158 research outputs found
A Holistic Analysis of Internet of Things (IoT) Security : Principles, Practices, and New Perspectives
Peer reviewedPublisher PD
Implementation of ISO Frameworks to Risk Management in IPv6 Security
The Internet of Things is a technology wave sweeping across various industries and sectors. It promises to improve productivity and efficiency by providing new services and data to users. However, the full potential of this technology is still not realized due to the transition to IPv6 as a backbone. Despite the security assurances that IPv6 provides, privacy and concerns about the Internet of Things remain. This is why it is important that organizations thoroughly understand the protocol and its migration to ensure that they are equipped to take advantage of its many benefits. Due to the lack of available IPv4 addresses, organizations are in an uncertain situation when it comes to implementing IoT technologies.
The other aim is to fill in the gaps left by the ISO to identify and classify the risks that are not yet apparent. The thesis seeks to establish and implement the use of ISO to manage risks. It will also help to align security efforts with organizational goals. The proposed solution is evaluated through a survey that is designed to gather feedback from various levels of security and risk management professionals. The suggested modifications are also included in the study.
A survey on the implementation of ISO frameworks to risk management in IPv6 was conducted and with results as shown in the random sampling technique that was used for conducting the research a total of 75 questionnaires were shared online, 50 respondents returned responses online through emails and social media platforms. The result of the analysis shows that system admin has the highest pooling 26% of all the overall participants, followed by network admin with 20%, then cybersecurity specialists with 16%. 14% of the respondents were network architects while senior management and risk management professionals were 4% and 2% respectively. The majority of the respondents agreed that risk treatment enhances the risk management performance of the IPv6 network resulting from the proper selection and implementation of correct risk prevention strategies
Efficient Security Protocols for Constrained Devices
During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it
Towards Authentication of IoMT Devices via RF Signal Classification
The increasing reliance on the Internet of Medical Things (IoMT) raises great concern in terms of cybersecurity, either at the device’s physical level or at the communication and transmission level. This is particularly important as these systems process very sensitive and private data, including personal health data from multiple patients such as real-time body measurements. Due to these concerns, cybersecurity mechanisms and strategies must be in place to protect these medical systems, defending them from compromising cyberattacks. Authentication is an essential cybersecurity technique for trustworthy IoMT communications. However, current authentication methods rely on upper-layer identity verification or key-based cryptography which can be inadequate to the heterogeneous Internet of Things (IoT) environments. This thesis proposes the development of a Machine Learning (ML) method that serves as a foundation for Radio Frequency Fingerprinting (RFF) in the authentication of IoMT devices in medical applications to improve the flexibility of such mechanisms. This technique allows the authentication of medical devices by their physical layer characteristics, i.e. of their emitted signal. The development of ML models serves as the foundation for RFF, allowing it to evaluate and categorise the released signal and enable RFF authentication. Multiple feature take part of the proposed decision making process of classifying the device, which then is implemented in a medical gateway, resulting in a novel IoMT technology.A confiança crescente na IoMT suscita grande preocupação em termos de cibersegurança, quer ao nÃvel fÃsico do dispositivo quer ao nÃvel da comunicação e ao nÃvel de transmissão. Isto é particularmente importante, uma vez que estes sistemas processam dados muito sensÃveis e dados, incluindo dados pessoais de saúde de diversos pacientes, tais como dados em tempo real de medidas do corpo. Devido a estas preocupações, os mecanismos e estratégias de ciber-segurança devem estar em vigor para proteger estes sistemas médicos, defendendo-os de ciberataques comprometedores. A autenticação é uma técnica essencial de ciber-segurança para garantir as comunicações em sistemas IoMT de confiança. No entanto, os métodos de autenticação atuais focam-se na verificação de identidade na camada superior ou criptografia baseada em chaves que podem ser inadequadas para a ambientes IoMT heterogéneos. Esta tese propõe o desenvolvimento de um método de ML que serve como base para o RFF na autenticação de dispositivos IoMT para melhorar a flexibilidade de tais mecanismos. Isto permite a autenticação dos dispositivos médicos pelas suas caracterÃsticas de camada fÃsica, ou seja, a partir do seu sinal emitido. O desenvolvimento de modelos de ML serve de base para o RFF, permitindo-lhe avaliar e categorizar o sinal libertado e permitir a autenticação do RFF. Múltiplas features fazem parte do processo de tomada de decisão proposto para classificar o dispositivo, que é implementada num gateway médico, resultando numa nova tecnologia IoMT
Efficiency and Sustainability of the Distributed Renewable Hybrid Power Systems Based on the Energy Internet, Blockchain Technology and Smart Contracts-Volume II
The climate changes that are becoming visible today are a challenge for the global research community. In this context, renewable energy sources, fuel cell systems, and other energy generating sources must be optimally combined and connected to the grid system using advanced energy transaction methods. As this reprint presents the latest solutions in the implementation of fuel cell and renewable energy in mobile and stationary applications, such as hybrid and microgrid power systems based on the Energy Internet, Blockchain technology, and smart contracts, we hope that they will be of interest to readers working in the related fields mentioned above
Detecting Software Attacks on Embedded IoT Devices
Internet of Things (IoT) applications are being rapidly deployed in the context of smart homes, automotive vehicles, smart factories, and many more. In these applications, embedded devices are widely used as sensors, actuators, or edge nodes. The embedded devices operate distinctively on a task or interact with each other to collectively perform certain tasks. In general, increase in Internet-connected things has made embedded devices an attractive target for various cyber attacks, where an attacker gains access and control remote devices for malicious activities. These IoT devices could be exploited by an attacker to compromise the security of victim’s platform without requiring any physical hardware access.
In order to detect such software attacks and ensure a reliable and trustworthy IoT application, it is crucial to verify that a device is not compromised by malicious software, and also assert correct execution of the program. In the literature, solutions based on remote attestation, anomaly detection, control-flow and data-flow integrity have been proposed to detect software attacks. However, these solutions have limited applicability in terms of target deployments and attack detection, which we inspect thoroughly.
In this dissertation, we propose three solutions to detect software attacks on embedded IoT devices. In particular, we first propose SWARNA, which uses remote attestation to verify a large network of embedded devices and ensure that the application software on the device is not tampered. Verifying the integrity of a software preserves the static properties of a device. To secure the devices from various software attacks, it is imperative to also ensure that the runtime execution of a program is as expected. Therefore, we focus extensively on detecting memory corruption attacks that may occur during the program execution. Furthermore, we propose, SPADE and OPADE, secure program anomaly detection that runs on embedded IoT devices and use deep learning, and machine learning algorithms respectively to detect various runtime software attacks. We evaluate and analyse all the proposed solutions on real embedded hardware and IoT testbeds. We also perform a thorough security analysis to show how the proposed solutions can detect various software attacks
Optimized Monitoring and Detection of Internet of Things resources-constraints Cyber Attacks
This research takes place in the context of the optimized monitoring and detec-
tion of Internet of Things (IoT) resource-constraints attacks. Meanwhile, the In-
ternet of Everything (IoE) concept is presented as a wider extension of IoT. How-
ever, the IoE realization meets critical challenges, including the limited network
coverage and the limited resources of existing network technologies and smart
devices. The IoT represents a network of embedded devices that are uniquely
identifiable and have embedded software required to communicate between the
transient states. The IoT enables a connection between billions of sensors, actu-
ators, and even human beings to the Internet, creating a wide range of services,
some of which are mission-critical. However, IoT networks are faulty; things
are resource-constrained in terms of energy and computational capabilities. For
IoT systems performing a critical mission, it is crucial to ensure connectivity,
availability, and device reliability, which requires proactive device state moni-
toring.
This dissertation presents an approach to optimize the monitoring and detection
of resource-constraints attacks in IoT and IoE smart devices. First, it has been
shown that smart devices suffer from resource-constraints problems; therefore,
using lightweight algorithms to detect and mitigate the resource-constraints at-
tack is essential. Practical analysis and monitoring of smart device resources’
are included and discussed to understand the behaviour of the devices before
and after attacking real smart devices. These analyses are straightforwardly
extended for building lightweight detection and mitigation techniques against
energy and memory attacks. Detection of energy consumption attacks based
on monitoring the package reception rate of smart devices is proposed to de-
tect energy attacks in smart devices effectively. The proposed lightweight algo-
rithm efficiently detects energy attacks for different protocols, e.g., TCP, UDP,
and MQTT. Moreover, analyzing memory usage attacks is also considered in
this thesis. Therefore, another lightweight algorithm is also built to detect the
memory-usage attack once it appears and stops. This algorithm considers mon-
itoring the memory usage of the smart devices when the smart devices are
Idle, Active, and Under attack. Based on the presented methods and monitoring
analysis, the problem of resource-constraint attacks in IoT systems is systemat-
ically eliminated by parameterizing the lightweight algorithms to adapt to the
resource-constraint problems of the smart devices
A Novel Detection Method for Grey Hole Attack in RPL
The Internet of Things (IoT) is a type of network that involves the Internet and things. This network consists of constrained devices that are connected through an IP protocol. In the IoT, a network with constrained devices is called 6LowPAN. RPL is a routing protocol to address the constraints and specific properties of these networks; though RPL puts the networks at risk through a large variety of attacks. The urgent need to develop secure routing solutions is required. In this paper, we investigated grey hole attacks and presented a detection method to identify and isolate the malicious node. The experiments show the proposed detection method improves PDR, Throughput and reduces PLR and E2ED in comparison with other scenarios
A Survey on LoRaWAN Technology: Recent Trends, Opportunities, Simulation Tools and Future Directions
Low-power wide-area network (LPWAN) technologies play a pivotal role in IoT applications, owing to their capability to meet the key IoT requirements (e.g., long range, low cost, small data volumes, massive device number, and low energy consumption). Between all obtainable LPWAN technologies, long-range wide-area network (LoRaWAN) technology has attracted much interest from both industry and academia due to networking autonomous architecture and an open standard specification. This paper presents a comparative review of five selected driving LPWAN technologies, including NB-IoT, SigFox, Telensa, Ingenu (RPMA), and LoRa/LoRaWAN. The comparison shows that LoRa/LoRaWAN and SigFox surpass other technologies in terms of device lifetime, network capacity, adaptive data rate, and cost. In contrast, NB-IoT technology excels in latency and quality of service. Furthermore, we present a technical overview of LoRa/LoRaWAN technology by considering its main features, opportunities, and open issues. We also compare the most important simulation tools for investigating and analyzing LoRa/LoRaWAN network performance that has been developed recently. Then, we introduce a comparative evaluation of LoRa simulators to highlight their features. Furthermore, we classify the recent efforts to improve LoRa/LoRaWAN performance in terms of energy consumption, pure data extraction rate, network scalability, network coverage, quality of service, and security. Finally, although we focus more on LoRa/LoRaWAN issues and solutions, we introduce guidance and directions for future research on LPWAN technologies
A Multi-Hop 6LoWPAN Wireless Sensor Network for Waste Management Optimization
In the first part of this Thesis several Wireless Sensor Network technologies, including the ones based on the IEEE 802.15.4 Protocol Standard like ZigBee, 6LoWPAN and Ultra Wide Band, as well as other technologies based on other protocol standards like Z-Wave, Bluetooth and Dash7, are analyzed with respect to relevance and suitability with the Waste Management Outsmart European FP7 Project. A particular attention is given to the parameters which characterize a Large Scale WSN for Smart Cities, due to the amount of sensors involved and to the practical application requested by the project.
Secondly, a prototype of sensor network is proposed: an Operative System named Contiki is chosen for its portability on different hardware platforms, its Open Source license, for the use of the 6LoW-PAN protocol and for the implementation of the new RPL routing protocol. The Operative System is described in detail, with a special focus on the uIPv6 TCP/IP stack and RPL implementation. With regard to this innovative routing proto col designed specifically for Low Power Lossy Networks, chapter 4 describes in detail how the network topology is organized as a Directed Acyclic Graph, what is an RPL Instance and how downward and upward routes are constructed and maintained. With the use of several AVR Atmel modules mounting the Contiki OS a real WSN is created and, with an Ultrasonic Sensor, the filling level of a waste basket prototype is periodically detected and transmitted through a multi-hop wireless network to a sink nodeope
- …