IoT Security Evolution: Challenges and Countermeasures Review

Internet of Things (IoT) architecture, technologies, applications and security have been recently addressed by a number of researchers. Basically, IoT adds internet connectivity to a system of intelligent devices, machines, objects and/or people. Devices are allowed to automatically collect and transmit data over the Internet, which exposes them to serious attacks and threats. This paper provides an intensive review of IoT evolution with primary focusing on security issues together with the proposed countermeasures. Thus, it outlines the IoT security challenges as a future roadmap of research for new researchers in this domain

E‐ART: a new encryption algorithm based on the reflection of binary search tree

Data security has become crucial to most enterprise and government applications due to the increasing amount of data generated, collected, and analyzed. Many algorithms have been developed to secure data storage and transmission. However, most existing solutions require multi-round functions to prevent differential and linear attacks. This results in longer execution times and greater memory consumption, which are not suitable for large datasets or delay-sensitive systems. To address these issues, this work proposes a novel algorithm that uses, on one hand, the reflection property of a balanced binary search tree data structure to minimize the overhead, and on the other hand, a dynamic offset to achieve a high security level. The performance and security of the proposed algorithm were compared to Advanced Encryption Standard and Data Encryption Standard symmetric encryption algorithms. The proposed algorithm achieved the lowest running time with comparable memory usage and satisfied the avalanche effect criterion with 50.1%. Furthermore, the randomness of the dynamic offset passed a series of National Institute of Standards and Technology (NIST) statistical tests

Exploring the Relationship Between IoT Security and Standardization

The adoption of the Internet of Things (IoT) technology across society presents new and unique challenges for security experts in maintaining uninterrupted services across the technology spectrum. A botnet implemented over 490,000 IoT connected devices to cripple the Internet services for major companies in one recent IoT attack. Grounded in Rogerâs diffusion of innovations theory, the purpose of this qualitative exploratory multiple-case study was to explore implementation strategies used by some local campus IT managers in educational institutions in the United States to secure the IoT environment. The participants were 10 IT local campus IT managers within educational institutions across the Southeast portion of the United States who have implemented strategies to secure IoT devices. The data were collected by interviewing 10 IT managers and collecting documentation available to the public from 4 institutions. Four themes emerged after analysis using data triangulation: restricting IoT access to the network, network isolation to secure IoT devices from the network, adoption by leadership to secure IoT inside the network, and strong shared partnership with peer organizations through observation. The research will benefit IT professionals and organizations through enhanced security and the community providing a more enhanced learning experience for all involved locally through IoT adoption. A secure IoT environment may contribute to positive social change by increasing IoT adoption to better serve societal needs

Novel reversible text data de-identification techniques based on native data structures

Technological development in today's digital world has resulted in the collection and storage of large amounts of personal data. These data enable both direct services and non-direct activities, known as secondary use. The secondary use of data can improve decision-making, service experiences, and healthcare systems. However, the widespread reuse of personal data raises significant privacy and policy issues, especially for health- related information; these data may contain sensitive data, leading to privacy breaches if compromised. Legal systems establish laws to protect the privacy of personal data disclosed for secondary use. A well-known example is the General Data Protection Regulation (GDPR), which outlines a specific set of rules for sharing and storing personal data to protect individual privacy. The GDPR explicitly points to data de-identification, especially pseudonymization, as one measure that can help meet the requirements for the processing of personal data. The literature on privacy preservation approaches has largely been developed in the field of data anonymization, where personal data are irreversibly removed or obfuscated and there is no means by which to recover an individual's identity if needed. By contrast, pseudonymization is a promising technique to protect privacy while enabling the recovery of de-identified data. Significantly, many existing approaches for pseudonymization were developed long before the GDPR requirements were established, and so they may fail to satisfy its provisions. Therefore, it is worthwhile to offer technical solutions to preserve privacy while supporting the legitimate use of data. This thesis proposes a novel de-identification system for unstructured textual data, known as ARTPHIL, that generates de-identified data in compliance with the GDPR requirement for strong pseudonymization. The system was evaluated using 2014 i2b2 testing data. The proposed system achieved a recall of 96.93% in terms of detecting and encrypting personal health information, as specified under guidelines provided by the Health Insurance Portability and Accountability Act (HIPAA). The system used a novel and lightweight cryptography algorithm E-ART to encrypt personal data cost-effectively and without compromising security. The main novelty of the E-ART algorithm is the use of the reflection property of a balanced binary tree data structure as substitution method instead of complex and multiple iterations. The performance and security of the proposed algorithm were compared to two symmetric encryption algorithms: The Advanced Encryption Standard and Data Encryption Standard. The security analysis showed comparable results, but the performance analysis indicated that E‐ART had the shortest ciphertext and running time with comparable memory usage, which indicates the feasibility of using ARTPHIL for delay-sensitive or data-intensive application

Strategies to Protect Against Security Violations During the Adoption of the Internet of Things by Manufacturers

Security violations have been one of the key factors affecting manufacturers in adopting the Internet of Things (IoT). The corporate-level information technology (IT) leaders in the manufacturing industry encounter issues when adopting IoT due to security concerns because they lack strategies to protect against security violations. Grounded in Roger’s diffusion of innovations theory, the purpose of this qualitative multiple case study was to explore strategies corporate-level IT leaders use in protecting against security violations while adopting IoT for manufacturers. The participants were senior IT leaders in the eastern region of the United States. The data collection process included interviews with corporate-level IT leaders (n = 6) and examination of company documents (n = 10). The data analysis process involved searching patterns for words, codes, or themes and their relationships to confirm the findings. During analysis, four major themes emerged: relevance of securing IoT devices in IoT adoption, identifying and separating personal and confidential data from analytical data, adequate budget for securing IoT network devices and infrastructure as key factors in IoT adoption, and risk mitigation policy relevant to securing IoT devices. The implications for positive social change include the potential for corporate-level IT leaders to develop tools that will detect threats, prevent malicious attacks, and monitor IoT networks for any IoT device vulnerabilities. Improved protection from security violations may result in more efficient ways for people to use natural resources. Additionally, there may be a wider usage of smartphones connected to IoT to simplify people’s lives

Strategies for Integrating the Internet of Things in Educational Institutions

The introduction of the Internet of Things (IoT) into educational institutions has necessitated the integration of IoT devices in the information technology (IT) infrastructural environment of educational institutions. Many IT leaders at educational institutions, however, lack strategies for integrating and deploying IoT devices in their institutions, which has resulted in numerous security breaches. The purpose of this study was to explore security strategies adopted by IT administrators to prevent data breaches resulting from the integration of IoT devices in their educational institutions. The diffusion of innovations theory served as the conceptual framework for this qualitative multiple case study. Eleven IT leaders in 11 public K–12 educational institutions, who had successfully integrated IoT in their educational institutions in the United States Midwest region, were interviewed. Thematic analysis was the data analysis strategy. The 3 major themes that emerged were (a) organizational breach prevention, (b) infrastructure management—external to IT, and (c) policy management—internal to IT. A key recommendation is for IT leaders to develop strategies to harness the efficiencies and stabilities that exist during the integration of IoT devices in their educational institutions. The implications for social change include the potential for securely transforming the delivery of education to students and ensuring the safety of academic personnel by identifying strategies that IT leaders can use to securely integrate IoT devices in educational settings