Research Projects @ ETH Zurich:
My research focus at ETH Zurich has been on Low-power Wireless Systems Coexistence and Security of the Internet of Things. Here are some highlights of the projects I have led or have been involved in at ETH Zurich.
Securing the IoT with Blockchain: Auditable Access Control
Secure storage and management of data generated by the myriad of IoT devices present new challenges in the cloud era. How do we empower the user with ownership and fine-grained access control for IoT data without sacrificing performance or security? To address this challenge, we leverage the blockchain technology to bootstrap trust, for a distributed, secure, and resilient access control management. We introduce Droplet a novel secure data management system for emerging IoT applications. Droplet handles time series data, enables reliable sharing among heterogeneous applications without intermediate trust entities, and features a cryptographically-protected fine-grained and scalable access control to data streams. Poster, Project Webpage.
Technology-Independent Interference Mitigation (TIIM)
Interfering radio technologies differ widely in the way they affect wireless links.
Cross-Technology Interference has a complex impact on wireless links, which needs to be taken into account when treating interference.
To date, much of the interference solutions focus on resolving interference between devices of the same technology.
There exists no systematic mechanism for radios to be aware of what other radio types exist in their environments and make smart decisions to adapt accordingly.
To address this challenge, we developed TIIM, a receiver design that identifies, quantifies, and reacts to CTI in real-time. In the design of TIIM, we took an unconventional approach, where we resort to machine learning to assist wireless nodes in recovering from interference; we employ supervised learning to train radios to recognize interference patterns at which a particular link-layer mitigation scheme would work best, regardless of the interference type.
Cross-Layer Optimization for Low-power Wireless Coexistence (CrossZig)
Current wireless designs still largely impose layer isolation. Thereby, conventional approaches to tackle wireless performance have focused on separately optimizing different layers of the networking stack. This rigid design fails to harness the rich ambient information embedded in the physical signals. Hence, reliability solutions targeting layers in isolation are typically suboptimal. In recent years, cross-layer optimizations were profoundly advocated in the wireless community.
In this project, we pursue this research direction. We show how physical layer information and primitives can be coupled with the link layer to enhance low-power wireless systems coexistence and performance under interference. Notably, we develop CrossZig, a cross-layer wireless design, that enables low-power wireless networks to exploit fine-grained physical layer information to make informed decisions that can help them recover from varying sources of interference. CrossZig utilizes physical layer information to detect the type of interference in corrupted packets and to apply an adaptive packet recovery. Our packet recovery incorporates a novel cross-layer based packet merging scheme and an adaptive channel coding.
Wireless Coexistence Experimentation (CIG)
Wireless research testbed infrastructures often lack proper tools for repeatable replay of realistic radio interference commonly found in real-world deployments. Hence, benchmarking wireless coexistence solutions is often cumbersome, time-consuming, and even infeasible in remote testbeds. To facilitate Cross-Technology Interference and wireless coexistence experimentations, we designed and developed CIG, a framework that extends wireless testbed infrastructures with the capability of reproducing heterogeneous external interference at high fidelity. In the design of CIG, we consider a unified approach that incorporates a careful selection of interferer technologies (implemented in software), to expose networks to realistic interference patterns.
Pilatus: Partial Homomorphic Encrypted Sharing for IoT Data
IoT applications often utilize the cloud to provide storage and ubiquitous access to collected data. This naturally facilitates data sharing with third-party services and other users, but bears privacy risks, due to data breaches or unauthorized trades with user data. To address these concerns, we present Pilatus, a new data protection platform tailored for the IoT ecosystem, that protects data confidentiality while enabling secure processing and selective sharing of encrypted data. Our solution includes a suite of novel techniques that enable efficient partially homomorphic encryption, re-encryption and decryption. Pilatus grants users low-level control over their cloud data with cryptographic guarantees. Pilatus features a novel encrypted data sharing scheme with revocation capabilities and in situ key-update. We present performance optimizations that make these advanced cryptographic tools practical for mobile platforms.
We implemented an Avawomen app with Pilatus. Code
Talos: Ecnrypted Data Processing for the IoT
To tackle the data privacy concerns in IoT, we introduce Talos, a system that stores IoT data securely in a Cloud database while still allowing query processing over the encrypted data.
We enable this by encrypting IoT data with a set of cryptographic schemes such as order-preserving and partially homomorphic encryption.
To achieve this in constrained IoT devices, Talos relies on optimized algorithms that accelerate order-preserving and partially homomorphic encryption by 1 to 2 orders of magnitude.
We assess the feasibility of Talos on low-power devices with and without cryptographic accelerators and quantify its overhead regarding energy, computation, and latency.
With a thorough evaluation of our prototype implementation, we show that Talos is a practical system that can provide a high level of security with a reasonable overhead. Project Webpage,
We relied on the Flocklab testbed at ETH Zurich to evaluate the performance of Talos. Code
We have implemented a benchmark tool for the Contiki OS to automate the macro-benchmark of Talos.
Our drivers for the hardware crypto engine are merged into the main Contiki repo.
We implemented a FitBit app with Talos to operate on encrypted data.
Proximity-based Authentication for the Internet of Things
In this project, we introduce a proximity-based authentication approach
for the IoT that works in-band
by solely utilizing the wireless communication interface. The
novelty of this approach lies in its reliance on ambient radio
signals to infer proximity within about one second, and in
its ability to expose imposters located several meters away.
We identify relevant features sensed from the RF channel to
establish a notion of proximity across co-located low-power
devices. We introduce our proximity-based authentication
protocol and show the feasibility of our approach with an
early prototype using off-the-shelf 802.15.4 sensors.