Biblio

Found 485 results

Filters: Keyword is IoT  [Clear All Filters]
2021-03-29
Schiliro, F., Moustafa, N., Beheshti, A..  2020.  Cognitive Privacy: AI-enabled Privacy using EEG Signals in the Internet of Things. 2020 IEEE 6th International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application (DependSys). :73—79.

With the advent of Industry 4.0, the Internet of Things (IoT) and Artificial Intelligence (AI), smart entities are now able to read the minds of users via extracting cognitive patterns from electroencephalogram (EEG) signals. Such brain data may include users' experiences, emotions, motivations, and other previously private mental and psychological processes. Accordingly, users' cognitive privacy may be violated and the right to cognitive privacy should protect individuals against the unconsented intrusion by third parties into the brain data as well as against the unauthorized collection of those data. This has caused a growing concern among users and industry experts that laws to protect the right to cognitive liberty, right to mental privacy, right to mental integrity, and the right to psychological continuity. In this paper, we propose an AI-enabled EEG model, namely Cognitive Privacy, that aims to protect data and classifies users and their tasks from EEG data. We present a model that protects data from disclosure using normalized correlation analysis and classifies subjects (i.e., a multi-classification problem) and their tasks (i.e., eye open and eye close as a binary classification problem) using a long-short term memory (LSTM) deep learning approach. The model has been evaluated using the EEG data set of PhysioNet BCI, and the results have revealed its high performance of classifying users and their tasks with achieving high data privacy.

2021-03-09
Injadat, M., Moubayed, A., Shami, A..  2020.  Detecting Botnet Attacks in IoT Environments: An Optimized Machine Learning Approach. 2020 32nd International Conference on Microelectronics (ICM). :1—4.

The increased reliance on the Internet and the corresponding surge in connectivity demand has led to a significant growth in Internet-of-Things (IoT) devices. The continued deployment of IoT devices has in turn led to an increase in network attacks due to the larger number of potential attack surfaces as illustrated by the recent reports that IoT malware attacks increased by 215.7% from 10.3 million in 2017 to 32.7 million in 2018. This illustrates the increased vulnerability and susceptibility of IoT devices and networks. Therefore, there is a need for proper effective and efficient attack detection and mitigation techniques in such environments. Machine learning (ML) has emerged as one potential solution due to the abundance of data generated and available for IoT devices and networks. Hence, they have significant potential to be adopted for intrusion detection for IoT environments. To that end, this paper proposes an optimized ML-based framework consisting of a combination of Bayesian optimization Gaussian Process (BO-GP) algorithm and decision tree (DT) classification model to detect attacks on IoT devices in an effective and efficient manner. The performance of the proposed framework is evaluated using the Bot-IoT-2018 dataset. Experimental results show that the proposed optimized framework has a high detection accuracy, precision, recall, and F-score, highlighting its effectiveness and robustness for the detection of botnet attacks in IoT environments.

2021-08-18
Sravya, G., Kumar, Manchalla. O.V.P., Sudarsana Reddy, Y., Jamal, K., Mannem, Kiran.  2020.  The Ideal Block Ciphers - Correlation of AES and PRESENT in Cryptography. 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS). :1107—1113.
In this digital era, the usage of technology has increased rapidly and led to the deployment of more innovative technologies for storing and transferring the generated data. The most important aspect of the emerging communication technologies is to ensure the safety and security of the generated huge amount of data. Hence, cryptography is considered as a pathway that can securely transfer and save the data. Cryptography comprises of ciphers that act like an algorithm, where the data is encrypted at the source and decrypted at the destination. This paper comprises of two ciphers namely PRESENT and AES ciphers. In the real-time applications, AES is no more relevant especially for segmenting the organizations that leverage RFID, Sensors and IoT devices. In order to overcome the strategic issues faced by these organization, PRESENT ciphers work appropriately with its super lightweight block figure, which has the equivalent significance to both security and equipment arrangements. This paper compares the AES (Advance encryption standard) symmetric block cipher with PRESENT symmetric block cipher to leverage in the industries mentioned earlier, where the huge consumption of resources becomes a significant factor. For the comparison of different ciphers, the results of area, timing analysis and the waveforms are taken into consideration.
2021-08-31
Amjath, M.I.M., Senthooran, V..  2020.  Secure Communication Using Steganography in IoT Environment. 2020 2nd International Conference on Advancements in Computing (ICAC). 1:114—119.
IoT is an emerging technology in modern world of communication. As the usage of IoT devices is increasing in day to day life, the secure data communication in IoT environment is the major challenge. Especially, small sized Single-Board Computers (SBCs) or Microcontrollers devices are widely used to transfer data with another in IoT. Due to the less processing power and storage capabilities, the data acquired from these devices must be transferred very securely in order to avoid some ethical issues. There are many cryptography approaches are applied to transfer data between IoT devices, but there are obvious chances to suspect encrypted messages by eavesdroppers. To add more secure data transfer, steganography mechanism is used to avoid the chances of suspicion as another layer of security. Based on the capabilities of IoT devices, low complexity images are used to hide the data with different hiding algorithms. In this research study, the secret data is encoded through QR code and embedded in low complexity cover images by applying image to image hiding fashion. The encoded image is sent to the receiving device via the network. The receiving device extracts the QR code from image using secret key then decoded the original data. The performance measure of the system is evaluated by the image quality parameters mainly Peak Signal to Noise Ratio (PSNR), Normalized Coefficient (NC) and Security with maintaining the quality of contemporary IoT system. Thus, the proposed method hides the precious information within an image using the properties of QR code and sending it without any suspicion to attacker and competes with the existing methods in terms of providing more secure communication between Microcontroller devices in IoT environment.
2021-08-12
Abbas, Syed Ghazanfar, Husnain, Muhammad, Fayyaz, Ubaid Ullah, Shahzad, Farrukh, Shah, Ghalib A., Zafar, Kashif.  2020.  IoT-Sphere: A Framework to Secure IoT Devices from Becoming Attack Target and Attack Source. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1402—1409.
In this research we propose a framework that will strengthen the IoT devices security from dual perspectives; avoid devices to become attack target as well as a source of an attack. Unlike traditional devices, IoT devices are equipped with insufficient host-based defense system and a continuous internet connection. All time internet enabled devices with insufficient security allures the attackers to use such devices and carry out their attacks on rest of internet. When plethora of vulnerable devices become source of an attack, intensity of such attacks increases exponentially. Mirai was one of the first well-known attack that exploited large number of vulnerable IoT devices, that bring down a large part of Internet. To strengthen the IoT devices from dual security perspective, we propose a two step framework. Firstly, confine the communication boundary of IoT devices; IoT-Sphere. A sphere of IPs that are allowed to communicate with a device. Any communication that violates the sphere will be blocked at the gateway level. Secondly, only allowed communication will be evaluated for potential attacks and anomalies using advance detection engines. To show the effectiveness of our proposed framework, we perform couple of attacks on IoT devices; camera and google home and show the feasibility of IoT-Sphere.
2021-05-05
Mnushka, Oksana, Savchenko, Volodymyr.  2020.  Security Model of IOT-based Systems. 2020 IEEE 15th International Conference on Advanced Trends in Radioelectronics, Telecommunications and Computer Engineering (TCSET). :398—401.
The increasing using of IoT technologies in the industrial sector creates new challenges for the information security of such systems. Using IoT-devices for building SCADA systems cause standard protocols and public networks for data transmitting. Commercial off-the-shelf devices and systems are a new base for industrial control systems, which have high-security risks. There are some useful models are exist for security analysis of information systems, but they do not take into account IoT architecture. The nested attributed metagraph model for the security of IoT-based solutions is proposed and discussed.
2021-09-16
Rachini, Ali S., Khatoun, R..  2020.  Distributed Key Management Authentication Algorithm in Internet of Things (IOT). 2020 Sixth International Conference on Mobile And Secure Services (MobiSecServ). :1–5.
Radio frequency identification system (RFID) is a wireless technology based on radio waves. These radio waves transmit data from the tag to a reader, which then transmits the information to a server. RFID tags have several advantages, they can be used in merchandise, to track vehicles, and even patients. Connecting RFID tags to internet terminal or server it called Internet of Things (IoT). Many people have shown interest in connected objects or the Internet of Things (IoT). The IoT is composed of many complementary elements each having their own specificities. The RFID is often seen as a prerequisite for the IoT. The main challenge of RFID is the security issues. Connecting RFID with IoT poses security threats and challenges which are needed to be discussed properly before deployment. In this paper, we proposed a new distributed encryption algorithm to be used in the IoT structure in order to reduce the security risks that are confronted in RFID technology.
2021-06-02
Das, Sima, Panda, Ganapati.  2020.  An Initiative Towards Privacy Risk Mitigation Over IoT Enabled Smart Grid Architecture. 2020 International Conference on Renewable Energy Integration into Smart Grids: A Multidisciplinary Approach to Technology Modelling and Simulation (ICREISG). :168—173.
The Internet of Things (IoT) has transformed many application domains with realtime, continuous, automated control and information transmission. The smart grid is one such futuristic application domain in execution, with a large-scale IoT network as its backbone. By leveraging the functionalities and characteristics of IoT, the smart grid infrastructure benefits not only consumers, but also service providers and power generation organizations. The confluence of IoT and smart grid comes with its own set of challenges. The underlying cyberspace of IoT, though facilitates communication (information propagation) among devices of smart grid infrastructure, it undermines the privacy at the same time. In this paper we propose a new measure for quantifying the probability of privacy leakage based on the behaviors of the devices involved in the communication process. We construct a privacy stochastic game model based on the information shared by the device, and the access to the compromised device. The existence of Nash Equilibrium strategy of the game is proved theoretically. We experimentally validate the effectiveness of the privacy stochastic game model.
2021-01-11
Khudhair, A. B., Ghani, R. F..  2020.  IoT Based Smart Video Surveillance System Using Convolutional Neural Network. 2020 6th International Engineering Conference “Sustainable Technology and Development" (IEC). :163—168.

Video surveillance plays an important role in our times. It is a great help in reducing the crime rate, and it can also help to monitor the status of facilities. The performance of the video surveillance system is limited by human factors such as fatigue, time efficiency, and human resources. It would be beneficial for all if fully automatic video surveillance systems are employed to do the job. The automation of the video surveillance system is still not satisfying regarding many problems such as the accuracy of the detector, bandwidth consumption, storage usage, etc. This scientific paper mainly focuses on a video surveillance system using Convolutional Neural Networks (CNN), IoT and cloud. The system contains multi nods, each node consists of a microprocessor(Raspberry Pi) and a camera, the nodes communicate with each other using client and server architecture. The nodes can detect humans using a pretraining MobileNetv2-SSDLite model and Common Objects in Context(COCO) dataset, the captured video will stream to the main node(only one node will communicate with cloud) in order to stream the video to the cloud. Also, the main node will send an SMS notification to the security team to inform the detection of humans. The security team can check the videos captured using a mobile application or web application. Operating the Object detection model of Deep learning will be required a large amount of the computational power, for instance, the Raspberry Pi with a limited in performance for that reason we used the MobileNetv2-SSDLite model.

2021-04-09
Soni, G., Sudhakar, R..  2020.  A L-IDS against Dropping Attack to Secure and Improve RPL Performance in WSN Aided IoT. 2020 7th International Conference on Signal Processing and Integrated Networks (SPIN). :377—383.

In the Internet of Things (IoT), it is feasible to interconnect networks of different devices and all these different devices, such as smartphones, sensor devices, and vehicles, are controlled according to a particular user. These different devices are delivered and accept the information on the network. This thing is to motivate us to do work on IoT and the devices used are sensor nodes. The validation of data delivery completely depends on the checks of count data forwarding in each node. In this research, we propose the Link Hop Value-based Intrusion Detection System (L-IDS) against the blackhole attack in the IoT with the assist of WSN. The sensor nodes are connected to other nodes through the wireless link and exchange data routing, as well as data packets. The LHV value is identified as the attacker's presence by integrating the data delivery in each hop. The LHV is always equivalent to the Actual Value (AV). The RPL routing protocol is used IPv6 to address the concept of routing. The Routing procedure is interrupted by an attacker by creating routing loops. The performance of the proposed L-IDS is compared to the RPL routing security scheme based on existing trust. The proposed L-IDS procedure is validating the presence of the attacker at every source to destination data delivery. and also disables the presence of the attacker in the network. Network performance provides better results in the existence of a security scheme and also fully represents the inoperative presence of black hole attackers in the network. Performance metrics show better results in the presence of expected IDS and improve network reliability.

2021-08-02
Castilho, Sergio D., Godoy, Eduardo P., Salmen, Fadir.  2020.  Implementing Security and Trust in IoT/M2M using Middleware. 2020 International Conference on Information Networking (ICOIN). :726—731.
Machine to Machine (M2M) a sub area of Internet of Things (IoT) will link billions of devices or things distributed around the world using the Internet. These devices when connected exchange information obtained from the environment such as temperature or humidity from industrial or residential control process. Information Security (IS) and Trust are one of the fundamental points for users and the industry to accept the use of these devices with Confidentiality, Integrity, Availability and Authenticity. The key reason is that most of these devices use wireless media especially in residential and smart city environments. The overall goal of this work is to implement a Middleware Security to improve Safety and Security between the control network devices used in IoT/M2M and the Internet for residential or industrial environments. This implementation has been tested with different protocols as CoAP and MQTT, a microcomputer with free Real-Time Operating System (RTOS) implemented in a Raspberry Pi Gateway Access Point (RGAP), Network Address Translator (NAT), IPTable firewall and encryption is part of this implementation for secure data transmission
2021-08-12
Jung, Junyoung, Cho, Jinsung, Lee, Ben.  2020.  A Secure Platform for IoT Devices based on ARM Platform Security Architecture. 2020 14th International Conference on Ubiquitous Information Management and Communication (IMCOM). :1—4.
Recent IoT services are being used in various fields such as smart homes, smart factories, smart cars and industrial systems. These various IoT services are implemented through hyper-connected IoT devices, and accordingly, security requirements of these devices are being highlighted. In order to satisfy the security requirements of IoT devices, various studies have been conducted such as HSM, Security SoC, and TrustZone. In particular, ARM proposed Platform Security Architecture (PSA), which is a security architecture that provide execution isolation to safely manage and protect the computing resources of low- end IoT devices. PSA can ensure confidentiality and integrity of IoT devices based on its structural features, but conversely, it has the problem of increasing development difficulty in using the security functions of PSA. To solve this problem, this paper analyzes the security requirements of an IoT platform and proposes secure platform based on PSA. To evaluate the proposed secure platform, a PoC implementation is provided based on hardware prototype consisting of FPGA. Our experiments with the PoC implementation verify that the proposed secure platform offers not only high security but also convenience of application development for IoT devices.
2021-08-02
Jeste, Manasi, Gokhale, Paresh, Tare, Shrawani, Chougule, Yutika, Chaudhari, Archana.  2020.  Two-point security system for doors/lockers using Machine learning and Internet Of Things. 2020 Fourth International Conference on Inventive Systems and Control (ICISC). :740—744.
The objective of the proposed research is to develop an IOT based security system with a two-point authentication. Human face recognition and fingerprint is a known method for access authentication. A combination of both technologies and integration of the system with IoT make will make the security system more efficient and reliable. Use of online platform google firebase is made for saving database and retrieving it in real-time. In this system access to the fingerprint (touch sensor) from mobile is proposed using an android app developed in android studio and authentication for the same is also proposed. On identification of both face and fingerprint together, access to door or locker is provided.
2021-11-08
Martin, Robert Alan.  2020.  Assurance for CyberPhysical Systems: Addressing Supply Chain Challenges to Trustworthy Software-Enabled Things. 2020 IEEE Systems Security Symposium (SSS). :1–5.
Software is playing a pivotal role in most enterprises, whether they realize it or not, and with the proliferation of Industrial Internet of Things (IoT) and other CyberPhysical systems across our society and critical infrastructure and our collective love affair with automation, optimization, and ``smart'' devices, the role of these types of systems is only going to increase. This talk addresses the myriad of issues that underlie unsafe, insecure, and unreliable software and provides the insights of the Industrial Internet Consortium and other government and industry efforts on how to conquer them and pave the way to a marketplace of trustworthy software-enabled connected things. As the experience of several sectors has shown, the dependence on connected software needs to be met with a strong understanding of the risks to the overall trustworthiness of our software-based capabilities that we, our enterprises, and our world utilize. In many of these new connected systems issues of safety, reliability, and resilience rival or dominate concerns for security and privacy, the long-time focus of many in the IT world. Without a scalable and efficient method for managing these risks so our enterprises can continue to benefit from these advancements that powers our military, commercial industries, cities, and homes to new levels of efficiency, versatility, and cost effectiveness we face the potential for harm, death, and destructiveness. In such a marketplace, creating, exchanging, and integrating components that are trustworthy as well as entering into value-chain relationships with trustworthy partners and service suppliers will be common if we can provide a method for explicitly defining what is meant by the word trustworthy. The approach being pursued by these groups for applying Software Assurance to these systems and their Supply Chains by leveraging Structured Assurance Cases (the focus of this paper), Software Bill of Materials, and secure development practices applied to the evolving Agile and DevSecOps methodologies, is to explicitly identify the detailed requirements ``about what we need to know about something for it to be worthy of our trust'' and to do that in a way that we can convey that basis of trust to others that: can scale; is consistent within different workflows; is flexible to differing sets of hazards and environments; and is applicable to all sectors, domains, and industries.
2021-01-11
Bhat, P., Batakurki, M., Chari, M..  2020.  Classifier with Deep Deviation Detection in PoE-IoT Devices. 2020 IEEE International Conference on Electronics, Computing and Communication Technologies (CONECCT). :1–3.
With the rapid growth in diversity of PoE-IoT devices and concept of "Edge intelligence", PoE-IoT security and behavior analysis is the major concern. These PoE-IoT devices lack visibility when the entire network infrastructure is taken into account. The IoT devices are prone to have design faults in their security capabilities. The entire network may be put to risk by attacks on vulnerable IoT devices or malware might get introduced into IoT devices even by routine operations such as firmware upgrade. There have been various approaches based on machine learning(ML) to classify PoE-IoT devices based on network traffic characteristics such as Deep Packet Inspection(DPI). In this paper, we propose a novel method for PoE-IoT classification where ML algorithm, Decision Tree is used. In addition to classification, this method provides useful insights to the network deployment, based on the deviations detected. These insights can further be used for shaping policies, troubleshooting and behavior analysis of PoE-IoT devices.
2022-10-20
Jain, Arpit, Jat, Dharm Singh.  2020.  An Edge Computing Paradigm for Time-Sensitive Applications. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :798—803.
Edge computing (EC) is a new developing computing technology where data are collected, and analysed nearer to the edge or sources of the data. Cloud to the edge, intelligent applications and analytics are part of the IoT applications and technology. Edge computing technology aims to bring cloud computing features near to edge devices. For time-sensitive applications in cloud computing, architecture massive volume of data is generated at the edge and stored and analysed in the cloud. Cloud infrastructure is a composition of data centres and large-scale networks, which provides reliable services to users. Traditional cloud computing is inefficient due to delay in response, network delay and congestion as simultaneous transactions to the cloud, which is a centralised system. This paper presents a literature review on cloud-based edge computing technologies for delay-sensitive applications and suggests a conceptual model of edge computing architecture. Further, the paper also presents the implementation of QoS support edge computing paradigm in Python for further research to improve the latency and throughput for time-sensitive applications.
2020-10-23
Weicheng Wang, Fabrizio Cicala, Syed Rafiul Hussain, Elisa Bertino, Ninghui Li.  2020.  Analyzing the Attack Landscape of Zigbee-Enabled IoT Systems and Reinstating Users' Privacy. 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. :133–143.

Zigbee network security relies on symmetric cryptography based on a pre-shared secret. In the current Zigbee protocol, the network coordinator creates a network key while establishing a network. The coordinator then shares the network key securely, encrypted under the pre-shared secret, with devices joining the network to ensure the security of future communications among devices through the network key. The pre-shared secret, therefore, needs to be installed in millions or more devices prior to deployment, and thus will be inevitably leaked, enabling attackers to compromise the confidentiality and integrity of the network. To improve the security of Zigbee networks, we propose a new certificate-less Zigbee joining protocol that leverages low-cost public-key primitives. The new protocol has two components. The first is to integrate Elliptic Curve Diffie-Hellman key exchange into the existing association request/response messages, and to use this key both for link-to-link communication and for encryption of the network key to enhance privacy of user devices. The second is to improve the security of the installation code, a new joining method introduced in Zigbee 3.0 for enhanced security, by using public key encryption. We analyze the security of our proposed protocol using the formal verification methods provided by ProVerif, and evaluate the efficiency and effectiveness of our solution with a prototype built with open source software and hardware stack. The new protocol does not introduce extra messages and the overhead is as lows as 3.8% on average for the join procedure.

2020-12-17
Sun, P., Garcia, L., Salles-Loustau, G., Zonouz, S..  2020.  Hybrid Firmware Analysis for Known Mobile and IoT Security Vulnerabilities. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :373—384.

Mobile and IoT operating systems–and their ensuing software updates–are usually distributed as binary files. Given that these binary files are commonly closed source, users or businesses who want to assess the security of the software need to rely on reverse engineering. Further, verifying the correct application of the latest software patches in a given binary is an open problem. The regular application of software patches is a central pillar for improving mobile and IoT device security. This requires developers, integrators, and vendors to propagate patches to all affected devices in a timely and coordinated fashion. In practice, vendors follow different and sometimes improper security update agendas for both mobile and IoT products. Moreover, previous studies revealed the existence of a hidden patch gap: several vendors falsely reported that they patched vulnerabilities. Therefore, techniques to verify whether vulnerabilities have been patched or not in a given binary are essential. Deep learning approaches have shown to be promising for static binary analyses with respect to inferring binary similarity as well as vulnerability detection. However, these approaches fail to capture the dynamic behavior of these systems, and, as a result, they may inundate the analysis with false positives when performing vulnerability discovery in the wild. In particular, they cannot capture the fine-grained characteristics necessary to distinguish whether a vulnerability has been patched or not. In this paper, we present PATCHECKO, a vulnerability and patch presence detection framework for executable binaries. PATCHECKO relies on a hybrid, cross-platform binary code similarity analysis that combines deep learning-based static binary analysis with dynamic binary analysis. PATCHECKO does not require access to the source code of the target binary nor that of vulnerable functions. We evaluate PATCHECKO on the most recent Google Pixel 2 smartphone and the Android Things IoT firmware images, within which 25 known CVE vulnerabilities have been previously reported and patched. Our deep learning model shows a vulnerability detection accuracy of over 93%. We further prune the candidates found by the deep learning stage–which includes false positives–via dynamic binary analysis. Consequently, PATCHECKO successfully identifies the correct matches among the candidate functions in the top 3 ranked outcomes 100% of the time. Furthermore, PATCHECKO's differential engine distinguishes between functions that are still vulnerable and those that are patched with an accuracy of 96%.

2021-08-18
Al-Aali, Yousuf, Boussakta, Said.  2020.  Lightweight block ciphers for resource-constrained devices. 2020 12th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP). :1—6.
Lightweight cryptography is a new branch of cryptography focused on providing security to resource-constraint devices such as wireless sensor networks (WSN), Radio-Frequency Identification (RFIDs) and other embedded systems. The factors considered in lightweight cryptography are mainly circuit area, memory requirement, processing time, latency, power, and energy consumption. This paper presents a discussion on common lightweight block ciphers in terms of different performance parameters, strength, design trends, limitations, and applications including the National Institute of Science and Technology (NIST) round 1 and 2 candidates. Analysis of these lightweight algorithms has offered an insight into this newly emerging field of cryptography.
2022-10-16
Arfaoui, Amel, Kribeche, Ali, Senouci, Sidi Mohammed.  2020.  Cooperative MIMO for Adaptive Physical Layer Security in WBAN. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1–7.
Internet of Things (IoT) is becoming an emerging paradigm to provide pervasive connectivity where “anything“ can be connected “anywhere” at “anytime” via massive deployment of physical objects like sensors, controllers, and actuators. However, the open nature of wireless communications and the energy constraint of the IoT devices impose strong security concerns. In this context, traditional cryptographic techniques may not be suitable in such a resource-constrained network. To address this problem, an effective security solution that ensures a trade-off between security effectiveness and energy efficiency is required. In this paper, we exploit cooperative transmission between sensor nodes in IoT for e-Health application, as a promising technique to enhance the physical layer security of wireless communications in terms of secrecy capacity while considering the resource-impoverished devices. Specifically, we propose a dynamic and cooperative virtual multiple-input and multiple-output (MIMO) configuration approach based on game theory to preserve the confidentiality of the transmitted messages with high energy savings. For this purpose, we model the physical layer security cooperation problem as a non-transferable coalition formation game. The set of cooperative devices form a virtual dynamically-configured MIMO network that is able to securely and efficiently transmit data to the destination. Simulation results show that the proposed game-based virtual MIMO configuration approach can improve the average secrecy capacity per device as well as the network lifetime compared to non-cooperative transmission.
2020-12-21
Seliem, M., Elgazzar, K..  2020.  LPA-SDP: A Lightweight Privacy-Aware Service Discovery Protocol for IoT Environments. 2020 IEEE 6th World Forum on Internet of Things (WF-IoT). :1–7.
Latest forecasts show that 50 billion devices will be connected to the Internet by 2020. These devices will provide ubiquitous data access and enable smarter interactions in all aspects of our everyday life, including vital domains such as healthcare and battlefields, where privacy is a key requirement. With the increasing adoption of IoT and the explosion of these resource-constrained devices, manual discovery and configuration become significantly challenging. Despite there is a number of resource discovery protocols that can be efficiently used in IoT deployments, none of these protocols provides any privacy consideration. This paper presents LPA-SDT, a novel technique for service discovery that builds privacy into the design from the ground up. Performance evaluation demonstrates that LPA-SDT outperforms state-of-the-art discovery techniques for resource-constrained environments while preserving user and data privacy.
2021-01-18
Sebbah, A., Kadri, B..  2020.  A Privacy and Authentication Scheme for IoT Environments Using ECC and Fuzzy Extractor. 2020 International Conference on Intelligent Systems and Computer Vision (ISCV). :1–5.
The internet of things (IoT) is consisting of many complementary elements which have their own specificities and capacities. These elements are gaining new application and use cases in our lives. Nevertheless, they open a negative horizon of security and privacy issues which must be treated delicately before the deployment of any IoT. Recently, different works emerged dealing with the same branch of issues, like the work of Yuwen Chen et al. that is called LightPriAuth. LightPriAuth has several drawbacks and weakness against various popular attacks such as Insider attack and stolen smart card. Our objective in this paper is to propose a novel solution which is “authentication scheme with three factor using ECC and fuzzy extractor” to ensure security and privacy. The obtained results had proven the superiority of our scheme's performances compared to that of LightPriAuth which, additionally, had defeated the weaknesses left by LightPriAuth.
2021-11-30
Akhras, Raphaelle, El-Hajj, Wassim, Majdalani, Michel, Hajj, Hazem, Jabr, Rabih, Shaban, Khaled.  2020.  Securing Smart Grid Communication Using Ethereum Smart Contracts. 2020 International Wireless Communications and Mobile Computing (IWCMC). :1672–1678.
Smart grids are being continually adopted as a replacement of the traditional power grid systems to ensure safe, efficient, and cost-effective power distribution. The smart grid is a heterogeneous communication network made up of various devices such as smart meters, automation, and emerging technologies interacting with each other. As a result, the smart grid inherits most of the security vulnerabilities of cyber systems, putting the smart grid at risk of cyber-attacks. To secure the communication between smart grid entities, namely the smart meters and the utility, we propose in this paper a communication infrastructure built on top of a blockchain network, specifically Ethereum. All two-way communication between the smart meters and the utility is assumed to be transactions governed by smart contracts. Smart contracts are designed in such a way to ensure that each smart meter is authentic and each smart meter reading is reported securely and privately. We present a simulation of a sample smart grid and report all the costs incurred from building such a grid. The simulations illustrate the feasibility and security of the proposed architecture. They also point to weaknesses that must be addressed, such as scalability and cost.
2021-08-12
Shin, Sanggyu, Seto, Yoichi.  2020.  Development of IoT Security Exercise Contents for Cyber Security Exercise System. 2020 13th International Conference on Human System Interaction (HSI). :1—6.
In this paper, we discuss the development of the IoT security exercise content and the implementation of it to the CyExec. While the Internet of Things (IoT) devices are becoming more popular, vulnerability countermeasures are insufficient, and many incidents have occurred. It is because there is insufficient protection against vulnerabilities specific to IoT equipment. Also, the developers and users have low awareness of IoT devices against vulnerabilities from the past. Therefore, the importance of security education on IoT devices is increasing. However, the enormous burden of introduction and operation costs limited the use of commercial cybersecurity exercise systems. CyExec (Cyber Security Exercise System), consisting of a virtual environment using VirtualBox and Docker, is a low-cost and flexible cybersecurity exercise system, which we have proposed for the dissemination of security education. And the content of the exercises for CyExec is composed of the Basic exercises and Applied exercises.
Weissman, David.  2020.  IoT Security Using Deception – Measuring Improved Risk Posture. 2020 IEEE 6th World Forum on Internet of Things (WF-IoT). :1—2.
Deception technology is a useful approach to improve the security posture of IoT systems. The deployment of replication techniques as a deception tactic is presented with a summary of our research progress towards quantifying the defensive improvement as part of overall risk management considerations.