The development of IoT has penetrated various sectors. The development of IoT devices continues to increase and is predicted to reach 75 billion by 2025. However, the development of IoT devices is not followed by security developments. Therefore, IoT devices can become gateways for cyber attacks, including brute force and sniffing attacks. Authentication mechanisms can be used to ward off attacks. However, the implementation of authentication mechanisms on IoT devices is challenging. IoT devices are dominated by constraint devices that have limited computing. Thus, conventional authentication mechanisms are not suitable for use. Two-factor authentication using RFID and fingerprint can be a solution in providing an authentication mechanism. Previous studies have proposed a two-factor authentication mechanism using RFID and fingerprint. However, previous research did not pay attention to message exchange security issues and did not provide mutual authentication. This research proposes a secure mutual authentication protocol using two-factor RFID and fingerprint using MQTT protocol. Two processes support the authentication process: the registration process and authentication. The proposed protocol is tested based on biometric security by measuring the false acceptance rate (FAR) and false rejection rate (FRR) on the fingerprint, measuring brute force attacks, and measuring sniffing attacks. The test results obtained the most optimal FAR and FRR at the 80\% threshold. Then the equal error rate (ERR) on FAR and FRR is around 59.5\%. Then, testing brute force and sniffing attacks found that the proposed protocol is resistant to both attacks.

With the advances in 5G communication and mobile device, internet of drones (IoD) has emerged as a fascinating new concept in the realm of smart cities, and has garnered significant interest from both scientific and industrial communities. However, IoD are fragile to variety of security attacks because an adversary can reuse, delete, insert, intercept or block the transmitted messages over an open channel. Therefore, it is imperative to have robust and efficient authentication and key agreement (AKA) schemes for IoD in order to to fulfill the necessary security requirements. Recently, Nikooghadm et al. designed a secure and lightweight AKA scheme for internet of drones (IoD) in IoT environments. However, we prove that their scheme is not resilient to various security threats and does not provide the necessary security properties. Thus, we propose the essential security requirements and guidelines to enhance the security flaws of Nikooghadm et al.’s scheme.

Nowadays, the increasing number of devices deployed in IoT systems implementation and the requirement of preserving the integrity of data transported over the Internet, demand the use of data encryption schemes. This paper aims to show the performance evaluation of CP-ABE (Ciphertext-Policy Attribute Based Encryption) type of encryption over MQTT (Message Queue Transport Telemetry) that focuses on execution time for an IoT system with Raspberry Pi. For the implementation, two Raspberry Pi 4 Computer Model B are used for both the publisher and the subscriber, and a computer with Ubuntu 20.04 LTS operating system is used for the Broker and the Key Authority. The result of the present work provides relevant information on the execution times required in the CP-ABE encryption scheme to provide data integrity and fine-grained access control policy in an IoT system. The work demonstrates that the CP-ABE encryption scheme is suitable for IoT systems.

The Internet of Things (IoT) refers to the growing network of connected physical objects embedded with sensors, software and connectivity. While IoT has potential benefits, it also introduces new cyber security risks. This paper provides an overview of IoT security issues, vulnerabilities, threats, and mitigation strategies. The key vulnerabilities arising from IoT s scale, ubiquity and connectivity include inadequate authentication, lack of encryption, poor software security, and privacy concerns. Common attacks against IoT devices and networks include denial of service, ransom-ware, man-in-the-middle, and spoofing. An analysis of recent literature highlights emerging attack trends like swarm-based DDoS, IoT botnets, and automated large-scale exploits. Recommended techniques to secure IoT include building security into architecture and design, access control, cryptography, regular patching and upgrades, activity monitoring, incident response plans, and end-user education. Future technologies like blockchain, AI-enabled defense, and post-quantum cryptography can help strengthen IoT security. Additional focus areas include shared threat intelligence, security testing, certification programs, international standards and collaboration between industry, government and academia. A robust multilayered defense combining preventive and detective controls is required to combat rising IoT threats. This paper provides a comprehensive overview of the IoT security landscape and identifies areas for continued research and development.

Mission Impact Assessment (MIA) is a critical endeavor for evaluating the performance of mission systems, encompassing intricate elements such as assets, services, tasks, vulnerability, attacks, and defenses. This study introduces an innovative MIA framework that transcends existing methodologies by intricately modeling the interdependencies among these components. Additionally, we integrate hypergame theory to address the strategic dynamics of attack-defense interactions. To illustrate its practicality, we apply the framework to an Internet-of-Things (IoT)-based mission system tailored for accurate, time-sensitive object detection. Rigorous simulation experiments affirm the framework s robustness across a spectrum of scenarios. Our results prove that the developed MIA framework shows a sufficiently high inference accuracy (e.g., 80 \%) even with a small portion of the training dataset (e.g., 20–50 \%).

Cyberattacks, particularly those that take place in real time, will be able to target an increasing number of networked systems as more and more items connect to the Internet of items. While the system is operational, it is susceptible to intrusions that might have catastrophic consequences, such as the theft of sensitive information, the violation of personal privacy, or perhaps physical injury or even death. These outcomes are all possible while the system is operational. A mixed-methods research approach was required in order to fulfill the requirements for understanding the nature and scope of real-time assaults on IoT-powered cybersecurity infrastructure. The quantitative data that was utilized in this research came from an online survey of IoT security professionals as well as an analysis of publicly available information on IoT security incidents. For the purpose of gathering qualitative data, in-depth interviews with industry experts and specialists in the area of Internet of Things security were conducted. The authors provide a novel method for identifying cybersecurity flaws and breaches in cyber-physical systems, one that makes use of deep learning in conjunction with blockchain technology. This method has the potential to be quite useful. Their proposed technique compares and evaluates unsupervised and deep learning-based discriminative methods, in addition to introducing a generative adversarial network, in order to determine whether cyber threats are present in IICs networks that are powered by IoT. The results indicate an improvement in performance in terms of accuracy, reliability, and efficiency in recognizing all types of attacks. The dropout value was found to be 0.2, and the epoch value was set at 25.

The Web of Things (IoT), which aids in the creation opportunities to meet various business requirements, support in improving company activities, create and interact with the customers for effective delivery of goods and services, has seen overall expansion and development fueled by the dynamic business environment. The utilization of IoT and similar solutions has expanded, raising concerns about security vulnerabilities and the crucial actions that management must take to safeguard data and improve operational efficiency. The study focuses more on analyzing the key elements of IoT technologies that an organization may utilize to protect itself from security threats and take the necessary countermeasures to achieve sustainable growth. Each kind of network intrusion is thought to be linked around one or more different architectural levels; as a result, suitable authenticity, confidentially, and validation need to be established for greater protection. SPSS is utilized in the study s qualitative research design to analyses the data and offer insight based on the findings.

These days, safety measures can t be neglected. In a world where digital risks are becoming more prevalent, efficient security has become an essential aspect of any system or business. Protecting valuables now requires a defensive strategy with several layers. Security systems play an important role in today s modern, industrialised society. The security system is primarily intended to address the need for the protection of hard-earned treasures (jewels). Unlike the current method, which uses physical locks that are readily falsified, this system uses Bluetooth and RFID tags in conjunction with digital (electronic) code locks to unlock the door automatically once the series of authentications is validated and emits alarm noises when any discrepancy happens. The ability of subsequent layers of defense to prevent intrusion is unaffected by the failure of an earlier one to provide detection. In this effort, we use IoT to design and build a fully automated security system that will operate with no more human intervention when it is put into place. In addition, the system s overall cost of adoption is far lower than that of any other consumer security solution now on the market.

In today s world, security is a very important issue. People should always keep their belongings safe. To increase security, this research work proposes a IoT-based smart lockers with sensors and access keys with security, verification, and user-friendly tools. This model alerts the user when someone else tries to access their locker and quickly sends an alarm to the authorized user, and provides the option to either grant or reject access to the valid user. In this paper, smart locker is kept registered early to use a locker in the bank, office, home, etc. to ensure safety. The user demands to send an unlock direction with the help of microcontroller NUDE MCU ESP8266 and after accepting the command from the cloud (BLYNK APP), only the user can unlock the closet and access the valuables. This study has also introduced the encroachment detection in lockers with sensors and finally installed smart lockers with fire alarms for security and reliability.

This paper focuses on the adoption of biometric and RFID security gadgets as innovative solutions for enhancing door lock systems. The traditional reliance on physical keys has proven vulnerable to security breaches, prompting the need for more robust measures. Biometric features such as Fingerprint, Voice and Bluetooth offer unparalleled security by leveraging unique biological characteristics for authentication. Additionally, integrating RFID technology enables convenient access control through assigned cards or tags, eliminating the need for physical keys or complex passwords. The combination of these cutting-edge solutions establishes a comprehensive security infrastructure, significantly reducing risks associated with conventional lock systems. This research highlights the benefits and applications of these technologies in various settings, emphasizing their role in creating a safer environment for individuals and organizations.

In today s world, security is a very important issue. People should always keep their belongings safe. To increase security, this research work proposes a IoT-based smart lockers with sensors and access keys with security, verification, and user-friendly tools. This model alerts the user when someone else tries to access their locker and quickly sends an alarm to the authorized user, and provides the option to either grant or reject access to the valid user. In this paper, smart locker is kept registered early to use a locker in the bank, office, home, etc. to ensure safety. The user demands to send an unlock direction with the help of microcontroller NUDE MCU ESP8266 and after accepting the command from the cloud (BLYNK APP), only the user can unlock the closet and access the valuables. This study has also introduced the encroachment detection in lockers with sensors and finally installed smart lockers with fire alarms for security and reliability.

Advances in sensor and communication technologies have transformed traditional homes into smart homes, equipped with sensors and actuators for various functionalities like smart lighting, temperature control, irrigation, solar monitoring, entertainment, and security. This transition is powered by the Internet of Things (IoT) architecture, enabling smart home hubs to integrate and control devices with different communication protocols. However, this shift has also introduced new security and privacy issues in the Smart Home IoT (SH-IoT) environment. To address these challenges, new communication protocols with cryptographic features have been developed, and a unified standard called Matter has been created to promote interoperability among different device manufacturers. This paper presents a comprehensive survey of recent trends and advances in the smart home IoT landscape, focusing on communication protocols, their security issues and protection features against vulnerabilities in the SH-IoT environment.

With the advancement in Internet of things smart homes are rapidly developing. Smart home is the major key component of Internet of thing. With the help of IOT technology we can stay connected to our home appliance. Internet of Things is the Associations of inserted advancements that. Contained physical protests and is utilized to convey and keenness or collaborate with the internal states or the outer surroundings. Rather than individuals to individuals’ correspondence, IoT accentuation on machine-to-machine correspondence. Smart home connects the physical components of our home with the help of software and sensors so that we can access them via internet from one place. Building home automation includes computerizing a home, likewise, mentioned to as a sensible home or smart home. Domestic machines are an urgent part of the Web of Things whenever they are associated with the web. Controlled devices are commonly connected to a focal center or entryway through a domestic automation framework. A smartphone application, tablet PC, personal computer, wall-mounted terminals, or even a web interface that can be gotten to from off-website over the Web are completely utilized by the program to work the framework. Since all the devices are interconnected and interlinked to one an-another they are lot of chances for security breach and data theft. If the security layer is easily breakable any third-party attacker can easily theft the private data of the user. Which leads us to pay more attention to protecting and securing private data. With the day-to-day development of Smart Home, the safety also got to be developed and updated day to day the safety challenges of the IoT for a wise home scenario are encountered, and a comprehensive IoT security management for smart homes has been proposed. This paper acquaints the status of IoT development, and furthermore contains security issues challenges. Finally, this paper surveys the Gamble factor, security issues and challenges in every point of view

In the last decade the rapid development of the communications and IoT systems have risen many challenges regarding the security of the devices that are handled wirelessly. Therefore, in this paper, we intend to test the possibility of spoofing the parameters for connection of the Bluetooth Low Energy (BLE) devices, to make several recommendations for increasing the security of the usage of those devices and to propose basic counter measurements regarding the possibility of hacking them.

Multiple smart operations, similar as smart technologies in homes, smart metropolises, smart husbandry, and smart health and fitness centres, use a new technology known as the Internet of effects. They correspond of an multifariousness of multiple networked bias that link to multiple detectors and the internet. Among the layers that comprise an IoT armature are the perception subcaste, network subcaste, and operation subcaste. Due to their wide use, these smart biases have fairly minimum protection and are vulnerable to attacks. Comprehensive explanations of operation subcaste security issues and protocols, similar as Advance Message Queuing Protocol(AMQP) in application layer protocol, Constrained operation protocol(CoAP), and REST(Emblematic State Transport).

The Internet of Things (IoT) connects the physical world to the digital world, and wireless sensor networks (WSNs) play a significant role. There are billions of IoT products in the market. We found that security was not the primary focus of software developers. The first step of designing a secure product is to analyze and note down the security requirements. This research paper proposes a modified approach, incorporating elements from the SREP (Software Requirements Engineering Process) and SQUARE (Security Quality Requirement Engineering), to define security requirements for IoT products. The revised process is applied to determine the security requirements of a Smart Lock system that utilizes the publish/subscribe protocol MQTT-SN (Message Queuing Telemetry Transport for Sensor Networks) communication protocol architecture.

This paper focuses on the adoption of biometric and RFID security gadgets as innovative solutions for enhancing door lock systems. The traditional reliance on physical keys has proven vulnerable to security breaches, prompting the need for more robust measures. Biometric features such as Fingerprint, Voice and Bluetooth offer unparalleled security by leveraging unique biological characteristics for authentication. Additionally, integrating RFID technology enables convenient access control through assigned cards or tags, eliminating the need for physical keys or complex passwords. The combination of these cutting-edge solutions establishes a comprehensive security infrastructure, significantly reducing risks associated with conventional lock systems. This research highlights the benefits and applications of these technologies in various settings, emphasizing their role in creating a safer environment for individuals and organizations.

The Internet of Things (IoT) is characterized by a myriad of communication protocols that enable seamless connectivity among devices. However, the open nature of the internet exposes these communication protocols to various flaws and vulnerabilities, resulting in the necessity for rigorous security verification. In response to this imperative, the literature abounds with research efforts aimed at assessing the security properties of IoT communication protocols using diverse techniques. In this paper, we present a comprehensive overview of these research endeavors, with a specific focus on the utilization of Formal Methods to verify the security of common communication protocols employed in the IoT.

Today the motorcycle theft cases in Indonesia are in a very high rate and it has been continuing to increase in every year. For this, there is a need for a security system for motorcycle to minimize the risk of motorcycle theft. This study aims to design and create an Internet of Things (IoT)-based security system for the motorcycle that can be controlled through smartphone purposely to reduce the rate of motorcycle thefts. The system was created using Arduino microcontroller. From the results of the implementation, it produced a device that has a number of features including turning on, turning off, and motorcycle starter using application. Another one is the function of tracking to trace the position of the motorcycle. The third feature is to turn off the function of motorcycle socket and the fourth feature is to control the switch engine of motorcycle. The results of the testing in the parameters of maximum distance of Bluetooth connection, delay proses, test of GPS connectivity and test of voice command, showed that it could create a system that can be used well as an anti-theft device for motorcycle.

There will be a billion smart devices with processing, sensing, and actuation capabilities that can be connected to the Internet under the IoT paradigm. The level of convenience, effectiveness, and automation for consumers is expected to rise owing to promising IoT applications. Privacy is a significant concern in IoT systems, and it is essential to provide users with full awareness and control over the data collected by these systems. The use of privacy-enhancing technologies can help to minimise the risks associated with data collection and processing and ensure that user privacy is protected. Lack of standards for devices with limited resources and heterogeneous technologies intensifies the security issue. There are various emerging and existing technologies that can help to address the security risks in the IoT sector and achieve a high degree of trust in IoT applications. By implementing these technologies and countermeasures, it is possible to improve the security and reliability of IoT systems, ensuring that they can be used safely and effectively in a wide range of applications. This article s intent is to provide a comprehensive investigation of the threats and risks in the IoT industry and to examine some potential countermeasures.

Blockchain, as an emerging distributed database, effectively addresses the issue of centralized storage in IoT data, where storage capacity cannot match the explosive growth in devices and data scale, as well as the contradictions arising from centralized data management concerning data privacy and security concerns. To alleviate the problem of excessive pressure on single-point storage and ensure data security, a blockchain data storage method based on erasure codes is proposed. This method involves constructing mathematical functions that describe the data to split the original block data into multiple fragments and add redundant slices. These fragments are then encoded and stored in different locations using a circular hash space with the addition of virtual nodes to ensure load balancing among nodes and reduce situations where a single node stores too many encoded data blocks, effectively enhancing the storage space utilization efficiency of the distributed storage database. The blockchain storage method stores encoded data digest information such as storage location, creation time, and hashes, allowing for the tracing of the origin of encoded data blocks. In case of accidental loss or malicious tampering, this enables effective recovery and ensures the integrity and availability of data in the network. Experimental results indicate that compared to traditional blockchain approaches, this method effectively reduces the storage pressure on nodes and exhibits a certain degree of disaster recovery capability.

In the realm of Internet of Things (IoT) devices, the trust management system (TMS) has been enhanced through the utilisation of diverse machine learning (ML) classifiers in recent times. The efficacy of training machine learning classifiers with pre-existing datasets for establishing trustworthiness in IoT devices is constrained by the inadequacy of selecting suitable features. The current study employes a subset of the UNSW-NB15 dataset to compute additional features such as throughput, goodput, packet loss. These features may be combined with the best discriminatory features to distinguish between trustworthy and non-trustworthy IoT networks. In addition, the transformed dataset undergoes filter-based and wrapper-based feature selection methods to mitigate the presence of irrelevant and redundant features. The evaluation of classifiers is performed utilising diverse metrics, including accuracy, precision, recall, F1-score, true positive rate (TPR), and false positive rate (FPR). The performance assessment is conducted both with and without the application of feature selection methodologies. Ultimately, a comparative analysis of the machine learning models is performed, and the findings of the analysis demonstrate that our model s efficacy surpasses that of the approaches utilised in the existing literature.

IoT scenarios face cybersecurity concerns due to unauthorized devices that can impersonate legitimate ones by using identical software and hardware configurations. This can lead to sensitive information leaks, data poisoning, or privilege escalation. Behavioral fingerprinting and ML/DL techniques have been used in the literature to identify devices based on performance differences caused by manufacturing imperfections. In addition, using Federated Learning to maintain data privacy is also a challenge for IoT scenarios. Federated Learning allows multiple devices to collaboratively train a machine learning model without sharing their data, but it requires addressing issues such as communication latency, heterogeneity of devices, and data security concerns. In this sense, Trustworthy Federated Learning has emerged as a potential solution, which combines privacy-preserving techniques and metrics to ensure data privacy, model integrity, and secure communication between devices. Therefore, this work proposes a trustworthy federated learning framework for individual device identification. It first analyzes the existing metrics for trustworthiness evaluation in FL and organizes them into six pillars (privacy, robustness, fairness, explainability, accountability, and federation) for computing the trustworthiness of FL models. The framework presents a modular setup where one component is in charge of the federated model generation and another one is in charge of trustworthiness evaluation. The framework is validated in a real scenario composed of 45 identical Raspberry Pi devices whose hardware components are monitored to generate individual behavior fingerprints. The solution achieves a 0.9724 average F1-Score in the identification on a centralized setup, while the average F1-Score in the federated setup is 0.8320. Besides, a 0.6 final trustworthiness score is achieved by the model on state-of-the-art metrics, indicating that further privacy and robustness techniques are required to improve this score.

Device recognition is the primary step toward a secure IoT system. However, the existing equipment recognition technology often faces the problems of unobvious data characteristics and insufficient training samples, resulting in low recognition rate. To address this problem, a convolutional neural network-based IoT device recognition method is proposed. We first extract the background icons of various IoT devices through the Internet, and then use the ResNet50 neural network to extract icon feature vectors to build an IoT icon library, and realize accurate identification of device types through image retrieval. The experimental results show that the accuracy rate of sampling retrieval in the icon library can reach 98.5\%, and the recognition accuracy rate outside the library can reach 83.3\%, which can effectively identify the type of IoT devices.

The principles of social networking and the Internet of Things were combined to create the Social Internet of Things (SIoT) paradigm. Therefore, this paradigm cannot become widely adopted to the point where it becomes a well-established technology without a security mechanism to assure reliable interactions between SIoT nodes. A Trust Management (TM) model becomes a major challenge in SIoT systems to create a trust score for the network nodes ranking. Regarding the defined TM models methodology, this score will persist for the subsequent transaction and will only be changed after some time has passed or after another transaction. However, a trust evaluation methodology must be able to consider the different constraints of the SIoT environments (dynamism and scalability) when building trust scores. Based on both event-driven and time-driven methods for trust update solutions, this model can identify which damaging nodes should be eliminated based on their changing problematic behaviors over time. The effectiveness of our proposed model has been validated by a number of simulation-based experiments that were conducted on various scenarios.