Towards a Security, Privacy, Dependability, Interoperability Framework for the Internet of Things

A popular application of ambient intelligence systems constitutes of assisting living services on smart buildings. As intelligence is imported in embedded equipment, the system becomes able to provide smart services (e.g. control lights, airconditioning, provide energy management services etc.). IoT is the main enabler of such environments. However, the interconnection of these cyber-physical systems and the processing of personal data raise serious security and privacy issues. In this paper we present a framework that can guarantee Security, Privacy, Dependability and Interoperability (SPDI) in IoT. Taking advantage of the underlying IoT deployment, the proposed framework not only implements the requested smart functionality but also provide modelling and administration that can guarantee those SPDI properties. Moreover, we provide an application example of the framework in a smart building scenario

An assessment of blockchain consensus protocols for the Internet of Things

In a few short years the Internet of Things has become an intrinsic part of everyday life, with connected devices included in products created for homes, cars and even medical equipment. But its rapid growth has created several security problems, with respect to the transmission and storage of vast amounts of customers data, across an insecure heterogeneous collection of networks. The Internet of Things is therefore creating a unique set of risk and problems that will affect most households. From breaches in confidentiality, which could allow users to be snooped on, through to failures in integrity, which could lead to consumer data being compromised; devices are presenting many security challenges to which consumers are ill equipped to protect themselves from. Moreover, when this is coupled with the heterogeneous nature of the industry, and the interoperable and scalability problems it becomes apparent that the Internet of Things has created an increased attack surface from which security vulnerabilities may be easily exploited. However, it has been conjectured that blockchain may provide a solution to the Internet of Things security and scalability problems. Because of blockchain’s immutability, integrity and scalability, it is possible that its architecture could be used for the storage and transfer of Internet of Things data. Within this paper a cross section of blockchain consensus protocols have been assessed against a requirement framework, to establish each consensus protocols strengths and weaknesses with respect to their potential implementation in an Internet of Things blockchain environment

An Evaluation Framework for Adaptive Security for the IoT in eHealth

The work presented here has been carried out in the project ASSET – Adaptive Security for Smart Internet of Things in eHealth (2012–2015) funded by the Research Council of Norway in the VERDIKT programme. WThe work presented here has been carried out in the project ASSET – Adaptive Security for Smart Internet of Things in eHealth (2012–2015) funded by the Research Council of Norway in the VERDIKT programme. W—We present an assessment framework to evaluate adaptive security algorithms specifically for the Internet of Things (IoT) in eHealth applications. The successful deployment of the IoT depends on ensuring security and privacy, which need to adapt to the processing capabilities and resource use of the IoT. We develop a framework for the assessment and validation of context-aware adaptive security solutions for the IoT in eHealth that can quantify the characteristics and requirements of a situation. We present the properties to be fulfilled by a scenario to assess and quantify characteristics for the adaptive security solutions for eHealth. We then develop scenarios for patients with chronic diseases using biomedical sensors. These scenarios are used to create storylines for a chronic patient living at home or being treated in the hospital. We show numeric examples for how to apply our framework. We also present guidelines how to integrate our framework to evaluating adaptive security solutionsThe work presented here has been carried out in the project ASSET – Adaptive Security for Smart Internet of Things in eHealth (2012–2015) funded by the Research Council of Norway in the VERDIKT programme

ICMetrics based industrial internet of things (IIoT) security in the post quantum world

We are moving into an era of autonomous Industrial Internet of Things world; its security must be considered a crucial element. To maintain the current growth rate in Industrial Internet of Things, future threats related to quantum computing era need utmost attention. This research, in its preliminary stages is a major step in this direction and aims to design an ICMetrics based Industrial Internet of Things security framework for the post quantum era

Safety and security management through an integrated multidisciplinary model and related integrated technological framework

The purpose of this paper is to illustrate a multidisciplinary model for safety and security management (IMMSSM) which can be implemented by means of a suitable Integrated Technological System Framework (ITSF) that can be based on Internet of Things (IoT)/Internet of Everything (IoE), showing also the significant role played by the integration of the elements that compose the model itself, thanks to a proper genetic algorithm studied for the specific context

Threat Modeling Solution for Internet of Things in a Web­based Security Framework

The Internet of Things (IoT) is a growing paradigm that provides daily life benefits for its users, motivating a fast paced deployment of IoT devices in sensitive scenarios. However, current IoT devices do not correctly apply or integrate security controls or technology, potentially leading to a wide panoply of problems, most of them with harmful impact to the user. Thus, this work proposes the development of a tool that helps developers create properly secure IoT devices by identifying possible weaknesses in the system. This tool consists of a module of a framework, denominated Security Advising Modules (SAM) in the scope of this work, and achieves the referred objective by identifying possible weaknesses found in the software and hardware of IoT devices. To define the weaknesses, a set of databases containing information about vulnerabilities and weaknesses found in a system were investigated throughout this project, and a restricted set of weaknesses to be presented was chosen. Since some databases contain hundreds of thousands of vulnerabilities, it was neither feasible nor pertinent to present them completely in the developed tool. Additionally, the questions to retrieve system information were identified in this work, allowing us to map the chosen weaknesses to the answers given by the developer to those questions. The tool developed was properly tested by running automated tests, with the Selenium framework, and also validated by security experts and evaluated by a set of 18 users. Finally, based on user feedback, it was concluded that the developed tool was useful, simple and straightforward to use, and that 89% of respondents had never interacted with a similar tool (adding, in this way, to the innovative character).A Internet das Coisas (do inglês Internet of Things, IoT) é um paradigma em acentuado crescimento com benefícios inegáveis para o dia a dia dos utilizadores, com uma elevada aplicação dos dispositivos da IoT em cenários sensíveis. No entanto, atualmente os dispositivos da IoT não garantem corretamente as propriedades de segurança, o que pode levar a toda uma panóplia de problemas, muitos com impacto no utilizador. Este trabalho propõe o desenvolvimento de uma ferramenta que auxilie os programadores a criar dispositivos da IoT seguros. A ferramenta é um módulo de uma framework denominada Security Advising Modules (SAM), e procura atingir o referido objetivo através da identificação de fraquezas que possam existir no software ou hardware dos dispositivos IoT. Com o objetivo de delinear as fraquezas, consultou­se ao longo deste projeto um conjunto de bases de dados que contêm informações sobre vulnerabilidades e fraquezas encontradas em sistemas, do qual se escolheram um conjunto restrito de fraquezas a apresentar. A escolha deste conjunto deve­se a algumas das bases de dados consultadas conterem centenas de milhares de vulnerabilidades, pelo que não é exequível nem pertinente a sua completa apresentação na nossa ferramenta. Complementarmente, identificaramse neste trabalho as questões que permitem obter informações sobre o sistema em desenvolvimento que depois nos permitem mapear as fraquezas em função das respostas do programador. A ferramenta desenvolvida foi devidamente testada através da execução de testes automáticos, com a framework Selenium, e também validada por especialistas de segurança e avaliada por um conjunto de 18 utilizadores. Por fim, com base no feedback dos utilizadores, concluiu­se que a ferramenta desenvolvida era útil, de utilização simples e direta, e que 89% dos inquiridos nunca tinham interagido com uma ferramenta similar (nesse sentido inovadora).The work described in this dissertation was carried out at the Instituto de Telecomunicações, Multimedia Signal Processing ­ Cv Laboratory, in Universidade da Beira Interior, at Covilhã, Portugal. This research work was funded by the S E C U R I o T E S I G N Project through FCT/COMPETE/FEDER under Reference Number POCI­01­0145­FEDER­030657 and by Fundação para Ciência e Tecnologia (FCT) research grant with reference BIL/ Nº12/2019­B00702

LISF: A Security Framework for Internet of Things (IoT) Integrated Distributed Applications

Distributed applications where Internet of Things (IoT) technology integrated are vulnerable to different kinds of attacks. Machine learning algorithms are widely used to detect intrusions in such applications. However, there is need for an effective unsupervised learning approach which can detect known and also unknown attacks. Towards this end, in this paper, we proposed a framework to protect security of IoT integrated architectures that are distributed in nature. Our framework is named Learning based IoT Security Framework (LISF). The framework is designed to have machine learning based security to IoT integrated use cases. Since IoT networks cause network traffic that is to be monitored and protected from external attacks, the proposed system uses deep learning technique for automatic detection of cyber-attacks. Particularly, the system exploits deep autoencoder which comprises of encoder and decoder for automatic detection of different kinds of intrusions. It is based on unsupervised learning which is crucial for distributed environments where network flows cannot have sophisticated training samples. We proposed an algorithm named Deep Autoencoder based Cyber Attack Detection (DAE-CAD). Experiments are made using IoT use case dataset known as UNSW-NB15. Our empirical results revealed that DAE-CAD outperforms existing methods with highest accuracy 91.36%

A signature-based data security and authentication framework for internet of things applications

Internet of things (IoT) is the next big revolution in modernized network technologies connecting a massive number of heterogeneous smart appliances and physical objects. Owing to these technologies' novelty, various issues are characterized by security concerns are the most prioritized issue. A review of existing security approaches highlights that they are very particular about the solution towards a specific attack and cannot resist any unknown attacker. Therefore, this manuscript presents a novel computational model that introduces a unique authentication process using a simplified encryption strategy. The simulated study outcome shows that the proposed system offers efficient security and efficient data transmission performance in the presence of an unknown adversary. Hence, the study outcome exhibits better effects than frequently used security solutions when implemented in a vulnerable IoT environment

Security Framework for IoT Implementing Random Forest Classifier

The Internet of Things will become commonplace by making global connections possible at any moment. The necessity of well-thought-out, carefully implemented, and strictly enforced security standards over the entire lifecycle of IoT devices cannot be overstated.The Internet of Things (IoT) is a relatively new phenomenon that connects disparate computing infrastructures and infrastructure components. Given that the vast majority of the data collected will be shared with an unknowable audience, security is of paramount importance when connecting multiple independent IoT units across the Internet.  This article provides a comprehensive review of the state of security in the Internet of Things.The essay emphasizes the necessity to provide security in the device itself alongside conventional security solutions to offer a method employing machine learning exible for preventing, detecting, diagnosing, isolating, and counteracting successful breaches.The bulk of IoT end hosts are low-end devices, This means that many common security practices cannot be used to protect IoTdevices., leaving IoT services and the wider Internet vulnerable to attacks and exploits.To solve this problem, this article presents a unified IoT framework that employs machine learning to implementthe proposed GNRS&NC architecture. This framework's primary goal is to ensure the safety of IoT devices.The framework makes use of random forest classifier. The suggested architecture allows for the seamless incorporation of regional IoT infrastructures into global frameworks without compromising on usability, interoperability, or security