A Master of Science thesis in Computer Engineering by Shams Eddeen Yousef Shapsough entitled, “Security Assessment of Low-Resource Edge Devices for Iot Systems”, submitted in April 2020. Thesis advisors are Dr. Imran Zualkeman and Dr. Fadi Aloul. Soft copy is available (Thesis, Approval Signatures, Completion Certificate, and AUS Archives Consent Form).
The rapid adoption of Internet of Things (IoT) technologies is creating a large number of systems that employ low cost technologies to automate and control everyday operations in smart cities. This resulted in new security vulnerabilities that may endanger critical assets. This is especially true for applications related to Smart Grid (SG) such as renewable energy management, smart metering, and energy distribution and storage. Security issues in the bidirectional exchange of data between edge devices such as smart meters and utility datacenters, for example, can have severe ramifications if not secured properly. Most edge devices are wireless-enabled system-on chip with embedded operating systems that monitor energy at the generation, distribution, and consumption levels. The limitations and constraints in resources of these devices coupled with IoT communication protocols generate additional security challenges. This work investigates key security issues in IoT systems with special emphasis on edge devices. A generic IoT-based monitoring system utilizing ESP32, ESP8266 and particle photon as well as communication protocols such as Message Queueing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) is developed to simulate data exchange between monitoring edge devices in smart grids. The edge devices utilize single chip microcontrollers and communicate over WiFi. Multiple real-time operating systems firmware that are commonly used in edge devices have been utilized. Severity and impact of system vulnerabilities were investigated, and countermeasures were evaluated in terms of resource overhead. Three experiments were conducted which tackled penetration testing, baseline power consumption assessment for devices employing cryptography, resource overhead under stress conditions. The work found that edge devices are susceptible to a wide array of attacks, mainly, battery draining, eavesdropping, and data injection. Implementing Transport Layer Security (TLS) for data protection consumed only 1-20% more power than the non-TLS scenarios. However, latency suffered a significant increase of up to 3 folds for TLS, compared to non-TLS counterpart.