Biblio

Multi-factor authentication (MFA) systems are being deployed for user authentication in online and personal device systems, whereas physical spaces mostly rely on single-factor authentication; examples are entering offices and homes, airport security, and classroom attendance. The Internet of Things (IoT) growth and market interest has created a diverse set of low-cost and flexible sensors and actuators that can be used for MFA. However, combining multiple authentication factors in a physical space adds several challenges, such as complex deployment, reduced usability, and increased energy consumption. We introduce MAFIA (Multi-layered Architecture For IoT-based Authentication), a novel architecture for co-located user authentication composed of multiple IoT devices. In MAFIA, we improve the security of physical spaces while considering usability, privacy, energy consumption, and deployment complexity. MAFIA is composed of three layers that define specific purposes for devices, guiding developers in the authentication design while providing a clear understanding of the trade-offs for different configurations. We describe a case study for an Automated Classroom Attendance System, where we evaluated three distinct types of authentication setups and showed that the most secure setup had a greater usability penalty, while the other two setups had similar attributes in terms of security, privacy, complexity, and usability but varied highly in their energy consumption.

P2P applications deployment on MANETs is motivated by the popularity of these applications, coupled with the widespread use of mobile devices. P2P applications and MANETs have common features such as decentralization, self organization, and the absence of dedicated servers or infrastructure. The deployment often faces specific performance challenges resulting from topological overlay and underlay mismatch, limited bandwidth constraint and dynamic topology changes. Hierarchical MANETs are a special type of MANETs where some nodes have specific routing roles to allow inter- cluster communications. Such topologies (typical for tactical networks) render a successful P2P deployment more challenging. We developed a novel approach for P2P deployment in such networks by bringing topology-awareness into the overlay, mapping the underlay topology (structure) to the logical overlay and building a hierarchically-structured logical overlay on top of the hierarchical underlay. Simulation results demonstrated a significant performance advantage of our proposed deployment solution vs. a flat logical overlay using different configurations and mobility scenarios.

While there has been considerable research on making power grid Supervisory Control and Data Acquisition (SCADA) systems resilient to attacks, the problem of transitioning these technologies into deployed SCADA systems remains largely unaddressed. We describe our experience and lessons learned in deploying an intrusion-tolerant SCADA system in two realistic environments: a red team experiment in 2017 and a power plant test deployment in 2018. These experiences resulted in technical lessons related to developing an intrusion-tolerant system with a real deployable application, preparing a system for deployment in a hostile environment, and supporting protocol assumptions in that hostile environment. We also discuss some meta-lessons regarding the cultural aspects of transitioning academic research into practice in the power industry.