Reconfigurable Security: Edge Computing-based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication

IoT Safeguarding in Saudi Tourism Sector: Crafting a Preliminary Security Model for Enhancing Cyber Resilience

Incorporating the Internet of Things (IoT) has transformed technological landscapes, facilitating seamless communication across diverse devices and systems. However, this increased connectivity exposes critical sectors, including government and tourism, to elevated cybersecurity risks. There is a lack of knowledge regarding how organizations within the Saudi tourism sector address the cybersecurity risks associated with IoT systems. While much of the existing IoT literature concentrates on adopting IoT systems, a better understanding can be attained by proposing a preliminary research model encompassing the most significant factors influencing IoT security and related cybersecurity attacks. Despite limited empirical research on IoT security adoption in the Saudi tourism sector, this study seeks to address this gap. Motivated by this concern, this research investigates IoT security among Saudi organizations in the government tourism sector by developing a research model.  inspired by the Technology Acceptance Model (TAM) literature. The model incorporates a total of eight factors (privacy, confidentiality, data integrity, access control, availability, trust, IoT standards and policies, and IoT Awareness) and seven cybersecurity attacks (denial of service (DoS & DDoS), replay attack, eavesdropping attack, man-in-the-middle (MiTM) attack, spoofing attack, Sybil attack, and physical attack) identified from various literature sources. The proposed research model is a valuable tool for understanding IoT security in Saudi tourism, offering guidelines for organizations considering introducing IoT security measures. These guidelines highlight specific factors that tourism organizations should consider, enhancing the likelihood of successful IoT security adoption in the tourism context. Additionally, this study encourages IoT researchers to replicate the research in another industry sector within Saudi Arabia or other countries, particularly within the Arabian Gulf region.&nbsp

Landscape of IoT security

The last two decades have experienced a steady rise in the production and deployment of sensing-and-connectivity-enabled electronic devices, replacing “regular” physical objects. The resulting Internet-of-Things (IoT) will soon become indispensable for many application domains. Smart objects are continuously being integrated within factories, cities, buildings, health institutions, and private homes. Approximately 30 years after the birth of IoT, society is confronted with significant challenges regarding IoT security. Due to the interconnectivity and ubiquitous use of IoT devices, cyberattacks have widespread impacts on multiple stakeholders. Past events show that the IoT domain holds various vulnerabilities, exploited to generate physical, economic, and health damage. Despite many of these threats, manufacturers struggle to secure IoT devices properly. Thus, this work overviews the IoT security landscape with the intention to emphasize the demand for secured IoT-related products and applications. Therefore, (a) a list of key challenges of securing IoT devices is determined by examining their particular characteristics, (b) major security objectives for secured IoT systems are defined, (c) a threat taxonomy is introduced, which outlines potential security gaps prevalent in current IoT systems, and (d) key countermeasures against the aforementioned threats are summarized for selected IoT security-related technologies available on the market

Defining Objectives For Securing The Internet Of Things: A Value-Focused Thinking Approach

Over the past few years Internet of Things (IoT) has touched most people. Companies have been competing with each other in inventing new IoT based products and services. It has become a real business opportunity for various companies and a luxury for end users. Yet, the research on securing the Internet of Things (IoT) is in its infancy. In this study, we use the “value-focused thinking” approach to systematically identify IoT security values and objectives from 58 IT professionals. This study provides a foundation for strategically planning and thinking about IoT security. We present four fundamental objectives and thirteen means objectives. The results of this qualitative study will help researchers and practitioners identify and prioritize key IoT security issues