Biblio

Latest forecasts show that 50 billion devices will be connected to the Internet by 2020. These devices will provide ubiquitous data access and enable smarter interactions in all aspects of our everyday life, including vital domains such as healthcare and battlefields, where privacy is a key requirement. With the increasing adoption of IoT and the explosion of these resource-constrained devices, manual discovery and configuration become significantly challenging. Despite there is a number of resource discovery protocols that can be efficiently used in IoT deployments, none of these protocols provides any privacy consideration. This paper presents LPA-SDT, a novel technique for service discovery that builds privacy into the design from the ground up. Performance evaluation demonstrates that LPA-SDT outperforms state-of-the-art discovery techniques for resource-constrained environments while preserving user and data privacy.

The Internet of things is an extremely enormous space and still, IoT is spreading over a wide range of zones of development with very fast speed. The IoT is going to create a new world of efficient services. IoT is a collective system consisting of hardware like sensors, Radio Frequency Identification RFID, Bluetooth devices, Near Field Communication (NFC) devices, etc. and software that provides data queries, exchange, repository and exchanges, etc. Security of the IoT network is also a big and important issue of concern. This paper reviews the DDoS attack impact on IoT network and its mitigation methods for IoT in network, also discusses CoAP protocol, RPL protocol and 6LoWPAN network. This paper also represents the security framework to detect and monitor the DDoS attack for low power devices based IoT network.

The IPv6 over Low-power Wireless Personal Area Network (6LoWPAN) has been standardized to support IP over lossy networks. RPL (Routing Protocol for Low-Power and Lossy Networks) is the common routing protocol for 6LoWPAN. Among various attacks on RPL-based networks, the wormhole attack may cause severe network disruption and is one of the hardest to detect. We have designed and implemented in ContikiOS a wormhole detection technique for 6LoWPAN, that uses round-trip times and hop counts. In addition, the performance of this technique has been evaluated in terms of power, CPU, memory, and communication overhead.

In order to the development of IoT, IETF developed a standard named 6LoWPAN for increase the usage of IPv6 to the tiny and smart objects with low power. Generally, the 6LoWPAN radio link needs end to end (e2e) security for its IPv6 communication process. 6LoWPAN requires light weight variant of security solutions in IPSec. A new security approach of 6LoWPAN at adaptation layer to provide e2e security with light weight IPSec. The existing security protocol IPsec is not suitable for its 6LoWPAN IoT environment because it has heavy restrictions on memory, power, duty cycle, additional overhead transmission. The IPSec had packet overhead problem due to share the secret key between two communicating peers by IKE (Internet Key Exchange) protocol. Hence the existing security protocol IPSec solutions are not suitable for lightweight-based security need in 6LoWPAN IoT. This paper describes 6LowPSec protocol with AES-CCM (Cipher block chaining Message authentication code with Counter mode) cryptographic algorithm with key size of 128 bits with minimum power consumption and duty cycle.

Low-power wireless network technology is one of the main key characteristics in communication systems that are needed by the Internet of Things (IoT). Nowadays, the 6LoWPAN standard is one of the communication protocols which has been identified as an important protocol in IoT applications. Networking technology in 6LoWPAN transfer IPv6 packets efficiently in link-layer framework that is well-defined by IEEE 802.14.5 protocol. 6Lo WPAN development is still having problems such as threats and entrust crises. The most important part when developing this new technology is the challenge to secure the network. Data security is viewed as a major consideration in this network communications. Many researchers are working to secure 6LoWPAN communication by analyzing the architecture and network features. 6LoWPAN security weakness or vulnerability is exposed to various forms of network attack. In this paper, the security solutions for 6LoWPAN have been investigated. The requirements of safety in 6LoWPAN are also presented.

The Internet of Things (IoT) integrates the Internet and electronic devices belonging to different domains, such as smart home automation, industrial processes, military applications, health, and environmental monitoring. Usually, IoT devices have limited resources and Low Power and Lossy Networks (LLNs) are being used to interconnect such devices. Routing Protocol for Low-Power and Lossy Networks (RPL) is one of the preferred routing protocols for this type of network, since it was specially developed for LLNs, also known as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN). In this paper the most well-known routing attacks against 6LoWPAN networks were studied and implemented through simulation, conducting a behavioral analysis of network components (resources, topology, and data traffic) under attack condition. In order to achieve a better understanding on how attacks in 6LoWPAN work, we first conducted a study on 6LoWPAN networks and RPL protocol functioning. Furthermore, we also studied a series of well-known routing attacks against this type of Wireless Sensor Networks and these attacks were then simulated using Cooja simulator provided by Contiki operating system. The results obtained after the simulations are discussed along with other previous researches. This analysis may be of real interest when it comes to identify indicators of compromise for each type of attack and appropriate countermeasures for prevention and detection of these attacks.

With the explosive development of big data, it is necessary to sort the data according to their importance or priorities. The sources with different importance levels can be modeled by the multilevel diversity coding systems (MDCS). Another trend in future communication networks, say 5G wireless networks and Internet of Things, is that users may obtain their data from all available sources, even from devices belonging to other users. Then, the privacy of data becomes a crucial issue. In a recent work by Li et al., the secure asymmetric MDCS (S-AMDCS) with wiretap channels was investigated, where the wiretapped messages do not leak any information about the sources (i.e. perfect secrecy). It was shown that superposition (source-separate coding) is not optimal for the general S-AMDCS and the exact full secure rate region was proved for a class of S-AMDCS. In addition, a bound on the key size of the secure rate region was provided as well. As a further step on the SAMDCS problem, this paper mainly focuses on the key size characterization. Specifically, the constraints on the key size of superposition secure rate region are proved and a counterexample is found to show that the bound on the key size of the exact secure rate region provided by Li et al. is not tight. In contrast, tight necessary and sufficient constraints on the secrecy key size of the counterexample, which is the four-encoder S-AMDCS, are proved.

Wireless sensor network (WSN) is a wireless self-organizing multi-hop network that can sense and collect the information of the monitored environment through a certain number of sensor nodes which deployed in a certain area and transmit the collected information to the client. Due to the limited power and data capacity stored by the micro sensor, it is weak in communication with other nodes, data storage and calculation, and is very vulnerable to attack and harm to the entire network. The Sybil attack is a classic example. Sybil attack refers to the attack in which malicious nodes forge multiple node identities to participate in network operation. Malicious attackers can forge multiple node identities to participate in data forwarding. So that the data obtained by the end user without any use value. In this paper, we propose a three-tier detection scheme for the Sybil node in the severe environment. Every sensor node will determine whether they are Sybil nodes through the first-level and second-level high-energy node detection. Finally, the base station determines whether the Sybil node detected by the first two stages is true Sybil node. The simulation results show that our proposed scheme significantly improves network lifetime, and effectively improves the accuracy of Sybil node detection.

Internet of Things (IoT), commonly referred to a physical object connected to network, refers to a paradigm in information technology integrating the advances in terms of sensing, computation and communication to improve the service in daily life. This physical object consists of sensors and actuators that are capable of changing the data to offer the improvement of service quality in daily life. When a data exchange occurs, the exchanged data become sensitive; making them vulnerable to any security attacks, one of which, for example, is Sybil attack. This paper aimed to propose a method of trustworthiness management based upon the authentication and trust value. Once performing the test on three scenarios, the system was found to be capable of detecting the Sybil attack rapidly and accurately. The average of time to detect the Sybil attacks was 9.3287 seconds and the average of time required to detect the intruder object in the system was 18.1029 seconds. The accuracy resulted in each scenario was found 100% indicating that the detection by the system to Sybil attack was 100% accurate.

After the Fukushima nuclear disaster and the Wenchuan earthquake, the relevant government agencies recognized the urgency of disaster-straining robots. There are many natural or man-made disasters in Taiwan, and it is usually impossible to dispatch relevant personnel to search or explore immediately. The project proposes to use the architecture of Intelligent Internet of Things (AIoT) (Artificial Intelligence + Internet of Things) to coordinate with ground, surface and aerial and underwater robots, and apply them to disaster response, ground, surface and aerial and underwater swarm robots to collect environmental big data from the disaster site, and then through the Internet of Things. From the field workstation to the cloud for “training” deep learning model and “model verification”, the trained deep learning model is transmitted to the field workstation via the Internet of Things, and then transmitted to the ground, surface and aerial and underwater swarm robots for on-site continuing objects classification. Continuously verify the “identification” with the environment and make the best decisions for the response. The related tasks include monitoring, search and rescue of the target.

{Static characteristic extraction method Control flow-based features proposed by Ding has the ability to detect malicious code with higher accuracy than traditional Text-based methods. However, this method resolved NP-hard problem in a graph, therefore it is not feasible with the large-size and high-complexity programs. So, we propose the C500-CFG algorithm in Control flow-based features based on the idea of dynamic programming, solving Ding's NP-hard problem in O(N2) time complexity, where N is the number of basic blocks in decom-piled executable codes. Our algorithm is more efficient and more outstanding in detecting malware than Ding's algorithm: fast processing time, allowing processing large files, using less memory and extracting more feature information. Applying our algorithms with IoT data sets gives outstanding results on 2 measures: Accuracy = 99.34%

IoT malware detection using control flow graph (CFG)-based features and deep learning networks are widely explored. The main goal of this study is to investigate the robustness of such models against adversarial learning. We designed two approaches to craft adversarial IoT software: off-the-shelf methods and Graph Embedding and Augmentation (GEA) method. In the off-the-shelf adversarial learning attack methods, we examine eight different adversarial learning methods to force the model to misclassification. The GEA approach aims to preserve the functionality and practicality of the generated adversarial sample through a careful embedding of a benign sample to a malicious one. Intensive experiments are conducted to evaluate the performance of the proposed method, showing that off-the-shelf adversarial attack methods are able to achieve a misclassification rate of 100%. In addition, we observed that the GEA approach is able to misclassify all IoT malware samples as benign. The findings of this work highlight the essential need for more robust detection tools against adversarial learning, including features that are not easy to manipulate, unlike CFG-based features. The implications of the study are quite broad, since the approach challenged in this work is widely used for other applications using graphs.

With the emergence of new digital trends like Internet of Things (IoT), more industry actors and technical committees pursue research in utilising such technologies as they promise a better and optimised management, improved energy efficiency and a better quality living through a wide array of value-added services. However, as sensing, actuation, communication and control become increasingly more sophisticated, such promising data-driven systems generate, process, and exchange larger amounts of security-critical and privacy-sensitive data, which makes them attractive targets of attacks. In turn this affirms the importance of trustworthiness in IoT and emphasises the need of a solid technical and regulatory foundation. The goal of this paper is to first introduce the concept of trustworthiness in IoT, its main pillars namely, security, privacy and data protection, and then analyse the state-of-the-art in research and standardisation for each of these subareas. Throughout the paper, we develop and refer to Unmanned Aerial Vehicles (UAVs) as a promising value-added service example of mobile IoT devices. The paper then presents a thorough gap analysis and concludes with recommendations for future work.

Trust of image sensor data is becoming increasingly important as the Internet of Things (IoT) applications grow from home appliances to surveillance. Up to our knowledge, there exists only one work in literature that estimates trustworthiness of digital images applied to forensic applications, based on a machine learning technique. The efficacy of this technique is heavily dependent on availability of an appropriate training set and adequate variation of IoT sensor data with noise, interference and environmental condition, but availability of such data cannot be assured always. Therefore, to overcome this limitation, a robust method capable of estimating trustworthy measure with high accuracy is needed. Lowering cost of sensors allow many IoT applications to use multiple types of sensors to observe the same event. In such cases, complementary multimodal data of one sensor can be exploited to measure trust level of another sensor data. In this paper, for the first time, we introduce a completely new approach to estimate the trustworthiness of an image sensor data using another sensor's numerical data. We develop a theoretical model using the Dempster-Shafer theory (DST) framework. The efficacy of the proposed model in estimating trust level of an image sensor data is analyzed by observing a fire event using IoT image and temperature sensor data in a residential setup under different scenarios. The proposed model produces highly accurate trust level in all scenarios with authentic and forged image data.

The concept of social networking is integrated into Internet of things (IoT) to socialize smart objects by mimicking human behaviors, leading to a new paradigm of Social Internet of Things (SIoT). A crucial problem that needs to be solved is how to establish reliable relationships autonomously among objects, i.e., building trust. This paper focuses on exploring an efficient context-aware trustworthiness inference framework to address this issue. Based on the sociological and psychological principles of trust generation between human beings, the proposed framework divides trust into two types: familiarity trust and similarity trust. The familiarity trust can be calculated by direct trust and recommendation trust, while the similarity trust can be calculated based on external similarity trust and internal similarity trust. We subsequently present concrete methods for the calculation of different trust elements. In particular, we design a kernel-based nonlinear multivariate grey prediction model to predict the direct trust of a specific object, which acts as the core module of the entire framework. Besides, considering the fuzziness and uncertainty in the concept of trust, we introduce the fuzzy logic method to synthesize these trust elements. The experimental results verify the validity of the core module and the resistance to attacks of this framework.

The growing adoption of IoT devices in our daily life engendered a need for secure systems to safely store and analyze sensitive data as well as the real-time data processing system to be as fast as possible. The cloud services used to store and process sensitive data are often come out to be vulnerable to outside threats. Furthermore, to analyze streaming IoT data swiftly, they are in need of a fast and efficient system. The Paper will envision the aspects of complexity dealing with real time data from various devices in parallel, building solution to ingest data from different IOT devices, forming a secure platform to process data in a short time, and using various techniques of IOT edge computing to provide meaningful intuitive results to users. The paper envisions two modules of building a real time data analytics system. In the first module, we propose to maintain confidentiality and integrity of IoT data, which is of paramount importance, and manage large-scale data analytics with real-time data collection from various IoT devices in parallel. We envision a framework to preserve data privacy utilizing Trusted Execution Environment (TEE) such as Intel SGX, end-to-end data encryption mechanism, and strong access control policies. Moreover, we design a generic framework to simplify the process of collecting and storing heterogeneous data coming from diverse IoT devices. In the second module, we envision a drone-based data processing system in real-time using edge computing and on-device computing. As, we know the use of drones is growing rapidly across many application domains including real-time monitoring, remote sensing, search and rescue, delivery of goods, security and surveillance, civil infrastructure inspection etc. This paper demonstrates the potential drone applications and their challenges discussing current research trends and provide future insights for potential use cases using edge and on-device computing.

Internet of Things is the new paradigm towards which the world is moving today. As these devices proliferate, security issues at these scales become more and more intimidating. Traditional approach like an antivirus does not work well with these devices and there is a need to look for a more trusted solution. For a device with reasonable computational power, we use a software trusted platform module for the cryptographic operations. In this paper, we have developed a model to remotely attest to the integrity of the processes running in the device. We have also explored the various features of the TPM (Trusted Platform Module) to gain insight into its working and also to ascertain those which can make this process better. This model depends on the server and the TPM to behave as roots of trust for this model. The client computes the HMAC (Hashed Message Authentication Code) values and appends a nonce and sends these values periodically to the server via asymmetric encryption. The HMAC values are verified by the server by comparing with its known good values (KGV) and the trustworthiness of the process is determined and accordingly an authorization response is sent.

Nowadays interest in IoT solutions is growing. A significant barrier to the use of these solutions in military applications is to ensure the security of data transmission and authentication of data sources and recipients of the data. Developing an efficient solution to these problems requires finding a compromise between the facts that the sensors often are mobile, use wireless communication, usually have the small processing power and have little energy resources. The article presents the security domain designated for cooperating mobile sensor nodes. The domain has the following features: the strong authentication of each domain member, cryptographic protection of data exchange in the data link layer and protection of data stored in the sensor node resources. The domain is also prepared to perform diagnostic procedures and to exchange sensory data with other domains securely. At each node, the Trusted Platform Module (TPM) is used to support these procedures.

The Internet of Things (IoT) is rapidly emerging as one of the dominant computing paradigms of this decade. Applications range from in-home entertainment to large-scale industrial deployments such as controlling assembly lines and monitoring traffic. While IoT devices are in many respects similar to traditional computers, user expectations and deployment scenarios as well as cost and hardware constraints are sufficiently different to create new security challenges as well as new opportunities. This is especially true for large-scale IoT deployments in which a central entity deploys and controls a large number of IoT devices with minimal human interaction. Like traditional computers, IoT devices are subject to attack and compromise. Large IoT deployments consisting of many nearly identical devices are especially attractive targets. At the same time, recovery from root compromise by conventional means becomes costly and slow, even more so if the devices are dispersed over a large geographical area. In the worst case, technicians have to travel to all devices and manually recover them. Data center solutions such as the Intelligent Platform Management Interface (IPMI) which rely on separate service processors and network connections are not only not supported by existing IoT hardware, but are unlikely to be in the foreseeable future due to the cost constraints of mainstream IoT devices. This paper presents CIDER, a system that can recover IoT devices within a short amount of time, even if attackers have taken root control of every device in a large deployment. The recovery requires minimal manual intervention. After the administrator has identified the compromise and produced an updated firmware image, he/she can instruct CIDER to force the devices to reset and to install the patched firmware on the devices. We demonstrate the universality and practicality of CIDER by implementing it on three popular IoT platforms (HummingBoard Edge, Raspberry Pi Compute Module 3 and Nucleo-L476RG) spanning the range from high to low end. Our evaluation shows that the performance overhead of CIDER is generally negligible.

In the Internet of Things architecture, devices are frequently connected to the Internet either directly or indirectly. However, many IoT devices lack built-in security features such as device level encryption, user authentication and basic firewall protection. This paper discusses security risks in the layers of general Internet of Things architecture and shows examples of potential risks at each level of the architecture. The paper also compares IoT security solutions provided by three major vendors and shows that the solutions are mutually complementary. Nevertheless, none of the examined IoT solutions provides security at the device level of the IoT architecture model. In order to address risks at the device level of the architecture, an implementation of Trusted Platform Module and Unique Device Identifier on IoT devices and gateways for encryption, authentication and device management is advocated in the paper.

We propose a distributed machine-learning architecture to predict trustworthiness of sensor services in Mobile Edge Computing (MEC) based Internet of Things (IoT) services, which aligns well with the goals of MEC and requirements of modern IoT systems. The proposed machine-learning architecture models training a distributed trust prediction model over a topology of MEC-environments as a Network Lasso problem, which allows simultaneous clustering and optimization on large-scale networked-graphs. We then attempt to solve it using Alternate Direction Method of Multipliers (ADMM) in a way that makes it suitable for MEC-based IoT systems. We present analytical and simulation results to show the validity and efficiency of the proposed solution.

With the development of IoT and 5G networks, the demand for the next-generation intelligent transportation system has been growing at a rapid pace. Dynamic mapping has been considered one of the key technologies to reduce traffic accidents and congestion in the intelligent transportation system. However, as the number of vehicles keeps growing, a huge volume of mapping traffic may overload the central cloud, leading to serious performance degradation. In this paper, we propose and prototype a CUPS (control and user plane separation)-based edge computing architecture for the dynamic mapping and quantify its benefits by prototyping. There are a couple of merits of our proposal: (i) we can mitigate the overhead of the networks and central cloud because we only need to abstract and send global dynamic mapping information from the edge servers to the central cloud; (ii) we can reduce the response latency since the dynamic mapping traffic can be isolated from other data traffic by being generated and distributed from a local edge server that is deployed closer to the vehicles than the central server in cloud. The capabilities of our system have been quantified. The experimental results have shown our system achieves throughput improvement by more than four times, and response latency reduction by 67.8% compared to the conventional central cloud-based approach. Although these results are still obtained from the preliminary evaluations using our prototype system, we believe that our proposed architecture gives insight into how we utilize CUPS and edge computing to enable efficient dynamic mapping applications.

With the development of Internet of Things, numerous IoT devices have been brought into our daily lives. Bluetooth Low Energy (BLE), due to the low energy consumption and generic service stack, has become one of the most popular wireless communication technologies for IoT. However, because of the short communication range and exclusive connection pattern, a BLE-equipped device can only be used by a single user near the device. To fully explore the benefits of BLE and make BLE-equipped devices truly accessible over the Internet as IoT devices, in this paper, we propose a cloud-based software framework that can enable multiple users to interact with various BLE IoT devices over the Internet. This framework includes an agent program, a suite of services hosting in cloud, and a set of RESTful APIs exposed to Internet users. Given the availability of this framework, the access to BLE devices can be extended from local to the Internet scale without any software or hardware changes to BLE devices, and more importantly, shared usage of remote BLE devices over the Internet is also made available.

Advancements in computing, communication, and sensing technologies are making it possible to embed, control, and gather vital information from tiny devices that are being deployed and utilized in practically every aspect of our modernized society. From smart home appliances to municipal water and electric industrial facilities to our everyday work environments, the next Internet frontier, dubbed IoT, is promising to revolutionize our lives and tackle some of our nations' most pressing challenges. While the seamless interconnection of IoT devices with the physical realm is envisioned to bring a plethora of critical improvements in many aspects and diverse domains, it will undoubtedly pave the way for attackers that will target and exploit such devices, threatening the integrity of their data and the reliability of critical infrastructure. Further, such compromised devices will undeniably be leveraged as the next generation of botnets, given their increased processing capabilities and abundant bandwidth. While several demonstrations exist in the literature describing the exploitation procedures of a number of IoT devices, the up-to-date inference, characterization, and analysis of unsolicited IoT devices that are currently deployed "in the wild" is still in its infancy. In this article, we address this imperative task by leveraging active and passive measurements to report on unsolicited Internet-scale IoT devices. This work describes a first step toward exploring the utilization of passive measurements in combination with the results of active measurements to shed light on the Internet-scale insecurities of the IoT paradigm. By correlating results of Internet-wide scanning with Internet background radiation traffic, we disclose close to 14,000 compromised IoT devices in diverse sectors, including critical infrastructure and smart home appliances. To this end, we also analyze their generated traffic to create effective mitigation signatures that could be deployed in local IoT realms. To support largescale empirical data analytics in the context of IoT, we make available the inferred and extracted IoT malicious raw data through an authenticated front-end service. The outcomes of this work confirm the existence of such compromised devices on an Internet scale, while the generated inferences and insights are postulated to be employed for inferring other similarly compromised IoT devices, in addition to contributing to IoT cyber security situational awareness.

The upsurge of Industrial Internet of Things is forcing industrial information systems to enable less hierarchical information flow. The connections between humans, devices, and their digital twins are growing in numbers, creating a need for new kind of security and trust solutions. To address these needs, industries are applying distributed ledger technologies, aka blockchains. A significant number of use cases have been studied in the sectors of logistics, energy markets, smart grid security, and food safety, with frequently reported benefits in transparency, reduced costs, and disintermediation. However, distributed ledger technologies have challenges with transaction throughput, latency, and resource requirements, which render the technology unusable in many cases, particularly with constrained Internet of Things devices.To overcome these challenges within the Industrial Internet of Things, we suggest a set of interledger approaches that enable trusted information exchange across different ledgers and constrained devices. With these approaches, the technically most suitable ledger technology can be selected for each use case while simultaneously enjoying the benefits of the most widespread ledger implementations. We present state of the art for distributed ledger technologies to support the use of interledger approaches in industrial settings.