A Trust-based Routing Framework for the Internet of Things
The intelligent connectivity of smart sensor devices commonly referred to as the Internet of Things (IoT) — is swiftly progressing productivity and communication levels and providing many functionalities throughout many organizations globally. The benefits heralded by the IoT’s revolution is threatened, however, by the general lack of understanding of IoT’s specific security demands thus, limiting its swift adoption and potential growth. Two distinguishing features of IoT that makes it unique are the interconnection of billions of smart devices, and the resource-constrained nature of smart “things”. However, most IoT devices and applications operate with either no security; limited or insufficient security to protect the data they transmit during operation due to their limiting properties like CPU, memory capacity, battery life and mobility. This issue is further compounded for IoT system designers, as a global security framework has not been well defined, and most IoT system designers lack the knowledge or expertise to design or define secure IoT systems since this is a new and emerging technology. The routing of data in the IoT network is a specific security area of concern. With the massive scale of data exchange between these devices, and no adequate security to protect the communication of data, compromising data routes becomes easy for attackers. This thesis therefore, proposes a secure routing communication framework called SecTrust, which scales on IoT size and provides acceptable network performances while not depleting the resource availability of these smart “things”. The proposed SecTrust is a secure Trust-based framework for IoT that provides a platform for trust computation, trust evaluation and trust formation among nodes. This framework provides a secure communication among the connected nodes. The framework further provides a system for the identification and isolation of malicious nodes operating within the network. In this system, every node computes the trustworthiness of its direct neighbours based on the computed direct trust value and the recommended trust value. While neighbours with high trust values are chosen for secure routing, nodes with lower trust values are categorised either as malicious, compromised, or perhaps selfish nodes that seek to preserve their resources like battery power. SecTrust consists of five main processes: trust calculation process, trust monitoring process, detection and isolation of malicious nodes, trust rating process and trust backup/recuperation process. The development of this system provides insight into the use of modelling and analytical tools in building effective designs for P2P networks, through the design and development of trust computation, trust creation and trust propagation mechanisms, which are embedded, tested and validated using an IoT platform. The utility of SecTrust as a promising framework for IoT systems is demonstrated via its practical applications comprising: detection and isolation of malicious actors, management and sustenance of trust and recommendation systems in IoT networks and secure routing in IoT using a trust-based mechanism. Through the framework proposed, this thesis demonstrates that the SecTrust system showed promising performance results over other trust-based systems while simulations and testbed experiments offer proof-of-concept of the practicality of the proposed framework solution regardless of the operations of unreliable nodes, malicious nodes, selfish nodes, and even trust related attacks in the network. Furthermore, this study is supported by proposing, implementing, and evaluating the trust-based system for large-scale IoT networks, and it constitutes three main parts. In the first part, the design and evaluation of SecTrust is reported. The effectiveness and transaction validity metrics are measured under purely naïve (attacking nodes working independently) and purely collective (attacking nodes colluding together) scenarios while scaling the network size from small size to a large-sized network. The second part covered the actualization of the SecTrust framework into an IoT routing protocol (SecTrust-RPL). The SecTrust framework was embedded into the RPL routing protocol and simulated using an IoT platform. The simulation was conducted to demonstrate the performance of the trust framework in mitigating known IoT attacks while providing acceptable levels of network performance. The performance of SecTrust-RPL protocol was compared with the RPL routing protocol. The third part was a testbed experiment, which served as a proof-of-concept to validate the simulation results presented and to show the practicality and efficacy of the SecTrust framework in mitigating IoT attacks in a real-world environment with minimal impact on network performance.