Département Informatique

Computer Science Department of Telecom SudParis

New paper “Bringing privacy, security and performance to the Internet of Things using IOTA and usage control”

Bringing privacy, security and performance to the Internet of Things using IOTA and usage control
by Nathanaël Denis, Sophie Chabridon and Maryline Laurent

Annals of Telecoms, jan. 2024

hal.science link

Abstract
The Internet of Things (IoT) is bringing new ways to collect and analyze data to develop applications answering or anticipating users’ needs. These data may be privacy-sensitive, requiring ecient privacypreserving mechanisms. The IoT is a distributed system of unprecedented scale, creating challenges for performance and security. Classic blockchains could be a solution by providing decentralization and strong security guarantees. However, they are not ecient and scalable enough for large scale IoT systems, and available tools designed for preserving privacy in blockchains, e.g. coin mixing, have a limited eect due to high transaction costs and insucient transaction rates. This article provides a framework based on several technologies to address the requirements of privacy, security and performance of the Internet of Things. The basis of the framework is the IOTA technology, a derivative of blockchains relying on a directed acyclic graph to create transactions instead of a linear chain. IOTA improves distributed ledger performance by increasing transaction throughput as more users join the network, making the network scalable. As IOTA is not designed for privacy protection, we complement it with privacy-preserving mechanisms: merge avoidance and decentralized mixing. Finally, privacy is reinforced by introducing usage control mechanisms for users to monitor the use and dissemination of their data. A Proof of Concept is proposed to demonstrate the feasibility of the proposed framework. Performance tests are conducted on this Proof of Concept, showing the framework can work on resource-constrained devices and within a reasonable time. The originality of this contribution is also to integrate an IOTA node within the usage control system, to support privacy as close as possible to the objects that need it.

New paper “Integrating Usage Control Into Distributed Ledger Technology for Internet of Things Privacy”

Integrating Usage Control Into Distributed Ledger Technology for Internet of Things Privacy
by Nathanaël Denis, Maryline Laurent and Sophie Chabridon

IEEE Internet of Things Journal, Volume: 10, Issue: 22, jun. 2023

arXiv link

Abstract
The Internet of Things (IoT) brings new ways to collect privacy-sensitive data from billions of devices. Well-tailored distributed ledger technologies (DLTs) can provide high transaction processing capacities to IoT devices in a decentralized fashion. However, privacy aspects are often neglected or unsatisfying, with a focus mainly on performance and security. In this article, we introduce decentralized usage control mechanisms to empower IoT devices to control the data they generate. Usage control defines obligations, i.e., actions to be fulfilled to be granted access, and conditions on the system in addition to data dissemination control. The originality of this article is to consider the usage control system as a component of distributed ledger networks, instead of an external tool. With this integration, both technologies work in synergy, benefiting their privacy, security, and performance. We evaluated the performance improvements of integration using the IOTA technology, particularly suitable due to the participation of small devices in the consensus. The results of the tests on a private network show an approximate 90% decrease of the time needed for the usage control system to push a transaction and make its access decision in the integrated setting, regardless of the number of nodes in the network.

PhD Defense of Nathanaël DENIS – For a Private and Secure Internet of Things with Usage Control and Distributed Ledger Technology

October 3 2023

Abstract: IoT devices represent one of the major targets for malicious activities. The grounds for this are manifold: first, to reduce the cost of security, manufacturers may sell vulnerable products, leaving users with security concerns. Second, many IoT devices have performance constraints and lack the processing power to execute security software. Third, the heterogeneity of applications, hardware, and software widens the attack surface. As a result, IoT networks are subject to a variety of cyber threats. To counter such a variety of attacks, the IoT calls for security and privacy-preserving technologies. For privacy concerns, usage control grants the users the power to specify how their data can be used and by whom. Usage control extends classic access control by introducing obligations, i.e., actions to be performed to be granted access, and conditions that are related to the system state, such as the network load or the time. This thesis aims at providing answers to the challenges in the Internet of Things in terms of performance, security and privacy. To this end, distributed ledger technologies (DLTs) are a promising solution to Internet of Things constraints, in particular for micro-transactions, due to the decentralization they provide. This leads to three related contributions: 1. a framework for zero-fee privacy-preserving transactions in the Internet of Things designed to be scalable; 2. an integration methodology of usage control and distributed ledgers to enable efficient protection of users’ data; 3. an extended model for data usage control in distributed systems, to incorporate decentralized information flow control and IoT aspects. A proof of concept of the integration (2) has been designed to demonstrate feasibility and conduct performance tests. It is based on IOTA, a distributed ledger using a directed acyclic graph for its transaction graph instead of a blockchain. The results of the tests on a private network show an approximate 90% decrease of the time needed to push transactions and make access decisions in the integrated setting.

PhD Defense of Yuwei WANG – Evolution of Microservice-based Applications: Modelling and Safe Dynamic Updating

October 27 2022

Abstract: Microservice architectures contribute to building complex distributed systems as sets of independent microservices. The decoupling and modularity of distributed microservices facilitates their independent replacement and upgradeability. Since the emergence of agile DevOps and CI/CD, there is a trend towards more frequent and rapid evolutionary changes of the running microservice-based applications in response to various evolution requirements. Applying changes to microservice architectures is performed by an evolution process of moving from the current application version to a new version. The maintenance and evolution costs of these distributed systems increase rapidly with the number of microservices. The objective of this thesis is to address the following issues: How to help engineers to build a unified and efficient version management for microservices and how to trace changes in microservice-based applications? When can microservice-based applications, especially those with long-running activities, be dynamically updated without stopping the execution of the whole system? How should the safe updating be performed to ensure service continuity and maintain system consistency? In response to these questions, this thesis proposes two main contributions. The first contribution is runtime models and an evolution graph for modelling and tracing version management of microservices. These models are built at design time and used at runtime. It helps engineers abstract architectural evolution in order to manage reconfiguration deployments, and it provides the knowledge base to be manipulated by an autonomic manager middleware in various evolution activities. The second contribution is a snapshot-based approach for dynamic software updating (DSU) of microservices. The consistent distributed snapshots of microservice-based applications are constructed to be used for specifying continuity of service, evaluating the safe update conditions and realising the update strategies. The message complexity of the DSU algorithm is not the message complexity of the distributed application, but the complexity of the consistent distributed snapshot algorithm.

Best paper “SmartSPEC: Customizable Smart Space Datasets via Event-Driven Simulations” at PERCOM 2022

Authors: Andrew Chio, Daokun Jiang, Peeyush Gupta, Georgios Bouloukakis, Roberto Yus, Sharad Mehrotra and Nalini Venkatasubramanian

Mark Weiser Best Paper Award (sponsored by Elsevier Pervasive and Mobile Computing)
Artifacts

Abstract
This paper presents SmartSPEC, an approach to generate customizable smart space datasets using sensorized spaces in which people and events are embedded. Smart space datasets are critical to design, deploy and evaluate robust systems and applications to ensure cost-effective operation and safety/comfort/convenience of the space occupants. Often, real-world data is difficult to obtain due to the lack of fine-grained sensing; privacy/security concerns prevent the release and sharing of individual and spatial data. SmartSPEC is a smart space simulator and data generator that can create a digital representation (twin) of a smart space and its activities. SmartSPEC uses a semantic model and ML-based approaches to characterize and learn attributes in a sensorized space, and applies an event-driven simulation strategy to generate realistic simulated data about the space (events, trajectories, sensor datasets, etc). To evaluate the realism of the data generated by SmartSPEC, we develop a structured methodology and metrics to assess various aspects of smart space datasets, including trajectories of people and occupancy of spaces. Our experimental study looks at two real-world settings/datasets: an instrumented smart campus building and a city-wide GPS dataset. Our results show that the trajectories produced by SmartSPEC are 1.4x to 4.4x more realistic than the best synthetic data baseline when compared to real-world data, depending on the scenario and configuration.

Keywords: smart space, sensor, simulation, trajectory

New paper “Analysis of the Impact of Interaction Patterns and IoT Protocols on Energy Consumption of IoT Consumer Applications” at DAIS 2022

Authors: Rodrigo Canek, Pedro Borges, and Chantal Taconet

DAIS 2022 paper

Abstract
Nowadays, it is estimated that half the connected devices are related to the Internet of Things (IoT). The IoT paradigm contributes to the increase of the Information Technology energy demand. The energy demand is due on one side to the huge number of IoT devices, and on the other side to the plethora of IoT end user applications consuming
data produced by those devices. However, taking into account energy consumption in the development of such applications, consuming data produced by IoT devices is still challenging. There is a lack of knowledge on what are the best practises to develop green IoT applications. The work presented in this paper aims to raise the awareness of application designers concerning the impact of the choice of IoT protocols and interaction patterns on the energy consumption of the applications. For this purpose, we have experimentally analysed the energy consumption of HTTP and MQTT, which are two of the most popular, mature and stable protocols for IoT consumer applications. For the HTTP protocol, we have studied both the publish-subscribe and the request-reply interaction patterns. For MQTT, we have studied the publish-subscribe interaction pattern with the three available Quality of Services. We also examine the impact of message payload on energy consumption. The results show that the publish/subscribe interaction pattern has lower energy consumption (around 92% less) than the synchronous interaction pattern and HTTP consumes 20% more energy than the MQTT protocol for the publish/subscribe interaction pattern. Finally, we have shown that the payload has a low impact on energy consumption having a 9% overhead on payloads ranging from 24 to 3120 bytes

Keywords: Middleware, Internet of Things applications, IoT protocols Interaction patterns, IoT Platforms, Energy Consumption, Green IT

New paper “Runtime models and evolution graphs for the version management of microservice architectures” at APSEC 2021

Authors: Yuwei Wang, Denis Conan, Sophie Chabridon, Kavoos Bojnourdi, Jingxuan Ma.

APSEC 2021, https://hal.archives-ouvertes.fr/hal-03419462

Abstract
Microservice architectures focus on developing modular and independent functional units, which can be automatically deployed, enabling agile DevOps. One major challenge is to manage the rapid evolutionary changes in microservices and perform continuous redeployment without interrupting the application execution. The existing solutions provide limited capacities to help software architects model, plan, and perform version management activities. The architects lack a representation of a microservice architecture with versions tracking. In this paper, we propose runtime models that distinguishes the type model from the instance model, and we build up an evolution graph of configuration snapshots of types and instances to allow the traceability of microservice versions and their deployment. We demonstrate our solution with an illustrative application that involves synchronous (RPC calls) and asynchronous (publish-subscribe) interaction within information systems.

New paper “Automating user-feedback driven requirements prioritization” in Elsevier Information and Software Technology

Authors: Fitsum Meshesha Kifetew, Anna Perini, Angelo Susi, Aberto Siena, Denisse Muñante and Itzel Morales-Ramirez

Information and Software Technology, Elsevier, 2021, 138, https://hal.archives-ouvertes.fr/hal-03277970

Abstract

Context: Feedback from end users of software applications is a valuable resource in understanding what users request, what they value, and what they dislike. Information derived from user-feedback can support software evolution activities, such as requirements prioritization. User-feedback analysis is still mostly performed manually by practitioners, despite growing research in automated analysis. Objective: We address two issues in automated user-feedback analysis: (i) most of the existing automated analysis approaches that exploit linguistic analysis assume that the vocabulary adopted by users (when expressing feedback) and developers (when formulating requirements) are the same; and (ii) user-feedback analysis techniques are usually experimentally evaluated only on some user-feedback dataset, not involving assessment by potential software developers. Method: We propose an approach, ReFeed, that computes, for each requirement, the set of related user-feedback, and from such user-feedback extracts quantifiable properties which are relevant for prioritizing the requirement. The extracted properties are propagated to the related requirements, based on which ranks are computed for each requirement. ReFeed relies on domain knowledge, in the form of an ontology, helping mitigate the gap in the vocabulary of end users and developers. The effectiveness of ReFeed is evaluated on a realistic requirements prioritization scenario in two experiments involving graduate students from two different universities. Results: ReFeed is able to synthesize reasonable priorities for a given set of requirements based on properties derived from user-feedback. The implementation of ReFeed and related resources are publicly available. Conclusion: The results from our studies are encouraging in that using only three properties of user-feedback, ReFeed is able to prioritize requirements with reasonable accuracy. Such automatically determined prioritization could serve as a good starting point for requirements experts involved in the task of prioritizing requirements Future studies could explore additional user-feedback properties to improve the effectiveness of computed priorities.

New paper “PrioDeX: a Data Exchange middleware for efficient event prioritization in SDN-based IoT systems” in ACM TOIT

Authors: Georgios Bouloukakis, Kyle Benson, Luca Scalzotto, Paolo Bellavista, Casey Grant, Valérie Issarny, Sharad Mehrotra,Ioannis Moscholios, Nalini Venkatasubramanian

ACM Transactions on Internet of Things, In press, https://hal.archives-ouvertes.fr/hal-03171358

Abstract

Real-time event detection and targeted decision making for emerging mission-critical applications require systems that extract and process relevant data from IoT sources in smart spaces. Oftentimes, this data is heterogeneous in size, relevance, and urgency, which creates a challenge when considering that different groups of stakeholders (e.g., first responders, medical staff, government officials, etc) require such data to be delivered in a reliable and timely manner. Furthermore, in mission-critical settings, networks can become constrained due to lossy channels and failed components, which ultimately add to the complexity of the problem. In this paper, we propose PrioDeX, a cross-layer middleware system that enables timely and reliable delivery of mission-critical data from IoT sources to relevant consumers through the prioritization of messages. It integrates parameters at the application, network, and middleware layers into a data exchange service that accurately estimates end-to-end performance metrics through a queueing analytical model. PrioDeX proposes novel algorithms that utilize the results of this analysis to tune data exchange configurations (event priorities and dropping policies), which is necessary for satisfying situational awareness requirements and resource constraints. PrioDeX leverages Software-Defined Networking (SDN) methodologies to enforce these configurations in the IoT network infrastructure. We evaluate our approach using both simulated and prototype-based experiments in a smart building fire response scenario. Our application-aware prioritization algorithm improves the value of exchanged information by 36% when compared with no prioritization; the addition of our network-aware drop rate policies improves this performance by 42% over priorities only and by 94% over no prioritization.

New paper “IoT data qualification for a logistic chain traceability smart contract” in Sensors journal

Authors: Mohamed Ahmed, Chantal Taconet, Mohamed Ould, Sophie Chabridon, Amel Bouzeghoub

MDPI Sensors, 21 (6), 2021. https://hal.archives-ouvertes.fr/hal-03219609

Abstract

In the logistic chain domain, the traceability of shipments in their entire delivery process from the shipper to the consignee involves many stakeholders. From the traceability data, contractual decisions may be taken such as incident detection, validation of the delivery or billing. The stakeholders require transparency in the whole process. The combination of the Internet of Things (IoT) and the blockchain paradigms helps in the development of automated and trusted systems. In this context, ensuring the quality of the IoT data is an absolute requirement for the adoption of those technologies. In this article, we propose an approach to assess the data quality (DQ) of IoT data sources using a logistic traceability smart contract developed on top of a blockchain. We select the quality dimensions relevant to our context, namely accuracy, completeness, consistency and currentness, with a proposition of their corresponding measurement methods. We also propose a data quality model specific to the logistic chain domain and a distributed traceability architecture. The evaluation of the proposal shows the capacity of the proposed method to assess the IoT data quality and ensure the user agreement on the data qualification rules. The proposed solution opens new opportunities in the development of automated logistic traceability systems.