Lightweight payload encryption-based authentication scheme for advanced metering infrastructure sensor networks

The Internet of Things (IoT) connects billions of sensors to share and collect data at any time and place. The Advanced Metering Infrastructure (AMI) is one of the most important IoT applications. IoT supports AMI to collect data from smart sensors, analyse and measure abnormalities in the energy consumption pattern of sensors. However, two-way communication in distributed sensors is sensitive and tends towards security and privacy issues. Before deploying distributed sensors, data confidentiality and privacy and message authentication for sensor devices and control messages are the major security requirements. Several authentications and encryption protocols have been developed to provide confidentiality and integrity. However, many sensors in distributed systems, resource constraint smart sensors, and adaptability of IoT communication protocols in sensors necessitate designing an efficient and lightweight security authentication scheme. This paper proposes a Payload Encryption-based Optimisation Scheme for lightweight authentication (PEOS) on distributed sensors. The PEOS integrates and optimises important features of Datagram Transport Layer Security (DTLS) in Constrained Application Protocol (CoAP) architecture instead of implementing the DTLS in a separate channel. The proposed work designs a payload encryption scheme and an Optimised Advanced Encryption Standard (OP-AES). The PEOS modifies the DTLS handshaking and retransmission processes in PEOS using payload encryption and NACK messages, respectively. It also removes the duplicate features of the protocol version and sequence number without impacting the performance of CoAP. Moreover, the PEOS attempts to improve the CoAP over distributed sensors in the aspect of optimised AES operations, such as parallel execution of S-boxes in SubBytes and delayed Mixcolumns. The efficiency of PEOS authentication is evaluated on Conitki OS using the Cooja simulator for lightweight security and authentication. The proposed scheme attains better throughput while minimising the message size overhead by 9% and 23% than the existing payload-based mutual authentication PbMA and basic DTLS/CoAP scheme in random network topologies with less than 50 nodes

Internet of Things for system integrity: a comprehensive survey on security, attacks and countermeasures for industrial applications

The growth of the Internet of Things (IoT) offers numerous opportunities for developing industrial applications such as smart grids, smart cities, smart manufacturers, etc. By utilising these opportunities, businesses engage in creating the Industrial Internet of Things (IIoT). IoT is vulnerable to hacks and, therefore, requires various techniques to achieve the level of security required. Furthermore, the wider implementation of IIoT causes an even greater security risk than its benefits. To provide a roadmap for researchers, this survey discusses the integrity of industrial IoT systems and highlights the existing security approaches for the most significant industrial applications. This paper mainly classifies the attacks and possible security solutions regarding IoT layers architecture. Consequently, each attack is connected to one or more layers of the architecture accompanied by a literature analysis on the various IoT security countermeasures. It further provides a critical analysis of the existing IoT/IIoT solutions based on different security mechanisms, including communications protocols, networking, cryptography and intrusion detection systems. Additionally, there is a discussion of the emerging tools and simulations used for testing and evaluating security mechanisms in IoT applications. Last, this survey outlines several other relevant research issues and challenges for IoT/IIoT security

Customised Intrusion Detection for an Industrial IoT Heterogeneous Network Based on Machine Learning Algorithms Called FTL-CID

Technological breakthroughs in the Internet of Things (IoT) easily promote smart lives for humans by connecting everything through the Internet. The de facto standardised IoT routing strategy is the routing protocol for low-power and lossy networks (RPL), which is applied in various heterogeneous IoT applications. Hence, the increase in reliance on the IoT requires focus on the security of the RPL protocol. The top defence layer is an intrusion detection system (IDS), and the heterogeneous characteristics of the IoT and variety of novel intrusions make the design of the RPL IDS significantly complex. Most existing IDS solutions are unified models and cannot detect novel RPL intrusions. Therefore, the RPL requires a customised global attack knowledge-based IDS model to identify both existing and novel intrusions in order to enhance its security. Federated transfer learning (FTL) is a trending topic that paves the way to designing a customised RPL-IoT IDS security model in a heterogeneous IoT environment. In this paper, we propose a federated-transfer-learning-assisted customised distributed IDS (FT-CID) model to detect RPL intrusion in a heterogeneous IoT. The design process of FT-CID includes three steps: dataset collection, FTL-assisted edge IDS learning, and intrusion detection. Initially, the central server initialises the FT-CID with a predefined learning model and observes the unique features of different RPL-IoTs to construct a local model. The experimental model generates an RPL-IIoT dataset with normal and abnormal traffic through simulation on the Contiki-NG OS. Secondly, the edge IDSs are trained using the local parameters and the globally shared parameters generated by the central server through federation and aggregation of different local parameters of various edges. Hence, transfer learning is exploited to update the server’s and edges’ local and global parameters based on relational knowledge. It also builds and customised IDS model with partial retraining through local learning based on globally shared server knowledge. Finally, the customised IDS in the FT-CID model enforces the detection of intrusions in heterogeneous IoT networks. Moreover, the FT-CID model accomplishes high RPL security by implicitly utilising the local and global parameters of different IoTs with the assistance of FTL. The FT-CID detects RPL intrusions with an accuracy of 85.52% in tests on a heterogeneous IoT network