Renzo E . Navas | IMT Atlantique (original) (raw)
Papers by Renzo E . Navas
2023 IFIP Networking Conference (IFIP Networking)
HAL (Le Centre pour la Communication Scientifique Directe), Nov 8, 2022
Executive summary We address in this deliverable parameters optimization as well as the automatio... more Executive summary We address in this deliverable parameters optimization as well as the automation of devices configuration in massive IoT LoRaWAN scenarios. The utilization of automation techniques for devices configuration is a crucial evolution in IoT LoRa radio access in the way for network virtualization and automation. The challenges in LoRa radio access networks virtualization consists on partitioning the resources between different services and devices that are connecting in an ALOHA-like access. We will investigate how to perform an automatic orchestration of radio resources between different devices. In particular, we will focus on a reducing the overhead required to ensure a good functioning of the automated devices configuration. We intend to (i) develop strategies enabling IoT devices automated configuration (ii) explore possible strategies enabling to follow a certain goal, such as maximize the energy efficiency, or the reliability, represented here by the Packet delivery ratio, and (iii) prepare a platform for service differentiation of different IoT slices.
La gestion et le contrôle intelligents des performances et de la sécurité dans l’IoT, 2022
Le paradigme du Moving Target Defense (MTD) accroît de manière proactive la résilience d'un s... more Le paradigme du Moving Target Defense (MTD) accroît de manière proactive la résilience d'un système par le mouvement perpétuel de ses composants stratégiques. Ce chapitre passe en revue les techniques MTD existantes pour l’IoT, identifie les composants des systèmes IoT qui sont adaptés aux MTD et présente un Framework générique pour aider à concevoir des MTD concrets.
HAL (Le Centre pour la Communication Scientifique Directe), May 31, 2021
This document describes the basic functional architecture of the Intelligentisa project. This doc... more This document describes the basic functional architecture of the Intelligentisa project. This document reviews all the elements necessary to run a LoRAWAN network and the associated functions. The objective is to integrate the functional architecture into an orchestration framework, possibly by virtualizing some fundamental functions, such as LoRAWAN network Servers (LNSs). This requires to identify basic functional blocks, in particular telemetry exploiting metrics from the substrate virtualized infrastructure as well as supported LoRAWAN networks, and orchestration functions for the deployment and the optimization of LoRAWAN networks to achieve some performance objectives. In a first step, all these issues are considered without slicing considerations and in a second step, the concept of slicing in the context of LoRAWAN networks is introduced.
Intelligent Security Management and Control in the IoT
This documents defines the Lightweight Authenticated Time (LATe) Synchronization Protocol, a secu... more This documents defines the Lightweight Authenticated Time (LATe) Synchronization Protocol, a secure time synchronization protocol for constrained environments. The messages are encoded using Concise Binary Object Representation (CBOR) and basic security services are provided by CBOR Object Signing and Encryption (COSE). A secure source of time is a base assumption for many other services, including security services. LATe Synchronization protocol enables these time- dependent services to run in the context of a constrained environment.
This source code goes with the peer-reviewed paper : <pre><code>Renzo E. Navas, Håkon... more This source code goes with the peer-reviewed paper : <pre><code>Renzo E. Navas, Håkon Sandaker, et al. "IANVS: A Moving Target Defense Framework for a resilient Internet of Things." 2020 IEEE Symposium on Computers and Communications (ISCC). IEEE, 2020 (forthcoming). </code></pre>
IEEE Internet of Things Journal, 2021
2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), 2016
The Internet of Things will scale to billions of devices in the next coming years. A secure commu... more The Internet of Things will scale to billions of devices in the next coming years. A secure communication framework is needed to interconnect all these objects, by taking into account their intrinsic constrained in terms of energy, cpu and memory; Several proposals relying on adapting existing well-known and standardized security solutions exist, but we believe there is still a gap for most-constrained nodes to provide fine-grained authorization and secure establishment of fresh cryptographic keys. We propose a mechanism that runs on top of the OAuth Authorization architecture and provides the bootstrapping of fresh authenticated symmetric cryptographic material between previously unknown parties using a noncebased protocol. We set up an energy measurement platform to evaluate our proposal and compare it with existing work.
This is the raw video footage of Renzo E. Navas' public PhD Thesis Defense: "Improving t... more This is the raw video footage of Renzo E. Navas' public PhD Thesis Defense: "Improving the Resilience of the Constrained Internet of Things". Original date: Wednesday 9th of December 2020.
Short film by Renzo E. Navas, presented in the Festival de sciences en cour[t]s 2019 (scientific ... more Short film by Renzo E. Navas, presented in the Festival de sciences en cour[t]s 2019 (scientific vulgarisation) Festival Sciences en Courts (Youtube) -- http://sciences-en-courts.fr/ ** Mention spéciale du jury ** Teaser: Une lampe... connecté? OUI. Parce que l'Internet des Objets (IdO) est arrivé. Mais l'IdO n'est pas limité à la maison. Il est partout. L'IdO ouvre la possibilité à nouvelles façons de faire interagir le monde physique et numérique. Malheureusement, les cyber-attaques ne sont pas exclus de ces nouvelles interactions. Je travaille pour faire la vie des cyber-attaquants plus difficile, et par conséquence cela des nos objets connectés (... et la notre) plus tranquille. Mon travail est basé sur le paradigme "Moving Target Defense" (MTD) [En français: Défense du Cible en Mouvement], qui propose faire que certaines propriétés de nos systèmes soient en changement perpétuel. Avec le MTD, la réussite des attaquants -assuré auparavant- sera en échec....
The Internet of Things (IoT) is becoming a reality and the Internet Engineering Task Force (IETF)... more The Internet of Things (IoT) is becoming a reality and the Internet Engineering Task Force (IETF) is the main open standardization body responsible for it. The IoT implies billions of new devices connected to the Internet and, while several problems like interoperability and routing have been solved, security solutions suited for IoT are still an active field of research. This document is a survey of the state of the art at IETF of security related protocols for IoT. The needed IETF background and a highlight of current efforts on security for IoT is offered. An insight of unsolved problems and future perspectives on IETF concludes this survey. This is an informational document and detailed description of the protocols is not on scope.
2020 IEEE Symposium on Computers and Communications (ISCC), 2020
The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and... more The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted accor...
Internet of Things (IoT) systems are increasingly being deployed in the real world, but their sec... more Internet of Things (IoT) systems are increasingly being deployed in the real world, but their security lags behind the state of the art of non-IoT systems. Moving Target Defense (MTD) is a cyberdefense paradigm that proposes to randomize components of systems, with the intention of thwarting cyberattacks that previously relied in the static nature of systems. Attackers are now constrained by time. MTD has been successfully implemented in conventional systems, but its use to improve IoT security is still lacking in the literature. Over the course of this thesis, we validated MTD as a cybersecurity paradigm suitable for IoT systems. We identified and synthesized existing MTD techniques for IoT using a systematic literature review method,and defined and used four novel entropy related metrics to measure MTD techniques qualitative properties. Secondly, we proposed a generic distributed MTD framework that allows the instantiation of concrete MTD strategies suitable for the constraints of...
Malware remains the number one threat for individuals, enterprises, and governments. Malware’s af... more Malware remains the number one threat for individuals, enterprises, and governments. Malware’s aftermath can cause irreversible casualties if the requirements of the attackers are not met in time. Security researchers’ primary objective is protecting the assets that a person/company possesses. They are in a constant battle in this cyberware facing attackers’ malicious intent. To compete in this arms race against security breaches, we propose an insight into plausible attacks, especially Doxware (also called leakware). We present a quantification model that explores the Windows file system in search of valuable data. It is based on the Term Frequency–Inverse Document Frequency (TF–IDF) solution provided in the literature for information retrieval. The highest-ranked files will be then exfiltrated over the Internet to the attacker’s server. Then, we studied possible countermeasures including deception-based techniques. Amongst the existent ones, we implemented and tested one based on ...
2018 Global Internet of Things Summit (GIoTS), Jun 1, 2018
Time synchronization is fundamental for a wide variety of IoT applications. Time is also fundamen... more Time synchronization is fundamental for a wide variety of IoT applications. Time is also fundamental to provide security services such as certificates or OAuth-token validation. Having a secure source of time is a fundamental problem, and the first step to provide other services for applications. There is no standardized lightweight and secure time synchronization solution suitable for IoT. We propose a Lightweight Authenticated Time (LATe) Synchronization Protocol. Our proposal is based on IETF open standards and is agnostic to underlying communication technologies. We also provide a computer-aided proof of the security claims using the Scyther tool.
Ad-hoc, Mobile, and Wireless Networks
2015 IEEE 16th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2015
The Internet of Things will scale to billions of devices in the next coming years. A secure commu... more The Internet of Things will scale to billions of devices in the next coming years. A secure communication framework is needed to interconnect all these objects, by taking into account their intrinsic constrained in terms of energy, cpu and memory; Several proposals relying on adapting existing well-known and standardized security solutions exist, but we believe there is still a gap for most-constrained nodes to provide fine-grained authorization and secure establishment of fresh cryptographic keys. We propose a mechanism that runs on top of the OAuth Authorization architecture and provides the bootstrapping of fresh authenticated symmetric cryptographic material between previously unknown parties using a nonce-based protocol. We set up an energy measurement platform to evaluate our proposal and compare it with existing work.
2023 IFIP Networking Conference (IFIP Networking)
HAL (Le Centre pour la Communication Scientifique Directe), Nov 8, 2022
Executive summary We address in this deliverable parameters optimization as well as the automatio... more Executive summary We address in this deliverable parameters optimization as well as the automation of devices configuration in massive IoT LoRaWAN scenarios. The utilization of automation techniques for devices configuration is a crucial evolution in IoT LoRa radio access in the way for network virtualization and automation. The challenges in LoRa radio access networks virtualization consists on partitioning the resources between different services and devices that are connecting in an ALOHA-like access. We will investigate how to perform an automatic orchestration of radio resources between different devices. In particular, we will focus on a reducing the overhead required to ensure a good functioning of the automated devices configuration. We intend to (i) develop strategies enabling IoT devices automated configuration (ii) explore possible strategies enabling to follow a certain goal, such as maximize the energy efficiency, or the reliability, represented here by the Packet delivery ratio, and (iii) prepare a platform for service differentiation of different IoT slices.
La gestion et le contrôle intelligents des performances et de la sécurité dans l’IoT, 2022
Le paradigme du Moving Target Defense (MTD) accroît de manière proactive la résilience d'un s... more Le paradigme du Moving Target Defense (MTD) accroît de manière proactive la résilience d'un système par le mouvement perpétuel de ses composants stratégiques. Ce chapitre passe en revue les techniques MTD existantes pour l’IoT, identifie les composants des systèmes IoT qui sont adaptés aux MTD et présente un Framework générique pour aider à concevoir des MTD concrets.
HAL (Le Centre pour la Communication Scientifique Directe), May 31, 2021
This document describes the basic functional architecture of the Intelligentisa project. This doc... more This document describes the basic functional architecture of the Intelligentisa project. This document reviews all the elements necessary to run a LoRAWAN network and the associated functions. The objective is to integrate the functional architecture into an orchestration framework, possibly by virtualizing some fundamental functions, such as LoRAWAN network Servers (LNSs). This requires to identify basic functional blocks, in particular telemetry exploiting metrics from the substrate virtualized infrastructure as well as supported LoRAWAN networks, and orchestration functions for the deployment and the optimization of LoRAWAN networks to achieve some performance objectives. In a first step, all these issues are considered without slicing considerations and in a second step, the concept of slicing in the context of LoRAWAN networks is introduced.
Intelligent Security Management and Control in the IoT
This documents defines the Lightweight Authenticated Time (LATe) Synchronization Protocol, a secu... more This documents defines the Lightweight Authenticated Time (LATe) Synchronization Protocol, a secure time synchronization protocol for constrained environments. The messages are encoded using Concise Binary Object Representation (CBOR) and basic security services are provided by CBOR Object Signing and Encryption (COSE). A secure source of time is a base assumption for many other services, including security services. LATe Synchronization protocol enables these time- dependent services to run in the context of a constrained environment.
This source code goes with the peer-reviewed paper : <pre><code>Renzo E. Navas, Håkon... more This source code goes with the peer-reviewed paper : <pre><code>Renzo E. Navas, Håkon Sandaker, et al. "IANVS: A Moving Target Defense Framework for a resilient Internet of Things." 2020 IEEE Symposium on Computers and Communications (ISCC). IEEE, 2020 (forthcoming). </code></pre>
IEEE Internet of Things Journal, 2021
2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), 2016
The Internet of Things will scale to billions of devices in the next coming years. A secure commu... more The Internet of Things will scale to billions of devices in the next coming years. A secure communication framework is needed to interconnect all these objects, by taking into account their intrinsic constrained in terms of energy, cpu and memory; Several proposals relying on adapting existing well-known and standardized security solutions exist, but we believe there is still a gap for most-constrained nodes to provide fine-grained authorization and secure establishment of fresh cryptographic keys. We propose a mechanism that runs on top of the OAuth Authorization architecture and provides the bootstrapping of fresh authenticated symmetric cryptographic material between previously unknown parties using a noncebased protocol. We set up an energy measurement platform to evaluate our proposal and compare it with existing work.
This is the raw video footage of Renzo E. Navas' public PhD Thesis Defense: "Improving t... more This is the raw video footage of Renzo E. Navas' public PhD Thesis Defense: "Improving the Resilience of the Constrained Internet of Things". Original date: Wednesday 9th of December 2020.
Short film by Renzo E. Navas, presented in the Festival de sciences en cour[t]s 2019 (scientific ... more Short film by Renzo E. Navas, presented in the Festival de sciences en cour[t]s 2019 (scientific vulgarisation) Festival Sciences en Courts (Youtube) -- http://sciences-en-courts.fr/ ** Mention spéciale du jury ** Teaser: Une lampe... connecté? OUI. Parce que l'Internet des Objets (IdO) est arrivé. Mais l'IdO n'est pas limité à la maison. Il est partout. L'IdO ouvre la possibilité à nouvelles façons de faire interagir le monde physique et numérique. Malheureusement, les cyber-attaques ne sont pas exclus de ces nouvelles interactions. Je travaille pour faire la vie des cyber-attaquants plus difficile, et par conséquence cela des nos objets connectés (... et la notre) plus tranquille. Mon travail est basé sur le paradigme "Moving Target Defense" (MTD) [En français: Défense du Cible en Mouvement], qui propose faire que certaines propriétés de nos systèmes soient en changement perpétuel. Avec le MTD, la réussite des attaquants -assuré auparavant- sera en échec....
The Internet of Things (IoT) is becoming a reality and the Internet Engineering Task Force (IETF)... more The Internet of Things (IoT) is becoming a reality and the Internet Engineering Task Force (IETF) is the main open standardization body responsible for it. The IoT implies billions of new devices connected to the Internet and, while several problems like interoperability and routing have been solved, security solutions suited for IoT are still an active field of research. This document is a survey of the state of the art at IETF of security related protocols for IoT. The needed IETF background and a highlight of current efforts on security for IoT is offered. An insight of unsolved problems and future perspectives on IETF concludes this survey. This is an informational document and detailed description of the protocols is not on scope.
2020 IEEE Symposium on Computers and Communications (ISCC), 2020
The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and... more The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted accor...
Internet of Things (IoT) systems are increasingly being deployed in the real world, but their sec... more Internet of Things (IoT) systems are increasingly being deployed in the real world, but their security lags behind the state of the art of non-IoT systems. Moving Target Defense (MTD) is a cyberdefense paradigm that proposes to randomize components of systems, with the intention of thwarting cyberattacks that previously relied in the static nature of systems. Attackers are now constrained by time. MTD has been successfully implemented in conventional systems, but its use to improve IoT security is still lacking in the literature. Over the course of this thesis, we validated MTD as a cybersecurity paradigm suitable for IoT systems. We identified and synthesized existing MTD techniques for IoT using a systematic literature review method,and defined and used four novel entropy related metrics to measure MTD techniques qualitative properties. Secondly, we proposed a generic distributed MTD framework that allows the instantiation of concrete MTD strategies suitable for the constraints of...
Malware remains the number one threat for individuals, enterprises, and governments. Malware’s af... more Malware remains the number one threat for individuals, enterprises, and governments. Malware’s aftermath can cause irreversible casualties if the requirements of the attackers are not met in time. Security researchers’ primary objective is protecting the assets that a person/company possesses. They are in a constant battle in this cyberware facing attackers’ malicious intent. To compete in this arms race against security breaches, we propose an insight into plausible attacks, especially Doxware (also called leakware). We present a quantification model that explores the Windows file system in search of valuable data. It is based on the Term Frequency–Inverse Document Frequency (TF–IDF) solution provided in the literature for information retrieval. The highest-ranked files will be then exfiltrated over the Internet to the attacker’s server. Then, we studied possible countermeasures including deception-based techniques. Amongst the existent ones, we implemented and tested one based on ...
2018 Global Internet of Things Summit (GIoTS), Jun 1, 2018
Time synchronization is fundamental for a wide variety of IoT applications. Time is also fundamen... more Time synchronization is fundamental for a wide variety of IoT applications. Time is also fundamental to provide security services such as certificates or OAuth-token validation. Having a secure source of time is a fundamental problem, and the first step to provide other services for applications. There is no standardized lightweight and secure time synchronization solution suitable for IoT. We propose a Lightweight Authenticated Time (LATe) Synchronization Protocol. Our proposal is based on IETF open standards and is agnostic to underlying communication technologies. We also provide a computer-aided proof of the security claims using the Scyther tool.
Ad-hoc, Mobile, and Wireless Networks
2015 IEEE 16th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2015
The Internet of Things will scale to billions of devices in the next coming years. A secure commu... more The Internet of Things will scale to billions of devices in the next coming years. A secure communication framework is needed to interconnect all these objects, by taking into account their intrinsic constrained in terms of energy, cpu and memory; Several proposals relying on adapting existing well-known and standardized security solutions exist, but we believe there is still a gap for most-constrained nodes to provide fine-grained authorization and secure establishment of fresh cryptographic keys. We propose a mechanism that runs on top of the OAuth Authorization architecture and provides the bootstrapping of fresh authenticated symmetric cryptographic material between previously unknown parties using a nonce-based protocol. We set up an energy measurement platform to evaluate our proposal and compare it with existing work.