Threat-Modeling-Guided Trust-Based Task Offloading for Resource-Constrained Internet of Things

Matthew Bradbury, Arshad Jhumka, Tim Watson, Denys Flores, Jonathan Burton, and Matthew Butler. Threat-Modeling-Guided Trust-Based Task Offloading for Resource-Constrained Internet of Things. ACM Transactions on Sensor Networks, 18(2):41, 2022. doi:10.1145/3510424.

[ bibtex] [ file] [ dataset] [ project]

There is increasing interest in using highly resource-constrained IoT devices to perform complex tasks. These resource might include limited processing power (e.g., 32MHz CPU), RAM (e.g., 32 KiB to 256 KiB), ROM (512 KiB), and potentially no stable storage. However, because of the limited resources an IoT device may need to offload expensive tasks to resource-rich devices. These might be a Cloud server or an Edge node if the latency of task responses is important. In order to address this issue, in this work we developed a middleware to facilitate task offloading using a measure of behavioural trust.

In addition, we also performed a threat modelling on the system to identify ways in which malicious Edge nodes could attempt to manipulate reputation in order to hide their bad actions and ways in which this could be mitigated.

Importance

The key importance of this work is to understand exactly how much of the limited resources needs to be used to implement the middleware. This is because trust models that are used to assess which resource-rich device to offload a task to are typically very large. There is an assumption that “more information” = “better trust model”, but the limited resources mean that there is not much space available to store a behavioural trust model. Our implementation investigated the required design decisions to fit such a system on these IoT devices. It is also important to consider how these devices will be manipulated and what can be prevented with the limited resources available.

Perspectives

During this research we identified the challenges with using certain protocols. For example, MQTT uses TCP which requires a large amount of RAM in order to support the guarantees that TCP provides. MQTT-SN uses UDP, but was not implemented by the Contiki-NG IoT operating system we used.

We also needed to understand the cost of securing the messages sent in this system. Due to issues identified in DTLS implementations we chose to investigate OSCORE to protect messages. This standard conveniently uses the hardware accelleration of the Zolertia RE-Mote devices we performed a deployment with. However, we had to minimise the use of Elliptic Curve operations due to the computational cost (even with hardware acceleration) that meant about 1 signature could be verified per second.

We identified that Edge nodes could make use of provided functionality to attempt to clear historical information stored by IoT devices or prevent those devices from correctly functioning via a denial of service. Both attacks are easy to carry out due to the low resources. We identified implementation details to mitigate the impact of such attacks by using multiple buffers to store information that needed to be verified. We also used a lazy approach to history removal which traded off increased implementation complexity but allowed information not currently relevant to be retained in memory for as long as possible.

Finally, future deployments of such a system will also need to design an appropriate trust model that fits within the limited memory remaining after implementing the task offloading middleware. Our use of the Beta Reputation System proved effective due to its small size.

Dataflow diagram of the proposed system

Extends

This paper extends a previous shorter paper.