Biblio
Information-centric networking (ICN) is a Future Internet paradigm which uses named information (data objects) instead of host-based end-to-end communications. In-network caching is a key pillar of ICN. Basically, data objects are cached in ICN routers and retrieved from these network elements upon availability when they are requested. It is a particularly promising networking approach due to the expected benefits of data dissemination efficiency, reduced delay and improved robustness for challenging communication scenarios in IoT domain. From the security perspective, ICN concentrates on securing data objects instead of ensuring the security of end-to-end communication link. However, it inherently involves the security challenge of access control for content. Thus, an efficient access control mechanism is crucial to provide secure information dissemination. In this work, we investigate Attribute Based Encryption (ABE) as an access control apparatus for information centric IoT. Moreover, we elaborate on how such a system performs for different parameter settings such as different numbers of attributes and file sizes.
Cyber-Physical Systems (CPSs) are engineered systems seamlessly integrating computational algorithms and physical components. CPS advances offer numerous benefits to domains such as health, transportation, smart homes and manufacturing. Despite these advances, the overall cybersecurity posture of CPS devices remains unclear. In this paper, we provide knowledge on how to improve CPS resiliency by evaluating and comparing the accuracy, and scalability of two popular vulnerability assessment tools, Nessus and OpenVAS. Accuracy and suitability are evaluated with a diverse sample of pre-defined vulnerabilities in Industrial Control Systems (ICS), smart cars, smart home devices, and a smart water system. Scalability is evaluated using a large-scale vulnerability assessment of 1,000 Internet accessible CPS devices found on Shodan, the search engine for the Internet of Things (IoT). Assessment results indicate several CPS devices from major vendors suffer from critical vulnerabilities such as unsupported operating systems, OpenSSH vulnerabilities allowing unauthorized information disclosure, and PHP vulnerabilities susceptible to denial of service attacks.
With the arrival of the Internet of Things (IoT), more devices appear online with default credentials or lacking proper security protocols. Consequently, we have seen a rise of powerful DDoS attacks originating from IoT devices in the last years. In most cases the devices were infected by bot malware through the telnet protocol. This has lead to several honeypot studies on telnet-based attacks. However, IoT installations also involve other protocols, for example for Machine-to-Machine communication. Those protocols often provide by default only little security. In this paper, we present a measurement study on attacks against or based on those protocols. To this end, we use data obtained from a /15 network telescope and three honey-pots with 15 IPv4 addresses. We find that telnet-based malware is still widely used and that infected devices are employed not only for DDoS attacks but also for crypto-currency mining. We also see, although at a much lesser frequency, that attackers are looking for IoT-specific services using MQTT, CoAP, UPnP, and HNAP, and that they target vulnerabilities of routers and cameras with HTTP.
One of the biggest challenges for the Internet of Things (IoT) is to bridge the currently fragmented trust domains. The traditional PKI model relies on a common root of trust and does not fit well with the heterogeneous IoT ecosystem where constrained devices belong to independent administrative domains. In this work we describe a distributed trust model for the IoT that leverages the existing trust domains and bridges them to create end-to-end trust between IoT devices without relying on any common root of trust. Furthermore we define a new cryptographic primitive, denoted as obligation chain designed as a credit-based Blockchain with a built-in reputation mechanism. Its innovative design enables a wide range of use cases and business models that are simply not possible with current Blockchain-based solutions while not experiencing traditional blockchain delays. We provide a security analysis for both the obligation chain and the overall architecture and provide experimental tests that show its viability and quality.
Internet technology has changed how people work, live, communicate, learn and entertain. The internet adoption is rising rapidly, thus creating a new industrial revolution named "Industry 4.0". Industry 4.0 is the use of automation and data transfer in manufacturing technologies. It fosters several technological concepts, one of these is the Internet of Things (IoT). IoT technology is based on a big network of machines, objects, or people called "things" interacting together to achieve a common goal. These things are continuously generating vast amounts of data. Data understanding, processing, securing and storing are significant challenges in the IoT technology which restricts its development. This paper presents a new reference IoT model for future smart IoT solutions called Cloud Web of Things (CloudWoT). CloudWoT aims to overcome these limitations by combining IoT with edge computing, semantic web, and cloud computing. Additionally, this work is concerned with the security issues which threatens data in IoT application domains.
The IETF's push towards standardizing the Manufacturer Usage Description (MUD) grammar and mechanism for specifying IoT device behavior is gaining increasing interest from industry. The ability to control inappropriate communication between devices in the form of access control lists (ACLs) is expected to limit the attack surface on IoT devices; however, little is known about how MUD policies will get enforced in operational networks, and how they will interact with current and future intrusion detection systems (IDS). We believe this paper is the first attempt to translate MUD policies into flow rules that can be enforced using SDN, and in relating exception behavior to attacks that can be detected via off-the-shelf IDS. Our first contribution develops and implements a system that translates MUD policies to flow rules that are proactively configured into network switches, as well as reactively inserted based on run-time bindings of DNS. We use traces of 28 consumer IoT devices taken over several months to evaluate the performance of our system in terms of switch flow-table size and fraction of exception traffic that needs software inspection. Our second contribution identifies the limitations of flow-rules derived from MUD in protecting IoT devices from internal and external network attacks, and we show how our system is able to detect such volumetric attacks (including port scanning, TCP/UDP/ICMP flooding, ARP spoofing, and TCP/SSDP/SNMP reflection) by sending only a very small fraction of exception packets to off-the-shelf IDS.
To protect the security of IoT devices, Tewari and Gupta proposed an ultralightweight mutual-authentication protocol for an RFID system. In the protocol, only two simple bitwise operations (XOR and rotation) are used to achieve two-pass mutual authentication. Although the protocol is efficient, we observe that the protocol has a security vulnerability. This security weakness could cause the leaking of all secrets in RFID tags. Compared with other researches that also proposed attacks for Tewari and Gupta's protocol, our attack needs less time and smaller space complexity to implement. The time complexity of our attack is O(1), and the attack can successfully crack the protocol with 100% probability.
Expectation of cryptocurrencies has been increased rapidly and all of these cryptocurrencies are generated on blockchain platform. This means not only the paradigm is changing in the field of finance but also the blockchain platform is technically stable. Based on the stability of blockchain, many kind of crypto currencies or application platforms are being implemented or released and world famous banks are applying blockchain on their financial service[1]. Even law for exchanging cryptocurrencies is being discussed. Furthermore, blockchain platforms also run programmed source code which is called as smart contract on its distributed platform. Smart contract extends usage of blockchain platform. So in this paper, we propose an algorithm for recording and managing location data of IoT service provider and user based on blockchain with smart contract. Our proposal records data of participants in network by blockchain which ensures security and match with other optimized participant by spatial data processing.
In this paper, we introduce DeadBolt, a new security framework for managing IoT network access. DeadBolt hides all of the devices in an IoT deployment behind an access point that implements deny-by-default policies for both incoming and outgoing traffic. The DeadBolt AP also forces high-end IoT devices to use remote attestation to gain network access; attestation allows the devices to prove that they run up-to-date, trusted software. For lightweight IoT devices which lack the ability to attest, the DeadBolt AP uses virtual drivers (essentially, security-focused virtual network functions) to protect lightweight device traffic. For example, a virtual driver might provide network intrusion detection, or encrypt device traffic that is natively cleartext. Using these techniques, and several others, DeadBolt can prevent realistic attacks while imposing only modest performance costs.
In this paper, we propose a new randomized response algorithm that can achieve differential-privacy and utility guarantees for consumer's behaviors, and process a batch of data at each time. Firstly, differing from traditional differential private approach-es, we add randomized response noise into the behavior signa-tures matrix to achieve an acceptable utility-privacy tradeoff. Secondly, a behavior signature modeling method based on sparse coding is proposed. After some lightweight trainings us-ing the energy consumption data, the dictionary will be associat-ed with the behavior characteristics of the electric appliances. At last, through the experimental results verification, we find that our Algorithm can preserve consumer's privacy without comprising utility.
In the context of emerging applications such as IoT, an RFID framework that can dynamically incorporate, identify, and seamlessly regulate the RFID tags is considered exciting. Earlier RFID frameworks developed using the older web technologies were limited in their ability to provide complete information about the RFID tags and their respective locations. However, the new and emerging web technologies have transformed this scenario and now framework can be developed to include all the required flexibility and security for seamless applications such as monitoring of RFID tags. This paper revisits and proposes a generic scenario of an RFID framework built using latest web technology and demonstrates its ability to customize using an application for tracking of personal user objects. This has been shown that the framework based on newer web technologies can be indeed robust, uniform, unified, and integrated.
The paradigm of fog computing has set new trends and heights in the modern world networking and have overcome the major technical complexities of cloud computing. It is not a replacement of cloud computing technology but it just adds feasible advanced characteristics to existing cloud computing paradigm.fog computing not only provide storage, networking and computing services but also provide a platform for IoT (internet of things). However, the fog computing technology also arise the threat to privacy and security of the data and services. The existing security and privacy mechanisms of the cloud computing cannot be applied to the fog computing directly due to its basic characteristics of large-scale geo-distribution, mobility and heterogeneity. This article provides an overview of the present existing issues and challenges in fog computing.
Industrial control systems are changing from monolithic to distributed and interconnected architectures, entering the era of industrial IoT. One fundamental issue is that security properties of such distributed control systems are typically only verified empirically, during development and after system deployment. We propose a novel modelling framework for the security verification of distributed industrial control systems, with the goal of moving towards early design stage formal verification. In our framework we model industrial IoT infrastructures, attack patterns, and mitigation strategies for countering attacks. We conduct model checking-based formal analysis of system security through scenario execution, where the analysed system is exposed to attacks and implement mitigation strategies. We study the applicability of our framework for large systems using a scalability analysis.
The growing interest in the smart device/home/city has resulted in increasing popularity of Internet of Things (IoT) deployment. However, due to the open and heterogeneous nature of IoT networks, there are various challenges to deploy an IoT network, among which security and scalability are the top two to be addressed. To improve the security and scalability for IoT networks, we propose a Software-Defined Virtual Private Network (SD-VPN) solution, in which each IoT application is allocated with its own overlay VPN. The VPN tunnels used in this paper are VxLAN based tunnels and we propose to use the SDN controller to push the flow table of each VPN to the related OpenvSwitch via the OpenFlow protocol. The SD-VPN solution can improve the security of an IoT network by separating the VPN traffic and utilizing service chaining. Meanwhile, it also improves the scalability by its overlay VPN nature and the VxLAN technology.
Industry 4.0 is based on the CPS architecture since it is the next generation in the industry. The CPS architecture is a system based on Cloud Computing technology and Internet of Things where computer elements collaborate for the control of physical entities. The security framework in this architecture is necessary for the protection of two parts (physical and information) so basically, security in CPS is classified into two main parts: information security (data) and security of control. In this work, we propose two models to solve the two problems detected in the security framework. The first proposal SCCAF (Smart Cloud Computing Adoption Framework) treats the nature of information that serves for the detection and the blocking of the threats our basic architecture CPS. The second model is a modeled detector related to the physical nature for detecting node information.
The Internet of Things (IoT) is one of the emerging technologies that has seized the attention of researchers, the reason behind that was the IoT expected to be applied in our daily life in the near future and human will be wholly dependent on this technology for comfort and easy life style. Internet of things is the interconnection of internet enabled things or devices to connect with each other and to humans in order to achieve some goals or the ability of everyday objects to connect to the Internet and to send and receive data. However, the Internet of Things (IoT) raises significant challenges that could stand in the way of realizing its potential benefits. This paper discusses access control area as one of the most crucial aspect of security and privacy in IoT and proposing a new way of access control that would decide who is allowed to access what and who is not to the IoT subjects and sensors.
The rapid growth of population and industrialization has given rise to the way for the use of technologies like the Internet of Things (IoT). Innovations in Information and Communication Technologies (ICT) carries with it many challenges to our privacy's expectations and security. In Smart environments there are uses of security devices and smart appliances, sensors and energy meters. New requirements in security and privacy are driven by the massive growth of devices numbers that are connected to IoT which increases concerns in security and privacy. The most ubiquitous threats to the security of the smart grids (SG) ascended from infrastructural physical damages, destroying data, malwares, DoS, and intrusions. Intrusion detection comprehends illegitimate access to information and attacks which creates physical disruption in the availability of servers. This work proposes an intrusion detection system using data mining techniques for intrusion detection in smart grid environment. The results showed that the proposed random forest method with a total classification accuracy of 98.94 %, F-measure of 0.989, area under the ROC curve (AUC) of 0.999, and kappa value of 0.9865 outperforms over other classification methods. In addition, the feasibility of our method has been successfully demonstrated by comparing other classification techniques such as ANN, k-NN, SVM and Rotation Forest.
The success and widespread adoption of the Internet of Things (IoT) has increased many folds over the last few years. Industries, technologists and home users recognise the importance of IoT in their lives. Essentially, IoT has brought vast industrial revolution and has helped automate many processes within organisations and homes. However, the rapid growth of IoT is also a cause for significant concern. IoT is not only plagued with security, authentication and access control issues, it also doesn't work as well as it should with fourth industrial revolution, commonly known as Industry 4.0. The absence of effective regulation, standards and weak governance has led to a continual downward trend in the security of IoT networks and devices, as well as given rise to a broad range of privacy issues. This paper examines the IoT industry and discusses the urgent need for standardisation, the benefits of governance as well as the issues affecting the IoT sector due to the absence of regulation. Additionally, through this paper, we are introducing an IoT security framework (IoTSFW) for organisations to bridge the current lack of guidelines in the IoT industry. Implementation of the guidelines, defined in the proposed framework, will assist organisations in achieving security, privacy, sustainability and scalability within their IoT networks.
The RFID based communication between objects within the framework of IoT is potentially very efficient in terms of power requirements and system complexity. The new design incorporating the emerging chipless RFID tags has the potential to make the system more efficient and simple. However, these systems are prone to privacy and security risks and these challenges associated with such systems have not been addressed appropriately in the broader IoT framework. In this context, a lightweight collision free algorithm based on n-bit pseudo random number generator, X-OR hash function, and rotations for chipless RFID system is presented. The algorithm has been implemented on an 8-bit open-loop resonator based chipless RFID tag based system and is validated using BASYS 2 FPGA board based platform. The proposed scheme has been shown to possess security against various attacks such as Denial of Service (DoS), tag/reader anonymity, and tag impersonation.
Compromising IoT devices to build botnets and disrupt critical infrastructure is an existential threat. Refrigerators, washing machines, DVRs, security cameras, and other consumer goods are high value targets for attackers due to inherent security weaknesses, a lack of consumer security awareness, and an absence of market forces or regulatory requirements to motivate IoT security. As a result of the deficiencies, attackers have quickly assembled large scale botnets of IoT devices to disable Internet infrastructure and deny access to dominant web properties with near impunity. IoT malware is often transmitted from host to host similar to how biological viruses spread in populations. Both biological viruses and computer malware may exhibit epidemic characteristics when spreading in populations of vulnerable hosts. Vaccines are used to stimulate resistance to biological viruses by inoculating a sufficient number of hosts in the vulnerable population to limit the spread of the biological virus and prevent epidemics. Inoculation programs may be viewed as a human instigated epidemic that spreads a vaccine in order to mitigate the damage from a biological virus. In this paper we propose a technique to create an inoculation epidemic for IoT devices using a novel variation of a SIS epidemic model and show experimental results that indicate utility of the approach.
The Security is a real permanent problem in wired and wireless communication systems. This issue becomes more and more complex in the internet of things context where the security solution still poor and insufficient where the number of these noeud hugely increase (around 26 milliards in 2020). In this paper we propose a new security schema which avoid the use of cryptography mechanism based on the exchange of symmetric or asymmetric keys which aren't recommended in IoT devices due to their limitation in processing, stockage and energy. The proposed solution is based on the use of the multi-agent ensuring the security of connected objects. These objects programmed with agents are able to communicate with other objects without any need to compute keys. The main objective in this work is to maintain a high level of security with an optimization of the energy consumption of IoT devices.
Through the internet and local networks, IoT devices exchange data. Most of the IoT devices are low-power devices, meaning that they are designed to use less electric power. To secure data transmission, it is required to encrypt the messages. Encryption and decryption of messages are computationally expensive activities, thus require considerable amount of processing and memory power which is not affordable to low-power IoT devices. Therefore, not all secure transmission protocols are low-power IoT devices friendly. This study proposes a secure data transmission protocol for low-power IoT devices. The design inherits some features in Kerberos and onetime password concepts. The protocol is designed for devices which are connected to each other, as in a fully connected network topology. The protocol uses symmetric key cryptography under the assumption of that the device specific keys are never being transmitted over the network. It resists DoS, message replay and Man-of-the-middle attacks while facilitating the key security concepts such as Authenticity, Confidentiality and Integrity. The designed protocol uses less number of encryption/decryption cycles and maintain session based strong authentication to facilitate secure data transmission among nodes.
Smart grid technology is the core technology for the next-generation power grid system with enhanced energy efficiency through decision-making communication between suppliers and consumers enabled by integrating the IoT into the existing grid. This open architecture allowing bilateral information exchange makes it vulnerable to various types of cyberattack. APT attacks, one of the most common cyberattacks, are highly tricky and sophisticated attacks that can circumvent the existing detection technology and attack the targeted system after a certain latent period after intrusion. This paper proposes an ontology-based attack detection system capable of early detection of and response to APT attacks by analyzing their attacking patterns.
The Internet of Things (IoT) is an emerging technology, an extension of the traditional Internet which make everything is connected each other based on Radio Frequency Identification (RFID), Sensor, GPS or Machine to Machine technologies, etc. The security issues surrounding IoT have been of detrimental impact to its development and has consequently attracted research interest. However, there are very few approaches which assess the security of IoT from the perspective of an attacker. Penetration testing is widely used to evaluate traditional internet or systems security to date and it normally spends numerous cost and time. In this paper, we analyze the security problems of IoT and propose a penetration testing approach and its automation based on belief-desire-intention (BDI) model to evaluate the security of the IoT.
In this paper, we applied IoT (Internet of things) technology and SMS (short message service) technology to vehicle security system, and designed vehicle remote control system to ensure the vehicle security. Besides, we discussed the method that converted the displacement increment to latitude and longitude increment in order to solve the problem that how to accurately obtain the current location information when GPS (Global Positioning System) failed. The hardware system can realize such function that owners by sending an SMS, or by sending the password through web side of IoT platform, you can remotely control the car alarm system opening or closing, and query vehicle position and other functions. Through this method, it is easy to achieve security for vehicle positioning and tracking.