M. Hossain Heydari

Combinatorial Optimization of Group Key Management

Given the growing number of group applications in many existing and evolving domains recent attention has been focused on secure multicasting over the Internet. When such systems are required to manage large groups that undergo frequent fluctuations in group membership, the need for efficient encryption key management becomes critical. This paper presents a new key management framework based on a combinatorial formulation of the group multicast key management problem that is applicable to the general problem of managing keys for any type of trusted group communication, regardless of the underlying transmission method between group participants. Specifically, we describe Exclusion Basis Systems and show exactly when they exist. In addition, the framework separates key management from encrypted message transmission, resulting in a more efficient implementation of key management.

IoT security attacks using reverse engineering methods on WSN applications

With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become a popular technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring application with the goal to demonstrate the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our WSN application. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect MSP430 micro-controller units (MCUs). We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse engineer WSN applications to obtain critical security information such as encryption keys. We contribute a solution to patch the weak BSL password security flaw and improve the security of MSP430 MCU chips. The Secure-BSL patch we contribute allows the randomization of the BSL password. Our solution increases the brute force time to decades. The impractical brute force time enhances the security of the MSP430 and prevents future reverse engineering tactics. Our research serves as proof that the security of WSNs and the overall IoT technology is broken if we cannot protect these everyday objects at the physical layer.

Localization of Health Center Assets Through an IoT Environment (LoCATE)

The rapid advances in modern wireless technology opens the door for new applications using the Internet of Things (IoT) technology. In the medical field, staff members of a certain hospital are in need for a system that tracks where patients/medical staff/devices are at any given time. LoCATE, which is Localization of Health Center Assets Through an IoT Environment, provides a near-real time tracking tool for medical systems using the existing 802.11 WiFi infrastructure. The primary goal of this system is to track assets and personnel at any hospital (e.g., Sentara® RMH hospital) and continuously log a real-time location data on a cloud computing platform such as Amazon Web Services (AWS). Using LoCATE, administrators can view the location of doctors, patients, and assets in real-time via a web UI or a mobile app, within the organization. The collected data, stored and processes on a Cloud Storage platform, is then analyzed to expose inefficiencies in daily operations and improve the health care system. Low-level functionality of the LoCATE system is unlike that of typical Radio-frequency identification (RFID) technologies. The spirit of the IoT paradigm employed by LoCATE makes the system both flexible and scalable, by leveraging collaboration between embedded and cloud systems. This flexibility will allow for the future support of additional applications such as hardware integration (e.g., New hardware components). This can include data acquisition such as usage statistics and historical patient health data. Compiling this data might pave the way for future research into disease vectors or could be used to optimize care delivered for specific conditions. While implications for an IoT system such as LoCATE are wide-ranging; its primary objective is to provide an easy to use, low-cost solution to track the location of medical assets in real-time.