Measurable Security for Sensor Communication in the Internet of Things


Jump to: navigation, search

Measurable Security for Sensor Communication in the Internet of Things

by n.n.
Supervisor(s) Josef Noll, Mohammad Mushfiqur Rahman Chowdhury, Christian Johansen
Due date 2017/05/22
Status Planned
Problem description: Internet of Things (IoT) will mean for industrial systems
  • more sensors
  • more data
  • how to ensure that "information" spread from one system to another is secure enough
  • how to measure the level of security needed to have from a sensor?

This thesis will address measurable security as the means for defining the security of an industrial system. Previous work has established the Multi-Metrics method, which will be applied to an industrial system following the security specifications from UNIK4750 for secure industrial systems (see L9 from 2016).

Methods and Tools: The tools and methods in this thesis are based on
  • A set of scenario, describing the challenges
  • A list of requirements being extracted from the scenarios
  • A description and evaluation of technologies and tools being candidates for solutions
  • A functional architecture/description of the envisaged system
  • An implementation of the core concepts
  • A demonstration of the solution
  • An evaluation of the solution, including a critical review of the descisions taken earlier
  • Conclusions
  • References
Time schedule The envisaged time schedule is:
T0 0 starting month, T0+m denotes the month where the contribution to a certain chapter shall be finalized; for a short thesis, T0 is 4th week of January 2017
T0+2 months: create an initial page describing the scenario
T0+3: Provide a list of technologies which you think are necessary for the thesis
T0+4: Establish the table of content (TOC) of the envisaged thesis. Each section shall contain 3-10 keywords describing the content of that section
T0+7: Provide a draft of section 2 (scenario) and 3 (technologies)
T0+10: Establish a draft on what to implement/architecture
T0+11: Set-up an implementation, testing and evaluation plan
T0+15: Evaluate your solution based on a set of parameters, keep in mind there is no such thing as a free lunch
T0+17: Deliver the thesis
Pre-Knowledge This thesis includes a reasonable amount of programming. The envisaged thesis is based on radio communications, thus expects the user to have followed at least two radio-related courses
Approved Pending by
Keywords Wireless Sensor Networks, WSN, IoT, Information Security, IoTSec, SCOTT

this page was created by Special:FormEdit/Thesis, and can be edited by Special:FormEdit/Thesis/Measurable Security for Sensor Communication in the Internet of Things

This page provides hints on what to include in your master thesis.

More details

Way ahead

  1. Establish example of an industrial system, see:
  2. understand Multi-Metrics Method (MM)
  3. "think about" criticalities and assign "numbers" for the security elements
  4. establish weighting parameters for the components
  5. perform the MM for the chosen industrial example
  6. perform a sensitivity analysis

Multi-Metrics Method

for a more detailed description, see IoTSec:T1.2


  1. J. Noll, I. Garitano, S. Fayyad, E. Åsberg, H. Abie, «Measurable Security, Privacy and Dependability in Smart Grids», Journal of Cyber Security, 3_4, (2015) ->
  2. I. Garitano, S. Fayyad, J. Noll, «Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems», Wireless Pers. Commun. 81, pp1359-1376 (2015)

Applied Multi Metrics

Take example done for Ref 2, presented in Media:201502Multi-Metrics_Embedded_Systems.pdf

Industrial Use case

see UNIK4750 7Apr - L10: Multi-Metrics Method for measurable Security J - Handouts Media:UNIK4750-L10-Multi-Metrics.pdf,

last slides from Security Semantics: Media:UNIK4750-L8-Security_Semantics.pdf Paper describing the approach: Multi Metrics Approach for Embedded Systems (.pdf on Research Gate) Media:20160407-L10-Lecture_notes.pdf Lecture notes Video Podcast: mms://


Title page, abstract, ...

1. Introduction, containing: short intro into the area, what is happening
1.1 Motivation, containing: what triggered me to write about what I'm writing about
1.2 Methods, containing: which methods are you using, how do you apply them
2. Scenario, optional chapter for explaining some use cases
2.1 user scenario, (bad name, needs something better), here: industrial system
2.2 Requirements/Technological challenges, here: measurable security (suggest what to compare)
3. State-of-the art/Analysis of technology, structure your content after hardware/SW (or other domains). Describe which technologies might be used to answer the challenges, and how they can answer the challenges
3.1 Industrial Use case securities
Firewall, Network, Physical,....
3.2 Multi-Metrics Analysis
4. Implementation of Measurable Security
4.1 Architecture, functional example for an industrial system
4.2 Analysis and definition of criticalities
4.3 Run-through example
which configuration provides which "level" of security
5. Evaluation
Security sensitivity analysis, critical elements, weighting, selection of "criticalities"...
own evaluation, critical observations,
6. Conclusions


Red line

Your thesis should have a "red line", which is visible throughout the whole thesis. This means you should mention in the beginning of each chapter how the chapter contributes to the "goals of the thesis".

Use of scientific methods

A thesis follows a standard method:

  • describe the problem (problemstilling)
  • extract the challenges. These challenges should be measurable, e.g. method is too slow to be useful to voice handover.
  • Analyse technology with respect to challenges. Don't write & repeat "everything" from a certain technology, concentrate on those parts (e.g. protocols) which are of importance for your problem


  • Wikipedia is good to use to get an overview on what is happening. But there is not scientific verification of Wikipedia, thus you should use wikipedia only in the introduction of a chapter (if you use text from wikipedia). Use scientific literature for your thesis.
  • Scientific library is "at your hand", you can get there directly from UiO: [[How to get access to IEEE, Springer and other scientific literature -> Unik/UiOLibrary]]
  • I suggest that references to web pages, e.g. OASIS, W3C standards, are given in a footnote. Only if you find white papers or other .pdf documents on a web page then you refer to them in the reference section.

Evaluation of own work

Perform an evaluation of your own work. Revisit the challenges and discuss in how you fulfilled them. Provide alternative solution and discuss what should be done (or what could have been done).