Biblio

Physical-layer security (PLS) has raised the attention of the research community in recent years, particularly for Internet of things (IoT) applications. Despite the use of classical cryptography, PLS provides security at physical layer, regardless of the computational power owned by the attacker. The investigations on PLS are numerous in the literature, but one main issue seems to be kept apart: how to measure the benefit that PLS can bring to cryptography? This paper tries to answer this question with an initial performance analysis of PLS in conjunction with typical cryptography of wireless communication protocols. Our results indicate that PLS can help cryptography to harden the attacker job in real operative scenario: PLS can increase the detection errors at the attacker's receiver, leading to inability to recover the cipher key, even if the plaintext is known.

In this work we present a novel technique for physical layer security in the Internet-of-Things (IoT) networks. In the proposed architecture, each IoT node generates a phase-modulated random key/data and transmits it to a master node in the presence of an eavesdropper, referred to as Eve. The master node, simultaneously, broadcasts a high power signal using an omni-directional antenna, which is received as interference by Eve. This interference masks the generated key by the IoT node and will result in a higher bit-error rate in the data received by Eve. The two legitimate intended nodes communicate in a full-duplex manner and, consequently, subtract their transmitted signals, as a known reference, from the received signal (self-interference cancellation). We compare our proposed method with a conventional approach to physical layer security based on directional antennas. In particular, we show, using theoretical and measurement results, that our proposed approach provides significantly better security measures, in terms bit error rate (BER) at Eve's location. Also, it is proven that in our novel system, the possible eavesdropping region, defined by the region with BER \textbackslashtextless; 10-1, is always smaller than the reliable communication region with BER \textbackslashtextless; 10-3.

Authentication is the fundamental security service used in almost all remote applications. All such sensitive applications over an open network need authentication mechanism that should be delivered in a trusted way. In this paper, we design an RSA based authentication system for smart IoT environment over the air network using state-of-the-art industry standards. Our system provide security services including X.509 certificate, RSA based Public Key Infrastructure (PKI), challenge/response protocols with the help of proxy induced security service provider. We describe an innovative system model, protocol design, system architecture and evaluation against known threats. Also the implemented solution designed as an add on service for multiple other sensitive applications (smart city apps, cyber physical systems etc.) which needs the support of X.509 certificate based on hard tokens to populate other security services including confidentiality, integrity, non-repudiation, privacy and anonymity of the identities. The proposed scheme is evaluated against known vulnerabilities and given detail comparisons with popular known authentication schemes. The result shows that our proposed scheme mitigate all the known security risks and provide highest level assurance to smart gadgets.

IoT trust management is a security solution that assures the trust between different IoT entities before establishing any relationship with other anonymous devices. Recent researches presented in the literature tend to use a Blockchain-based trust management model for IoT besides the fog node approach in order to address the constraints of IoT resources. Actually, Blockchain has solved many drawbacks of centralized models. However, it is still not preferable for dealing with massive data produced by IoT because of its drawbacks such as delay, network overhead, and scalability issues. Therefore, in this paper we define some factors that should be considered when designing scalable models, and we propose a fully distributed trust management model for IoT that provide a large-scale trust model and address the limitations of Blockchain. We design our model based on a new approach called Holochain considering some security issues, such as detecting misbehaviors, data integrity and availability.

Along with the continuous progress of the information technology, Internet of Things is the inevitable way for realizing the fusion of communication and traditional network technology. Network coding, an important breakthrough in the field of communication, has many applied advantages in information network. This article analyses the eavesdropping problem of Internet of Things and presents an information secure network coding scheme against the eavesdropping adversaries. We show that, if the number of links the adversaries can eavesdrop on is less than the max-flow of a network, the proposed coding scheme not only `achieves the prefect information secure condition but also the max-flow of the network.

A smart environment is a physical space where devices are connected to provide continuous support to individuals and make their life more comfortable. For this purpose, a smart environment collects, stores, and processes a massive amount of personal data. In general, service providers collect these data according to their privacy policies. To enhance the privacy control, individuals can explicitly express their privacy preferences, stating conditions on how their data have to be used and managed. Typically, privacy checking is handled through the hard matching of users' privacy preferences against service providers' privacy policies, by denying all service requests whose privacy policies do not fully match with individual's privacy preferences. However, this hard matching might be too restrictive in a smart environment because it denies the services that partially satisfy the individual's privacy preferences. To cope with this challenge, in this paper, we propose a soft privacy matching mechanism, able to relax, in a controlled way, some conditions of users' privacy preferences such to match with service providers' privacy policies. At this aim, we exploit machine learning algorithms to build a classifier, which is able to make decisions on future service requests, by learning which privacy preference components a user is prone to relax, as well as the relaxation tolerance. We test our approach on two realistic datasets, obtaining promising results.

Bluetooth Low Energy (BLE) beacons are an emerging type of technology in the Internet-of-Things (IoT) realm, which use BLE signals to broadcast a unique identifier that is detected by a compatible device to determine the location of nearby users. Beacons can be used to provide a tailored user experience with each encounter, yet can also constitute an invasion of privacy, due to their covertness and ability to track user behavior. Therefore, we hypothesize that user-driven privacy policy configuration is key to enabling effective and trustworthy privacy management during beacon encounters. We developed a framework for beacon privacy management that provides a policy configuration platform. Through an empirical analysis with 90 users, we evaluated this framework through a proof-of-concept app called Beacon Privacy Manager (BPM), which focused on the user experience of such a tool. Using BPM, we provided users with the ability to create privacy policies for beacons, testing different configuration schemes to refine the framework and then offer recommendations for future research.

Serving heterogeneous traffic demand requires efficient resource utilization to deliver the promises of 5G wireless network towards enhanced mobile broadband, massive machine type communication and ultra-reliable low-latency communication. In this paper, an integrated user application-specific demand characteristics as well as network characteristics evaluation based online slice allocation model for 5G wireless network is proposed. Such characteristics include, available bandwidth, power, quality of service demand, service priority, security sensitivity, network load, predictive load etc. A degree of intra-slice resource sharing elasticity has been considered based on their availability. The availability has been assessed based on the current availability as well as forecasted availability. On the basis of application characteristics, an admission control strategy has been proposed. An interactive AMF (Access and Mobility Function)- RAN (Radio Access Network) information exchange has been assumed. A cost function has been derived to quantify resource allocation decision metric that is valid for both static and dynamic nature of user and network characteristics. A dynamic intra-slice decision boundary estimation model has been proposed. A set of analytical comparative results have been attained in comparison to the results available in the literature. The results suggest the proposed resource allocation framework performance is superior to the existing results in the context of network utility, mean delay and network grade of service, while providing similar throughput. The superiority reported is due to soft nature of the decision metric while reconfiguring slice resource block-size and boundaries.

In this research paper author surveys the need of data protection from intelligent systems in the private and public sectors. For this, she identifies that the Smart Information Security Intel processes needs to be the suggestive key policy for both sectors of governance either public or private. The information is very sensitive for any organization. When the government offices are concerned, information needs to be abstracted and encapsulated so that there is no information stealing. For this purposes, the art of skill set and new optimized technology needs to be stationed. Author identifies that digital bar-coded air port like security using conveyor belts and digital bar-coded conveyor boxes to scan switched ON articles like internet of things needs to be placed. As otherwise, there can potentially be data, articles or information stealing from the operational sites where access is unauthorized. Such activities shall need to be scrutinized, minutely. The biometric such as fingerprints, iris, voice and face recognition pattern updates in the virtual data tables must be taken to keep data entry-exit log up to-date. The information technicians of the sentinel systems must help catch the anomalies in the professional working time in private and public sectors if there is red flag as indicator. The author in this research paper shall discuss in detail what we shall station, how we shall station and what all measures we might need to undertake to safeguard the stealing of sensitive information from the organizations like administration buildings, government buildings, educational schools, hospitals, courts, private buildings, banks and all other offices nation-wide. The TO-BE new processes shall make the AS-IS office system more information secured, data protected and personnel security stronger.

The ubiquitous internetworking of devices in all areas of life is boosted by various trends for instance the Internet of Things. Promising technologies that can be used for such future environments come from Wireless Sensor Networks. It ensures connectivity between distributed, tiny and simple sensor nodes as well as sensor nodes and base stations in order to monitor physical or environmental conditions such as vibrations, temperature or motion. Security plays an increasingly important role in the coming decades in which attacking strategies are becoming more and more sophisticated. Contemporary cryptographic mechanisms face a great threat from quantum computers in the near future and together with Intrusion Detection Systems are hardly applicable on sensors due to strict resource constraints. Thus, in this work a future-proof lightweight and resource-aware security concept for sensor networks with a processing stage permeated filtering mechanism is proposed. A special focus in the concepts evaluation lies on the novel Magic Number filter to mitigate a special kind of Denial-of-Service attack performed on CC1350 LaunchPad ARM Cortex-M3 microcontroller boards.

Hard-coded credentials such as clear text log-in id and password provided by the IoT manufacturers and unsecured ways of remotely accessing IoT devices are the major security concerns of industry and academia. Limited memory, power, and processing capabilities of IoT devices further worsen the situations in improving the security of IoT devices. In such scenarios, a lightweight security algorithm up to some extent can minimize the risk. This paper proposes one such approach using Quick Response (QR) code to mitigate hard-coded credentials related attacks such as Mirai malware, wreak havoc, etc. The QR code based approach provides non-clear text unpredictable login id and password. Further, this paper also proposes a secured way of remotely accessing IoT devices through modified https. The proposed algorithms are implemented and verified using Raspberry Pi 3 model B.

One of the key aspects of IoT-based systems, which we believe has not been getting the attention it deserves, is provenance. Provenance refers to those actions that record the usage of data in the system, along with the rationale for said usage. Historically, most provenance methods in distributed systems have been tightly coupled with those of the underlying data processing frameworks in such systems. However, in this paper, we argue that IoT provenance requires a different treatment, given the heterogeneity and dynamism of IoT-based systems. In particular, provenance in IoT-based systems should be decoupled as far as possible from the underlying data processing substrates in IoT-based systems.To that end, in this paper, we present Genoma, our ongoing work on a system for provenance-as-a-service in IoT-based systems. By "provenance-as-a-service" we mean the following: distributed provenance across IoT devices, edge and cloud; and agnostic of the underlying data processing substrate. Genoma comprises a set of services that act together to provide useful provenance information to users across the system. We also show how we are realizing Genoma via an implementation prototype built on Apache Atlas and Tinkergraph, through which we are investigating several key research issues in distributed IoT provenance.

Bare-metal microcontrollers are a family of Internet of Things (IoT) devices which are increasingly deployed in critical industrial environments. Similar to other IoT devices, bare-metal microcontrollers are vulnerable to memory corruption and code-reuse attacks. We propose MicroGuard, a novel mitigation method based on component-level sandboxing and automated code randomization to securely encapsulate application components in isolated environments. We implemented MicroGuard and evaluated its efficacy and efficiency with a real-world benchmark against different types of attacks. As our evaluation shows, MicroGuard provides better security than ACES, current state-of-the-art protection framework for bare-metal microcontrollers, with a comparable performance overhead.

The Industrial Internet-of-Things (IIoT) has gained significant interest from both the research and industry communities. Such interest came with a vision towards enabling automation and intelligence for futuristic versions of our day to day devices. However, such a vision demands the need for accelerated research and development of IIoT systems, in which sensor integration, due to their diversity, impose a significant roadblock. Such roadblocks are embodied in both the cost and time to develop an IIoT platform, imposing limits on the innovation of sensor manufacturers, as a result of the demand to maintain interface compatibility for seamless integration and low development costs. In this paper, we propose an IIoT system architecture (SandBoxer) tailored for sensor integration, that utilizes a collaborative set of efforts from various technologies and research fields. The paper introduces the concept of ”development-sandboxing” as a viable choice towards building the foundation for enabling true-plug-and-play IIoT. We start by outlining the key characteristics desired to create an architecture that catalyzes IIoT research and development. We then present our vision of the architecture through the use of a sensor-hosted EEPROM and scripting to ”sandbox” the sensors, which in turn accelerates sensor integration for developers and creates a broader innovation path for sensor manufacturers. We also discuss multiple design alternative, challenges, and use cases in both the research and industry.

With the rapid growth of Linux-based IoT devices such as network cameras and routers, the security becomes a concern and many attacks utilize vulnerabilities to compromise the devices. It is crucial for researchers to find vulnerabilities in IoT systems before attackers. Fuzzing is an effective vulnerability discovery technique for traditional desktop programs, but could not be directly applied to Linux-based IoT programs due to the special execution environment requirement. In our paper, we propose an efficient greybox fuzzing scheme for Linux-based IoT programs which consist of two phases: binary static analysis and IoT program greybox fuzzing. The binary static analysis is to help generate useful inputs for efficient fuzzing. The IoT program greybox fuzzing is to reinforce the IoT firmware kernel greybox fuzzer to support IoT programs. We implement a prototype system and the evaluation results indicate that our system could automatically find vulnerabilities in real-world Linux-based IoT programs efficiently.

With the rapid proliferation of Internet of Thing (IoT) devices, many security challenges could be introduced at low-end routers. Misbehaving routers affect the availability of the networks by dropping packets selectively and rejecting data forwarding services. Although existing Reputation Management (RM) systems are useful in identifying misbehaving routers, the centralized nature of the RM center has the risk of one-point failure. The emerging blockchain techniques, with the inherent decentralized consensus mechanism, provide a promising method to reduce this one-point failure risk. By adopting the distributed consensus mechanism, we propose a blockchain-based reputation management system in IoT networks to overcome the limitation of centralized router RM systems. The proposed solution utilizes the blockchain technique as a decentralized database to store router reports for calculating reputation of each router. With the proposed reputation calculation mechanism, the reliability of each router would be evaluated, and the malicious misbehaving routers with low reputations will be blacklisted and get isolated. More importantly, we develop an optimized group mining process for blockchain technique in order to improve the efficiency of block generation and reduce the resource consumption. The simulation results validate the distributed blockchain-based RM system in terms of attacks detection and system convergence performance, and the comparison result of the proposed group mining process with existing blockchain models illustrates the applicability and feasibility of the proposed works.

An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.

In recent years, with the rapid development of Internet of things, RFID tags have been widely used, in due to the chip used in radio frequency identification (RFID) tags is more demanding for resources, which also brings a great threat to the safety performance of cryptographic algorithms in differential power analysis (DPA). For this purpose, it is necessary to study the LED lightweight cryptography algorithm of RFID tags in the Internet of things, so as to explore a lightweight and secure cryptographic algorithm which can be applied to RFID Tags. In this paper, through the combination of Piccolo cryptographic algorithm and the new DPA protection technology threshold, we propose a LED lightweight cryptographic algorithm which can be applied to the RFID tag of the Internet of things. With the help of improve d exhaustive search and Boolean expression reconstruction, the two methods share the implementation of the S -box and the InvS-box, thereby effectively solves the burr threat problem of the S-box and the InvS-box in the sharing implementation process, the security performance of the algorithm is evaluated by the DPA attack of FPGA. The results show that the algorithm can achieve lightweight and security performance at the same time, can effectively meet the light and security requirements of RFID tag chip of Internet of things for cryptographic algorithms.

With the continuous development of the Internet of Things, intelligent manufacturing has gradually entered the application stage, which urgently needs to solve the problem of information transmission security. In order to realize data security with transmission encryption, the UHF RFID tag based on domestic cryptographic algorithm SM7 is proposed. By writing the anti-counterfeiting authentication identification code when the tag leaves the factory, verifying the identification code when the tag is issued, and using the authentication code of the tag to participate in the sectoral key dispersion, the purpose of data security protection is achieved. Through this scheme, the security of tag information and transmission is guaranteed, and a new idea is provided for the follow-up large-scale extension of intelligent manufacturing.

Smart Farming is driven by the emergence of precise positioning systems and Internet of Things technologies which have already enabled site-specific applications, sustainable resource management, and interconnected machinery. Nowadays, so-called Farm Management Information Systems (FMISs) enable farm-internal interconnection of agricultural machines and implements and, thereby, allow in-field data exchange and the orchestration of collaborative agricultural processes. Machine data is often directly logged during task execution. Moreover, interconnection of farms, agricultural contractors, and marketplaces ease the collaboration. However, current FMISs lack in security and particularly in user authentication. In this paper, we present a security architecture for a decentralized, manufacturer-independent, and open-source FMIS. Special attention is turned on the Radio Frequency Identification (RFID)-based continuous user authentication which greatly improves security and credibility of automated documentation, while at the same time preserves usability in practice.

This paper provides a proof of concept for using SRAM based Physically Unclonable Functions (PUFs) to generate private keys for IoT devices. PUFs are utilized, as there is inadequate protection for secret keys stored in the memory of the IoT devices. We utilize a custom-made Arduino mega shield to extract the fingerprint from SRAM chip on demand. We utilize the concepts of ternary states to exclude the cells which are easily prone to flip, allowing us to extract stable bits from the fingerprint of the SRAM. Using the custom-made software for our SRAM device, we can control the error rate of the PUF to achieve an adjustable memory-based PUF for key generation. We utilize several fuzzy extractor techniques based on using different error correction coding methods to generate secret keys from the SRAM PUF, and study the trade-off between the false authentication rate and false rejection rate of the PUF.

Recently, the Internet of Things (IoT) is growing rapidly. IoT sensors are attached to various devices, and information is detected, collected and utilized through various wired and wireless communication environments. As the IoT is used in various places, IoT devices face a variety of malicious attacks such as MITM and reverse engineering. To prevent these, encryption is required for device-to-device communication, and keys required for encryption must be properly managed. We propose a scheme to generate seed needed for key generation and a scheme to manage the public key using blockchain.

Advances in new Communication and Information innovations has led to a new paradigm known as Internet of Things (IoT). Healthcare environment uses IoT technologies for Patients care which can be used in various medical applications. Patient information is encrypted consistently to maintain the access of therapeutic records by authoritative entities. Healthcare Internet of Things (HIoT) facilitate the access of Patient files immediately in emergency situations. In the proposed system, the Patient directly provides the Key to the Doctor in normal care access. In Emergency care, a Patient shares an Attribute based Key with a set of Emergency Supporting Representatives (ESRs) and access permission to the Doctor for utilizing Emergency key from ESR. The Doctor decrypts the medical records by using Attribute based key and Emergency key to save the Patient's life. The proposed model Secure Information Retrieval using Lightweight Cryptography (SIRLC) reduces the secret key generation time and cipher text size. The performance evaluation indicates that SIRLC is a better option to utilize in Healthcare IoT than Lightweight Break-glass Access Control(LiBAC) with enhanced security and reduced computational complexity.

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.

The giant network of Internet of Things establishes connections between smart devices and people, with protocols to collect and share data. While the data is expanding at a fast pace in this era of Big Data, there are growing concerns about security and privacy policies. In the current Internet of Things ecosystems, at the intersection of the Internet of Things, Big Data, and Cybersecurity lies the subject that attracts the most attention. In aiding users in getting an adequate understanding, this paper introduces HackerNets, an interactive visualization for emerging topics in the crossing of IoT, Big Data, and Cybersecurity over time. To demonstrate the effectiveness and usefulness of HackerNets, we apply and evaluate the technique on the dataset from the social media platform.