Security in Vehicles With IoT by Prioritization Rules, Vehicle Certificates, and Trust Management

[EN] The Internet of Vehicles (IoV) provides new opportunities for the coordination of vehicles for enhancing safety and transportation performance. Vehicles can be coordinated for avoiding collisions by communicating their positions when near to each other, in which the information flow is indexed by their geographical positions or the ones in road maps. Vehicles can also be coordinated to ameliorate traffic jams by sharing their locations and destinations. Vehicles can apply optimization algorithms to reduce the overuse of certain streets without excessively enlarging the paths. In this way, traveling time can be reduced. However, IoV also brings security challenges, such as keeping safe from virtual hijacking. In particular, vehicles should detect and isolate the hijacked vehicles ignoring their communications. The current work presents a technique for enhancing security by applying certain prioritization rules, using digital certificates, and applying trust and reputation policies for detecting hijacked vehicles. We tested the proposed approach with a novel agent-based simulator about security in Internet of Things (IoT) for vehicle-to-vehicle communications. The experiments focused on the scenario of avoidance of collisions with hijacked vehicles misinforming other vehicles. The results showed that the current approach increased the average speed of vehicles with a 64.2% when these are giving way to other vehicles in a crossing by means of IoT.This work was supported by Harvard University (stay funded by T49_17R), University of Zaragoza (JIUZ-2017-TEC-03), Foundation Bancaria Ibercaja, Foundation CAI (IT1/18), University Foundation Antonio Gargallo (call 2017), and "Ministerio de Economia y Competitividad" in the "Programa Estatal de Fomento de la Investigacion Cientifica y Tecnica de Excelencia, Subprograma Estatal de Generacion de Conocimiento" (TIN2017-84802-C2-1-P).García-Magariño, I.; Sendra, S.; Lacuesta, R.; Lloret, J. (2019). Security in Vehicles With IoT by Prioritization Rules, Vehicle Certificates, and Trust Management. IEEE Internet of Things. 6(4):5927-5934. https://doi.org/10.1109/JIOT.2018.2871255S592759346

Agent-based IoT Coordination for Smart Cities Considering Security and Privacy

The interest in Internet of Things (IoT) is increasing steeply, and the use of their smart objects and their composite services may become widespread in the next few years increasing the number of smart cities. This technology can benefit from scalable solutions that integrate composite services of multiple-purpose smart objects for the upcoming large-scale use of integrated services in IoT. This work proposes an agent-based approach for supporting large-scale use of IoT for providing complex integrated services. Its novelty relies in the use of distributed blackboards for implicit communications, decentralizing the storage and management of the blackboard information in the smart objects, which are accessed by nearby requests. This avoids (a) the common bottlenecks of implicit communications based on centralized blackboards and (b) the overload of bandwidth due to explicit peer-to-peer communications. This solution raises challenges in privacy and security, and some potential solutions are discussed in this paper. Simulations based on a region in Dublin city shows the potential utility of this approach illustrated in the domain of coordination of electric vehicles in selecting paths and charging stations

Location closeness model for VANETs with integration of 5G

Nowadays. 5G is playing a significant role in the efficiency of network security and creating more and faster channels for communication. 5G is evoking industries such as healthcare, education, marketing, transportation, and V2X (Vehicle-to-everything). In addition. 5G considers a new radio access technology that is adding new applications like the Internet of Tilings (IoT). Augmented Reality. Virtual Reality, connected cars, connected people-to-people, smart city, connected homes that are considered using higher bandwidth and low latency. Mainly, this paper is focusing on security challenges faced by the Vehicular ad-hoc network (VANET). VANET faces threats in three different fields: Security, safety, and infotainment, which further have numerous attacks. More precisely, this research conducted an in-depth study and proposed a VANET trust model. Therefore the proposed model deals specifically with the "location closenessb" parameter. Moreover, the trust model integrated with 5G cloud to support greater coverage, effective network density with respect to network infrastructure and IoT as well. Therefore, in this article, an effort has been put forward to implement the model using case studies to validate the trust model based on the "location closeness parameter. The results proved the valid implementation of the model by identifying the trusted communication between the vehicles

A Secure Integrated Framework for Fog-Assisted Internet of Things Systems

Fog-Assisted Internet of Things (Fog-IoT) systems are deployed in remote and unprotected environments, making them vulnerable to security, privacy, and trust challenges. Existing studies propose security schemes and trust models for these systems. However, mitigation of insider attacks, namely blackhole, sinkhole, sybil, collusion, self-promotion, and privilege escalation, has always been a challenge and mostly carried out by the legitimate nodes. Compared to other studies, this paper proposes a framework featuring attribute-based access control and trust-based behavioural monitoring to address the challenges mentioned above. The proposed framework consists of two components, the security component (SC) and the trust management component (TMC). SC ensures data confidentiality, integrity, authentication, and authorization. TMC evaluates Fog-IoT entities’ performance using a trust model based on a set of QoS and network communication features. Subsequently, trust is embedded as an attribute within SC’s access control policies, ensuring that only trusted entities are granted access to fog resources. Several attacking scenarios, namely DoS, DDoS, probing, and data theft are designed to elaborate on how the change in trust triggers the change in access rights and, therefore, validates the proposed integrated framework’s design principles. The framework is evaluated on a Raspberry Pi 3 Model B to benchmark its performance in terms of time and memory complexity. Our results show that both SC and TMC are lightweight and suitable for resource-constrained devices

A Framework for Integrating Transportation Into Smart Cities

In recent years, economic, environmental, and political forces have quickly given rise to “Smart Cities” -- an array of strategies that can transform transportation in cities. Using a multi-method approach to research and develop a framework for smart cities, this study provides a framework that can be employed to: Understand what a smart city is and how to replicate smart city successes; The role of pilot projects, metrics, and evaluations to test, implement, and replicate strategies; and Understand the role of shared micromobility, big data, and other key issues impacting communities. This research provides recommendations for policy and professional practice as it relates to integrating transportation into smart cities

Analysis of Feedback Evaluation for Trust Management Models in the Internet of Things

The Internet of Things (IoT) is transforming the world into an ecosystem of objects that communicate with each other to enrich our lives. The devices’ collaboration allows the creation of complex applications, where each object can provide one or more services needed for global benefit. The information moves to nodes in a peer-to-peer network, in which the concept of trustworthiness is essential. Trust and Reputation Models (TRMs) are developed with the goal of guaranteeing that actions taken by entities in a system reflect their trustworthiness values and to prevent these values from being manipulated by malicious entities. The cornerstone of any TRM is the ability to generate a coherent evaluation of the information received. Indeed, the feedback generated by the consumers of the services has a vital role as the source of any trust model. In this paper, we focus on the generation of the feedback and propose different metrics to evaluate it. Moreover, we illustrate a new collusive attack that influences the evaluation of the received services. Simulations with a real IoT dataset show the importance of feedback generation and the impact of the new proposed attack

TrustE-VC: Trustworthy Evaluation Framework for Industrial Connected Vehicles in the Cloud

The integration between cloud computing and vehicular ad hoc networks, namely, vehicular clouds (VCs), has become a significant research area. This integration was proposed to accelerate the adoption of intelligent transportation systems. The trustworthiness in VCs is expected to carry more computing capabilities that manage large-scale collected data. This trend requires a security evaluation framework that ensures data privacy protection, integrity of information, and availability of resources. To the best of our knowledge, this is the first study that proposes a robust trustworthiness evaluation of vehicular cloud for security criteria evaluation and selection. This article proposes three-level security features in order to develop effectiveness and trustworthiness in VCs. To assess and evaluate these security features, our evaluation framework consists of three main interconnected components: 1) an aggregation of the security evaluation values of the security criteria for each level; 2) a fuzzy multicriteria decision-making algorithm; and 3) a simple additive weight associated with the importance-performance analysis and performance rate to visualize the framework findings. The evaluation results of the security criteria based on the average performance rate and global weight suggest that data residency, data privacy, and data ownership are the most pressing challenges in assessing data protection in a VC environment. Overall, this article paves the way for a secure VC using an evaluation of effective security features and underscores directions and challenges facing the VC community. This article sheds light on the importance of security by design, emphasizing multiple layers of security when implementing industrial VCsThis work was supported in part by the Ministry of Education, Culture, and Sport, Government of Spain under Grant TIN2016-76373-P, in part by the Xunta de Galicia Accreditation 2016–2019 under Grant ED431G/08 and Grant ED431C 2018/2019, and in part by the European Union under the European Regional Development FundS

The Applications of Blockchain To Cybersecurity

A blockchain is a decentralized public ledger facilitating secure transactions between untrusted network nodes. It has garnered significant recognition for its pivotal role in cryptocurrency systems, where it ensures secure and decentralized transaction records. Over the past decade, blockchain has attracted considerable attention from various industries, as it holds the potential to revolutionize multiple sectors, including cybersecurity. However, this field of study is relatively new, and numerous questions remain unanswered regarding the effectiveness of blockchain in cybersecurity. This research adopted a qualitative research design to investigate the current implementations of blockchain-based security and their applicability in the current cybersecurity context. Additionally, this work explored the mechanisms employed by blockchain to uphold the security triad. Findings indicate that blockchain exhibits substantial potential in addressing existing challenges in cybersecurity, particularly those related to the Internet of Things, data integrity and ownership, and network security. Nonetheless, widespread adoption faces limitations due to technological immaturity, high-cost complexity, and regulatory hurdles. Therefore, utilizing blockchain-based solutions in cybersecurity necessitates a thorough analysis of their applicability to an organization\u27s specific needs, a clear definition of implementation goals, and careful navigation of challenges

Identification of misbehavior detection solutions and risk scenarios in advanced connected and automated driving scenarios

The inclusion of 5G cellular communication system into vehicles, combined with other connected-vehicle technology, such as sensors and cameras, makes connected and advanced vehicles a promising application in the Cooperative Intelligent Transport Systems. One of the most challenging task is to provide resilience against misbehavior i.e., against vehicles that intentionally disseminate false information to deceive receivers and induce them to manoeuvre incorrectly or even dangerously. This calls for misbehaviour detection mechanisms, whose purpose is to analyze information semantics to detect and filter attacks. As a result, data correctness and integrity are ensured. Misbehaviour and its detection are rather new concepts in the literature; there is a lack of methods that leverage the available information to prove its trustworthiness. This is mainly because misbehaviour techniques come with several flavours and have different unpredictable purposes, therefore providing precise guidelines is rather ambitious. Moreover, dataset to test detection schemes are rare to find and inconvenient to customize and adapt according to needs. This work presents a misbehaviour detection scheme that exploits information shared between vehicles and received signal properties to investigate the behaviour of transmitters. Differently from most available solutions, this is based on the data of the on-board own resources of the vehicle. Computational effort and resources required are minor concerns, and concurrently time efficiency is gained. Also, the project addresses three different types of attack to show that detecting misbehaviour methods are more vulnerable to some profile of attacker than others. Moreover, a rich dataset was set up to test the scheme. The dataset was created according to the latest standardised evaluation methodologies and provides a valuable starting point for any further development and research

Cyber Security and Critical Infrastructures 2nd Volume

The second volume of the book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles, including an editorial that explains the current challenges, innovative solutions and real-world experiences that include critical infrastructure and 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems