Biblio

Found 485 results

Filters: Keyword is IoT  [Clear All Filters]
2020-03-09
Nadir, Ibrahim, Ahmad, Zafeer, Mahmood, Haroon, Asadullah Shah, Ghalib, Shahzad, Farrukh, Umair, Muhammad, Khan, Hassam, Gulzar, Usman.  2019.  An Auditing Framework for Vulnerability Analysis of IoT System. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :39–47.
Introduction of IoT is a big step towards the convergence of physical and virtual world as everyday objects are connected to the internet nowadays. But due to its diversity and resource constraint nature, the security of these devices in the real world has become a major challenge. Although a number of security frameworks have been suggested to ensure the security of IoT devices, frameworks for auditing this security are rare. We propose an open-source framework to audit the security of IoT devices covering hardware, firmware and communication vulnerabilities. Using existing open-source tools, we formulate a modular approach towards the implementation of the proposed framework. Standout features in the suggested framework are its modular design, extensibility, scalability, tools integration and primarily autonomous nature. The principal focus of the framework is to automate the process of auditing. The paper further mentions some tools that can be incorporated in different modules of the framework. Finally, we validate the feasibility of our framework by auditing an IoT device using proposed toolchain.
2020-09-04
Carpentier, Eleonore, Thomasset, Corentin, Briffaut, Jeremy.  2019.  Bridging The Gap: Data Exfiltration In Highly Secured Environments Using Bluetooth IoTs. 2019 IEEE 37th International Conference on Computer Design (ICCD). :297—300.
IoT devices introduce unprecedented threats into home and professional networks. As they fail to adhere to security best practices, they are broadly exploited by malicious actors to build botnets or steal sensitive information. Their adoption challenges established security standard as classic security measures are often inappropriate to secure them. This is even more problematic in sensitive environments where the presence of insecure IoTs can be exploited to bypass strict security policies. In this paper, we demonstrate an attack against a highly secured network using a Bluetooth smart bulb. This attack allows a malicious actor to take advantage of a smart bulb to exfiltrate data from an air gapped network.
2020-02-10
Bansal, Bhawana, Sharma, Monika.  2019.  Client-Side Verification Framework for Offline Architecture of IoT. 2019 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA). :1044–1050.
Internet of things is a network formed between two or more devices through internet which helps in sharing data and resources. IoT is present everywhere and lot of applications in our day-to-day life such as smart homes, smart grid system which helps in reducing energy consumption, smart garbage collection to make cities clean, smart cities etc. It has some limitations too such as concerns of security of the network and the cost of installations of the devices. There have been many researches proposed various method in improving the IoT systems. In this paper, we have discussed about the scope and limitations of IoT in various fields and we have also proposed a technique to secure offline architecture of IoT.
2020-08-28
Malik, Vinita, Singh, Sukhdip.  2019.  Cloud, Big Data IoT: Risk Management. 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon). :258—262.
The heart of research pumps for analyzing risks in today's competitive business environment where big, massive computations are performed on interconnected devices pervasively. Advanced computing environments i.e. Cloud, big data and Internet of things are taken under consideration for finding and analyzing business risks developed from evolutionary, interoperable and digital devices communications with massive volume of data generated. Various risks in advanced computational environment have been identified in this research and are provided with risks mitigation strategies. We have also focused on how risk management affects these environments and how that effect can be mitigated for software and business quality improvement.
2020-01-13
Li, Nan, Varadharajan, Vijay, Nepal, Surya.  2019.  Context-Aware Trust Management System for IoT Applications with Multiple Domains. 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS). :1138–1148.
The Internet of Things (IoT) provides connectivity between heterogeneous devices in different applications, such as smart wildlife, supply chain and traffic management. Trust management system (TMS) assesses the trustworthiness of service with respect to its quality. Under different context information, a service provider may be trusted in one context but not in another. The existing context-aware trust models usually store trust values under different contexts and search the closest (to a given context) record to evaluate the trustworthiness of a service. However, it is not suitable for distributed resource-constrained IoT devices which have small memory and low power. Reputation systems are applied in many trust models where trustor obtains recommendations from others. In context-based trust evaluation, it requires interactive queries to find relevant information from remote devices. The communication overhead and energy consumption are issues in low power networks like 6LoWPAN. In this paper, we propose a new context-aware trust model for lightweight IoT devices. The proposed model provides a trustworthiness overview of a service provider without storing past behavior records, that is, constant size storage. The proposed model allows a trustor to decide the significance of context items. This could result in distinctive decisions under the same trustworthiness record. We also show the performance of the proposed model under different attacks.
2020-09-11
Prokofiev, Anton O., Smirnova, Yulia S..  2019.  Counteraction against Internet of Things Botnets in Private Networks. 2019 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :301—305.
This article focuses on problems related to detection and prevention of botnet threats in private Internet of Things (IoT) networks. Actual data about IoT botnets activity on the Internet is provided in the paper. Results of analysis of widespread botnets, as well as key characteristics of botnet behavior and activity on IoT devices are also provided. Features of private IoT networks are determined. The paper provides architectural features as well as functioning principles of software systems for botnet prevention in private networks. Recommendations for process of interaction between such system and a user are suggested. Suggestions for future development of the approach are formulated.
2020-09-28
Chertchom, Prajak, Tanimoto, Shigeaki, Konosu, Tsutomu, Iwashita, Motoi, Kobayashi, Toru, Sato, Hiroyuki, Kanai, Atsushi.  2019.  Data Management Portfolio for Improvement of Privacy in Fog-to-cloud Computing Systems. 2019 8th International Congress on Advanced Applied Informatics (IIAI-AAI). :884–889.
With the challenge of the vast amount of data generated by devices at the edge of networks, new architecture needs a well-established data service model that accounts for privacy concerns. This paper presents an architecture of data transmission and a data portfolio with privacy for fog-to-cloud (DPPforF2C). We would like to propose a practical data model with privacy from a digitalized information perspective at fog nodes. In addition, we also propose an architecture for implicating the privacy of DPPforF2C used in fog computing. Technically, we design a data portfolio based on the Message Queuing Telemetry Transport (MQTT) and the Advanced Message Queuing Protocol (AMQP). We aim to propose sample data models with privacy architecture because there are some differences in the data obtained from IoT devices and sensors. Thus, we propose an architecture with the privacy of DPPforF2C for publishing data from edge devices to fog and to cloud servers that could be applied to fog architecture in the future.
2020-12-07
Xu, M., Huber, M., Sun, Z., England, P., Peinado, M., Lee, S., Marochko, A., Mattoon, D., Spiger, R., Thom, S..  2019.  Dominance as a New Trusted Computing Primitive for the Internet of Things. 2019 IEEE Symposium on Security and Privacy (SP). :1415–1430.
The Internet of Things (IoT) is rapidly emerging as one of the dominant computing paradigms of this decade. Applications range from in-home entertainment to large-scale industrial deployments such as controlling assembly lines and monitoring traffic. While IoT devices are in many respects similar to traditional computers, user expectations and deployment scenarios as well as cost and hardware constraints are sufficiently different to create new security challenges as well as new opportunities. This is especially true for large-scale IoT deployments in which a central entity deploys and controls a large number of IoT devices with minimal human interaction. Like traditional computers, IoT devices are subject to attack and compromise. Large IoT deployments consisting of many nearly identical devices are especially attractive targets. At the same time, recovery from root compromise by conventional means becomes costly and slow, even more so if the devices are dispersed over a large geographical area. In the worst case, technicians have to travel to all devices and manually recover them. Data center solutions such as the Intelligent Platform Management Interface (IPMI) which rely on separate service processors and network connections are not only not supported by existing IoT hardware, but are unlikely to be in the foreseeable future due to the cost constraints of mainstream IoT devices. This paper presents CIDER, a system that can recover IoT devices within a short amount of time, even if attackers have taken root control of every device in a large deployment. The recovery requires minimal manual intervention. After the administrator has identified the compromise and produced an updated firmware image, he/she can instruct CIDER to force the devices to reset and to install the patched firmware on the devices. We demonstrate the universality and practicality of CIDER by implementing it on three popular IoT platforms (HummingBoard Edge, Raspberry Pi Compute Module 3 and Nucleo-L476RG) spanning the range from high to low end. Our evaluation shows that the performance overhead of CIDER is generally negligible.
2020-08-07
Nawaz, A., Gia, T. N., Queralta, J. Peña, Westerlund, T..  2019.  Edge AI and Blockchain for Privacy-Critical and Data-Sensitive Applications. 2019 Twelfth International Conference on Mobile Computing and Ubiquitous Network (ICMU). :1—2.
The edge and fog computing paradigms enable more responsive and smarter systems without relying on cloud servers for data processing and storage. This reduces network load as well as latency. Nonetheless, the addition of new layers in the network architecture increases the number of security vulnerabilities. In privacy-critical systems, the appearance of new vulnerabilities is more significant. To cope with this issue, we propose and implement an Ethereum Blockchain based architecture with edge artificial intelligence to analyze data at the edge of the network and keep track of the parties that access the results of the analysis, which are stored in distributed databases.
2020-02-17
Hassan, Mehmood, Mansoor, Khwaja, Tahir, Shahzaib, Iqbal, Waseem.  2019.  Enhanced Lightweight Cloud-assisted Mutual Authentication Scheme for Wearable Devices. 2019 International Conference on Applied and Engineering Mathematics (ICAEM). :62–67.
With the emergence of IoT, wearable devices are drawing attention and becoming part of our daily life. These wearable devices collect private information about their wearers. Mostly, a secure authentication process is used to verify a legitimate user that relies on the mobile terminal. Similarly, remote cloud services are used for verification and authentication of both wearable devices and wearers. Security is necessary to preserve the privacy of users. Some traditional authentication protocols are proposed which have vulnerabilities and are prone to different attacks like forgery, de-synchronization, and un-traceability issues. To address these vulnerabilities, recently, Wu et al. (2017) proposed a cloud-assisted authentication scheme which is costly in terms of computations required. Therefore this paper proposed an improved, lightweight and computationally efficient authentication scheme for wearable devices. The proposed scheme provides similar level of security as compared to Wu's (2017) scheme but requires 41.2% lesser computations.
2020-01-13
Vasilev, Rusen Vasilev, Haka, Aydan Mehmed.  2019.  Enhanced Simulation Framework for Realisation of Mobility in 6LoWPAN Wireless Sensor Networks. 2019 IEEE XXVIII International Scientific Conference Electronics (ET). :1–4.
The intense incursion of the Internet of Things (IoT) into all areas of modern life has led to a need for a more detailed study of these technologies and their mechanisms of work. It is necessary to study mechanisms in order to improve QoS, security, identifying shortest routes, mobility, etc. This paper proposes an enhanced simulation framework that implements an improved mechanism for prioritising traffic on 6LoWPAN networks and the realisation of micro-mobility.
2020-11-16
Hagan, M., Siddiqui, F., Sezer, S..  2019.  Enhancing Security and Privacy of Next-Generation Edge Computing Technologies. 2019 17th International Conference on Privacy, Security and Trust (PST). :1–5.
The advent of high performance fog and edge computing and high bandwidth connectivity has brought about changes to Internet-of-Things (IoT) service architectures, allowing for greater quantities of high quality information to be extracted from their environments to be processed. However, recently introduced international regulations, along with heightened awareness among consumers, have strengthened requirements to ensure data security, with significant financial and reputational penalties for organisations who fail to protect customers' data. This paper proposes the leveraging of fog and edge computing to facilitate processing of confidential user data, to reduce the quantity and availability of raw confidential data at various levels of the IoT architecture. This ultimately reduces attack surface area, however it also increases efficiency of the architecture by distributing processing amongst nodes and transmitting only processed data. However, such an approach is vulnerable to device level attacks. To approach this issue, a proposed System Security Manager is used to continuously monitor system resources and ensure confidential data is confined only to parts of the device that require it. In event of an attack, critical data can be isolated and the system informed, to prevent data confidentiality breach.
2020-08-10
Uddin, Mostafa, Nadeem, Tamer, Nukavarapu, Santosh.  2019.  Extreme SDN Framework for IoT and Mobile Applications Flexible Privacy at the Edge. 2019 IEEE International Conference on Pervasive Computing and Communications (PerCom. :1–11.
With the current significant penetration of mobile devices (i.e. smartphones and tablets) and the tremendous increase in the number of the corresponding mobile applications, they have become an indispensable part of our lives. Nowadays, there is a significant growth in the number of sensitive applications such as personal health applications, personal financial applications, home monitoring applications, etc. In addition, with the significant growth of Internet-of-Things (IoT) devices, smartphones and the corresponding applications are widely considered as the Internet gateways for these devices. Mobile devices mostly use wireless LANs (WLANs) (i.e., WiFi networks) as the prominent network interface to the Internet. However, due to the broadcast nature of WiFi links, wireless traffics are exposed to any eavesdropping adversary within the WLAN. Despite WiFi encryption, studies show that application usage information could be inferred from the encrypted wireless traffic. The leakage of this sensitive information is very serious issue that will significantly impact users' privacy and security. In addressing this privacy concern, we design and develop a lightweight programmable privacy framework, called PrivacyGuard. PrivacyGuard is inspired by the vision of pushing the Software Defined Network (SDN)-like paradigm all the way to wireless network edge, is designed to support of adopting privacy preserving policies to protect the wireless communication of the sensitive applications. In this paper, we demonstrate and evaluate a prototype of PrivacyGuard framework on Android devices showing the flexibility and efficiency of the framework.
2020-02-24
Ahmadi-Assalemi, Gabriela, al-Khateeb, Haider M., Epiphaniou, Gregory, Cosson, Jon, Jahankhani, Hamid, Pillai, Prashant.  2019.  Federated Blockchain-Based Tracking and Liability Attribution Framework for Employees and Cyber-Physical Objects in a Smart Workplace. 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3). :1–9.
The systematic integration of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) into the supply chain to increase operational efficiency and quality has also introduced new complexities to the threat landscape. The myriad of sensors could increase data collection capabilities for businesses to facilitate process automation aided by Artificial Intelligence (AI) but without adopting an appropriate Security-by-Design framework, threat detection and response are destined to fail. The emerging concept of Smart Workplace incorporates many CPS (e.g. Robots and Drones) to execute tasks alongside Employees both of which can be exploited as Insider Threats. We introduce and discuss forensic-readiness, liability attribution and the ability to track moving Smart SPS Objects to support modern Digital Forensics and Incident Response (DFIR) within a defence-in-depth strategy. We present a framework to facilitate the tracking of object behaviour within Smart Controlled Business Environments (SCBE) to support resilience by enabling proactive insider threat detection. Several components of the framework were piloted in a company to discuss a real-life case study and demonstrate anomaly detection and the emerging of behavioural patterns according to objects' movement with relation to their job role, workspace position and nearest entry or exit. The empirical data was collected from a Bluetooth-based Proximity Monitoring Solution. Furthermore, a key strength of the framework is a federated Blockchain (BC) model to achieve forensic-readiness by establishing a digital Chain-of-Custody (CoC) and a collaborative environment for CPS to qualify as Digital Witnesses (DW) to support post-incident investigations.
2020-09-04
Kumar, M Ashok, Radhesyam, V., SrinivasaRao, B.  2019.  Front-End IoT Application for the Bitcoin based on Proof of Elapsed Time (PoET). 2019 Third International Conference on Inventive Systems and Control (ICISC). :646—649.
There are some registry agreements that may be appropriate for the Internet of Things (IoT), including Bitcoin, Hyperledger Fabric and IOTA. This article presents quickly and examines them in terms of the progress of Internet applications. Block-dependent IoT applications can consolidate the chain's rationale (smart contracts) and front-end, portable or front-end web applications. We present three possible designs for BC IoT front-end applications. They vary depending on the Bitcoin block chain customer (neighborhood gadget, remote server) and the key location needed to manage active exchanges. The vital requirements of these projects, which use Bitcoin to organize constructive exchanges, are the volumes of information, the area and time of the complete block and block block, and the entry of the Bitcoin store. The implications of these surveys show that it is unlikely that a full Bitcoin distributor will continue to operate reliably with a mandatory IoT gadget. Then, designing with remote Bitcoin customers is, in all respects, a suitable methodology in which there are two minor alternatives and vary in key storage / management. Similarly, we recommend using the design with a unique match between the IoT gadget and the remote blockchain client to reduce system activity and improve security. We hope you also have the ability to operate with versatile verses with low control and low productivity. Our review eliminates the contradictions between synthesis methodologies, but the final choice for a particular registration agreement and the original technique completely depends on the proposed use case.
2020-11-30
Georgakopoulos, D..  2019.  A Global IoT Device Discovery and Integration Vision. 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC). :214–221.
This paper presents the vision of establishing a global service for Global IoT Device Discovery and Integration (GIDDI). The establishment of a GIDDI will: (1) make IoT application development more efficient and cost-effective via enabling sharing and reuse of existing IoT devices owned and maintained by different providers, and (2) promote deployment of new IoT devices supported by a revenue generation scheme for their providers. More specifically, this paper proposes a distributed IoT blockchain ledger that is specifically designed for managing the metadata needed to describe IoT devices and the data they produce. This GIDDI Blockchain is Internet-owned (i.e., it is not controlled by any individual or organization) and is Internet-scaled (i.e., it can support the discovery and reuse billions of IoT devices). The paper also proposes a GIDDI Marketplace that provides the functionality needed for IoT device registration, query, integration, payment and security via the proposed GIDDI Blockchain. We outline the GIDDI Blockchain and Marketplace implementation. We also discuss ongoing research for automatically mining the IoT Device metadata needed for IoT Device query and integration from the data produce. This significantly reduces the need for IoT device providers to supply the metadata descriptions the devices and the data they produce during the registration of IoT Devices in the GIDDI Blockchain.
2020-01-13
Gopaluni, Jitendra, Unwala, Ishaq, Lu, Jiang, Yang, Xiaokun.  2019.  Graphical User Interface for OpenThread. 2019 IEEE 16th International Conference on Smart Cities: Improving Quality of Life Using ICT IoT and AI (HONET-ICT). :235–237.
This paper presents an implementation of a Graphical User Interface (GUI) for the OpenThread software. OpenThread is a software package for Thread. Thread is a networking protocol for Internet of Things (IoT) designed for home automation. OpenThread package was released by Nest Labs as an open source implementation of the Thread specification v1.1.1. The OpenThread includes IPv6, 6LoWPAN, IEEE 802.15.4 with MAC security, Mesh Link Establishment, and Mesh Routing. OpenThread includes all Thread supported device types and supports both SOC and NCP implementations. OpenThread runs on Linux and allows the users to use it as a simulator with a command line interface. This research is focused on adding a Graphical User Interface (GUI) to the OpenThread. The GUI package is implemented in TCL/Tk (Tool Control Language). OpenThread with a GUI makes working with OpenThread much easier for researchers and students. The GUI also makes it easier to visualize the Thread network and its operations.
2020-09-28
Kandah, Farah, Cancelleri, Joseph, Reising, Donald, Altarawneh, Amani, Skjellum, Anthony.  2019.  A Hardware-Software Codesign Approach to Identity, Trust, and Resilience for IoT/CPS at Scale. 2019 International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). :1125–1134.
Advancement in communication technologies and the Internet of Things (IoT) is driving adoption in smart cities that aims to increase operational efficiency and improve the quality of services and citizen welfare, among other potential benefits. The privacy, reliability, and integrity of communications must be ensured so that actions can be appropriate, safe, accurate, and implemented promptly after receiving actionable information. In this work, we present a multi-tier methodology consisting of an authentication and trust-building/distribution framework designed to ensure the safety and validity of the information exchanged in the system. Blockchain protocols and Radio Frequency-Distinct Native Attributes (RF-DNA) combine to provide a hardware-software codesigned system for enhanced device identity and overall system trustworthiness. Our threat model accounts for counterfeiting, breakout fraud, and bad mouthing of one entity by others. Entity trust (e.g., IoT devices) depends on quality and level of participation, quality of messages, lifetime of a given entity in the system, and the number of known "bad" (non-consensus) messages sent by that entity. Based on this approach to trust, we are able to adjust trust upward and downward as a function of real-time and past behavior, providing other participants with a trust value upon which to judge information from and interactions with the given entity. This approach thereby reduces the potential for manipulation of an IoT system by a bad or byzantine actor.
2020-03-27
Cabrini, Fábio H., de Barros Castro Filho, Albérico, Filho, Filippo V., Kofuji, Sergio T., Moura, Angelo Rafael Lunardelli Pucci.  2019.  Helix SandBox: An Open Platform to Fast Prototype Smart Environments Applications. 2019 IEEE 1st Sustainable Cities Latin America Conference (SCLA). :1–6.
This paper presents the Helix SandBox, an open platform for quick prototyping of smart environment applications. Its architecture was designed to be a lightweight solution that aimed to simplify the instance integration and setup of the main Generic Enablers provided in the FIWARE architecture. As a Powered by FIWARE platform, the SandBox operates with the NGSI standard for interoperability between systems. The platform offers a container-based multicloud architecture capable of running in public, private and bare metal clouds or even in the leading hypervisors available. This paper also proposes a multi-layered architecture capable of integrates the cloud, fog, edge and IoT layers through the federation concept. Lastly, we present two Smart Cities applications conducted in the form of Proof of Concept (PoC) that use the Helix SandBox platform as back-end.
2020-01-21
Saadeh, Huda, Almobaideen, Wesam, Sabri, Khair Eddin, Saadeh, Maha.  2019.  Hybrid SDN-ICN Architecture Design for the Internet of Things. 2019 Sixth International Conference on Software Defined Systems (SDS). :96–101.
Internet of Things (IoT) impacts the current network with many challenges due to the variation, heterogeneity of its devices and running technologies. For those reasons, monitoring and controlling network efficiently can rise the performance of the network and adapts network techniques according to environment measurements. This paper proposes a new privacy aware-IoT architecture that combines the benefits of both Information Centric Network (ICN) and Software Defined Network (SDN) paradigms. In this architecture controlling functionalities are distributed over multiple planes: operational plane which is considered as smart ICN data plane with Controllers that control local clusters, tactical plane which is an Edge environment to take controlling decisions based on small number of clusters, and strategic plane which is a cloud controlling environment to make long-term decision that affects the whole network. Deployment options of this architecture is discussed and SDN enhancement due to in-network caching is evaluated.
2020-06-15
ALshukri, Dawoud, R, Vidhya Lavanya, P, Sumesh E, Krishnan, Pooja.  2019.  Intelligent Border Security Intrusion Detection using IoT and Embedded systems. 2019 4th MEC International Conference on Big Data and Smart City (ICBDSC). :1–3.
Border areas are generally considered as places where great deal of violence, intrusion and cohesion between several parties happens. This often led to danger for the life of employees, soldiers and common man working or living in border areas. Further geographical conditions like mountains, snow, forest, deserts, harsh weather and water bodies often lead to difficult access and monitoring of border areas. Proposed system uses thermal imaging camera (FLIR) for detection of various objects and infiltrators. FLIR is assigned an IP address and connected through local network to the control center. Software code captures video and subsequently the intrusion detection. A motor controlled spotlight with infrared and laser gun is used to illuminate under various conditions at the site. System also integrates sound sensor to detect specific sounds and motion sensors to sense suspicious movements. Based on the decision, a buzzer and electric current through fence for further protection can be initiated. Sensors are be integrated through IoT for an efficient control of large border area and connectivity between sites.
2020-02-17
Nouichi, Douae, Abdelsalam, Mohamed, Nasir, Qassim, Abbas, Sohail.  2019.  IoT Devices Security Using RF Fingerprinting. 2019 Advances in Science and Engineering Technology International Conferences (ASET). :1–7.
Internet of Things (IoT) devices industry is rapidly growing, with an accelerated increase in the list of manufacturers offering a wide range of smart devices selected to enhance end-users' standard of living. Security remains an after-thought in these devices resulting in vulnerabilities. While there exists a cryptographic protocol designed to solve such authentication problem, the computational complexity of cryptographic protocols and scalability problems make almost all cryptography-based authentication protocols impractical for IoT. Wireless RFF (Radio Frequency Fingerprinting) comes as a physical layer-based security authentication method that improves wireless security authentication, which is especially useful for the power and computing limited devices. As a proof-of-concept, this paper proposes a universal SDR (software defined Radio)-based inexpensive implementation intended to sense emitted wireless signals from IoT devices. Our approach is validated by extracting mobile phone signal bursts under different user-dedicated modes. The proposed setup is well adapted to accurately capture signals from different telecommunication standards. To ensure a unique identification of IoT devices, this paper also provides an optimum set of features useful to generate the device identity fingerprint.
2020-10-26
Clincy, Victor, Shahriar, Hossain.  2019.  IoT Malware Analysis. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:920–921.
IoT devices can be used to fulfil many of our daily tasks. IoT could be wearable devices, home appliances, or even light bulbs. With the introduction of this new technology, however, vulnerabilities are being introduced and can be leveraged or exploited by malicious users. One common vehicle of exploitation is malicious software, or malware. Malware can be extremely harmful and compromise the confidentiality, integrity and availability (CIA triad) of information systems. This paper analyzes the types of malware attacks, introduce some mitigation approaches and discusses future challenges.
2020-06-01
da Silva Andrade, Richardson B., Souto Rosa, Nelson.  2019.  MidSecThings: Assurance Solution for Security Smart Homes in IoT. 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE). :171–178.
The interest over building security-based solutions to reduce the vulnerability exploits and mitigate the risks associated with smart homes in IoT is growing. However, our investigation identified to architect and implement distributed security mechanisms is still a challenge because is necessary to handle security and privacy in IoT middleware with a strong focus. Our investigation, it was identified the significant proportion of the systems that did not address security and did not describe the security approach in any meaningful detail. The idea proposed in this work is to provide middleware aim to implement security mechanisms in smart home and contribute as how guide to beginner developers' IoT middleware. The advantages of using MidSecThings are to avoid leakage data, unavailable service, unidentification action and not authorized access over IoT devices in smart home.
2020-02-24
Anand, Shajina, Raja, Gunasekaran, Anand, Gokul, Chauhdary, Sajjad Hussain, Bashir, Ali Kashif.  2019.  Mirage: A Protocol for Decentralized and Secured Communication of IoT Devices. 2019 IEEE 10th Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :1074–1080.
Internet of Things (IoT) is rapidly emerging as the manifestation of the networked society vision. But its centralized architecture will lead to a single point of failure. On the other hand, it will be difficult to handle communications in the near future considering the rapid growth of IoT devices. Along with its popularity, IoT suffers from a lot of vulnerabilities, which IoT developers are constantly working to mitigate. This paper proposes a new protocol called Mirage which can be used for secure and decentralized communication of IoT devices. This protocol is built based on security principles. Out of which Mirage mainly focuses on authentication, integrity, and non-repudiation. In this protocol, devices are authenticated via secret keys known only to the parties involved in the communication. These secret keys are not static and will be constantly changing for every communication. For ensuring integrity, an intermediary is asked to exchange the hash of the messages. As the intermediary nodes are lending their computing and networking powers, they should be rewarded. To ensure non-repudiation, instead of going for trusted third parties, blockchain technology is used. Every node in the network needs to spend a mirage token for sending a message. Mirage tokens will be provided only to those nodes, who help in exchanging the hashes as a reward. In the end, a decentralized network of IoT devices is formed where every node contribute to the security of the network.