1,167 research outputs found
Strengthening Privacy and Data Security in Biomedical Microelectromechanical Systems by IoT Communication Security and Protection in Smart Healthcare.
Biomedical Microelectromechanical Systems (BioMEMS) serve as a crucial catalyst in enhancing IoT communication security and safeguarding smart healthcare systems. Situated at the nexus of advanced technology and healthcare, BioMEMS are instrumental in pioneering personalized diagnostics, monitoring, and therapeutic applications. Nonetheless, this integration brings forth a complex array of security and privacy challenges intrinsic to IoT communications within smart healthcare ecosystems, demanding comprehensive scrutiny. In this manuscript, we embark on an extensive analysis of the intricate security terrain associated with IoT communications in the realm of BioMEMS, addressing a spectrum of vulnerabilities that spans cyber threats, data manipulation, and interception of communications. The integration of real-world case studies serves to illuminate the direct repercussions of security breaches within smart healthcare systems, highlighting the imperative to safeguard both patient safety and the integrity of medical data. We delve into a suite of security solutions, encompassing rigorous authentication processes, data encryption, designs resistant to attacks, and continuous monitoring mechanisms, all tailored to fortify BioMEMS in the face of ever-evolving threats within smart healthcare environments. Furthermore, the paper underscores the vital role of ethical and regulatory considerations, emphasizing the need to uphold patient autonomy, ensure the confidentiality of data, and maintain equitable access to healthcare in the context of IoT communication security. Looking forward, we explore the impending landscape of BioMEMS security as it intertwines with emerging technologies such as AI-driven diagnostics, quantum computing, and genomic integration, anticipating potential challenges and strategizing for the future. In doing so, this paper highlights the paramount importance of adopting an integrated approach that seamlessly blends technological innovation, ethical foresight, and collaborative ingenuity, thereby steering BioMEMS towards a secure and resilient future within smart healthcare systems, in the ambit of IoT communication security and protection
Securing the Invisible Thread: A Comprehensive Analysis of BLE Tracker Security in Apple AirTags and Samsung SmartTags
This study presents an in-depth analysis of the security landscape in
Bluetooth Low Energy (BLE) tracking systems, with a particular emphasis on
Apple AirTags and Samsung SmartTags, including their cryptographic frameworks.
Our investigation traverses a wide spectrum of attack vectors such as physical
tampering, firmware exploitation, signal spoofing, eavesdropping, jamming, app
security flaws, Bluetooth security weaknesses, location spoofing, threats to
owner devices, and cloud-related vulnerabilities. Moreover, we delve into the
security implications of the cryptographic methods utilized in these systems.
Our findings reveal that while BLE trackers like AirTags and SmartTags offer
substantial utility, they also pose significant security risks. Notably,
Apple's approach, which prioritizes user privacy by removing intermediaries,
inadvertently leads to device authentication challenges, evidenced by
successful AirTag spoofing instances. Conversely, Samsung SmartTags, designed
to thwart beacon spoofing, raise critical concerns about cloud security and
user privacy. Our analysis also highlights the constraints faced by these
devices due to their design focus on battery life conservation, particularly
the absence of secure boot processes, which leaves them susceptible to OS
modification and a range of potential attacks. The paper concludes with
insights into the anticipated evolution of these tracking systems. We predict
that future enhancements will likely focus on bolstering security features,
especially as these devices become increasingly integrated into the broader IoT
ecosystem and face evolving privacy regulations. This shift is imperative to
address the intricate balance between functionality and security in
next-generation BLE tracking systems
Analyzing the attack surface and threats of industrial Internet of Things devices
The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. Since attacks on such devices can also cause damage to people and machines, they must be properly secured. Therefore, a threat analysis is required in order to identify weaknesses and thus mitigate the risk. In this paper, we present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices. Our approach is to consider all components including hardware, software and data, assets, threats and attacks throughout the entire product life cycle
A Vulnerability Management Solution for constrained IoT devices with a Trusted Execution Environment using a Hardware Root of Trust
The popularity and prevalence of Internet of Things (IoT) devices has been ever increasing. They have found their way into our everyday lives and increasingly transform our living environments into smart homes. However, most of these constrained devices do not possess sufficient computational power, memory, and battery runtime in order to implement security features that are common for general purpose personal computers. Hence, the increasing numbers of interconnected consumer IoT devices are followed by an increase of their attack surface and vulnerabilities.
The following thesis approaches this security issue by providing a novel approach for a Runtime IoT Security Score that provides the inexperienced user of a smart home system with profound insight into the security state of the connected IoT devices during runtime. This is achieved by combining Vulnerability Assessment with Trustworthiness Assessment of the connected devices, which has never been proposed before and represents a very valuable contribution to the state of current research.
In addition to the Runtime Security Score, a holistic concept for a Vulnerability Assessment and Management (VAM) solution is proposed as another main contribution of this thesis. The effective and functional interoperability of all relevant components specified in this concept is shown with a Proof of Concept implementation.Die PopularitĂ€t und Verbreitung von GerĂ€ten des Internets der Dinge (engl.~Internet of Things, IoT) nimmt stĂ€ndig zu. Sie haben Einzug in unser tĂ€gliches Leben gehalten und verwandeln unsere Wohnumgebung zunehmend in ein intelligentes Zuhause. Die meisten dieser eingeschrĂ€nkten GerĂ€te verfĂŒgen jedoch nicht ĂŒber genĂŒgend Rechenleistung, Speicher und Akkulaufzeit, um Sicherheitsfunktionen zu implementieren, die fĂŒr allgemeine Personal Computer ĂŒblich sind. Mit der zunehmenden Zahl der vernetzten IoT-GerĂ€te fĂŒr Verbraucher steigen daher auch deren AngriffsflĂ€che und Schwachstellen.
Die vorliegende Arbeit widmet sich diesem Sicherheitsproblem, indem sie einen neuartigen Ansatz fĂŒr einen Runtime IoT Security Score vorstellt, der dem unerfahrenen Benutzer eines Smart-Home-Systems einen tiefen Einblick in den Sicherheitszustand der angeschlossenen IoT-GerĂ€te zur Laufzeit gibt. Dies wird durch die Kombination von Vulnerability Assessment mit einer Bewertung der VertrauenswĂŒrdigkeit der angeschlossenen GerĂ€te erreicht. Dies stellt einen neuartigen Ansatz darf und leistet damit einen sehr wertvollen Beitrag zum aktuellen Stand der Forschung.
Neben dem Runtime Security Score wird als weiterer wichtiger Beitrag dieser Arbeit ein ganzheitliches Konzept fĂŒr eine Vulnerability Assessment and Management (VAM) Lösung vorgeschlagen. Die effektive und funktionale InteroperabilitĂ€t aller relevanten Komponenten, die in diesem Konzept spezifiziert sind, wird mit einer Proof of Concept Implementierung gezeigt
Machine learning and blockchain technologies for cybersecurity in connected vehicles
Future connected and autonomous vehicles (CAVs) must be secured againstcyberattacks for their everyday functions on the road so that safety of passengersand vehicles can be ensured. This article presents a holistic review of cybersecurityattacks on sensors and threats regardingmulti-modal sensor fusion. A compre-hensive review of cyberattacks on intra-vehicle and inter-vehicle communicationsis presented afterward. Besides the analysis of conventional cybersecurity threatsand countermeasures for CAV systems,a detailed review of modern machinelearning, federated learning, and blockchain approach is also conducted to safe-guard CAVs. Machine learning and data mining-aided intrusion detection systemsand other countermeasures dealing with these challenges are elaborated at theend of the related section. In the last section, research challenges and future direc-tions are identified
IoTSan: Fortifying the Safety of IoT Systems
Today's IoT systems include event-driven smart applications (apps) that
interact with sensors and actuators. A problem specific to IoT systems is that
buggy apps, unforeseen bad app interactions, or device/communication failures,
can cause unsafe and dangerous physical states. Detecting flaws that lead to
such states, requires a holistic view of installed apps, component devices,
their configurations, and more importantly, how they interact. In this paper,
we design IoTSan, a novel practical system that uses model checking as a
building block to reveal "interaction-level" flaws by identifying events that
can lead the system to unsafe states. In building IoTSan, we design novel
techniques tailored to IoT systems, to alleviate the state explosion associated
with model checking. IoTSan also automatically translates IoT apps into a
format amenable to model checking. Finally, to understand the root cause of a
detected vulnerability, we design an attribution mechanism to identify
problematic and potentially malicious apps. We evaluate IoTSan on the Samsung
SmartThings platform. From 76 manually configured systems, IoTSan detects 147
vulnerabilities. We also evaluate IoTSan with malicious SmartThings apps from a
previous effort. IoTSan detects the potential safety violations and also
effectively attributes these apps as malicious.Comment: Proc. of the 14th ACM CoNEXT, 201
Privacy-Preserving Data in IoT-based Cloud Systems: A Comprehensive Survey with AI Integration
As the integration of Internet of Things devices with cloud computing
proliferates, the paramount importance of privacy preservation comes to the
forefront. This survey paper meticulously explores the landscape of privacy
issues in the dynamic intersection of IoT and cloud systems. The comprehensive
literature review synthesizes existing research, illuminating key challenges
and discerning emerging trends in privacy preserving techniques. The
categorization of diverse approaches unveils a nuanced understanding of
encryption techniques, anonymization strategies, access control mechanisms, and
the burgeoning integration of artificial intelligence. Notable trends include
the infusion of machine learning for dynamic anonymization, homomorphic
encryption for secure computation, and AI-driven access control systems. The
culmination of this survey contributes a holistic view, laying the groundwork
for understanding the multifaceted strategies employed in securing sensitive
data within IoT-based cloud environments. The insights garnered from this
survey provide a valuable resource for researchers, practitioners, and
policymakers navigating the complex terrain of privacy preservation in the
evolving landscape of IoT and cloud computingComment: 33 page
A Holistic Analysis of Internet of Things (IoT) Security : Principles, Practices, and New Perspectives
Peer reviewedPublisher PD
A Hierarchical Architectural Framework for Securing Unmanned Aerial Systems
Unmanned Aerial Systems (UAS) are becoming more widely used in the new era of evolving technology; increasing performance while decreasing size, weight, and cost. A UAS equipped with a Flight Control System (FCS) that can be used to fly semi- or fully-autonomous is a prime example of a Cyber Physical and Safety Critical system. Current Cyber-Physical defenses against malicious attacks are structured around security standards for best practices involving the development of protocols and the digital software implementation. Thus far, few attempts have been made to embed security into the architecture of the system considering security as a holistic problem. Therefore, a Hierarchical, Embedded, Cyber Attack Detection (HECAD) framework is developed to provide security in a holistic manor, providing resiliency against cyber-attacks as well as introducing strategies for mitigating and dealing with component failures. Traversing the hardware/software barrier, HECAD provides detection of malicious faults at the hardware and software level; verified through the development of an FPGA implementation and tested using a UAS FCS
- âŠ