Securing Our Future Homes: Smart Home Security Issues and Solutions

The Internet of Things, commonly known as IoT, is a new technology transforming businesses, individuals’ daily lives and the operation of entire countries. With more and more devices becoming equipped with IoT technology, smart homes are becoming increasingly popular. The components that make up a smart home are at risk for different types of attacks; therefore, security engineers are developing solutions to current problems and are predicting future types of attacks. This paper will analyze IoT smart home components, explain current security risks, and suggest possible solutions. According to “What is a Smart Home” (n.d.), a smart home is a home that always operates in consideration of security, energy, efficiency and convenience, whether anyone is home or not

PADS: Practical Attestation for Highly Dynamic Swarm Topologies

Remote attestation protocols are widely used to detect device configuration (e.g., software and/or data) compromise in Internet of Things (IoT) scenarios. Unfortunately, the performances of such protocols are unsatisfactory when dealing with thousands of smart devices. Recently, researchers are focusing on addressing this limitation. The approach is to run attestation in a collective way, with the goal of reducing computation and communication. Despite these advances, current solutions for attestation are still unsatisfactory because of their complex management and strict assumptions concerning the topology (e.g., being time invariant or maintaining a fixed topology). In this paper, we propose PADS, a secure, efficient, and practical protocol for attesting potentially large networks of smart devices with unstructured or dynamic topologies. PADS builds upon the recent concept of non-interactive attestation, by reducing the collective attestation problem into a minimum consensus one. We compare PADS with a state-of-the art collective attestation protocol and validate it by using realistic simulations that show practicality and efficiency. The results confirm the suitability of PADS for low-end devices, and highly unstructured networks.Comment: Submitted to ESORICS 201

Securing Communication Channels in IoT using an Android Smart Phone

In today's world, smart devices are a necessity to have, and represent an essential tool for performing daily activities. With this comes the need to secure the communication between the IoT devices in the consumer's home, to prevent attacks that may jeopardize the confidentiality and integrity of communication between the IoT devices. The life cycle of a a simple device includes a series of stages that the device undergoes: from construction and production to decommissioning. In this thesis, the Manufacturing, Bootstrapping and Factory Reset parts of IoT device's life cycle are considered, focusing on security. For example, the Controller of user's home network (e.g., user's smart phone) should bootstrap the ``right'' IoT device and the IoT device should bootstrap with the ``right'' Controller. The security is based on device credentials, such as the device certificate during the bootstrapping process, and the operational credentials that are provisioned to the IoT device from the Controller during the bootstrapping. The goal of this thesis is to achieve easy-to-use and secure procedure for setting up the IoT device into a home network, and for controlling that IoT device from an Android mobile phone (Controller). The objectives are: (1) explore the different aspects of using a smartphone as a Controller device to securely manage the life cycle of a simple device; (2) propose a system design for securely managing the life cycle of a simple device from a Controller compliant with existing standards, (e.g. Lightweight Machine to Machine (LwM2M) is an industrial standard used to manage and control industrial IoT Devices); (3) implement a proof of concept based on the system design; (4) provide a user-friendly interface for a better experience for the user by using popular bootsrapping methods such as QR code scanning; (5) discuss the choices regarding securing credentials and managing data, and achieve a good balance between usability and security during the bootstrapping process. In order to achieve those goals, the state-of-art technologies for IoT device management were studied. Then an Android application that uses LwM2M standard in consumer's home setting was specified, designed and implemented. The Android application is wrapped in a smooth user interface that allows the user a good experience when attempting to connect and control the target IoT device

Holistic security 4.0

The future computer climate will represent an ever more aligned world of integrating technologies, affecting consumer, business and industry sectors. The vision was first outlined in the Industry 4.0 conception. The elements which comprise smart systems or embedded devices have been investigated to determine the technological climate. The emerging technologies revolve around core concepts, and specifically in this project, the uses of Internet of Things (IoT), Industrial Internet of Things (IIoT) and Internet of Everything (IoE). The application of bare metal and logical technology qualities are put under the microscope to provide an effective blue print of the technological field. The systems and governance surrounding smart systems are also examined. Such an approach helps to explain the beneficial or negative elements of smart devices. Consequently, this ensures a comprehensive review of standards, laws, policy and guidance to enable security and cybersecurity of the 4.0 systems

A secure cross-domain authentication scheme based on threshold signature for MEC

The widespread adoption of fifth-generation mobile networks has spurred the rapid advancement of mobile edge computing (MEC). By decentralizing computing and storage resources to the network edge, MEC significantly enhances real-time data access services and enables efficient processing of large-scale dynamic data on resource-limited devices. However, MEC faces considerable security challenges, particularly in cross-domain service environments, where every device poses a potential security threat. To address this issue, this paper proposes a secure cross-domain authentication scheme based on a threshold signature tailored to MEC’s multi-subdomain nature. The proposed scheme employs a (t,n) threshold mechanism to bolster system resilience and security, catering to large-scale, dynamic, and decentralized MEC scenarios. Additionally, the proposed scheme features an efficient authorization update function that facilitates the revocation of malicious nodes. Security analysis confirmed that the proposed scheme satisfies unforgeability, collusion resistance, non-repudiation and forward security. Theoretical evaluation and experimental simulation verify the effectiveness and feasibility of the proposed scheme. Compared with existing schemes, the proposed scheme has higher computational performance while implementing secure authorization updates

A User-Centric Access Control Framework for Cloud Computing

A huge amount of data is generated due to the growth of advanced information technology, online availability and easy access to cloud computing. In cloud computing, user can easily store and share their information across the cloud. With the rapid growth of cloud computing, user’s security and privacy has become a serious concern. Despite various existing security mechanisms, enterprises are still afraid of losing their outsourced data and unauthorized access. In most cases, access control mechanism and authorization rule follow a web application. This makes it limited, tightly bound to web application functionality and also doesn’t complete the security requirements for the individual user that results in poor protection against unauthorized access. To overcome the issue of privacy and protection, a suggestion is given in this study to empower the owner of any piece of data and information to protect their resource according to their own semantics. In this thesis, a new approach is presented that externalize access control policy and empower the user to control access on their data according to their semantics and wishes. The proposed framework provides PKI standard base secure access control mechanism and describes the protocol interface between the different components to enforce user-centric access control policy