Advances in wireless networking, such as 5G, continue to enable the vision of the Internet of Things (IoT), where everything is connected, and much data is collected by IoT devices and made available to interested parties (i.e., application servers). However, events such as botnet attacks (e.g., [1]) demonstrate that there are important challenges in this evolution.
Authored by David Shur, Giovanni Di Crescenzo, Qinqing Zhang, Ta Chen, Rajesh Krishnan, Yow-Jian Lin, Zahir Patni, Scott Alexander, Gene Tsudik
Embedded systems that make up the Internet of Things (IoT), Supervisory Control and Data Acquisition (SCADA) networks, and Smart Grid applications are coming under increasing scrutiny in the security field. Remote Attestation (RA) is a security mechanism that allows a trusted device, the verifier, to determine the trustworthiness of an untrusted device, the prover. RA has become an area of high interest in academia and industry and many research works on RA have been published in recent years. This paper reviewed the published RA research works from 2003-2020. Our contributions are fourfold. First, we have re-framed the problem of RA into 5 smaller problems: root of trust, evidence type, evidence gathering, packaging and verification, and scalability. We have provided a holistic review of RA by discussing the relationships between these problems and the various solutions that exist in modern RA research. Second, we have presented an enhanced threat model that allows for a greater understanding of the security benefits of a given RA scheme. Third, we have proposed a taxonomy to classify and analyze RA research works and use it to categorize 58 RA schemes reported in literature. Fourth, we have provided cost benefit analysis details of each RA scheme surveyed such that security professionals may perform a cost benefit analysis in the context of their own challenges. Our classification and analysis has revealed areas of future research that have not been addressed by researchers rigorously.
Authored by William Johnson, Sheikh Ghafoor, Stacy Prowell
Trusted data transmission is the foundation of the Internet of Things (IoT) security, so in the process of data transmission, the trust of IoT nodes needs to be confirmed in real time, and the real-time tracking of node trust is also expected. Yet, modern IoT devices provide limited security capabilities, forming a new attack focus. Remote attestation is a kind of technology to detect network threats by remotely checking the internal situation of terminal devices by a trusted entity. Multidevice attestation is rarely studied although the ongoing single device attestation techniques lack scalability in the application of IoT. In this article, we present a lightweight attestation protocol based on an IoT system under an ideal physical unclonable functions environment. Our protocol can resilient against any strong adversary who physically accesses IoT devices. Simulation results show that our protocol is scalable and can be applied to dynamic networks.
Authored by Xinyin Xiang, Jin Cao, Weiguo Fan
Due to recent notorious security threats, like Miraibotnet, it is challenging to perform efficient data communication and routing in low power and lossy networks (LLNs) such as Internet of Things (IoT), in which huge data collection and processing are predictable. The Routing Protocol for low power and Lossy networks (RPL) is recently standardized as a routing protocol for LLNs. However, the lack of scalability and the vulnerabilities towards various security threats still pose a significant challenge in the broader adoption of RPL in LLNs.
Authored by Mauro Conti, Pallavi Kaliyar, Md Rabbani, Silvio Ranise
The edge computing-based Internet of Things (IoT) offers benefits in terms of efficiency, low latency, security, and privacy. However, programming models and platforms for this edge-based IoT are still an open problem, particularly regarding security and privacy. This paper proposes concrete and realizable ideas for building a secure programming platform called Secure Swarm Programming Platform (SSPP) to ensure platform-level security for the edge-based IoT while utilizing existing systemlevel security mechanisms. SSPP’s easy-to-use software components can enable static and dynamic security analysis of IoT applications, preventing vulnerabilities and detecting intrusions. Software deployed through SSPP can be remotely attested by a verifier on the edge, ensuring it remains untampered with. This paper also plans out future research and evaluation of SSPP’s programmability, security, and remote attestation.
Authored by Hokeun Kim
With the proliferation of IoT devices, the number of devices connected to the Internet has been rapidly increasing. An edge computing platform must flexible and efficient data control. Also, edge nodes are not always reliable. Edge node administrators can leak data through intentional mishandling. In this paper, we propose an edge computing platform on modular architecture that protects data and processing from interception and a processing flow based on data characteristics using Intel SGX and multi-authority attribute-based encryption. In addition, we report a performance evaluation of our method.
Authored by Yuma Nishihira, Takuya Ishibashi, Yoshio Kakizaki, Toshihiro Ohigashi, Hidenobu Watanabe, Tohru Kondo, Reiji Aibara
The wide adoption of IoT gadgets and CyberPhysical Systems (CPS) makes embedded devices increasingly important. While some of these devices perform mission-critical tasks, they are usually implemented using Micro-Controller Units (MCUs) that lack security mechanisms on par with those available to general-purpose computers, making them more susceptible to remote exploits that could corrupt their software integrity. Motivated by this problem, prior work has proposed techniques to remotely assess the trustworthiness of embedded MCU software. Among them, Control Flow Attestation (CFA) enables remote detection of runtime abuses that illegally modify the program’s control flow during execution (e.g., control flow hijacking and code reuse attacks).
Authored by Antonio Neto, Ivan Nunes
Technology integration has enabled value-added services and quality-of-life enhancement in almost all aspects of modern life. In this paper, we present a UAV and low-cost Bluetooth low energy (BLE) tags-based location search system which enables a cart take-home service for shoppers of a supermarket in a model smart colony. The presented system has quality-of-life enhancement as well as carbon footprint reduction effects and can be integrated with the existing security and/or transport system of the model smart colony. Conducted field trials on location accuracy of the system are also presented, showing that carts left by residents outside the home can be located within 6.58m and carts taken inside homes or buildings can be located within 16.43m.
Authored by Rana Bilal, Zubair Akhter, Nawaf Alsahli, Muhammad Abdel-Aal, Atif Shamim
IoT-Based Smart Bag and Women Security System is an novel solution to address the raising problem of women s safety and offers protection to their personal belongings while providing real-time status updates. In recent days, women often face insecure situations in society. To overcome this, a safety-oriented method has been proposed. When the person is attacked by any of the strangers of thieves, the person can use the push button by which an alert notification is delivered to the registered smart phone number with the person’s location. Additionally, the bag is provided with a shock generator that can be used by women to defend themselves against attacks from strangers or theft people, which generates an electric shock of 550V. The bag is also assisted with a finger print detector is used for securing the zipper to avoid theft. An internal lighting system have been used which detects the intensity of light and automatically switches ON when the intensity is low for ease of locating items and a wireless charger for consumer’s convenience. This system utilizes components such as ESP32, a fingerprint sensor, and a GPS system helps tracing the exact location of the bag. The collected data can visualize through the Adafruit dashboard, that offers users a clear view of the bag s location, and ON and OFF status of LED and fingerprint sensor.
Authored by Ramesh R
Logistic transportation is the backbone of the supply chain. An uninterrupted transportation of any goods keeps the supply chain well balanced and thus helps the business as well as the economy. But in this current world, the transportation of goods is being harmed in many ways. One of those is theft, where the driver is also involved or not, but the thief steals the goods with or without breaking the seal. Both the supplying company and the client are affected by this. To reduce the problem, we are proposing a two-step security system. So that even if one system is deactivated somehow, the other system can be alerted, and necessary steps can be taken accordingly. By doing so, we can maintain a constant connection with the vehicle. Through this proposed project, the outer door seal of the cargo vehicle can be locked or unlocked, and the server can observe in real time whether any items inside are being stolen without opening the door. The security of logistics supply vehicles through the proposed paper will be more robust and beneficial to both the transport service provider and the service taker.
Authored by Thohidul Islam, Md. Qureshi, Hrishin Palit, Md. Sayeed
In today s world, security is a very important issue. People should always keep their belongings safe . To increase security, this research work proposes a IoT-based smart lockers with sensors and access keys with security, verification, and user-friendly tools. This model alerts the user when someone else tries to access their locker and quickly sends an alarm to the authorized user, and provides the option to either grant or reject access to the valid user. In this paper, smart locker is kept registered early to use a locker in the bank, office, home, etc. to ensure safety. The user demands to send an unlock direction with the help of microcontroller NUDE MCU ES P8266 and after accepting the command from the cloud (BLYNK APP), only the user can unlock the closet and access the valuables. This study has also introduced the encroachment detection in lockers with sensors and finally installed smart lockers with fire alarms for security and reliability.
Authored by Bhawna Khokher, Mamta Savadatti, Anish Kumar, T.V. Nikhil, Pranav Raj, Aditya Thakre
Advances in sensor and communication technologies have transformed traditional homes into smart homes, equipped with sensors and actuators for various functionalities like smart lighting, temperature control, irrigation, solar monitoring, entertainment, and security. This transition is powered by the Internet of Things (IoT) architecture, enabling smart home hubs to integrate and control devices with different communication protocols. However, this shift has also introduced new security and privacy issues in the Smart Home IoT (SH-IoT) environment. To address these challenges, new communication protocols with cryptographic features have been developed, and a unified standard called Matter has been created to promote interoperability among different device manufacturers. This paper presents a comprehensive survey of recent trends and advances in the smart home IoT landscape, focusing on communication protocols, their security issues and protection features against vulnerabilities in the SH-IoT environment.
Authored by Ismael Holguin, Sai Errapotu
In the last decade the rapid development of the communications and IoT systems have risen many challenges regarding the security of the devices that are handled wirelessly. Therefore, in this paper, we intend to test the possibility of spoofing the parameters for connection of the Bluetooth Low Energy (BLE) devices, to make several recommendations for increasing the security of the usage of those devices and to propose basic counter measurements regarding the possibility of hacking them.
Authored by Cristian Capotă, Mădălin Popescu, Simona Halunga, Octavian Fratu
With the advancement in Internet of things smart homes are rapidly developing. Smart home is the major key component of Internet of thing. With the help of IOT technology we can stay connected to our home appliance. Internet of Things is the Associations of inserted advancements that. Contained physical protests and is utilized to convey and keenness or collaborate with the internal states or the outer surroundings. Rather than individuals to individuals’ correspondence, IoT accentuation on machine-to-machine correspondence. Smart home connects the physical components of our home with the help of software and sensors so that we can access them via internet from one place. Building home automation includes computerizing a home, likewise, mentioned to as a sensible home or smart home. Domestic machines are an urgent part of the Web of Things whenever they are associated with the web. Controlled devices are commonly connected to a focal center or entryway through a domestic automation framework. A smartphone application, tablet PC, personal computer, wall-mounted terminals, or even a web interface that can be gotten to from off-website over the Web are completely utilized by the program to work the framework. Since all the devices are interconnected and interlinked to one an-another they are lot of chances for security breach and data theft. If the security layer is easily breakable any third-party attacker can easily theft the private data of the user. Which leads us to pay more attention to protecting and securing private data. With the day-to-day development of Smart Home, the safety also got to be developed and updated day to day the safety challenges of the IoT for a wise home scenario are encountered, and a comprehensive IoT security management for smart homes has been proposed. This paper acquaints the status of IoT development, and furthermore contains security issues challenges. Finally, this paper surveys the Gamble factor, security issues and challenges in every point of view.
Authored by S.R Anupriya, Muthumanikandan V
Multiple smart operations, similar as smart technologies in homes, smart metropolises, smart husbandry, and smart health and fitness centres, use a new technology known as the Internet of effects. They correspond of an multifariousness of multiple networked bias that link to multiple detectors and the internet. Among the layers that comprise an IoT armature are the perception subcaste, network subcaste, and operation subcaste. Due to their wide use, these smart biases have fairly minimum protection and are vulnerable to attacks. Comprehensive explanations of operation subcaste security issues and protocols, similar as Advance Message Queuing Protocol(AMQP) in application layer protocol, Constrained operation protocol( CoAP), and REST( Emblematic State Transport).
Authored by K Parvathy, B Nataraj
The Internet of Things (IoT) connects the physical world to the digital world, and wireless sensor networks (WSNs) play a significant role. There are billions of IoT products in the market. We found that security was not the primary focus of software developers. The first step of designing a secure product is to analyze and note down the security requirements. This research paper proposes a modified approach, incorporating elements from the SREP (Software Requirements Engineering Process) and SQUARE (Security Quality Requirement Engineering), to define security requirements for IoT products. The revised process is applied to determine the security requirements of a Smart Lock system that utilizes the publish/subscribe protocol MQTT-SN (Message Queuing Telemetry Transport for Sensor Networks) communication protocol architecture.
Authored by Hemant Gupta, Amiya Nayak
There will be a billion smart devices with processing, sensing, and actuation capabilities that can be connected to the Internet under the IoT paradigm. The level of convenience, effectiveness, and automation for consumers is expected to rise owing to promising IoT applications. Privacy is a significant concern in IoT systems, and it is essential to provide users with full awareness and control over the data collected by these systems. The use of privacy-enhancing technologies can help to minimise the risks associated with data collection and processing and ensure that user privacy is protected. Lack of standards for devices with limited resources and heterogeneous technologies intensifies the security issue. There are various emerging and existing technologies that can help to address the security risks in the IoT sector and achieve a high degree of trust in IoT applications. By implementing these technologies and countermeasures, it is possible to improve the security and reliability of IoT systems, ensuring that they can be used safely and effectively in a wide range of applications. This article’s intent is to provide a comprehensive investigation of the threats and risks in the IoT industry and to examine some potential countermeasures.
Authored by Jaspreet Singh, Gurpreet Singh, Shradha Negi
Past Advanced Persistent Threat (APT) attacks on Industrial Internet-of-Things (IIoT), such as the 2016 Ukrainian power grid attack and the 2017 Saudi petrochemical plant attack, have shown the disruptive effects of APT campaigns while new IIoT malware continue to be developed by APT groups. Existing APT detection systems have been designed using cyberattack TTPs modelled for enterprise IT networks and leverage specific data sources (e.g., Linux audit logs, Windows event logs) which are not found on ICS devices. In this work, we propose RAPTOR, a system to detect APT campaigns in IIoT. Using cyberattack TTPs modelled for ICS/OT environments and focusing on ‘invariant’ attack phases, RAPTOR detects and correlates various APT attack stages in IIoT leveraging data which can be readily collected from ICS devices/networks (packet traffic traces, IDS alerts). Subsequently, it constructs a high-level APT campaign graph which can be used by cybersecurity analysts towards attack analysis and mitigation. A performance evaluation of RAPTOR’s APT attack-stage detection modules shows high precision and low false positive/negative rates. We also show that RAPTOR is able to construct the APT campaign graph for APT attacks (modelled after real-world attacks on ICS/OT infrastructure) executed on our IIoT testbed.
Authored by Ayush Kumar, Vrizlynn Thing
Poisoning Attacks in Federated Edge Learning for Digital Twin 6G-Enabled IoTs: An Anticipatory Study
Federated edge learning can be essential in supporting privacy-preserving, artificial intelligence (AI)-enabled activities in digital twin 6G-enabled Internet of Things (IoT) environments. However, we need to also consider the potential of attacks targeting the underlying AI systems (e.g., adversaries seek to corrupt data on the IoT devices during local updates or corrupt the model updates); hence, in this article, we propose an anticipatory study for poisoning attacks in federated edge learning for digital twin 6G-enabled IoT environments. Specifically, we study the influence of adversaries on the training and development of federated learning models in digital twin 6G-enabled IoT environments. We demonstrate that attackers can carry out poisoning attacks in two different learning settings, namely: centralized learning and federated learning, and successful attacks can severely reduce the model s accuracy. We comprehensively evaluate the attacks on a new cyber security dataset designed for IoT applications with three deep neural networks under the non-independent and identically distributed (Non-IID) data and the independent and identically distributed (IID) data. The poisoning attacks, on an attack classification problem, can lead to a decrease in accuracy from 94.93\% to 85.98\% with IID data and from 94.18\% to 30.04\% with Non-IID.
Authored by Mohamed Ferrag, Burak Kantarci, Lucas Cordeiro, Merouane Debbah, Kim-Kwang Choo
Agro-Ledger: Blockchain Based Framework for Transparency and Traceability in Agri-Food Supply Chains
This paper presents a pioneering blockchain-based framework for enhancing traceability and transparency within the global agrifood supply chain. By seamlessly integrating blockchain technology and the Ethereum Virtual Machine (EVM), the framework offers a robust solution to the industry s challenges. It weaves a narrative where each product s journey is securely documented in an unalterable digital ledger, accessible to all stakeholders. Real-time Internet of Things (IoT) sensors stand sentinel, monitoring variables crucial to product quality. With millions afflicted by foodborne diseases, substantial food wastage, and a strong consumer desire for transparency, this framework responds to a clarion call for change. Moreover, the framework s data-driven approach not only rejuvenates consumer confidence and product authenticity but also lays the groundwork for robust sustainability and toxicity assessments. In this narrative of technological innovation, the paper embarks on an architectural odyssey, intertwining the threads of blockchain and EVM to reimagine a sustainable, transparent, and trustworthy agrifood landscape.
Authored by Prasanna Kumar, Bharati Mohan, Akilesh S, Jaikanth Y, Roshan George, Vishal G, Vishnu P, Elakkiya R
The adoption of IoT in a multitude of critical infrastructures revolutionizes several sectors, ranging from smart healthcare systems to financial organizations and thermal and nuclear power plants. Yet, the progressive growth of IoT devices in critical infrastructure without considering security risks can damage the user’s privacy, confidentiality, and integrity of both individuals and organizations. To overcome the aforementioned security threats, we proposed an AI and onion routing-based secure architecture for IoT-enabled critical infrastructure. Here, we first employ AI classifiers that classify the attack and non-attack IoT data, where attack data is discarded from further communication. In addition, the AI classifiers are secure from data poisoning attacks by incorporating an isolation forest algorithm that efficiently detects the poisoned data and eradicates it from the dataset’s feature space. Only non-attack data is forwarded to the onion routing network, which offers triple encryption to encrypt IoT data. As the onion routing only processes non-attack data, it is less computationally expensive than other baseline works. Moreover, each onion router is associated with blockchain nodes that store the verifying tokens of IoT data. The proposed architecture is evaluated using performance parameters, such as accuracy, precision, recall, training time, and compromisation rate. In this proposed work, SVM outperforms by achieving 97.7\% accuracy.
Authored by Nilesh Jadav, Rajesh Gupta, Sudeep Tanwar
The term "Internet of things (IoT) security" refers to the software industry concerned with protecting the IoT and connected devices. Internet of Things (IoT) is a network of devices connected with computers, sensors, actuators, or users. In IoT, each device has a distinct identity and is required to automatically transmit data over the network. Allowing computers to connect to the Internet exposes them to a number of major vulnerabilities if they are not properly secured. IoT security concerns must be monitored and analyzed to ensure the proper working of IoT models. Protecting personal safety while ensuring accessibility is the main objective of IoT security. This article has surveyed some of the methods and techniques used to secure data. Accuracy, precision, recall, f1 score, and area under the Receiver Operating Characteristic Curve are the assessment metrics utilized to compare the performance of the existing techniques. Further the utilization of machine learning algorithms like Decision Tree, Random Forest, and ANN tests have resulted in an accuracy of 99.4\%. Despite the results, Random Forest (RF) performs significantly better. This study will help to gain more knowledge on the smart home automation and its security challenges.
Authored by Robinson Joel, G. Manikandan, G Bhuvaneswari
Recently, the manufacturing industry is changing into a smart manufacturing era with the development of 5G, artificial intelligence, and cloud computing technologies. As a result, Operational Technology (OT), which controls and operates factories, has been digitized and used together with Information Technology (IT). Security is indispensable in the smart manu-facturing industry as a problem with equipment, facilities, and operations in charge of manufacturing can cause factory shutdown or damage. In particular, security is required in smart factories because they implement automation in the manufacturing industry by monitoring the surrounding environment and collecting meaningful information through Industrial IoT (IIoT). Therefore, in this paper, IIoT security proposed in 2022 and recent technology trends are analyzed and explained in order to understand the current status of IIoT security technology in a smart factory environment.
Authored by Jihye Kim, Jaehyoung Park, Jong-Hyouk Lee
The Internet of Things, or IoT, is a paradigm in which devices interact with the physical world through sensors and actuators, while still communicating with other computers over various types of networks. IoT devices can be found in many environments, often in the hands of non-technical users. This presents unique security concerns, since compromised devices can be used not only for typical objectives like network footholds, but also to cause harm in the real world (for instance, by unlocking the door to a house or changing safety configurations in an industrial control system). This work in progress paper presents a series of laboratory exercises under development at a large Midwestern university that introduces undergraduate cyber security engineering students to the Internet of Things and its (in)security considerations. The labs will be part of a 400-level technical elective course offered to cyber security engineering majors. The design of the labs has been grounded in the experiential learning process. The concepts in each lab module are couched in hands-on activities and integrate real world problems into the laboratory environment. The laboratory exercises are conducted using an Internet testbed and a combination of actual IoT devices and virtualized devices to showcase various IoT environments, vulnerabilities, and attacks.
Authored by Megan Ryan, Julie Rursch
While the introduction of cyber physical systems (CPS) into society is progressing toward the realization of Society 5.0, the threat of cyberattacks on IoT devices(IoT actuators) that have actuator functions to bring about physical changes in the real world among the IoT devices that constitute the CPS is increasing. In order to prepare for unauthorized control of IoT actuators caused by cyberattacks that are evolving daily, such as zero-day attacks that exploit unknown vulnerabilities in programs, it is an urgent issue to strengthen the CPS, which will become the social infrastructure of the future. In this paper, I explain, in particular, the security requirements for IoT actuators that exert physical action as feedback from cyberspace to the physical space, and a security framework for control that changes the real world, based on changes in cyberspace, where attackers are persistently present. And, I propose a security scheme for IoT actuators that integrates a new concept of security known as Zero Trust, as the Zero Trust IoT Security Framework (ZeTiots-FW).
Authored by Nobuhiro Kobayashi