Protecting Actuators in Safety-Critical IoT Systems from Control Spoofing Attacks

In this paper, we propose a framework called Contego-TEE to secure Internet-of-Things (IoT) edge devices with timing requirements from control spoofing attacks where an adversary sends malicious control signals to the actuators. We use a trusted computing base available in commodity processors (such as ARM TrustZone) and propose an invariant checking mechanism to ensure the security and safety of the physical system. A working prototype of Contego-TEE was developed using embedded Linux kernel. We demonstrate the feasibility of our approach for a robotic vehicle running on an ARM-based platform.Comment: 2nd Workshop on the Internet of Things Security and Privacy - Iot S&P'19, November 15, 2019, London, United Kingdom. ACM ISBN: 978-1-4503-6838-4/19/1

An effective communication and computation model based on a hybridgraph-deeplearning approach for SIoT.

Social Edge Service (SES) is an emerging mechanism in the Social Internet of Things (SIoT) orchestration for effective user-centric reliable communication and computation. The services are affected by active and/or passive attacks such as replay attacks, message tampering because of sharing the same spectrum, as well as inadequate trust measurement methods among intelligent devices (roadside units, mobile edge devices, servers) during computing and content-sharing. These issues lead to computation and communication overhead of servers and computation nodes. To address this issue, we propose the HybridgrAph-Deep-learning (HAD) approach in two stages for secure communication and computation. First, the Adaptive Trust Weight (ATW) model with relation-based feedback fusion analysis to estimate the fitness-priority of every node based on directed graph theory to detect malicious nodes and reduce computation and communication overhead. Second, a Quotient User-centric Coeval-Learning (QUCL) mechanism to formulate secure channel selection, and Nash equilibrium method for optimizing the communication to share data over edge devices. The simulation results confirm that our proposed approach has achieved effective communication and computation performance, and enhanced Social Edge Services (SES) reliability than state-of-the-art approaches

An overview of memristive cryptography

Smaller, smarter and faster edge devices in the Internet of things era demands secure data analysis and transmission under resource constraints of hardware architecture. Lightweight cryptography on edge hardware is an emerging topic that is essential to ensure data security in near-sensor computing systems such as mobiles, drones, smart cameras, and wearables. In this article, the current state of memristive cryptography is placed in the context of lightweight hardware cryptography. The paper provides a brief overview of the traditional hardware lightweight cryptography and cryptanalysis approaches. The contrast for memristive cryptography with respect to traditional approaches is evident through this article, and need to develop a more concrete approach to developing memristive cryptanalysis to test memristive cryptographic approaches is highlighted.Comment: European Physical Journal: Special Topics, Special Issue on "Memristor-based systems: Nonlinearity, dynamics and applicatio

A secure distributed blockchain platform for use in AI-enabled IoT applications

The increased implementation of Edge Computing technology has provided The Internet of Things (IoT) with the ability of real-time data processing and tasks execution requested by smart devices. To support this processing the integration of Artificial Intelligence (AI) into IoT is considered one of the most promising approach. While AI helps in the analyses of the data, blockchain technology provides a robust environment within which to create a secure, distributed way to share and store data. This paper proposes an architecture that combines the strengths provided by edge computing, AI, and blockchain technologies to provide robust, secure, and intelligent solutions for secure and faster data processing and sharing. The pandemic created by the rapid spread of the novel Coronavirus COVID19, as well as the tracking of viruses in water sewage to help control the spread of such viruses, were used as our case study for exploring this architecture. To secure the proposed architecture a new concept for consensus mechanism based on Honesty-Based Distributed Proof of Work (DPOW) were devised and tested

Partitioning-Based Data Sharing Approach for Data Integrity Verification in Distributed Fog Computing

With the increasing popularity of the internet of things (IoT), fog computing has emerged as a unique cutting-edge approach along with cloud computing. This study proposes an approach for data integrity verification in fog computing that does not require metadata stored on the user side and can handle big data efficiently. In the proposed work, fuzzy clustering is used to cluster IoT data; dynamic keys are used to encrypt the clusters; and dynamic permutation is used to distribute encrypted clusters among fog nodes. During the process of data retrieval, fuzzy clustering and message authentication code (MAC) are used to verify the data integrity. Fuzzy clustering and dynamic primitives make the proposed approach more secure. The security analysis indicates that the proposed approach is resilient to various security attacks. Moreover, the performance analysis shows that the computation time of the proposed work is 50 times better than the existing tag regeneration scheme

Distributed network and service architecture for future digital healthcare

According to World Health Organization (WHO), the worldwide prevalence of chronic diseases increases fast and new threats, such as Covid-19 pandemic, continue to emerge, while the aging population continues decaying the dependency ratio. These challenges will cause a huge pressure on the efficacy and cost-efficiency of healthcare systems worldwide. Thanks to the emerging technologies, such as novel medical imaging and monitoring instrumentation, and Internet of Medical Things (IoMT), more accurate and versatile patient data than ever is available for medical use. To transform the technology advancements into better outcome and improved efficiency of healthcare, seamless interoperation of the underlying key technologies needs to be ensured. Novel IoT and communication technologies, edge computing and virtualization have a major role in this transformation. In this article, we explore the combined use of these technologies for managing complex tasks of connecting patients, personnel, hospital systems, electronic health records and medical instrumentation. We summarize our joint effort of four recent scientific articles that together demonstrate the potential of the edge-cloud continuum as the base approach for providing efficient and secure distributed e-health and e-welfare services. Finally, we provide an outlook for future research needs

Providing End-to-End Security Using Quantum Walks in IoT Networks

Internet of Things acts an essential role in our everyday lives and it definitely has the potential to grow on the importance and revolutionize our future. However, the present communication technologies have several security related issues which is required to provide secure end to end connectivity among services. Moreover, due to recent, rapid growth of quantum technologies, most common security mechanisms considered secure today may be soon imperilled. Thus, the modern security mechanisms during their construction also require the power of quantum technologies to resist various potential attacks from quantum computers. Because of its characteristics, quantum walks (QW) is considered as a universal quantum computation paradigm that can be accepted as an excellent key generator. In this regard, in this paper a new lightweight image encryption scheme based on QW for secure data transfer in the internet of things platforms and wireless networking with edge computing is proposed. The introduced approach utilises the power of nonlinear dynamic behaviour of QW to construct permutation boxes and generates pseudo-random numbers for encrypting the plain image after dividing it into blocks. The results of the conducted simulation and numerical analyses confirm that the presented encryption algorithm is effective. The encrypted images have randomness properties, no useful data about the ciphered image can be obtained via analysing the correlation of adjacent pixels. Moreover, the entropy value is close to 8, the number of the pixel change rate is greater than 99.61%, and there is high sensitivity of the key parameters with large key space to resist various attack

Secure Sensor Prototype Using Hardware Security Modules and Trusted Execution Environments in a Blockchain Application: Wine Logistic Use Case

The security of Industrial Internet of Things (IIoT) systems is a challenge that needs to be addressed immediately, as the increasing use of new communication paradigms and the abundant use of sensors opens up new opportunities to compromise these types of systems. In this sense, technologies such as Trusted Execution Environments (TEEs) and Hardware Security Modules (HSMs) become crucial for adding new layers of security to IIoT systems, especially to edge nodes that incorporate sensors and perform continuous measurements. These technologies, coupled with new communication paradigms such as Blockchain, offer a high reliability, robustness and good interoperability between them. This paper proposes the design of a secure sensor incorporating the above mentioned technologies—HSMs and a TEE—in a hardware device based on a dual-core architecture. Through this combination of technologies, one of the cores collects the data extracted by the sensors and implements the security mechanisms to guarantee the integrity of these data, while the remaining core is responsible for sending these data through the appropriate communication protocol. This proposed approach fits into the Blockchain networks, which act as an Oracle. Finally, to illustrate the application of this concept, a use case applied to wine logistics is described, where this secure sensor is integrated into a Blockchain that collects data from the storage and transport of barrels, and a performance evaluation of the implemented prototype is providedEuropean Union’s Horizon Europe research and innovation program through the funding project “Cognitive edge-cloud with serverless computing” (EDGELESS) under grant agreement number 101092950FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades under Project B-TIC-588-UGR2

A secure fog-based platform for SCADA-based IoT critical infrastructure

© 2019 John Wiley & Sons, Ltd. The rapid proliferation of Internet of things (IoT) devices, such as smart meters and water valves, into industrial critical infrastructures and control systems has put stringent performance and scalability requirements on modern Supervisory Control and Data Acquisition (SCADA) systems. While cloud computing has enabled modern SCADA systems to cope with the increasing amount of data generated by sensors, actuators, and control devices, there has been a growing interest recently to deploy edge data centers in fog architectures to secure low-latency and enhanced security for mission-critical data. However, fog security and privacy for SCADA-based IoT critical infrastructures remains an under-researched area. To address this challenge, this contribution proposes a novel security “toolbox” to reinforce the integrity, security, and privacy of SCADA-based IoT critical infrastructure at the fog layer. The toolbox incorporates a key feature: a cryptographic-based access approach to the cloud services using identity-based cryptography and signature schemes at the fog layer. We present the implementation details of a prototype for our proposed secure fog-based platform and provide performance evaluation results to demonstrate the appropriateness of the proposed platform in a real-world scenario. These results can pave the way toward the development of a more secure and trusted SCADA-based IoT critical infrastructure, which is essential to counter cyber threats against next-generation critical infrastructure and industrial control systems. The results from the experiments demonstrate a superior performance of the secure fog-based platform, which is around 2.8 seconds when adding five virtual machines (VMs), 3.2 seconds when adding 10 VMs, and 112 seconds when adding 1000 VMs, compared to the multilevel user access control platform