Security in IoT pairing & authentication protocols, a threat model and a case study analysis

The Internet of Things has changed the way we interact with the environment around us in our daily life, and it is increasingly common to find more than one IoT device in our home. However, the current design approaches adopted by the vendors are more oriented towards customer usability than to security. This often results in more and more devices exposing serious security problems. This work focuses on the security implications, i.e. the threats and the risks, of the current IoT pairing mechanisms and represents a step forward in the definition of our automated penetration testing methodology. In addition to the general threat model for a general IoT pairing process, we present the analysis of a QR code-based pairing mechanism implemented by a class of devices taken from the real market, which led to the identification of two vulnerabilities, one of which publicly disclosed as CVE-2021-27941

Security for 5G Mobile Wireless Networks

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding security services including authentication, availability, data confidentiality, key management and privacy. The paper further discusses the new security features involving different technologies applied to 5G such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software defined networks and Internet of Things. Motivated by these security research and development activities, we propose a new 5G wireless security architecture, based on which the analysis of identity management and flexible authentication is provided. As a case study, we explore a handover procedure as well as a signaling load scheme to show the advantage of the proposed security architecture. The challenges and future directions of 5G wireless security are finally summarized

An Architecture for Accountable Anonymous Access in the Internet-of-Things Network

This is the author accepted manuscript. The final version is available from IEEE via the DOI in this record.With the rapid development of the Internet, more and more devices are being connected to the Internet, making up the Internet-of-Things (IoT). The accountability and privacy are two important but contradictory factors to ensure the security of IoT networks. How to provide an accountable anonymous access to IoT networks is a challenging task. Since the IoT network is largely driven by services, in this paper we propose a new and efficient architecture to achieve accountable anonymous access to IoT networks based on services. In this architecture, a self-certifying identifier is proposed to efficiently identify a service. The efficiency and overhead of the proposed architecture are evaluated by virtue of the real trace collected from an Internet service provider. The experimental results show that the proposed architecture could efficiently balance accountability and privacy with acceptable overheads.This work is partially supported by the National Key Technology Research and Development Program (No. 2017YFB0801801), the National Science and Technology Major Project of the Ministry of Science and Technology of China (No. 2017ZX03001019), and the National Natural Science Foundation of China (No. 61672490 and No. 61303241)

Revisiting the Internet of Things: New Trends, Opportunities and Grand Challenges

The Internet of Things (IoT) has brought the dream of ubiquitous data access from physical environments into reality. IoT embeds sensors and actuators in physical objects so that they can communicate and exchange data between themselves to improve efficiency along with enabling real-time intelligent services and offering better quality of life to people. The number of deployed IoT devices has rapidly grown in the past five years in a way that makes IoT the most disruptive technology in recent history. In this paper, we reevaluate the position of IoT in our life and provide deep insights on its enabling technologies, applications, rising trends and grand challenges. The paper also highlights the role of artificial intelligence to make IoT the top transformative technology that has been ever developed in human history

Game Theory Based Privacy Protection for Context-Aware Services

In the era of context-aware services, users are enjoying remarkable services based on data collected from a multitude of users. To receive services, they are at risk of leaking private information from adversaries possibly eavesdropping on the data and/or the un--trusted service platform selling off its data. Malicious adversaries may use leaked information to violate users\u27 privacy in unpredictable ways. To protect users\u27 privacy, many algorithms are proposed to protect users\u27 sensitive information by adding noise, thus causing context-aware service quality loss. Game theory has been utilized as a powerful tool to balance the tradeoff between privacy protection level and service quality. However, most of the existing schemes fail to depict the mutual relationship between any two parties involved: user, platform, and adversary. There is also an oversight to formulate the interaction occurring between multiple users, as well as the interaction between any two attributes. To solve these issues, this dissertation firstly proposes a three-party game framework to formulate the mutual interaction between three parties and study the optimal privacy protection level for context-aware services, thus optimize the service quality. Next, this dissertation extends the framework to a multi-user scenario and proposes a two-layer three-party game framework. This makes the proposed framework more realistic by further exploring the interaction, not only between different parties, but also between users. Finally, we focus on analyzing the impact of long-term time-serial data and the active actions of the platform and adversary. To achieve this objective, we design a three-party Stackelberg game model to help the user to decide whether to update information and the granularity of updated information