Biblio

The economic progress of the Internet of Things (IoT) is phenomenal. Applications range from checking the alignment of some components during a manufacturing process, monitoring of transportation and pedestrian levels to enhance driving and walking path, remotely observing terminally ill patients by means of medical devices such as implanted devices and infusion pumps, and so on. To provide security, encrypting the data becomes an indispensable requirement, and symmetric encryptions algorithms are becoming a crucial implementation in the resource constrained environments. Typical symmetric encryption algorithms like Advanced Encryption Standard (AES) showcases an assumption that end points of communications are secured and that the encryption key being securely stored. However, devices might be physically unprotected, and attackers may have access to the memory while the data is still encrypted. It is essential to reserve the key in such a way that an attacker finds it hard to extract it. At present, techniques like White-Box cryptography has been utilized in these circumstances. But it has been reported that applying White-Box cryptography in IoT devices have resulted in other security issues like the adversary having access to the intermediate values, and the practical implementations leading to Code lifting attacks and differential attacks. In this paper, a solution is presented to overcome these problems by demonstrating the need of White-Box Cryptography to enhance the security by utilizing the cipher block chaining (CBC) mode.

In recent years, there is a surge of interest in approaches pertaining to security issues of Internet of Things deployments and applications that leverage machine learning and deep learning techniques. A key prerequisite for enabling such approaches is the development of scalable infrastructures for collecting and processing security-related datasets from IoT systems and devices. This paper introduces such a scalable and configurable data collection infrastructure for data-driven IoT security. It emphasizes the collection of (security) data from different elements of IoT systems, including individual devices and smart objects, edge nodes, IoT platforms, and entire clouds. The scalability of the introduced infrastructure stems from the integration of state of the art technologies for large scale data collection, streaming and storage, while its configurability relies on an extensible approach to modelling security data from a variety of IoT systems and devices. The approach enables the instantiation and deployment of security data collection systems over complex IoT deployments, which is a foundation for applying effective security analytics algorithms towards identifying threats, vulnerabilities and related attack patterns.

Internet of Things (IoT) devices industry is rapidly growing, with an accelerated increase in the list of manufacturers offering a wide range of smart devices selected to enhance end-users' standard of living. Security remains an after-thought in these devices resulting in vulnerabilities. While there exists a cryptographic protocol designed to solve such authentication problem, the computational complexity of cryptographic protocols and scalability problems make almost all cryptography-based authentication protocols impractical for IoT. Wireless RFF (Radio Frequency Fingerprinting) comes as a physical layer-based security authentication method that improves wireless security authentication, which is especially useful for the power and computing limited devices. As a proof-of-concept, this paper proposes a universal SDR (software defined Radio)-based inexpensive implementation intended to sense emitted wireless signals from IoT devices. Our approach is validated by extracting mobile phone signal bursts under different user-dedicated modes. The proposed setup is well adapted to accurately capture signals from different telecommunication standards. To ensure a unique identification of IoT devices, this paper also provides an optimum set of features useful to generate the device identity fingerprint.

So-called IoT, based on use of enabling technologies like 5G, Wi-Fi, BT, NFC, RFID, IPv6 as well as being widely applied for sensor networks, robots, Wearable and Cyber-PHY, invades rapidly to our every day. There are a lot of apps and software platforms to IoT support. However, a most important problem of QoS optimization, which lays in Performance, Reliability and Scalability for IoT, is not yet solved. The extended Internet of the future needs these solutions based on the cooperation between fog and clouds with delegating of the analytics blocks via agents, adaptive interfaces and protocols. The next problem is as follows: IoT can generate large arrays of unmanaged, weakly-structured, and non-configured data of various types, known as "Big Data". The given papers deals with the both problems. A special problem is Security and Privacy in potentially "dangerous" IoTscenarios. Anyway, this subject needs as special discussion for risks evaluation and cooperative intrusion detection. Some advanced approaches for optimization of Performance, Reliability and Scalability for IoT-solutions are offered within the paper. The paper discusses the Best Practises and Case Studies aimed to solution of the established problems.

Wearable technology has been on an exponential rise and shows no signs of slowing down. One category of wearable technology is Fitness bands, which have the potential to show a user's activity levels and location data. Such information stored in fitness bands is just the beginning of a long trail of evidence fitness bands can store, which represents a huge opportunity to digital forensic practitioners. On the surface of recent work and research in this area, there does not appear to be any similar work that has already taken place on fitness bands and particularly, the devices in this study, a Garmin Forerunner 110, a Fitbit Charge HR and a Generic low-cost HETP fitness tracker. In this paper, we present our analysis of these devices for any possible digital evidence in a forensically sound manner, identifying files of interest and location data on the device. Data accuracy and validity of the evidence is shown, as a test run scenario wearing all of the devices allowed for data comparison analysis.

Nowadays, IoT has crossed all borders and become ubiquitous in everyday life. This emerging technology has a huge success in closing the gap between the digital and the real world. However, security and privacy become huge concerns especially in the medical field which prevent the healthcare industry from adopting it despite its benefits and potentials. This paper focuses on identifying potential security threats to the IoMT and presents the security mechanisms to remove any possible impediment from immune information security of IoMT. A summarized framework of the layered-security model is proposed followed by a specific assessment review of each layer.

In this paper we propose a two-level hybrid anomalous activity detection model for intrusion detection in IoT networks. The level-1 model uses flow-based anomaly detection, which is capable of classifying the network traffic as normal or anomalous. The flow-based features are extracted from the CICIDS2017 and UNSW-15 datasets. If an anomaly activity is detected then the flow is forwarded to the level-2 model to find the category of the anomaly by deeply examining the contents of the packet. The level-2 model uses Recursive Feature Elimination (RFE) to select significant features and Synthetic Minority Over-Sampling Technique (SMOTE) for oversampling and Edited Nearest Neighbors (ENN) for cleaning the CICIDS2017 and UNSW-15 datasets. Our proposed model precision, recall and F score for level-1 were measured 100% for the CICIDS2017 dataset and 99% for the UNSW-15 dataset, while the level-2 model precision, recall, and F score were measured at 100 % for the CICIDS2017 dataset and 97 % for the UNSW-15 dataset. The predictor we introduce in this paper provides a solid framework for the development of malicious activity detection in IoT networks.

This article discusses the vulnerabilities and complexity of designing secure IoT-solutions, and then presents proven approaches to protecting devices and gateways. Specifically, security mechanisms such as device authentication (including certificate-based authentication), device authentication, and application a verification of identification are described. The authors consider a protocol of message queue telemetry transport for speech and sensor networks on the Internet, its features, application variants, and characteristic procedures. The principle of "publishersubscriber" is considered. An analysis of information elements and messages is carried out. The urgency of the theme is due to the rapid development of "publisher-subscriber" architecture, for which the protocol is most characteristic.

Wireless Sensor Networks (WSNs) are important and becoming more important as we integrate wireless sensor networks and the internet with different things, which has changed our life, and it is affected everywhere in our life like shopping, storage, live monitoring, smart home etc., called Internet of Things (IoT), as any use of the network physical devices that included in electronics, software, sensors, actuators, and connectivity which makes available these things to connect, collect and exchange data, and the most importantly thing is the accuracy of the data that has been collected in the Internet of Things, detecting sensor data with faulty readings is an important issue of secure communication and power consumption. So, requirement of energy-efficiency and integrity of information is mandatory.

Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to be in control of the communication security. To this end, the SMGW intercepts all inbound and outbound communication of its premise, e.g., a factory or smart home, and forwards it on secure channels that the SMGW established itself. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.

As a national strategic hot spot, the Internet of Things (IoT) has shown its vigor and vitality. With the development of IoT, its application in power grid is more and more extensive. As an advanced technology for information sensing and transmission, IoT has been applied extensively in power generation, transmission, transformation, distribution, utilization and other processes, and will develop with broad prospect in smart grid. Narrow Band Internet of Things (NB-IoT) is of broad application prospects in production management, life-cycle asset management and smart power utilization of smart grid. Its characteristics and security demands of application domain present a challenge for the security of electric power business. However, current protocols either need dual authentication and key agreements, or have poor compatibility with current network architecture. In order to improve the high security of power network data transmission, an end-to-end security authentication protocol of NB-IoT for smart grid based on physical unclonable function and state secret algorithm SM3 is proposed in this paper. A self-controllable NB-IoT application layer security architecture was designed by introducing the domestic cryptographic algorithm, extending the existing key derivation structure of LTE, and combining the physical unclonable function to ensure the generation of encryption keys between NB-IoT terminals and power grid business platforms. The protocol of this paper realizes secure data transmission and bidirectional identity authentication between IoT devices and terminals. It is of low communication costs, lightweight and flexible key update. In addition, the protocol also supports terminal authentication during key agreement, which furtherly enhances the security of business systems in smart grid.

The Internet of Things (IoT) is rapidly evolving, while introducing several new challenges regarding security, resilience and operational assurance. In the face of an increasing attack landscape, it is necessary to cater for the provision of efficient mechanisms to collectively verify software- and device-integrity in order to detect run-time modifications. Towards this direction, remote attestation has been proposed as a promising defense mechanism. It allows a third party, the verifier, to ensure the integrity of a remote device, the prover. However, this family of solutions do not capture the real-time requirements of industrial IoT applications and suffer from scalability and efficiency issues. In this paper, we present a lightweight dynamic control-flow property-based attestation architecture (CFPA) that can be applied on both resource-constrained edge and cloud devices and services. It is a first step towards a new line of security mechanisms that enables the provision of control-flow attestation of only those specific, critical software components that are comparatively small, simple and limited in function, thus, allowing for a much more efficient verification. Our goal is to enhance run-time software integrity and trustworthiness with a scalable and decentralized solution eliminating the need for federated infrastructure trust. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security do not hinder the deployment of intelligent edge computing systems.

Internet of things is a network formed between two or more devices through internet which helps in sharing data and resources. IoT is present everywhere and lot of applications in our day-to-day life such as smart homes, smart grid system which helps in reducing energy consumption, smart garbage collection to make cities clean, smart cities etc. It has some limitations too such as concerns of security of the network and the cost of installations of the devices. There have been many researches proposed various method in improving the IoT systems. In this paper, we have discussed about the scope and limitations of IoT in various fields and we have also proposed a technique to secure offline architecture of IoT.

The tremendous advances in information and communications technology (ICT), as well as the embedded systems, have been led to the emergence of the novel concept of the internet of things (IoT). Enjoying IoT-based technologies, many objects and components can be connected to each other through the internet or other modern communicational platforms. Embedded systems which are computing machines for special purposes like those utilized in high-tech devices, smart buildings, aircraft, and vehicles including advanced controllers, sensors, and meters with the ability of information exchange using IT infrastructures. The phrase "internet", in this context, does not exclusively refer to the World Wide Web rather than any type of server-based or peer-to-peer networks. In this study, the application of IoT in smart grids is addressed. Hence, at first, an introduction to the necessity of deployment of IoT in smart grids is presented. Afterwards, the applications of IoT in three levels of generation, transmission, and distribution is proposed. The generation level is composed of applications of IoT in renewable energy resources, wind and solar in particular, thermal generation, and energy storage facilities. The deployment of IoT in transmission level deals with congestion management in power system and guarantees the security of the system. In the distribution level, the implications of IoT in active distribution networks, smart cities, microgrids, smart buildings, and industrial sector are evaluated.

As cyber attacks to Industrial Internet of Things (IIoT) remain a major challenge, blockchain has emerged as a promising technology for IIoT security due to its decentralization and immutability characteristics. Existing blockchain designs, however, introduce high computational complexity and latency challenges which are unsuitable for IIoT. This paper proposes Xyreum, a new high-performance and scalable blockchain for enhanced IIoT security and privacy. Xyreum uses a Time-based Zero-Knowledge Proof of Knowledge (T-ZKPK) with authenticated encryption to perform Mutual Multi-Factor Authentication (MMFA). T-ZKPK properties are also used to support Key Establishment (KE) for securing transactions. Our approach for reaching consensus, which is a blockchain group decision-making process, is based on lightweight cryptographic algorithms. We evaluate our scheme with respect to security, privacy, and performance, and the results show that, compared with existing relevant blockchain solutions, our scheme is secure, privacy-preserving, and achieves a significant decrease in computation complexity and latency performance with high scalability. Furthermore, we explain how to use our scheme to strengthen the security of the REMME protocol, a blockchain-based security protocol deployed in several application domains.

With the development of internet of things (IoT) and communication technology, the sensors and embedded devices collect a large amount of data and handle it. However, IoT environment cannot efficiently treat the big data and is vulnerable to various attacks because IoT is comprised of resource limited devices and provides a service through a open channel. In 2018, Sharma and Kalra proposed a lightweight multi-factor authentication protocol for cloud-IoT environment to overcome this problems. We demonstrate that Sharma and Kalra's scheme is vulnerable to identity and password guessing, replay and session key disclosure attacks. We also propose a secure multifactor authentication protocol to resolve the security problems of Sharma and Kalra's scheme, and then we analyze the security using informal analysis and compare the performance with Sharma and Kalra's scheme. The proposed scheme can be applied to real cloud-IoT environment securely.

The operating system is extremely important for both "Made in China 2025" and ubiquitous electric power Internet of Things. By investigating of five key requirements for ubiquitous electric power Internet of Things at the OS level (performance, ecosystem, information security, functional security, developer framework), this paper introduces the intelligent NARI microkernel Operating System and its innovative schemes. It is implemented with microkernel architecture based on the trusted computing. Some technologies such as process based fine-grained real-time scheduling algorithm, sigma0 efficient message channel and service process binding in multicore are applied to improve system performance. For better ecological expansion, POSIX standard API is compatible, Linux container, embedded virtualization and intelligent interconnection technology are supported. Native process sandbox and mimicry defense are considered for security mechanism design. Multi-level exception handling and multidimensional partition isolation are adopted to provide High Reliability. Theorem-assisted proof tools based on Isabelle/HOL is used to verify the design and implementation of NARI microkernel OS. Developer framework including tools, kit and specification is discussed when developing both system software and user software on this IoT OS.

The deployment of smart devices in IoT applications are increasing with tremendous pace causing severe security concerns, as it trade most of private information. To counter that security issues in low resource applications, lightweight cryptographic algorithms have been introduced in recent past. In this paper we propose efficient hardware architecture of piccolo lightweight algorithm uses 64 bits block size with variable key size of length 80 and 128 bits. This paper introduces novel hardware architecture of piccolo-80, to supports high speed RFID security applications. Different design strategies are there to optimize the hardware metrics trade-off for particular application. The algorithm is implemented on different family of FPGAs with different devices to analyze the performance of design in 4 input LUTs and 6 input LUTs implementations. In addition, the results of hardware design are evaluated and compared with the most relevant lightweight block ciphers, shows the proposed architecture finds its utilization in terms of speed and area optimization from the hardware resources. The increment in throughput with optimized area of this architecture suggests that piccolo can applicable to implement for ultra-lightweight applications also.

In this paper, we focuses on an access control issue in the Internet of Things (IoT). Generally, we firstly propose a decentralized IoT system based on blockchain. Then we establish a secure fine-grained access control strategies for users, devices, data, and implement the strategies with smart contract. To trigger the smart contract, we design different transactions. Finally, we use the multi-index table struct for the access right's establishment, and store the access right into Key-Value database to improve the scalability of the decentralized IoT system. In addition, to improve the security of the system we also store the access records on the blockchain and database.

New IoT applications are demanding for more and more performance in embedded devices while their deployment and operation poses strict power constraints. We present the security concept for a customizable Internet of Things (IoT) platform based on the RISC-V ISA and developed by several Fraunhofer Institutes. It integrates a range of peripherals with a scalable computing subsystem as a three dimensional System-in-Package (3D-SiP). The security features aim for a medium security level and target the requirements of the IoT market. Our security architecture extends given implementations to enable secure deployment, operation, and update. Core security features are secure boot, an authenticated watchdog timer, and key management. The Universal Sensor Platform (USeP) SoC is developed for GLOBALFOUNDRIES' 22FDX technology and aims to provide a platform for Small and Medium-sized Enterprises (SMEs) that typically do not have access to advanced microelectronics and integration know-how, and are therefore limited to Commercial Off-The-Shelf (COTS) products.

This paper studies and describes encrypted communication between IoT cloud and IoT embedded systems. It uses encrypted MQTTS protocol with SSL/TLS certificate. A JSON type data format is used between the cloud structure and the IoT device. The embedded system used in this experiment is Esp32 Wrover. The IoT embedded system measures temperature and humidity from a sensor DHT22. The architecture and software implementation of the experimental stage are also presented.

This study has built a simulation of a smart home system by the Alibaba ECS. The architecture of hardware was based on edge computing technology. The whole method would design a clear classifier to find the boundary between regular and mutation codes. It could be applied in the detection of the mutation code of network. The project has used the dataset vector to divide them into positive and negative type, and the final result has shown the RBF-function SVM method perform best in this mission. This research has got a good network security detection in the IoT systems and increased the applications of machine learning.

Machine learning has been adopted widely to perform prediction and classification. Implementing machine learning increases security risks when computation process involves sensitive data on training and testing computations. We present a proposed system to protect machine learning engines in IoT environment without modifying internal machine learning architecture. Our proposed system is designed for passwordless and eliminated the third-party in executing machine learning transactions. To evaluate our a proposed system, we conduct experimental with machine learning transactions on IoT board and measure computation time each transaction. The experimental results show that our proposed system can address security issues on machine learning computation with low time consumption.

The data collected by IoT devices is of great value, which makes people urgently need a secure device key management strategy to protect their data. Existing works introduce the blockchain technology to transfer the responsibility of key management from the trusted center in the traditional key management strategy to the devices, thus eliminating the trust crisis caused by excessive dependence on third parties. However, the lightweight implementation of IoT devices limits the ability to resist side channel attacks, causing the private key to be exposed and subject to masquerading attacks. Accordingly, we strengthen the original blockchain based key management scheme to defend against key exposure attack. On the one hand, we introduce two hash functions to bind transactions in the blockchain to legitimate users. On the other hand, we design a secure key exchange protocol for identifying and exchanging access keys between legitimate users. Security analysis and performance show that the proposed scheme improves the robustness of the network with small storage and communication overhead increments.

This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identified all tainted flows reported by one of the state-of the-art tools with at least 4 times improved performance. In addition, our approach reports potential vulnerable tainted flow in a form of a concise security slice, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test.