Security Evaluation of Arduino Projects Developed by Hobbyist IoT Programmers

Arduino is an open-source electronics platform based on cheap hardware and the easy-to-use software Integrated Development Environment (IDE). Nowadays, because of its open-source nature and its simple and accessible user experience, Arduino is ubiquitous and used among hobbyist and novice programmers for Do It Yourself (DIY) projects, especially in the Internet of Things (IoT) domain. Unfortunately, such diffusion comes with a price. Many developers start working on this platform without having a deep knowledge of the leading security concepts in Information and Communication Technologies (ICT). Their applications, often publicly available on GitHub (or other code-sharing platforms), can be taken as examples by other developers or downloaded and used by non-expert users, spreading these issues in other projects. For these reasons, this paper aims at understanding the current landscape by analyzing a set of open-source DIY IoT projects and looking for potential security issues. Furthermore, the paper classifies those issues according to the proper security category. This study’s results offer a deeper understanding of the security concerns in Arduino projects created by hobbyist programmers and the dangers that may be faced by those who use these projects

A Gateway-based MUD Architecture to Enhance Smart Home Security

Smart home systems, including consumer-grade Internet of Things (IoT) devices, are in a dangerous situation. On the one hand, the number of smart homes is increasing. On the other hand, the devices in these dwellings are often affected by vulnerabilities that could be exploited to generate massive (distributed) attacks. To mitigate the issue of having compromised devices involved in such attacks, the Internet Engineering Task Force (IETF) recently proposed a new standard: the Manufacturer Usage Description (MUD). The main contribution of this paper is to propose a slightly extended version of the MUD architecture. This architecture is centered around a smart home gateway (SHG) that can be extended through the contributions of plug-in developers. Indeed, our proposed approach allows developers to specify which endpoints their plug-ins need to reach. These requirements will then be processed to generate a consolidated gateway-level MUD file exposed by the SHG itself. Thus, thanks to this solution and developers’ intervention, even devices that are not natively “MUD-enabled” would be protected by the MUD standard if integrated through a proper plug-in. Moreover, these requirements are transparent for the device itself. To demonstrate the feasibility of this approach, we realized a proof-of-concept for a widespread open-source smart home gateway: Home Assistant

Perception of Security Issues in the Development of Cloud-IoT Systems by a Novice Programmer

It is very hard (or ineffective) to take an old system and add to it security features like plug-ins. Therefore, a computer system is much more reliable designed with the approach of security-by-design. Nowadays, there are several tools, middlewares, and platforms designed with this concept in mind, but they must be appropriately used to guarantee a suitable level of reliability and safety. A security-by-design approach is fundamental when creating a distributed application in the IoT field, composed of sensors, actuators, and cloud services. The IoT usually requires handling different programming languages and technologies in which a developer might not be very expert. Through a use case, we analyzed the security of some IoT components of Amazon Web Services (AWS) from a novice programmer's point of view. Even if such a platform could be secure by itself, a novice programmer could do something wrong and leave some possible attack points to a malicious user. To this end, we also surveyed a small pool of novice IoT programmers from a consulting engineering company. Even if we discovered that AWS seems quite robust, we noticed that some common security concepts are often not clear or applied, leaving the door open to possible issues

Security at the Edge for Resource-Limited IoT Devices

The Internet of Things (IoT) is rapidly growing, with an estimated 14.4 billion active endpoints in 2022 and a forecast of approximately 30 billion connected devices by 2027. This proliferation of IoT devices has come with significant security challenges, including intrinsic security vulnerabilities, limited computing power, and the absence of timely security updates. Attacks leveraging such shortcomings could lead to severe consequences, including data breaches and potential disruptions to critical infrastructures. In response to these challenges, this research paper presents the IoT Proxy, a modular component designed to create a more resilient and secure IoT environment, especially in resource-limited scenarios. The core idea behind the IoT Proxy is to externalize security-related aspects of IoT devices by channeling their traffic through a secure network gateway equipped with different Virtual Network Security Functions (VNSFs). Our solution includes a Virtual Private Network (VPN) terminator and an Intrusion Prevention System (IPS) that uses a machine learning-based technique called oblivious authentication to identify connected devices. The IoT Proxy’s modular, scalable, and externalized security approach creates a more resilient and secure IoT environment, especially for resource-limited IoT devices. The promising experimental results from laboratory testing demonstrate the suitability of IoT Proxy to secure real-world IoT ecosystems

A Distinct Pathway Remodels Mitochondrial Cristae and Mobilizes Cytochrome c during Apoptosis

AbstractThe mechanism during apoptosis by which cytochrome c is rapidly and completely released in the absence of mitochondrial swelling is uncertain. Here, we show that two distinct pathways are involved. One mediates release of cytochrome c across the outer mitochondrial membrane, and another, characterized in this study, is responsible for the redistribution of cytochrome c stored in intramitochondrial cristae. We have found that the “BH3-only” molecule tBID induces a striking remodeling of mitochondrial structure with mobilization of the cytochrome c stores (∼85%) in cristae. This reorganization does not require tBID's BH3 domain and is independent of BAK, but is inhibited by CsA. During this process, individual cristae become fused and the junctions between the cristae and the intermembrane space are opened

Work and heat probability distributions in out-of-equilibrium systems

We review and discuss the equations governing the distribution of work done on a system which is driven out of equilibrium by external manipulation, as well as those governing the entropy flow to a reservoir in a nonequilibrium system. We take advantage of these equations to investigate the path phase transition in a manipulated mean-field Ising model and the large-deviation function for the heat flow in the asymmetric exclusion process with periodically varying transition probabilities.Comment: Contribution to Proceedings of "Work, Dissipation, and Fluctuations in Nonequilibrium Physics", Brussels, 200

The solution structure of the first PHD finger of autoimmune regulator in complex with non-modified histone H3 tail reveals the antagonistic role of H3R2 methylation

Plant homeodomain (PHD) fingers are often present in chromatin-binding proteins and have been shown to bind histone H3 N-terminal tails. Mutations in the autoimmune regulator (AIRE) protein, which harbours two PHD fingers, cause a rare monogenic disease, autoimmune polyendocrinopathy-candidiasis-ectodermal dystrophy (APECED). AIRE activates the expression of tissue-specific antigens by directly binding through its first PHD finger (AIRE-PHD1) to histone H3 tails non-methylated at K4 (H3K4me0). Here, we present the solution structure of AIRE-PHD1 in complex with H3K4me0 peptide and show that AIRE-PHD1 is a highly specialized non-modified histone H3 tail reader, as post-translational modifications of the first 10 histone H3 residues reduce binding affinity. In particular, H3R2 dimethylation abrogates AIRE-PHD1 binding in vitro and reduces the in vivo activation of AIRE target genes in HEK293 cells. The observed antagonism by R2 methylation on AIRE-PHD1 binding is unique among the H3K4me0 histone readers and represents the first case of epigenetic negative cross-talk between non-methylated H3K4 and methylated H3R2. Collectively, our results point to a very specific histone code responsible for non-modified H3 tail recognition by AIRE-PHD1 and describe at atomic level one crucial step in the molecular mechanism responsible for antigen expression in the thymus

A Threat Model for Extensible Smart Home Gateways

This paper proposes a threat model for a specific class of components of IoT infrastructures: smart home gateways extensible through plug-ins. The purpose of the proposed model is twofold. From one side, it helps to understand some possible issues that could be generated from a malicious or defective implementation of a plug-in and affect the gateway itself or other smart home devices. Consequently, the model could help programmers of gateway applications, plug-ins, and devices think about possible countermeasures and develop more resilient solutions. On the other side, the model could be regarded as a set of guidelines. Indeed, plug-in developers should not create plug-ins acting like the threats reported in the paper. To provide a first validation of the model, the paper presents a use case based on Home Assistant, an open-source smart home gateway application

Evolutionary Antivirus Signature Optimization

This work presents an automatic methodology able to improve ma-chine-generated signatures for Android Malware detection. The technique relies on a population-less evolutionary algorithm and uses an unorthodox fitness function that incorporates unsystematic human experts knowledge in the form of a set of rules of thumb. The proposed optimization algorithm does not require to rank the individuals, as exploiting experts knowledge, the resulting population of candidate solutions is not a totally ordered set any more. Experimental results show that the resulting signatures are of good quality and more accurate than the original ones, lowering both false positives and negatives

Retroperitoneal and retrograde total laparoscopic hysterectomy as a standard treatment in a community hospital

Objective To report our experience with a modified procedure for total laparoscopic hysterectomy based on a retrograde and retroperitoneal technique. This surgical approach is analyzed on a consecutive series of patients in a community hospital and theoretical educational advantages are proposed. Study design All patients undergoing hysterectomy from January 2012 to April 2013 were included in the study. A detailed description of the technique is given. As main outcome measures we evaluated: the number and rate of patients excluded from laparoscopic approach, the rate of late complications need readmission, the rate of transfusions, the rate of conversion to laparotomy and the number of minor complications. The main concern of the study was ureteral complications. Results Overall 174 patients underwent hysterectomy in our unit. The rate of patients submitted to laparoscopic hysterectomy was 97.5%. The number of complications needing re-admission was three (2%). The rate of conversion was 2.7%. In the study period, two (1.2%) ureteral complications were observed (late fistulae). There were four bladder lesions but the patients were released on the same day as the patients with no lesion. Conclusions Opening the retroperitoneum allows rapid control of the main uterine vessels by coagulation, and constant checks on the ureter. Difficult benign situations can be managed. Even in a non-referral center about 94% of hysterectomies can be performed by laparoscopic surgery. This approach is helpful and may be reproducible in gynecological procedures. © 2013 Elsevier Ireland Ltd