277 research outputs found
A Novel Architectural Framework on IoT Ecosystem, Security Aspects and Mechanisms: A Comprehensive Survey
For the past few years, the Internet of Things (IoT) technology continues to not only gain popularity and importance, but also witnesses the true realization of everything being smart. With the advent of the concept of smart everything, IoT has emerged as an area of great potential and incredible growth. An IoT ecosystem centers around innovation perspective which is considered as its fundamental core. Accordingly, IoT enabling technologies such as hardware and software platforms as well as standards become the core of the IoT ecosystem. However, any large-scale technological integration such as the IoT development poses the challenge to ensure secure data transmission. Perhaps, the ubiquitous and the resource-constrained nature of IoT devices and the sensitive and private data being generated by IoT systems make them highly vulnerable to physical and cyber threats. In this paper, we re-define an IoT ecosystem from the core technologies view point. We propose a modified three layer IoT architecture by dividing the perception layer into elementary blocks based on their attributed functions. Enabling technologies, attacks and security countermeasures are classified under each layer of the proposed architecture. Additionally, to give the readers a broader perspective of the research area, we discuss the role of various state-of-the-art emerging technologies in the IoT security. We present the security aspects of the most prominent standards and other recently developed technologies for IoT which might have the potential to form the yet undefined IoT architecture. Among the technologies presented in this article, we give a special interest to one recent technology in IoT domain. This technology is named IQRF that stands for Intelligent Connectivity using Radio Frequency. It is an emerging technology for wireless packet-oriented communication that operates in sub-GHz ISM band (868 MHz) and which is intended for general use where wireless connectivity is needed, either in a mesh network or point-to-point (P2P) configuration. We also highlighted the security aspects implemented in this technology and we compare it with the other already known technologies. Moreover, a detailed discussion on the possible attacks is presented. These attacks are projected on the IoT technologies presented in this article including IQRF. In addition, lightweight security solutions, implemented in these technologies, to counter these threats in the proposed IoT ecosystem architecture are also presented. Lastly, we summarize the survey by listing out some common challenges and the future research directions in this field.publishedVersio
A Framework for Facilitating Secure Design and Development of IoT Systems
The term Internet of Things (IoT) describes an ever-growing ecosystem of physical objects
or things interconnected with each other and connected to the Internet. IoT devices
consist of a wide range of highly heterogeneous inanimate and animate objects. Thus, a
thing in the context of the IoT can even mean a person with blood pressure or heart rate
monitor implant or a pet with a biochip transponder. IoT devices range from ordinary
household appliances, such as smart light bulbs or smart coffee makers, to sophisticated
tools for industrial automation. IoT is currently leading a revolutionary change in many
industries and, as a result, a lot of industries and organizations are adopting the paradigm
to gain a competitive edge. This allows them to boost operational efficiency and optimize
system performance through real-time data management, which results in an optimized
balance between energy usage and throughput. Another important application area is
the Industrial Internet of Things (IIoT), which is the application of the IoT in industrial
settings. This is also referred to as the Industrial Internet or Industry 4.0, where Cyber-
Physical Systems (CPS) are interconnected using various technologies to achieve wireless
control as well as advanced manufacturing and factory automation. IoT applications
are becoming increasingly prevalent across many application domains, including smart
healthcare, smart cities, smart grids, smart farming, and smart supply chain management.
Similarly, IoT is currently transforming the way people live and work, and hence
the demand for smart consumer products among people is also increasing steadily. Thus,
many big industry giants, as well as startup companies, are competing to dominate the
market with their new IoT products and services, and hence unlocking the business value
of IoT.
Despite its increasing popularity, potential benefits, and proven capabilities, IoT is still in
its infancy and fraught with challenges. The technology is faced with many challenges, including
connectivity issues, compatibility/interoperability between devices and systems,
lack of standardization, management of the huge amounts of data, and lack of tools for
forensic investigations. However, the state of insecurity and privacy concerns in the IoT
are arguably among the key factors restraining the universal adoption of the technology.
Consequently, many recent research studies reveal that there are security and privacy issues
associated with the design and implementation of several IoT devices and Smart Applications
(smart apps). This can be attributed, partly, to the fact that as some IoT device
makers and smart apps development companies (especially the start-ups) reap business
value from the huge IoT market, they tend to neglect the importance of security. As a
result, many IoT devices and smart apps are created with security vulnerabilities, which
have resulted in many IoT related security breaches in recent years.
This thesis is focused on addressing the security and privacy challenges that were briefly
highlighted in the previous paragraph. Given that the Internet is not a secure environ ment even for the traditional computer systems makes IoT systems even less secure due
to the inherent constraints associated with many IoT devices. These constraints, which are
mainly imposed by cost since many IoT edge devices are expected to be inexpensive and
disposable, include limited energy resources, limited computational and storage capabilities,
as well as lossy networks due to the much lower hardware performance compared
to conventional computers. While there are many security and privacy issues in the IoT
today, arguably a root cause of such issues is that many start-up IoT device manufacturers
and smart apps development companies do not adhere to the concept of security by
design. Consequently, some of these companies produce IoT devices and smart apps with
security vulnerabilities.
In recent years, attackers have exploited different security vulnerabilities in IoT infrastructures
which have caused several data breaches and other security and privacy incidents
involving IoT devices and smart apps. These have attracted significant attention
from the research community in both academia and industry, resulting in a surge of proposals
put forward by many researchers. Although research approaches and findings may
vary across different research studies, the consensus is that a fundamental prerequisite for
addressing IoT security and privacy challenges is to build security and privacy protection
into IoT devices and smart apps from the very beginning. To this end, this thesis investigates
how to bake security and privacy into IoT systems from the onset, and as its main
objective, this thesis particularly focuses on providing a solution that can foster the design
and development of secure IoT devices and smart apps, namely the IoT Hardware Platform
Security Advisor (IoT-HarPSecA) framework. The security framework is expected to
provide support to designers and developers in IoT start-up companies during the design
and implementation of IoT systems. IoT-HarPSecA framework is also expected to facilitate
the implementation of security in existing IoT systems.
To accomplish the previously mentioned objective as well as to affirm the aforementioned
assertion, the following step-by-step problem-solving approach is followed. The first step
is an exhaustive survey of different aspects of IoT security and privacy, including security requirements in IoT architecture, security threats in IoT architecture, IoT application domains
and their associated cyber assets, the complexity of IoT vulnerabilities, and some
possible IoT security and privacy countermeasures; and the survey wraps up with a brief
overview of IoT hardware development platforms. The next steps are the identification of
many challenges and issues associated with the IoT, which narrowed down to the abovementioned
fundamental security/privacy issue; followed by a study of different aspects of
security implementation in the IoT. The remaining steps are the framework design thinking
process, framework design and implementation, and finally, framework performance
evaluation.
IoT-HarPSecA offers three functionality features, namely security requirement elicitation security best practice guidelines for secure development, and above all, a feature that recommends
specific Lightweight Cryptographic Algorithms (LWCAs) for both software and
hardware implementations. Accordingly, IoT-HarPSecA is composed of three main components,
namely Security Requirements Elicitation (SRE) component, Security Best Practice
Guidelines (SBPG) component, and Lightweight Cryptographic Algorithms Recommendation
(LWCAR) component, each of them servicing one of the aforementioned features.
The author has implemented a command-line tool in C++ to serve as an interface
between users and the security framework. This thesis presents a detailed description,
design, and implementation of the SRE, SBPG, and LWCAR components of the security
framework. It also presents real-world practical scenarios that show how IoT-HarPSecA
can be used to elicit security requirements, generate security best practices, and recommend
appropriate LWCAs based on user inputs. Furthermore, the thesis presents performance
evaluation of the SRE, SBPG, and LWCAR components framework tools, which
shows that IoT-HarPSecA can serve as a roadmap for secure IoT development.O termo Internet das coisas (IoT) é utilizado para descrever um ecossistema, em expansão,
de objetos físicos ou elementos interconetados entre si e à Internet. Os dispositivos
IoT consistem numa gama vasta e heterogénea de objetos animados ou inanimados e,
neste contexto, podem pertencer à IoT um indivíduo com um implante que monitoriza a
frequência cardíaca ou até mesmo um animal de estimação que tenha um biochip. Estes
dispositivos variam entre eletrodomésticos, tais como máquinas de café ou lâmpadas inteligentes,
a ferramentas sofisticadas de uso na automatização industrial. A IoT está a
revolucionar e a provocar mudanças em várias indústrias e muitas adotam esta tecnologia
para incrementar as suas vantagens competitivas. Este paradigma melhora a eficiência
operacional e otimiza o desempenho de sistemas através da gestão de dados em tempo
real, resultando num balanço otimizado entre o uso energético e a taxa de transferência.
Outra área de aplicação é a IoT Industrial (IIoT) ou internet industrial ou Indústria 4.0,
ou seja, uma aplicação de IoT no âmbito industrial, onde os sistemas ciberfísicos estão interconectados
a diversas tecnologias de forma a obter um controlo de rede sem fios, bem
como fabricações avançadas e automatização fabril. As aplicações da IoT estão a crescer
e a tornarem-se predominantes em muitos domínios de aplicação inteligentes como sistemas
de saúde, cidades, redes, agricultura e sistemas de fornecimento. Da mesma forma,
a IoT está a transformar estilos de vida e de trabalho e assim, a procura por produtos inteligentes
está constantemente a aumentar. As grandes indústrias e startups competem
entre si de forma a dominar o mercado com os seus novos serviços e produtos IoT, desbloqueando
o valor de negócio da IoT.
Apesar da sua crescente popularidade, benefícios e capacidades comprovadas, a IoT está
ainda a dar os seus primeiros passos e é confrontada com muitos desafios. Entre eles,
problemas de conectividade, compatibilidade/interoperabilidade entre dispositivos e sistemas,
falta de padronização, gestão das enormes quantidades de dados e ainda falta de
ferramentas para investigações forenses. No entanto, preocupações quanto ao estado de
segurança e privacidade ainda estão entre os fatores adversos à adesão universal desta
tecnologia. Estudos recentes revelaram que existem questões de segurança e privacidade
associadas ao design e implementação de vários dispositivos IoT e aplicações inteligentes
(smart apps.), isto pode ser devido ao facto, em parte, de que alguns fabricantes e empresas
de desenvolvimento de dispositivos (especialmente startups) IoT e smart apps., recolham
o valor de negócio dos grandes mercados IoT, negligenciando assim a importância
da segurança, resultando em dispositivos IoT e smart apps. com carências e violações de
segurança da IoT nos últimos anos.
Esta tese aborda os desafios de segurança e privacidade que foram supra mencionados.
Visto que a Internet e os sistemas informáticos tradicionais são por vezes considerados inseguros,
os sistemas IoT tornam-se ainda mais inseguros, devido a restrições inerentes a tais dispositivos. Estas restrições são impostas devido ao custo, uma vez que se espera que
muitos dispositivos de ponta sejam de baixo custo e descartáveis, com recursos energéticos
limitados, bem como limitações na capacidade de armazenamento e computacionais,
e redes com perdas devido a um desempenho de hardware de qualidade inferior, quando
comparados com computadores convencionais. Uma das raízes do problema é o facto
de que muitos fabricantes, startups e empresas de desenvolvimento destes dispositivos e
smart apps não adiram ao conceito de segurança por construção, ou seja, logo na conceção,
não preveem a proteção da privacidade e segurança. Assim, alguns dos produtos e
dispositivos produzidos apresentam vulnerabilidades na segurança.
Nos últimos anos, hackers maliciosos têm explorado diferentes vulnerabilidades de segurança
nas infraestruturas da IoT, causando violações de dados e outros incidentes de
privacidade envolvendo dispositivos IoT e smart apps. Estes têm atraído uma atenção significativa
por parte das comunidades académica e industrial, que culminaram num grande
número de propostas apresentadas por investigadores científicos. Ainda que as abordagens
de pesquisa e os resultados variem entre os diferentes estudos, há um consenso e
pré-requisito fundamental para enfrentar os desafios de privacidade e segurança da IoT,
que buscam construir proteção de segurança e privacidade em dispositivos IoT e smart
apps. desde o fabrico. Para esta finalidade, esta tese investiga como produzir segurança
e privacidade destes sistemas desde a produção, e como principal objetivo, concentra-se
em fornecer soluções que possam promover a conceção e o desenvolvimento de dispositivos
IoT e smart apps., nomeadamente um conjunto de ferramentas chamado Consultor
de Segurança da Plataforma de Hardware da IoT (IoT-HarPSecA). Espera-se que o conjunto
de ferramentas forneça apoio a designers e programadores em startups durante a
conceção e implementação destes sistemas ou que facilite a integração de mecanismos de
segurança nos sistemas préexistentes.
De modo a alcançar o objetivo proposto, recorre-se à seguinte abordagem. A primeira fase
consiste num levantamento exaustivo de diferentes aspetos da segurança e privacidade na
IoT, incluindo requisitos de segurança na arquitetura da IoT e ameaças à sua segurança,
os seus domínios de aplicação e os ativos cibernéticos associados, a complexidade das
vulnerabilidades da IoT e ainda possíveis contramedidas relacionadas com a segurança e
privacidade. Evolui-se para uma breve visão geral das plataformas de desenvolvimento
de hardware da IoT. As fases seguintes consistem na identificação dos desafios e questões
associadas à IoT, que foram restringidos às questões de segurança e privacidade. As demais
etapas abordam o processo de pensamento de conceção (design thinking), design e
implementação e, finalmente, a avaliação do desempenho.
O IoT-HarPSecA é composto por três componentes principais: a Obtenção de Requisitos
de Segurança (SRE), Orientações de Melhores Práticas de Segurança (SBPG) e a recomendação
de Componentes de Algoritmos Criptográficos Leves (LWCAR) na implementação de software e hardware. O autor implementou uma ferramenta em linha de comandos
usando linguagem C++ que serve como interface entre os utilizadores e a IoT-HarPSecA.
Esta tese apresenta ainda uma descrição detalhada, desenho e implementação das componentes
SRE, SBPG, e LWCAR. Apresenta ainda cenários práticos do mundo real que
demostram como o IoT-HarPSecA pode ser utilizado para elicitar requisitos de segurança,
gerar boas práticas de segurança (em termos de recomendações de implementação) e recomendar
algoritmos criptográficos leves apropriados com base no contributo dos utilizadores.
De igual forma, apresenta-se a avaliação do desempenho destes três componentes,
demonstrando que o IoT-HarPSecA pode servir como um roteiro para o desenvolvimento
seguro da IoT
IoT Security Evolution: Challenges and Countermeasures Review
Internet of Things (IoT) architecture, technologies, applications and security have been recently addressed by a number of researchers. Basically, IoT adds internet connectivity to a system of intelligent devices, machines, objects and/or people. Devices are allowed to automatically collect and transmit data over the Internet, which exposes them to serious attacks and threats. This paper provides an intensive review of IoT evolution with primary focusing on security issues together with the proposed countermeasures. Thus, it outlines the IoT security challenges as a future roadmap of research for new researchers in this domain
LS-AODV: A ROUTING PROTOCOL BASED ON LIGHTWEIGHT CRYPTOGRAPHIC TECHNIQUES FOR A FANET OF NANO DRONES
With the battlespace rapidly shifting to the cyber domain, it is vital to have secure, robust routing protocols for unmanned systems. Furthermore, the development of nano drones is gaining traction, providing new covert capabilities for operators at sea or on land. Deploying a flying ad hoc network (FANET) of nano drones on the battlefield comes with specific performance and security issues. This thesis provides a novel approach to address the performance and security concerns faced by FANET routing protocols, and, in our case, is specifically tailored to improve the Ad Hoc On-Demand Distance Vector (AODV) routing protocol. The proposed routing protocol, Lightweight Secure Ad Hoc On-Demand Distance Vector (LS-AODV), uses a lightweight stream cipher, Trivium, to encrypt routing control packets, providing confidentiality. The scheme also uses Chaskey-12-based message authentication codes (MACs) to guarantee the authenticity and integrity of control packets. We use a network simulator, NS-3, to compare LS-AODV against two benchmark routing protocols, AODV and the Optimized Link State Routing (OLSR) protocol, in order to gauge network performance and security benefits. The simulation results indicate that when the FANET is not under attack from black-hole nodes, LS-AODV generally outperforms OLSR but performs slightly worse than AODV. On the other hand, LS-AODV emerges as the protocol of choice when a FANET is subject to a black-hole attack.ONROutstanding ThesisLieutenant, United States NavyApproved for public release. Distribution is unlimited
Comparative study of several operation modes of AES algorithm for encryption ECG biomedical signal
Biomedical signal processing provides a cross-disciplinary international forum through which research on signal and images measurement and analysis in clinical medicine as well as biological sciences is shared. Electrocardiography (ECG) signal is more frequently used for diagnosis of cardiovascular diseases. However, the ECG signals contain sensitive private health information as well as details that serve to individually distinguish patients. For this reason, the information must be encrypted prior to transmission across public media so as to prevent unauthorized access by adversaries. In this paper, the proposed the use of the Advanced Encryption Standard algorithm (AES), which is one of a symmetric key block cipher with lightweight properties for enhances confidentiality, integrity and authentication in ECG signal transmission. However, some of the challenges arising from the use of this algorithm are computational overhead and level of security, which occur when handling more complex.The AES algorithm has different operation modes using three different key sizes which can be utilized in encrypting the whole sample of ECG biomedical signal in electronic healthcare. The experiments in this research, exhibit comparative study of using five modes of operation in AES algorithm, which are coupled with three key sizes based on the execution time and security level for the encryption of ECG biomedical signals in electronic healthcare application. Thus, we reported that the CBC mode of the AES algorithm is suitable to be applied of security purpose
A Scoping Study on Lightweight Cryptography Reviews in IoT
The efforts in designing and developing lightweight cryptography (LWC) started a decade ago. Many scholarly studies in literature report the enhancement of conventional cryptographic algorithms and the development of new algorithms. This significant number of studies resulted in the rise of many review studies on LWC in IoT. Due to the vast number of review studies on LWC in IoT, it is not known what the studies cover and how extensive the review studies are. Therefore, this article aimed to bridge the gap in the review studies by conducting a systematic scoping study. It analyzed the existing review articles on LWC in IoT to discover the extensiveness of the reviews and the topics covered. The results of the study suggested that many review studies are classified as overview-types of review focusing on generic LWC. Further, the topics of the reviews mainly focused on symmetric block cryptography, while limited reviews were found on asymmetric-key and hash in LWC. The outcomes of this study revealed that the reviews in LWC in IoT are still in their premature stage and researchers are encouraged to explore by conducting review studies in the less-attended areas. An extensive review of studies that cover these two topics is deemed necessary to establish a balance of scholarly works in LWC for IoT and encourage more empirical research in the area
Lightweight Authentication for Low-End Control Units with Hardware Based Individual Keys*
With increasing autonomous features of vehicles, key issues of robotic- and automotive engineering converge toward each other. Closing existing security gaps of device communication networks will be an enabling feature for connecting autonomously interacting systems in a more secure way. We introduce a novel approach for deriving a secret key using a lightweight cipher in the firmware of a low-end control unit. In this approach, we propose to use a non-standardized lightweight algorithm with unique hardware based parameters to prevent duplicate key generation. The randomness of the selected cipher was assessed by applying the NIST statistical test suite to produced key values. By evaluating the method on a typical low-end automotive platform, we could demonstrate the realistic applicability of the solution. The proposed method counteracts a known security issue in device communication between control units not only present in automotive solutions but also in the robotics domain. The security of the implemented solution has been compared to current automotive guidelines and recommendations for the security of resource constrained devices, also present in robotics. This approach allows low-end communication systems to be enhanced by message- and device authentication
- …