Biblio

Mobile Ad-hoc Networks (MANET) is an autonomous network consisting of movable devices that can form a network using wireless media. MANET routing protocols can be used for selecting an efficient and shortest path for data transmission between nodes in a smart environment formed by the Internet of Things (IoT). Networking in such MANET-enabled IoT system is based on the routing protocols of MANET, data sensing from things, and data handling and processing using IoT. This paper studies proactive approach-based secure routing protocols for MANET-enabled IoT and analyses these protocols to identify security issues in it. Since this fusion network is resource-constrained in nature, each of the studied protocol is evaluated to check if it is lightweight or not. Also, the solution to defend against active attacks in this network is discussed.

The Internet of Things (IoT) paradigm, with its highly distributed and interconnected architecture, is gaining ground in Industry 4.0 and in critical infrastructures like the eHealth sector, the Smart Grid, Intelligent Power Plants and Smart Mobility. In these critical sectors, the preservation of metrological characteristics and their traceability is a strong legal requirement, just like cyber-security, since it offers the ground for liability. Any vulnerability in the system in which the metrological network is embedded can endanger human lives, the environment or entire economies. This paper presents a framework comprised of a methodology and some tools for the governance of the metrological chain. The proposed methodology combines the RAMI 4.0 model, which is a Reference Architecture used in the field of Industrial Internet of Things (IIoT), with the the Reference Model for Information Assurance & Security (RMIAS), a framework employed to guarantee information assurance and security, merging them with the well established paradigms to preserve calibration and referability of metrological instruments. Thus, metrological traceability and cyber-security are taken into account straight from design time, providing a conceptual space to achieve security by design and to support the maintenance of the metrological chain over the entire system lifecycle. The framework lends itself to be completely automatized with Model Checking to support automatic detection of non conformity and anomalies at run time.

Internet of Things (IoT) is defined as the connection between places and physical objects (i.e., things) over the internet/network via smart computing devices. IoT is a rapidly emerging paradigm that now encompasses almost every aspect of our modern life. As such, it is crucial to ensure IoT devices follow strict security requirements. At the same time, the prevalence of IoT devices offers developers a chance to design and develop Machine Learning (ML)-based intelligent software systems using their IoT devices. However, given the diversity of IoT devices, IoT developers may find it challenging to introduce appropriate security and ML techniques into their devices. Traditionally, we learn about the IoT ecosystem/problems by conducting surveys of IoT developers/practitioners. Another way to learn is by analyzing IoT developer discussions in popular online developer forums like Stack Overflow (SO). However, we are aware of no such studies that focused on IoT developers’ security and ML-related discussions in SO. This paper offers the results of preliminary study of IoT developer discussions in SO. First, we collect around 53K IoT posts (questions + accepted answers) from SO. Second, we tokenize each post into sentences. Third, we automatically identify sentences containing security and ML-related discussions. We find around 12% of sentences contain security discussions, while around 0.12% sentences contain ML-related discussions. There is no overlap between security and ML-related discussions, i.e., IoT developers discussing security requirements did not discuss ML requirements and vice versa. We find that IoT developers discussing security issues frequently inquired about how the shared data can be stored, shared, and transferred securely across IoT devices and users. We also find that IoT developers are interested to adopt deep neural network-based ML models into their IoT devices, but they find it challenging to accommodate those into their resource-constrained IoT devices. Our findings offer implications for IoT vendors and researchers to develop and design novel techniques for improved security and ML adoption into IoT devices.

Internet of Things (IoT) is a sophisticated concept of the traditional internet. In IoT, all things in our lives can be connected with the internet or with each other to exchange data and perform specific functions through the network. However, combining several devices-especially by unskilled users-may pose a number of security risks. In addition, some commonly used communication protocols in the IoT area are not secure. Security, on the other hand, increases overhead by definition, resulting in performance degradation. The Message Queuing Telemetry Transport (MQTT) protocol is a lightweight protocol and can be considered as one of the most popular IoT protocols, it is a publish/subscribe messaging transport protocol that uses a client-server architecture. MQTT is built to run over TCP protocol, thus it does not provide any level of security by default. Therefore, Transport Layer Security (TLS) can be used to ensure the security of the MQTT protocol. This paper analyzed the impact on the performance and security of the MQTT protocol in two cases. The first case, when using TLS protocol to support the security of the MQTT protocol. The second case, using the traditional MQTT without providing any level of security for the exchanged data. The results indicated that there is a tradeoff between the performance and the security when using MQTT protocol with and without the presence of TLS protocol.

Internet of Things (IoT), Cloud and Augmented Reality (AR) are the emerging and developing technologies and are at the horizon and hype of their life cycle. Lots of commercial applications based on IoT, cloud and AR provide unrestricted access to data. The real-time applications based on these technologies are at the cusp of their innovations. The most frequent security attacks for IoT, cloud and AR applications are DDoS attacks. In this paper a detailed account of various DDoS attacks that can be the hindrance of many important sensitive services and can degrade the overall performance of recent services which are purely based on network communications. The DDoS attacks should be dealt with carefully and a set of a new generations of algorithm need to be developed to mitigate the problems caused by non-repudiation kinds of attacks.

These days, almost everyone has been entirely relying on mobile devices and mobile related applications running on Android Operating Systems, the most used Mobile Operating System in the world with the largest market share. These Mobile devices and applications can become an information goldmine for hackers and are considered one of the significant concerns mobile users face who stand a chance of being victimized during data breach from hackers due to lapse in information security and controls. Such challenge can be put to bare through systematic digital forensic analysis through penetration testing for a humanoid robot like Zenbo, which run Android OS and related application, to help identify associated security vulnerabilities and develop controls required to improve security using popular penetration testing tools such as Drozer, Mobile Application Security framework (mobSF), and AndroBugs with the help of Santoku Linux distribution.

In the security platform of Internet of Things (IoT), a licensed Low Power Wide Area Network (LPWAN) technology, named Narrowband Internet of Things (NB-IoT) is playing a vital role in transferring the information between objects. This technology is preferable for applications having a low data rate. As the number of subscribers increases, attack possibilities raise simultaneously. So securing the transmission between the objects becomes a big task. Bandwidth spoofing is one of the most sensitive attack that can be performed on the communication channel that lies between the access point and user equipment. This research proposal objective is to secure the system from the attack based on Unmanned Aerial vehicles (UAVs) enabled Small Cell Access (SCA) device which acts as an intruder between the user and valid SCA and investigating the scenario when any intruder device comes within the communication range of the NB-IoT enabled device. Here, this article also proposed a mathematical solution for the proposed scenario.

This paper presents an IoT enabled real time occupancy semantic search system leveraging ETSI defined context information and interface meta model standard- ``Next Generation Service Interface for Linked Data'' (NGSI-LD). It facilitates interoperability, integration and federation of information exchange related to spatial infrastructure among geo-distributed deployed IoT entities, different stakeholders, and process domains. This system, in the presented use case, solves the problem of adhoc booking of meetings in real time through semantic discovery of spatial data and metadata related to room occupancy and thus enables optimum utilization of spatial infrastructure in university campuses. Therefore, the proposed system has the capability to save on effort, cost and productivity in institutional spatial management contexts in the longer run and as well provide a new enriched user experience in smart public buildings. Additionally, the system empowers different stakeholders to plan, forecast and fulfill their spatial infrastructure requirements through semantic data search analysis and real time data driven planning. The initial performance results of the system have shown quick response enabled semantic discovery of data and metadata (textless2 seconds mostly). The proposed system would be a steppingstone towards smart management of spatial infrastructure which offers scalability, federation, vendor agnostic ecosystem, seamless interoperability and integration and security by design. The proposed system provides the fundamental work for its extension and potential in relevant spatial domains of the future.

Internet of Things (IoT) is one relatively new technology, which aims to make our lives easier by automating our daily processes. This article would aim to deliver an idea how to prevent the IoT technology, delivering maliciously and bad things and how to scale. The intention of this research is to explain how a specific implementation of a Blockchain network, enterprise-grade permissioned distributed ledger framework called Hyperledger Fabric, can be used to resolve the security and scalability issues in an IoT network.

Security has become a significant factor of Internet of Things (IoT) and Cyber Physical Systems (CPS) wherein the devices usually vary in computing power and intrinsic hardware features. It is necessary to use security-by-design method in the development of these systems. This paper focuses on the security design issue about this sort of heterogeneous embedded systems and proposes a systematic approach aiming to achieve optimal security design objective.

This paper aims to identify Wi-SUN devices using physical layer fingerprint. We first extract physical layer features based on the received Wi-SUN signals, especially focusing on device-specific clock skew and frequency deviation in FSK modulation. Then, these physical layer fingerprints are used to train a machine learning-based classifier and the resulting classifier finally identifies the authorized Wi-SUN devices. Preliminary experiments on Wi-SUN certified chips show that the authenticator with the proposed physical layer fingerprints can distinguish Wi-SUN devices with 100 % accuracy. Since no additional computational complexity for authentication is involved on the device side, our approach can be applied to any Wi-SUN based IoT devices with security requirements.

Code-reuse attacks pose a threat to embedded devices since they are able to defeat common security defenses such as non-executable stacks. To succeed in his code-reuse attack, the attacker has to gain knowledge of some or all of the instructions of the target firmware/software. In case of a bare-metal firmware that is protected from being dumped out of a device, it is hard to know the running instructions of the target firmware. This consequently makes code-reuse attacks more difficult to achieve. This paper shows how an attacker can gain knowledge of some of these instructions by sniffing the unencrypted incremental updates. These updates exist to reduce the radio reception power for resource-constrained devices. Based on the literature, these updates are checked against authentication and integrity, but they are sometimes sent unencrypted. Therefore, it will be demonstrated how a Return-Oriented Programming (ROP) attack can be accomplished using only the passively sniffed incremental updates. The generated updates of the R3diff and Delta Generator (DG) differencing algorithms will be under assessment. The evaluation reveals that both of them can be exploited by the attacker. It also shows that the DG generated updates leak more information than the R3diff generated updates. To defend against this attack, different countermeasures that consider different power consumption scenarios are proposed, but yet to be evaluated.

Protecting privacy of the user location in Internet of Things (IoT) applications is a complex problem. Peer-to-peer (P2P) approach is one of the most popular techniques used to protect privacy in IoT applications, especially that use the location service. The P2P approach requires trust among peers in addition to serious cooperation. These requirements are still an open problem for this approach and its methods. In this paper, we propose an effective solution to this issue by creating a manager for the peers' reputation called R-TTP. Each peer has a new query. He has to evaluate the cooperated peer. Depending on the received result of that evaluation, the main peer will send multiple copies of the same query to multiple peers and then compare results. Moreover, we proposed another scenario to the manager of reputation by depending on Fog computing to enhance both performance and privacy. Relying on this work, a user can determine the most suitable of many available cooperating peers, while avoiding the problems of putting up with an inappropriate cooperating or uncommitted peer. The proposed method would significantly contribute to developing most of the privacy techniques in the location-based services. We implemented the main functions of the proposed method to confirm its effectiveness, applicability, and ease of application.

The growing adoption of IoT devices is creating a huge positive impact on human life. However, it is also making the network more vulnerable to security threats. One of the major threats is malicious traffic injection attack, where the hacked IoT devices overwhelm the application servers causing large-scale service disruption. To address such attacks, we propose a Software Defined Networking based predictive alarm manager solution for malicious traffic detection and mitigation at the IoT Gateway. Our experimental results with the proposed solution confirms the detection of malicious flows with nearly 95% precision on average and at its best with around 99% precision.

IoT networks today face a myriad of security vulnerabilities in their infrastructure due to its wide attack surface. Large-scale networks are increasingly adopting a Software-Defined Networking approach, it allows for simplified network control and management through network virtualization. Since traditional security mechanisms are incapable of handling virtualized environments, SDSec or Software-Defined Security is introduced as a solution to support virtualized infrastructure, specifically aimed at providing security solutions to SDN frameworks. To further aid large scale design and development of SDN frameworks, Model-Driven Engineering (MDE) has been proposed to be used at the design phase, since abstraction, automation and analysis are inherently key aspects of MDE. This provides an efficient approach to reducing large problems through models that abstract away the complex technicality of the total system. Making adaptations to these models to address security issues faced in IoT networks, largely reduces cost and improves efficiency. These models can be simulated, analysed and supports architecture model adaptation; model changes are then reflected back to the real system. We propose a model-driven security approach for SDSec networks that can self-adapt using machine learning to mitigate security threats. The overall design time changes can be monitored at run time through machine learning techniques (e.g. deep, reinforcement learning) for real time analysis. This approach can be tested in IoT simulation environments, for instance using the CAPS IoT modeling and simulation framework. Using self-adaptation of models and advanced machine learning for data analysis would ensure that the SDSec architecture adapts and improves over time. This largely reduces the overall attack surface to achieve improved end-to-end security in IoT environments.

The number of devices in the Internet of Things (IoT) immensely grew in recent years. A frequent challenge in the assurance of the dependability of IoT systems is that components of the system appear as a black box. This paper presents a semi-automatic testing methodology for black-box systems that combines automata learning and fuzz testing. Our testing technique uses stateful fuzzing based on a model that is automatically inferred by automata learning. Applying this technique, we can simultaneously test multiple implementations for unexpected behavior and possible security vulnerabilities.We show the effectiveness of our learning-based fuzzing technique in a case study on the MQTT protocol. MQTT is a widely used publish/subscribe protocol in the IoT. Our case study reveals several inconsistencies between five different MQTT brokers. The found inconsistencies expose possible security vulnerabilities and violations of the MQTT specification.

The exponential increase in the use of Internet of Things (IoT) devices has been accompanied by a spike in cyberattacks on IoT networks. In this research, we investigate the Bot-IoT dataset with a focus on classifying IoT reconnaissance attacks. Reconnaissance attacks are a foundational step in the cyberattack lifecycle. Our contribution is centered on the building of predictive models with the aid of Random Undersampling (RUS) and ensemble Feature Selection Techniques (FSTs). As far as we are aware, this type of experimentation has never been performed for the Reconnaissance attack category of Bot-IoT. Our work uses the Area Under the Receiver Operating Characteristic Curve (AUC) metric to quantify the performance of a diverse range of classifiers: Light GBM, CatBoost, XGBoost, Random Forest (RF), Logistic Regression (LR), Naive Bayes (NB), Decision Tree (DT), and a Multilayer Perceptron (MLP). For this study, we determined that the best learners are DT and DT-based ensemble classifiers, the best RUS ratio is 1:1 or 1:3, and the best ensemble FST is our ``6 Agree'' technique.

IoT is still an emerging technology without a lot of standards around it, which makes it difficult to integrate it into existing businesses, what's more, with restricted assets and expanding gadgets that essentially work with touchy information. Thus, information safety has become urgent for coders and clients. Thus, painstakingly chosen and essentially tested encryption calculations should be utilized to grow the gadgets productively, to decrease the danger of leaking the delicate information. This investigation looks at the ECC calculation (Elliptic Curve Cryptography) and Rivest-Shamir-Adleman (RSA) calculation. Furthermore, adding the study of DNA encoding operation in DNA computing with ECC to avoid attackers from getting access to the valuable data.

Recently, information leakage accidents have been continuously occurring due to cyberattacks, and internal information leakage has also been occurring additionally. In this situation, many hacking accidents and DDoS attacks related to IoT are reported, and cyber threat detection field is expanding. Therefore, in this study, the trend related to the commercialization and generalization of IoT technology and the degree of standardization of IoT have been analyzed. Based on the reality of IoT analyzed through this process, research and analysis on what points are required in IoT security control was conducted, and then IoT security control strategy was presented. In this strategy, the IoT environment was divided into IoT device, IoT network/communication, and IoT service/platform in line with the basic strategic framework of 'Pre-response-accident response-post-response', and the strategic direction of security control was established suitable for each of them.

This paper proposes an anonymity based mechanism for providing privacy in IoT environment. Proposed scheme allows IoT entities to anonymously interacting and authenticating with each other, or even proving that they have trustworthy relationship without disclosing their identities. Authentication is based on an anonymous certificates mechanism where interacting IoT entities could unlinkably prove possession of a valid certificate without revealing any incorporated identity-related information, thereby preserving their privacy and thwarting tracking and profiling attacks. Through a security analysis, we demonstrate the reliability of our solution.

Fog Computing was envisioned to solve problems like high latency, mobility, bandwidth, etc. that were introduced by Cloud Computing. Fog Computing has enabled remotely connected IoT devices and sensors to be managed efficiently. Nonetheless, the Fog-Cloud paradigm suffers from various security and privacy related problems. Blockchain ensures security in a trustless way and therefore its applications in various fields are increasing rapidly. In this work, we propose a Fog-Cloud architecture that enables Blockchain to ensure security, scalability, and privacy of remotely connected IoT devices. Furthermore, our proposed architecture also efficiently manages common problems like ever-increasing latency and energy consumption that comes with the integration of Blockchain in Fog-Cloud architecture.

IoT applications are quickly evolving in scope and objectives while their focus is being shifted toward supporting dynamic users’ requirements. IoT users initiate applications and expect quick and reliable deployment without worrying about the underlying complexities of the required sensing and routing resources. On the other hand, IoT sensing nodes, sinks, and gateways are heterogeneous, have limited resources, and require significant cost and installation time. Sensing network-level virtualization through virtual Sensing Networks (VSNs) could play an important role in enabling the formation of virtual groups that link the needed IoT sensing and routing resources. These VSNs can be initiated on-demand with the goal to satisfy different IoT applications’ requirements. In this context, we present a joint algorithm for IoT Sensing Resource Allocation with Dynamic Resource-Based Routing (SRADRR). The SRADRR algorithm builds on the current distinguished empowerment of sensing networks using recent standards like RPL and 6LowPAN. The proposed algorithm suggests employing the RPL standard concepts to create DODAG routing trees that dynamically adapt according to the available sensing resources and the requirements of the running and arriving applications. Our results and implementation of the SRADRR reveal promising enhancements in the overall applications deployment rate.

As a result of the importance of privacy at present, especially with the modern applications and technologies that have spread in the last decade, many techniques and methods have appeared to preserve privacy and protect users' data from tracking, profiling, or identification. The most popular of these technologies are those which rely on peer-to-peer or third-party cooperation. But, by reviewing a significant portion of existing research articles related to privacy, we find considerable confusion amongst several concepts and ways of protection, such as the concept of cloak area, Anonymizer, cooperation, and Third Party Peers (TTP). In this research, we revisit and review these approaches, which contain an overlap between them to distinguish each one clearly with the help of graphs and to remove their ambiguity. In this way, we shall be able provide a ready-reckoner to those interested in this field to easily differentiate between them and thus work to develop them and provide new methods. In other words, this research seeks to enhance the privacy and security in smart applications and technologies in the IoT and smart city environments.

The rapid expansion and diversity of technology throughout society have impacted the growing knowledge gap in conducting analysis on IoT devices. The IoT digital forensic field lacks the necessary tools and guidance to perform digital forensics on these devices. This is mainly attributed to their level of complexity and heterogeneity that is abundant within IoT devices-making the use of a JTAG technique one of the only ways to acquire information stored on an IoT device effectively. Nonetheless, utilizing a JTAG technique can be challenging, especially when having multiple devices with each possibly having its own configuration. To alleviate these issues within the field, we propose the development of an Internet of Things - Forensics Recovery Assistant (IoT-FRA). The IoT-FRA will offer the capabilities of an expert system to assist inexperienced users in performing forensics recovery of IoT devices through a JTAG technique and analysis on the device's capabilities to develop an organized method that will prioritize IoT devices to be analyzed.

Recently deep learning has demonstrated much success within the fields of image and natural language processing, facial recognition, and computer vision. The success is attributed to large, accessible databases and deep learning's ability to learn highly accurate models. Thus, deep learning is being investigated as a viable end-to-end approach to digital communications design. This work investigates the use of adversarial deep learning to ensure that a radio can communicate covertly, via Direct Sequence Spread Spectrum (DSSS), with another while a third (the adversary) is actively attempting to detect, intercept and exploit their communications. The adversary's ability to detect and exploit the DSSS signals is hindered by: (i) generating a set of spreading codes that are balanced and result in low side lobes as well as (ii) actively adapting the encoding scheme. Lastly, DSSS communications performance is assessed using energy constrained devices to accurately portray IoT and IoBT device limitations.