Biblio

Internet of Things (IoT) is defined as the connection between places and physical objects (i.e., things) over the internet/network via smart computing devices. IoT is a rapidly emerging paradigm that now encompasses almost every aspect of our modern life. As such, it is crucial to ensure IoT devices follow strict security requirements. At the same time, the prevalence of IoT devices offers developers a chance to design and develop Machine Learning (ML)-based intelligent software systems using their IoT devices. However, given the diversity of IoT devices, IoT developers may find it challenging to introduce appropriate security and ML techniques into their devices. Traditionally, we learn about the IoT ecosystem/problems by conducting surveys of IoT developers/practitioners. Another way to learn is by analyzing IoT developer discussions in popular online developer forums like Stack Overflow (SO). However, we are aware of no such studies that focused on IoT developers’ security and ML-related discussions in SO. This paper offers the results of preliminary study of IoT developer discussions in SO. First, we collect around 53K IoT posts (questions + accepted answers) from SO. Second, we tokenize each post into sentences. Third, we automatically identify sentences containing security and ML-related discussions. We find around 12% of sentences contain security discussions, while around 0.12% sentences contain ML-related discussions. There is no overlap between security and ML-related discussions, i.e., IoT developers discussing security requirements did not discuss ML requirements and vice versa. We find that IoT developers discussing security issues frequently inquired about how the shared data can be stored, shared, and transferred securely across IoT devices and users. We also find that IoT developers are interested to adopt deep neural network-based ML models into their IoT devices, but they find it challenging to accommodate those into their resource-constrained IoT devices. Our findings offer implications for IoT vendors and researchers to develop and design novel techniques for improved security and ML adoption into IoT devices.

Physical unclonable functions (PUFs) are used to create unique device identifiers from their inherent fabrication variability. Unstable readings and variation of the PUF response over time are key issues that limit the applicability of PUFs in real-world systems. In this project, we developed a fuzzy extractor (FE) to generate robust cryptographic keys from ReRAM-based PUFs. We tested the efficiency of the proposed FE using BCH and Polar error correction codes. We use ReRAM-based PUFs operating in pre-forming range to generate binary cryptographic keys at ultra-low power with an objective of tamper sensitivity. We investigate the performance of the proposed FE with real data using the reading of the resistance of pre-formed ReRAM cells under various noise conditions. The results show a bit error rate (BER) in the range of 10−5 for the Polar-codes based method when 10% of the ReRAM cell array is erroneous at Signal to Noise Ratio (SNR) of 20dB.This error rate is achieved by using helper data length of 512 bits for a 256 bit cryptographic key. Our method uses a 2:1 ratio for helper data and key, much lower than the majority of previously reported methods. This property makes our method more robust against helper data attacks.

To develop the next generation of Internet of Things, Edge devices and systems which leverage progress in enabling technologies such as 5G, distributed computing and artificial intelligence (AI), several requirements need to be developed and put in place to make the devices smarter. A major requirement for all the above applications is the long-term security and trust computing infrastructure. Trusted Computing requires the introduction inside of the platform of a Trusted Platform Module (TPM). Traditionally, a TPM was a discrete and dedicated module plugged into the platform to give TPM capabilities. Recently, processors manufacturers started integrating trusted computing features into their processors. A significant drawback of this approach is the need for a permanent modification of the processor microarchitecture. In this context, we suggest an analysis and a design of a software-only TPM for RISC-V processors based on seL4 microkernel and OP-TEE.

In order to solve the problem that the ordinary intrusion detection model cannot effectively identify the increasingly complex, continuous, multi-source and organized network attacks, this paper proposes an Internet of Things attack group identification model to identify the planned and organized attack groups. The model takes the common attack source IP, target IP, time stamp and target port as the characteristics of the attack log data to establish the identification benchmark of the attack gang behavior. The model also combines the spectral clustering algorithm to cluster different attackers with similar attack behaviors, and carries out the specific image analysis of the attack gang. In this paper, an experimental detection was carried out based on real IoT honey pot attack log data. The spectral clustering was compared with Kmeans, DBSCAN and other clustering algorithms. The experimental results shows that the contour coefficient of spectral clustering was significantly higher than that of other clustering algorithms. The recognition model based on spectral clustering proposed in this paper has a better effect, which can effectively identify the attack groups and mine the attack preferences of the groups.

The Internet-of-Things (IoT) paradigm at large continues to be compromised, hindering the privacy, dependability, security, and safety of our nations. While the operational security communities (i.e., CERTS, SOCs, CSIRT, etc.) continue to develop capabilities for monitoring cyberspace, tools which are IoT-centric remain at its infancy. To this end, we address this gap by innovating an actionable Cyber Threat Intelligence (CTI) feed related to Internet-scale infected IoT devices. The feed analyzes, in near real-time, 3.6TB of daily streaming passive measurements ( ≈ 1M pps) by applying a custom-developed learning methodology to distinguish between compromised IoT devices and non-IoT nodes, in addition to labeling the type and vendor. The feed is augmented with third party information to provide contextual information. We report on the operation, analysis, and shortcomings of the feed executed during an initial deployment period. We make the CTI feed available for ingestion through a public, authenticated API and a front-end platform.

The rapid progress experienced in the Internet of Things (IoT) space is one that has introduced new and unique challenges for cybersecurity and IoT-Forensics. One of these problems is how digital forensics and incident response (DFIR) are handled in IoT. Since enormous users use IoT platforms to accomplish their day to day task, massive amounts of data streams are transferred with limited hardware resources; conducting DFIR needs a new approach to mitigate digital evidence and incident response challenges owing to the facts that there are no unified standard or classified principles for IoT forensics. Today's IoT DFIR relies on self-defined best practices and experiences. Given these challenges, IoT-related incidents need a more structured approach in identifying problems of DFIR. In this paper, we examined the major DFIR challenges in IoT by exploring the different phases involved in a DFIR when responding to IoT-related incidents. This study aims to provide researchers and practitioners a road-map that will help improve the standards of IoT security and DFIR.

Connecting anything to the Internet is one of the main objectives of the Internet of Things (IoT). It enabled to access any device from anywhere at any time without any human intervention. There are endless applications of IoT involving controlling home applications to industry. This rapid growth of this technology and innovations of its application results due to improved technology of developing these tiny devices with its back-end software. On the other side, internal resources such as memory, processing power, battery life are the significant constraints of these devices. Introducing lightweight cryptography helped secure data transmission across various devices while protecting these devices from getting attacked for DDoS attack is still a significant concern. This paper primarily focuses on elaborating on DDoS attack and the malware used to initiate a DDoS attack on IoT devices. Further, this paper mainly focuses on providing solutions that would help to prevent DDoS attack from IoT network.

The growing adoption of IoT devices is creating a huge positive impact on human life. However, it is also making the network more vulnerable to security threats. One of the major threats is malicious traffic injection attack, where the hacked IoT devices overwhelm the application servers causing large-scale service disruption. To address such attacks, we propose a Software Defined Networking based predictive alarm manager solution for malicious traffic detection and mitigation at the IoT Gateway. Our experimental results with the proposed solution confirms the detection of malicious flows with nearly 95% precision on average and at its best with around 99% precision.

In recent times, the world has seen a tremendous increase in the number of attacks on IoT devices. A majority of these attacks have been botnet attacks, where an army of compromised IoT devices is used to launch DDoS attacks on targeted systems. In this paper, we study how the choice of a dataset and the extracted features determine the performance of a Machine Learning model, given the task of classifying Linux Binaries (ELFs) as being benign or malicious. Our work focuses on Linux systems since embedded Linux is the more popular choice for building today’s IoT devices and systems. We propose using 4 different types of files as the dataset for any ML model. These include system files, IoT application files, IoT botnet files and general malware files. Further, we propose using static, dynamic as well as network features to do the classification task. We show that existing methods leave out one or the other features, or file types and hence, our model outperforms them in terms of accuracy in detecting these files. While enhancing the dataset adds to the robustness of a model, utilizing all 3 types of features decreases the false positive and false negative rates non-trivially. We employ an exhaustive scenario based method for evaluating a ML model and show the importance of including each of the proposed files in a dataset. We also analyze the features and try to explain their importance for a model, using observed trends in different benign and malicious files. We perform feature extraction using the open source Limon sandbox, which prior to this work has been tested only on Ubuntu 14. We installed and configured it for Ubuntu 18, the documentation of which has been shared on Github.

With the development of the Internet of Things, embedded devices have become increasingly frequent in people's daily use. However, with the influx of a huge amount of heterogeneous embedded devices, its security has become an important issue. To face with such problems, remote attestation is undoubtedly a suitable security technology. Nevertheless, traditional remote attestation is limited to verifying the performance of devices as large and heterogeneous devices enter daily life. Therefore, this paper proposes a many-to-one swarm attestation and recovery scheme. Besides, the reputation mechanism and Merkel tree measurement method are introduced to reduce the attestation and recovery time of the scheme, and greatly reducing the energy consumption.

IoT devices have evolved with the goal of becoming more connected. However, for security it is necessary to reduce the attack surface by allowing only necessary devices to be connected. In addition, as the number of IoT devices increases, DDoS attacks targeting IoT devices also increase. In this paper, we propose a method to apply the zero trust concept of SDP as a way to enhance security and prevent DDoS attacks in the IoT device network to which the OCF platform, one of the IoT standard platforms, is applied. The protocol proposed in this paper needs to perform additional functions in IoT devices, and the processing overhead due to the functions is 62.6ms on average. Therefore, by applying the method proposed in this paper, although there is a small amount of processing overhead, DDoS attacks targeting the IoT network can be defended and the security of the IoT network can be improved.

With large scale generation and exchange of data between IoT devices and constrained IoT security to protect data communication, it becomes easy for attackers to compromise data routes. In IoT networks, IPv6 Routing Protocol is the de facto routing protocol for Low Power and Lossy Networks (RPL). RPL offers limited security against several RPL-specific and WSN-inherited attacks in IoT applications. Additionally, IoT devices are limited in memory, processing, and power to operate properly using the traditional Internet and routing security solutions. Several mitigation schemes for the security of IoT networks and routing, have been proposed including Machine Learning-based, IDS-based, and Trust-based approaches. In existing trust-based methods, mobility of nodes is not considered at all or its insufficient for mobile sink nodes, specifically for security against RPL attacks. This research work proposes a conceptual design, named SMTrust, for security of routing protocol in IoT, considering the mobility-based trust metrics. The proposed solution intends to provide defense against popular RPL attacks, for example, Blackhole, Greyhole, Rank, Version Number attacks, etc. We believe that SMTrust shall provide better network performance for attacks detection accuracy, mobility and scalability as compared to existing trust models, such as, DCTM-RPL and SecTrust-RPL. The novelty of our solution is that it considers the mobility metrics of the sensor nodes as well as the sink nodes, which has not been addressed by the existing models. This consideration makes it suitable for mobile IoT environment. The proposed design of SMTrust, as secure routing protocol, when embedded in RPL, shall ensure confidentiality, integrity, and availability among the sensor nodes during routing process in IoT communication and networks.

Android kernel fuzzing is a research area of interest specifically for detecting kernel vulnerabilities which may allow attackers to obtain the root privilege. The number of Android mobile phones is increasing rapidly with the explosive growth of Android kernel drivers. Interface aware fuzzing is an effective technique to test the security of kernel driver. Existing researches rely on static analysis with kernel source code. However, in fact, there exist millions of Android mobile phones without public accessible source code. In this paper, we propose a hybrid interface recovery method for fuzzing kernels which can recover kernel driver interface no matter the source code is available or not. In white box condition, we employ a dynamic interface recover method that can automatically and completely identify the interface knowledge. In black box condition, we use reverse engineering to extract the key interface information and use similarity computation to infer argument types. We evaluate our hybrid algorithm on on 12 Android smartphones from 9 vendors. Empirical experimental results show that our method can effectively recover interface argument lists and find Android kernel bugs. In total, 31 vulnerabilities are reported in white and black box conditions. The vulnerabilities were responsibly disclosed to affected vendors and 9 of the reported vulnerabilities have been already assigned CVEs.

In recent years, several trust management frame-works and models have been proposed for the Internet of Things (IoT). Focusing primarily on distributed trust management schemes; testing and validation of these models is still a challenging task. It requires the implementation of the proposed trust model for verification and validation of expected outcomes. Nevertheless, a stand-alone and standard IoT network simulator for testing of distributed trust management scheme is not yet available. In this paper, a .NET-based Distributed Trust Management Simulator for IoT Networks (DTMSim-IoT) is presented which enables the researcher to implement any static/dynamic trust management model to compute the trust value of a node. The trust computation will be calculated based on the direct-observation and trust value is updated after every transaction. Transaction history and logs of each event are maintained which can be viewed and exported as .csv file for future use. In addition to that, the simulator can also draw a graph based on the .csv file. Moreover, the simulator also offers to incorporate the feature of identification and mitigation of the On-Off Attack (OOA) in the IoT domain. Furthermore, after identifying any malicious activity by any node in the networks, the malevolent node is added to the malicious list and disseminated in the network to prevent potential On-Off attacks.

Internet of Things (IoT) combines the internet and physical objects to transfer information among the objects. In the emerging IoT networks, providing security is the major issue. IoT device is exposed to various security issues due to its low computational efficiency. In recent years, the Intrusion Detection System valuable tool deployed to secure the information in the network. This article exposes the Intrusion Detection System (IDS) based on deep learning and machine learning to overcome the security attacks in IoT networks. Long Short-Term Memory (LSTM) and K-Nearest Neighbor (KNN) are used in the attack detection model and performances of those algorithms are compared with each other based on detection time, kappa statistic, geometric mean, and sensitivity. The effectiveness of the developed IDS is evaluated by using Bot-IoT datasets.

Of late, the massive use of pervasive devices in the electronics field has raised the concerns about security. In embedded applications or IoT domain implementing a full-fledged cryptographic environment using conventional encryption algorithms would not be practical because of the constraints like power dissipation, area and speed. To overcome such barriers the focus is on lightweight cryptography. In this paper a new lightweight PRESENT cipher has been proposed which has modified the original PRESENT cipher by reducing encryption round, modifying the Key Register updating technique and adding a new layer in between S-box layer and P-layer of the existing encryption-decryption process. The key register is updated by encrypting its value by adding delta value function of TEA (Tiny encryption algorithm), which is another lightweight cipher. The addition of extra layer helps us to reduce the PRESENT round from 31 to 25 which is the minimum round required for security. The efficiency of the proposed algorithm is increased by encrypting the key register. The proposed algorithm proves its superiority by analyzing different software parameter analysis like N-gram, Non-Homogeneity, Frequency Distribution graph and Histogram.

Internet of Things (IoT) enable information transmission and sharing among massive IoT devices. However, the key establishment and management in IoT become more challenging due to the low latency requirements and resource constrained IoT devices. In this work, we propose a practical physical layer based secret key sharing scheme for MIMO (multiple-input-multiple-output) IoT devices to reduce the communication delay caused by key establishment of MIMO IoT devices. This is because the proposed scheme attachs secret key sharing with communication simultaneously. It is achieved by the proposed MIMO self-injection AN (SAN) tranmsission, which is designed to deliberately maximum the receive SNR (signal to noise ratio) at different antenna of the legitimate IoT device, based on the value of secret key sharing to him. The simulation results verified the validity and security of the proposed scheme.

As the amount of information distributed and processed through IoT(Internet of Things) devices is absolutely increased, various security issues are also emerging. Above all, since IoT technology is directly applied to our real life, there is a growing concern that the dangers of the existing cyberspace can be expanded into the real world. In particular, leaks of keys necessary for authentication and data protection of IoT devices are causing economic and industrial losses through illegal copying and data leakage. Therefore, this paper introduces the research trend of hardware and software based key hiding technology to respond to these security threats, and proposes IoT device authentication techniques using them. The proposed method fundamentally prevents the threat of exposure of the authentication key due to various security vulnerabilities by properly integrating hardware and software based key hiding technologies. That is, this paper provides a more reliable IoT device authentication scheme by using key hiding technology for authentication key management.

Recent IoT services are being used in various fields such as smart homes, smart factories, smart cars and industrial systems. These various IoT services are implemented through hyper-connected IoT devices, and accordingly, security requirements of these devices are being highlighted. In order to satisfy the security requirements of IoT devices, various studies have been conducted such as HSM, Security SoC, and TrustZone. In particular, ARM proposed Platform Security Architecture (PSA), which is a security architecture that provide execution isolation to safely manage and protect the computing resources of low- end IoT devices. PSA can ensure confidentiality and integrity of IoT devices based on its structural features, but conversely, it has the problem of increasing development difficulty in using the security functions of PSA. To solve this problem, this paper analyzes the security requirements of an IoT platform and proposes secure platform based on PSA. To evaluate the proposed secure platform, a PoC implementation is provided based on hardware prototype consisting of FPGA. Our experiments with the PoC implementation verify that the proposed secure platform offers not only high security but also convenience of application development for IoT devices.

It is predicted that, the number of connected Internet of Things (IoT) devices will rise to 38.6 billion by 2025 and an estimated 50 billion by 2030. The increased deployment of IoT devices into diverse areas of our life has provided us with significant benefits such as improved quality of life and task automation. However, each time a new IoT device is deployed, new and unique security threats emerge or are introduced into the environment under which the device must operate. Instantaneous detection and mitigation of every security threat introduced by different IoT devices deployed can be very challenging. This is because many of the IoT devices are manufactured with no consideration of their security implications. In this paper therefore, we review existing literature and present IoT threat detection research advances with a focus on the various IoT security challenges as well as the current developments towards combating cyber security threats in IoT networks. However, this paper also highlights several future research directions in the IoT domain.

Deception technology is a useful approach to improve the security posture of IoT systems. The deployment of replication techniques as a deception tactic is presented with a summary of our research progress towards quantifying the defensive improvement as part of overall risk management considerations.

The massive boom of Internet of Things (IoT) has led to the explosion of smart IoT devices and the emergence of various applications such as smart cities, smart grids, smart mining, connected health, and more. While the proliferation of IoT systems promises many benefits for different sectors, it also exposes a large attack surface, raising an imperative need to put security in the first place. It is impractical to heavily rely on manual operations to deal with security of massive IoT devices and applications. Hence, there is a strong need for securing IoT systems with minimum human intervention. In light of this situation, in this paper, we envision security automation and orchestration for IoT systems. After conducting a comprehensive evaluation of the literature and having conversations with industry partners, we envision a framework integrating key elements towards this goal. For each element, we investigate the existing landscapes, discuss the current challenges, and identify future directions. We hope that this paper will bring the attention of the academic and industrial community towards solving challenges related to security automation and orchestration for IoT systems.

In this research we propose a framework that will strengthen the IoT devices security from dual perspectives; avoid devices to become attack target as well as a source of an attack. Unlike traditional devices, IoT devices are equipped with insufficient host-based defense system and a continuous internet connection. All time internet enabled devices with insufficient security allures the attackers to use such devices and carry out their attacks on rest of internet. When plethora of vulnerable devices become source of an attack, intensity of such attacks increases exponentially. Mirai was one of the first well-known attack that exploited large number of vulnerable IoT devices, that bring down a large part of Internet. To strengthen the IoT devices from dual security perspective, we propose a two step framework. Firstly, confine the communication boundary of IoT devices; IoT-Sphere. A sphere of IPs that are allowed to communicate with a device. Any communication that violates the sphere will be blocked at the gateway level. Secondly, only allowed communication will be evaluated for potential attacks and anomalies using advance detection engines. To show the effectiveness of our proposed framework, we perform couple of attacks on IoT devices; camera and google home and show the feasibility of IoT-Sphere.

Penetration testing, also known as Pen testing is usually performed by a testing professional in order to detect security threats involved in a system. Penetration testing can also be viewed as a fake cyber Security attack, done in order to see whether the system is secure and free of vulnerabilities. Penetration testing is widely used for testing both Network and Software, but somewhere it fails to make IoT more secure. In IoT the security risk is growing day-by-day, due to which the IoT networks need more penetration testers to test the security. In the proposed work an effort has been made to compile and aggregate the information regarding VAPT(Vulnerability Assessment and Penetrating Testing) in the area of IoT.

Nowadays, Internet of Things (IoT) has gained considerable significance and concern, consequently, and in particular with widespread usage and adoption of the IoT applications and projects in various industries, the consideration of the IoT Security has increased dramatically too. Therefore, this paper presents a concise and a precise review for the current state of the IoT security models and frameworks. The paper also proposes a new unified criteria and characteristics, namely Formal, Inclusive, Future, Agile, and Compliant with the standards (FIFAC), in order to assure modularity, reliability, and trust for future IoT security models, as well as, to provide an assortment of adaptable controls for protecting the data consistently across all IoT layers.