Enabling Scalable Security in Internet of Things

Abstract: The popular notion of Internet of Things (IoT) implies two salient features: 1. a diversity of small things, i.e., constrained devices; 2. their seamless integration with the Internet. Pioneering work in Wireless Sensor Networks (WSNs) have laid a solid technological foundation for autonomous, low power wireless communication among battery-powered, microcontroller-based devices. On the other hand, as devices are being connected to the Internet in large numbers, industry experts and regulators have associated IoT with enormous security risk. Sensitive personal information, highly complex business workflows, and critical infrastructure for public safety are at stake. In this dissertation, we first explore the scalability of IoT. Approaching from the particular angle of radio interference, we study unstable and faulty network behavior when links between low power radios are disrupted. Our low cost and practical interference generation tools fill a gap between protocol design and test. We then underline the threat of novel attacks at the physical layer, which lead to denial of service and battery draining of low power radios. Launched from low cost hardware, the attacks we devise are power-efficient and hard to detect; and they reach longer ranges than jamming. Finally, we take a step closer to realization of secure and large-scale IoT deployment by enabling certificate enrollment, a key component in a public key infrastructure, for small devices. We show that automated enrollment of device certificates becomes feasible when a memory and power efficient IoT protocol stack is leveraged. Spanning between the physical layer and the application layer, our work has enriched the knowledge domain of IoT and advanced the technological frontier of scalable and secure IoT deployment.