IoT Security Evolution: Challenges and Countermeasures Review

Internet of Things (IoT) architecture, technologies, applications and security have been recently addressed by a number of researchers. Basically, IoT adds internet connectivity to a system of intelligent devices, machines, objects and/or people. Devices are allowed to automatically collect and transmit data over the Internet, which exposes them to serious attacks and threats. This paper provides an intensive review of IoT evolution with primary focusing on security issues together with the proposed countermeasures. Thus, it outlines the IoT security challenges as a future roadmap of research for new researchers in this domain

Software-based Analysis of the Security by Design in Embedded Devices

International audienceThe growth of embedded devices like IoT or networking devices makes them major targets for attackers in the Internet. They are known to face security issues because of their bad design and/or configuration. In this paper, we propose a systematic method to evaluate the security of an embedded device. It relies on a firmware analysis to extract relevant information about its software composition. Based on our large IoT database, our work aims at providing a global and long-term (10 years) analysis of the security by design of firmwares and of the awareness and versatility of vendors in regards to security issues

FL4IoT: IoT Device Fingerprinting and Identification Using Federated Learning

Unidentified devices in a network can result in devastating consequences. It is, therefore, necessary to fingerprint and identify IoT devices connected to private or critical networks. With the proliferation of massive but heterogeneous IoT devices, it is getting challenging to detect vulnerable devices connected to networks. Current machine learning-based techniques for fingerprinting and identifying devices necessitate a significant amount of data gathered from IoT networks that must be transmitted to a central cloud. Nevertheless, private IoT data cannot be shared with the central cloud in numerous sensitive scenarios. Federated learning (FL) has been regarded as a promising paradigm for decentralized learning and has been applied in many different use cases. It enables machine learning models to be trained in a privacy-preserving way. In this article, we propose a privacy-preserved IoT device fingerprinting and identification mechanisms using FL; we call it FL4IoT. FL4IoT is a two-phased system combining unsupervised-learning-based device fingerprinting and supervised-learning-based device identification. FL4IoT shows its practicality in different performance metrics in a federated and centralized setup. For instance, in the best cases, empirical results show that FL4IoT achieves ∼99% accuracy and F1-Score in identifying IoT devices using a federated setup without exposing any private data to a centralized cloud entity. In addition, FL4IoT can detect spoofed devices with over 99% accuracy

A Systematic Review of IoT Communication Strategies for an Efficient Smart Environment

The massive increase in actuators, industrial devices, health-care devices, and sensors, have led to the implementation of the Internet of Things (IoT), fast and flexible information technology communication between the devices. As such, responding to the needs in speedily way, and matching the smart services with modified requirements, IoT communications have facilitated the interconnections of things between applications, users, and smart devices. In order to gain extra advantage of the numerous services of the Internet. In this paper, the authors first, provided a comprehensive analysis on the IoT communication strategies and applications for smart devices based on a Systematic Literature Review (SLR). Then, the communication strategies and applications are categorized into four main topics including device to device, device to cloud, device to gateway and device to application scenarios. Furthermore, a technical taxonomy is presented to classify the existing papers according to search-based methodology in the scientific databases. The technical taxonomy presents five categories for IoT communication applications including monitoring-based communications, routing-based communications, health-based communications, Intrusion-based communications, and resource-based communications. The evaluation factors and infrastructure attributes are discussed based on some technical questions. Finally, some new challenges and forthcoming issues of future IoT communications are presented

Latency based device fingerprinting in a low-power industrial wireless sensor network

Security is a key challenge for any IIoT network and more so for constrained IWSN deployments. Novel methods are thus required to enhance security, taking into consideration the lossy and low power nature of the IWSN. The use of ICMP packets is proposed as a method to generate fingerprinting information for IWSN devices. The ICMP based method uses the round-trip time information in the ICMP header as a fingerprinting metric. The results showed that the effect of the physical layer can be averaged out of the measurement if enough samples are available. A linear relationship was found between hop count and round-trip time for a static network which can be used in the design phase of the IWSN network or alternatively as a method to fingerprint routing anomalies in real-time. The ICMP method was able to differentiate between devices from different vendors, but unable to fingerprint devices from the same vendor due to physical layer interference. The work shows that fingerprinting in an IWSN using the ICMP method is possible if the timing delta under investigation is an order of magnitude larger than the timing variation introduced by the physical layer while maintaining a reasonable signal-to-noise ratio.Dissertation (MEng (Computer Engineering))--University of Pretoria, 2021.Electrical, Electronic and Computer EngineeringMEng (Computer Engineering)Unrestricte

An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks

In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF

Cybersafety guidelines to prepare South African schools for the 4th Industrial Revolution

M.Ed. (ICT in Education)Abstract: Technology has become one of the driving forces behind what people do and how they do it. Technology is changing all aspects of human interaction, work-related processes and information sharing. Technology has allowed people to create global networks, print objects in 3D, create digital currencies and created virtual online worlds (cyberspace). Cyberspace allows billions of people across the globe to instantly connect, without boundaries, to anywhere in the world. Instant messages, videos and documents can be uploaded to cyberspace and shared to all other cyber users who are connected. Connectivity has become the focus of world economies and personal interactions and the basis for online social communities. Technological devices have become cheaper and more available to individuals and the cost of accessing cyberspace is slowly becoming affordable across the world. Information and Communication Technologies (ICT) has changed reality as we know it. The advantages of ICT are enormous to industries and governments, as well individual cyber users. Education, online banking, shopping, socialising and work are some of the actions that have changed for the better due to technology..

Strategies for Integrating the Internet of Things in Educational Institutions

The introduction of the Internet of Things (IoT) into educational institutions has necessitated the integration of IoT devices in the information technology (IT) infrastructural environment of educational institutions. Many IT leaders at educational institutions, however, lack strategies for integrating and deploying IoT devices in their institutions, which has resulted in numerous security breaches. The purpose of this study was to explore security strategies adopted by IT administrators to prevent data breaches resulting from the integration of IoT devices in their educational institutions. The diffusion of innovations theory served as the conceptual framework for this qualitative multiple case study. Eleven IT leaders in 11 public K–12 educational institutions, who had successfully integrated IoT in their educational institutions in the United States Midwest region, were interviewed. Thematic analysis was the data analysis strategy. The 3 major themes that emerged were (a) organizational breach prevention, (b) infrastructure management—external to IT, and (c) policy management—internal to IT. A key recommendation is for IT leaders to develop strategies to harness the efficiencies and stabilities that exist during the integration of IoT devices in their educational institutions. The implications for social change include the potential for securely transforming the delivery of education to students and ensuring the safety of academic personnel by identifying strategies that IT leaders can use to securely integrate IoT devices in educational settings