infrastructure allows not only the identification of individuals and collectives (e.g., companies, families, organizations) but also the trusted identification of IoT things (e.g., devices, services) through their owners by referring to the blockchain in trustless peer-to-peer networks. The blockchain provides our IoT secure infrastructure with a trustless, immutable and public ledger that records individuals and collectives identities, which facilitates the design of the simplified authentication protocol for IoT without relying on third-party identity providers. Besides, our IoT secure infrastructure adopts socialized IoT paradigm which allows all IoT entities (i.e., individuals, collectives, things) to establish relationships and makes the IoT extensible and ubiquitous networks where owners can take advantage of relationships to set access policies for their devices or services. Furthermore, in order to protect operations of our IoT secure infrastructure against security threats, we also introduce an autonomic threat detection mechanism as the complementary of our access control framework, which can continuously monitor anomaly behavior of device or service operations. At last, we prototype our solution, present use cases, and run experiment and simulation which show that our proposed IoT secure infrastructure can effectively interconnect all IoT entities through our authentication and authorization mechanisms and detect both known and unknown threats with high detection rates and low false positive alarms.

Advisor: Youakim Badr

Defense date: sunday, march 17, 2019

POTOP-BUTUCARU Maria Professeur(e)UPMCRapporteur(e)
BADR YouakimProfesseur(e)INSA de LyonDirecteur(trice) de thèse
BRUNIE LionelProfesseur(e)INSA-LyonPrésident(e)
DRIRA KhalilDirecteur(trice) de recherche Laboratoire CNRS LAASRapporteur(e)
MORIN ChristineDirecteur(trice) de rechercheINRIA RennesExaminateur​(trice)