The Internet of Things (IoT) refers to the growing network of connected physical objects embedded with sensors, software and connectivity. While IoT has potential benefits, it also introduces new cyber security risks. This paper provides an overview of IoT security issues, vulnerabilities, threats, and mitigation strategies. The key vulnerabilities arising from IoT s scale, ubiquity and connectivity include inadequate authentication, lack of encryption, poor software security, and privacy concerns. Common attacks against IoT devices and networks include denial of service, ransom-ware, man-in-the-middle, and spoofing. An analysis of recent literature highlights emerging attack trends like swarm-based DDoS, IoT botnets, and automated large-scale exploits. Recommended techniques to secure IoT include building security into architecture and design, access control, cryptography, regular patching and upgrades, activity monitoring, incident response plans, and end-user education. Future technologies like blockchain, AI-enabled defense, and post-quantum cryptography can help strengthen IoT security. Additional focus areas include shared threat intelligence, security testing, certification programs, international standards and collaboration between industry, government and academia. A robust multilayered defense combining preventive and detective controls is required to combat rising IoT threats. This paper provides a comprehensive overview of the IoT security landscape and identifies areas for continued research and development.

The two-factor authentication (2FA) has become pervasive as the mobile devices become prevalent. Existing 2FA solutions usually require some form of user involvement, which could severely affect user experience and bring extra burdens to users. In this work, we propose a secure 2FA that utilizes the individual acoustic fingerprint of the speaker/microphone on enrolled device as the second proof. The main idea behind our system is to use both magnitude and phase fingerprints derived from the frequency response of the enrolled device by emitting acoustic beep signals alternately from both enrolled and login devices and receiving their direct arrivals for 2FA. Given the input microphone samplings, our system designs an arrival time detection scheme to accurately identify the beginning point of the beep signal from the received signal. To achieve a robust authentication, we develop a new distance mitigation scheme to eliminate the impact of transmission distances from the sound propagation model for extracting stable fingerprint in both magnitude and phase domain. Our device authentication component then calculates a weighted correlation value between the device profile and fingerprints extracted from run-time measurements to conduct the device authentication for 2FA. Our experimental results show that our proposed system is accurate and robust to both random impersonation and Man-in-the-middle (MiM) attack across different scenarios and device models.

Two-factor authentication (2FA) is commonly used in Internet of Things (IoT) authentication to provide multi-layer protection. Tokens, often known as One-Time Passwords (OTP), are used to offer additional information. While this technique provides flexible verification and an additional layer of security, it still has a number of security issues. This is because it relies on third-party services to produce tokens or OTPs, which leads to serious information leakage issues. Additionally, relying on a third party to provide authentication tokens significantly increases the risk of exposure and attacks, as tokens can be stolen via Man-In-The-Middle (MITM) attacks. In trying to rectify this issue, in this paper, we propose and develop a blockchain-based two-factor authentication method for web-based access to sensor data. The proposed method provides a lightweight and usercentric authentication that makes use of Ethereum blockchain and smart contracts technologies. Then we provided performance and security analysis of our system. Based on the evaluation results, our method has proven to be effective and has the ability to facilitate reliable authentication.

Provable Security - The Industrial Internet of Things (IIoT) has brought about enormous changes in both our individual ways of life and the ways in which our culture works, transforming them into an unique electronic medium. This has enormous implications for almost every facet of life, including clever logistical, smart grids, and smart cities. In particular, the amount of gadgets that are part of the Industrial Internet of Things (IIoT) is increasing at such a fast pace that numerous gadgets and sensors are constantly communicating with one another and exchanging a substantial quantity of data. The potential of spying and hijacked assaults in messaging services has grown as a result of the creation; as a direct consequence of this, protecting data privacy and security has become two key problems at the current moment. In recent years, a protocol known as certificateless signature (LCS), which is both better secured and lighter, has been more popular for use in the development of source of energy IIoT protocols. The Schnorr signature serves as the foundation for this method s underlying mechanism. In spite of this, we found that the vast majority of the currently implemented CLS schemes are susceptible to a number of widespread security flaws. These flaws include man-in-the-middle (MITM) attacks, key generation centre (KGC) compromised attacks, and distributed denial of service (DDoS) attacks. As a potential solution to the issues that have been discussed in the preceding paragraphs, we, the authors of this work, suggest an unique pairing-free provable data approach. In order to develop a revolutionary LCS scheme that is dependable and efficient, this plan takes use of the most cutting-edge blockchain technology as well as smart contracts. After that, in order to verify the dependability of our system, we simulate both Type-I and Type-II adversary and run the results through a series of tests. The findings of a system security and a summative assessment have shown that our design is capable of providing more reliable security assurance at a lower overall cost of computation (for illustration, limited by around 40.0\% at most) and transmission time (for example, reduced by around 94.7\% at most) like other proposed scheme.

Network Security Resiliency - An often overlooked but equally important aspect of unmanned aerial system (UAS) design is the security of their networking protocols and how they deal with cyberattacks. In this context, cyberattacks are malicious attempts to monitor or modify incoming and outgoing data from the system. These attacks could target anywhere in the system where a transfer of data occurs but are most common in the transfer of data between the control station and the UAS. A compromise in the networking system of a UAS could result in a variety of issues including increased network latency between the control station and the UAS, temporary loss of control over the UAS, or a complete loss of the UAS. A complete loss of the system could result in the UAS being disabled, crashing, or the attacker overtaking command and control of the platform, all of which would be done with little to no alert to the operator. Fortunately, the majority of higher-end, enterprise, and government UAS platforms are aware of these threats and take actions to mitigate them. However, as the consumer market continues to grow and prices continue to drop, network security may be overlooked or ignored in favor of producing the lowest cost product possible. Additionally, these commercial off-the-shelf UAS often use uniform, standardized frequency bands, autopilots, and security measures, meaning a cyberattack could be developed to affect a wide variety of models with minimal changes. This paper will focus on a low-cost educational-use UAS and test its resilience to a variety of cyberattack methods, including man-in-the-middle attacks, spoofing of data, and distributed denial-of-service attacks. Following this experiment will be a discussion of current cybersecurity practices for counteracting these attacks and how they can be applied onboard a UAS. Although in this case the cyberattacks were tested against a simpler platform, the methods discussed are applicable to any UAS platform attempting to defend against such cyberattack methods.

Network Security Resiliency - Recently, Cloud Computing became one of today’s great innovations for provisioning Information Technology (IT) resources. Moreover, a new model has been introduced named Fog Computing, which addresses Cloud Computing paradigm issues regarding time delay and high cost. However, security challenges are still a big concern about the vulnerabilities to both Cloud and Fog Computing systems. Man- in- the- Middle (MITM) is considered one ofthe most destructive attacks in a Fog Computing context. Moreover, it’s very complex to detect MiTM attacks as it is performed passively at the SoftwareDefined Networking (SDN) level, also the Fog Computing paradigm is ideally suitable for MITM attacks. In this paper, a MITM mitigation schemewill be proposed consisting of an SDN network (Fog Leaders) which controls a layer of Fog Nodes. Furthermore, Multi-Path TCP (MPTCP) has been used between all edge devices and Fog Nodes to improve resource utilization and security. The proposed solution performance evaluation has been carried out in a simulation environment using Mininet, Ryu SDN controller and Multipath TCP (MPTCP) Linux kernel. The experimental results showed thatthe proposed solution improves security, network resiliency and resource utilization without any significant overheads compared to the traditional TCP implementation.

Multifactor Authentication - Dhillon and Kalra proposed a multi-factor user authentication scheme for IoT. The authors claim their scheme to have practical utility for the IoT environment. However, we find that their scheme has numerous flaws such as insider attack and inefficient authentication. An adversary can work as a middle-man between the sensor node and the user, and the user can set-up a session key with the sensor node. Besides, the scheme does not establish the mutual authentication between every pair of entities. Thus, the scheme is inconvenient for practical use. We conclude this article by providing some suggestions for the improvement of the analysed scheme to remove the weaknesses identified in it.

Multifactor Authentication - Internet of Things (IoT) has become an information bridge between societies. Wireless sensor networks (WSNs) are one of the emergent technologies that work as the main force in IoT. Applications based on WSN include environment monitoring, smart healthcare, user legitimacy authentication, and data security. Recently, many multifactor user authentication schemes for WSNs have been proposed using smart cards, passwords, as well as biometric features. Unfortunately, these schemes are shown to be susceptible towards several attacks and these includes password guessing attack, impersonation attack, and Man-in-the-middle (MITM) attack due to non-uniform security evaluation criteria. In this paper, we propose a lightweight multifactor authentication scheme using only hash function of the timestamp (TS) and One Time Password (OTP). Furthermore, public key and private key is incorporated to secure the communication channel. The security analysis shows that the proposed scheme satisfies all the security requirement and insusceptible towards some wellknown attack (password guessing attack, impersonation attack and MITM).

Cyber-attacks against Industrial Control Systems (ICS) can lead to catastrophic events which can be prevented by the use of security measures such as the Intrusion Prevention Systems (IPS). In this work we experimentally demonstrate how to exploit the configuration vulnerabilities of SNORT one of the most adopted IPSs to significantly degrade the effectiveness of the IPS and consequently allowing successful cyber-attacks. We illustrate how to design a batch script able to retrieve and modify the configuration files of SNORT in order to disable its ability to detect and block Denial of Service (DoS) and ARP poisoning-based Man-In-The-Middle (MITM) attacks against a Programmable Logic Controller (PLC) in an ICS network. Experimental tests performed on a water distribution testbed show that, despite the presence of IPS, the DoS and ARP spoofed packets reach the destination causing respectively the disconnection of the PLC from the ICS network and the modification of packets payload.

The concept of a microgrid has emerged as a promising solution for the management of local groups of electricity consumers and producers. The use of end-users' energy usage data can help in increasing efficient operation of a microgrid. However, existing data-aggregation schemes for a microgrid suffer different cyber attacks and do not provide high level of accuracy. This work aims at designing a privacy-preserving data-aggregation scheme for a microgrid of prosumers that achieves high level of accuracy, thereby benefiting to the management and control of a microgrid. First, a novel smart meter readings data protection mechanism is proposed to ensure privacy of prosumers by hiding the real energy usage data from other parties. Secondly, a blockchain-based data-aggregation scheme is proposed to ensure privacy of the end-users, while achieving high level of accuracy in terms of the aggregated data. The proposed data-aggregation scheme is evaluated using real smart meter readings data from 100 prosumers. The results show that the proposed scheme ensures prosumers' privacy and achieves high level of accuracy, while it is secure against eavesdropping and man-in-the-middle cyber attacks.

Still in many countries COVID19 virus is changing its structure and creating damages in terms of economy and education. In India during the period of January 2022 third wave is on its high peak. Many colleges and schools are still forced to teach online. This paper describes how cyber security actionable or practical fundamental were taught by school or college teachers. Various cyber security tools are used to explain the actionable insight of the subject. Main Topics or concepts covered are MITM (Man In the Middle Attack) using ethercap tool in Kali Linux, spoofing methods like ARP (Address Resolution Protocol) spoofing and DNS (Domain Name System) spoofing, network intrusion detection using snort , finding information about packets using wireshark tool and other tools like nmap and netcat for finding the vulnerability. Even brief details were given about how to crack password using wireshark.

Recently, Cloud Computing became one of today’s great innovations for provisioning Information Technology (IT) resources. Moreover, a new model has been introduced named Fog Computing, which addresses Cloud Computing paradigm issues regarding time delay and high cost. However, security challenges are still a big concern about the vulnerabilities to both Cloud and Fog Computing systems. Man- in- the- Middle (MITM) is considered one of the most destructive attacks in a Fog Computing context. Moreover, it’s very complex to detect MiTM attacks as it is performed passively at the Software-Defined Networking (SDN) level, also the Fog Computing paradigm is ideally suitable for MITM attacks. In this paper, a MITM mitigation scheme will be proposed consisting of an SDN network (Fog Leaders) which controls a layer of Fog Nodes. Furthermore, Multi-Path TCP (MPTCP) has been used between all edge devices and Fog Nodes to improve resource utilization and security. The proposed solution performance evaluation has been carried out in a simulation environment using Mininet, Ryu SDN controller and Multipath TCP (MPTCP) Linux kernel. The experimental results showed that the proposed solution improves security, network resiliency and resource utilization without any significant overheads compared to the traditional TCP implementation.

An often overlooked but equally important aspect of unmanned aerial system (UAS) design is the security of their networking protocols and how they deal with cyberattacks. In this context, cyberattacks are malicious attempts to monitor or modify incoming and outgoing data from the system. These attacks could target anywhere in the system where a transfer of data occurs but are most common in the transfer of data between the control station and the UAS. A compromise in the networking system of a UAS could result in a variety of issues including increased network latency between the control station and the UAS, temporary loss of control over the UAS, or a complete loss of the UAS. A complete loss of the system could result in the UAS being disabled, crashing, or the attacker overtaking command and control of the platform, all of which would be done with little to no alert to the operator. Fortunately, the majority of higher-end, enterprise, and government UAS platforms are aware of these threats and take actions to mitigate them. However, as the consumer market continues to grow and prices continue to drop, network security may be overlooked or ignored in favor of producing the lowest cost product possible. Additionally, these commercial off-the-shelf UAS often use uniform, standardized frequency bands, autopilots, and security measures, meaning a cyberattack could be developed to affect a wide variety of models with minimal changes. This paper will focus on a low-cost educational-use UAS and test its resilience to a variety of cyberattack methods, including man-in-the-middle attacks, spoofing of data, and distributed denial-of-service attacks. Following this experiment will be a discussion of current cybersecurity practices for counteracting these attacks and how they can be applied onboard a UAS. Although in this case the cyberattacks were tested against a simpler platform, the methods discussed are applicable to any UAS platform attempting to defend against such cyberattack methods.

Critical infrastructures such as the electricity grid can be severely impacted by cyber-attacks on its supply chain. Hence, having a robust cybersecurity infrastructure and management system for the electricity grid is a high priority. This paper proposes a cyber-security protocol for defense against man-in-the-middle (MiTM) attacks to the supply chain, which uses encryption and cryptographic multi-party authentication. A cyber-physical simulator is utilized to simulate the power system, control system, and security layers. The correctness of the attack modeling and the cryptographic security protocol against this MiTM attack is demonstrated in four different attack scenarios.