Abusive adversaries in 5G and beyond IoT

5G and subsequent cellular network generations aim to extend ubiquitous connectivity of billions of Internet-of-Things (IoT) for their consumers. Security is a prime concern in this context as adversaries have evolved to become smart and often employ new attack strategies. Network defenses can be enhanced against attacks by employing behavior models for devices to detect misbehavior. One example is Abusive Modeling (AM) that is inspired by financial technologies to defend adversaries operating with unlimited resources who have no intention of self-profit apart from harming the system. This article investigates behavior modeling against abusive adversaries in the context of 5G and beyond security functions for IoT. Security threats and countermeasures are discussed to understand AM. A complexitysecurity trade-off enables a better understanding of the limitations of state-based behavior modeling and paves the way as a future direction for developing more robust solutions against AM.PostprintPeer reviewe

Intelligent and behavioral-based detection of malware in IoT spectrum sensors

The number of Cyber-Physical Systems (CPS) available in industrial environments is growing mainly due to the evolution of the Internet-of-Things (IoT) paradigm. In such a context, radio frequency spectrum sensing in industrial scenarios is one of the most interesting applications of CPS due to the scarcity of the spectrum. Despite the benefits of operational platforms, IoT spectrum sensors are vulnerable to heterogeneous malware. The usage of behavioral fingerprinting and machine learning has shown merit in detecting cyberattacks. Still, there exist challenges in terms of (i) designing, deploying, and evaluating ML-based fingerprinting solutions able to detect malware attacks affecting real IoT spectrum sensors, (ii) analyzing the suitability of kernel events to create stable and precise fingerprints of spectrum sensors, and (iii) detecting recent malware samples affecting real IoT spectrum sensors of crowdsensing platforms. Thus, this work presents a detection framework that applies device behavioral fingerprinting and machine learning to detect anomalies and classify different botnets, rootkits, backdoors, ransomware and cryptojackers affecting real IoT spectrum sensors. Kernel events from CPU, memory, network,file system, scheduler, drivers, and random number generation have been analyzed, selected, and monitored to create device behavioral fingerprints. During testing, an IoT spectrum sensor of the ElectroSense platform has been infected with ten recent malware samples (two botnets, three rootkits, three backdoors, one ransomware, and one cryptojacker) to measure the detection performance of the framework in two different network configurations. Both supervised and semi-supervised approaches provided promising results when detecting and classifying malicious behaviors from the eight previous malware and seven normal behaviors. In particular, the framework obtained 0.88–0.90 true positive rate when detecting the previous malicious behaviors as unseen or zero-day attacks and 0.94–0.96 F1-score when classifying the

Securing Low-Power Blockchain-Enabled IoT Devices Against Energy Depletion Attack

Blockchain-enabled Internet of Things (IoT) envisions a world with rapid development and implementations to change our everyday lives based on smart devices. These devices are attached to the internet that can communicate with each other without human interference. A well-known wireless network in blockchain-enabled IoT frameworks is the Low Power and Lossy Network (LLN) that uses a novel protocol known as Routing protocol for low power and lossy networks (RPL) to provide effective and energy-efficient routing. LLNs that run on RPL are inherently prone to multiple Denial of Service (DoS) attacks due to the low cost, shared medium. and resource-constrained nature of blockchain-enabled IoT devices. A Spam DODAG Information Solicitation (DIS) attack is one of the novel attacks that drain the energy source of legitimate nodes and ends up causing the legitimate nodes to suffer from DoS. To address this problem, a mitigation scheme named DIS Spam Attack Mitigation (DISAM) is proposed. The proposed scheme effectively mitigates the effects of the Spam DIS attack on the network’s performance. The experimental results show that DISAM detects and mitigates the attack quickly and efficiently

Internet of Things Based Smart Vending Machine using Digital Payment System

The advent of the Internet envisions a cashless society by enabling financial transactions through digital payments. Significantly, the emergence of coronavirus (COVID-19) disrupted our traditional cash handling means and triggered an inflection point for switching towards contactless digital payments from physical cash payments. Furthermore, Internet of Things (IoT) technology escalates digital payments to the next level by enabling devices to render goods and services without requiring any human interaction. This research proposed an IoT-enabled cashless vending machine that incorporates both cloud computing and payment gateway for ordering and purchasing items through digital payment systems by using a mobile application. The system enables a pre-installed mobile application to scan the Quick Response (QR) code attached to the body of a vending machine, opens the portal of a web-based virtual machine through the code, allows user to choose and order items from the virtual vending, initiates and authorizes a digital payment through an IoT gateway installed inside the physical vending machine by establishing a connection between user's and vendor's financial entities, and finally, dispenses the ordered items by unlocking the shelves of the vending machine after the successful payment transaction. It operates in the Arduino platform with an ATmega 2560 Microcontroller and Esp8266 Wi-fi module as hardware components, mobile application software, and payment gateway API. The system performed an average response time of 14500 milliseconds to pick a product after running 150 consecutive API test calls. This result shows a satisfying time for enhancing customers' buying experiences with digital payment systems and a customizable and cost-effective IoT-based intelligent vending machine to introduce for mass production

The digital harms of smart home devices:a systematic literature review

The connection of home electronic devices to the internet allows remote control of physical devices and involves the collection of large volumes of data. With the increase in the uptake of Internet-of-Things home devices, it becomes critical to understand the digital harms of smart homes. We present a systematic literature review on the security and privacy harms of smart homes. PRISMA methodology is used to systematically review 63 studies published between January 2011 and October 2021; and a review of known cases is undertaken to illustrate the literature review findings with real-world scenarios. Published literature identifies that smart homes may pose threats to confidentiality (unwanted release of information), authentication (sensing information being falsified) and unauthorised access to system controls. Most existing studies focus on privacy intrusions as a prevalent form of harm against smart homes. Other types of harms that are less common in the literature include hacking, malware and DoS attacks. Digital harms, and data associated with these harms, may vary extensively across smart devices. Most studies propose technical measures to mitigate digital harms, while fewer consider social prevention mechanisms. We also identify salient gaps in research, and argue that these should be addressed in future crossdisciplinary research initiatives