Visible to the public Biblio

Found 4115 results

Filters: Keyword is Resiliency  [Clear All Filters]
2019-06-28
Hazari, S. S., Mahmoud, Q. H..  2019.  A Parallel Proof of Work to Improve Transaction Speed and Scalability in Blockchain Systems. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). :0916-0921.

A blockchain is a distributed ledger forming a distributed consensus on a history of transactions, and is the underlying technology for the Bitcoin cryptocurrency. However, its applications are far beyond the financial sector. The transaction verification process for cryptocurrencies is much slower than traditional digital transaction systems. One approach to increase transaction speed and scalability is to identify a solution that offers faster Proof of Work. In this paper, we propose a method for accelerating the process of Proof of Work based on parallel mining rather than solo mining. The goal is to ensure that no more than two or more miners put the same effort into solving a specific block. The proposed method includes a process for selection of a manager, distribution of work and a reward system. This method has been implemented in a test environment that contains all the characteristics needed to perform Proof of Work for Bitcoin and has been tested, using a variety of case scenarios, by varying the difficulty level and number of validators. Preliminary results show improvement in the scalability of Proof of Work up to 34% compared to the current system.

Kulik, T., Tran-Jørgensen, P. W. V., Boudjadar, J., Schultz, C..  2018.  A Framework for Threat-Driven Cyber Security Verification of IoT Systems. 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). :89-97.

Industrial control systems are changing from monolithic to distributed and interconnected architectures, entering the era of industrial IoT. One fundamental issue is that security properties of such distributed control systems are typically only verified empirically, during development and after system deployment. We propose a novel modelling framework for the security verification of distributed industrial control systems, with the goal of moving towards early design stage formal verification. In our framework we model industrial IoT infrastructures, attack patterns, and mitigation strategies for countering attacks. We conduct model checking-based formal analysis of system security through scenario execution, where the analysed system is exposed to attacks and implement mitigation strategies. We study the applicability of our framework for large systems using a scalability analysis.

Plasencia-Balabarca, F., Mitacc-Meza, E., Raffo-Jara, M., Silva-Cárdenas, C..  2018.  Robust Functional Verification Framework Based in UVM Applied to an AES Encryption Module. 2018 New Generation of CAS (NGCAS). :194-197.

This Since the past century, the digital design industry has performed an outstanding role in the development of electronics. Hence, a great variety of designs are developed daily, these designs must be submitted to high standards of verification in order to ensure the 100% of reliability and the achievement of all design requirements. The Universal Verification Methodology (UVM) is the current standard at the industry for the verification process due to its reusability, scalability, time-efficiency and feasibility of handling high-level designs. This research proposes a functional verification framework using UVM for an AES encryption module based on a very detailed and robust verification plan. This document describes the complete verification process as done in the industry for a popular module used in information-security applications in the field of cryptography, defining the basis for future projects. The overall results show the achievement of the high verification standards required in industry applications and highlight the advantages of UVM against System Verilog-based functional verification and direct verification methodologies previously developed for the AES module.

Chen, G., Wang, D., Li, T., Zhang, C., Gu, M., Sun, J..  2018.  Scalable Verification Framework for C Program. 2018 25th Asia-Pacific Software Engineering Conference (APSEC). :129-138.

Software verification has been well applied in safety critical areas and has shown the ability to provide better quality assurance for modern software. However, as lines of code and complexity of software systems increase, the scalability of verification becomes a challenge. In this paper, we present an automatic software verification framework TSV to address the scalability issues: (i) the extended structural abstraction and property-guided program slicing to solve large-scale program verification problem, saving time and memory without losing accuracy; (ii) automatically select different verification methods according to the program and property context to improve the verification efficiency. For evaluation, we compare TSV's different configurations with existing C program verifiers based on open benchmarks. We found that TSV with auto-selection performs better than with bounded model checking only or with extended structural abstraction only. Compared to existing tools such as CMBC and CPAChecker, it acquires 10%-20% improvement of accuracy and 50%-90% improvement of memory consumption.

Miranda, Breno, Cruciani, Emilio, Verdecchia, Roberto, Bertolino, Antonia.  2018.  FAST Approaches to Scalable Similarity-Based Test Case Prioritization. Proceedings of the 40th International Conference on Software Engineering. :222-232.

Many test case prioritization criteria have been proposed for speeding up fault detection. Among them, similarity-based approaches give priority to the test cases that are the most dissimilar from those already selected. However, the proposed criteria do not scale up to handle the many thousands or even some millions test suite sizes of modern industrial systems and simple heuristics are used instead. We introduce the FAST family of test case prioritization techniques that radically changes this landscape by borrowing algorithms commonly exploited in the big data domain to find similar items. FAST techniques provide scalable similarity-based test case prioritization in both white-box and black-box fashion. The results from experimentation on real world C and Java subjects show that the fastest members of the family outperform other black-box approaches in efficiency with no significant impact on effectiveness, and also outperform white-box approaches, including greedy ones, if preparation time is not counted. A simulation study of scalability shows that one FAST technique can prioritize a million test cases in less than 20 minutes.

Tsankov, Petar, Dan, Andrei, Drachsler-Cohen, Dana, Gervais, Arthur, Bünzli, Florian, Vechev, Martin.  2018.  Securify: Practical Security Analysis of Smart Contracts. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :67-82.

Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify's analysis consists of two steps. First, it symbolically analyzes the contract's dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed 18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.

Park, Daejun, Zhang, Yi, Saxena, Manasvi, Daian, Philip, Ro\c su, Grigore.  2018.  A Formal Verification Tool for Ethereum VM Bytecode. Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. :912-915.

In this paper, we present a formal verification tool for the Ethereum Virtual Machine (EVM) bytecode. To precisely reason about all possible behaviors of the EVM bytecode, we adopted KEVM, a complete formal semantics of the EVM, and instantiated the K-framework's reachability logic theorem prover to generate a correct-by-construction deductive verifier for the EVM. We further optimized the verifier by introducing EVM-specific abstractions and lemmas to improve its scalability. Our EVM verifier has been used to verify various high-profile smart contracts including the ERC20 token, Ethereum Casper, and DappHub MakerDAO contracts.

Liu, Jed, Hallahan, William, Schlesinger, Cole, Sharif, Milad, Lee, Jeongkeun, Soulé, Robert, Wang, Han, Ca\c scaval, C\u alin, McKeown, Nick, Foster, Nate.  2018.  P4V: Practical Verification for Programmable Data Planes. Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. :490-503.

We present the design and implementation of p4v, a practical tool for verifying data planes described using the P4 programming language. The design of p4v is based on classic verification techniques but adds several key innovations including a novel mechanism for incorporating assumptions about the control plane and domain-specific optimizations which are needed to scale to large programs. We present case studies showing that p4v verifies important properties and finds bugs in real-world programs. We conduct experiments to quantify the scalability of p4v on a wide range of additional examples. We show that with just a few hundred lines of control-plane annotations, p4v is able to verify critical safety properties for switch.p4, a program that implements the functionality of on a modern data center switch, in under three minutes.

Xing, Yue, Huang, Bo-Yuan, Gupta, Aarti, Malik, Sharad.  2018.  A Formal Instruction-Level GPU Model for Scalable Verification. Proceedings of the International Conference on Computer-Aided Design. :130:1-130:8.

GPUs have been widely used to accelerate big-data inference applications and scientific computing through their parallelized hardware resources and programming model. Their extreme parallelism increases the possibility of bugs such as data races and un-coalesced memory accesses, and thus verifying program correctness is critical. State-of-the-art GPU program verification efforts mainly focus on analyzing application-level programs, e.g., in C, and suffer from the following limitations: (1) high false-positive rate due to coarse-grained abstraction of synchronization primitives, (2) high complexity of reasoning about pointer arithmetic, and (3) keeping up with an evolving API for developing application-level programs. In this paper, we address these limitations by modeling GPUs and reasoning about programs at the instruction level. We formally model the Nvidia GPU at the parallel execution thread (PTX) level using the recently proposed Instruction-Level Abstraction (ILA) model for accelerators. PTX is analogous to the Instruction-Set Architecture (ISA) of a general-purpose processor. Our formal ILA model of the GPU includes non-synchronization instructions as well as all synchronization primitives, enabling us to verify multithreaded programs. We demonstrate the applicability of our ILA model in scalable GPU program verification of data-race checking. The evaluation shows that our checker outperforms state-of-the-art GPU data race checkers with fewer false-positives and improved scalability.

2019-06-24
Kim, Gihoon, Choi, Chang, Choi, Junho.  2018.  Ontology Modeling for APT Attack Detection in an IoT-based Power System. Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems. :160–164.

Smart grid technology is the core technology for the next-generation power grid system with enhanced energy efficiency through decision-making communication between suppliers and consumers enabled by integrating the IoT into the existing grid. This open architecture allowing bilateral information exchange makes it vulnerable to various types of cyberattack. APT attacks, one of the most common cyberattacks, are highly tricky and sophisticated attacks that can circumvent the existing detection technology and attack the targeted system after a certain latent period after intrusion. This paper proposes an ontology-based attack detection system capable of early detection of and response to APT attacks by analyzing their attacking patterns.

Diamond, Lisa, Schrammel, Johann, Fröhlich, Peter, Regal, Georg, Tscheligi, Manfred.  2018.  Privacy in the Smart Grid: End-user Concerns and Requirements. Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services Adjunct. :189–196.

Mobile interfaces will be central in connecting end-users to the smart grid and enabling their active participation. Services and features supporting this participation do, however, rely on high-frequency collection and transmission of energy usage data by smart meters which is privacy-sensitive. The successful communication of privacy to end-users via consumer interfaces will therefore be crucial to ensure smart meter acceptance and consequently enable participation. Current understanding of user privacy concerns in this context is not very differentiated, and user privacy requirements have received little attention. A preliminary user questionnaire study was conducted to gain a more detailed understanding of the differing perceptions of various privacy risks and the relative importance of different privacy-ensuring measures. The results underline the significance of open communication, restraint in data collection and usage, user control, transparency, communication of security measures, and a good customer relationship.

Cao, H., Liu, S., Guan, Z., Wu, L., Deng, H., Du, X..  2018.  An Efficient Privacy-Preserving Algorithm Based on Randomized Response in IoT-Based Smart Grid. 2018 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :881–886.

In this paper, we propose a new randomized response algorithm that can achieve differential-privacy and utility guarantees for consumer's behaviors, and process a batch of data at each time. Firstly, differing from traditional differential private approach-es, we add randomized response noise into the behavior signa-tures matrix to achieve an acceptable utility-privacy tradeoff. Secondly, a behavior signature modeling method based on sparse coding is proposed. After some lightweight trainings us-ing the energy consumption data, the dictionary will be associat-ed with the behavior characteristics of the electric appliances. At last, through the experimental results verification, we find that our Algorithm can preserve consumer's privacy without comprising utility.

You, Y., Li, Z., Oechtering, T. J..  2018.  Optimal Privacy-Enhancing And Cost-Efficient Energy Management Strategies For Smart Grid Consumers. 2018 IEEE Statistical Signal Processing Workshop (SSP). :826–830.

The design of optimal energy management strategies that trade-off consumers' privacy and expected energy cost by using an energy storage is studied. The Kullback-Leibler divergence rate is used to assess the privacy risk of the unauthorized testing on consumers' behavior. We further show how this design problem can be formulated as a belief state Markov decision process problem so that standard tools of the Markov decision process framework can be utilized, and the optimal solution can be obtained by using Bellman dynamic programming. Finally, we illustrate the privacy-enhancement and cost-saving by numerical examples.

Okay, F. Y., Ozdemir, S..  2018.  A secure data aggregation protocol for fog computing based smart grids. 2018 IEEE 12th International Conference on Compatibility, Power Electronics and Power Engineering (CPE-POWERENG 2018). :1–6.

In Smart Grids (SGs), data aggregation process is essential in terms of limiting packet size, data transmission amount and data storage requirements. This paper presents a novel Domingo-Ferrer additive privacy based Secure Data Aggregation (SDA) scheme for Fog Computing based SGs (FCSG). The proposed protocol achieves end-to-end confidentiality while ensuring low communication and storage overhead. Data aggregation is performed at fog layer to reduce the amount of data to be processed and stored at cloud servers. As a result, the proposed protocol achieves better response time and less computational overhead compared to existing solutions. Moreover, due to hierarchical architecture of FCSG and additive homomorphic encryption consumer privacy is protected from third parties. Theoretical analysis evaluates the effects of packet size and number of packets on transmission overhead and the amount of data stored in cloud server. In parallel with the theoretical analysis, our performance evaluation results show that there is a significant improvement in terms of data transmission and storage efficiency. Moreover, security analysis proves that the proposed scheme successfully ensures the privacy of collected data.

Oriero, E., Rahman, M. A..  2018.  Privacy Preserving Fine-Grained Data Distribution Aggregation for Smart Grid AMI Networks. MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). :1–9.

An advanced metering infrastructure (AMI)allows real-time fine-grained monitoring of the energy consumption data of individual consumers. Collected metering data can be used for a multitude of applications. For example, energy demand forecasting, based on the reported fine-grained consumption, can help manage the near future energy production. However, fine- grained metering data reporting can lead to privacy concerns. It is, therefore, imperative that the utility company receives the fine-grained data needed to perform the intended demand response service, without learning any sensitive information about individual consumers. In this paper, we propose an anonymous privacy preserving fine-grained data aggregation scheme for AMI networks. In this scheme, the utility company receives only the distribution of the energy consumption by the consumers at different time slots. We leverage a network tree topology structure in which each smart meter randomly reports its energy consumption data to its parent smart meter (according to the tree). The parent node updates the consumption distribution and forwards the data to the utility company. Our analysis results show that the proposed scheme can preserve the privacy and security of individual consumers while guaranteeing the demand response service.

Bessa, Ricardo J., Rua, David, Abreu, Cláudia, Machado, Paulo, Andrade, José R., Pinto, Rui, Gonçalves, Carla, Reis, Marisa.  2018.  Data Economy for Prosumers in a Smart Grid Ecosystem. Proceedings of the Ninth International Conference on Future Energy Systems. :622–630.

Smart grids technologies are enablers of new business models for domestic consumers with local flexibility (generation, loads, storage) and where access to data is a key requirement in the value stream. However, legislation on personal data privacy and protection imposes the need to develop local models for flexibility modeling and forecasting and exchange models instead of personal data. This paper describes the functional architecture of an home energy management system (HEMS) and its optimization functions. A set of data-driven models, embedded in the HEMS, are discussed for improving renewable energy forecasting skill and modeling multi-period flexibility of distributed energy resources.

Chouikhi, S., Merghem-Boulahia, L., Esseghir, M..  2018.  Energy Demand Scheduling Based on Game Theory for Microgrids. 2018 IEEE International Conference on Communications (ICC). :1–6.

The advent of smart grids offers us the opportunity to better manage the electricity grids. One of the most interesting challenges in the modern grids is the consumer demand management. Indeed, the development in Information and Communication Technologies (ICTs) encourages the development of demand-side management systems. In this paper, we propose a distributed energy demand scheduling approach that uses minimal interactions between consumers to optimize the energy demand. We formulate the consumption scheduling as a constrained optimization problem and use game theory to solve this problem. On one hand, the proposed approach aims to reduce the total energy cost of a building's consumers. This imposes the cooperation between all the consumers to achieve the collective goal. On the other hand, the privacy of each user must be protected, which means that our distributed approach must operate with a minimal information exchange. The performance evaluation shows that the proposed approach reduces the total energy cost, each consumer's individual cost, as well as the peak to average ratio.

Wang, J., Zhang, X., Zhang, H., Lin, H., Tode, H., Pan, M., Han, Z..  2018.  Data-Driven Optimization for Utility Providers with Differential Privacy of Users' Energy Profile. 2018 IEEE Global Communications Conference (GLOBECOM). :1–6.

Smart meters migrate conventional electricity grid into digitally enabled Smart Grid (SG), which is more reliable and efficient. Fine-grained energy consumption data collected by smart meters helps utility providers accurately predict users' demands and significantly reduce power generation cost, while it imposes severe privacy risks on consumers and may discourage them from using those “espionage meters". To enjoy the benefits of smart meter measured data without compromising the users' privacy, in this paper, we try to integrate distributed differential privacy (DDP) techniques into data-driven optimization, and propose a novel scheme that not only minimizes the cost for utility providers but also preserves the DDP of users' energy profiles. Briefly, we add differential private noises to the users' energy consumption data before the smart meters send it to the utility provider. Due to the uncertainty of the users' demand distribution, the utility provider aggregates a given set of historical users' differentially private data, estimates the users' demands, and formulates the data- driven cost minimization based on the collected noisy data. We also develop algorithms for feasible solutions, and verify the effectiveness of the proposed scheme through simulations using the simulated energy consumption data generated from the utility company's real data analysis.

Mavroeidis, V., Vishi, K., Jøsang, A..  2018.  A Framework for Data-Driven Physical Security and Insider Threat Detection. 2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). :1108–1115.

This paper presents PSO, an ontological framework and a methodology for improving physical security and insider threat detection. PSO can facilitate forensic data analysis and proactively mitigate insider threats by leveraging rule-based anomaly detection. In all too many cases, rule-based anomaly detection can detect employee deviations from organizational security policies. In addition, PSO can be considered a security provenance solution because of its ability to fully reconstruct attack patterns. Provenance graphs can be further analyzed to identify deceptive actions and overcome analytical mistakes that can result in bad decision-making, such as false attribution. Moreover, the information can be used to enrich the available intelligence (about intrusion attempts) that can form use cases to detect and remediate limitations in the system, such as loosely-coupled provenance graphs that in many cases indicate weaknesses in the physical security architecture. Ultimately, validation of the framework through use cases demonstrates and proves that PS0 can improve an organization's security posture in terms of physical security and insider threat detection.

Izurieta, C., Kimball, K., Rice, D., Valentien, T..  2018.  A Position Study to Investigate Technical Debt Associated with Security Weaknesses. 2018 IEEE/ACM International Conference on Technical Debt (TechDebt). :138–142.

Context: Managing technical debt (TD) associated with potential security breaches found during design can lead to catching vulnerabilities (i.e., exploitable weaknesses) earlier in the software lifecycle; thus, anticipating TD principal and interest that can have decidedly negative impacts on businesses. Goal: To establish an approach to help assess TD associated with security weaknesses by leveraging the Common Weakness Enumeration (CWE) and its scoring mechanism, the Common Weakness Scoring System (CWSS). Method: We present a position study with a five-step approach employing the Quamoco quality model to operationalize the scoring of architectural CWEs. Results: We use static analysis to detect design level CWEs, calculate their CWSS scores, and provide a relative ranking of weaknesses that help practitioners identify the highest risks in an organization with a potential to impact TD. Conclusion: CWSS is a community agreed upon method that should be leveraged to help inform the ranking of security related TD items.

Doynikova, Elena, Fedorchenko, Andrey, Kotenko, Igor.  2018.  Determination of Security Threat Classes on the Basis of Vulnerability Analysis for Automated Countermeasure Selection. Proceedings of the 13th International Conference on Availability, Reliability and Security. :62:1–62:8.
Currently the task of automated security monitoring and responding to security incidents is highly relevant. The authors propose an approach to determine weaknesses of the analyzed system on the basis of its known vulnerabilities for further specification of security threats. It is relevant for the stage of determining the necessary and sufficient set of security countermeasures for specific information systems. The required set of security response tools and means depends on the determined threats. The possibility of practical implementation of the approach follows from the connectivity between open databases of vulnerabilities, weaknesses, and attacks. The authors applied various classification methods for vulnerabilities considering values of their properties. The paper describes source data used for classification, their preprocessing stage, and the classification results. The obtained results and the methods for their enhancement are discussed.
Chaman, Anadi, Wang, Jiaming, Sun, Jiachen, Hassanieh, Haitham, Roy Choudhury, Romit.  2018.  Ghostbuster: Detecting the Presence of Hidden Eavesdroppers. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. :337–351.
This paper explores the possibility of detecting the hidden presence of wireless eavesdroppers. Such eavesdroppers employ passive receivers that only listen and never transmit any signals making them very hard to detect. In this paper, we show that even passive receivers leak RF signals on the wireless medium. This RF leakage, however, is extremely weak and buried under noise and other transmitted signals that can be 3-5 orders of magnitude larger. Hence, it is missed by today's radios. We design and build Ghostbuster, the first device that can reliably extract this leakage, even when it is buried under ongoing transmissions, in order to detect the hidden presence of eavesdroppers. Ghostbuster does not require any modifications to current transmitters and receivers and can accurately detect the eavesdropper in the presence of ongoing transmissions. Empirical results show that Ghostbuster can detect eavesdroppers with more than 95% accuracy up to 5 meters away.
Shen, Shiyu, Gao, Jianlin, Wu, Aitian.  2018.  Weakness Identification and Flow Analysis Based on Tor Network. Proceedings of the 8th International Conference on Communication and Network Security. :90–94.
As the Internet technology develops rapidly, attacks against Tor networks becomes more and more frequent. So, it's more and more difficult for Tor network to meet people's demand to protect their private information. A method to improve the anonymity of Tor seems urgent. In this paper, we mainly talk about the principle of Tor, which is the largest anonymous communication system in the world, analyze the reason for its limited efficiency, and discuss the vulnerability of link fingerprint and node selection. After that, a node recognition model based on SVM is established, which verifies that the traffic characteristics expose the node attributes, thus revealing the link and destroying the anonymity. Based on what is done above, some measures are put forward to improve Tor protocol to make it more anonymous.
Chakraborty, Saurav, Thomas, Drew, DeHart, Joanathan, Saralaya, Kishan, Tadepalli, Prabhakar, Narendra, Siva G..  2018.  Solving Internet's Weak Link for Blockchain and IoT Applications. Proceedings of the 1st ACM/EIGSCC Symposium on Smart Cities and Communities. :6:1–6:5.
Blockchain normalizes applications that run on the internet through the standardization of decentralized data structure, computational requirements and trust in transactions. This new standard has now spawned hundreds of legitimate internet applications in addition to the cryptocurrency revolution. This next frontier that standardizes internet applications will dramatically increase productivity to levels never seen before, especially when applied to Internet of Things (IoT) applications. The blockchain framework relies on cryptographic private keys to sign digital data as its foundational principle. Without the security of private keys to sign data blocks, there can be no trust in blockchain. Central storage of these keys for managing IoT machines and users, while convenient to implement, will be highly detrimental to the assumed safety and security of this next frontier. In this paper, we will introduce decentralized and device agnostic cryptographic signing solutions suitable for securing users and machines in blockchain and IoT applications.
Mohammad, Z., Qattam, T. A., Saleh, K..  2019.  Security Weaknesses and Attacks on the Internet of Things Applications. 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT). :431–436.

Internet of Things (IoT) is a contemporary concept for connecting the existing things in our environment with the Internet for a sake of making the objects information are accessible from anywhere and anytime to support a modern life style based on the Internet. With the rapid development of the IoT technologies and widely spreading in most of the fields such as buildings, health, education, transportation and agriculture. Thus, the IoT applications require increasing data collection from the IoT devices to send these data to the applications or servers which collect or analyze the data, so it is a very important to secure the data and ensure that do not reach a malicious adversary. This paper reviews some attacks in the IoT applications and the security weaknesses in the IoT environment. In addition, this study presents the challenges of IoT in terms of hardware, network and software. Moreover, this paper summarizes and points to some attacks on the smart car, smart home, smart campus, smart farm and healthcare.