The Internet of Things (IoT) heralds a innovative generation in communication via enabling regular gadgets to supply, receive, and percentage records easily. IoT applications, which prioritise venture automation, aim to present inanimate items autonomy; they promise increased consolation, productivity, and automation. However, strong safety, privateness, authentication, and recuperation methods are required to understand this goal. In order to assemble give up-to-quit secure IoT environments, this newsletter meticulously evaluations the security troubles and risks inherent to IoT applications. It emphasises the vital necessity for architectural changes.The paper starts by conducting an examination of security worries before exploring emerging and advanced technologies aimed at nurturing a sense of trust, in Internet of Things (IoT) applications. The primary focus of the discussion revolves around how these technologies aid in overcoming security challenges and fostering an ecosystem for IoT.

Healthcare systems have recently utilized the Internet of Medical Things (IoMT) to assist intelligent data collection and decision-making. However, the volume of malicious threats, particularly new variants of malware attacks to the connected medical devices and their connected system, has risen significantly in recent years, which poses a critical threat to patients’ confidential data and the safety of the healthcare systems. To address the high complexity of conventional software-based detection techniques, Hardware-supported Malware Detection (HMD) has proved to be efficient for detecting malware at the processors’ micro-architecture level with the aid of Machine Learning (ML) techniques applied to Hardware Performance Counter (HPC) data. In this work, we examine the suitability of various standard ML classifiers for zero-day malware detection on new data streams in the real-world operation of IoMT devices and demonstrate that such methods are not capable of detecting unknown malware signatures with a high detection rate. In response, we propose a hybrid and adaptive image-based framework based on Deep Learning and Deep Reinforcement Learning (DRL) for online hardware-assisted zero-day malware detection in IoMT devices. Our proposed method dynamically selects the best DNN-based malware detector at run-time customized for each device from a pool of highly efficient models continuously trained on all stream data. It first converts tabular hardware-based data (HPC events) into small-size images and then leverages a transfer learning technique to retrain and enhance the Deep Neural Network (DNN) based model’s performance for unknown malware detection. Multiple DNN models are trained on various stream data continuously to form an inclusive model pool. Next, a DRL-based agent constructed with two Multi-Layer Perceptrons (MLPs) is trained (one acts as an Actor and another acts as a Critic) to align the decision of selecting the most optimal DNN model for highly accurate zero-day malware detection at run-time using a limited number of hardware events. The experimental results demonstrate that our proposed AI-enabled method achieves 99\% detection rate in both F1-score and AUC, with only 0.01\% false positive rate and 1\% false negative rate.

In the evolving landscape of Internet of Things (IoT) security, the need for continuous adaptation of defenses is critical. Class Incremental Learning (CIL) can provide a viable solution by enabling Machine Learning (ML) and Deep Learning (DL) models to ( i) learn and adapt to new attack types (0-day attacks), ( ii) retain their ability to detect known threats, (iii) safeguard computational efficiency (i.e. no full re-training). In IoT security, where novel attacks frequently emerge, CIL offers an effective tool to enhance Intrusion Detection Systems (IDS) and secure network environments. In this study, we explore how CIL approaches empower DL-based IDS in IoT networks, using the publicly-available IoT-23 dataset. Our evaluation focuses on two essential aspects of an IDS: ( a) attack classification and ( b) misuse detection. A thorough comparison against a fully-retrained IDS, namely starting from scratch, is carried out. Finally, we place emphasis on interpreting the predictions made by incremental IDS models through eXplainable AI (XAI) tools, offering insights into potential avenues for improvement.

Automated Internet of Things (IoT) devices generate a considerable amount of data continuously. However, an IoT network can be vulnerable to botnet attacks, where a group of IoT devices can be infected by malware and form a botnet. Recently, Artificial Intelligence (AI) algorithms have been introduced to detect and resist such botnet attacks in IoT networks. However, most of the existing Deep Learning-based algorithms are designed and implemented in a centralized manner. Therefore, these approaches can be sub-optimal in detecting zero-day botnet attacks against a group of IoT devices. Besides, a centralized AI approach requires sharing of data traces from the IoT devices for training purposes, which jeopardizes user privacy. To tackle these issues in this paper, we propose a federated learning based framework for a zero-day botnet attack detection model, where a new aggregation algorithm for the IoT devices is developed so that a better model aggregation can be achieved without compromising user privacy. Evaluations are conducted on an open dataset, i.e., the N-BaIoT. The evaluation results demonstrate that the proposed learning framework with the new aggregation algorithm outperforms the existing baseline aggregation algorithms in federated learning for zero-day botnet attack detection in IoT networks.

The advent of the Internet of Things (IoT) has ushered in the concept of smart cities – urban environments where everything from traffic lights to waste management is interconnected and digitally managed. While this transformation offers unparalleled efficiency and innovation, it opens the door to myriad cyber-attacks. Threats range from data breaches to infrastructure disruptions, with one subtle yet potent risk emerging: fake clients. These seemingly benign entities have the potential to carry out a multitude of cyber attacks, leveraging their deceptive appearance to infiltrate and compromise systems. This research presents a novel simulation model for a smart city based on the Internet of Things using the Netsim program. This city consists of several sectors, each of which consists of several clients that connect to produce the best performance, comfort and energy savings for this city. Fake clients are added to this simulation, who are they disguise themselves as benign clients while, in reality, they are exploiting this trust to carry out cyber attacks on these cities, then after preparing the simulation perfectly, the data flow of this system is captured and stored in a CSV file and classified into fake and normal, then this data set is subjected to several experiments using the Machine Learning using the MATLAB program. Each of them shows good results, based on the detection results shown by Model Machine Learning. The highest detection accuracy was in the third experiment using the k-nearest neighbors classifier and was 98.77\%. Concluding, the research unveils a robust prevention model.

Recent advancements in technology have transformed conventional mechanical vehicles into sophisticated computer systems on wheels. This transition has elevated their intelligence and facilitated seamless connectivity. However, such development has also escalated the possibility of compromising the vehicle’s cyber security expanding the overall cyber threat landscape. This necessitates an increased demand for security measures that manifest flexibility and adaptability instead of static threshold-based measures. Context-awareness techniques can provide a promising direction for such security solutions. Integration of context-awareness in security analysis helps in analysing the behaviour of the environment where IoT devices are deployed, enabling adaptive decision-making that aligns with the current situation. While the incorporation of context-awareness into adaptive systems has been explored extensively, its application to support the cyber security of vehicular ecosystem is relatively new. In this paper, we proposed a context-aware conceptual framework for automotive vehicle security that allows us to analyse real-time situations thereby identifying security threats. The usability of the framework is demonstrated considering an Electric Vehicle(EV) Charging case study.

The surveillance factor impacting the Internet-of-Things (IoT) conceptual framework has recently received significant attention from the research community. To do this, a number of surveys covering a variety of IoT-centric topics, such as intrusion detection systems, threat modeling, as well as emerging technologies, were suggested. Stability is not a problem that can be handled separately. Each layer of the IoT solutions must be designed and built with security in mind. IoT security goes beyond safeguarding the network as well as data to include attacks that could be directed at human health or even life. We discuss the IoT s security challenges in this study. We start by going over some fundamental security ideas and IoT security requirements. Following that, we look at IoT market statistics and IoT security statistics to see where it is all headed and how to make your situation better by implementing appropriate security measures.

IoT shares data with other things, such as applications, networked devices, or industrial equipment. With a large-scale complex architecture de-sign composed of numerous ‘things’, the scalability and reliability of various models stand out. When these advantages are vulnerable to security, constant problems occur continuously. Since IoT devices are provided with services closely to users, it can be seen that there are many users with various hacking methods and environments vulnerable to hacking.

Internet of Things (IoT) is encroaching in every aspect of our lives. The exponential increase in connected devices has massively increased the attack surface in IoT. The unprotected IoT devices are not only the target for attackers but also used as attack generating elements. The Distributed Denial of Service (DDoS) attacks generated using the geographically distributed unprotected IoT devices as botnet pose a serious threat to IoT. The large-scale DDoS attacks may arise through multiple low-rate DDoS attacks from geographically distributed, compromised IoT devices. This kind of DDoS attacks are difficult to detect with the existing security mechanisms because of the large-scale distributed nature of IoT. The proposed method provides solution to this problem using Fog computing containing fog nodes which are closer to edge IoT devices. The distributed fog nodes detects the low-rate DDoS attacks from IoT devices before it leads to largescale DDoS attack. The effectiveness analysis of the proposed method proves that the real time detection is practical. The experimental results depicts that the lowrate DDoS attacks are detected at faster rate in fog nodes, hence the large-scale DDoS attacks are detected at early stage to protect from massive attack.

With billions of devices already connected to the network s edge, the Internet of Things (IoT) is shaping the future of pervasive computing. Nonetheless, IoT applications still cannot escape the need for the computing resources available at the fog layer. This becomes challenging since the fog nodes are not necessarily secure nor reliable, which widens even further the IoT threat surface. Moreover, the security risk appetite of heterogeneous IoT applications in different domains or deploy-ment contexts should not be assessed similarly. To respond to this challenge, this paper proposes a new approach to optimize the allocation of secure and reliable fog computing resources among IoT applications with varying security risk level. First, the security and reliability levels of fog nodes are quantitatively evaluated, and a security risk assessment methodology is defined for IoT services. Then, an online, incentive-compatible mechanism is designed to allocate secure fog resources to high-risk IoT offloading requests. Compared to the offline Vickrey auction, the proposed mechanism is computationally efficient and yields an acceptable approximation of the social welfare of IoT devices, allowing to attenuate security risk within the edge network.

As a result of this new computer design, edge computing can process data rapidly and effectively near to the source, avoiding network resource and latency constraints. By shifting computing power to the network edge, edge computing decreases the load on cloud services centers while also reducing the time required for users to input data. Edge computing advantages for data-intensive services, in particular, could be obscured if access latency becomes a bottleneck. Edge computing raises a number of challenges, such as security concerns, data incompleteness, and a hefty up-front and ongoing expense. There is now a shift in the worldwide mobile communications sector toward 5G technology. This unprecedented attention to edge computing has come about because 5G is one of the primary entry technologies for large-scale deployment. Edge computing privacy has been a major concern since the technology’s inception, limiting its adoption and advancement. As the capabilities of edge computing have evolved, so have the security issues that have arisen as a result of these developments, as well as the increasing public demand for privacy protection. The lack of trust amongst IoT devices is exacerbated by the inherent security concerns and assaults that plague IoT edge devices. A cognitive trust management system is proposed to reduce this malicious activity by maintaining the confidence of an appliance \& managing the service level belief \& Quality of Service (QoS). Improved packet delivery ratio and jitter in cognitive trust management systems based on QoS parameters show promise for spotting potentially harmful edge nodes in computing networks at the edge.

With the proliferation of data in Internet-related applications, incidences of cyber security have increased manyfold. Energy management, which is one of the smart city layers, has also been experiencing cyberattacks. Furthermore, the Distributed Energy Resources (DER), which depend on different controllers to provide energy to the main physical smart grid of a smart city, is prone to cyberattacks. The increased cyber-attacks on DER systems are mainly because of its dependency on digital communication and controls as there is an increase in the number of devices owned and controlled by consumers and third parties. This paper analyzes the major cyber security and privacy challenges that might inflict, damage or compromise the DER and related controllers in smart cities. These challenges highlight that the security and privacy on the Internet of Things (IoT), big data, artificial intelligence, and smart grid, which are the building blocks of a smart city, must be addressed in the DER sector. It is observed that the security and privacy challenges in smart cities can be solved through the distributed framework, by identifying and classifying stakeholders, using appropriate model, and by incorporating fault-tolerance techniques.

This paper offers a thorough investigation into quantum cryptography, a security paradigm based on the principles of quantum mechanics that provides exceptional guarantees for communication and information protection. The study covers the fundamental principles of quantum cryptography, mathematical modelling, practical applications, and future prospects. It discusses the representation of quantum states, quantum operations, and quantum measurements, emphasising their significance in mathematical modelling. The paper showcases the real-world applications of quantum cryptography in secure communication networks, financial systems, government and defence sectors, and data centres. Furthermore, it identifies emerging domains such as IoT, 5G networks, blockchain technology, and cloud computing as promising areas for implementing quantum cryptographic solutions. The paper also presents avenues for further research, including post-quantum cryptography, quantum cryptanalysis, multi-party quantum communication, and device-independent quantum cryptography. Lastly, it underscores the importance of developing robust infrastructure, establishing standards, and ensuring interoperability to facilitate widespread adoption of quantum cryptography. This comprehensive exploration of quantum cryptography contributes to the advancement of secure communication, information protection, and the future of information security in the era of quantum technology.

The globe is observing the emergence of the Internet of Things more prominently recognized as IoT. In this day and age, there exist numerous technological apparatuses that possess the capability to be interconnected with the internet and can amass, convey, and receive information concerning the users. This technology endeavors to simplify existence, however, when the users information is the central concern for IoT operation, it is necessary to adhere to security measures to guarantee privacy and prevent the exploitation of said information. The customary cryptographic algorithms, such as RSA, AES, and DES, may perform adequately with older technologies such as conventional computers or laptops. Nevertheless, contemporary technologies are heading towards quantum computing, and this latter form possesses a processing capability that can effortlessly jeopardize the aforementioned cryptographic algorithms. Therefore, there arises an imperative necessity for a novel and resilient cryptographic algorithm. To put it differently, there is a requirement to devise a fresh algorithm, impervious to quantum computing, that can shield the information from assaults perpetrated utilizing quantum computing. IoT is one of the domains that must ensure the security of the information against malevolent activities. Besides the conventional cryptography that enciphers information into bits, quantum encryption utilizes qubits, specifically photons and photon polarization, to encode data.

The security of our data is the prime priority as it is said “Data is the new Oil”. Nowadays, most of our communications are either recorded or forged. There are algorithms used under classical encryption, such as Rivest-Shamir-Adleman (RSA), digital signature, elliptic-curve cryptography (ECC), and more, to protect our communication and data. However, these algorithms are breakable with the help of Quantum Cryptography. In addition, this technology provides the most secure form of communication between entities under the fundamental law of Physics. Here, we are abiding to discuss the term “Quantum Cryptography.” The aim of this paper is to explore the knowledge related to the Quantum Cryptography, Quantum Key Distribution; and their elements, implementation, and the latest research. Moreover, exploration of the loopholes and the security of Internet of Things (IoT) infrastructure and current used classical cryptographic algorithms are described in the paper.

A hybrid cryptosystem is developed in the paper “Hybrid Data Encryption and Decryption Using Hybrid RSA and DNA” by combining the advantages of asymmetric-key (public-key) and symmetric-key (private-key) cryptosystems. These two types of cryptosystems use a variety of key types. The approach addresses worries about the users right to privacy, authentication, and accuracy by using a data encryption procedure that is secure both ways. Data encoding and data decryption are two separate security techniques used by the system. It has been suggested that a hybrid encryption algorithm be used for file encryption to handle the issues with efficiency and security. RSA and DNA are combined in this method. The outcome so the tests show that the RSA and DNA hybrid encryption algorithms are suitable for use. In this particular study effort, the hybrid encryption and decoding for cloud processing with IOT devices used the DNA and RSA algorithms.

The development of IoT has penetrated various sectors. The development of IoT devices continues to increase and is predicted to reach 75 billion by 2025. However, the development of IoT devices is not followed by security developments. Therefore, IoT devices can become gateways for cyber attacks, including brute force and sniffing attacks. Authentication mechanisms can be used to ward off attacks. However, the implementation of authentication mechanisms on IoT devices is challenging. IoT devices are dominated by constraint devices that have limited computing. Thus, conventional authentication mechanisms are not suitable for use. Two-factor authentication using RFID and fingerprint can be a solution in providing an authentication mechanism. Previous studies have proposed a two-factor authentication mechanism using RFID and fingerprint. However, previous research did not pay attention to message exchange security issues and did not provide mutual authentication. This research proposes a secure mutual authentication protocol using two-factor RFID and fingerprint using MQTT protocol. Two processes support the authentication process: the registration process and authentication. The proposed protocol is tested based on biometric security by measuring the false acceptance rate (FAR) and false rejection rate (FRR) on the fingerprint, measuring brute force attacks, and measuring sniffing attacks. The test results obtained the most optimal FAR and FRR at the 80\% threshold. Then the equal error rate (ERR) on FAR and FRR is around 59.5\%. Then, testing brute force and sniffing attacks found that the proposed protocol is resistant to both attacks.

With the advances in 5G communication and mobile device, internet of drones (IoD) has emerged as a fascinating new concept in the realm of smart cities, and has garnered significant interest from both scientific and industrial communities. However, IoD are fragile to variety of security attacks because an adversary can reuse, delete, insert, intercept or block the transmitted messages over an open channel. Therefore, it is imperative to have robust and efficient authentication and key agreement (AKA) schemes for IoD in order to to fulfill the necessary security requirements. Recently, Nikooghadm et al. designed a secure and lightweight AKA scheme for internet of drones (IoD) in IoT environments. However, we prove that their scheme is not resilient to various security threats and does not provide the necessary security properties. Thus, we propose the essential security requirements and guidelines to enhance the security flaws of Nikooghadm et al.’s scheme.

Nowadays, the increasing number of devices deployed in IoT systems implementation and the requirement of preserving the integrity of data transported over the Internet, demand the use of data encryption schemes. This paper aims to show the performance evaluation of CP-ABE (Ciphertext-Policy Attribute Based Encryption) type of encryption over MQTT (Message Queue Transport Telemetry) that focuses on execution time for an IoT system with Raspberry Pi. For the implementation, two Raspberry Pi 4 Computer Model B are used for both the publisher and the subscriber, and a computer with Ubuntu 20.04 LTS operating system is used for the Broker and the Key Authority. The result of the present work provides relevant information on the execution times required in the CP-ABE encryption scheme to provide data integrity and fine-grained access control policy in an IoT system. The work demonstrates that the CP-ABE encryption scheme is suitable for IoT systems.

The Internet of Things (IoT) refers to the growing network of connected physical objects embedded with sensors, software and connectivity. While IoT has potential benefits, it also introduces new cyber security risks. This paper provides an overview of IoT security issues, vulnerabilities, threats, and mitigation strategies. The key vulnerabilities arising from IoT s scale, ubiquity and connectivity include inadequate authentication, lack of encryption, poor software security, and privacy concerns. Common attacks against IoT devices and networks include denial of service, ransom-ware, man-in-the-middle, and spoofing. An analysis of recent literature highlights emerging attack trends like swarm-based DDoS, IoT botnets, and automated large-scale exploits. Recommended techniques to secure IoT include building security into architecture and design, access control, cryptography, regular patching and upgrades, activity monitoring, incident response plans, and end-user education. Future technologies like blockchain, AI-enabled defense, and post-quantum cryptography can help strengthen IoT security. Additional focus areas include shared threat intelligence, security testing, certification programs, international standards and collaboration between industry, government and academia. A robust multilayered defense combining preventive and detective controls is required to combat rising IoT threats. This paper provides a comprehensive overview of the IoT security landscape and identifies areas for continued research and development.

Mission Impact Assessment (MIA) is a critical endeavor for evaluating the performance of mission systems, encompassing intricate elements such as assets, services, tasks, vulnerability, attacks, and defenses. This study introduces an innovative MIA framework that transcends existing methodologies by intricately modeling the interdependencies among these components. Additionally, we integrate hypergame theory to address the strategic dynamics of attack-defense interactions. To illustrate its practicality, we apply the framework to an Internet-of-Things (IoT)-based mission system tailored for accurate, time-sensitive object detection. Rigorous simulation experiments affirm the framework s robustness across a spectrum of scenarios. Our results prove that the developed MIA framework shows a sufficiently high inference accuracy (e.g., 80 \%) even with a small portion of the training dataset (e.g., 20–50 \%).

Cyberattacks, particularly those that take place in real time, will be able to target an increasing number of networked systems as more and more items connect to the Internet of items. While the system is operational, it is susceptible to intrusions that might have catastrophic consequences, such as the theft of sensitive information, the violation of personal privacy, or perhaps physical injury or even death. These outcomes are all possible while the system is operational. A mixed-methods research approach was required in order to fulfill the requirements for understanding the nature and scope of real-time assaults on IoT-powered cybersecurity infrastructure. The quantitative data that was utilized in this research came from an online survey of IoT security professionals as well as an analysis of publicly available information on IoT security incidents. For the purpose of gathering qualitative data, in-depth interviews with industry experts and specialists in the area of Internet of Things security were conducted. The authors provide a novel method for identifying cybersecurity flaws and breaches in cyber-physical systems, one that makes use of deep learning in conjunction with blockchain technology. This method has the potential to be quite useful. Their proposed technique compares and evaluates unsupervised and deep learning-based discriminative methods, in addition to introducing a generative adversarial network, in order to determine whether cyber threats are present in IICs networks that are powered by IoT. The results indicate an improvement in performance in terms of accuracy, reliability, and efficiency in recognizing all types of attacks. The dropout value was found to be 0.2, and the epoch value was set at 25.

The Web of Things (IoT), which aids in the creation opportunities to meet various business requirements, support in improving company activities, create and interact with the customers for effective delivery of goods and services, has seen overall expansion and development fueled by the dynamic business environment. The utilization of IoT and similar solutions has expanded, raising concerns about security vulnerabilities and the crucial actions that management must take to safeguard data and improve operational efficiency. The study focuses more on analyzing the key elements of IoT technologies that an organization may utilize to protect itself from security threats and take the necessary countermeasures to achieve sustainable growth. Each kind of network intrusion is thought to be linked around one or more different architectural levels; as a result, suitable authenticity, confidentially, and validation need to be established for greater protection. SPSS is utilized in the study s qualitative research design to analyses the data and offer insight based on the findings.

These days, safety measures can t be neglected. In a world where digital risks are becoming more prevalent, efficient security has become an essential aspect of any system or business. Protecting valuables now requires a defensive strategy with several layers. Security systems play an important role in today s modern, industrialised society. The security system is primarily intended to address the need for the protection of hard-earned treasures (jewels). Unlike the current method, which uses physical locks that are readily falsified, this system uses Bluetooth and RFID tags in conjunction with digital (electronic) code locks to unlock the door automatically once the series of authentications is validated and emits alarm noises when any discrepancy happens. The ability of subsequent layers of defense to prevent intrusion is unaffected by the failure of an earlier one to provide detection. In this effort, we use IoT to design and build a fully automated security system that will operate with no more human intervention when it is put into place. In addition, the system s overall cost of adoption is far lower than that of any other consumer security solution now on the market.

In today s world, security is a very important issue. People should always keep their belongings safe. To increase security, this research work proposes a IoT-based smart lockers with sensors and access keys with security, verification, and user-friendly tools. This model alerts the user when someone else tries to access their locker and quickly sends an alarm to the authorized user, and provides the option to either grant or reject access to the valid user. In this paper, smart locker is kept registered early to use a locker in the bank, office, home, etc. to ensure safety. The user demands to send an unlock direction with the help of microcontroller NUDE MCU ESP8266 and after accepting the command from the cloud (BLYNK APP), only the user can unlock the closet and access the valuables. This study has also introduced the encroachment detection in lockers with sensors and finally installed smart lockers with fire alarms for security and reliability.