Soutenance de Thèse de Chaimaa Boudagdigue
THESIS
Presented at Avignon University to obtain the grade of DOCTORAT
SPECIALITY : Computer Sciences
Titre : Trust Models to secure Internet of Things networks
By Chaimaa Boudagdigue
Under supervision of Abderrahim Benslimane
Oral Defense: 15 March, 2023 at 14:00
Abstract
The Internet of Things (IoT) is a new paradigm where any device of everyday life can become part of the Internet. The device just needs to be equipped with a microcontroller, a transceiver and appropriate protocol stacks that make it able to communicate. IoT makes everyday devices intelligent and able to interact in a collaborative way in order to provide intelligent services in different fields such as: agriculture, industry, healthcare and many others. To achieve these objectives, IoT devices must manage confidential and privacy-related data of their users, which makes them very vulnerable to security threats. However, IoT devices do not have the necessary resources (energy, memory, processing, etc.) to implement strong security or to apply the traditional security measures based on cryptographic techniques usually deployed in traditional Internet. Moreover, the traditional security measures cannot ensure the reliability of the IoT networks, especially in the presence of internal attacks. Hence, our work consists in proposing a dynamic analytical trust management model where each IoT device in the network evaluates the trust level of its neighbors using a trust metric, before interacting with them. This allows the device to predict the future behavior of its neighbors and avoid probable security threats. The trust metric of a device can change state depending on the cooperation, reputation and honesty of that device. It can increase, decrease, remain unchanged or tend to zero if the device is untrusted. We model these state changes by using a discrete-time Markov chain, an effective mathematical method that relies on the previous state of a process to predict its future state. Secondly, we focus our research on trust management in industrial IoT networks (IIoT). Indeed, IIoT networks refer to industrial devices (production machines, robots, etc.) connected to wireless networks, and which collect and share data on their environments. IIoT makes companies more reactive, but at the same time it opens the company’s infrastructure to security risks. In order to address this issue, we propose three contributions: To facilitate the trust management process, the first contribution is to change the traditional architecture of IIoT networks into new hierarchical architecture by creating a new concept called the industrial relationships between IIoT nodes. The second contribution proposes a dynamic trust management model, adapted to the requirements of industrial environments. And lastly, the third contribution is to evaluate the ability and the dynamism of our proposed trust management model to detect behavioral changes of untrusted and selfish nodes, by using the contiki/cooja simulator. We subsequently exploit the results of these contributions and the strength of the Signaling game theory to propose a certificate revocation mechanism for IIoT networks. The main purpose of this mechanism is to effectively and accurately isolate untrusted IIoT devices from further contributing to network activities. When a certificate is revoked, the other nodes in the network must be informed immediately. The most important issue is how to efficiently distribute certificate revocation information among IIoT devices? Therefore, we propose, in the last part of this thesis, a new efficient certificate verification scheme, based on short-lived certificates (SLC), and suitable for IIoT network requirements. The validity period of each SLC, in the proposed scheme, is proportional to the trust level of its owner. This makes a good trade-off between certificate life and overheads resulting from certificate renewal process, while keeping a high security level. The performance evaluation we conducted proves the effectiveness of our proposed certificate verification scheme to reduce the time needed to obtain the revocation information as well as the resulting storage and communication overhead to achieve this goal.
Keywords: Trust, Trust Management, Internet of Things, Industrial Internet of Things, Game theory, Signaling game, Markov chain, Digital certificate management, Short-Lived Certificates.