Biblio
Internet of Things (IoT) systems are becoming widely used, which makes them to be a high-value target for both hackers and crackers. From gaining access to sensitive information to using them as bots for complex attacks, the variety of advantages after exploiting different security vulnerabilities makes the security of IoT devices to be one of the most challenging desideratum for cyber security experts. In this paper, we will propose a new IoT system, designed to ensure five data principles: confidentiality, integrity, availability, authentication and authorization. The innovative aspects are both the usage of a web-based communication and a custom dynamic data request structure.
The Blockchain is an emerging paradigm that could solve security and trust issues for Internet of Things (IoT) platforms. We recently introduced in an IETF draft (“Blockchain Transaction Protocol for Constraint Nodes”) the BIoT paradigm, whose main idea is to insert sensor data in blockchain transactions. Because objects are not logically connected to blockchain platforms, controller entities forward all information needed for transaction forgery. Never less in order to generate cryptographic signatures, object needs some trusted computing resources. In previous papers we proposed the Four-Quater Architecture integrating general purpose unit (GPU), radio SoC, sensors/actuators and secure elements including TLS/DTLS stacks. These secure microcontrollers also manage crypto libraries required for blockchain operation. The BIoT concept has four main benefits: publication/duplication of sensors data in public and distributed ledgers, time stamping by the blockchain infrastructure, data authentication, and non repudiation.
Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to efficiently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/client ticket. Unlike PKI certificates, SOC's authentication time and handshake packet overhead stays constant regardless of each capability's delegation hop distance from the root delegator. The paper compares SOC's security benefifits with Kerberos and the experimental results show SOC's authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos.
Cloud services are widely used to virtualize the management and actuation of the real-world the Internet of Things (IoT). Due to the increasing privacy concerns regarding querying untrusted cloud servers, query anonymity has become a critical issue to all the stakeholders which are related to assessment of the dependability and security of the IoT system. The paper presents our study on the problem of query receiver-anonymity in the cloud-based IoT system, where the trade-off between the offered query-anonymity and the incurred communication is considered. The paper will investigate whether the accepted worst-case communication cost is sufficient to achieve a specific query anonymity or not. By way of extensive theoretical analysis, it shows that the bounds of worst-case communication cost is quadratically increased as the offered level of anonymity is increased, and they are quadratic in the network diameter for the opposite range. Extensive simulation is conducted to verify the analytical assertions.
We survey the state-of-the-art on the Internet-of-Things (IoT) from a wireless communications point of view, as a result of the European FP7 project BUTLER which has its focus on pervasiveness, context-awareness and security for IoT. In particular, we describe the efforts to develop so-called (wireless) enabling technologies, aimed at circumventing the many challenges involved in extending the current set of domains (“verticals”) of IoT applications towards a “horizontal” (i.e. integrated) vision of the IoT. We start by illustrating current research effort in machine-to-machine (M2M), which is mainly focused on vertical domains, and we discuss some of them in details, depicting then the necessary horizontal vision for the future intelligent daily routine (“Smart Life”). We then describe the technical features of the most relevant heterogeneous communications technologies on which the IoT relies, under the light of the on-going M2M service layer standardization. Finally we identify and present the key aspects, within three major cross-vertical categories, under which M2M technologies can function as enablers for the horizontal vision of the IoT.