collection and analysis of digital forensic data from
TRANSCRIPT
Collection and Analysis of Digital Forensic Data from Devices in the Internet of
Things
by
Raed Alharbi
Bachelor of Computer Information Systems Computing Department
Taibah University 2015
A Thesis
submitted to the Department of Computer Engineering and Science at Florida Institute of Technology
in partial fulfillment of the requirements for the degree of
Master of Computer Information Systems
in Computer Sciences Department
Melbourne, Florida December, 2018
⃝c Copyright 2018 Raed Alharbi
All Rights Reserved
The author grants permission to make single copies.
We the undersigned committee hereby approve the attached Thesis
Collection and Analysis of Digital Forensic Data from Devices in the Internet of
Things by Raed Alharbi
William Allen, Ph.D. Associate Professor Computer Engineering and Science Committee Chair
James Brenner, Ph.D. Associate Professor Biomedical and Chemical Engineering and Science Outside Committee Member
Bernard Parenteau, Ph.D. Assistant Professor Computer Engineering and Science Committee Member
Philip Bernhard, Ph.D. Associate Professor Computer Engineering and Science Academic Department Unit Head
iii
ABSTRACT
Title:
Collection and Analysis of Digital Forensic Data from Devices in the Internet of
Things
Author:
Raed Alharbi
Major Advisor:
William Allen, Ph.D.
Despite the abundance articles that have been written about the Internet of Things
(IoT), little attention has been given to how digital forensics approaches can be
utilized to direct advanced investigations in IoT-based frameworks. As of yet, IoT
has not completely adjusted to digital forensic strategies given the fact that current
digital forensic tools and functions are not ready to tackle the complexity of IoT
frameworks for the purpose of collecting, analyzing, and testing potential evidence
from IoT environments that might be utilized as permissible evidence in a court.
Hence, the issue addressed is that; currently, there is no accepted digital forensic
framework that can be used to conduct digital forensic investigations in IoT-based
environments. Besides that, at the time of this writing, there has been little focus
on how to gather and save network and server logs from IoT-based environments
for investigative purposes. Based on this premise, we propose a digital forensic
framework called Radlen, a lightweight digital forensic investigation model that is
able to enhance and support future IoT investigative capabilities. Radlen is able to
coordinate and manage IoT devices within a smart apartment using a smart watch
to satisfy the user’s needs, preserve security, and make decisions automatically.
The authors simulate the Radlen system using a Java application that learns users
iv
needs and security preferences during installation as using a MySQL server to save
all data communications logs for IoT devices.
v
Table of Contents
Abstract iii
List of Figures viii
List of Tables x
Abbreviations xi
Acknowledgments xii
Dedication xiv
1 Introduction 1
1.1 Background of IoT ................................................................................. 1
1.2 Internet of Things .................................................................................. 2
1.3 Smart Homes ......................................................................................... 4
1.4 Motivations ............................................................................................. 5
1.5 Statement of Problem ............................................................................ 6
2 Related Work and Research Objectives 8
2.1 Related Work ................................................................................................. 8
2.2 Research Objectives ............................................................................. 13
vi
2.2.1 Objectives .................................................................................. 13
2.2.2 Contribution of the Research ................................................... 13
3 Proposal System 15
3.1 Radlen Overview .................................................................................. 15
3.1.1 The Apartment Design ............................................................. 17
3.1.2 System Architecture ................................................................. 18
3.1.3 Security System Agent: ............................................................ 19
3.1.3.1 Gas Detector: ............................................................. 19
3.1.3.2 Broken Window: ........................................................ 20
3.1.3.3 Water Leakage: .......................................................... 21
3.1.3.4 Smoke: ........................................................................ 22
3.1.3.5 Camera: ...................................................................... 23
3.1.4 Non-motion .............................................................................. 25
3.1.5 Convenience System Agent: ..................................................... 25
3.1.5.1 Coffee Maker: ............................................................. 25
3.1.5.2 Kitchen Lighting: ....................................................... 26
3.1.5.3 Restroom Lighting: .................................................... 27
3.1.5.4 Bed Sensor: ................................................................ 28
3.1.5.5 Air-Conditioner: ......................................................... 29
3.1.5.6 Humidity: ................................................................... 30
3.1.5.7 Washing Machine: ..................................................... 31
3.2 User Configurations ............................................................................. 32
3.3 Forensic Data Collection ..................................................................... 33
vii
4 Work Methods 34
4.1 Normal Day Events ................................................................................. 34
4.2 Abnormal Events ..................................................................................... 37
4.2.1 Theft or Accident ...................................................................... 37
4.2.2 Fire by Gas ................................................................................ 38
4.2.3 Smoke ........................................................................................ 40
4.2.4 Water Leakage .......................................................................... 42
4.2.5 Untrusted Person ..................................................................... 43
4.2.6 Health Issue .............................................................................. 45
4.3 Simulation of Radlen .......................................................................... 46
5 Conclusions and Future Work 55
6 Bibliography 59
viii
List of Figures
3.1 Radlen Apartment Overview ................................................................ 16
3.2 Radlen System Architecture ................................................................. 18
3.3 Gas detector schedule ........................................................................... 19
3.4 Broken Window Sensor ........................................................................ 20
3.5 Water Leak Detector ............................................................................. 21
3.6 Smoke Detector .................................................................................... 23
3.7 Authorization........................................................................................ 24
3.8 Coffee Maker Process ........................................................................... 26
3.9 Kitchen Lighting ................................................................................... 27
3.10 Restroom Lighting ................................................................................ 28
3.11 Bed Sensor Pad .........................................................................................28
3.12 Air-Conditioner .................................................................................... 29
3.13 Humidity .............................................................................................. 30
3.14 Washing Machine ................................................................................. 31
3.15 Forensic Data Example ......................................................................... 33
3.16 Broken Window Process ....................................................................... 37
4.1 Gas Leak Process .................................................................................. 39
4.2 Smoke Detector Process ....................................................................... 41
4.3 Water Leak Process .............................................................................. 42
ix
4.4 Door detectable Process ...................................................................... 44
4.5 Unfounded Movement Process ............................................................ 45
4.6 Time Preference ................................................................................... 47
4.7 Humidity Degree .................................................................................. 48
4.8 Security Waiting Time ......................................................................... 49
4.9 Server .................................................................................................... 50
4.10 Smart Watch .....................................................................................................51
4.11 IoT Sensors Activation ......................................................................... 52
4.12 Police Calling ........................................................................................ 53
4.13 Alarm Activation .................................................................................. 53
4.14 Communication Logs ........................................................................... 54
x
List of Tables
5.1 Security System. .............................................................................. 49
5.1 Convenience System. ...................................................................... .50
xi
List of Symbols, Nomenclature or
Abbreviations
IoT \Internet of Things
BD \Bed Sensor Pad L \Lighting H \Humidity Sensor GB \Glass Break Sensor W L \Water Leakage Detector S \Motion Sensor C \Camera G \Gas Detector F \Fan A \Alarm T S \Temperature Sensor DD \Door Sensor
SS \Shower Switch
xii
Acknowledgements
First of all, I would like to thank the lord of the worlds, Allah, the one who is most
deserving of thanks and praise, and who directed me to the path of knowledge and
wisdom in my educational journey and life in general.
I would like to express my profound gratitude to my master adviser Dr. Willam
Allen, for believing in me. Thank you for the invaluable wisdom, knowledge, and
direction you have shared with me over the last year. During my thesis period, I
have never felt frustrated by inefficient work because Dr.Allen has always
encouraged me and shown me the right path. He constantly urged me to complete
my thesis efficiently and on time. He is a man of modesty and humility despite
the knowledge and skills that he has.
I would like to take this opportunity to express my sincerest regards and grati-
tude to my parents Mr. Ibrahim Alharbi and Mrs. Norah Alharbi, for raising me,
standing behind me, helping me and supporting me in the pursuit of my graduate
studies from one of the top programs for computer science majors.
Special thanks to my sister Ala Alharbi, my brother Basem Alharbi and, my
friends Adel Alsalmi and; Ahmad and Mohammed Aljohani for their motivation
and patience during my academic journey.
Finally, many thanks to my sponsor, Saudi Electronic University, which granted
xiii
me a scholarship to pursue my master’s degree in computer information systems.
xiv
Dedication
This thesis is dedicated to my parents, who have loved and believed in me since
my childhood.
1
Chapter 1
Introduction
This section is organized as follows: In 1.1 the background of IoT is provided; then
in 1.2, a description is given of IoT and what IoT technologies include. Next, in
1.3, why IoT is critical to communities and what makes it exciting and different
from other security issues is discussed. Then, in 1.4 some challenges in the IoT en-
vironment are presented. Finally, the goal and structure of this paper are provided
in 1.5.
1.1 Background of IoT
The most profound technologies are those that disappear. In other words, they
weave themselves into the fabric of everyday life until they are indistinguishable
from it, as Mark Weiser states in his seminal paper [1]. There have been a dra-
matic changes in peoples’ daily lives, the ways in which organizations work, and
how owners operate their businesses. These changes started after the arrival of in-
formation technologies. Later, IoT becomes widely accepted many different kinds
2
of markets, including the everyday life of a man in the society, so the Internet itself
is part of the Internet of Things (IOT). In spite of the fact that the IoT has not
existed very long, there were discussions in the early 1800s about how machines
could communicate with each other, and the first landline, developed in the 1830s,
was an example of how machines were providing direct communications [2]. One of
the earliest examples of the Internet of Things occurred when a Coca-Cola machine
was placed on the Carnegie Mellon University campus. The students (program-
mers) would order from the machine by connecting the Internet to a refrigerated
device on the machine, and then check for the availability of a drink that was cold
before they made an order [2]. Later, in 1999, the term Internet of Things was
officially coined by Kevin Ashton, British technology expert on the IoT [3].
1.2 Internet of Things
The term ”Internet of Things” is composed of two key words, the Internet and the
Things. The internet is a global computer network that provides different types of
information and communication services, and it consists of interconnected networks
that use standard Internet protocol (TCP/IP) to provide services for billions of
people in the world. It is part of many networks, including governments, businesses,
academics institutions, and public and private networks. Ranging from local to
global in scope, they are linked by several different wireless, electronic, and optical
networking technologies [4]. The ”things,”on the other hand, could be any persons
or objects, and they could be unique in the real world. These objects include
electronic devices and technical equipment that we use daily, as well as things that
we do not usually think of as computerized at all, such as furniture, clothing, food,
3
and special items [5]. Therefore, ”the things” can be taken to mean organisms, such
as people, animals, or plants, trees, as well as non-organisms, such as tables, lights,
plates, chairs, homes, businesses, etc. There is no generally agreed upon definition
for the Internet of Things that is agreed upon by the international community.
Indeed, there are various groups, including researchers, academics, innovators,
developers, practitioners, and business owners, who have defined the phrase in
terms specifically related to their own fields. For example, in the article ”Network-
Level Security and Privacy Control for Smart-Home IoT Devices,” authors Vijay
Sivaramany, Hassan Habibi Gharakheiliy, Arun Vishwanath, Roksana Boreli and
Olivier Mehani describe the Internet of Things as devices that connect to each
other using the Internet, such as smart homes, and this enables individuals to
monitor and control environments remotely. This includes, for example, using a
smart phone to remotely control lighting systems, and smoke alarms in case of fire
[6]. Also, in the article ”Experiments with Security and Privacy in IoT Networks,”
Mary R. Schurgot, David A. Shinberg, and Lloyd Greenwald describe the Internet of
Things as connected devices that have the ability to sense and monitor our
environment, including cars, utilities, and so on. In the article ”Data Privacy for
IoT Systems,” Elisa Bertino defines the Internet of Things as embedded computing
devices that spread widely in the physical environment, and this double our efforts
for collection of data [7]. In all the preceding definitions, we note the common idea
that the new version of the Internet is driven by data created by things, unlike
the old version, which was driven by data created by people. Next, I will present
a glossary based on authors’ common ideas about the definition of the Internet of
Things: 1) Internet of Things (IoT): Connected objects using Internet networks
capable of collecting and exchanging information using embedded sensors.
4
2) Internet of Things Devices: Standalone Internet-connected devices that can be
checked and observed from a distant location.
3) Network: The Internet network that enables users to communicate with their
devices, as well as the devices made to communicate with each other, all of them,
depending on users’ will.
4) Remotes: Devices that enable people, businesses or governments to control and
communicate with IoT devices using a control panel, such as a mobile application.
These include PCs, smart phones, smart watches, connected TVs, and customized
remotes.
1.3 Smart Homes
A smart home is a house or apartment setup that is equipped with smart ob-
jects. These objects can be automatically controlled remotely from any Internet-
connected place using networked devices or other mobile applications [22]. The
smart home has its devices interconnected using the Internet, and a user can man-
age functions such as lighting, temperature and home theater. The smart home’s
devices are connected to one another through one central point such as a laptop
that allows the user to manage these devices. Smart home devices including door
locks, thermostats, televisions, home monitors, cameras, lights, and even refriger-
ators can be controlled using one home automation system. Therefore, once these
smart devices have been connected, we have an example of what we call Internet of
Things technology [22]. Smart home connected devices can be either networked to-
gether wirelessly or hardwired. Wireless systems are available at affordable prices
and are easier to install, but they can also be more vulnerable to cyber attack
5
[23]. On the other hand, hardwired systems are more expensive, and much harder
to install, but they are more reliable and harder to hack [23]. In the smart home
environment, different types of services can be found, including security systems,
multimedia systems, and convenience systems. Year after year, the use of wireless
systems grows quickly than hardwired systems, since wireless systems have more
flexibility when users install them in their homes. Therefore, it is common to see
more than one wireless technology in different homes and even in the same home.
These technologies include Bluetooth, ZigBee, Wi-Fi, WiMAX, Z-wave, etc. [22].
1.4 Motivations
The real value of IoT goes well beyond using its capabilities to turn lights on or off
[8]. More importantly, IoT technology could be used to save people’s lives if used
in the right way and at the right time [8]. For example, John Doe, who lives alone,
and has seizures from time to time needs to be continuously monitored. With
IoT technology, John can wear an Internet-connected watch linked to a doctor’s
computer. The watch can monitor all of his vitals in real time and send notifications
back to the doctor in case of an emergency. Additionally, John does not have to
see his doctor in person; instead, his doctors can communicate with him remotely
[9].
The above example shows how one small health product that supports IoT
technology could help save lives. Device-to-device interaction provides automation,
and this leads to improved quality of tasks and services without human interference
[10]. IoT technology could also be used in building and home automation [11].
Imagine that your alarm clock wakes you up in the morning at 5:00 am, cues your
6
coffee maker to prepare your favorite coffee, and then prompts your car to find the
fastest route to get you to work [12]. What if an accident were to happen in front
of your car might be able to send a text message to your boss telling him that you
will be late? Indeed, IoT will make our lives easier [12]. These examples show why
IoT is an exciting field these days. However, this kind of technology also has its
challenges [8] In the next section, we will identify some IoT problems and discuss
ways to address them.
1.5 Statement of Problem
Besides the fact that IoT has become something that people cannot do without in
current society, it also poses substantial risks to people, especially forensic investi-
gators. Conventional computer forensics analysis is based on a defined, established
process, the main goal of which is to preserve the integrity of digital evidence. Ac-
cordingly, there are various models that describe precisely how the investigation
process should be out by forensic examiners. However, these methodologies are not
yet prepared for the heterogeneous and dynamic environment of the IoT [14]. The
traditional models are designed to control physical evidences from the point of
collection until its ultimate disposition, but this approach may not be appropriate
for scenarios involving a large number of IoT devices of a heterogeneous nature.
The transition from traditional home environments to smart homes controlled
by IoT raises many issues from a forensic investigation prospective [13]. Even
though IoT devices are technologically sophisticated, they are also lightweight,
have limited power and memory, and are dependent upon network sharing. Leav-
ing these devices running all the time at the scene of an investigation may drain
7
the memory and power. Thus, protocols are needed to determine when devices
should be powered off or on to assist investigators on scene and save IoT devices’
resources [13]. Also, examining IoT devices logs such as application logs, network
logs, and smart watch logs from different sources and collecting them together
may help forensic investigators obtain the overall picture of a device’s activity and
clues that could generate leads. However, there is a lack of standardized frame-
works governing the collection these devices’ logs while preserving data integrity
[13]. Moreover, there is the issue of proper evidence handling since digital evi-
dence can be modified easily, and thus investigators need a tool that prevents any
modification of IoT device data.
8
Chapter 2
Related Work and Research
Objectives
In this section, we present IoT issues in digital forensics as identified in most
relevant articles for this research, as well as how different researchers identify these
problems. We then provide objectives for this research.
2.1 Related Work
In the article ”FAIoT: Towards Building a Forensics Aware Eco System for the
Internet of Things”, Zawoad and Hassan [16] address the issue that the rapid
increase of IoT device creates a new attack environment. Therefore, there is a
need to provide forensics support to IoT applications. The authors in [16] claim
that analysis of existing challenges in forensic investigation in an IoT environment
could help researchers obtain a clear understanding of specific research problems.
Another article in [17] presents a model that could assist forensic investigators
9
to operate in digital forensic situations, and it provides organized levels for the
analysis of digital forensic evidence, including authorization, planning, analysis
and chain of custody. However, the article in [16] represented a starting point for
IoT forensic investigation, and the proposal was done on a high-level basis. Also,
though the authors in [17] show deep understanding and provide an organized
process, the article was barely applicable to the digital forensics.
The next article under review is ”A Generic Digital Forensic Investigation
Framework for Internet of Things (IoT),” and in this, the authors address the
issue of a lack of digital forensics (DF) techniques that can be used to support
digital forensic investigations (DFIs) in IoT-based environments. In addition, the
authors in [18] state that the existing DF tools and approaches are not adequate
to deal with the heterogeneity and decentralized nature of IoT environments. The
authors in [18] also mention the lack of standard frameworks for DF in IoT infras-
tructures needed to assist DFIs. Therefore, the authors propose a generic digital
forensic investigation framework for IoT to conduct future IoT forensic investiga-
tions capabilities more accurately [18]. The authors propose frameworks in [18]
include some security techniques, international standards for information technol-
ogy, incident processes and investigation rules, and thus they claim that if the
framework is appropriately implemented in future DF tool development, it will
support effective digital forensic crime investigations in IoT environments.
On the other hand, the authors of the article ”A Methodology for Privacy-
Aware IoT-Forensics” the authors claim that in spite of the fact that the article
in [18] provides a degree of certainty in building up the IoT infrastructure, it
does not include privacy and ethics as part of proposed framework [18]. Also,
the authors in [19] disagree with the authors in [18] regarding the use of search
10
warrants; In countries, without America’s fourth amendment forensic investigators
to gather digital evidence from suspects at the outset of the process and are would
be allowed delays in investigations in some urgent scenarios. In addition to that,
a user may refuse in some cases to cooperate as a witness. Therefore, the authors
in [19] propose a model called PRoFIT for helping digital forensic investigations
in IoT environments. The model includes a users’ right to privacy as part of their
framework by promoting voluntary collaboration of information in IoT devices in
digital forensic investigations.
Another article [24] states that despite the beauty of smart home automation
systems and their ability to make people live more easily, there is little research
about how to collect and identify digital evidence in smart homes, and so forensic
acquisition and analysis of a home automation system is needed. Also, IoT devices
have limited power and memory, and so forensic investigators may find it difficult
to collect evidence from these devices. Therefore, the authors in [24] propose a
forensic investigation model for smart home infrastructures using three different
scenarios to evaluate the utility of the framework. The model includes collecting
the data from the site, preserving evidences via third party, understanding the
smart home system and checking the security level [24].
The majority of current auto-unlocking methods can be exploited by attackers
to obtain unauthorized access to homes. This paper provides approaches to miti-
gate unwanted unlocking attacks to make sure the user is near the door when he
intends to open the door [25]. For instance, the smart lock system verifies both the
smart key and wearable device in the same area by using wireless communication.
The authors’ approach uses touch to a signal that the user wants to open the door
by using body-area networking (BAN), which creates a touch-limited channel [25].
11
When a user is near the smart lock, a secure communication through Wifi is es-
tablished between the smart lock and the user’s wearable device. The authorized
person then touches the face of the door. When the smart look feels the touch, it
sends an intent signal to the person’s wearable device over a BAN channel. The
wearable device then sends an unlock message to the smart lock over the secure
wireless channel. Finally, when the smart lock receives the unlock message from
the wearable device, it checks to see if it has recently sent an intent signal before
opening the door.
In the article entitled ”SmartAuth: User-Centered Authorization for the In-
ternet of Things” [26], Tian et al. claim that the users of IoT apps face critical
issues when using these apps. Some of the issues go beyond simply affecting the
deceives that being used. The authors claim that most smart apps ask for and
use permissions from the user more than is actually needed. They claim that such
apps ask for unnecessary permissions depending on their descriptions. For exam-
ple, an apps description says that the app can be used to manage room lights, yet
it asks for permissions to control the air condition as well. Tian et al. claim that
this overreach is a serious problem, and they claim that users of IoT apps are not
appropriately informed to understand what these apps actually do with the per-
missions they request. Therefore, authors in [26] present a new mechanism called
SmartAuth that can reduce the impact of the over-privilege problem. The Smar-
tAuth authorization mechanism is used to protect users by analyzing their IoT
apps. This mechanism conducts an in-depth inspection of the source codes of IoT
apps, analyzes their activity, and then compares the results with what these apps
claim to perform. Tian et al. believe that their new approach could be applied to
help users of current and future IoT platforms. It could enforce complicated,
12
context-sensitive security policies with low overhead cost much more effectively
than the current policy enforcement mechanisms in use. Since giving permissions
to apps require a human authorization, they claim that this approach could make
it easier for users to understand the real functionalities of IoT apps when they are
asked for certain permissions, so they would be better able to grant the appropriate
permissions. SmartAuth, as Tian et al. report, is designed to collect all the data
needed from IoT apps and then present in a user-friendly interface so that users
can more easily understand what they should expect from these apps.
Since smart home devices have various operating systems, they can have lots of
issues such as unencrypted protocols and the heterogeneous nature of IoT devices.
Different researchers have attempted to solve these issues. The authors in [25]
propose a solution to prevent unauthorized access. Also, the authors in [26] propose
solution to preserve data privacy. However, none of the articles propose a user-
friendly smart watch that could control IoT devices remotely and provide more
flexibility to users by controlling what the smart watch should do in different
circumstances. Unlike other articles, the authors in [18], [19] and [20] provide
understandable models with a degree of certainty for digital forensic investigations
with IoT. Nevertheless, they do not consider adding some critical features, such
as the ability to track IoT devices in an entire department by saving IoT device
logs to an external database. Information from these logs, such as times and dates
in IoT devices could be used as valuable evidence in criminal investigations. In
addition, the authors in [20] do not consider how to make smart home automation
systems make automatically immediate action in response to crimes that could
occur in the home.
13
2.2 Research Objectives
2.2.1 Objectives
The following are the objectives of the research:
• Design a lightweight digital forensic investigation model that we call Radlen
to coordinate and manage sensors and IoT devices within a smart apartment
to satisfy both a user’s needs and preserve security.
• Identify and collect a range of forensic evidence using the Radlen system that
could be used in a forensic investigation.
• Simulate the system’s operation to demonstrate how Radlen will work in
performing the expected tasks.
2.2.2 Contribution of the Research
• Implement the Radlen system simulation using Java that learns the user’s
needs and security preferences during installation.
• Develop a simulation of the facility and security operations to demonstrate
how to use them to identify and collect digital forensic evidence for the
purpose of investigation.
• Use cameras to start recording videos automatically if there are any security
issues so the videos can be used in investigation.
• Present a novel simulated smart watch that can be used to monitor and
control the security within the smart apartment.
14
• Ensure that Radlen can communicate automatically with fire or police de-
partments in the event of emergencies, such as fire or theft.
15
Chapter 3
Proposal System
3.1 Radlen Overview
We propose a system in which all agencies in Fig.1 are connected to one automated
and smart system called Radlen. The center unit of Radlen plays a critical role
in the entire system. Radlen is a framework that was simulated using Java-based
software to enable communication between the system and a user’s smart watch
in order to control the smart apartment activities.
The goal of Radlen is to observe security systems such as gas and water leak
detectors and to enable a user to decide what the system should do using his or her
smart watch. Note that these same features could be provided with a smart phone,
but we focused the design of Radlen on the use of a smart watch. We also monitor
untrusted users using a camera while observing memory and power constraints. In
addition, we save and control the data communication between IoT devices, server,
and the smart watch. This enables criminal profilers to find clues that could lead
16
Figure 3.1: Radlen Apartment Overview
them to crime details, including intentional crimes such as murder and theft. It
also enables the monitoring of epilepsy and heart attack patients. It is notable
that the system could save people lives, because it will react automatically in case
no answer is given by a smart watch or if the smart watch battery is dead.
Radlen’s capabilities offer a flexible and simple way for the owner of a smart
apartment to control IoT devices by providing a smart watch as a remote control
17
that reacts based on the user’s preferences. Meanwhile, Radlen provides security by
allowing the user to make decisions regarding IoT devices and then make decisions
automatically in case no response is given by the user.
3.1.1 The Apartment Design
Our domain in the study focuses on housing units rather than homes. Figure 1
shows a proposed design for the apartment that can be used for the Radlen system.
The apartment contains four rooms including a living room, bedroom, kitchen and
restroom. Each of these rooms has a certain number of sensors. First, the living
room sensors consist of DO, C1, GB, TS, WL, S and L; these refer to the following:
door sensor, camera, glass break detector, temperature sensor, water leak detector,
motion sensor and lighting systems respectively. It critical for the camera to be in
front of the door to enable it to take pictures of any person who opens the main
door for identification purposes. The water leakage and glass breakage sensors are
used to notify a user if there is broken glass or water leakage in the apartment.
Second, the bedroom has BD, S, WL and L, which correspond to the bed sensor
pad, motion sensor, water leakage detector and lighting system respectively. Next,
the kitchen contains S1, G, WL, A, GB, and L, corresponding to the motion sensor,
gas detector, water leakage, alarm, glass breakage detector, and lighting system,
respectively. The restroom has S1, F, SS, H and L, corresponding to the motion
sensor, fan, shower switch, humidity sensor, and the lighting system, respectively.
Each one of these detectors and sensors has a specific task to perform, either for
security or convenience purposes. In the next section, we will provide more details
about system architecture.
18
3.1.2 System Architecture
Figure 3.2: Radlen System Architecture
As can be seen in Fig 2, Radlen consists of a security agent, a convenience
agent, and a communication server, that handles all communication between a
user’s smart watch and all check cases in the other servers. Then, based on user
response, the system should react to manage and control the IoT device inside
the apartment. We also show how Radlen makes decisions automatically in case
of no response by the user. It worth to notice that all data from sensors and all
communications between the IoT devices and the smart watch and server are
collected by the Communications Server and encrypted and stored on an external
server to ensure that they cannot be modified or deleted. Network communications
19
are encrypted to provide privacy and security for the data and new IoT devices
can only join the network after they have been verified by the owner to be secure.
3.1.3 Security System Agent:
This agent is responsible for all security roles that report to the communication
server to control these roles if an unexpected issue occurs. For these roles, the IoT
devices will react at any time, even if the security system is in rest mode. In the
following section, we will show the security roles:
3.1.3.1 Gas Detector:
Figure 3.3: Gas detector schedule
If a gas leak is detected, the user’s smart watch will be notified and the alarm will
turn on. Also, the system will call the fire department if the gas sensor does not
turn off after a specified waiting period or no response is given by the user (Users
can choose how long this waiting period should be during installation). We set up
the gas detector and smart watch as separate clients in Java Netbeans, and these
20
clients communicate with the central server using TCP/IP connections as in the
real world. Therefore, in Figure 3.3, we demonstrate how a gas detector works. The
gas sensor acts as a separate client which will notify the communication agent,
(the central server) if gas is detected. Then the server will send that notification
to a user’s smart watch, which is yet another separate client, with two
questions: (The code of the program can be found in [21]):
1) Do you want to turn on the alarm?
2) Do you want to call the fire department?
Based on the user’s responses, the server can take one of four actions: turn on the
alarm and call the fire department, turn off the alarm and call the fire department,
turn off the alarm and not call the fire department, or turn on the alarm and not
call the fire department.
Figure 3.4: Broken Window Sensor
3.1.3.2 Broken Window:
If broken window is detected, the user’s smart watch will be notified, and then the
alarm can be turned on. In addition, the system will call the police department
if the broken window sensor does not turn off during the waiting period or if no
21
response is given by the user (users can choose how long this waiting period should
be during installation). We set up the broken window sensor and smart watch as
separate clients in Java Netbeans, and these clients communicate with the central
server using TCP/IP connection as in real world. In Figure 3.4, we demonstrate
how the broken window detector works. The sensor (Java client) notifies the
communication agent (main server) that a broken window is detected. Then, the
server sends that notification to the user’s smart watch, which is another separate
client, with two questions:
(The code of the program can be found in [21]):
1) Do you want to turn on the alarm?
2) Do you want to call the police department?
Based on the user’s responses, the server can take one of four actions: turn on the
alarm and call police department, turn off the alarm and call the police department,
turn off the alarm and not calling the police department, or turn on the alarm and
not call the police department.
3.1.3.3 Water Leakage:
Figure 3.5: Water Leak Detector
22
If water leakage is detected, the user smart watch will be notified, and then the
alarm can be turned on. In addition, the system will call the apartment manager if
the water leakage sensor is not turned off during the waiting period or if no response
is given by the user (user can choose how long this waiting period should be during
installation). We set up the water leakage sensor and smart watch as separate
clients in Java Netbeans, and these clients communicate with the central server
using TCP/IP connection as in real world. In figure 3.5, we demonstrate how the
water leakage detector works. The sensor (Java client) notifies the communication
agent (main server) that water leakage is detected. Then, the server sends that
notification to the user’s smart watch, which is another separate client, with two
questions:
(The code of the program can be found in [21]):
1) Do you want to turn on the alarm?
2) Do you want to call the community manager?
Based on the user’s responses, the server can take one of four actions: turn on the
alarm and call community manager, turn off the alarm and call the community
manager, turn off the alarm and not call the community manager, or turn on the
alarm and not call the community manager.
3.1.3.4 Smoke:
If smoke is detected, the user’s smart watch will be notified, and then the alarm
can be turned on. Also, the system will call the fire department if the smoke sensor
is not turned off during waiting period or if no response is given by the user (users
can choose how long this waiting period should be during installation). We set
up the smoke sensor and smart watch as separate clients in Java Netbeans, and
23
Figure 3.6: Smoke Detector
these clients communicate with the central server using TCP/IP connection as in
the real world. In Figure 3.6, we demonstrate how smoke detector (java client)
works. The sensor notifies the communication agent (main server) that smoke is
detected. Then, the server sends that notification to the user’s smart watch, which
is another separate client, with two questions:
(The code of the program can be found in [21]):
1) Do you want to turn on the alarm?
2) Do you want to call the community manager or the fire department?
Based on the user’s responses, the server can take one of four actions: turn on the
alarm and call fire department, turn off the alarm and call the fire department,
turn off the alarm and not call the fire department, or turn on the alarm and not
call the fire department.
3.1.3.5 Camera:
If the door sensor senses that the door is open, the camera will be notified to start
taking pictures of any person who enters the apartment. If the owner’s picture (or
other trusted person’s picture) in the system matches that of the person entering,
24
Figure 3.7: Authorization
everything continues as normal. Otherwise, the camera will start recording in
case the owner does not know the person who just entered. We set up the door
sensor, camera and smart watch as separate clients in java Netbeans, and these
clients communicate with the central server using TCP/IP connection as in the
real world [21]. In Figure 3.7, we depict how the door sensor works with other
IoT devices. If an individual comes in into the apartment, the door sensor (Java
client) senses the movement and sends that information to the communication
agent (the main server), which automatically starts taking pictures of that person.
At that point, the server checks to see if the owner’s picture added to the system
during the installation matches the new picture. If the pictures match, no action
is taken. Otherwise, the communication agent reports to the user’s smart watch,
which is another separate client, and asks the owner whether he or she knows the
person. If the user does not recognize the person or does not answer, the server
by default cues the camera to start monitoring and recording video. In addition,
25
the camera is used to record automatically if any of the above security agents are
triggered for forensic investigation purposes. In addition, the camera starts
recording automatically if any security devices are involved. It worth noting that
the user will have the option of turning the camera off for a certain amount of
time to provide privacy for a visitor, but that it will be turned back on either
when that time period ends or the user and visitor leave the apartment.
3.1.4 Non-motion
If the door sensor shows that a user has entered his apartment, everything goes
normally. However, if all other sensors show that no movement occurs for more
than one day, this indicates that something unusual occurring. Using the Radlen
system, the system will immediately request an ambulance to respond to the apart-
ment.
3.1.5 Convenience System Agent:
This agent is responsible for all convenience systems that increase users’ comfort.
This can be done through observing and controlling IoT devices and allowing them
to communicate with each other remotely and without user interference. These IoT
devices include coffee makers, lighting systems, air-conditioners, washers/dryers,
TVs, humidity sensors, and temperature controllers. In the following section, we
will show how convenient roles work.
3.1.5.1 Coffee Maker:
For the motion sensor in the bedroom, if the sensor finds movement in the morning,
the owner’s apartment will receive notification through the owner’s smart watch
26
Figure 3.8: Coffee Maker Process
that he wants his coffee to be prepared. We set up the motion sensor, coffee
maker, and smart watch as separate clients in Java Netbeans, and these clients
communicate with the central server using TCP/IP connection as in the real world
[21]. As we can see in Figure 3.8, if there is movement in the bedroom during the
morning, the bedroom sensor (Java client) notifies the communication agent (main
server), which checks the preferred time and then communicates with the user’s
smart watch (a separate Java client) to ask the user: Do you want to prepare your
favorite coffee? The time to prepare coffee is based on the preferences set by the
user during installation. Then, the coffee is prepared upon the server’s notification
to coffee maker if the user responds that he or she wants coffee. Otherwise, the
system takes no action calm [21]. The time preference is set during installation by
the user.
3.1.5.2 Kitchen Lighting:
Suppose a user who wakes up late at night for a drink of water does not prefer
the lighting system to turn on with bright lighting that can suddenly shock his
eyes. To overcome this issue, if the kitchen motion sensor senses movement, it
27
Figure 3.9: Kitchen Lighting
turns on the lights at a soft setting if the time is between 9:00 PM and 5:00 AM
as we can see in Figure 3.9. (Otherwise, the lighting system would be on bright)
We set up the motion sensor, lighting system, and smart watch as separate clients
in Java Netbeans, and these clients communicate with the central server using
TCP/IP connection as in the real world [21]. In Figure 3.9, we can see the flow
of information from kitchen sensor (Java client) to the server when movement is
detected. The server then checks for the appropriate time range for the activation
of soft lighting. The time preference is set during installation by the user.
3.1.5.3 Restroom Lighting:
The lighting system will turn on the lamps at a soft setting if someone enters the
restroom between 9:00 PM and 5:00 AM. The time is based on preferences set by
the user during installation, and we have chosen a random time to explain how that
works. We set up the motion sensor, lighting system and smart watch as separate
clients in Java Netbeans, and these clients communicate with the central server
using TCP/IP connection as in the real world [21]. As shown in Figure 3.10, if
28
Figure 3.10: Restroom Lighting
the motion sensor (Java client) in the restroom senses movement, it communicates
with the server, which checks for the appropriate preferred time range and decides
whether to turn the lights on at a bright or soft setting by notification to the
lighting system (another separate Java client). The time preference is set during
installation by the user.
3.1.5.4 Bed Sensor:
Figure 3.11: Bed Sensor Pad
In the Radlen system, we propose to add a bed sensor pad on the mattress
29
that will help us determine whether or not the user is asleep. Thus, by observing
the user’s movement on the bed, we can predict when the user is awake in bed or
is actually asleep. In both cases, we propose that the system should wait a certain
amount of time (based on preferences set by the user during installation) before
turning off the TV and lighting system in the apartment. We set up the pad sensor,
lighting system, TV and smart watch as separate clients in Java Netbeans, and
these clients communicate with the central server using TCP/IP connection as in
the real world [21]. As we can see in Figure 3.11, the bed sensor pad (Java client)
will notify the communication agent (main server) if movement is detected. Then,
the server checks for the appropriate waiting time before shutting down the TV
and lighting system (two separate java clients) [21].
3.1.5.5 Air-Conditioner:
Figure 3.12: Air-Conditioner
The temperature inside the apartment differ from one day to another. Also,
a person could prefer a lower inside temperature because of hot weather during
summer, and the same person could prefer high inside temperatures during the
30
winter season. Thus, in the proposed Radlen system, we keep the temperature
in the apartment between 65 and 75 degrees if that was a user preference during
installation. At any time if the temperature goes outside that range, the system
should set the air-conditioning to maintain that’ range. We set up the temperature
sensor, air-conditioner, and smart watch as separate clients in Java Netbeans, and
these clients communicate with the central server using TCP/IP connection as in
the real world [21]. in Figure 3.12, we can see the temperature sensor (Java client)
should report the temperature frequently. If out of range temperatures are detected,
the server communicates with the air conditioner (separate Java client) to adjust
the temperature accordingly. During installation, the user can set the preferred
temperature range for the apartment.
3.1.5.6 Humidity:
Figure 3.13: Humidity
A person who has just finished showering in the restroom could have trouble
looking in the mirror because the bathroom is full of steam caused by using hot
water. In the proposed Radlen system, that humidity could be exhausted by the
31
fan automatically. A user can set the preferred range for humidity in the restroom.
We set up the humidity sensor, fan sensor, and smart watch as separate clients
in Java Netbeans, and these clients communicates with the central server using
TCP/IP connection as in the real world [21]. As we can see in Figure 3.13, the
humidity sensor (Java client) will report to the server if the humidity (separate
Java client) is detected. Then, the server checks the preferred normal range of
humidity and then communicates with the fan (separate Java client) to pull air
out. During installation, the user can set the preferred humidity range.
3.1.5.7 Washing Machine:
Figure 3.14: Washing Machine
A person sometimes becomes too lazy to wash his clothes, or he forgets that
he has dirty clothes to wash. In the Radlen system, we use a switch counter in
the shower to count every time the user took a shower, and based on a set number
of showers determined by the user during installation, the system can remind the
user to turn on his washing machine to wash his clothes. In Figure 3.14, we can
see how the switch sensor informs the communication agent with the counts
32
number. Then, the server checks the maximum number that the user has set. For
demonstration purposes, we have chosen three randomly. From that point on, the
server notifies the user on his smart watch to turn on the washing machine when
the count numbers are out of range. If the user agrees, the communication agent
cues the washing machine to turn on. Otherwise, no action is taken.
3.2 User Configurations
As we see in the Radlen system overview section, a user’s security or convenience
preferences are initially required to allow the system to make decisions automati-
cally. The following is a list of all preference questions that the user should answer:
• What is the preferred time interval at night for lighting system to be on soft
instead of bright to protect the user’s eyes when he wakes up suddenly?
• What is the preferred time interval in the morning during which the user
wants Radlen to remind him through his smart watch to prepare his coffee?
• What is the user’s preferred normal temperature range?
• What is the user’s preferred normal humidity range?
• How many times does the user want the showering switch to wait before
Radlen cues the washing machine to wash clothes?
• How long does the user want the Radlen system to wait before turning off
the TV and lighting system automatically when the user is in bed?
• How long does the user want the Radlen system to wait before communicating
automatically with a department related to an IoT security device?
33
3.3 Forensic Data Collection
The Radlen system monitors and track the data that the server receives from
IoT devices and observes the data that the smart watch receives from the server.
Also, the system monitors all back and forth messages between the server and
the smart watch. The reason for recording the data twice even though it created
redundancies is that we want to make sure the data flow works perfectly from
the sensors to the user’s smart watch without failure in the system that could
leads to false investigations. Also, we want to make certain that the data is not
manipulated by confirming that the data the we get from the server the first time
is the same data that the smart watch receives the second time. Therefore, the
database saves the data including sensor name, date and time for an event, the flow
of the data (whether from the server or the smart watch), the user response to
the smart watch notification, and whether that response was made by the user or
automatically. This could help forensic investigators to analyze the data and get a
clear understanding if unusual things occur. In Figure 3.15, we can see an example
of collected data sent from and to the server and the smart watch using a Microsoft
external database that we used to simulate the Radlen system [21]. It worth to
notice that the data from the server and smartwatch will be encrypted and stored
on an external server in a way that does not allow editing or deleting the data to
preserve data privacy and integrity.
Figure 3.15: Forensic Data Example
34
Chapter 4
Work Methods
In order to explain how Radlen works, we are going to simulate a normal weekday
for a person in 4.1. Then, in 4.2, we are going to demonstrate the abnormal events
that could occur.
4.1 Normal Day Events
The scenario for a person will be simulated based on time:
• At 7:00 am
The person’s smart watch will start ringing to wake him up.
• At 7:15 am
The smart watch notifies the air-conditioner to turn off because the temper-
ature is perfect, and lighting activates on person’s way to the restroom.
• At 7:20 am
The person goes to the restroom, and at the same time, the motion sensor
35
notifies lighting system to turn on in the living room (soft lighting).
• At 8:00 am
It is time to prepare coffee.
• At 8:30 am
It is time to leave for work, and the apartment will be in hibernate mode all
IoT devices (safe mode).
• At 5:00 pm
It is time to come back home, and the lighting and air conditioner (set to 70
degrees Fahrenheit) in the living room turns on.
• At 6:00 pm
Motion sensor detects movement, and notifies the lights to turn on, while the
humidity sensor detects humidity and notifies the fan to turn on.
• At 6:20 pm
The washer starts working. Meanwhile, the TV asks the person if he wants
to watch a movie.
• At 10:00 pm
Bed movement is detected, the air conditioner adjusts the temperature
down to 65 degrees Fahrenheit, and the lighting system turns off.
As we can see, from the section above, everything works well under perfect
conditions, but let’s see the system from a different point of view. In other words,
in each step above, we supposed that the apartment owners expect to do certain
things on normal weekdays at certain times. Based on that, the IoT device will
36
take specific actions at certain times of day every day. For example, a person wakes
up at 7:00 am on weekdays since he has school to attend. However, how about the
weekend days? What if the person is sick and changes his mind about attending
his classes on a certain day? What if the apartment owner comes back late and
he cannot take his shower? What if the person decides to sleep over at his friend’s
house? Do we have to reprogram the schedule every time this happens?! that
would cause the user a headache. Will the system simply wake him up as usual?!
If so, the system would be worthless, and just annoying for anyone who decide to
buy it.
To overcome this issue, we will provide a section for the abnormal events. Not
only do we address the abnormal events, but we also provide more flexibility for
the normal events mentioned above. The system provides flexibility for a user in
case he changes his mind. The coffee maker will not prepare the coffee at a
certain time of a day but instead will notify the user’s smart watch if he wants to
prepare his coffee at certain intervals of time on a day the user will choose during
installation. In addition, the lighting system and TV will not turn off at 10:00
PM every day. Instead, the pressure and bedroom sensors will monitor the user’s
movement during times based on user preference and then make decision to turn
off the lighting and TV systems. This overcomes the issue that could happen if
the user wants to sleep late for on the weekend for example.
37
4.2 Abnormal Events
It is worth mentioning that all the saved data on the server is going to be stored
remotely and encrypted to preserve data privacy for the user. Otherwise, the
system would be useless.
4.2.1 Theft or Accident
Figure 4.1: Broken Window Process
An apartment window sensor determines that the window is broken, and it
notifies an apartment owner’s smart watch. The owner can make his own decision
within the waiting period (that he sets during the installation) whether or not to
allow the smart watch to call the police department. He may suspect a burglary
is taking place and thus allow the smart watch to make the call. On the other
hand, the user may cancel the police calling because he might know that there is
38
stormy weather taking place, and this could be the reason for the broken window.
However, the system will call the police if the user does not make a decision within
the waiting period for the sake of preserving high security in the apartment, in
case the user has not noticed his smart watch notifications. Rules for contacting
police or fire department is a user-configured option in Radlen.
It is worth noting whether this scenario happens the event of theft rather than
storm. As we can see in Figure 4.1, whether or not the user choose to call the
police, Radlen stores all data communication logs as well as the date and time
that communication are received by the server or the smart watch be Therefore,
forensic investigators can access the server and information including sensor names,
where the data flow came from, where it went, the user’s response to the event,
whether Radlen reacted automatically, and the time and date of breakage. This
information could be helpful to forensic investigators who are analyzing the data
and to determine which sensors were involved in the event. In addition, forensic
investigators can watch the recorded video to see if unusual movement has occurred.
This could be very helpful if the user was not home when the action happened
because he will control that remotely through the smart watch. Moreover, the
broken window process in Figure 4.1 is almost the same for the second question (do
you want to activate the alarm for broken window?) as we describe in Chapter 3.
However, we can adjust the smart watch screen to display the question of alarm
activation instead of making a call.
4.2.2 Fire by Gas
An apartment gas leakage sensor detects a gas leak in the apartment, and it notifies
the apartment owner’s smart watch. The owner can make his own decision within
39
Figure 4.2: Gas Leak Process
the waiting period (set during the installation) whether or not to allow the smart
watch to call the fire department. He could have been cooking just before he left
home, and because this could cause a fire, he might decide to make the call. On
the other hand, the user might cancel the fire department call because he might
know that he has not used the stove for a while, and this could be just a small gas
leak. However, the system will call the fire department if the user does not make a
decision within the waiting period in order preserve high security in the apartment
in case the user has not noticed his smart watch notifications.
It is worth noting that if that scenario were to happen because of a huge gas
leak, the whole apartment could burn. As we can see in Figure 4.2, whether or not
the user chooses to call the fire department, Radlen stores all data communication
logs as well as the date and the time that those communications were received.
Forensic investigators can then access the server and see critical information, in-
40
cluding sensor names, where the data flow came from, where it went to, the user’s
response to the event, whether Radlen reacted automatically, and the time and
date when the gas leak occurred. This information could be very helpful to foren-
sic investigators to analyze the data and determine which sensors were involved
in the event. For example, did the fire occur accidentally? Did someone start it
intentionally? Was there any other IoT device involved such as a broken window
sensor that could indicate that someone entered the apartment to set the fire?
This could be very helpful if the user was not home when the action happened
because he will control that remotely through the smart watch. Moreover, the gas
leak process in Figure 4.2 is almost the same for the second question described in
Chapter 3. (Do you want to activate the alarm for gas leakage? However, we can
adjust the smart watch screen to display the question of alarm activation instead
of making a call.
4.2.3 Smoke
An apartment smoke sensor finds smoke in the apartment, and it notifies the
apartment owner’s smart watch. The owner can make his own decision within
the waiting period (chosen during the installation) whether or not to allow smart
watch to call the fire department. He might suspect that the smoke was present
because he was just smoking hookah before he left home and might have left some
burning coals, and since this could cause a huge fire, he could decide to make the
call. On the other hand, the user might cancel the fire department call because he
might notice that he burned some herbs having a nice smell, and this could be the
reason for the smoke. However, the system will call the fire department if the user
does not make a decision within the waiting period for the purpose of preserving
41
Figure 4.3: Smoke Detector Process
high security in the apartment in case the user has not noticed his smart watch
notifications.
It is worth noting that if that burning coals scenario were to happen due , the
whole apartment. As we can see in Figure 4.3, whether or not the user chooses
to call the fire department, Radlen stores all data communication logs as well as
the date and the time that communications are received by the server or smart
watch will be saved on the server. Forensic investigators can then access the
server and see critical information, including sensor names, where the data flow
came from, where it went, the user’s response to the event, whether Radlen reacted
automatically, and the time and date of the smoke leakage. This information could
be very helpful to forensic investigators trying to analyze the data and determine
which sensors were involved in the event. In addition, forensic investigators can
watch the recorded video to observe if there was unusual movement. This could
42
be very helpful if the user was not at the apartment when the action happened
because he will control that remotely through smart watch. Moreover, the smoke
leak detection process in Figure 4.3 is almost at the same for the second question
as described in Chapter 3 (Do you want to activate the alarm for smoke leakage?).
However, we can adjust the smart watch screen to display the question of alarm
activation instead of making a call.
4.2.4 Water Leakage
Figure 4.4: Water Leak Process
An apartment water sensor sense water on the apartment floor, and it notifies
an apartment owner’s smart watch. The owner can make his own decision within
the waiting period (chosen during the installation) whether or not to allow the
smart watch to call the community manager for the apartment. He could suspect
the water to be caused by a storm occurred after he left the home, which could
43
cause destroy his valuable files in the apartment, and so he might decide to make
the call. On the other hand, the user might cancel the fire department call because
he may notice that he was just washing his hands before he left the home, and this
is not a valid reason to make the call. However, the system will call the community
manager if the user does not make his decision before time runs out, and this is to
preserve high security in the apartment in case the user has not noticed his smart
watch notifications.
It is worth noting that this scenario could happen because of a huge water
leakage. Whether or not the user chooses to call the community manager, Radlen
stores the time and date on the server. Forensic investigators can access the server,
and they can determine if an IoT device was involved. In addition, forensic inves-
tigators can watch the recorded video to observe if there was unusual movement.
Moreover, the water leakage process in Figure 4.4 is almost the same for the sec-
ond question as we described in Chapter 3 (Do you want to activate the alarm for
water leakage?). However, we can adjust the smart watch screen to display the
question of alarm activation instead of making a call.
4.2.5 Untrusted Person
An apartment door sensor finds that someone unknown has entered the apartment.
The sensor notifies the apartment owner’s smart watch. The owner can make his
own decision within the waiting period (chosen during the installation) whether
or not to allow camera to start recording. He might allow the camera to record
if he does not recognize the person who has entered the home. On the other
hand, the user might cancel the camera recording because he knows the person, or
he might be expecting a friend to come over. Therefore, he does not worry about
44
Figure 4.5: Door detectable Process
the notification. However, the system will call the police department if the user
does not make his decision before the time runs out, and this is for preserving
high security in the apartment in case the user has not noticed his smart watch
notifications.
As we can see in Figure 4.5, in case the person was not recognized, the camera
will start recording video. Then, all data communication logs as well as the date
and the time, will be saved on the server. Forensic investigators can access the
server and see critical information including sensor names, where the data flow
came from, where it went, the user’s response to the event, whether Radlen re-
acted automatically, and the time and date when the picture or recorded video
was taken. This information could be very effective and helpful for investigation
procedures by forensic investigators who are analyzing the data and determining
which sensors were involved in the event. In addition, forensic investigators can
45
watch the recorded video to observe what the intruder did. This could be very
helpful if the user was not at home when the action happened because he will
control that remotely through smart watch.
4.2.6 Health Issue
Figure 4.6: Unfounded Movement Process
In Figure 5.6, suppose a user enters his apartment, and then everything goes
normally. However, subsequently all other sensors show no movement for more
than one day. This could indicate that the user might has had a health emergency
such as a heart attack. Therefore, the proposed Radlen system will decide what
to do based on a time period determined by the user. The user can also decide
in advance whether Radlen should call a friend or family member or a doctor or
an ambulance in order to save the owner’s life. In addition, forensic investigators
46
can watch the recorded video to observe whether or not unusual movement has
occurred. Possibly someone has tried to poison the owner and make him look like
he died in a normal way. Investigators can use the recorded video to make sure
the man’s death was due to natural causes.
4.3 Simulation of Radlen
In the following figures, we are going to show some examples from the code in [21]
using socket programming in Java for installation of Radlen system in Figure 4.7,
4.8 and 4.9. Then, we show the server and the clients, which present IoT devices.
Next, we show the main server, the user smart watch and the IoT sensors all of
them as separate java clients in 4.10, 4.11 and 4.12. Finally, we show an example
of broken window sensor questions after we activate the broken window sensor
for demonstration purposes in 4.13 and 4.15
47
Figure 4.7: Time Preference
48
Figure 4.8: Humidity Degree
49
Figure 4.9: Security Waiting Time
50
Figure 4.10: Server
51
Figure 4.11: Smart Watch
52
Figure 4.12: IoT Sensors Activation
53
Figure 4.13: Police Calling
Figure 4.14: Alarm Activation
54
Figure 4.15: Communication Logs
55
Chapter 5
Conclusions and Future Work
The development of IoT technology in smart apartments provides flexibility and
usability to make people lives much easier. Such a system has been built with ca-
pabilities to handle different situations inside smart home environments. However,
there are critical demands to overcome numerous issues impacting the development
of IoT. Currently, there is no accepted digital forensic framework that can help
with forensic investigations in IoT environments. Also, others’ research on digital
forensic frameworks misses critical components that could improve IoT security
including saving network and server logs and monitoring the apartment using a
camera. As a result, we propose a digital forensic investigation framework called
Radlen, that allows us to track and monitor the data used in smart apartment
systems. Also, Radlen provides more flexibility to users, allowing them to re-
motely manage and control IoT devices in smart apartments using smart watches.
Moreover, Radlen has been built with capabilities to make decisions automatically
which enhances user security. In addition, we provide a simulated Java application
server paired with a database server using SQL that simulates the Radlen system
56
[21]. In conclusion, the Radlen system was able to manage various IoT devices as
we summarized that in table below that satisfy both a user’s needs and preserve
security, and it also was able to collect sensors logs to use them as evidences for
digital forensic investigations. In the future, we are going to test the performance
of the Radlen system framework in a real environment. Also, we are going to
extend Radlen system functionality to handle more than one user at time.
Security System
Threat Sensor Action Forensic Evidences
Gas Leak
Water Leak
Broken Window
Smoke
Intruder
Gas detector
Water sensor
Glass break Sen-
sor
Smoke detector
Door Sensor
Fire department
call and alarm
notification
manager call and
alarm
notification
police depart-
ment Call and
alarm Notifica-
tion
fire department
call and alarm
notification
user notification
on his Smart
Watch and
alarm Notifica-
tion
Video Recording, time
stamp and all commu-
nication data flow be-
tween the server and
the smart watch Video
recording, Time Stamp
and all commu- nication
data flow Be- tween the
server and the smart
Watch Video recording,
Time Stamp and all
commu- nication data
flow Be- tween the
Server and The Smart
Watch Video recording,
time stamp and all
commu- nication data
flow Be- tween the
server and the smart
Watch Video recording,
time Stamp and all
com- munication Data
Flow Between the
server
and the smart watch
57
58
Convenience System
Smart Home
Device
Sensor or
Control
Action
Coffee Maker
Kitchen Light-
ing
Air Conditioner
Humidity
Washing Ma-
chine
Remote control
by smart watch
or time sched-
uled
Remote control
by smart watch
or time sched-
uled
Remote control
by smart watch
or time sched-
uled
Humidity sensor
and remote
control by smart
watch or time
scheduled
Switch Sensor
Preparing coffee
Different kind of
lighting
set temperature
degrees
pull out the air
Reminder to
wash clothing
59
Chapter 6
Bibliography
[1] M. Say, How The Internet Of Everything Transforms Traditional Industries, Forbes, 11-Aug-2014. [Online]. Available: http://www.forbes.com/
sites/ groupthink/2014/07/29 the-internet-of-everything-transforms-
traditional-industries/2edc9b782a1c. [Accessed:03-Dec-2017].
[2] A Brief History of the Internet of Things, DATAVERSITY, 06-Aug-2016.
[Online]. Available: http://www.dataversity.net/brief-history-internet-things/.
[Accessed: 24-Nov-2017].
[3] A. Gabbai, Kevin Ashton Describes the Internet of Things, Smithsonian. com, 01-Jan-2015. [Online]. Available: https://www.smithsonianmag.com/ innovation/kevin- ashton-describes-the-internet-of-things-180953749/. [Accessed: 24-Nov-2017].
[4] S. Madakam, R. Ramaswamy, and S. Tripathi, Internet of Things (IoT): A
Literature Review, Journal of Computer and Communications, vol. 03, no. 05,
pp. 164173, 2015.
[5] Kosmatos, E.A., Tselikas, N.D. and Boucouvalas, A.C. Integrating RFIDs
and Smart Objects into a Unified Internet of Things Architecture. Advances in
Internet of Things: Scientific Research, 1,5-12.
60
[6] V. Sivaraman, H. H. Gharakheili, A. Vishwanath, R. Boreli, and O. Mehani,
Network-Level Security and Privacy Control for Smart-Home IoT Devices, 2015
IEEE 11th International Conference on Wireless and Mobile Computing, Network-
ing and Communications (WiMob), 2015.
[7] E. Bertino, Data Privacy for IoT Systems: Concepts, Approaches, and
Research Directions, 2016 IEEE International Conference on Big Data (Big Data),
2016.
[8] H. Becker, What is the Internet of Things and Why is it Important?, Tech-
nologyGuide.com, 10-Jul-2013. [Online]. Available:http://www.technologyguide.
com/feature/inte of-things/. [Accessed: 03-Dec-2017].
[9] P. M. Vergara, E. de la Cal, J. R. Villar, V. M. Gonzlez, and J. Sedano, An
IoT Platform for Epilepsy Monitoring and Supervising, Journal of Sensors, 27-Jul-
2017. [Online]. Available: https://www.hindawi.com/journals/js/2017/6043069/.
[Accessed: 03-Dec-2017].
[10] Internet of Things (IoT): Pros and Cons, KeyInfo, 07-Jul-2017. [Online].
Available: https://www.keyinfo.com/pros-and-cons-of-the-internet-of-things-iot/.
[Accessed: 02-Dec-2017].
[11] A. Meola, How IoT Smart Home Automation Will Change the Way We
Live, Business Insider, 19-Dec-2016. [Online]. Available: http://www.
businessinsider.com/interne of-things-smart-home-automation-2016-8.
[Accessed: 04-Dec-2017].
[12] J. Morgan, A Simple Explanation Of ’The Internet of Things’, Forbes, 20-
Apr-2017. [Online]. Available: https://www.forbes.com/sites/jacobmorgan/2014
/05/13/simple- explanation-internet-things-that-anyone-can-understand/
5a386a131d09. [Accessed:03-Dec-2017].
61
[13] N. H. N. Zulkipli, A. Alenezi, and G. B. Wills, IoT Forensic: Bridging the
Challenges in Digital Forensic and the Internet of Things, Proceedings of the 2nd
International Conference on Internet of Things, Big Data and Security, 2017.
[14] K. Kyei, P. Zavarsky, D. Lindskog, and R. Ruhl, A Review and Compar-
ative Study of Digital Forensic Investigation Models, in International Conference
on Digital Forensics and Cyber Crime. Springer, 2012, pp. 314327.
[15] V. R. Kebande and I. Ray, A Generic Digital Forensic Investigation Frame-
work for Internet of Things (IoT), in Future Internet of Things and Cloud (Fi-
Cloud), 2016 IEEE 4th International Conference on. IEEE, 2016, pp.
[16] S. Zawoad, R. Hasan.FAIoT: Towards Building a Forensics Aware Eco
System for the Internet of Things. In Services Computing (SCC), 2015 IEEE
International Conference on (pp. 279-284). IEEE. 2015.
[17] S., N.Perumal. M. Norwawi and V. Raman, ”Internet of Things(IoT)
Digital Forensic Investigation Model: Top-down forensic approach methodology,”
Digital Information Processing and Communications (ICDIPC), 2015 Fifth Inter-
national Conference on, Sierre, 2015, pp. 19-23.
[18] V. R. Kebande and I. Ray, A Generic Digital Forensic Investigation Frame-
work for Internet of Things (IoT), in Future Internet of Things and Cloud (Fi-
Cloud), 2016 IEEE 4th International Conference on. IEEE, 2016, pp. 356362.
[19] A. Nieto, R. Rios, and J. Lopez, A Methodology for Privacy-Aware IoT-
Forensics, 2017 IEEE Trustcom/BigDataSE/ICESS, 2017.
[20] A. Goudbeek, K.-K. R. Choo, and N.-A. Le-Khac, A Forensic Investi-
gation Framework for Smart Home Environment, 2018 17th IEEE International
Conference On Trust, Security And Privacy In Computing And Communications/
12th IEEE International Conference On Big Data Science And Engineering (Trust-
Com/BigDataSE), 2018.
62
[21] Alharbi, R. (2018). GitHub. [online] GitHub. Available at: https://github.
com/raed19 [Accessed 13 Nov. 2018].
[22] V. Ricquebourg, D. Menga, D. Durand, B. Marhic, L. Delahoche, and
C. Loge, The Smart Home Concept: Our Immediate Future, 2006 1ST IEEE
International Conference on E-Learning in Industrial Electronics, 2006.
[23] O. Momoh, Smart Home, Investopedia, 18-Apr-2018. [Online]. Available:
https://www.investopedia.com/terms/s/smart-home.asp. [Accessed: 13-Nov-2018].
[24] Oliver Willers, Jorge Guajardo, and Helmut Seidel. MEMS Gyroscopes as
Physical Unclonable Functions. In ACM Conference on Computer and Communi-
cations Security (CCS), 2016.
[25] Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song,
and David Wagner. Smart Locks: Lessons for Securing Commodity Internet of
Things Devices. In ACM ASIA Conference on Information, Computer and Com-
munications Security (ASIA CCS), 2015.
[26] Yuan Tian, Nan Zhang, Yueh-Hsun Lin, Xiaofeng Wang, Blase Ur, Xi-
anzheng Guo and Patrick Tague. SmartAuth: User-Centered Authorization for
the Internet of Things. In USENIX Security (USENIX), 2017.