À la Une

Soutenance de thèse Akram Abdulghani Hezam MOHAMMED

AM.jpg  

M. Akram Abdulghani Hezam MOHAMMED soutiendra en anglais, en vue de l'obtention du grade de docteur en systèmes d'information de la Faculté d'économie et de management (GSEM), sa thèse intitulée:

A Reference Model for Securing IOT

Date: Mercredi 18 septembre 2019 à 9h00

Lieu: CUI / Battelle bâtiment A, auditoire rez-de-chaussée

 

Jury:

  • Prof. Marcel PAULSSEN, président du jury, GSEM – IOM

  • Dr. Niels NIJDAM, co-directeur de thèse, GSEM – CUI

  • Prof. Dimitri KONSTANTAS, co-directeur de thèse, GSEM – CUI

  • Prof. Giovanna DI MARZO SERUGENDO, Faculté SdS – CUI

  • Dr. Jean-Luc PILLET, CUI

  • M. Yacine BENMANSOUR, Directeur Etat de Genève - Direction de l’organisation et de la sécurité de l’information

Résumé:

As Internet of Things(IoT) involvement increases in our daily lives, several security and privacy concerns (e.g., linkability) arise, which may threaten its existence if they are left untouched. Besides the limited capabilities of IoT objects in terms of computation power, memory and bandwidth  which impede the direct implementation of traditional Internet security techniques, such  concerns stem also from two main contributing factors.

One is IoT lacks a building-blocked reference model in which a common ground and enabler technologies of IoT can be understood and identified by IoT researchers as well as stakeholders. This is because IoT paradigm is enabled by several technologies such as RFID technologies, communication protocols, OSs, and cloud computing. The other factor is the absence of widely-accepted IoT security and privacy guidelines and their appropriate implementation techniques for the previously mentioned enabler technologies. Such guidelines and techniques would greatly assist IoT stakeholders like developers and manufacturers, paving the road for building secure IoT systems from the start and, thus, reinforcing IoT security and privacy by design. In order to contribute to these limitations, our work is divided into three parts.

 In the first part, we propose a novel four-layered IoT reference model based on building blocks strategy, in which IoT asset-based attack surface is divided into four main components or layers: 1) physical objects, 2) protocols covering whole IoT stack, 3) data at rest, and 4) software. We also define the required building blocks for each layer.

In the second part, we propose a framework of security and privacy guidelines for each IoT asset   mentioned above, which  can be utilized to reinforce IoT security and privacy by design. We also present our derived guidelines for each asset in link with the involved stakeholders. Furthermore,   we also give a "reasoning" under which each guideline is stated based on one or two principles of either Security by Design or Privacy by Design frameworks. Consecutively, the overall guideline framework for each IoT asset is presented with the linking between guidelines, mitigation techniques and attacks for each asset, and we also discuss open issues for future work for each framework.

In the third part,   we propose a novel five-phase methodology for securing IoT objects based on their Security Level Certificates (SLCs).  Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. Finally, we investigate how our framework would lessen several   attacks and threats against IoT like routing attacks, physical damage, and side-channel attacks. Moreover, we discuss the shortcomings of our suggested methodology.