16,183 research outputs found
Avoiding the internet of insecure industrial things
Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to be enforced from May 2018). We use the case study of the emergent smart energy supply chain to frame, scope out and consolidate the breadth of security concerns at play, and the regulatory responses. We argue the industrial IoT brings four security concerns to the fore, namely: appreciating the shift from offline to online infrastructure; managing temporal dimensions of security; addressing the implementation gap for best practice; and engaging with infrastructural complexity. Our goal is to surface risks and foster dialogue to avoid the emergence of an Internet of Insecure Industrial Things
After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy
This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individualâs life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Thingsâand any of its unforeseen progenyâdevelop with an eye toward safeguarding individual privacy while allowing technological development
Household economic decisions under the shadow of terrorism : [This Version: January 4, 2009]
We investigate, using the 2002 US Health and Retirement Study, the factors influencing individualsâ insecurity and expectations about terrorism, and study the effects these last have on householdsâ portfolio choices and spending patterns. We find that females, the religiously devout, those equipped with a better memory, the less educated, and those living close to where the events of September 2001 took place worry a lot about their safety. In addition, fear of terrorism discourages households from investing in stocks, mostly through the high levels of insecurity felt by females. Insecurity due to terrorism also makes single men less likely to own a business. Finally, we find evidence of expenditure shifting away from recreational activities that can potentially leave one exposed to a terrorist attack and towards goods that might help one cope with the consequences of terrorism materially (increased use of car and spending on the house) or psychologically (spending on personal care products by females in couples)
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
A survey on subjecting electronic product code and non-ID objects to IP identification
Over the last decade, both research on the Internet of Things (IoT) and
real-world IoT applications have grown exponentially. The IoT provides us with
smarter cities, intelligent homes, and generally more comfortable lives.
However, the introduction of these devices has led to several new challenges
that must be addressed. One of the critical challenges facing interacting with
IoT devices is to address billions of devices (things) around the world,
including computers, tablets, smartphones, wearable devices, sensors, and
embedded computers, and so on. This article provides a survey on subjecting
Electronic Product Code and non-ID objects to IP identification for IoT
devices, including their advantages and disadvantages thereof. Different
metrics are here proposed and used for evaluating these methods. In particular,
the main methods are evaluated in terms of their: (i) computational overhead,
(ii) scalability, (iii) adaptability, (iv) implementation cost, and (v) whether
applicable to already ID-based objects and presented in tabular format.
Finally, the article proves that this field of research will still be ongoing,
but any new technique must favorably offer the mentioned five evaluative
parameters.Comment: 112 references, 8 figures, 6 tables, Journal of Engineering Reports,
Wiley, 2020 (Open Access
TD2SecIoT: Temporal, Data-Driven and Dynamic Network Layer Based Security Architecture for Industrial IoT
The Internet of Things (IoT) is an emerging technology, which comprises wireless smart sensors and actuators. Nowadays, IoT is implemented in different areas such as Smart Homes, Smart Cities, Smart Industries, Military, eHealth, and several real-world applications by connecting domain-specific sensors. Designing a security model for these applications is challenging for researchers since attacks (for example, zero-day) are increasing tremendously. Several security methods have been developed to ensure the CIA (Confidentiality, Integrity, and Availability) for Industrial IoT (IIoT). Though these methods have shown promising results, there are still some security issues that are open. Thus, the security and authentication of IoT based applications become quite significant. In this paper, we propose TD2SecIoT (Temporal, Data-Driven and Dynamic Network Layer Based Security Architecture for Industrial IoT), which incorporates Elliptic Curve Cryptography (ECC) and Nth-degree Truncated Polynomial Ring Units (NTRU) methods to ensure confidentiality and integrity. The proposed method has been evaluated against different attacks and performance measures (quantitative and qualitative) using the Cooja network simulator with Contiki-OS. The TD2SecIoT has shown a higher security level with reduced computational cost and time
Household Economic Decisions under the Shadow of Terrorism
We investigate, using the 2002 US Health and Retirement Study, the factors influencing individualsâ insecurity and expectations about terrorism, and study the effects these last have on householdsâ portfolio choices and spending patterns. We find that females, the religiously devout, those equipped with a better memory, the less educated, and those living close to where the events of September 2001 took place worry a lot about their safety. In addition, fear of terrorism discourages households from investing in stocks, mostly through the high levels of insecurity felt by females. Insecurity due to terrorism also makes single men less likely to own a business. Finally, we find evidence of expenditure shifting away from recreational activities that can potentially leave one exposed to a terrorist attack and towards goods that might help one cope with the consequences of terrorism materially (increased use of car and spending on the house) or psychologically (spending on personal care products by females in couples).terrorism, expectations, household finance, demand analysis
Resilience to cyber-attacks in critical infrastructures of Portugal
As infraestruturas crĂticas sĂŁo sempre um potencial alvo para ciberataques, uma vez que a
repercussĂŁo de um ataque bem-sucedido pode ser catastrĂłfica, visto que esses sistemas
controlam e permitem o acesso aos principais serviços do paĂs. Um dos sistemas que fazem
parte deste grupo de infraestruturas crĂticas de um paĂs sĂŁo os Sistemas de Controlo Industrial
(ICSs), utilizados para automatizar e controlar os processos das vĂĄrias infraestruturas
industriais.
No passado, os ICSs eram utilizados em ambiente isolado, no entanto, com o passar do tempo
e para satisfazer as exigĂȘncias do mercado moderno, começaram a estar ligados com o ambiente
externo. Isto trouxe muitos benefĂcios, mas tambĂ©m aumentou o nĂvel de exposição e
vulnerabilidade dos mesmos. Embora estes sistemas sejam vitais para o bom funcionamento de
um paĂs, nĂŁo hĂĄ nenhum trabalho pĂșblico que avalie o estado de segurança destes sistemas em
Portugal.
Este trabalho teve como maior objetivo, identificar os ICSs expostos na Internet em Portugal e
investigar o nĂvel de risco dos mesmos em termos de segurança. Com base nisso, foi
desenvolvido uma metodologia que implicou a identificação dos ICSs, o cålculo do risco dos
mesmos de acordo com as caracterĂsticas que apresentam, e o desenvolvimento de uma data
warehouse para juntar e organizar os dados, e permitir uma anĂĄlise de forma fĂĄcil.
Ao analisar os resultados verificamos que existem muitos ICSs expostos e facilmente
encontrados na Internet em Portugal. A maioria deles estĂŁo localizados em Lisboa e tĂȘm pelo
menos uma caracterĂstica que apresenta um risco elevado Ă segurança do sistema. A maioria
dos sistemas nĂŁo tĂȘm disponĂvel um algoritmo de encriptação para assegurar a segurança da
ligação. Dos que tĂȘm, uma enorme percentagem utiliza algoritmos que nĂŁo sĂŁo considerados
seguros. A maioria dos sistemas identificados tĂȘm pelo menos uma porta a correr o protocolo
HTTP, uma ligação que hå muito tempo jå não é considerada segura. Dos sistemas que estão a
correr portas com risco elevado, a maioria estĂĄ a correr o protocolo FTP, um protocolo nĂŁo
construĂdo para ser seguro. Muitas das organizaçÔes nĂŁo possuem infraestruturas prĂłprias para
gerir as polĂticas de rede dos seus sistemas. Nesta situação, nĂŁo Ă© possĂvel identificar as
organizaçÔes porque escondem atrås dos ISPs. Isto pode ser vantajoso porque as organizaçÔes
nĂŁo sĂŁo facilmente identificadas pelos hackers, no entanto, ficam dependentes dos ISPs, no
sentido de que, se este sofrer um ataque, todas as organizaçÔes ligadas a ela podem ser
severamente afetadas.
Os resultados encontrados neste trabalho permitem Ă DognĂŠdis ter uma base de conhecimento
sobre o estado dos ICSs expostos na Internet em Portugal, tornando possĂvel sugerir melhorias
de segurança. TambĂ©m permite que a indĂșstria e todas as organizaçÔes que tĂȘm ICSs estejam
conscientes de quĂŁo expostos e vulnerĂĄveis estĂŁo os seus sistemas, de forma a dedicarem mais
atenção aos sistemas que possam estar em risco de um ataque cibernético
- âŠ