Dissertationen zum Thema „Internet des objets – Dispositifs de sécurité“
Geben Sie eine Quelle nach APA, MLA, Chicago, Harvard und anderen Zitierweisen an
Machen Sie sich mit Top-50 Dissertationen für die Forschung zum Thema "Internet des objets – Dispositifs de sécurité" bekannt.
Neben jedem Werk im Literaturverzeichnis ist die Option "Zur Bibliographie hinzufügen" verfügbar. Nutzen Sie sie, wird Ihre bibliographische Angabe des gewählten Werkes nach der nötigen Zitierweise (APA, MLA, Harvard, Chicago, Vancouver usw.) automatisch gestaltet.
Sie können auch den vollen Text der wissenschaftlichen Publikation im PDF-Format herunterladen und eine Online-Annotation der Arbeit lesen, wenn die relevanten Parameter in den Metadaten verfügbar sind.
Sehen Sie die Dissertationen für verschiedene Spezialgebieten durch und erstellen Sie Ihre Bibliographie auf korrekte Weise.
Laamech, Nouha. „Towards a secure data sharing management approach for IoT environments“. Electronic Thesis or Diss., Pau, 2024. http://www.theses.fr/2024PAUU3031.
Der volle Inhalt der QuelleInternet of Things (IoT) generates, connects and shares collected data from smart devices with various independent parties. With the increasing number of connected devices, its wide deployment is revolutionizing the modern world by covering almost every aspect of an individual's life. In this context, it is in the best interest of the community to successfully motivate users to share their IoT data with the rest of the environment, to allow the emergence of new services in different fields such as healthcare, education, or industrial manufacturing. However, requesting data to be able to extract valuable information from it can be a sensitive matter to approach. Therefore, framing requests and providing clarity on how this information will be used is necessary for building trust and credibility in connected environments. More precisely, when data providers decide to share their data with the community, they have little control over how their information are being used and in which context. In parallel, data consumers don't have the ability to trace back the different nodes by which the available data went through and its processing history to determine, for example, if it meets the technical and legal requirements of a given activity.Our research focus on three main challenges: (i) the definition of a semantic layer that handles the security requirements in the context of IoT data sharing, (ii) the enforcement of a context-aware security policy that matches both the data provider's preferences and the data consumer's usage, and (iii) the establishment of an end-to-end security solution that manage the sharing of IoT data in a decentralized architecture while eliminating the need to trust any involved IoT parties.To address these issues, we first present a context-aware IoT data Sharing Management ontology called IdSM-O, to establish a shared security vocabulary and handle the interoperability of IoT environments. Following that, we introduce a three-layer automatic semantic rule manager, that collects data provider's security policies requirements and automatically translate them to semantic rules ready for reasoning. Those contributions are the basement of IdSM, an end-to-end security framework for data sharing management during the phases of collection, transmission, and processing. Using this framework, we aim at addressing user's control enforcement over the owned smart devices, information security requirements, and obligation compliance between various parties in the IoT environment. Finally, we design, implement, and develop a prototype of the the proposal in order to prove its feasibility and analyze its performances
Claeys, Timothy. „Sécurité pour l'internet des objets : une approche des bas en haut pour un internet des objets sécurisé et normalisé“. Thesis, Université Grenoble Alpes (ComUE), 2019. http://www.theses.fr/2019GREAM062.
Der volle Inhalt der QuelleThe rapid expansion of the IoT has unleashed a tidal wave of cheap Internet-connected hardware. Formany of these products, security was merely an afterthought. Due to their advanced sensing and actuatingfunctionalities, poorly-secured IoT devices endanger the privacy and safety of their users.While the IoT contains hardware with varying capabilities, in this work, we primarily focus on the constrainedIoT. The restrictions on energy, computational power, and memory limit not only the processingcapabilities of the devices but also their capacity to protect their data and users from attacks. To secure theIoT, we need several building blocks. We structure them in a bottom-up fashion where each block providessecurity services to the next one.The first cornerstone of the secure IoT relies on hardware-enforced mechanisms. Various security features,such as secure boot, remote attestation, and over-the-air updates, rely heavily on its support. Sincehardware security is often expensive and cannot be applied to legacy systems, we alternatively discusssoftware-only attestation. It provides a trust anchor to remote systems that lack hardware support. In thesetting of remote attestation, device identification is paramount. Hence, we dedicated a part of this work tothe study of physical device identifiers and their reliability.The IoT hardware also frequently provides support for the second building block: cryptography. Itis used abundantly by all the other security mechanisms, and recently much research has focussed onlightweight cryptographic algorithms. We studied the performance of the recent lightweight cryptographicalgorithms on constrained hardware.A third core element for the security of the IoT is the capacity of its networking stack to protect the communications.We demonstrate that several optimization techniques expose vulnerabilities. For example,we show how to set up a covert channel by exploiting the tolerance of the Bluetooth LE protocol towardsthe naturally occurring clock drift. It is also possible to mount a denial-of-service attack that leverages theexpensive network join phase. As a defense, we designed an algorithm that almost completely alleviates theoverhead of network joining.The last building block we consider is security architectures for the IoT. They guide the secure integrationof the IoT with the traditional Internet. We studied the IETF proposal concerning the constrainedauthentication and authorization framework, and we propose two adaptations that aim to improve its security.Finally, the deployment of the IETF architecture heavily depends on the security of the underlying communicationprotocols. In the future, the IoT will mainly use the object security paradigm to secure datain flight. However, until these protocols are widely supported, many IoT products will rely on traditionalsecurity protocols, i.e., TLS and DTLS. For this reason, we conducted a performance study of the most criticalpart of the protocols: the handshake phase. We conclude that while the DTLS handshake uses fewerpackets to establish the shared secret, TLS outperforms DTLS in lossy networks
Challal, Yacine. „Sécurité de l'Internet des Objets : vers une approche cognitive et systémique“. Habilitation à diriger des recherches, Université de Technologie de Compiègne, 2012. http://tel.archives-ouvertes.fr/tel-00866052.
Der volle Inhalt der QuelleKouicem, Djamel Eddine. „Sécurité de l’Internet des objets pour les systèmes de systèmes“. Thesis, Compiègne, 2019. http://www.theses.fr/2019COMP2518.
Der volle Inhalt der QuelleThe Internet of things (IoT) is a new technology that aims to connect billions of physical devices to the Internet. The components of IoT communicate and collaborate between each other in distributed and dynamic environments, which are facing several security challenges. In addition, the huge number of connected objects and the limitation of their resources make the security in IoT very difficult to achieve. In this thesis, we focus on the application of lightweight cryptographic approaches and blockchain technology to address security problems in IoT, namely : authentication and trust management. First, we were interested on some kind of IoT applications where we need to control remotely the execution of smart actuators using IoT devices. To solve this problem, we proposed an efficient and fine-grained access controlsolution, based on the Attribute Based Encryption (ABE) mechanism and oneway hash chains. Using formal security tools, we demonstrated the security of our scheme against malicious attacks. Second, we tackled the problem of authentication in IoT based fog computing environments. Existing authentication techniques do not consider latency constraints introduced in the context of fog computing architecture. In addition, some of them do not provide mutual authentication between devices and fog servers. To overcome these challenges, we proposed a novel, efficient and lightweight mutual authentication scheme based on blockchain technologyand secret sharing technique. We demonstrated the efficiency of our authentication scheme through extensive simulations. The third problem treated in this work is the trust management in IoT. Existing trust management protocols do not meet the new requirements introduced in IoT such as heterogeneity, mobility and scalability. To address these challenges, we proposed a new scalable trust management protocol based on consortium blockchain technology and fog computing paradigm, with mobility support. Our solution allows IoT devices to accurately assess and share trust recommendations about other devices in a scalable way without referring to any pre-trusted entity. We confirmed the efficiency of our proposal through theoretical analysis and extensive simulations. Finally, we showed that our protocol outperforms existing solutions especially in terms of scalability, mobility support, communication and computation
Pittoli, Philippe. „Influence d'une architecture de type maître-esclave dans les problématiques de sécurité de l'Internet des objets“. Thesis, Strasbourg, 2019. http://www.theses.fr/2019STRAD006/document.
Der volle Inhalt der QuelleThe Internet of things is a network design where "things" are connected to the Internet, such as thermometers or lights. These objects are constrained in memory, computational capacity and communication (packet size, shared medium). The thesis is focused on issues around those constraints. A client willing to send a request to an object may either establish a direct connection to the object (end-to-end architecture) or establish a connection to the network gateway, which is not constrained in memory or computation capabilities, and will be used as a broker between clients and objects (master-slave architecture). This purpose of the thesis is to understand and to spotlight the differences between those two kinds of architectures and to determine their viability in an IoT context
Hammi, Mohamed Tahar. „Sécurisation de l'Internet des objets“. Thesis, Université Paris-Saclay (ComUE), 2018. http://www.theses.fr/2018SACLT006/document.
Der volle Inhalt der QuelleInternet of Things becomes a part of our everyday lives. Billions of smart and autonomous things around the world are connected and communicate with each other. This revolutionary paradigm creates a new dimension that removes boundaries between the real and the virtual worlds. Its success is due to the evolution of hardware and communication technologies, especially wireless ones. IoT is the result of the development and combination of different technologies. Today, it covers almost all areas of information technology (IT).Wireless sensor networks are a cornerstone of IoT's success. Using constrained things, industrial, medical, agricultural, and other environments can be automatically covered and managed.Things can communicate, analyze, process and manage data without any human intervention. However, security issues prevent the rapid evolution and deployment of this high technology. Identity usurpation, information theft, and data modification represent a real danger for this system of systems.The subject of my thesis is the creation of a security system that provides services for the authentication of connected things, the integrity of their exchanged data and the confidentiality of information. This approach must take into account the things and communication technologies constraints
Fayad, Achraf. „Protocole d’authentification sécurisé pour les objets connectés“. Electronic Thesis or Diss., Institut polytechnique de Paris, 2020. http://www.theses.fr/2020IPPAT051.
Der volle Inhalt der QuelleThe interconnection of private resources on public infrastructure, user mobility and the emergence of new technologies (vehicular networks, sensor networks, Internet of things, etc.) have added new requirements in terms of security on the server side as well as the client side. Examples include the processing time, mutual authentication, client participation in the choice of security settings and protection against traffic analysis. Internet of Things (IoT) is in widespread use and its applications cover many aspects of today's life, which results in a huge and continuously increasing number of objects distributed everywhere.Security is no doubt the element that will improve and strengthen the acceptability of IoT, especially that this large scale deployment of IoT systems will attract the appetite of the attackers. The current cyber-attacks that are operational on traditional networks will be projected towards the Internet of Things. Security is so critical in this context given the underlying stakes; in particular, authentication has a critical importance given the impact of the presence of malicious node within the IoT systems and the harm they can cause to the overall system. The research works in this thesis aim to advance the literature on IoT authentication by proposing three authentication schemes that satisfy the needs of IoT systems in terms of security and performance, while taking into consideration the practical deployment-related concerns. One-Time Password (OTP) is an authentication scheme that represents a promising solution for IoT and smart cities environments. This research work extends the OTP principle and propose a new approach to generate OTP based on Elliptic Curve Cryptography (ECC) and Isogeny to guarantee the security of such protocol. The performance results obtained demonstrate the efficiency and effectiveness of our approach in terms of security and performance.We also rely on blockchains in order to propose two authentication solutions: first, a simple and lightweight blockchain-based authentication scheme for IoT systems based on Ethereum, and second, an adaptive blockchain-based authentication and authorization approach for IoT use cases. We provided a real implementation of our proposed solutions. The extensive evaluation provided, clearly shows the ability of our schemes to meet the different security requirements with a lightweight cost in terms of performance
Montoya, Maxime. „Sécurité adaptative et énergétiquement efficace dans l’Internet des Objets“. Thesis, Lyon, 2019. http://www.theses.fr/2019LYSEM032.
Der volle Inhalt der QuelleThe goal of this work is to propose new methods that provide both a high security and a high energy efficiency for integrated circuits for the IoT.On the one side, we study the security of a mechanism dedicated to energy management. Wake-up radios trigger the wake-up of integrated circuits upon receipt of specific wake-up tokens, but they are vulnerable to denial-of-sleep attacks, during which an attacker replays such a token indefinitely to wake-up a circuit and deplete its battery. We propose a new method to generate unpredictable wake-up tokens at each wake-up, which efficiently prevents these attacks at the cost of a negligible energy overhead.On the other side, we improve on the energy efficiency of hardware countermeasures against fault and side-channel attacks, with two different approaches. First, we present a new combined countermeasure, which increases by four times the power consumption compared to an unprotected implementation, introduces no performance overhead, and requires less than 8 bits of randomness. Therefore, it has a lower energy overhead than existing combined protections. It consists in an algorithm-level power balancing that inherently detects faults. Then, we propose an adaptive implementation of hardware countermeasures, which consists in applying or removing these countermeasures on demand, during the execution of the protected algorithm, in order to tune the security level and the energy consumption. A security evaluation of all the proposed countermeasures indicates that they provide an efficient protection against existing hardware attacks
Hammi, Mohamed Tahar. „Sécurisation de l'Internet des objets“. Electronic Thesis or Diss., Université Paris-Saclay (ComUE), 2018. http://www.theses.fr/2018SACLT006.
Der volle Inhalt der QuelleInternet of Things becomes a part of our everyday lives. Billions of smart and autonomous things around the world are connected and communicate with each other. This revolutionary paradigm creates a new dimension that removes boundaries between the real and the virtual worlds. Its success is due to the evolution of hardware and communication technologies, especially wireless ones. IoT is the result of the development and combination of different technologies. Today, it covers almost all areas of information technology (IT).Wireless sensor networks are a cornerstone of IoT's success. Using constrained things, industrial, medical, agricultural, and other environments can be automatically covered and managed.Things can communicate, analyze, process and manage data without any human intervention. However, security issues prevent the rapid evolution and deployment of this high technology. Identity usurpation, information theft, and data modification represent a real danger for this system of systems.The subject of my thesis is the creation of a security system that provides services for the authentication of connected things, the integrity of their exchanged data and the confidentiality of information. This approach must take into account the things and communication technologies constraints
Khalil, Ahmad. „Gestion autonome de la qualité de service et de la sécurité dans un environnement Internet des objets“. Thesis, Bourgogne Franche-Comté, 2019. http://www.theses.fr/2019UBFCK068.
Der volle Inhalt der QuelleNowadays, the Internet of Things (IoT) is becoming important in our daily lives thanks to technological advances. This paradigm aims to improve the quality of human life through automating several tasks. In this context, service level guarantee within IoT environments is a major challenge while considering a massive deployment of IoT applications and services as well as extending their usage to different domains. The IoT service level can be characterized in two parts: Quality of Service (QoS) and security. Moreover, this service level must be managed in an autonomic manner within the IoT environment given the heterogeneity and the size of its infrastructure making it difficult, even impossible, their management in a manual manner by the administrators. In this thesis, we propose a QoS based channel access control mechanism, called QBAIoT (QoS Based Access for IoT environments), to ensure a differentiated processing of existing traffics in the IoT environment. The differentiated processing allows satisfying the requirements of each traffic according to different QoS parameters (i.e., delay, jitter, packet delivery ratio, etc.). Then, QBAIoT is improved and upgraded to integrate self-management capabilities thanks to two important functions of the closed control loop: self-configuration and self-optimization. In addition, to offer a better QoS within the IoT environment, it is necessary to optimize the energy consumption of resources’ constrained components. Thus, we propose an adaptation of QBAIoT allowing to reduce its energy consumption in an autonomic manner while respecting the data accuracy. Our contribution concerning the second part of service level guarantee within an IoT environment, which is security, consists is a mechanism enabling IoT objects access control to IoT gateways, called IoT-MAAC (IoT Multiple Attribute Access Control). This mechanism takes into account different parameters that are specific to IoT environments (i.e., IoT object trust, IoT object identifier, IoT object fingerprint, etc.). Finally, the decision making process regarding IoT object access control is autonomously managed by IoT gateways and aims to meet the requirements of IoT environment in terms of trust
Smache, Meriem. „La sécurité des réseaux déterministes de l’Internet des objets industriels (IIoT)“. Thesis, Lyon, 2019. http://www.theses.fr/2019LYSEM033.
Der volle Inhalt der QuelleTime synchronization is a crucial requirement for the IEEE802.15.4e based Industrial Internet of Things (IIoT). It is provided by the application of the Time-Slotted Channel-Hopping (TSCH) mode of the IEEE802.15.4e. TSCH synchronization allows reaching low-power and high-reliability wireless networking. However, TSCH synchronization resources are an evident target for cyber-attacks. They can be manipulated by attackers to paralyze the whole network communications. In this thesis, we aim to provide a vulnerability analysis of the TSCH asset synchronization. We propose novel detection metrics based on the internal process of the TSCH state machine of every node without requiring any additional communications or capture or analysis of the packet traces. Then, we design and implement novel self-detection and self-defence techniques embedded in every node to take into account the intelligence and learning ability of the attacker, the legitimate node and the real-time industrial network interactions. The experiment results show that the proposed mechanisms can protect against synchronization attacks
Hemmer, Adrien. „Méthodes de détection pour la sécurité des systèmes IoT hétérogènes“. Electronic Thesis or Diss., Université de Lorraine, 2023. http://www.theses.fr/2023LORR0020.
Der volle Inhalt der QuelleThis thesis concerns new detection methods for the security of heterogenous IoT systems, and fits within the framework of the SecureIoT European project. We have first proposed a solution exploiting the process mining together with pre-treatment techniques, in order to build behavioral models, and identifying anomalies from heterogenous systems. We have then evaluated this solution from datasets coming from different application domains : connected cars, industry 4.0, and assistance robots.. This solution enables to build models that are more easily understandable. It provides better detection results than other common methods, but may generate a longer detection time. In order to reduce this time without degrading detection performances, we have then extended our method with an ensemble approach, which combines the results from several detection methods that are used simultaneously. In particular, we have compared different score aggregation strategies, as well as evaluated a feedback mechanism for dynamically adjusting the sensitivity of the detection. Finally, we have implemented the solution as a prototype, that has been integrated into a security platform developed in collaboration with other European industrial partners
Mahamat, charfadine Salim. „Gestion dynamique et évolutive de règles de sécurité pour l'Internet des Objets“. Thesis, Reims, 2019. http://www.theses.fr/2019REIMS011/document.
Der volle Inhalt der QuelleWith the exponential evolution of the Internet of Things (IoT), ensure the network security has become a big challenge for networkadministrators. Traditionally, the network security is based on multiple independent devices such as firewall, IDS/IPS, NAC where the main role is to monitor the information exchanged between the inside and the outside perimeters of the enterprises networks. However, the administration of these network devices can be complex and tedious with an independent manual configuration. Recently, with the introduction of the Software Defined Networking concept (SDN) and the OpenFlow protocol offers many opportunities by providing a centralized and programmable network administration.As part of this research work, we proposed a new approach to secure the network traffic flows exchanges based on a method of events detection, in an automated manner. This solution is based on the SDN approach coupled to an intrusion detection system which allows analyze, detect and remove security threats. With the implementation, we contribute to change the paradigm of secure the network traffic flows exchanges using the SDN principle, coupled with an IDS in a real use case architecture. In this way, the management of network security becomes simplified, dynamic and scalable
Ould, yahia Youcef. „Proposition d’un modèle de sécurité pour la protection de données personnelles dans les systèmes basés sur l’internet des objets“. Electronic Thesis or Diss., Paris, CNAM, 2019. http://www.theses.fr/2019CNAM1242.
Der volle Inhalt der QuelleInternet of Things (IoT) and IT service outsourcing technologies have led to the emergence of new threats to users' privacy. However, the implementation of traditional security measures on IoT equipment is a first challenge due to capacity limitations. On the other hand, the offloading of data processing and storage poses the problem of trust in service providers.In this context, we have proposed an encryption solution that provides owner-centric data protection adapted to the constraining environment of IoT. This model is based on attribute-based encryption with secure offloading capability and Blockchain technology. Then, in response to the issue of trust and service selection, we explored the possibilities offered by artificial intelligence tools. To do this, we proposed a collaborative filtering model based on Kohonen maps and efficient solution to detect the untrusted users
Ould, yahia Youcef. „Proposition d’un modèle de sécurité pour la protection de données personnelles dans les systèmes basés sur l’internet des objets“. Thesis, Paris, CNAM, 2019. http://www.theses.fr/2019CNAM1242/document.
Der volle Inhalt der QuelleInternet of Things (IoT) and IT service outsourcing technologies have led to the emergence of new threats to users' privacy. However, the implementation of traditional security measures on IoT equipment is a first challenge due to capacity limitations. On the other hand, the offloading of data processing and storage poses the problem of trust in service providers.In this context, we have proposed an encryption solution that provides owner-centric data protection adapted to the constraining environment of IoT. This model is based on attribute-based encryption with secure offloading capability and Blockchain technology. Then, in response to the issue of trust and service selection, we explored the possibilities offered by artificial intelligence tools. To do this, we proposed a collaborative filtering model based on Kohonen maps and efficient solution to detect the untrusted users
Vallois, Valentin. „Securing industrial internet of things architectures through Blockchain“. Electronic Thesis or Diss., Université Paris Cité, 2022. http://www.theses.fr/2022UNIP7335.
Der volle Inhalt der QuelleIt's been ten years since blockchain technology was created. This amalgam of cryptography and peer-to-peer application brings many innovations and securities services beyond financial services to regular information systems and offers new use cases for distributed applications in industrial context. Meanwhile, IoT became prominent in the industry as the future industrial revolution, bringing new applications but paving the way for security vulnerabilities. During this thesis, we explored the main issues facing the Internet of Things. We studied how IIoT platform providers address these challenges by comparing the measures they have implemented with the ITU recommendations using the Analytic Hierarchical Process (AHP). This study allowed us to identify areas of improvement and use cases for the blockchain. Identity management is a recurring problem in the IIoT literature, and we propose an identity management approach for distributed systems assisted by blockchain to guarantee the uniqueness of identities and the integrity of the directory. From this work, we have developed a blockchain-secured firmware update distribution and validation system using the machine learning algorithm Locality Sensitive Hashing (LSH)
Junges, Pierre-Marie. „Évaluation à l'échelle de l'Internet du niveau d'exposition des objets connectés face aux risques de sécurité“. Electronic Thesis or Diss., Université de Lorraine, 2022. http://www.theses.fr/2022LORR0078.
Der volle Inhalt der QuelleNowadays, the use of Internet of Things (IoT) devices in our personal and work space makes our everyday life easier, but those IoT devices often suffer from security issues. The objective of this thesis is to evaluate the security of IoT devices. On one hand, we investigate the risk of user privacy leakage introduced by IoT hubs (or IoT gateways). Those IoT hubs act as a middlebox between a user and the IoT devices. Existing passive fingerprinting techniques are not applicable in this configuration considering that the network traffic of each individual IoT device attached to the IoT hub is not accessible. We propose a passive fingerprinting technique to infer the user actions by analysing the network traffic of the IoT gateway. Our method works on encrypted network traffic, and consists of decomposing a packet payload size into a set of, potential, user actions. We applied our technique on one IoT gateway controlling up to 16 IoT devices and show that an attacker, located on the Internet, is able to infer the user actions in more than 91.2% of the investigated cases.In a further step, we propose a hybrid firmware analysis technique to evaluate the security of an IoT device by inspecting the content of its firmware. Our analysis combines a dynamic analysis and a static analysis to improve our chances to extract data. Our objectives are not to detect unknown vulnerabilities but only the known ones, and inspect if the binaries included are deprecated. We applied our analysis on 4,730 firmwares belonging to IoT devices released between 2009 and 2019, and noticed the widespread use of a small set of binaries, notably to deploy HTTP and SSH services. From 2017, we observed that IoT manufacturers implemented many updates which reduced the exposure to known vulnerabilities.Using those firmwares, we defined an active fingerprinting technique allowing an attacker to infer details about a connected IoT devices, such as its brand or the binary used to deploy the HTTP server. Thanks to the firmware content, we can 1) obtain precise information about the binaries (name, version), and 2) assume the services actually deployed by the device i.e., the results of a TCP/UDP port scans. Considering those two aspects, our method consists of training classifiers to predict one particular property of a connected IoT device from, among others, the supposed results of a TCP/UDP port scans. Our method allows to predict fine details such as the name or version of a binary, the usernames or the passwords present in an IoT device. Using our approach, we noticed that the predictions of the name and version of the HTTP, SSH and DNS binaries are achieved with a precision superior to 73.14%. On the other hand, the prediction of at least one valid password is more challenging and requires up to two tries. Our method is more effective and furtive than a naive brute-force method.Knowing the vulnerabilies present in a IoT device does not guarantee that attackers use them on a regular basis. Hence, we propose in our fourth contribution, a high interaction honeypot capable of intercepting cyberattacks targeting IoT devices. The defined honeypot is based on an existing emulation technique that uses IoT devices firmwares. Implementing an honeypot is hard, and because of the stealth constraint, the existing emulation technique could not be used as-is. Due to this constraint, we implemented a framework capable of emulating IoT devices while assuring their furtivity, and adding honeypot-specific capabilities, such as exfiltrating the attackers activities. We then compared our approach to the state of the art one, and showed that ours can emulate up to 825 (82.5%) devices compared to 454 (45.4%). Our honeypot was deployed on one server during about one year and captured unknown and recent attacks from botnets, and sometimes humans
Nicomette, Vincent. „La protection dans les systèmes à objets répartis“. Phd thesis, Institut National Polytechnique de Toulouse - INPT, 1996. http://tel.archives-ouvertes.fr/tel-00175252.
Der volle Inhalt der QuelleJallouli, Ons. „Chaos-based security under real-time and energy constraints for the Internet of Things“. Thesis, Nantes, 2017. http://www.theses.fr/2017NANT4035/document.
Der volle Inhalt der QuelleNowadays, due to the rapid growth of Internet of Things (IoT) towards technologies, the protection of transmitted data becomes an important challenge. The devices of the IoT are very constrained resource in terms of computing capabilities, energy and memory capacities. Thus, the design of secure, efficient and lightweight crypto-systems becomes more and more crucial. In this thesis, we have studied the problem of chaos based data security under real-time and energy constraints. First, we have designed and implemented three pseudo-chaotic number generators (PCNGs). These PCNGs use a weak coupling matrix or a high diffusion binary coupling matrix between chaotic maps and a chaotic multiplexing technique. Then, we have realized three stream ciphers based on the proposed PCNGs. Security performance of the proposed stream ciphers were analysed and several cryptanalytic and statistical tests were applied. Experimental results highlight robustness as well as efficiency in terms of computation time. The performance obtained in computational complexity indicates their use in real-time applications. Then, we integrated these chaotic stream ciphers within the real-time operating system Xenomai. Finally, we have measured the energy and power consumption of the three proposed chaotic systems, and the average computing performance. The obtained results show that the proposed stream ciphers can be used in practical IoT applications
Mayzaud, Anthéa. „Monitoring and Security for the RPL-based Internet of Things“. Thesis, Université de Lorraine, 2016. http://www.theses.fr/2016LORR0207/document.
Der volle Inhalt der QuelleThe growing interest for the Internet of Things (IoT) has resulted in the large scale deployment of Low power and Lossy Networks (LLN). These networks are strongly constrained in terms of resources and communicate using unstable links. In this context, existing routing protocols for traditional networks do not cope with all these constraints. The IETF has proposed a new routing protocol called RPL based on IPv6 and specifically designed for these environments. The RPL protocol is however exposed to a large variety of attacks. The deployment of security mechanisms may also be quite expensive for the nodes. Therefore, LLN networks present new challenges in terms of monitoring and security. In this thesis we propose to investigate a security-oriented monitoring approach for addressing the trade-off between security and cost in the IoT. In a first stage, we assess security threats faced by these networks by identifying and classifying attacks through a dedicated taxonomy. We also quantify the consequences of two major attacks called DAG inconsistency attacks and version number attacks causing over-consumption of node resources. We then focus our work on security solutions for RPL-based IoT. We propose a local strategy for addressing DAG inconsistency attacks. In order to detect complex attacks such as version number attacks and to complement our node-level approach, we design a security-oriented distributed monitoring architecture for RPL networks. This solution allows us to preserve constrained nodes energy by performing monitoring and detection activities on dedicated nodes. We quantify the performance and the cost of this architecture and the deployed detection modules
Roux, Jonathan. „Détection d'intrusion dans des environnements connectés sans-fil par l'analyse des activités radio“. Thesis, Toulouse 3, 2020. http://www.theses.fr/2020TOU30011.
Der volle Inhalt der QuelleThe massive deployment of connected objects, forming the Internet of Things (IoT), is now disrupting traditional network environments. These objects, previously connectivity-free, are now likely to introduce additional vulnerabilities into the environments that integrate them. The literature today paints an unflattering picture of the security of these objects, which are increasingly becoming prime targets for attackers who see them as new exploitable surfaces to penetrate previously secure environments. In addition, the wireless means of communication used by these objects are numerous, with very heterogeneous characteristics at all protocol levels. Particularly in terms of the frequencies used, which make it difficult to analyse and monitor the environments that are equipped with them. These issues, and in particular the strong heterogeneity of these numerous protocols, call into question the traditional solutions used to ensure the security of the exchanges carried out. However, the explosion in the number of these objects requires security architectures that are adapted to these new issues. In this thesis, we are interested in monitoring and detecting anomalies that may occur in any wireless means of communication used in the IoT. We found a critical lack of solutions with the ability to analyze all exchanges, regardless of the protocol used. To answer this question, we propose a new security architecture based on the monitoring of physical radio signals, making it possible to free oneself from protocol knowledge and therefore to be generic. Its objective is to learn the model of legitimate radio behaviour in an environment using radio probes, then to identify deviations from this model, which may correspond to anomalies or attacks. The description of this architecture is the first contribution of this thesis. We then studied the applicability of our solution in different contexts, each with its own characteristics. The first study, corresponding to our second contribution, consists in proposing an implementation and deployment of our approach in connected homes. The evaluation of the latter in the face of real attacks injected into radio space and its results show the relevance of our approach in these environments. Finally, the last contribution studies the adaptation and deployment of our generic solution to professional environments where the presence of expert users promotes the integration of advanced diagnostic information to identify the origins of an anomaly. The subsequent evaluation and the results associated with each of the diagnostic mechanisms implemented demonstrate the value of our approach in heterogeneous environments
Vucinic, Malisa. „Architectures and Protocols for Secure and Energy-Efficient Integration of Wireless Sensor Networks with the Internet of Things“. Thesis, Université Grenoble Alpes (ComUE), 2015. http://www.theses.fr/2015GREAM084/document.
Der volle Inhalt der QuelleOur research explores the intersection of academic, industrial and standardization spheres to enable secure and energy-efficient Internet of Things. We study standards-based security solutions bottom-up and first observe that hardware accelerated cryptography is a necessity for Internet of Things devices, as it leads to reductions in computational time, as much as two orders of magnitude. Overhead of the cryptographic primitives is, however, only one of the factors that influences the overall performance in the networking context. To understand the energy - security tradeoffs, we evaluate the effect of link-layer security features on the performance of Wireless Sensors Networks. We show that for practical applications and implementations, link-layer security features introduce a negligible degradation on the order of a couple of percent, that is often acceptable even for the most energy-constrained systems, such as those based on harvesting.Because link-layer security puts trust on each node on the communication path consisted of multiple, potentially compromised devices, we protect the information flows by end-to-end security mechanisms. We therefore consider Datagram Transport Layer Security (DTLS) protocol, the IETF standard for end-to-end security in the Internet of Things and contribute to the debate in both the standardization and research communities on the applicability of DTLS to constrained environments. We provide a thorough performance evaluation of DTLS in different duty-cycled networks through real-world experimentation, emulation and analysis. Our results demonstrate surprisingly poor performance of DTLS in networks where energy efficiency is paramount. Because a DTLS client and a server exchange many signaling packets, the DTLS handshake takes between a handful of seconds and several tens of seconds, with similar results for different duty cycling protocols.But apart from its performance issues, DTLS was designed for point-to-point communication dominant in the traditional Internet. The novel Constrained Ap- plication Protocol (CoAP) was tailored for constrained devices by facilitating asynchronous application traffic, group communication and absolute need for caching. The security architecture based on DTLS is, however, not able to keep up and advanced features of CoAP simply become futile when used in conjunction with DTLS. We propose an architecture that leverages the security concepts both from content-centric and traditional connection-oriented approaches. We rely on secure channels established by means of DTLS for key exchange, but we get rid of the notion of “state” among communicating entities by leveraging the concept of object security. We provide a mechanism to protect from replay attacks by coupling the capability-based access control with network communication and CoAP header. OSCAR, our object-based security architecture, intrinsically supports caching and multicast, and does not affect the radio duty-cycling operation of constrained devices. Ideas from OSCAR have already found their way towards the Internet standards and are heavily discussed as potential solutions for standardization
Terrab, Imane. „Dispositifs de Social Software et nouveaux régimes de collaboration : nature technique des outils, discours et modalités collaboratives“. Thesis, Paris Sciences et Lettres (ComUE), 2016. http://www.theses.fr/2016PSLED050/document.
Der volle Inhalt der QuelleFor the last decade, Web 2.0 tools have entered the corporate sphere and are considered as part of a major technical and managerial shift. However, there is still a lack of theoretical framework to define the collaborative regimes that the new objects of Social Software carry. In this dissertation, we explore the dimensions through which Social Software objects offer a renewal of collaborative regimes. First, we highlight the technical and paradigmatic evolutions between Groupware and Social Software. Then we carry an empirical exploration of the field of Social Software, by analyzing publishers' commercial discourse and presenting four devices that we describe through the taxonomical frameworks of Computer Supported Cooperative Work and Enterprise 2.0. This analysis is supplemented by the modelization of the four devices' evolution paths, relying on a conceptual framework that focuses on the technical object. Finally, we suggest a novel framework to define the collaboration regimes proposed by Social Software devices. This research leads us to further discuss the links between technology and the management of collaboration
Mayzaud, Anthéa. „Monitoring and Security for the RPL-based Internet of Things“. Electronic Thesis or Diss., Université de Lorraine, 2016. http://www.theses.fr/2016LORR0207.
Der volle Inhalt der QuelleThe growing interest for the Internet of Things (IoT) has resulted in the large scale deployment of Low power and Lossy Networks (LLN). These networks are strongly constrained in terms of resources and communicate using unstable links. In this context, existing routing protocols for traditional networks do not cope with all these constraints. The IETF has proposed a new routing protocol called RPL based on IPv6 and specifically designed for these environments. The RPL protocol is however exposed to a large variety of attacks. The deployment of security mechanisms may also be quite expensive for the nodes. Therefore, LLN networks present new challenges in terms of monitoring and security. In this thesis we propose to investigate a security-oriented monitoring approach for addressing the trade-off between security and cost in the IoT. In a first stage, we assess security threats faced by these networks by identifying and classifying attacks through a dedicated taxonomy. We also quantify the consequences of two major attacks called DAG inconsistency attacks and version number attacks causing over-consumption of node resources. We then focus our work on security solutions for RPL-based IoT. We propose a local strategy for addressing DAG inconsistency attacks. In order to detect complex attacks such as version number attacks and to complement our node-level approach, we design a security-oriented distributed monitoring architecture for RPL networks. This solution allows us to preserve constrained nodes energy by performing monitoring and detection activities on dedicated nodes. We quantify the performance and the cost of this architecture and the deployed detection modules
Bru, Laurie. „Les enjeux de la normalisation européenne des objets connectés de santé“. Thesis, Toulouse 1, 2019. http://www.theses.fr/2019TOU10038.
Der volle Inhalt der QuelleConnected objects in health are emerging technologies. They are subject to many innovations and may incorporate blockchains, High Performance Computing, artificial intelligence and nanotechnologies. These objects are multiplying at a rapid rate within the internal market in the European Union and are creating new challenges, particularly with regard to the protection of personal data, public health considerations, cybersecurity and the competitivity of European companies in a globalized world. These objects need a framework. European standardization is a particularly appropriate regulatory tool to answer all these concerns. It overcomes the drawbacks of hard law, in particular because of its flexibility and ability to adapt to the evolution of the state of the art and the digitization of economy. European standardization organizations will therefore have to develop and update standards for the technologies on which connected objects in health are based. European institutions must support this standardization to ensure it is commensurate with the stakes involved
Navas, Renzo Efraín. „Improving the resilience of the constrained Internet of Things : a moving target defense approach“. Thesis, Ecole nationale supérieure Mines-Télécom Atlantique Bretagne Pays de la Loire, 2020. http://www.theses.fr/2020IMTA0217.
Der volle Inhalt der QuelleInternet of Things (IoT) systems are increasingly being deployed in the real world, but their security lags behind the state of the art of non-IoT systems. Moving Target Defense (MTD) is a cyberdefense paradigm that proposes to randomize components of systems, with the intention of thwarting cyberattacks that previously relied in the static nature of systems. Attackers are now constrained by time. MTD has been successfully implemented in conventional systems, but its use to improve IoT security is still lacking in the literature. Over the course of this thesis, we validated MTD as a cybersecurity paradigm suitable for IoT systems. We identified and synthesized existing MTD techniques for IoT using a systematic literature review method,and defined and used four novel entropy related metrics to measure MTD techniques qualitative properties. Secondly, we proposed a generic distributed MTD framework that allows the instantiation of concrete MTD strategies suitable for the constraints of the IoT. Finally, we designed an secure time synchronization protocol, and instantiated three particular MTD techniques: two at the upper network layers (e.g. port-hopping, and application RESTful interfaces) -and validated one of them in real hardware-, and the third one at the physical layer to achieve IoT systems resilient to insider attacks/jamming by using Direct Sequence Spread-Spectrum techniques with cryptographically-strong pseudo-random sequences
Lobe, kome Ivan Marco. „Identity and consent in the internet of persons, things and services“. Thesis, Ecole nationale supérieure Mines-Télécom Atlantique Bretagne Pays de la Loire, 2019. http://www.theses.fr/2019IMTA0131/document.
Der volle Inhalt der QuelleThe constant efforts of miniaturization of computing machines is transforming our relationships with machines and their role in society. The number of tiny computers remotely controlled is skyrocketing and those connected things are now more and more asked to do things on human behalf. The trend consists in making room for these specific machines into the Internet, in other words, building communication protocols adapted to their limited resources. This trend is commonly known as the Internet of Things (IoT) which consist of appliances and mechanisms different from those meant to be used exclusively by humans, the Internet of Persons (IoP). This conceptual separation being adopted, how would a Person exchange information with Things ?Sorts of brokers can help bridging that gap. The networking of those brokers led to the concept of Internetof Services (IoS). Persons and Things are connected through Services. This global networking is called the Internet of Persons Things and Services (IoPTS). Our work is on the edge of these 3 Internet areas and our contributions are two fold. In the first hand, we tackle the secure biding of devices’ and persons’ identities while preserving the Integrity, Anonymity and Confidentiality security properties. On the other hand, we address the problem of the secrecy of data on constrained Internet-connected devices. Other mechanisms must be created in order to seamlessly bind these conceptual areas of IoP, IoT andIoS. In this quest for a better integration of Internet connected-devices into the Internet of Persons, our work contributes to the definition of protocols on application and network layers, with IoT concerns and security at heart
Shahid, Mustafizur Rahman. „Deep learning for Internet of Things (IoT) network security“. Electronic Thesis or Diss., Institut polytechnique de Paris, 2021. http://www.theses.fr/2021IPPAS003.
Der volle Inhalt der QuelleThe growing Internet of Things (IoT) introduces new security challenges for network activity monitoring. Most IoT devices are vulnerable because of a lack of security awareness from device manufacturers and end users. As a consequence, they have become prime targets for malware developers who want to turn them into bots. Contrary to general-purpose devices, an IoT device is designed to perform very specific tasks. Hence, its networking behavior is very stable and predictable making it well suited for data analysis techniques. Therefore, the first part of this thesis focuses on leveraging recent advances in the field of deep learning to develop network monitoring tools for the IoT. Two types of network monitoring tools are explored: IoT device type recognition systems and IoT network Intrusion Detection Systems (NIDS). For IoT device type recognition, supervised machine learning algorithms are trained to perform network traffic classification and determine what IoT device the traffic belongs to. The IoT NIDS consists of a set of autoencoders, each trained for a different IoT device type. The autoencoders learn the legitimate networking behavior profile and detect any deviation from it. Experiments using network traffic data produced by a smart home show that the proposed models achieve high performance.Despite yielding promising results, training and testing machine learning based network monitoring systems requires tremendous amount of IoT network traffic data. But, very few IoT network traffic datasets are publicly available. Physically operating thousands of real IoT devices can be very costly and can rise privacy concerns. In the second part of this thesis, we propose to leverage Generative Adversarial Networks (GAN) to generate bidirectional flows that look like they were produced by a real IoT device. A bidirectional flow consists of the sequence of the sizes of individual packets along with a duration. Hence, in addition to generating packet-level features which are the sizes of individual packets, our developed generator implicitly learns to comply with flow-level characteristics, such as the total number of packets and bytes in a bidirectional flow or the total duration of the flow. Experimental results using data produced by a smart speaker show that our method allows us to generate high quality and realistic looking synthetic bidirectional flows
Ahmad, Abbas. „Model-Based Testing for IoT Systems : Methods and tools“. Thesis, Bourgogne Franche-Comté, 2018. http://www.theses.fr/2018UBFCD008/document.
Der volle Inhalt der QuelleThe Internet of Things (IoT) is nowadays globally a mean of innovation and transformation for many companies. Applications extend to a large number of domains, such as smart cities, smart homes, healthcare, etc. The Gartner Group estimates an increase up to 21 billion connected things by 2020. The large span of "things" introduces problematic aspects, such as conformance and interoperability due to the heterogeneity of communication protocols and the lack of a globally-accepted standard. The large span of usages introduces problems regarding secure deployments and scalability of the network over large-scale infrastructures. This thesis deals with the problem of the validation of the Internet of Things to meet the challenges of IoT systems. For that, we propose an approach using the generation of tests from models (MBT). We have confronted this approach through multiple experiments using real systems thanks to our participation in international projects. The important effort which is needed to be placed on the testing aspects reminds every IoT system developer that doing nothing is more expensive later on than doing it on the go
Bru, Laurie. „Les enjeux de la normalisation européenne des objets connectés de santé“. Electronic Thesis or Diss., Toulouse 1, 2019. http://www.theses.fr/2019TOU10038.
Der volle Inhalt der QuelleConnected objects in health are emerging technologies. They are subject to many innovations and may incorporate blockchains, High Performance Computing, artificial intelligence and nanotechnologies. These objects are multiplying at a rapid rate within the internal market in the European Union and are creating new challenges, particularly with regard to the protection of personal data, public health considerations, cybersecurity and the competitivity of European companies in a globalized world. These objects need a framework. European standardization is a particularly appropriate regulatory tool to answer all these concerns. It overcomes the drawbacks of hard law, in particular because of its flexibility and ability to adapt to the evolution of the state of the art and the digitization of economy. European standardization organizations will therefore have to develop and update standards for the technologies on which connected objects in health are based. European institutions must support this standardization to ensure it is commensurate with the stakes involved
Diop, Aïda Abdou. „Cryptographic mechanisms for device authentication and attestation in the internet of things“. Electronic Thesis or Diss., Institut polytechnique de Paris, 2020. http://www.theses.fr/2020IPPAS023.
Der volle Inhalt der QuelleThe new decentralized computing paradigm introduced by Machine-to-Machine (M2M) communications and the Internet of Things (IoT) ecosystem requires developing new security mechanisms and frameworks, adapted to this new architecture. The variety of IoT use cases includes applications leveraging low-level devices such as sensor or actuators, to applications deploying safety critical devices such as connected vehicles in Intelligent Transportation Systems (ITS). Devices are deployed as nodes in communication networks, and have become in recent years targets for attackers who exploit the resource-constrained nature of the devices in order to compromise the safety, security, and availability of the different applications. Two of the main challenges in this ecosystem are securing the communication between IoT devices, and ensuring that devices in the network have not been compromised or tampered with, thus attesting of the integrity of the entire network. The challenges are exacerbated by the nature of devices, which present stringent constraints, notably in terms of computational capabilities, storage space, and energy resource. In addition, new privacy concerns affecting users in IoT applications have risen, and require implementing privacy-friendly authentication and attestation mechanisms.Authentication mechanisms allow systems to identify themselves on the network, and provide solutions for the first challenge. Remote Attestation is a security mechanism which enables control systems to verify the software state of devices in the network, thus detecting any tampering or remote malware injection attacks.In this thesis, we aim to contribute to the development of new and privacy-preserving authentication and attestation mechanisms, which are particularly adapted for implementation in constrained environments.In the first part of this thesis, we leverage a cryptographic mechanism deployed in trusted computing, namely Direct Anonymous Attestation (DAA), in order to provide decentralized, and privacy-preserving authentication protocols adapted for constrained environments. Our work contributes to the development of a variant of Direct Anonymous Attestation schemes, called pre-Direct Anonymous Attestation (pre-DAA), which achieves a trade-off between security andefficiency that was not previously achieved in the literature. In particular, our pre-DAA scheme is proven secure in the Random Oracle Model (ROM) under the q-Strong Diffie Hellman (q—SDH) assumption, while performing better than DAA schemes proven secure under an interactive assumption. The pre-DAA scheme is subsequently used in the development of two privacy-preserving authentication protocols. The first application of our pre-DAA scheme consists in the design of a decentralized architecture for secure communication in vehicular ad hoc networks, which removes the need for a centralize Public Key Infrastructure. The second application of our pre-DAA scheme is the design of a mobile-based access control protocol for public transport systems, which addresses the issue of user traceability inherent to current access control control protocols for transport systems.In the second part of this thesis, we address the device integrity verification challenge by designing a remote attestation protocol which enables the secure and efficient attestation of groups (or swarms) of devices. Our attestation protocol verifies the integrity of every device in the network during a single attestation phase, by leveraging the aggregating properties of an aggregate algebraic MAC scheme. Compared to swarm attestation protocols in the literature, our contribution enables the detection of an erroneous attestation report in the aggregated result, thus allowing the identification of compromised devices
Khalfaoui, Sameh. „Security bootstrapping for Internet of Things“. Electronic Thesis or Diss., Institut polytechnique de Paris, 2022. http://www.theses.fr/2022IPPAT023.
Der volle Inhalt der QuelleThe demand for internet of Things (IoT) services is increasing exponentially, and a large number of devices are being deployed. However, these devices can represent a serious threat to the security of the deployment network and a potential entry-point when exploited by the adversaries. Thus, there is an imminent need to perform a secure association approach of the IoT objects before being rendered operational on the network of the user. This procedure is referred to as secure bootstrapping, and it primarily guarantees the confidentiality and the integrity of the data exchanges between the user and the devices. Secondly, this process provides an assurance on the identity and the origin of these objects.Due to scalability limitations, the first phase of the bootstrapping process cannot be efficiently conducted using pre-shared security knowledge such as digital certificates. This step is referred to as secure device pairing, and it ensures the establishment of a secure communication channel between the use and the object. The pairing phase uses a symmetric key agreement protocol that is suitable to the resource-constrained nature of these devices. The use of auxiliary channels has been proposed as a way to authenticate the key exchange, but they require a relatively long time and an extensive user involvement to transfer the authentication bits. However, the context-based schemes use the ambient environment to extract a common secret without an extensive user intervention under the requirement of having a secure perimeter during the extraction phase, which is considered a strong security assumption. The second phase of the bootstrapping process is referred to as secure device enrollment, and it aims at avoiding the associating of a malicious IoT object by authenticating its identity. The use of hardware security elements, such as the Physical Unclonable Function (PUF), has been introduced as a promising solution that is suitable for the resource-constraint nature of these devices. A growing number of PUF architectures has been demonstrated mathematically clonable through Machine Learning (ML) modeling techniques. The use of PUF ML models has been recently proposed to authenticate the IoT objects. Nonetheless, the leakage scenario of the PUF model to an adversary due to an insider threat within the organization is not supported by the existing solutions. Hence, the security of these PUF model-based enrollment proposals can be compromised.In this thesis, we study the secure bootstrapping process of resource-constrained devices and we introduce two security schemes:- A hybrid ad-hoc pairing protocol, called COOB, that efficiently combines a state-of-the-art fast context-based scheme with the use of an auxiliary channel. This protocol exploits a nonce exponentiation of the Diffie-Hellman public keys to achieve the temporary secrecy goal needed for the key agreement. Our method provides security even against an attacker that can violate the safe zone requirement, which is not supported by the existing contextual schemes. This security improvement has been formally validated in the symbolic model using the TAMARIN prover.- An enrollment solution that exploits a ML PUF model in the authentication process, called Water-PUF. Our enrollment scheme is based on a specifically designed black-box watermarking technique for PUF models with a binary output response. This procedure prevents an adversary from relying on the watermarked model in question or another derivative model to bypass the authentication. Therefore, any leakage of the watermarked PUF model that is used for the enrollment does not affect the correctness of the protocol. The Water-PUF design is validated by a number of simulations against numerous watermark suppression attacks to assess the robustness of our proposal
Lavaud, Gael. „Optimisation robuste appliquée au crash automobile“. Ecully, Ecole centrale de Lyon, 2007. http://bibli.ec-lyon.fr/exl-doc/TH_T2092_glavaud.pdf.
Der volle Inhalt der QuelleThis PhD thesis deals with robust design of complex systems with numerical simulations. The analysis of RENAULT design strategy suggests us concrete improvements based on the FIRST DESIGN methodology. This strategy relies on Engineering System ant the concept of robustness applied to all design step of the product. It uses all new design tools, as well statistical as modeling. This strategy allows designers to avoid design resource consuming and time demanding iterations. We use two concrete case study to illustrate our work. These cases take place in the context of costly simulations, that is why we will have to save them. First case study is about shape optimization of a pedestrian hood panel. We develop an industrial optimization tool and use it to find a satisfying shape. To save simulations, we also develop a special parameterization and a progressive validation of new shapes. Second case study is about robust design of a frontal crash. As traditional approaches could not fit our problem, we develop an original strategy based on crash scenarios. This method allows designers to identify unstable structural elements and to stabilize their behavior during the crash in the best conditions. All the tools developed along this work tend to take the best advantage of both new simulations tools and designers experience. Improvements of performance and design time on both cases study prove the interest of modifying the traditional design strategy to incorporate new numerical design tools
Celosia, Guillaume. „Privacy challenges in wireless communications of the Internet of Things“. Thesis, Lyon, 2020. http://www.theses.fr/2020LYSEI069.
Der volle Inhalt der QuelleAlso known as the Internet of Things (IoT), the proliferation of connected objects offers unprecedented opportunities to consumers. From fitness trackers to medical assistants, through smarthome appliances, the IoT objects are evolving in a plethora of application fields. However, the benefits that they can bring to our society increase along with their privacy implications. Continuously communicating valuable information via wireless links such as Bluetooth and Wi-Fi, those connected devices support their owners within their activities. Most of the time emitted on open channels, and sometimes in the absence of encryption, those information are then easily accessible to any passive attacker in range. In this thesis, we explore two major privacy concerns resulting from the expansion of the IoT and its wireless communications: physical tracking and inference of users information. Based on two large datasets composed of radio signals from Bluetooth/BLE devices, we first defeat existing anti-tracking features prior to detail several privacy invasive applications. Relying on passive and active attacks, we also demonstrate that broadcasted messages contain cleartext information ranging from the devices technical characteristics to personal data of the users such as e-mail addresses and phone numbers. In a second time, we design practical countermeasures to address the identified privacy issues. In this direction, we provide recommendations to manufacturers, and propose an approach to verify the absence of flaws in the implementation of their protocols. Finally, to further illustrate the investigated privacy threats, we implement two demonstrators. As a result, Venom introduces a visual and experimental physical tracking system, while Himiko proposes a human interface allowing to infer information on IoT devices and their owners
Ferreira, Loïc. „Secure Tunnels for Constrained Environments“. Thesis, Rennes, INSA, 2019. http://www.theses.fr/2019ISAR0007.
Der volle Inhalt der QuelleWith the rise of the Internet of Things and the growing popularity of constrained devices, several security protocols are widely deployed. In this thesis, we investigate the field of authenticated key exchange protocols in the symmetric-key setting. We show that existing protocols do not achieve the most established levels of security properties, and describe practical attacks against two currently deployed protocols. We present new authenticated key exchange protocols for the 2-party and the 3-party cases, and describe suitable security models that allow capturing their security goals, and analysing them. Our protocols apply only symmetric-key functions. At the same time, they provide stronger security properties than comparable ones. ln particular, they guarantee forward secrecy, and enable applying a session resumption procedure. This is particularly advantageous for low-resources devices with limited capabilities in terms of computation, communication, and energy
Pélissier, Samuel. „Privacy-preserving communications for the IoT“. Electronic Thesis or Diss., Lyon, INSA, 2024. http://www.theses.fr/2024ISAL0075.
Der volle Inhalt der QuelleDuring the past decades, we have witnessed the emergence of connected devices, commonly known as the Internet of Things (IoT). This diverse ecosystem encompasses a wide range of specialized devices, from IP cameras to water leak detectors, each designed to meet specific objectives and constraints regarding energy consumption, computing power, or cost. The rapid development of various technologies and their networking is accompanied by the generation of a significant volume of data, raising privacy concerns, particularly in sensitive areas such as healthcare or smart homes. In this thesis, we leverage machine learning techniques to explore privacy issues related to connected objects through their network protocols. First, we study potential attacks on LoRaWAN, a long-range, low-power protocol. We explore the relationship between two protocol identifiers and show that their theoretical separation can be undermined using metadata produced during network connection. By adopting a multi-domain approach (content, time, and radio), we demonstrate that this metadata allows an attacker to uniquely identify devices despite traffic encryption, paving the way for tracking or re-identification. Then, we explore possible countermeasures by systematically analyzing the data used in these attacks and proposing techniques to obfuscate or reduce their relevance. We show that only a combined approach offers real protection. Additionally, we propose and evaluate various temporary pseudonym solutions tailored to the constraints of LoRaWAN, particularly energy consumption. Finally, we adapt our machine learning methodology to DNS, a protocol widely deployed in consumer IoT. Our attack is again based on metadata and enables device identification despite the encryption of DNS-over-HTTPS traffic. Exploring potential countermeasures, we observe non-compliance with padding standards, leading to partial compromise of user privacy. More generally, our work highlights that the efforts made by IoT protocols such as LoRaWAN to protect privacy are insufficient. Potentially profound changes are necessary to adequately address these issues
Pérez, Garcia Julio César. „Contribution to security and privacy in the Blockchain-based Internet of Things : Robustness, Reliability, and Scalability“. Electronic Thesis or Diss., Avignon, 2023. http://www.theses.fr/2023AVIG0120.
Der volle Inhalt der QuelleThe Internet of Things (IoT) is a diverse network of objects typically interconnected via the Internet. Given the sensitivity of the information exchanged in IoT applications, it is essential to guarantee security and privacy. This problem is aggravated by the open nature of wireless communications, and the power and computing resource limitations of most IoT devices. Existing IoT security solutions are based on centralized architectures, which raises scalability issues and the single point of failure problem, making them susceptible to denial-of-service attacks and technical failures. Blockchain has emerged as an attractive solution to IoT security and centralization issues. Blockchains replicate a permanent, append-only record of all transactions occurring on a network across multiple devices, keeping them synchronized through a consensus protocol. Blockchain implementation may involve high computational and energy costs for devices. Consequently, solutions based on Fog/Edge computing have been considered in the integration with IoT. However, the cost of Blockchain utilization must be optimized, especially in the consensus protocol, which significantly influences the overall system performance. Permissioned Blockchains align better with the requirements of IoT applications than Permissionless Blockchains, due to their high transaction processing rate and scalability. This is because the consensus nodes, i.e., Validators, are known and predetermined. In existing consensus protocols used in Permissioned Blockchains, the Validators are usually a predefined or randomly selected set of nodes, which affects both system performance and fairness among users. The objective of this work is to propose solutions to improve security and privacy within IoT by integrating Blockchain technology, as well as to maximize fairness levels during consensus. The study is organized into two distinct parts: one addresses critical aspects of IoT security and proposes Blockchain-based solutions, while the other part focuses on optimizing fairness among users during the execution of the consensus algorithm on the Blockchain. We present an authentication mechanism inspired by the µTesla authentication protocol, which uses symmetric keys that form a hashchain and achieves asymmetric properties by unveiling the key used a while later. With this mechanism and the use of the Blockchain to store the keys and facilitate authentication, our proposal ensures robust and efficient authentication of devices, without the need for a trusted third party. In addition, we introduce a Blockchain-based key management system for group communications adapted to IoT contexts. The use of Elliptic Curve Cryptography ensures a low computational cost while enabling secure distribution of group keys. In both security solutions, we provide formal and informal proofs of security under the defined attack model. A performance impact analysis and a comparison with existing solutions are also conducted, showing that the proposed solutions are secure and efficient and can be used in multiple IoT applications. The second part of the work proposes an algorithm to select Validator nodes in Permissioned Blockchains maximizing Social Welfare, using α-Fairness as the objective function. A mathematical model of the problem is developed, and a method for finding the solution in a distributed manner is proposed, employing metaheuristic Evolutionary algorithms and a Searchspace partitioning strategy. The security of the proposed algorithm and the quality of the solutions obtained are analyzed. As a result of this work, two security protocols for IoT based on Blockchain are introduced, along with a distributed algorithm for maximizing Social Welfare among users in a Permissioned Blockchain network
Marconot, Johan. „Fonction Physique Non-clonable pour la Sécurité du Cycle de Vie d'un Objet Cyber-physique“. Thesis, Université Grenoble Alpes, 2020. http://www.theses.fr/2020GRALT011.
Der volle Inhalt der QuelleThe thesis focus on the conception of solutions to secure, all along its lifecycle, the assets and the functions which are embedded into a connected object. The lifecycle induces multiple interactions which expose the assets. Still, each actor may need private access in order to perform technical operations which have to be done. The solution has to securely manage the access requests but also takes account of the fact that most of the connected object are resources constraints system.We provide two main contributions: the analysis of security requirements for the device lifecycle and a new model of extraction circuit for strong digital PUF. The identified configuration for the extraction circuit offer trade-off between the circuit area, the frequency and the security metrics. It allows to conceive an efficient DPUF which could be integrated at fabrication chip, ensuring authentication property and performance requirements for lifecycle
Nguyen, Kim Thuat. „Lightweight security protocols for IP-based Wireless Sensor Networks and the Internet of Things“. Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2016. http://www.theses.fr/2016TELE0025.
Der volle Inhalt der QuelleThe Internet of Things (IoT) enables billions of embedded computing devices to connect to each other. The smart things cover our everyday friendly devices, such as, thermostats, fridges, ovens, washing machines, and TV sets. It is easy to imagine how bad it would be, if these devices were spying on us and revealing our personal information. It would be even worse if critical IoT applications, for instance, the control system in nuclear reactors, the vehicle safety system or the connected medical devices in health-care, were compromised. To counteract these security threats in the IoT, robust security solutions must be considered. However, IoT devices are limited in terms of memory, computation and energy capacities, in addition to the lack of communication reliability. All these inconvenients make them vulnerable to various attacks, as they become the weakest links of our information system. In this context, we seek for effective security mechanisms in order to establish secure communications between unknown IoT devices, while taking into account the security requirements and the resource constraints of these devices. To do so, we focus on two major challenges, namely, lightweight security protocols in terms of processing and infrastructure and lightweight key establishment mechanisms, as existing solutions are too much resource consuming. To address this first challenge, we first propose ECKSS - a new lightweight signcryption scheme which does not rely on a PKI. This proposal enables to encrypt and sign messages simultaneously while ensuring the confidentiality and unforgeability of the communication channels. In addition, the message exchanges are authenticated without relying on certificates. Moreover, we also propose OEABE which is a delegation-based mechanism for the encryption of the Ciphertext-Policy Attribute-Based Encryption (CP-ABE). CP-ABE is anattribute-based public key encryption scheme that gives users the flexibility to determine who can decrypt their data at runtime. Our solution enables a resource-constrained device to generate rapidly a CP-ABE ciphertext with authorization access rights to its data. This solution is particularly useful as the volume of data issued from IoT devices grows exponentially every year. To solve the second challenge, we first propose two new key distribution modes for the standard key management protocol MIKEY, based on our signcryption scheme ECKSS. These modes inherit the lightness of ECKSS and avoid the use of PKI. The experimental results, conducted in the Openmote sensor platform, have proven the efficiency of our solutions compared with other existing methods of MIKEY. Then, we propose a new key agreement scheme, named AKAPR. In case the two communicating parties are involved in the key negotiation procedure, AKAPR is very suitable in the context of IoT. As such, it can operate even if the two communicating parties are highly resource-constrained
Nguyen, Kim Thuat. „Lightweight security protocols for IP-based Wireless Sensor Networks and the Internet of Things“. Thesis, Evry, Institut national des télécommunications, 2016. http://www.theses.fr/2016TELE0025/document.
Der volle Inhalt der QuelleThe Internet of Things (IoT) enables billions of embedded computing devices to connect to each other. The smart things cover our everyday friendly devices, such as, thermostats, fridges, ovens, washing machines, and TV sets. It is easy to imagine how bad it would be, if these devices were spying on us and revealing our personal information. It would be even worse if critical IoT applications, for instance, the control system in nuclear reactors, the vehicle safety system or the connected medical devices in health-care, were compromised. To counteract these security threats in the IoT, robust security solutions must be considered. However, IoT devices are limited in terms of memory, computation and energy capacities, in addition to the lack of communication reliability. All these inconvenients make them vulnerable to various attacks, as they become the weakest links of our information system. In this context, we seek for effective security mechanisms in order to establish secure communications between unknown IoT devices, while taking into account the security requirements and the resource constraints of these devices. To do so, we focus on two major challenges, namely, lightweight security protocols in terms of processing and infrastructure and lightweight key establishment mechanisms, as existing solutions are too much resource consuming. To address this first challenge, we first propose ECKSS - a new lightweight signcryption scheme which does not rely on a PKI. This proposal enables to encrypt and sign messages simultaneously while ensuring the confidentiality and unforgeability of the communication channels. In addition, the message exchanges are authenticated without relying on certificates. Moreover, we also propose OEABE which is a delegation-based mechanism for the encryption of the Ciphertext-Policy Attribute-Based Encryption (CP-ABE). CP-ABE is anattribute-based public key encryption scheme that gives users the flexibility to determine who can decrypt their data at runtime. Our solution enables a resource-constrained device to generate rapidly a CP-ABE ciphertext with authorization access rights to its data. This solution is particularly useful as the volume of data issued from IoT devices grows exponentially every year. To solve the second challenge, we first propose two new key distribution modes for the standard key management protocol MIKEY, based on our signcryption scheme ECKSS. These modes inherit the lightness of ECKSS and avoid the use of PKI. The experimental results, conducted in the Openmote sensor platform, have proven the efficiency of our solutions compared with other existing methods of MIKEY. Then, we propose a new key agreement scheme, named AKAPR. In case the two communicating parties are involved in the key negotiation procedure, AKAPR is very suitable in the context of IoT. As such, it can operate even if the two communicating parties are highly resource-constrained
Ayoub, Ibrahim. „Privacy-preserving communications for IoT based on DNS and its security extensions“. Electronic Thesis or Diss., université Paris-Saclay, 2024. http://www.theses.fr/2024UPASG074.
Der volle Inhalt der QuelleThe Internet of Things (IoT) technologies have transformed how we interact with the world and machines, becoming an integral part of our daily lives. This thesis aims to address some of the challenges faced by IoT environments using the Domain Name System (DNS) and its security extensions and protocols. While DNS is primarily a distributed lookup system that maps domain names to IP addresses, it has evolved significantly through various extensions and DNS-based protocols. This evolution has enabled DNS to play a broader role, particularly in mitigating some of the challenges in IoT environments. Our first contribution identifies four major categories of IoT challenges: the constrained nature of IoT devices, identification in IoT, IoT security, and interoperability. We also conduct a literature review to examine how DNS is used in both research and industry to address these challenges. The second contribution proposes using DNS-based Authentication of Named Entities (DANE), a DNS protocol designed to strengthen Public Key Infrastructure (PKI), to establish a mutual authentication mechanism between two LoRaWAN backend servers, securing the connection without relying on commercial Certificate Authorities (CAs). The third contribution, introduces LoRaDANCE, a security mechanism that allows a LoRaWAN ED to join a network without pre-sharing any secret keys with the backend servers, as required in standard LoRaWAN. Mutual authentication with the Join Server (JS) is ensured through DANE, while asymmetric cryptography enables the device and server to generate the necessary secret, eliminating the need for pre-shared keys. For our fourth contribution, we conducted an in-depth study of IoT domain names and evaluated the differences between them and non-IoT domain names. In this context, IoT domain names refer to those of IoT backend servers resolved via DNS, whereas non-IoT domain names correspond to servers accessed by generic devices and humans. The study was carried out in three phases: a statistical analysis, a DNS analysis, and a machine learning-based classification of the two domain name categories
Chaabouni, Nadia. „Détection et prévention des intrusions pour les systèmes IoT en utilisant des techniques d’apprentissage“. Thesis, Bordeaux, 2020. http://www.theses.fr/2020BORD0070.
Der volle Inhalt der QuelleWith the expansion of the Internet of Things (IoT) and the evolution of attack techniques, IoT security has become a more critical concern. OneM2M is a global standardization initiative for the IoT, therefore its security implies the security of the IoT ecosystem. Hence, we focus our work on the security of the oneM2M standard. In this thesis, we propose an Intrusion Detection and Prevention System (IDPS) based on Machine Learning (ML) for the oneM2M-based IoT systems. In order to adopt emerging technologies and especially with its interesting results already proven in the security domain, ML techniques are used in our IDPS strategy. Our oneM2M-IDPS detects potential threats and responds immediately. It detects and classifies threats on three different ML levels and reacts quickly with appropriate actions. OneM2M-IDPS not only handles known threats (security attacks and abnormal behaviors), it is also able to detect unknown/zero-day threats. In addition, the IDPS is equipped with a continuous learning module that allows it to continuously learn new behaviors in order to be up to date
Khalid, Ahmad. „A secure localization framework of RAIN RFID objects for ambient assisted living“. Phd thesis, Toulouse, INPT, 2017. http://oatao.univ-toulouse.fr/19518/1/KHALID_Ahmad.pdf.
Der volle Inhalt der QuelleZhu, Xiaoyang. „Building a secure infrastructure for IoT systems in distributed environments“. Thesis, Lyon, 2019. http://www.theses.fr/2019LYSEI038/document.
Der volle Inhalt der QuelleThe premise of the Internet of Things (IoT) is to interconnect not only sensors, mobile devices, and computers but also individuals, homes, smart buildings, and cities, as well as electrical grids, automobiles, and airplanes, to mention a few. However, realizing the extensive connectivity of IoT while ensuring user security and privacy still remains a challenge. There are many unconventional characteristics in IoT systems such as scalability, heterogeneity, mobility, and limited resources, which render existing Internet security solutions inadequate to IoT-based systems. Besides, the IoT advocates for peer-to-peer networks where users as owners intend to set security policies to control their devices or services instead of relying on some centralized third parties. By focusing on scientific challenges related to the IoT unconventional characteristics and user-centric security, we propose an IoT secure infrastructure enabled by the blockchain technology and driven by trustless peer-to-peer networks. Our IoT secure infrastructure allows not only the identification of individuals and collectives but also the trusted identification of IoT things through their owners by referring to the blockchain in trustless peer-to-peer networks. The blockchain provides our IoT secure infrastructure with a trustless, immutable and public ledger that records individuals and collectives identities, which facilitates the design of the simplified authentication protocol for IoT without relying on third-party identity providers. Besides, our IoT secure infrastructure adopts socialized IoT paradigm which allows all IoT entities (namely, individuals, collectives, things) to establish relationships and makes the IoT extensible and ubiquitous networks where owners can take advantage of relationships to set access policies for their devices or services. Furthermore, in order to protect operations of our IoT secure infrastructure against security threats, we also introduce an autonomic threat detection mechanism as the complementary of our access control framework, which can continuously monitor anomaly behavior of device or service operations
Conceicao, Filipe. „Network survival with energy harvesting : secure cooperation and device assisted networking“. Electronic Thesis or Diss., Université Paris-Saclay (ComUE), 2019. http://www.theses.fr/2019SACLL020.
Der volle Inhalt der QuelleThe 5th Generation Cellular Network Technology (5G) will be the network supporting the Internet of Things (IoT) and it introduced a major feature, Device-to-Device (D2D) communications. D2D allows energy-constrained wireless devices to save energy by interacting in proximity at a lower transmission power. Cooperation and device-assisted networking therefore raise signicant interest with respect to energy saving, and can be used in conjunction with energy harvesting to prolong the lifetime of battery-powered devices. However, cooperation schemes increase networking between devices, increasing the need for security mechanisms to be executed to assure data protection and trust relations between network nodes. This leads to the use of cryptographic primitives and security mechanisms with a much higher frequency.Security mechanisms are fundamental for protection against malicious actions but they also represent an important source of energy consumption, often neglected due to the importance of data protection. Authentication procedures for secure channel establishment can be computationally and energetically expensive, especially if the devices are resource constrained. Security features such as condentiality and data authentication have a low energetic cost but are used constantly in a device engaged in data exchanges. It is therefore necessary to properly quantify the energy consumption due to security in a device. A security based energy model is proposed to achieve this goal.In User Equipment (UE) D2D networks, mobility is a key characteristic. It can be explored for connecting directly in proximity with IoT objects. A lightweight authentication solution is presented that allows direct UE-IoT communications, extending coverage and potentially saving signicant energy amounts. This approach can be particularly useful in Public Protection and Disaster Relief (PPDR) scenarios where the network infrastructure may not be available.Security features such as condentiality or data authentication are a significant source of consumption. Devices equipped with Energy Harvesting (EH) hardware can have a surplus or a deficit of energy. The applied security can therefore be adjusted to the available energy of a device, introducing an energy aware secure channel. After in depth analysis of 5G standards, it was found that D2D UE networks using this type of channel would spend a signicant amount of energy and be generally less secure. A lightweight rekeying mechanism is therefore proposed to reduce the security overhead of adapting security to energy. To complete the proposed rekeying mechanism, a security parameter bootstrapping method is also presented. The method denes the Core Network (CN) as the security policy maker, makes the overall network more secure and helps preventing communication outages.Adapting security features to energy levels raises the need for the study of the energy/security tradeoff. To this goal, an Markov Decision Process (MDP) modeling a communication channel is presented where an agent chooses the security features to apply to transmitted packets. This stochastic control optimization problem is solved via several dynamic programming and Reinforcement Learning (RL) algorithms. Results show that adapting security features to the available energy can signicantly prolong battery lifetime, improve data reliability while still providing security features. A comparative study is also presented for the different RL learning algorithms. Then a Deep Q-Learning (DQL) approach is presented and tested to improve the learning speed of the agent. Results confirm the faster learning speed. The approach is then tested under difficult EH hardware stability. Results show robust learning properties and excellent security decision making from the agent with a direct impact on data reliability. Finally, a memory footprint comparison is made to demonstrate the feasibility of the presented system even on resource constrained devices
Sleem, Lama. „Design and implementation of lightweight and secure cryptographic algorithms for embedded devices“. Thesis, Bourgogne Franche-Comté, 2020. http://www.theses.fr/2020UBFCD018.
Der volle Inhalt der QuelleLiving in an era where new devices are astonishing considering their high capabilities, new visions and terms have emerged. Moving to smart phones, Wireless Sensor Networks, high-resolution cameras, pads and much more, has mandated the need to rethink the technological strategy that is used today. Starting from social media, where apparently everything is being exposed, moving to highly powerful surveillance cameras, in addition to real time health monitoring, it can be seen that a high amount of data is being stored in the Cloud and servers. This introduced a great challenge for their storage and transmission especially in the limited resourced platforms that are characterized by: (a) limited computing capabilities, (b) limited energy and source of power and (c) open infrastructures that transmit data over wireless unreliable networks. One of the extensively studied platforms is the Vehicular Ad-hoc Networks which tends to have many limitations concerning the security field. In this dissertation, we focus on improving the security of transmitted multimedia contents in different limited platforms, while preserving a high security level. Limitations of these platforms are taken into consideration while enhancing the execution time of the secure cipher. Additionally, if the proposed cipher is to be used for images, the intrinsic voluminous and complex nature of the managed images is also taken into account. In the first part, we surveyed one of the limited platforms that is interesting for many researchers, which is the Vehicular Ad-hoc Networks. In order to pave the way for researchers to find new efficient security solutions, it is important to have one reference that can sum most of the recent works. It almost investigates every aspect in this field shedding the light over different aspects this platform possesses. Then, in order to propose any new security solution and validate its robustness and the level of randomness of the ciphered image, a simple and efficient test is proposed. This test proposes using the randomness tools, TestU01 and Practrand, in order to assure a high level of randomness. After running these tests on well known ciphers, some flaws were exposed. Proceeding to the next part, a novel proposal for enhancing the well-known ultra lightweight cipher scheme, Speck, is proposed. The main contribution of this work is to obtain a better version compared to Speck. In this proposal, 26 rounds in Speck were reduced to 7 rounds in Speck-R while enhancing the execution time by at least 50%. First, we validate that Speck-R meets the randomness tests that are previously proposed. Additionally, a dynamic substitution layer adds more security against key related attacks and highly fortifies the cipher. Speck-R was implemented on different limited arduino chips and in all cases, Speck-R was ahead of Speck. Then, in order to prove that this cipher can be used for securing images, especially in VANETS/IoV, where images can be extensively re/transmitted, several tests were exerted and results showed that Speck-R indeed possesses the high level of security desired in any trusted cipher. Extensive experiments validate our proposal from both security and performance point of views and demonstrate the robustness of the proposed scheme against the most-known types of attacks
Cozzi, Emanuele. „Binary Analysis for Linux and IoT Malware“. Electronic Thesis or Diss., Sorbonne université, 2020. http://www.theses.fr/2020SORUS197.
Der volle Inhalt der QuelleFor the past two decades, the security community has been fighting malicious programs for Windows-based operating systems. However, the increasing number of interconnected embedded devices and the IoT revolution are rapidly changing the malware landscape. Malicious actors did not stand by and watch, but quickly reacted to create "Linux malware", showing an increasing interest in Linux-based operating systems and platforms running architectures different from the typical Intel CPU. As a result, researchers must react accordingly. Through this thesis, we navigate the world of Linux-based malicious software and highlight the problems we need to overcome for their correct analysis.After a systematic exploration of the challenges involved in the analysis of Linux malware, we present the design and implementation of the first malware analysis pipeline, specifically tailored to study this emerging phenomenon. We use our platform to analyze over 100K samples and collect detailed statistics and insights that can help to direct future works.We then apply binary code similarity techniques to systematically reconstruct the lineage of IoT malware families, and track their relationships, evolution, and variants. We show how the free availability of source code resulted in a very large number of variants, often impacting the classification of antivirus systems.Last but not least, we address a major problem we encountered in the analysis of statically linked executables. In particular, we present a new approach to identify the boundary between user code and third-party libraries, such that the burden of libraries can be safely removed from binary analysis tasks
Bresch, Cyril. „Approches, Stratégies, et Implémentations de Protections Mémoire dans les Systèmes Embarqués Critiques et Contraints“. Thesis, Université Grenoble Alpes, 2020. http://www.theses.fr/2020GRALT043.
Der volle Inhalt der QuelleThis thesis deals with the memory safety issue in life-critical medical devices. Over the last few years, several vulnerabilities such as memory exploits have been identified in various Internet of Medical Things (IoMT) devices. In the worst case, such vulnerabilities allow an attacker to remotely force an application to execute malicious actions. While many countermeasures against software exploits have beenproposed so far, only a few of them seem to be suitable for medical devices. Indeed,these devices are constrained by their size, real-time performances, and safety requirements making the integration of security challenging. To address this issue,the thesis proposes two approaches. Both address the memory safety issue fromthe software design-time to its run-time on the hardware. A first approach assumesthat memory defenses can be implemented both in hardware and software. Thisapproach results in TrustFlow, a framework composed of a compiler able to generatesecure code for an extended processor that can prevent, detect, log, andself-heal critical applications from memory attacks. The second approach considersthat hardware is immutable. Following this constraint, defenses only rely uponsoftware. This second approach results in BackGuard a modified compiler that efficiently hardens embedded applications while ensuring control-flow integrity
Issoufaly, Taher. „Physical Tracking : menaces, performances et applications“. Thesis, La Réunion, 2019. http://www.theses.fr/2019LARE0017/document.
Der volle Inhalt der QuelleThe recent rise of smart-phones and connected objects has a deep impact its users lifestyle. In 2017, more than a billion and a half smart-phones were sold around the world. These ubiquitous devices, equipped with several wireless communication interfaces, have quickly become essential in the daily life of users with an intensive use. The wireless interfaces of these connected objects periodically transmit information on the network, some of which are user-specific and allow to identify and track their mobility. Tracking users by collecting the information generated by their wireless devices is called Wireless Physical Tracking. The opportunities offered by the Wireless Physical Tracking raised a lot of interest. Several applications have been developed and have brought innovation in several areas. Marketing companies use it to offer to their customers targeted advertising based on their movements in their area of activity. On a larger scale, Smart Cities or smart-cities analyse the movement of users in order to provide services for their inhabitants. Finally, in the field of research in mobile Ad-Hoc networks and DTNs, users mobility is a key element which need to be collected and analysed. However, the collection of this information without the consent of the users or without being properly protected induce a real risk to their privacy. It is around this context that this thesis is focused on. It’s divided into two parts. The first presents the PAN and WAN technologies, the state of the art of Wireless Physical Tracking methods and the adopted counter measures. The second part presents the contributions of the thesis which aims at developing new methods for Physical Tracking and analysing their performances compared to the existing methods. We first present an evaluate BPM, a bluetooth passive monitoring that allows to track the users of Classic Bluetooth device with a detection delay significantly lower than the methods previously used. We then focus on Bluetooth Low Energy and propose the use of a BLEB, a botnet of users tracking BLE objects with their smart-phones. Finally, we also focus on preserving users privacy through the proposal of PPCL, a privacy preserving crowdlocalisation method which allow to track users assets without being trackable
Conceicao, Filipe. „Network survival with energy harvesting : secure cooperation and device assisted networking“. Thesis, Université Paris-Saclay (ComUE), 2019. http://www.theses.fr/2019SACLL020/document.
Der volle Inhalt der QuelleThe 5th Generation Cellular Network Technology (5G) will be the network supporting the Internet of Things (IoT) and it introduced a major feature, Device-to-Device (D2D) communications. D2D allows energy-constrained wireless devices to save energy by interacting in proximity at a lower transmission power. Cooperation and device-assisted networking therefore raise signicant interest with respect to energy saving, and can be used in conjunction with energy harvesting to prolong the lifetime of battery-powered devices. However, cooperation schemes increase networking between devices, increasing the need for security mechanisms to be executed to assure data protection and trust relations between network nodes. This leads to the use of cryptographic primitives and security mechanisms with a much higher frequency.Security mechanisms are fundamental for protection against malicious actions but they also represent an important source of energy consumption, often neglected due to the importance of data protection. Authentication procedures for secure channel establishment can be computationally and energetically expensive, especially if the devices are resource constrained. Security features such as condentiality and data authentication have a low energetic cost but are used constantly in a device engaged in data exchanges. It is therefore necessary to properly quantify the energy consumption due to security in a device. A security based energy model is proposed to achieve this goal.In User Equipment (UE) D2D networks, mobility is a key characteristic. It can be explored for connecting directly in proximity with IoT objects. A lightweight authentication solution is presented that allows direct UE-IoT communications, extending coverage and potentially saving signicant energy amounts. This approach can be particularly useful in Public Protection and Disaster Relief (PPDR) scenarios where the network infrastructure may not be available.Security features such as condentiality or data authentication are a significant source of consumption. Devices equipped with Energy Harvesting (EH) hardware can have a surplus or a deficit of energy. The applied security can therefore be adjusted to the available energy of a device, introducing an energy aware secure channel. After in depth analysis of 5G standards, it was found that D2D UE networks using this type of channel would spend a signicant amount of energy and be generally less secure. A lightweight rekeying mechanism is therefore proposed to reduce the security overhead of adapting security to energy. To complete the proposed rekeying mechanism, a security parameter bootstrapping method is also presented. The method denes the Core Network (CN) as the security policy maker, makes the overall network more secure and helps preventing communication outages.Adapting security features to energy levels raises the need for the study of the energy/security tradeoff. To this goal, an Markov Decision Process (MDP) modeling a communication channel is presented where an agent chooses the security features to apply to transmitted packets. This stochastic control optimization problem is solved via several dynamic programming and Reinforcement Learning (RL) algorithms. Results show that adapting security features to the available energy can signicantly prolong battery lifetime, improve data reliability while still providing security features. A comparative study is also presented for the different RL learning algorithms. Then a Deep Q-Learning (DQL) approach is presented and tested to improve the learning speed of the agent. Results confirm the faster learning speed. The approach is then tested under difficult EH hardware stability. Results show robust learning properties and excellent security decision making from the agent with a direct impact on data reliability. Finally, a memory footprint comparison is made to demonstrate the feasibility of the presented system even on resource constrained devices