Internet-of-Things (IoT) Security Threats: Attacks on Communication Interface

Internet of Things (IoT) devices collect and process information from remote places and have significantly increased the productivity of distributed systems or individuals. Due to the limited budget on power consumption, IoT devices typically do not include security features such as advanced data encryption and device authentication. In general, the hardware components deployed in IoT devices are not from high end markets. As a result, the integrity and security assurance of most IoT devices are questionable. For example, adversary can implement a Hardware Trojan (HT) in the fabrication process for the IoT hardware devices to cause information leak or malfunctions. In this work, we investigate the security threats on IoT with a special emphasis on the attacks that aim for compromising the communication interface between IoT devices and their main processing host. First, we analyze the security threats on low-energy smart light bulbs, and then we exploit the limitation of Bluetooth protocols to monitor the unencrypted data packet from the air-gapped network. Second, we examine the security vulnerabilities of single-wire serial communication protocol used in data exchange between a sensor and a microcontroller. Third, we implement a Man-in-the-Middle (MITM) attack on a master-slave communication protocol adopted in Inter-integrated Circuit (I2C) interface. Our MITM attack is executed by an analog hardware Trojan, which crosses the boundary between digital and analog worlds. Furthermore, an obfuscated Trojan detection method(ADobf) is proposed to monitor the abnormal behaviors induced by analog Trojans on the I2C interface

Secure policies for the distributed virtual machines in mobile cloud computing

Mobile Cloud Computing (MCC) is a combination of cloud computing and mobile computing through wireless technology in order to overcome mobile devices' resource limitations. In MCC, virtualization plays a key role whereas the cloud resources are shared among many users to help them achieve an efficient performance and exploiting the maximum capacity of the cloud’s servers. However, the lack of security aspect impedes the benefits of virtualization techniques, whereby malicious users can violate and damage sensitive data in distributed Virtual Machines (VMs). Thus, this study aims to provide protection of distributed VMs and mobile user’s sensitive data in terms of security and privacy. This study proposes an approach based on cloud proxy known as Proxy-3S that combines three security policies for VMs; user’s access control, secure allocation, and secure communication. The Proxy-3S keeps the distributed VMs safe in different servers on the cloud. It enhances the grants access authorization for permitted distributed intensive applications’ tasks. Furthermore, an algorithm that enables secure communication among distributed VMs and protection of sensitive data in VMs on the cloud is proposed. A prototype is implemented on a NetworkCloudSim simulator to manage VMs security and data confidentiality automatically. Several experiments were conducted using real-world healthcare distributed application in terms of efficiency, coverage and execution time. The experiments show that the proposed approach achieved lower attacker’s efficiency and coverage ratios; equal to 0.35 and 0.41 respectively in all experimented configurations compared with existing works. In addition, the execution time of the proposed approach is satisfactory ranging from 441ms to 467ms of small and large cloud configurations. This study serves to provide integrity and confidentiality in exchanging sensitive information among multistakeholder in distributed mobile applications

Blockchain Securities Issues: Decentralized Identity System With Key Management Perspective

Blockchain was created many years ago to solve the problems of data transfer Integrity, several years later the issues persist. Blockchain securities are one of the most important considerations to be investigated, and data integrity is about ensuring the accuracy and validity of messages such that when they are read, they are the same as when they were first written. It is of the opinion that passing information across from one person to another cannot be the same as it was first said at the onset. Our work investigated Blockchain security issues, studying Integrity emanating from transactions across the blocks and how to deal with the securities issues. It also investigated decentralization and issues in blockchain to investigate how to mitigate the security issues associated with blockchain. It further discusses the use of key management in solving security issues in blockchain, viewing different key management systems of private and public keys, and solutions in addressing the blockchain problems. Lastly, we contributed the use of Decentralized Identity systems (DIDs) into the blockchain where we use a unique identifier, “ID.me” to verifier the individual credentials before any transaction, this was done by sending a digital ID through the issuer to the verifier to authenticate the integrity and identity of the holder and this proof worthy of protecting the information and maintaining the privacy of the user of the blockchain technology

A Secure Spontaneous Mobile Ad Hoc Cloud Computing Network

[EN] Spontaneous ad hoc cloud computing networks let us perform complex tasks in a distributed manner by sharing computing resources. This kind of infrastructure is based on mobile devices with limited processing and storage capacity. Nodes with more processing capacity and energy in a spontaneous network store data or perform computing tasks in order to increase the whole computing and storage capacity. However, these networks can also present some problems of security and data vulnerability. In this paper, we present a secure spontaneous mobile ad hoc cloud computing network to make estimations using several information sources. The application is able to create users and manage encryption methods to protect the data sent through the network. The proposal has been simulated in several scenarios. The results show that the network performance depends mainly on the network size and nodes mobility.Sendra, S.; Lacuesta Gilaberte, R.; Lloret, J.; Macias Lopez, EM. (2017). A Secure Spontaneous Mobile Ad Hoc Cloud Computing Network. Journal of Internet Technology. 18(7):1485-1498. https://doi.org/10.6138/JIT.2017.18.7.20141221S1485149818

An Application for Decentralized Access Control Mechanism on Cloud Data using Anonymous Authentication

In the last few years, Cloud computing has gained a lot of popularity and technology analysts believe it will be the future, but only if the security problems are solved from time-to-time. For those who are unfamiliar with cloud computing, it is a practice wherein users can access the data from the servers that are located in remote places. Users can do so through the Internet to manage, process and store the relevant data, instead of depending on the personal computer or a local server. Many firms and organizations are using cloud computing, which eventually is faster, cheaper and easy to maintain. Even the regular Internet users are also relying on cloud computing services to access their files whenever and wherever they wish. There are also numerous challenges associated with cloud computing like abuse of cloud services, data security and cyber-attacks. When clients outsource sensitive data through cloud servers, access control is one of the fundamental requirements among all security requirements which ensures that no unauthorized access to secured data will be avoided. Hence, cloud computing has to build a feature that provides privacy, access control challenges and security to the user data. A suitable and reliable encryption technique with enhanced key management should be developed and applied to the user data before loading into the cloud with the goal to achieve secured storage. It also has to support file access control and all other files related functions in a policy-based manner for any file stored in a cloud environment. This research paper proposes a decentralized access control mechanism for the data storage security in clouds which also provides anonymous authentication. This mechanism allows the decryption of the stored information only by the valid users, which is an additional feature of access control. Access control mechanism are decentralized which makes it robust when compared to centralized access control schemes meant for clouds

Security for 5G Mobile Wireless Networks

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding security services including authentication, availability, data confidentiality, key management and privacy. The paper further discusses the new security features involving different technologies applied to 5G such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software defined networks and Internet of Things. Motivated by these security research and development activities, we propose a new 5G wireless security architecture, based on which the analysis of identity management and flexible authentication is provided. As a case study, we explore a handover procedure as well as a signaling load scheme to show the advantage of the proposed security architecture. The challenges and future directions of 5G wireless security are finally summarized

Data sharing in secure multimedia wireless sensor networks

© 2016 IEEE. The use of Multimedia Wireless Sensor Networks (MWSNs) is becoming common nowadays with a rapid growth in communication facilities. Similar to any other WSNs, these networks face various challenges while providing security, trust and privacy for user data. Provisioning of the aforementioned services become an uphill task especially while dealing with real-time streaming data. These networks operates with resource-constrained sensor nodes for days, months and even years depending on the nature of an application. The resource-constrained nature of these networks makes it difficult for the nodes to tackle real-time data in mission-critical applications such as military surveillance, forest fire monitoring, health-care and industrial automation. For a secured MWSN, the transmission and processing of streaming data needs to be explored deeply. The conventional data authentication schemes are not suitable for MWSNs due to the limitations imposed on sensor nodes in terms of battery power, computation, available bandwidth and storage. In this paper, we propose a novel quality-driven clustering-based technique for authenticating streaming data in MWSNs. Nodes with maximum energy are selected as Cluster Heads (CHs). The CHs collect data from member nodes and forward it to the Base Station (BS), thus preventing member nodes with low energy from dying soon and increasing life span of the underlying network. The proposed approach not only authenticates the streaming data but also maintains the quality of transmitted data. The proposed data authentication scheme coupled with an Error Concealment technique provides an energy-efficient and distortion-free real-time data streaming. The proposed scheme is compared with an unsupervised resources scenario. The simulation results demonstrate better network lifetime along with 21.34 dB gain in Peak Signal-to-Noise Ratio (PSNR) of received video data streams

Assessment of Security Threats on IoT Based Applications: Cyber Security Case Study in Cloud-Based IoT Environment Using the Example of Developing Cloud Information Security Technology in Banking

The main objective of this master’s thesis is to emphasise on internet cyber security viewpoint on the appliances and the environment of the internet of things (IoT). In recent studies, there has been an exponential rise in the number of IoT devices and the usage rate of these devices is frequent because they are used in everyday life. Hence, the need to secure these IoT devices is becoming more and more crucial. The specified research methodology was sub-divided into two main parts. The first part of the research was about investigating and studying the environment and the IoT architectural viewpoint. Also, what is currently available in the market, the different types of IoT appliances commonly utilised, and their purpose. This part also clearly emphasises the basic rules used to protect devices in such an environment against the most common forms of cyber-attacks. Study Design. The study adopted a mixed-method research design utilising case study and pragmatic philosophical reasoning, the exploratory approach was deemed appropriate because it enabled the research to be conducted by emphasising various aspects of the case under review. The study found out that the common vulnerabilities on IoT are malware, outdated software, weak passwords, storing data in clear texts. The vulnerabilities are exploited by cyber attackers to cause a denial of service and other forms of attacks that have caused millions of losses in the banking industry. Improved technology has also lead to increased cyber security risks in the banking industry. Therefore, the banking industry needs to take much care in regards to this and prevent cyber-attack directed to them as high as possible by being on guard always. To overcome the vulnerabilities counter measures must be put in place. Some of the counter measures are regular software updates, installation, and constant checks using antiviruses. Developing automated patching software to mitigate the vulnerabilities

Optimizing Key Management within a Crypto-System using Aggregate Keys

Sharing data with peers is an important functionality in cloud storage. This is a study and analysis of secure, efficient, and flexible sharing of data with other users in cloud storage. The new public key encryptions which produce constant-size ciphertexts in such a way that effective delegation of decryption rights given to any set of ciphertexts are described in this paper. The novelty of the mechanism is that someone can aggregate any number of secret keys and turn them into a small single key, but combine the power of all the keys being grouped. To describe, in other words, the secret key holder could release a constant-size aggregate key for more flexible choices of ciphertext set in cloud storage, but different encrypted files outside of the set remain confidential. The aggregate compact key can be sent to others with ease or saved in a smart card with very less secure storage. In this paper, we discuss various such mechanisms and demonstrate the topic with a project. Some of the papers written by other authors in the area are analyzed in this paper. The project in this paper is a partial implementation of the proposed Crypto System

DATA SECURITY IN THE CLOUD: Study and Simulations

Cloud technology is a nascent technology, thriving in information communication and data storage, and is still under development. Securing the communication links and data has been very paramount to the development of this technology and system. Various techniques, methods and technologies have been implemented in order to secure this system. Security of the cloud has recently witnessed much attention, as there have on-going research and studies towards the development of more potent solutions. Cryptography is one of the feasible and in demand solutions here, as it offers a set of security measures such as confidentiality, integrity and availability. This thesis work is aimed at understanding the data security in the cloud systems, and the various security threats associated with such technology. To better understand this, a thorough literature review is conducted on a cloud technology, and some of the cloud attacks are simulated. The distributed denial of service is simulated using NS3 and EstiNet, ARP poisoning is simulated using Ettercap, and the SQL injection is simulated using Damn Vulnerable Web Application. At the end of the task, the simulation scenarios were analyzed for better understanding and the observations were concluded. It was found out that these attacks are threat to the communication channels, network bandwidth, and the information being transferred. It was also realized that these attacks could be managed effectively using appropriate cryptographic techniques or technologies to block any unauthorised access to the network.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format