Network traffic analysis for threats detection in the Internet of Things

As the prevalence of the Internet of Things (IoT) continues to increase, cyber criminals are quick to exploit the security gaps that many devices are inherently designed with. Users cannot be expected to tackle this threat alone, and many current solutions available for network monitoring are simply not accessible or can be difficult to implement for the average user, which is a gap that needs to be addressed. This article presents an effective signature-based solution to monitor, analyze, and detect potentially malicious traffic for IoT ecosystems in the typical home network environment by utilizing passive network sniffing techniques and a cloud application to monitor anomalous activity. The proposed solution focuses on two attack and propagation vectors leveraged by the infamous Mirai botnet, namely DNS and Telnet. Experimental evaluation demonstrates the proposed solution can detect 98.35 percent of malicious DNS traffic and 99.33 percent of Telnet traffic for an overall detection accuracy of 98.84 percent

PAbAC : a privacy preserving attribute based framework for fine grained access control in clouds

Several existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. Moreover, to keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired. In addition, access control policies as well as users’ access patterns are also considered as sensitive information that should be protected from the cloud. In this paper, we propose PAbAC, a novel privacy preserving Attribute-based framework, that combines attribute-based encryption and attribute-based signature mechanisms for securely sharing outsourced data via the public cloud. Our proposal is multifold. First, it ensures fine-grained cryptographic access control enforced at the data owner’s side, while providing the desired expressiveness of the access control policies. Second, PAbAC preserves users’ privacy, while hiding any identifying information used to satisfy the access control. Third, PAbAC is proven to be highly scalable and efficient for sharing outsourced data in remote servers, at both the client and the cloud provider side

PHOABE : securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT

Attribute based encryption (ABE) is an encrypted access control mechanism that ensures efficient data sharing among dynamic group of users. Nevertheless, this encryption technique presents two main drawbacks, namely high decryption cost and publicly shared access policies, thus leading to possible users’ privacy leakage. In this paper, we introduce PHOABE, a Policy-Hidden Outsourced ABE scheme. Our construction presents several advantages. First, it is a multi-attribute authority ABE scheme. Second, the expensive computations for the ABE decryption process is partially delegated to a Semi Trusted Cloud Server. Third, users’ privacy is protected thanks to a hidden access policy. Fourth, PHOABE is proven to be selectively secure, verifiable and policy privacy preserving under the random oracle model. Five, estimation of the processing overhead proves its feasibility in IoT constrained environments

Constant-size threshold attribute based SignCryption for cloud applications

In this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving users’ privacy as the identifying information for satisfying the access control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the Computational Diffie Hellman Assumption (CDH) are hard

Privacy Enhancing Technologies for solving the privacy-personalization paradox : taxonomy and survey

Personal data are often collected and processed in a decentralized fashion, within different contexts. For instance, with the emergence of distributed applications, several providers are usually correlating their records, and providing personalized services to their clients. Collected data include geographical and indoor positions of users, their movement patterns as well as sensor-acquired data that may reveal users’ physical conditions, habits and interests. Consequently, this may lead to undesired consequences such as unsolicited advertisement and even to discrimination and stalking. To mitigate privacy threats, several techniques emerged, referred to as Privacy Enhancing Technologies, PETs for short. On one hand, the increasing pressure on service providers to protect users’ privacy resulted in PETs being adopted. One the other hand, service providers have built their business model on personalized services, e.g. targeted ads and news. The objective of the paper is then to identify which of the PETs have the potential to satisfy both usually divergent - economical and ethical - purposes. This paper identifies a taxonomy classifying eight categories of PETs into three groups, and for better clarity, it considers three categories of personalized services. After defining and presenting the main features of PETs with illustrative examples, the paper points out which PETs best fit each personalized service category. Then, it discusses some of the inter-disciplinary privacy challenges that may slow down the adoption of these techniques, namely: technical, social, legal and economic concerns. Finally, it provides recommendations and highlights several research directions

PROUD : verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications

The ever-growing number of Internet connected devices poses several cybersecurity risks. Most of the exchanged data between the Internet of Things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attribute Based SignCryption (ABSC) is a powerful cryptographic mechanism suitable for distributed environments, providing flexible access control and data secrecy. However, it imposes high designcryption costs, and does not support access policy update (user addition/revocation). This paper presents PROUD, an ABSC solution, to securely outsource data designcryption process to edge servers in order to reduce the computation overhead on the user side. PROUD allows end-users to offload most of the designcryption overhead to an edge server and verify the correctness of the received partially designcrypted data from the edge server. Moreover, PROUD provides the access policy update feature with neither involving a proxy-server, nor re-signcrypting the signcrypted message and re-distributing the users’ secret keys. The access policy update feature in PROUD does not affect the size of the message received by the end-user which reduces the bandwidth and the storage usage. Our comprehensive theoretical and experimental analysis prove that PROUD outperforms existing schemes in terms of functionality, communication and computation overhead

A Service-Oriented Approach for Sensing in the Internet of Things: Intelligent Transportation Systems and Privacy Use Cases

This paper presents a Sensing-as-a-Service run-time Service Oriented Architecture (SOA), called 3SOA, for the development of Internet of Things (IoT) applications. 3SOA aims to allow interoperability among various IoT platforms and support service-oriented modelling at high levels of abstraction where fundamental SOA theories and techniques are fully integrated into a practical software engineering approach. 3SOA abstracts the dependencies of the middleware programming model from the application logic. This abstraction allows the development efforts to focus on writing the application logic independently from hardware platforms, middleware, and languages in which applications are programmed. To achieve this result, IoT objects are treated as independent entities that may interact with each other using a well-defined message exchange sequence. Each object is defined by the services it provides and the coordination protocol it supports. Objects are then able to coordinate their resources to address the global objectives of the system. To practically validate our proposals, we demonstrate an intelligent transportation system and data privacy functional prototypes as proof of concepts. The use cases show that 3SOA and the presented abstraction language allow the amalgamation of macroprogramming and node-centric programming to develop real-time and efficient applications over IoT

Security challenges of Internet of Underwater Things : a systematic literature review

Water covers approximately 71% of the earth surface, yet much of the underwater world remains unexplored due to technology limitations. Internet of Underwater Things (IoUT) is a network of underwater objects that enables monitoring subsea environment remotely. Underwater Wireless Sensor Network (UWSN) is the main enabling technology for IoUT. UWSNs are characterised by the limitations of the underlying acoustic communication medium, high energy consumption, lack of hardware resources to implement computationally intensive tasks and dynamic network topology due to node mobility. These characteristics render UNWSNs vulnerable to different attacks, such as Wormhole, Sybil, flooding, jamming, spoofing and Denial of Service (DoS) attacks. This article reviews peer-reviewed literature that addresses the security challenges and attacks on UWSNs as well as possible mitigative solutions. Findings show that the biggest contributing factors to security threats in UWSNs are the limited energy supply, the limited communication medium and the harsh underwater communication conditions. Researchers in this field agree that the security measures of terrestrial wireless sensor networks are not directly applicable to UWSNs due to the unique nature of the underwater environment where resource management becomes a significant challenge. This article also outlines future research directions on security and privacy challenges of IoUT and UWSN

Penile hair coil strangulation of the child

AbstractWe report the case of a child with a delayed presentation of penile strangulation with a coil of hair that resulted in a complete transection of the urethra. Hair coil strangulation of the penis is uncommon. It is also known as penile Tourniquet syndrome. It has been reported with circumcised and uncircumcised penises and it can lead to serious complications like the amputation of the penis. Prompt diagnosis and treatment are necessary to prevent complications