Visible to the public Biblio

Filters: Keyword is IoT systems  [Clear All Filters]
2021-03-09
Yamaguchi, S..  2020.  Botnet Defense System and Its Basic Strategy Against Malicious Botnet. 2020 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-Taiwan). :1—2.

This paper proposes a basic strategy for Botnet Defense System (BDS). BDS is a cybersecurity system that utilizes white-hat botnets to defend IoT systems against malicious botnets. Once a BDS detects a malicious botnet, it launches white-hat worms in order to drive out the malicious botnet. The proposed strategy aims at the proper use of the worms based on the worms' capability such as lifespan and secondary infectivity. If the worms have high secondary infectivity or a long lifespan, the BDS only has to launch a few worms. Otherwise, it should launch as many worms as possible. The effectiveness of the strategy was confirmed through the simulation evaluation using agent-oriented Petri nets.

2021-02-15
Karthikeyan, S. Paramasivam, El-Razouk, H..  2020.  Horizontal Correlation Analysis of Elliptic Curve Diffie Hellman. 2020 3rd International Conference on Information and Computer Technologies (ICICT). :511–519.
The world is facing a new revolutionary technology transition, Internet of things (IoT). IoT systems requires secure connectivity of distributed entities, including in-field sensors. For such external devices, Side Channel Analysis poses a potential threat as it does not require complete knowledge about the crypto algorithm. In this work, we perform Horizontal Correlation Power Analysis (HCPA) which is a type of Side Channel Analysis (SCA) over the Elliptic Curve Diffie Hellman (ECDH) key exchange protocol. ChipWhisperer (CW) by NewAE Technologies is an open source toolchain which is utilized to perform the HCPA by using CW toolchain. To best of our knowledge, this is the first attempt to implemented ECDH on Artix-7 FPGA for HCPA. We compare our correlation results with the results from AES -128 bits provided by CW. Our point of attack is the Double and Add algorithm which is used to perform Scalar multiplication in ECC. We obtain a maximum correlation of 7% for the key guess using the HCPA. We also discuss about the possible cause for lower correlation and few potentials ways to improve it. In Addition to HCPA we also perform Simple Power Analysis (SPA) (visual) for ECDH, to guess the trailing zeros in the 128-bit secret key for different power traces.
2020-12-02
Abeysekara, P., Dong, H., Qin, A. K..  2019.  Machine Learning-Driven Trust Prediction for MEC-Based IoT Services. 2019 IEEE International Conference on Web Services (ICWS). :188—192.

We propose a distributed machine-learning architecture to predict trustworthiness of sensor services in Mobile Edge Computing (MEC) based Internet of Things (IoT) services, which aligns well with the goals of MEC and requirements of modern IoT systems. The proposed machine-learning architecture models training a distributed trust prediction model over a topology of MEC-environments as a Network Lasso problem, which allows simultaneous clustering and optimization on large-scale networked-graphs. We then attempt to solve it using Alternate Direction Method of Multipliers (ADMM) in a way that makes it suitable for MEC-based IoT systems. We present analytical and simulation results to show the validity and efficiency of the proposed solution.

2020-10-06
Ur-Rehman, Attiq, Gondal, Iqbal, Kamruzzuman, Joarder, Jolfaei, Alireza.  2019.  Vulnerability Modelling for Hybrid IT Systems. 2019 IEEE International Conference on Industrial Technology (ICIT). :1186—1191.

Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.

2020-09-21
Fang, Zheng, Fu, Hao, Gu, Tianbo, Qian, Zhiyun, Jaeger, Trent, Mohapatra, Prasant.  2019.  ForeSee: A Cross-Layer Vulnerability Detection Framework for the Internet of Things. 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). :236–244.
The exponential growth of Internet-of-Things (IoT) devices not only brings convenience but also poses numerous challenging safety and security issues. IoT devices are distributed, highly heterogeneous, and more importantly, directly interact with the physical environment. In IoT systems, the bugs in device firmware, the defects in network protocols, and the design flaws in system configurations all may lead to catastrophic accidents, causing severe threats to people's lives and properties. The challenge gets even more escalated as the possible attacks may be chained together in a long sequence across multiple layers, rendering the current vulnerability analysis inapplicable. In this paper, we present ForeSee, a cross-layer formal framework to comprehensively unveil the vulnerabilities in IoT systems. ForeSee generates a novel attack graph that depicts all of the essential components in IoT, from low-level physical surroundings to high-level decision-making processes. The corresponding graph-based analysis then enables ForeSee to precisely capture potential attack paths. An optimization algorithm is further introduced to reduce the computational complexity of our analysis. The illustrative case studies show that our multilayer modeling can capture threats ignored by the previous approaches.
Wang, An, Mohaisen, Aziz, Chen, Songqing.  2019.  XLF: A Cross-layer Framework to Secure the Internet of Things (IoT). 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS). :1830–1839.
The burgeoning Internet of Things (IoT) has offered unprecedented opportunities for innovations and applications that are continuously changing our life. At the same time, the large amount of pervasive IoT applications have posed paramount threats to the user's security and privacy. While a lot of efforts have been dedicated to deal with such threats from the hardware, the software, and the applications, in this paper, we argue and envision that more effective and comprehensive protection for IoT systems can only be achieved via a cross-layer approach. As such, we present our initial design of XLF, a cross-layer framework towards this goal. XLF can secure the IoT systems not only from each individual layer of device, network, and service, but also through the information aggregation and correlation of different layers.
2020-07-30
Garg, Hittu, Dave, Mayank.  2019.  Securing IoT Devices and SecurelyConnecting the Dots Using REST API and Middleware. 2019 4th International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU). :1—6.

Internet of Things (IoT) is a fairly disruptive technology with inconceivable growth, impact, and capability. We present the role of REST API in the IoT Systems and some initial concepts of IoT, whose technology is able to record and count everything. We as well highlight the concept of middleware that connects these devices and cloud. The appearance of new IoT applications in the cloud has brought new threats to security and privacy of data. Therefore it is required to introduce a secure IoT system which doesn't allow attackers infiltration in the network through IoT devices and also to secure data in transit from IoT devices to cloud. We provide the details on how Representational State Transfer (REST) API allows to securely expose connected devices to applications on cloud and users. In the proposed model, middleware is primarily used to expose device data through REST and to hide details and act as an interface to the user to interact with sensor data.

2020-05-08
Kearney, Paul, Asal, Rasool.  2019.  ERAMIS: A Reference Architecture-Based Methodology for IoT Systems. 2019 IEEE World Congress on Services (SERVICES). 2642-939X:366—367.

Opportunities arising from IoT-enabled applications are significant, but market growth is inhibited by concerns over security and complexity. To address these issues, we propose the ERAMIS methodology, which is based on instantiation of a reference architecture that captures common design features, embodies best practice, incorporates good security properties by design, and makes explicit provision for operational security services and processes.

2020-05-04
Chen, Hanlin, Hu, Ming, Yan, Hui, Yu, Ping.  2019.  Research on Industrial Internet of Things Security Architecture and Protection Strategy. 2019 International Conference on Virtual Reality and Intelligent Systems (ICVRIS). :365–368.

Industrial Internet of Things (IIoT) is a fusion of industrial automation systems and IoT systems. It features comprehensive sensing, interconnected transmission, intelligent processing, self-organization and self-maintenance. Its applications span intelligent transportation, smart factories, and intelligence. Many areas such as power grid and intelligent environment detection. With the widespread application of IIoT technology, the cyber security threats to industrial IoT systems are increasing day by day, and information security issues have become a major challenge in the development process. In order to protect the industrial IoT system from network attacks, this paper aims to study the industrial IoT information security protection technology, and the typical architecture of industrial Internet of things system, and analyzes the network security threats faced by industrial Internet of things system according to the different levels of the architecture, and designs the security protection strategies applied to different levels of structures based on the specific means of network attack.

2020-02-17
Roukounaki, Aikaterini, Efremidis, Sofoklis, Soldatos, John, Neises, Juergen, Walloschke, Thomas, Kefalakis, Nikos.  2019.  Scalable and Configurable End-to-End Collection and Analysis of IoT Security Data : Towards End-to-End Security in IoT Systems. 2019 Global IoT Summit (GIoTS). :1–6.

In recent years, there is a surge of interest in approaches pertaining to security issues of Internet of Things deployments and applications that leverage machine learning and deep learning techniques. A key prerequisite for enabling such approaches is the development of scalable infrastructures for collecting and processing security-related datasets from IoT systems and devices. This paper introduces such a scalable and configurable data collection infrastructure for data-driven IoT security. It emphasizes the collection of (security) data from different elements of IoT systems, including individual devices and smart objects, edge nodes, IoT platforms, and entire clouds. The scalability of the introduced infrastructure stems from the integration of state of the art technologies for large scale data collection, streaming and storage, while its configurability relies on an extensible approach to modelling security data from a variety of IoT systems and devices. The approach enables the instantiation and deployment of security data collection systems over complex IoT deployments, which is a foundation for applying effective security analytics algorithms towards identifying threats, vulnerabilities and related attack patterns.

2020-02-10
Bansal, Bhawana, Sharma, Monika.  2019.  Client-Side Verification Framework for Offline Architecture of IoT. 2019 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA). :1044–1050.
Internet of things is a network formed between two or more devices through internet which helps in sharing data and resources. IoT is present everywhere and lot of applications in our day-to-day life such as smart homes, smart grid system which helps in reducing energy consumption, smart garbage collection to make cities clean, smart cities etc. It has some limitations too such as concerns of security of the network and the cost of installations of the devices. There have been many researches proposed various method in improving the IoT systems. In this paper, we have discussed about the scope and limitations of IoT in various fields and we have also proposed a technique to secure offline architecture of IoT.
2020-01-28
Hou, Size, Huang, Xin.  2019.  Use of Machine Learning in Detecting Network Security of Edge Computing System. 2019 IEEE 4th International Conference on Big Data Analytics (ICBDA). :252–256.

This study has built a simulation of a smart home system by the Alibaba ECS. The architecture of hardware was based on edge computing technology. The whole method would design a clear classifier to find the boundary between regular and mutation codes. It could be applied in the detection of the mutation code of network. The project has used the dataset vector to divide them into positive and negative type, and the final result has shown the RBF-function SVM method perform best in this mission. This research has got a good network security detection in the IoT systems and increased the applications of machine learning.

2020-01-20
Noura, Hassan, Chehab, Ali, Couturier, Raphael.  2019.  Lightweight Dynamic Key-Dependent and Flexible Cipher Scheme for IoT Devices. 2019 IEEE Wireless Communications and Networking Conference (WCNC). :1–8.

Security attacks against Internet of Things (IoT) are on the rise and they lead to drastic consequences. Data confidentiality is typically based on a strong symmetric-key algorithm to guard against confidentiality attacks. However, there is a need to design an efficient lightweight cipher scheme for a number of applications for IoT systems. Recently, a set of lightweight cryptographic algorithms have been presented and they are based on the dynamic key approach, requiring a small number of rounds to minimize the computation and resource overhead, without degrading the security level. This paper follows this logic and provides a new flexible lightweight cipher, with or without chaining operation mode, with a simple round function and a dynamic key for each input message. Consequently, the proposed cipher scheme can be utilized for real-time applications and/or devices with limited resources such as Multimedia Internet of Things (MIoT) systems. The importance of the proposed solution is that it produces dynamic cryptographic primitives and it performs the mixing of selected blocks in a dynamic pseudo-random manner. Accordingly, different plaintext messages are encrypted differently, and the avalanche effect is also preserved. Finally, security and performance analysis are presented to validate the efficiency and robustness of the proposed cipher variants.

Giaretta, Alberto, Dragoni, Nicola, Massacci, Fabio.  2019.  Protecting the Internet of Things with Security-by-Contract and Fog Computing. 2019 IEEE 5th World Forum on Internet of Things (WF-IoT). :1–6.

Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (S×C) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting S×C workflow. To better understand all the concepts of the S×C framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

2019-06-28
Kulik, T., Tran-Jørgensen, P. W. V., Boudjadar, J., Schultz, C..  2018.  A Framework for Threat-Driven Cyber Security Verification of IoT Systems. 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). :89-97.

Industrial control systems are changing from monolithic to distributed and interconnected architectures, entering the era of industrial IoT. One fundamental issue is that security properties of such distributed control systems are typically only verified empirically, during development and after system deployment. We propose a novel modelling framework for the security verification of distributed industrial control systems, with the goal of moving towards early design stage formal verification. In our framework we model industrial IoT infrastructures, attack patterns, and mitigation strategies for countering attacks. We conduct model checking-based formal analysis of system security through scenario execution, where the analysed system is exposed to attacks and implement mitigation strategies. We study the applicability of our framework for large systems using a scalability analysis.

2018-04-02
Doolan, S., Hoseiny, N., Hosein, N., Bhagwandin, D..  2017.  Constant Time, Fixed Memory, Zero False Negative Error Logging for Low Power Wearable Devices. 2017 IEEE Conference on Wireless Sensors (ICWiSe). :1–5.

Wireless wearable embedded devices dominate the Internet of Things (IoT) due to their ability to provide useful information about the body and its local environment. The constrained resources of low power processors, however, pose a significant challenge to run-time error logging and hence, product reliability. Error logs classify error type and often system state following the occurrence of an error. Traditional error logging algorithms attempt to balance storage and accuracy by selectively overwriting past log entries. Since a specific combination of firmware faults may result in system instability, preserving all error occurrences becomes increasingly beneficial as IOT systems become more complex. In this paper, a novel hash-based error logging algorithm is presented which has both constant insertion time and constant memory while also exhibiting no false negatives and an acceptable false positive error rate. Both theoretical analysis and simulations are used to compare the performance of the hash-based and traditional approaches.

2018-02-06
Iqbal, H., Ma, J., Mu, Q., Ramaswamy, V., Raymond, G., Vivanco, D., Zuena, J..  2017.  Augmenting Security of Internet-of-Things Using Programmable Network-Centric Approaches: A Position Paper. 2017 26th International Conference on Computer Communication and Networks (ICCCN). :1–6.

Advances in nanotechnology, large scale computing and communications infrastructure, coupled with recent progress in big data analytics, have enabled linking several billion devices to the Internet. These devices provide unprecedented automation, cognitive capabilities, and situational awareness. This new ecosystem–termed as the Internet-of-Things (IoT)–also provides many entry points into the network through the gadgets that connect to the Internet, making security of IoT systems a complex problem. In this position paper, we argue that in order to build a safer IoT system, we need a radically new approach to security. We propose a new security framework that draws ideas from software defined networks (SDN), and data analytics techniques; this framework provides dynamic policy enforcements on every layer of the protocol stack and can adapt quickly to a diverse set of industry use-cases that IoT deployments cater to. Our proposal does not make any assumptions on the capabilities of the devices - it can work with already deployed as well as new types of devices, while also conforming to a service-centric architecture. Even though our focus is on industrial IoT systems, the ideas presented here are applicable to IoT used in a wide array of applications. The goal of this position paper is to initiate a dialogue among standardization bodies and security experts to help raise awareness about network-centric approaches to IoT security.

2018-01-23
Hossain, M., Hasan, R..  2017.  Boot-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes. 2017 IEEE International Congress on Internet of Things (ICIOT). :1–8.

The Internet of Things (IoT) devices perform security-critical operations and deal with sensitive information in the IoT-based systems. Therefore, the increased deployment of smart devices will make them targets for cyber attacks. Adversaries can perform malicious actions, leak private information, and track devices' and their owners' location by gaining unauthorized access to IoT devices and networks. However, conventional security protocols are not primarily designed for resource constrained devices and therefore cannot be applied directly to IoT systems. In this paper, we propose Boot-IoT - a privacy-preserving, lightweight, and scalable security scheme for limited resource devices. Boot-IoT prevents a malicious device from joining an IoT network. Boot-IoT enables a device to compute a unique identity for authentication each time the device enters a network. Moreover, during device to device communication, Boot-IoT provides a lightweight mutual authentication scheme that ensures privacy-preserving identity usages. We present a detailed analysis of the security strength of BootIoT. We implemented a prototype of Boot-IoT on IoT devices powered by Contiki OS and provided an extensive comparative analysis of Boot-IoT with contemporary authentication methods. Our results show that Boot-IoT is resource efficient and provides better scalability compared to current solutions.

2018-01-16
Ahmed, M. E., Kim, H..  2017.  DDoS Attack Mitigation in Internet of Things Using Software Defined Networking. 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService). :271–276.

Securing Internet of Things (IoT) systems is a challenge because of its multiple points of vulnerability. A spate of recent hacks and security breaches has unveiled glaring vulnerabilities in the IoT. Due to the computational and memory requirement constraints associated with anomaly detection algorithms in core networks, commercial in-line (part of the direct line of communication) Anomaly Detection Systems (ADSs) rely on sampling-based anomaly detection approaches to achieve line rates and truly-inline anomaly detection accuracy in real-time. However, packet sampling is inherently a lossy process which might provide an incomplete and biased approximation of the underlying traffic patterns. Moreover, commercial routers uses proprietary software making them closed to be manipulated from the outside. As a result, detecting malicious packets on the given network path is one of the most challenging problems in the field of network security. We argue that the advent of Software Defined Networking (SDN) provides a unique opportunity to effectively detect and mitigate DDoS attacks. Unlike sampling-based approaches for anomaly detection and limitation of proprietary software at routers, we use the SDN infrastructure to relax the sampling-based ADS constraints and collect traffic flow statistics which are maintained at each SDN-enabled switch to achieve high detection accuracy. In order to implement our idea, we discuss how to mitigate DDoS attacks using the features of SDN infrastructure.

2017-11-13
Ueta, K., Xue, X., Nakamoto, Y., Murakami, S..  2016.  A Distributed Graph Database for the Data Management of IoT Systems. 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). :299–304.

The Internet of Things(IoT) has become a popular technology, and various middleware has been proposed and developed for IoT systems. However, there have been few studies on the data management of IoT systems. In this paper, we consider graph database models for the data management of IoT systems because these models can specify relationships in a straightforward manner among entities such as devices, users, and information that constructs IoT systems. However, applying a graph database to the data management of IoT systems raises issues regarding distribution and security. For the former issue, we propose graph database operations integrated with REST APIs. For the latter, we extend a graph edge property by adding access protocol permissions and checking permissions using the APIs with authentication. We present the requirements for a use case scenario in addition to the features of a distributed graph database for IoT data management to solve the aforementioned issues, and implement a prototype of the graph database.