Biblio

Despite the surging development and utilization of IoT devices, the security of IoT devices is still in infancy. The security pitfalls of IoT devices have made it easy for hackers to take over IoT devices and use them for malicious activities like botnet attacks. With the rampant emergence of IoT devices, botnet attacks are surging. The botnet attacks are not only catastrophic for IoT device users but also for the rest of the world. Therefore, there is a crucial need to identify and mitigate the possible threats in IoT devices during the design phase. Threat modelling is a technique that is used to identify the threats in the earlier stages of the system design activity. In this paper, we propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case using STRIDE and VAST threat modelling methods. Moreover, we reticulate the identified threats with botnet attacks. Finally, we propose the mitigation techniques for all identified threats including the botnet threats.

The process used to build an autonomous smart home system using Cyber-Physical Systems (CPS) principles has received much attention by researchers and developers. However, there are many challenges during the design and implementation of such a system, such as Portability, Timing, Prediction, and Integrity. This paper presents a novel modeling methodology for a smart home system in the scope of CyberPhysical interface that attempts to overcome these issues. We discuss a high-level design approach that simulates the first three levels of a 5C architecture in CPS layers in a smart home environment. A detailed description of the model design, architecture, and a software implementation via NetLogo simulation have been presented in this paper.

The security of embedded systems is particularly crucial given the prevalence of embedded devices in daily life, business, and national defense. Firmware for embedded systems poses a serious threat to the safety of society, business, and the nation because of its robust concealment, difficulty in detection, and extended maintenance cycle. This technology is now an essential part of the contemporary experience, be it in the smart office, smart restaurant, smart home, or even the smart traffic system. Despite the fact that these systems are often fairly effective, the rapid expansion of embedded systems in smart cities have led to inconsistencies and misalignments between secured and unsecured systems, necessitating the development of secure, hacker-proof embedded systems. To solve this issue, we created a sizable, original, and objective dataset that is based on the latest Linux vulnerabilities for identifying the embedded system vulnerabilities and we modified a cutting-edge machine learning model for the Linux Kernel. The paper provides an updated EVDD and analysis of an extensive dataset for embedded system based vulnerability detection and also an updated state of the art deep learning model for embedded system vulnerability detection. We kept our dataset available for all researchers for future experiments and implementation.

The Internet of Things (IoT) is enabling smart houses, where multiple users with complex social relationships interact with smart devices. This requires sophisticated access control specification and enforcement models, that are currently lacking. In this paper, we introduce the extended generalized role based access control (EGRBAC) model for smart home IoT. We provide a formal definition for EGRBAC and illustrate its features with a use case. A proof-of-concept demonstration utilizing AWS-IoT Greengrass is discussed in the appendix. EGRBAC is a first step in developing a comprehensive family of access control models for smart home IoT.

The H2020 European research project GHOST - Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control - aims to deploy a highly effective security framework for IoT smart home residents through a novel reference architecture for user-centric cyber security in smart homes providing an unobtrusive and user-comprehensible solution. The aforementioned security framework leads to a transparent cyber security environment by increasing the effectiveness of the existing cyber security services and enhancing system's self-defence through disruptive software-enabled network security solutions. In this paper, GHOST security framework for IoT-based smart homes is presented. It is aiming to address the security challenges posed by several types of attacks, such as network, device and software. The effective design of the overall multi-layered architecture is analysed, with particular emphasis given to the integration aspects through dynamic and re-configurable solutions and the features provided by each one of the architectural layers. Additionally, real-life trials and the associated use cases are described showcasing the competences and potential of the proposed framework.

Internet of things is a network formed between two or more devices through internet which helps in sharing data and resources. IoT is present everywhere and lot of applications in our day-to-day life such as smart homes, smart grid system which helps in reducing energy consumption, smart garbage collection to make cities clean, smart cities etc. It has some limitations too such as concerns of security of the network and the cost of installations of the devices. There have been many researches proposed various method in improving the IoT systems. In this paper, we have discussed about the scope and limitations of IoT in various fields and we have also proposed a technique to secure offline architecture of IoT.

Building the Internet of Things requires deploying a huge number of objects with full or limited connectivity to the Internet. Given that these objects are exposed to attackers and generally not secured-by-design, it is essential to be able to update them, to patch their vulnerabilities and to prevent hackers from enrolling them into botnets. Ideally, the update infrastructure should implement the CIA triad properties, i.e., confidentiality, integrity and availability. In this work, we investigate how the use of a blockchain infrastructure can meet these requirements, with a focus on availability. In addition, we propose a peer-to-peer mechanism, to spread updates between objects that have limited access to the Internet. Finally, we give an overview of our ongoing prototype implementation.

The technological evolution brought by the Internet of things (IoT) comes with new forms of cyber-attacks exploiting the complexity and heterogeneity of IoT networks, as well as, the existence of many vulnerabilities in IoT devices. The detection of compromised devices, as well as the collection and preservation of evidence regarding alleged malicious behavior in IoT networks, emerge as areas of high priority. This paper presents a blockchain-based solution, which is designed for the smart home domain, dealing with the collection and preservation of digital forensic evidence. The system utilizes a private forensic evidence database, where the captured evidence is stored, along with a permissioned blockchain that allows providing security services like integrity, authentication, and non-repudiation, so that the evidence can be used in a court of law. The blockchain stores evidences' metadata, which are critical for providing the aforementioned services, and interacts via smart contracts with the different entities involved in an investigation process, including Internet service providers, law enforcement agencies and prosecutors. A high-level architecture of the blockchain-based solution is presented that allows tackling the unique challenges posed by the need for digitally handling forensic evidence collected from IoT networks.

The Internet of Things (IoT) provides transparent and seamless incorporation of heterogeneous and different end systems. It has been widely used in many applications such as smart homes. However, people may resist the IOT as long as there is no public confidence that it will not cause any serious threats to their privacy. Effective secure key management for things authentication is the prerequisite of security operations. In this paper, we present an interactive key management protocol and a non-interactive key management protocol to minimize the communication cost of the things. The security analysis show that the proposed schemes are resilient to various types of attacks.

We propose an autoencoder based approach to anomaly detection in smart grid systems. Data collecting sensors within smart home systems are susceptible to many data corruption issues, such as malicious attacks or physical malfunctions. By applying machine learning to a smart home or grid, sensor anomalies can be detected automatically for secure data collection and sensor-based system functionality. In addition, we tested the effectiveness of this approach on real smart home sensor data collected for multiple years. An early detection of such data corruption issues is essential to the security and functionality of the various sensors and devices within a smart home.

The interest over building security-based solutions to reduce the vulnerability exploits and mitigate the risks associated with smart homes in IoT is growing. However, our investigation identified to architect and implement distributed security mechanisms is still a challenge because is necessary to handle security and privacy in IoT middleware with a strong focus. Our investigation, it was identified the significant proportion of the systems that did not address security and did not describe the security approach in any meaningful detail. The idea proposed in this work is to provide middleware aim to implement security mechanisms in smart home and contribute as how guide to beginner developers' IoT middleware. The advantages of using MidSecThings are to avoid leakage data, unavailable service, unidentification action and not authorized access over IoT devices in smart home.

This work describes the architecture and prototype implementation of a novel trust-aware continuous authorization technology that targets consumer Internet of Things (IoT), e.g., Smart Home. Our approach extends previous authorization models in three complementary ways: (1) By incorporating trust-level evaluation formulae as conditions inside authorization rules and policies, while supporting the evaluation of such policies through the fusion of an Attribute-Based Access Control (ABAC) authorization policy engine with a Trust-Level-Evaluation-Engine (TLEE). (2) By introducing contextualized, continuous monitoring and re-evaluation of policies throughout the authorization life-cycle. That is, mutable attributes about subjects, resources and environment as well as trust levels that are continuously monitored while obtaining an authorization, throughout the duration of or after revoking an existing authorization. Whenever change is detected, the corresponding authorization rules, including both access control rules and trust level expressions, are re-evaluated.(3) By minimizing the computational and memory footprint and maximizing concurrency and modular evaluation to improve performance while preserving the continuity of monitoring. Finally we introduce an application of such model in Zero Trust Architecture (ZTA) for consumer IoT.

The technology advance and convergence of cyber physical systems, smart sensors, short-range wireless communications, cloud computing, and smartphone apps have driven the proliferation of Internet of things (IoT) devices in smart homes and smart industry. In light of the high heterogeneity of IoT system, the prevalence of system vulnerabilities in IoT devices and applications, and the broad attack surface across the entire IoT protocol stack, a fundamental and urgent research problem of IoT security is how to effectively collect, analyze, extract, model, and visualize the massive network traffic of IoT devices for understanding what is happening to IoT devices. Towards this end, this paper develops and demonstrates an end-to-end system with three key components, i.e., the IoT network traffic monitoring system via programmable home routers, the backend IoT traffic behavior analysis system in the cloud, and the frontend IoT visualization system via smartphone apps, for monitoring, analyzing and virtualizing network traffic behavior of heterogeneous IoT devices in smart homes. The main contributions of this demonstration paper is to present a novel system with an end-to-end process of collecting, analyzing and visualizing IoT network traffic in smart homes.

The Internet of things (IoT) is revolutionizing the management and control of automated systems leading to a paradigm shift in areas, such as smart homes, smart cities, health care, and transportation. The IoT technology is also envisioned to play an important role in improving the effectiveness of military operations in battlefields. The interconnection of combat equipment and other battlefield resources for coordinated automated decisions is referred to as the Internet of battlefield things (IoBT). IoBT networks are significantly different from traditional IoT networks due to battlefield specific challenges, such as the absence of communication infrastructure, heterogeneity of devices, and susceptibility to cyber-physical attacks. The combat efficiency and coordinated decision-making in war scenarios depends highly on real-time data collection, which in turn relies on the connectivity of the network and information dissemination in the presence of adversaries. This paper aims to build the theoretical foundations of designing secure and reconfigurable IoBT networks. Leveraging the theories of stochastic geometry and mathematical epidemiology, we develop an integrated framework to quantify the information dissemination among heterogeneous network devices. Consequently, a tractable optimization problem is formulated that can assist commanders in cost effectively planning the network and reconfiguring it according to the changing mission requirements.

With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems. In this approach, the smart home is segmented into various levels, which can broadly be categorised into an inner level and external level. The external level is protected by a firewall that checks the communication from/to the Internet to/from the external devices. The internal level is protected by an additional firewall that filters the information and the communications between the external and the internal devices. This segmentation guarantees a trusted environment among the entities of the internal network. In this paper, we propose an adaptive trust model that checks the behaviour of the entities and in case the entities violate trust rules they can be put in quarantine or banned from the network.

In the Internet of Things (IoT), smart devices are connected using various communication protocols, such as Wi-Fi, ZigBee. Some IoT devices have multiple built-in communication modules. If an IoT device equipped with multiple communication protocols is compromised by an attacker using one communication protocol (e.g., Wi-Fi), it can be exploited as an entry point to the IoT network. Another protocol (e.g., ZigBee) of this IoT device could be used to exploit vulnerabilities of other IoT devices using the same communication protocol. In order to find potential attacks caused by this kind of cross-protocol devices, we group IoT devices based on their communication protocols and construct a graphical security model for each group of devices using the same communication protocol. We combine the security models via the cross-protocol devices and compute hidden attack paths traversing different groups of devices. We use two use cases in the smart home scenario to demonstrate our approach and discuss some feasible countermeasures.

Recent advances in pervasive computing have caused a rapid growth of the Smart Home market, where a number of otherwise mundane pieces of technology are capable of connecting to the Internet and interacting with other similar devices. However, with the lack of a commonly adopted set of guidelines, several IT companies are producing smart devices with their own proprietary standards, leading to highly heterogeneous Smart Home systems in which the interoperability of the present elements is not always implemented in the most straightforward manner. As such, understanding the cyber risk of these cyber-physical systems beyond the individual devices has become an almost intractable problem. This paper tackles this issue by introducing a Smart Home reference architecture which facilitates security analysis. Being composed by three viewpoints, it gives a high-level description of the various functions and components needed in a domestic IoT device and network. Furthermore, this document demonstrates how the architecture can be used to determine the various attack surfaces of a home automation system from which its key vulnerabilities can be determined.

The growth of IoT devices during the last decade has led to the development of smart ecosystems, such as smart homes, prone to cyberattacks. Traditional security methodologies support to some extend the requirement for preserving privacy and security of such deployments, but their centralized nature in conjunction with low computational capabilities of smart home gateways make such approaches not efficient. Last achievements on blockchain technologies allowed the use of such decentralized architectures to support cybersecurity defence mechanisms. In this work, a blockchain framework is presented to support the cybersecurity mechanisms of smart homes installations, focusing on the immutability of users and devices that constitute such environments. The proposed methodology provides also the appropriate smart contracts support for ensuring the integrity of the smart home gateway and IoT devices, as well as the dynamic and immutable management of blocked malicious IPs. The framework has been deployed on a real smart home environment demonstrating its applicability and efficiency.

Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (S×C) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting S×C workflow. To better understand all the concepts of the S×C framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

This research work consists in to design a system of occupancy simulation in smart homes based on IoT, in order to create configurations within a home that make look like the daily behavior of home inhabitants. Due to the high rate of burglary in uninhabited places, reaching an 9% in average in 2019 in the Chilean case, technologies have been involved with greater emphasis on improving security systems, where the implementation of the Internet of Things will allow rapid action against the intruder detection in those places. The proposed IoT system is based on a motion sensor, actuators as relays and lights, Arduino platform to control system, and a Amazon Echo virtual assistant to interface with inhabitants. The main contribution of this prototype security system is the integration of different IoT (Adafruit, IFTTT) and control platforms (Arduino uno and NodeMCU), virtual assistant (Alexa) and actuators, which has features that can be replicated in larger processes and with a larger number of devices. The results demonstrate that security system create an environment occupied by owners without to be inside home, through sensors and actuators.

With the rise of Internet of Things (IoT) devices, home network management and security are becoming complex. There is an urgent requirement to make smart home network management more efficient. This work proposes an SDN-based architecture to secure smart home networks through K-Nearest Neighbor (KNN) based device classifications and malicious traffic detection. The efficiency is enhanced by offloading the computation-intensive KNN model to a Field Programmable Gate Arrays (FPGA). Furthermore, we propose a custom KNN solution that exhibits the best performance on an FPGA compared with four alternative KNN instances (i.e., 78% faster than a parallel Bubble Sort-based implementation and 99% faster than three other sorting algorithms). Moreover, with 36,225 training samples, the proposed KNN solution classifies a test query with 95% accuracy in approximately 4 ms on an FPGA compared to 57 seconds on a CPU platform. This highlights the promise of FPGA-based platforms for edge computing applications in the smart home.

Humans are a key part of software development, including customers, designers, coders, testers and end users. In this keynote talk I explain why incorporating human-centric issues into software engineering for next-generation applications is critical. I use several examples from our recent and current work on handling human-centric issues when engineering various `smart living' cloud- and edge-based software systems. This includes using human-centric, domain-specific visual models for non-technical experts to specify and generate data analysis applications; personality impact on aspects of software activities; incorporating end user emotions into software requirements engineering for smart homes; incorporating human usage patterns into emerging edge computing applications; visualising smart city-related data; reporting diverse software usability defects; and human-centric security and privacy requirements for smart living systems. I assess the usefulness of these approaches, highlight some outstanding research challenges, and briefly discuss our current work on new human-centric approaches to software engineering for smart living applications.

Smart home automation is one of the prominent topics of the current era, which has attracted the attention of researchers for several years due to smart home automation contributes to achieving many capabilities, which have had a real and vital impact on our daily lives, such as comfort, energy conservation, environment, and security. Home security is one of the most important of these capabilities. Many efforts have been made on research and articles that focus on this area due to the increased rate of crime and theft. The present paper aims to build a practically implemented smart home that enhances home control management and monitors all home entrances that are often vulnerable to intrusion by intruders and thieves. The proposed system depends on identifying the person using the face detection and recognition method and Radio Frequency Identification (RFID) as a mechanism to enhance the performance of home security systems. The cloud server analyzes the received member identification to retrieve the permission to enter the home. The system showed effectiveness and speed of response in transmitting live captures of any illegal intrusive activity at the door or windows of the house. With the growth and expansion of the concept of smart homes, the amount of information transmitted, information security weakness, and response time disturbances, to reduce latency, data storage, and maintain information security, by employing Fog computing architecture in smart homes as a broker between the IoT layer and the cloud servers and the user layer.

Internet of Things (IoT) is characterized by various of heterogeneous devices that facing numerous threats, which makes modeling security situation of IoT still a certain challenge. This paper defines a Stochastic Colored Petri Net (SCPN) for IoT-based smart environment and then proposes a Game model for security situational awareness. All possible attack paths are computed by the SCPN, and antagonistic behavior of both attackers and defenders are taken into consideration dynamically according to Game Theory (GT). Experiments on two typical attack scenarios in smart home environment demonstrate the effectiveness of the proposed model. The proposed model can form a macroscopic trend curve of the security situation. Analysis of the results shows the capabilities of the proposed model in finding vulnerable devices and potential attack paths, and even facilitating the choice of defense strategy. To the best of our knowledge, this is the first attempt to use Game Theory in the IoT-based SCPN to establish a security situational awareness model for a complex smart environment.

Today our world benefits from Internet of Things (IoT) technology; however, new security problems arise when these IoT devices are introduced into our homes. Because many of these IoT devices have access to the Internet and they have little to no security, they make our smart homes highly vulnerable to compromise. Some of the threats include IoT botnets and generic confidentiality, integrity, and availability (CIA) attacks. Our research explores botnet detection by experimenting with supervised machine learning and deep-learning classifiers. Further, our approach assesses classifier performance on unbalanced datasets that contain benign data, mixed in with small amounts of malicious data. We demonstrate that the classifiers can separate malicious activity from benign activity within a small IoT network dataset. The classifiers can also separate malicious activity from benign activity in increasingly larger datasets. Our experiments have demonstrated incremental improvement in results for (1) accuracy, (2) probability of detection, and (3) probability of false alarm. The best performance results include 99.9% accuracy, 99.8% probability of detection, and 0% probability of false alarm. This paper also demonstrates how the performance of these classifiers increases, as IoT training datasets become larger and larger.