 |
Internet of Things Security 2015 |
\
The term Internet of Things (IT) refers to advanced connectivity of the Internet with devices, systems and services that include both machine-to-machine communications (M2M) and a variety of protocols, domains and applications. Since the concept incorporates literally billions of devices, the security implications are huge. The articles presented here identify and discuss broad security problems that the IoT engenders. The bibliography was compiled on December 23, 2015.
Mbarek, B.; Meddeb, A.; Ben Jaballah, W.; Mosbah, M., "Enhanced LEAP Authentication Delay for Higher Immunity Against Dos Attack," in Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), 2015 International Conference on, pp. 1-6, 22-24 July 2015. doi: 10.1109/NOTERE.2015.7293497
Abstract: Broadcast authentication is crucial for civil and military applications related to the Internet of things such as wide-area protection, and target tracking. Authentication in these scenarios is time sensitive, and needs to take into account the characteristics of the deployed devices. Even various smart communication protocols in the literature address the problem of broadcast authentication, however there is still a lack on providing practical and secure authentication solutions. In this paper, we point out the security concerns of current state of the art protocol LEAP. In particular, we address the vulnerability of LEAP to a severe denial of service attack. We propose a new authentication process in μTESLA mechanism that defeats the drawback of LEAP protocol in terms of authentication delay, and resilience to DoS attack, by managing with a simple and effective way to reduce the delay of forged packets in the receivers buffer. Furthermore, we assess the feasibility of our solution with a thorough simulation study, taking into account the authentication delay, the energy consumption and the delay of forged packets.
Keywords: Internet of Things; computer network security; cryptographic protocols; delays; telecommunication power management; μTESLA mechanism; DoS attack immunity; Internet of things; LEAP protocol; LEAP vulnerability; authentication delay; broadcast authentication; denial of service attack; energy consumption; enhanced LEAP authentication delay; receiver buffer; secure authentication solutions; service attack; smart communication protocols; target tracking; wide-area protection; Authentication; Computer crime; Delays; Protocols; Receivers; Sensors; Wireless sensor networks; Authentication Protocols; Broadcast authentication; Key Disclosure Mechanism (ID#: 15-8348)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293497&isnumber=7293442
Januario, F.; Santos, A.; Palma, L.; Cardoso, A.; Gil, P., "A Distributed Multi-Agent Approach for Resilient Supervision over a IPv6 WSAN Infrastructure," in Industrial Technology (ICIT), 2015 IEEE International Conference on, pp. 1802-1807, 17-19 March 2015. doi: 10.1109/ICIT.2015.7125358
Abstract: Wireless Sensor and Actuator Networks has become an important area of research. They can provide flexibility, low operational and maintenance costs and they are inherently scalable. In the realm of Internet of Things the majority of devices is able to communicate with one another, and in some cases they can be deployed with an IP address. This feature is undoubtedly very beneficial in wireless sensor and actuator networks applications, such as monitoring and control systems. However, this kind of communication infrastructure is rather challenging as it can compromise the overall system performance due to several factors, namely outliers, intermittent communication breakdown or security issues. In order to improve the overall resilience of the system, this work proposes a distributed hierarchical multi-agent architecture implemented over a IPv6 communication infrastructure. The Contiki Operating System and RPL routing protocol were used together to provide a IPv6 based communication between nodes and an external network. Experimental results collected from a laboratory IPv6 based WSAN test-bed, show the relevance and benefits of the proposed methodology to cope with communication loss between nodes and the server.
Keywords: Internet of Things; multi-agent systems; routing protocols; wireless sensor networks; Contiki operating system; IP address;IPv6 WSAN infrastructure;IPv6 communication infrastructure; Internet of Things; RPL routing protocol; distributed hierarchical multiagent architecture; distributed multiagent approach; external network; intermittent communication; resilient supervision; wireless sensor and actuator networks; Actuators; Electric breakdown; Monitoring; Peer-to-peer computing; Routing protocols; Security (ID#: 15-8349)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7125358&isnumber=7125066
Fugini, M.; Teimourikia, M., "RAMIRES: Risk Adaptive Management in Resilient Environments with Security," in Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), 2015 IEEE 24th International Conference on, pp. 218-223, 15-17 June 2015. doi: 10.1109/WETICE.2015.26
Abstract: This paper describes the cooperative interface of RAMIRES, a prototype web application where environmental risks are reported in a dashboard for the risk management team. It shows monitored areas, supports risk managers in understanding the risk and its consequences, and supports decision making so empowering risk managers to mitigate risks improving the environment resilience. To treat risks, RAMIRES is adaptive regarding risk and security. For risk, it adapts the information towards the environment to obtain more data about the observed area to understand the risk and its consequences. It also adapts the user interface according to the involved actor. For security, RAMIRES is adaptive in that security rules determine the data views to different actors. The tool interaction with the environment and with risk mangers is presented using storyboards of interactions.
Keywords: Internet; Internet of Things; environmental science computing; human computer interaction; risk management; security of data; user interfaces; IoT; RAMIRES cooperative interface; Risk Adaptive Management in Resilient Environments with Security; decision making support; environment resilience; environmental risk reporting; interaction storyboard; prototype Web application; risk management team; risk mitigation; user interface adaptation; Adaptation models; Hazards; Monitoring; Resilience; Risk management; Security; User interfaces; Adaptive Security; Resilence Engineering; Risk Management; User Interface (ID#: 15-8350)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7194364&isnumber=7194298
Kypus, L.; Vojtech, L.; Hrad, J., "Security of ONS Service for Applications of the Internet of Things and Their Pilot Implementation in Academic Network," in Carpathian Control Conference (ICCC), 2015 16th International, pp. 271-276, 27-30 May 2015. doi: 10.1109/CarpathianCC.2015.7145087
Abstract: The aim of the Object name services (ONS) project was to find a robust and stable way of automated communication to utilize name and directory services to support radio-frequency identification (RFID) ecosystem, mainly in the way that can leverage open source and standardized services and capability to be secured. All this work contributed to the new RFID services and Internet of Things (IoT) heterogeneous environments capabilities presentation. There is an increasing demand of transferred data volumes associated with each and every IP or non-IP discoverable objects. For example RFID tagged objects and sensors, as well as the need to bridge remaining communication compatibility issues between these two independent worlds. RFID and IoT ecosystems require sensitive implementation of security approaches and methods. There are still significant risks associated with their operations due to the content nature. One of the reasons of past failures could be lack of security as the integral part of design of each particular product, which is supposed to build ONS systems. Although we focused mainly on the availability and confidentiality concerns in this paper, there are still some remaining areas to be researched. We tried to identify the hardening impact by metrics evaluating operational status, resiliency, responsiveness and performance of managed ONS solution design. Design of redundant and hardened testing environment under tests brought us the visibility into the assurance of the internal communication security and showed behavior under the load of the components in such complex information service, with respect to an overall quality of the delivered ONS service.
Keywords: Internet of Things; radiofrequency identification; telecommunication security; Internet of Things; ONS service; RFID; academic network; object name services; radio-frequency identification; Operating systems; Protocols; Radiofrequency identification; Security; Servers; Standards; Virtual private networks IPv6; Internet of Things; ONS; RFID; security hardening (ID#: 15-8351)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7145087&isnumber=7145033
Savola, R.M.; Savolainen, P.; Evesti, A.; Abie, H.; Sihvonen, M., "Risk-Driven Security Metrics Development For An E-Health Iot Application," in Information Security for South Africa (ISSA), 2015, pp. 1-6, 12-13 Aug. 2015. doi: 10.1109/ISSA.2015.7335061
Abstract: Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.
Keywords: Internet of Things; data privacy; decision making; diseases; geriatrics; health care; risk management; security of data; chronic disease self-care; e-health Internet-of-Things applications; e-health IoT application; elderly person day-to-day support; privacy; risk-driven security decision-making; risk-driven security metrics development; security controls; security objective decomposition; Artificial intelligence; Android; risk analysis; security effectiveness; security metrics (ID#: 15-8352)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7335061&isnumber=7335039
Xinkai Yang, "One Methodology for Spam Review Detection Based on Review Coherence Metrics," in Intelligent Computing and Internet of Things (ICIT), 2014 International Conference on, pp. 99-102, 17-18 Jan. 2015. doi: 10.1109/ICAIOT.2015.7111547
Abstract: In this paper, we propose an iterative computation framework to detect spam reviews based on coherent examination. We first define some reviews' coherent metrics to analyze review coherence in the granularity of sentence. Then the framework and its evaluation process are discussed in details.
Keywords: Internet; iterative methods; retail data processing; security of data; software metrics; unsolicited e-mail; consumer online shopping; e-business Web site; iterative computation framework; product review; review coherence metrics; sentence granularity; spam review detection; coherence metric; spam review detection; word concurrence probability; word transition probability (ID#: 15-8353)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7111547&isnumber=7111523
Peretti, G.; Lakkundi, V.; Zorzi, M., "BlinkToSCoAP: An end-to-end security framework for the Internet of Things," in Communication Systems and Networks (COMSNETS), 2015 7th International Conference on, pp. 1-6, 6-10 Jan. 2015. doi: 10.1109/COMSNETS.2015.7098708
Abstract: The emergence of Internet of Things and the availability of inexpensive sensor devices and platforms capable of wireless communications enable a wide range of applications such as intelligent home and building automation, mobile healthcare, smart logistics, distributed monitoring, smart grids, energy management, asset tracking to name a few. These devices are expected to employ Constrained Application Protocol for the integration of such applications with the Internet, which includes User Datagram Protocol binding with Datagram Transport Layer Security protocol to provide end-to-end security. This paper presents a framework called BlinkToSCoAP, obtained through the integration of three software libraries implementing lightweight versions of DTLS, CoAP and 6LoWPAN protocols over TinyOS. Furthermore, a detailed experimental campaign is presented that evaluates the performance of DTLS security blocks. The experiments analyze BlinkToSCoAP messages exchanged between two Zolertia Z1 devices, allowing evaluations in terms of memory footprint, energy consumption, latency and packet overhead. The results obtained indicate that securing CoAP with DTLS in Internet of Things is certainly feasible without incurring much overhead.
Keywords: Internet; Internet of Things; computer network reliability; computer network security;protocols;6LoWPAN protocol; BlinkToSCoAP; CoAP protocol; DTLS protocol; Internet of Things; TinyOS; Zolertia Zl device; asset tracking; availability; building automation; constrained application protocol; datagram transport layer security protocol; distributed monitoring; end-to-end security framework; energy consumption; energy management; intelligent home; latency overhead; memory footprint; message exchange; mobile healthcare; packet overhead; sensor device; smart grid; smart logistics; user datagram protocol; wireless communication; Computer languages; Logic gates; Payloads; Performance evaluation; Random access memory;Security;Servers;6LoWPAN;CoAP;DTLS;Internet of Things;M2M; end-to-end security (ID#: 15-8354)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098708&isnumber=7098633
Basu, S.S.; Tripathy, S.; Chowdhury, A.R., "Design Challenges and Security Issues in the Internet of Things," in Region 10 Symposium (TENSYMP), 2015 IEEE, pp. 90-93, 13-15 May 2015. doi: 10.1109/TENSYMP.2015.25
Abstract: The world is rapidly getting connected. Commonplace everyday things are providing and consuming software services exposed by other things and service providers. A mash up of such services extends the reach of the current Internet to potentially resource constrained "Things", constituting what is being referred to as the Internet of Things (IoT). IoT is finding applications in various fields like Smart Cities, Smart Grids, Smart Transportation, e-health and e-governance. The complexity of developing IoT solutions arise from the diversity right from device capability all the way to the business requirements. In this paper we focus primarily on the security issues related to design challenges in IoT applications and present an end-to-end security framework.
Keywords: Internet; Internet of Things; security of data; Internet of Things; IoT; e-governance; e-health; end-to-end security framework; service providers; smart cities; smart grids; smart transportation; software services; Computer crime; Encryption; Internet of things; Peer-to-peer computing; Protocols; End-to-end (E2E) security; Internet of Things (IoT); Resource constrained devices; Security (ID#: 15-8355)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7166245&isnumber=7166213
Inshil Doh; Jiyoung Lim; Kijoon Chae, "Secure Authentication for Structured Smart Grid System," in Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on, pp. 200-204, 8-10 July 2015. doi: 10.1109/IMIS.2015.32
Abstract: An important application area for M2M (Machine to Machine) or IoT (Internet of Things) technology is smart grid system which plays an important role in electric power transmission, electricity distribution, and demand-driven control for the energy. To make the smart grid system more reliable and stable, security is the major issue to be provided with the main technologies. In this work, we propose an authentication mechanism between the utility system and the smart meters which gather the energy consumption data from electrical devices in layered smart grid system. Our proposal enhances the smart grid system integrity, availability and robustness by providing security with low overhead.
Keywords: Internet of Things; message authentication; smart power grids; telecommunication security; Internet of things technology; IoT; M2M;demand-driven control; electric power transmission; electrical devices; electricity distribution; energy consumption data; layered smart grid system; machine to machine; secure authentication; smart meters; structured smart grid system; utility system; Authentication; Proposals; Protocols; Servers; Smart grids; Smart meters; IoT; M2M; authentication; security; structured smart grid (ID#: 15-8356)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7284948&isnumber=7284886
Golubovic, Edin; Sabanovic, Asif; Ustundag, Baris Can, "Internet of Things Inspired Photovoltaic Emulator Design for Smart Grid Applications," in Smart Grid Congress and Fair (ICSG), 2015 3rd International Istanbul, pp. 1-6, 29-30 April 2015. doi: 10.1109/SGCF.2015.7354936
Abstract: The future smart grid is considered to be solution for common problems associated with current electricity grid. Smart grid will incorporate renewable energy sources, intelligent sensors and controls, automated switches, robust communication technology, etc. Implementation of such smart grid requires the collective efforts from researchers from many fields of engineering and creation of reliable test platforms. This paper presents the PV emulator as a test platform for research of problems associated with the design of controller for PV sources, the design of energy management system, generation capacity prediction, wireless network integration and protocol issues, security and cloud based data management and analysis for smart grid applications.
Keywords: Cloud computing; Control systems; Hardware; Logic gates; Maximum power point trackers; Security; Smart grids; MPPT; internet of things; photovoltaic emulator; renewable energy sources; smart grid (ID#: 15-8357)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354936&isnumber=7354913
Sparrow, R.D.; Adekunle, A.A.; Berry, R.J.; Farnish, R.J., "Study of Two Security Constructs on Throughput for Wireless Sensor Multi-Hop Networks," in Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2015 38th International Convention on, pp. 1302-1307, 25-29 May 2015. doi: 10.1109/MIPRO.2015.7160476
Abstract: With the interconnection of devices becoming more widespread in society (e.g. internet of things), networked devices are used in a range of environments from smart grids to smart buildings. Wireless Sensor Networks (WSN) have commonly been utilised as a method of monitoring a set processes. In control networks WSN have been deployed to perform a variety of tasks (i.e. collate and distribute data from an event to an end device). However, the nature of the wireless broadcast medium enables attackers to conduct active and passive attacks. Cryptography is selected as a countermeasure to overcome these security vulnerabilities; however, a drawback of using cryptography is reduced throughput. This paper investigates the impact of two software authenticated encryption with associated data (AEAD) security constructs on packet throughput of multiple hop WSN, being counter with cipher block chaining and message authentication code (CCM) and TinyAEAD. Experiments were conducted in a simulated environment. A case scenario is also presented in this paper to emphasise the impact in a real world context. Results observed indicate that the security constructs examined in this paper affect the average throughput measurements up to three hops.
Keywords: Internet of Things; cryptography; telecommunication security; wireless sensor networks; AEAD security; Internet of Things; WSN; cipher block chaining; control networks WSN; cryptography; device interconnection; end device; message authentication code; networked devices; passive attacks; security construction; security vulnerabilities; simulated environment; software authenticated encryption with associated data; wireless broadcast medium; wireless sensor multihop networks; Communication system security; Mathematical model; Security; Simulation; Throughput; Wireless communication; Wireless sensor networks; AEAD constructs; Networked Control Systems; Wireless Sensor Networks (ID#: 15-8358)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7160476&isnumber=7160221
Chi-Ming; Huai-Kuei Wu, "Study on the Effects of Self-Similar Traffic on the IEEE 802.15.4 Wireless Sensor Networks," in Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE), 2015 11th International Conference on, pp. 410-415, 19-20 Aug. 2015. Doi: (not provided)
Abstract: A significant number of previous studies have shown, however, network traffic exhibited frequently large bursty traffic possesses self-similar properties. For the future applications of wireless sensor networks (WSNs) with large number of cluster structures, such as Internet of Things (IoT) and smart grid, the network traffic should not be assumed as conventional Poisson process. We thus employ ON/OFF traffic source with the duration of heavy-tailed distribution in one or both of the states instead of Poisson traffic to be as the asymptotically self-similar traffic for experimenting on the performance of IEEE 802.15.4 WSNs. In this paper, we will show the impact on the performance of IEEE 802.15.4 WSNs in different traffic sources such as Poisson and Pareto ON/OFF distribution by ns2 simulator. For the Pareto ON/OFF distribution traffic, we demonstrate that the packet delay and throughput appear bursty-like high value in some certain time scales, especially for the low traffic load; and the throughput will be no longer bursty-like while the traffic load increases. Intuitively, the bursty-like high delay may result in loss of some important real-time packets. For the Poisson traffic, both the throughput and packet delay appear non-bursty, especially for the high traffic load.
Keywords: Pareto distribution; Poisson distribution; Zigbee; delays; pattern clustering; telecommunication traffic; wireless sensor networks; IEEE 802.15.4 wireless sensor network; Internet of Things; IoT; Pareto ON-OFF traffic source distribution; Poisson traffic process; WSN; heavy-tailed distribution;ns2 simulator; packet delay; self-similar network traffic effect; smart grid; Delays; IEEE 802.15 Standard; Load modeling; Media Access Protocol; Telecommunication traffic; Throughput; Wireless sensor networks; IEEE 802.15.4;self-similar traffic; wireless sensor network (WSN) (ID#: 15-8359)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7332604&isnumber=7332527
Vijayalakshmi, V.; Sharmila, R.; Shalini, R., "Hierarchical Key Management Scheme Using Hyper Elliptic Curve Cryptography in Wireless Sensor Networks," in Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference on, pp. 1-5, 26-28 March 2015.doi: 10.1109/ICSCN.2015.7219840
Abstract: Wireless Sensor Network (WSN) be a large scale network with thousands of tiny sensors moreover is of utmost importance as it is used in real time applications. Currently WSN is required for up-to-the-minute applications which include Internet of Things (IOT), Smart Card, Smart Grid, Smart Phone and Smart City. However the greatest issue in sensor network is secure communication for which key management is the primary objective. Existing key management techniques have many limitations such as prior deployment knowledge, transmission range, insecure communication and node captured by the adversary. The proposed novel Track-Sector Clustering (TSC) and Hyper Elliptic Curve Cryptography (HECC) provides better transmission range and secure communication. In TSC, the overall network is separated into circular tracks and triangular sectors. Power Aware Routing Protocol (PARP) was used for routing of data in TSC, which reduces the delay with increased packet delivery ratio. Further for secure routing HECC was implemented with 80 bits key size, which reduces the memory space and computational overhead than the existing Elliptic Curve Cryptography (ECC) key management scheme.
Keywords: pattern clustering; public key cryptography; routing protocols; telecommunication power management; telecommunication security; wireless sensor networks; ECC; IOT; Internet of Things; PARP; TSC; WSN; computational overhead reduction; data routing; hierarchical key management scheme; hyper elliptic curve cryptography; memory space reduction; packet delivery ratio; power aware routing protocol; secure communication; smart card; smart city; smart grid; smart phone; track-sector clustering; up-to-the-minute application; wireless sensor network; Convergence; Delays; Elliptic curve cryptography; Real-time systems; Throughput; Wireless sensor networks; Hyper Elliptic Curve Cryptography; Key Management Scheme; Power Aware Routing; Track-Sector Clustering; Wireless Sensor network (ID#: 15-8360)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7219840&isnumber=7219823
Aris, A.; Oktug, S.F.; Yalcin, S.B.O., "Internet-Of-Things Security: Denial of Service Attacks," in Signal Processing and Communications Applications Conference (SIU), 2015 23th, pp. 903-906, 16-19 May 2015. doi: 10.1109/SIU.2015.7129976
Abstract: Internet of Things (IoT) is a network of sensors, actuators, mobile and wearable devices, simply things that have processing and communication modules and can connect to the Internet. In a few years time, billions of such things will start serving in many fields within the concept of IoT. Self-configuration, autonomous device addition, Internet connection and resource limitation features of IoT causes it to be highly prone to the attacks. Denial of Service (DoS) attacks which have been targeting the communication networks for years, will be the most dangerous threats to IoT networks. This study aims to analyze and classify the DoS attacks that may target the IoT environments. In addition to this, the systems that try to detect and mitigate the DoS attacks to IoT will be evaluated.
Keywords: Internet; Internet of Things; actuators; computer network security; mobile computing; sensors; wearable computers; DoS attacks; Internet connection; Internet-of-things security; IoT; actuator; autonomous device addition; communication modules; denial of service attack; mobile device; processing modules; resource limitation; self-configuration; sensor; wearable device; Ad hoc networks; Computer crime; IEEE 802.15 Standards; Internet of things; Wireless communication; Wireless sensor networks; DDoS; DoS; Internet of Things; IoT; network security (ID#: 15-8361)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7129976&isnumber=7129794
Peresini, O.; Krajcovic, T., "Internet Controlled Embedded System for Intelligent Sensors and Actuators Operation," in Applied Electronics (AE), 2015 International Conference on, pp. 185-188, 8-9 Sept. 2015. Doi: (not provided)
Abstract: Devices compliant with Internet of Things concept are currently getting increased interest amongst users and numerous manufacturers. Our idea is to introduce intelligent household control system respecting this trend. Primary focus of this work is to propose a new solution of intelligent house actuators realization, which is less expensive, more robust and more secure against intrusion. The hearth of the system consists of the intelligent modules which are modular, autonomous, decentralized, cheap and easily extensible with support for encrypted network communication. The proposed solution is opened and therefore ready for the future improvements and application in the field of the Internet of Things.
Keywords: Internet; Internet of Things; cryptography; embedded systems; home automation; intelligent actuators; intelligent control; Internet controlled embedded system; Internet of Things; actuators operation; encrypted network communication; intelligent house actuators; intelligent household control system; intelligent modules; intelligent sensors; Actuators; Hardware; Protocols; Security; Sensors; Standards; User interfaces; Internet of Things; actuators; decentralized network; embedded hardware; intelligent household (ID#: 15-8362)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301084&isnumber=7301036
Unger, S.; Timmermann, D., "DPWSec: Devices profile for Web Services Security," in Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, pp. 1-6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106961
Abstract: As cyber-physical systems (CPS) build a foundation for visions such as the Internet of Things (IoT) or Ambient Assisted Living (AAL), their communication security is crucial so they cannot be abused for invading our privacy and endangering our safety. In the past years many communication technologies have been introduced for critically resource-constrained devices such as simple sensors and actuators as found in CPS. However, many do not consider security at all or in a way that is not suitable for CPS. Also, the proposed solutions are not interoperable although this is considered a key factor for market acceptance. Instead of proposing yet another security scheme, we looked for an existing, time-proven solution that is widely accepted in a closely related domain as an interoperable security framework for resource-constrained devices. The candidate of our choice is the Web Services Security specification suite. We analysed its core concepts and isolated the parts suitable and necessary for embedded systems. In this paper we describe the methodology we developed and applied to derive the Devices Profile for Web Services Security (DPWSec). We discuss our findings by presenting the resulting architecture for message level security, authentication and authorization and the profile we developed as a subset of the original specifications. We demonstrate the feasibility of our results by discussing the proof-of-concept implementation of the developed profile and the security architecture.
Keywords: Internet; Internet of Things; Web services; ambient intelligence; assisted living; security of data; AAL; CPS; DPWSec; Internet of Things; IoT; ambient assisted living; communication security; cyber-physical system; devices profile for Web services security; interoperable security framework; message level security; resource-constrained devices; Authentication; Authorization; Cryptography; Interoperability; Web services; Applied Cryptography; Authentication; Cyber-Physical Systems (CPS);DPWS; Intelligent Environments; Internet of Things (IoT); Usability (ID#: 15-8363)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106961&isnumber=7106892
Hale, M.L.; Ellis, D.; Gamble, R.; Waler, C.; Lin, J., "Secu Wear: An Open Source, Multi-component Hardware/Software Platform for Exploring Wearable Security," in Mobile Services (MS), 2015 IEEE International Conference on, pp. 97-104, June 27 2015-July 2 2015. doi: 10.1109/MobServ.2015.23
Abstract: Wearables are the next big development in the mobile internet of things. Operating in a body area network around a smartphone user they serve a variety of commercial, medical, and personal uses. Whether used for fitness tracking, mobile health monitoring, or as remote controllers, wearable devices can include sensors that collect a variety of data and actuators that provide hap tic feedback and unique user interfaces for controlling software and hardware. Wearables are typically wireless and use Bluetooth LE (low energy) to transmit data to a waiting smartphone app. Frequently, apps forward this data onward to online web servers for tracking. Security and privacy concerns abound when wearables capture sensitive data or provide critical functionality. This paper develops a platform, called SecuWear, for conducting wearable security research, collecting data, and identifying vulnerabilities in hardware and software. SecuWear combines open source technologies to enable researchers to rapidly prototype security vulnerability test cases, evaluate them on actual hardware, and analyze the results to understand how best to mitigate problems. The paper includes two types of evaluation in the form of a comparative analysis and empirical study. The results reveal how several passive observation attacks present themselves in wearable applications and how the SecuWear platform can capture the necessary information needed to identify and combat such attacks.
Keywords: Bluetooth; Internet of Things; body area networks; mobile computing; security of data; Bluetooth LE; SecuWear platform; body area network; mobile Internet of Things; online Web servers; open source multicomponent hardware-software platform; security vulnerability test cases; smartphone user; wearable security; Biomedical monitoring; Bluetooth; Hardware; Mobile communication; Security; Sensors; Trade agreements; Bluetooth low energy; internet of things; man-in-the-middle; security; vulnerability discovery; wearables (ID#: 15-8364)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7226677&isnumber=7226653
Youngchoon Park, "Connected Smart Buildings, a New Way to Interact with Buildings," in Cloud Engineering (IC2E), 2015 IEEE International Conference on, pp.5-5, 9-13 March 2015. doi: 10.1109/IC2E.2015.57
Abstract: Summary form only given. Devices, people, information and software applications rarely live in isolation in modern building management. For example, networked sensors that monitor the performance of a chiller are common and collected data are delivered to building automation systems to optimize energy use. Detected possible failures are also handed to facility management staffs for repairs. Physical and cyber security services have to be incorporated to prevent improper access of not only HVAC (Heating, Ventilation, Air Conditioning) equipment but also control devices. Harmonizing these connected sensors, control devices, equipment and people is a key to provide more comfortable, safe and sustainable buildings. Nowadays, devices with embedded intelligences and communication capabilities can interact with people directly. Traditionally, few selected people (e.g., facility managers in building industry) have access and program the device with fixed operating schedule while a device has a very limited connectivity to an operating environment and context. Modern connected devices will learn and interact with users and other connected things. This would be a fundamental shift in ways in communication from unidirectional to bi-directional. A manufacturer will learn how their products and features are being accessed and utilized. An end user or a device on behalf of a user can interact and communicate with a service provider or a manufacturer without go though a distributer, almost real time basis. This will requires different business strategies and product development behaviors to serve connected customers' demands. Connected things produce enormous amount of data that result many questions and technical challenges in data management, analysis and associated services. In this talk, we will brief some of challenges that we have encountered In developing connected building solutions and services. More specifically, (1) semantic interoperability requirements among smart s- nsors, actuators, lighting, security and control and business applications, (2) engineering challenges in managing massively large time sensitive multi-media data in a cloud at global scale, and (3) security and privacy concerns are presented.
Keywords: HVAC; building management systems; intelligent sensors; HVAC; actuators; building automation systems; building management; business strategy; chiller performance; connected smart buildings; control devices; cyber security services; data management; facility management staffs; heating-ventilation-air conditioning equipment; lighting; networked sensors; product development behaviors; service provider; smart sensors; time sensitive multimedia data; Building automation; Business; Conferences; Intelligent sensors; Security; Building Management; Cloud; Internet of Things (ID#: 15-8365)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7092892&isnumber=7092808
Srivastava, P.; Garg, N., "Secure and Optimized Data Storage for IoT Through Cloud Framework," in Computing, Communication & Automation (ICCCA), 2015 International Conference on, pp. 720-723, 15-16 May 2015. doi: 10.1109/CCAA.2015.7148470
Abstract: Internet of Things (IoT) is the future. With increasing popularity of internet, soon internet in routine devices will be a common practice by people. Hence we are writing this paper to encourage IoT accomplishment using cloud computing features with it. Basic setback of IoT is management of the huge quantity of data. In this paper, we have suggested a framework with several data compression techniques to store this large amount of data on cloud acquiring lesser space and using AES encryption techniques we have also improved the security of this data. Framework also shows the interaction of data with reporting and analytic tools through cloud. At the end, we have concluded our paper with some of the future scopes and possible enhancements of our ideas.
Keywords: Internet of Things; cloud computing; cryptography; data compression; optimisation; storage management; AES encryption technique; Internet of Things; IoT; cloud computing feature; data compression technique; data storage optimization; data storage security; Cloud computing; Encryption; Image coding; Internet of things; Sensors; AES; IoT; actuators; compression; encryption; sensors; trigger (ID#: 15-8366)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7148470&isnumber=7148334
Tragos, E.Z.; Foti, M.; Surligas, M.; Lambropoulos, G.; Pournaras, S.; Papadakis, S.; Angelakis, V., "An IoT Based Intelligent Building Management System for Ambient Assisted Living," in Communication Workshop (ICCW), 2015 IEEE International Conference on, pp. 246-252, 8-12 June 2015. doi: 10.1109/ICCW.2015.7247186
Abstract: Ambient Assisted Living (AAL) describes an ICT based environment that exposes personalized and context-aware intelligent services, thus creating an appropriate experience to the end user to support independent living and improvement of the everyday quality of life of both healthy elderly and disabled people. The social and economic impact of AAL systems have boosted the research activities that combined with the advantages of enabling technologies such as Wireless Sensor Networks (WSNs) and Internet of Things (IoT) can greatly improve the performance and the efficiency of such systems. Sensors and actuators inside buildings can create an intelligent sensing environments that help gather realtime data for the patients, monitor their vital signs and identify abnormal situations that need medical attention. AAL applications might be life critical and therefore have very strict requirements for their performance with respect to the reliability of the devices, the ability of the system to gather data from heterogeneous devices, the timeliness of the data transfer and their trustworthiness. This work presents the functional architecture of SOrBet (Marie Curie IAPP project) that provides a framework for interconnecting efficiently smart devices, equipping them with intelligence that helps automating many of the everyday activities of the inhabitants. SOrBet is a paradigm shift of traditional AAL systems based on a hybrid architecture, including both distributed and centralized functionalities, extensible, self-organising, robust and secure, built on the concept of “reliability by design”, thus being capable of meeting the strict Quality of Service (QoS) requirements of demanding applications such as AAL.
Keywords: Internet of Things; assisted living; building management systems; patient monitoring; quality of service; wireless sensor networks; Internet of Things; IoT based intelligent building management system; SOrBet; ambient assisted living; hybrid architecture; quality of service; wireless sensor networks; Artificial intelligence; Automation; Buildings; Quality of service; Reliability; Security; Sensors (ID#: 15-8367)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247186&isnumber=7247062
Ozvural, G.; Kurt, G.K., "Advanced Approaches for Wireless Sensor Network Applications and Cloud Analytics," in Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, pp. 1-5, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106979
Abstract: Although wireless sensor network applications are still at early stages of development in the industry, it is obvious that it will pervasively come true and billions of embedded microcomputers will become online for the purpose of remote sensing, actuation and sharing information. According to the estimations, there will be 50 billion connected sensors or things by the year 2020. As we are developing first to market wireless sensor-actuator network devices, we have chance to identify design parameters, define technical infrastructure and make an effort to meet scalable system requirements. In this manner, required research and development activities must involve several research directions such as massive scaling, creating information and big data, robustness, security, privacy and human-in-the-loop. In this study, wireless sensor networks and Internet of things concepts are not only investigated theoretically but also the proposed system is designed and implemented end-to-end. Low rate wireless personal area network sensor nodes with random network coding capability are used for remote sensing and actuation. Low throughput embedded IP gateway node is developed utilizing both random network coding at low rate wireless personal area network side and low overhead websocket protocol for cloud communications side. Service-oriented design pattern is proposed for wireless sensor network cloud data analytics.
Keywords: IP networks; Internet of Things; cloud computing; data analysis; microcomputers; network coding; personal area networks; protocols; random codes; remote sensing; service-oriented architecture; wireless sensor networks; Internet of things concept; actuation; cloud communications side; cloud data analytics; design parameter identification; embedded microcomputer; information sharing; low throughput embedded IP gateway; overhead websocket protocol; random network coding capability; remote sensing; service-oriented design pattern; wireless personal area network sensor node; wireless sensor-actuator network device; IP networks; Logic gates; Network coding; Protocols; Relays; Wireless sensor networks; Zigbee (ID#: 15-8368)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106979&isnumber=7106892
Zimmermann, A.; Schmidt, R.; Sandkuhl, K.; Wissotzki, M.; Jugel, D.; Mohring, M., "Digital Enterprise Architecture - Transformation for the Internet of Things," in Enterprise Distributed Object Computing Workshop (EDOCW), 2015 IEEE 19th International, pp. 130-138, 21-25 Sept. 2015. doi: 10.1109/EDOCW.2015.16
Abstract: Excellence in IT is both a driver and a key enabler of the digital transformation. The digital transformation changes the way we live, work, learn, communicate, and collaborate. The Internet of Things (IoT) fundamentally influences today's digital strategies with disruptive business operating models and fast changing markets. New business information systems are integrating emerging Internet of Things infrastructures and components. With the huge diversity of Internet of Things technologies and products organizations have to leverage and extend previous Enterprise Architecture efforts to enable business value by integrating Internet of Things architectures. Both architecture engineering and management of current information systems and business models are complex and currently integrating beside the Internet of Things synergistic subjects, like Enterprise Architecture in context with services & cloud computing, semantic-based decision support through ontologies and knowledge-based systems, big data management, as well as mobility and collaboration networks. To provide adequate decision support for complex business/IT environments, we have to make transparent the impact of business and IT changes over the integral landscape of affected architectural capabilities, like directly and transitively impacted IoT-objects, business categories, processes, applications, services, platforms and infrastructures. The paper describes a new metamodel-based approach for integrating Internet of Things architectural objects, which are semi-automatically federated into a holistic Digital Enterprise Architecture environment.
Keywords: Internet of Things; business data processing; cloud computing; information systems; knowledge based systems; ontologies (artificial intelligence);software architecture; Big Data management; IT changes; Internet of Things architectures; Internet of Things components; Internet of Things infrastructures; Internet of Things technologies; IoT-objects; architectural capabilities; architectural objects; architecture engineering; business applications; business categories; business information systems; business infrastructures; business models; business platforms; business processes; business services; business value; cloud computing; collaboration networks; complex business/IT environments; digital enterprise architecture; digital strategies; digital transformation; information systems management; knowledge-based systems; metamodel-based approach; mobility; ontologies; products organizations; semantic-based decision support; Business; Cloud computing; Computational modeling; Computer architecture; Information systems; Internet of things; Security; Digital; Digital Transformation; Internet of Things (ID#: 15-8369)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7310681&isnumber=7310651
Gamundani, A.M., "An Impact Review on Internet of Things Attacks," in Emerging Trends in Networks and Computer Communications (ETNCC), 2015 International Conference on, pp. 114-118, 17-20 May 2015. doi: 10.1109/ETNCC.2015.7184819
Abstract: The heterogeneity of devices that can seamlessly connect to each other and be attached to human beings has given birth to a new computing epitome referred to as the Internet of Things. The connectivity and scalability of such technological waves could be harnessed to improve service delivery in many application areas as revealed by recent studies on the Internet of Things' interoperability. However, for the envisaged benefits to be yielded from Internet of Things there are many security issues to be addressed, which range from application environments security concerns, connection technology inbuilt security issues, scalability and manageability issues. Given the increasing number of objects or “things” that can connect to each other unsupervised, the complexity of such a network is presenting a great concern both for the future internet's security and reliable operation. The focus of this paper was to review the impact of some of the attacks attributable to internet of things. A desktop review of work done under this area, using the qualitative methodology was employed. This research may contribute towards a roadmap for security design and future research on internet of things scalability. The deployment of future applications around Internet of Things may receive valuable insight as the nature of attacks and their perceived impacts will be unveiled and possible solutions could be developed around them.
Keywords: Internet of Things; computer network management; computer network security; open systems; Internet of Things attacks; application environment security; interoperability; manageability issues; network complexity; network connection technology; scalability; security issues; Authentication; Data privacy; Internet of things; Safety; Wireless sensor networks; Attacks; Denial of Service; Internet of Things; Man in the middle; Replay; Security (ID#: 15-8370)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7184819&isnumber=7184793
Gendreau, A.A., "Situation Awareness Measurement Enhanced for Efficient Monitoring in the Internet of Things," in Region 10 Symposium (TENSYMP), 2015 IEEE, pp. 82-85, 13-15 May 2015. doi: 10.1109/TENSYMP.2015.13
Abstract: The Internet of Things (IoT) is a heterogeneous network of objects that communicate with each other and their owners over the Internet. In the future, the utilization of distributed technologies in combination with their object applications will result in an unprecedented level of knowledge and awareness, creating new business opportunities and expanding existing ones. However, in this paradigm where almost everything can be monitored and tracked, an awareness of the state of the monitoring systems' situation will be important. Given the anticipated scale of business opportunities resulting from new object monitoring and tracking capabilities, IoT adoption has not been as fast as expected. The reason for the slow growth of application objects is the immaturity of the standards, which can be partly attributed to their unique system requirements and characteristics. In particular, the IoT standards must exhibit efficient self-reliant management and monitoring capability, which in a hierarchical topology is the role of cluster heads. IoT standards must be robust, scalable, adaptable, reliable, and trustworthy. These criteria are predicated upon the limited lifetime, and the autonomous nature, of wireless personal area networks (WPANs), of which wireless sensor networks (WSNs) are a major technological solution and research area in the IoT. In this paper, the energy efficiency of a self-reliant management and monitoring WSN cluster head selection algorithm, previously used for situation awareness, was improved upon by sharing particular established application cluster heads. This enhancement saved energy and reporting time by reducing the path length to the monitoring node. Also, a proposal to enhance the risk assessment component of the model is made. We demonstrate through experiments that when benchmarked against both a power and randomized cluster head deployment, the proposed enhancement to the situation awareness metric used less power. Potentially, this approac- can be used to design a more energy efficient cluster-based management and monitoring algorithm for the advancement of security, e.g. Intrusion detection systems (IDSs), and other standards in the IoT.
Keywords: Internet of Things; personal area networks; security of data; wireless sensor networks; Internet of Things; WPAN; WSN; distributed technologies; efficient self-reliant management and monitoring capability; heterogeneous network; object monitoring and tracking capabilities; situation awareness measurement; situation awareness metric; wireless personal area networks; wireless sensor networks; Energy efficiency; Internet of things; Monitoring; Security; Standards; Wireless sensor networks; Internet of Things; Intrusion detection system; Situational awareness; Wireless sensor networks (ID#: 15-8371)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7166243&isnumber=7166213
Kotenko, I.; Saenko, I.; Skorik, F.; Bushuev, S., "Neural Network Approach to Forecast the State of the Internet of Things Elements," in Soft Computing and Measurements (SCM), 2015 XVIII International Conference on, pp. 133-135, 19-21 May 2015. doi: 10.1109/SCM.2015.7190434
Abstract: The paper presents the method to forecast the states of elements of the Internet of Things based on using an artificial neural network. The offered architecture of the neural network is a combination of a multilayered perceptron and a probabilistic neural network. For this reason, it provides high efficiency of decision-making. Results of an experimental assessment of the offered neural network on the accuracy of forecasting the states of elements of the Internet of Things are discussed.
Keywords: Internet of Things; decision making; multilayer perceptrons; neural net architecture; probability; Internet of Things; artificial neural network; decision making; multilayered perceptron; probabilistic neural network; Artificial neural networks; Computer architecture; Forecasting; Internet of things; Probabilistic logic; Security; internet of things; multilayered perceptron; neural network; state monitoring (ID#: 15-8372)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7190434&isnumber=7190390
Minch, R.P., "Location Privacy in the Era of the Internet of Things and Big Data Analytics," in System Sciences (HICSS), 2015 48th Hawaii International Conference on, pp. 1521-1530, 5-8 Jan. 2015. doi: 10.1109/HICSS.2015.185
Abstract: Location information is generated in large quantities in the Internet of Things and becomes a major component of the big data phenomenon. This results in privacy issues involving sensing, identification, storage, processing, sharing, and use of this information in technical, social, and legal contexts. These issues must be addressed if the IoT is to be widely adopted and accepted. Theory will need to be developed and tested, and new research questions will need to be investigated. This exploratory research begins to identify, classify, and describe these issues and questions.
Keywords: Big Data; Internet of Things; data privacy; law; mobile computing; social aspects of automation; Internet of Things; IoT; big data analytics; legal context; location privacy; social context; technical context; Big data; Context; Data privacy; Internet of things; Privacy; Security; Sensors; Big Data; Data Analytics; Internet of Things; Location Privacy (ID#: 15-8373)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7069994&isnumber=7069647
Zawoad, S.; Hasan, R., "FAIoT: Towards Building a Forensics Aware Eco System for the Internet of Things," in Services Computing (SCC), 2015 IEEE International Conference on, pp. 279-284, June 27 2015-July 2 2015. doi: 10.1109/SCC.2015.46
Abstract: The Internet of Things (IoT) involves numerous connected smart things with different technologies and communication standards. While IoT opens new opportunities in various fields, it introduces new challenges in the field of digital forensics investigations. The existing tools and procedures of digital forensics cannot meet the highly distributed and heterogeneous infrastructure of the IoT. Forensics investigators will face challenges while identifying necessary pieces of evidence from the IoT environment, and collecting and analyzing those evidence. In this article, we propose the first working definition of IoT forensics and systematically analyze the IoT forensics domain to explore the challenges and issues in this special branch of digital forensics. We propose a Forensics-aware IoT (FAIoT) model for supporting reliable forensics investigations in the IoT environment.
Keywords: Internet of Things; digital forensics; FAIoT; IoT forensics; digital forensics; forensics aware Eco system for the Internet of Things; reliable forensics; Digital forensics; Hospitals; Internet of things; Object recognition; Security; Forensic Investigation; IoT Forensics; IoT Security (ID#: 15-8374)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7207364&isnumber=7207317
Zegzhda, D.; Stepanova, T., "Achieving Internet of Things Security Via Providing Topological Sustainability," in Science and Information Conference (SAI), 2015, pp. 269-276, 28-30 July 2015. doi: 10.1109/SAI.2015.7237154
Abstract: Internet of things is fast-paced global phenomenon, based on the concept of heterogeneous networks. Modern heterogeneous networks are characterized by hardly predictable behaviour, hundreds of parameters of network nodes and connections, and lack of single basis for development of control methods and algorithms. In this paper authors propose basic theoretical framework that will allow achieving IoT security via providing its topological sustainability in order to confront security threats, aimed at disrupting, degrading or destroying IoT components and services.
Keywords: Internet of Things; security of data topology; Internet of Things security; IoT security; security threat; topological sustainability; Automata; Internet of things; Network topology; Security; Sensors; Standards; Topology; controllability; internet of things; security modeling; topological sustainability (ID#: 15-8375)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7237154&isnumber=7237120
Panwar, M.; Kumar, A., "Security for IoT: An Effective DTLS with Public Certificates," in Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, pp. 163-166, 19-20 March 2015. doi: 10.1109/ICACEA.2015.7164688
Abstract: The IoT (Internet of Things) is a scenario in which things, people, animal or any other object can be identified uniquely and have the ability to send or receive data over a network. With the IPV6 the address space has been increased enormously, favors allocation of IP address to a wide range of objects. In near future the number of things that would be connected to internet will be around 40 million. In this scenario it is expected that it will play a very vital role in business, data and social processes in which devices will interact among themselves and with the surrounding by interchanging information [5]. If this information carries sensitive data then security is an aspect that can never be ignored. This paper discusses some existing security mechanism for IoT and an effective DTLS mechanism that makes the DTLS security more robust by employing public certificates for authentication. We can use a Certificate authority that can give the digital certificates to both the client and server and can increase the effectiveness of this communication. This work aims to introduce a CA for the communication and to provide some results that can show its improved performance in contrast to the pre-shared key communication.
Keywords: IP networks; Internet of Things; computer network security; DTLS mechanism; DTLS security; IP address; IPV6; Internet of Things; IoT security; authentication; interchanging information; public certificates; receive data; security mechanism; Authentication; Internet of things; Protocols; Public key; Servers; Certificate Authority (CA); Datagram Transport Layer Security (DTLS); Internet of Things (IoT) (ID#: 15-8376)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164688&isnumber=7164643
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications.