Visible to the public Biblio

Filters: Keyword is IoT system  [Clear All Filters]
2021-03-29
Bogdan-Iulian, C., Vasilică-Gabriel, S., Alexandru, M. D., Nicolae, G., Andrei, V..  2020.  Improved Secure Internet of Things System using Web Services and Low Power Single-board Computers. 2020 International Conference on e-Health and Bioengineering (EHB). :1—5.

Internet of Things (IoT) systems are becoming widely used, which makes them to be a high-value target for both hackers and crackers. From gaining access to sensitive information to using them as bots for complex attacks, the variety of advantages after exploiting different security vulnerabilities makes the security of IoT devices to be one of the most challenging desideratum for cyber security experts. In this paper, we will propose a new IoT system, designed to ensure five data principles: confidentiality, integrity, availability, authentication and authorization. The innovative aspects are both the usage of a web-based communication and a custom dynamic data request structure.

2021-03-09
Kamilin, M. H. B., Yamaguchi, S..  2020.  White-Hat Worm Launcher Based on Deep Learning in Botnet Defense System. 2020 IEEE International Conference on Consumer Electronics - Asia (ICCE-Asia). :1—2.

This paper proposes a deep learning-based white-hat worm launcher in Botnet Defense System (BDS). BDS uses white-hat botnets to defend an IoT system against malicious botnets. White-hat worm launcher literally launches white-hat worms to create white-hat botnets according to the strategy decided by BDS. The proposed launcher learns with deep learning where is the white-hat worms' right place to successfully drive out malicious botnets. Given a system situation invaded by malicious botnets, it predicts a worms' placement by the learning result and launches them. We confirmed the effect of the proposed launcher through simulating evaluation.

2020-11-23
Gwak, B., Cho, J., Lee, D., Son, H..  2018.  TARAS: Trust-Aware Role-Based Access Control System in Public Internet-of-Things. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :74–85.
Due to the proliferation of Internet-of-Things (IoT) environments, humans working with heterogeneous, smart objects in public IoT environments become more popular than ever before. This situation often requires to establish trust relationships between a user and a smart object for their secure interactions, but without the presence of prior interactions. In this work, we are interested in how a smart object can grant an access right to a human user in the absence of any prior knowledge in which some users may be malicious aiming to breach security goals of the IoT system. To solve this problem, we propose a trust-aware, role-based access control system, namely TARAS, which provides adaptive authorization to users based on dynamic trust estimation. In TARAS, for the initial trust establishment, we take a multidisciplinary approach by adopting the concept of I-sharing from psychology. The I-sharing follows the rationale that people with similar roles and traits are more likely to respond in a similar way. This theory provides a powerful tool to quickly establish trust between a smart object and a new user with no prior interactions. In addition, TARAS can adaptively filter malicious users out by revoking their access rights based on adaptive, dynamic trust estimation. Our experimental results show that the proposed TARAS mechanism can maximize system integrity in terms of correctly detecting malicious or benign users while maximizing service availability to users particularly when the system is fine-tuned based on the identified optimal setting in terms of an optimal trust threshold.
2020-06-26
Yan, Liang.  2019.  Dynamic Mulitiple Agent Based IoT Security Management System. 2019 IEEE 2nd International Conference on Information Communication and Signal Processing (ICICSP). :48—51.

It is important to provide strong security for IoT devices with limited security related resources. We introduce a new dynamic security agent management framework, which dynamically chooses the best security agent to support security functions depending on the applications' security requirements of IoT devices in the system. This framework is designed to overcome the challenges including high computation costs, multiple security protocol compatibility, and efficient energy management in IoT system.

2020-06-15
Gressl, Lukas, Steger, Christian, Neffe, Ulrich.  2019.  Consideration of Security Attacks in the Design Space Exploration of Embedded Systems. 2019 22nd Euromicro Conference on Digital System Design (DSD). :530–537.
Designing secure systems is a complex task, particularly for designers who are no security experts. Cyber security plays a key role in embedded systems, especially for the domain of the Internet of Things (IoT). IoT systems of this kind are becoming increasingly important in daily life as they simplify various tasks. They are usually small, either embedded into bigger systems or battery driven, and perform monitoring or one shot tasks. Thus, they are subject to manifold constraints in terms of performance, power consumption, chip area, etc. As they are continuously connected to the internet and utilize our private data to perform their tasks, they are interesting for potential attackers. Cyber security thus plays an important role for the design of an IoT system. As the usage of security measures usually increases both computation time, as well as power consumption, a conflict between these constraints must be solved. For the designers of such systems, balancing these constraints constitutes a highly complex task. In this paper we propose a novel approach for considering possible security attacks on embedded systems, simplifying the consideration of security requirements immediately at the start of the design process. We introduce a security aware design space exploration framework which based on an architectural, behavioral and security attack description, finds the optimal design for IoT systems. We also demonstrate the feasibility and the benefits of our framework based on a door access system use case.
2020-04-13
Mohanta, Bhabendu K., Panda, Soumyashree S., Satapathy, Utkalika, Jena, Debasish, Gountia, Debasis.  2019.  Trustworthy Management in Decentralized IoT Application using Blockchain. 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–5.
Internet of Things (IoT) as per estimated will connect 50 billion devices by 2020. Since its evolution, IoT technology provides lots of flexibility to develop and implement any application. Most of the application improves the human living standard and also makes life easy to access and monitoring the things in real time. Though there exist some security and privacy issues in IoT system like authentication, computation, data modification, trust among users. In this paper, we have identified the IoT application like insurance, supply chain system, smart city and smart car where trust among associated users is an major issue. The current centralized system does not provide enough trust between users. Using Blockchain technology we have shown that trust issue among users can be managed in a decentralized way so that information can be traceable and identify/verify any time. Blockchain has properties like distributed, digitally share and immutable which enhance security. For Blockchain implementation, Ethereum platform is used.
2020-04-06
Wang, Zhi-Hao, Kung, Yu-Fan, Hendrick, Cheng, Po-Jen, Wang, Chih-Min, Jong, Gwo-Jia.  2018.  Enhance Wireless Security System Using Butterfly Network Coding Algorithm. 2018 International Conference on Applied Information Technology and Innovation (ICAITI). :135–138.
The traditional security system requires a lot of manpower, and the wireless security system has been developed to reduce costs. However, for wireless systems, stability and reliability are important system indicators. In order to effectively improve these two indicators, we have imported butterfly network coding algorithm into the wireless sensing network. Because this algorithm enables each node to play multiple roles, such as routing, encoding, decoding, sending and receiving, it can also improve the throughput of network transmission, and effectively improve the stability and reliability of the wireless security system. This paper used the Wi-Fi module to implement the butterfly network coding algorithm, and is actually installed in the building. The basis for transmission and reception of all nodes in the network is received signal strength indication (RSSI). On the other hand, this is an IoT system for security monitoring.
2020-03-09
Nadir, Ibrahim, Ahmad, Zafeer, Mahmood, Haroon, Asadullah Shah, Ghalib, Shahzad, Farrukh, Umair, Muhammad, Khan, Hassam, Gulzar, Usman.  2019.  An Auditing Framework for Vulnerability Analysis of IoT System. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :39–47.
Introduction of IoT is a big step towards the convergence of physical and virtual world as everyday objects are connected to the internet nowadays. But due to its diversity and resource constraint nature, the security of these devices in the real world has become a major challenge. Although a number of security frameworks have been suggested to ensure the security of IoT devices, frameworks for auditing this security are rare. We propose an open-source framework to audit the security of IoT devices covering hardware, firmware and communication vulnerabilities. Using existing open-source tools, we formulate a modular approach towards the implementation of the proposed framework. Standout features in the suggested framework are its modular design, extensibility, scalability, tools integration and primarily autonomous nature. The principal focus of the framework is to automate the process of auditing. The paper further mentions some tools that can be incorporated in different modules of the framework. Finally, we validate the feasibility of our framework by auditing an IoT device using proposed toolchain.
2020-01-20
Li, Peisong, Zhang, Ying.  2019.  A Novel Intrusion Detection Method for Internet of Things. 2019 Chinese Control And Decision Conference (CCDC). :4761–4765.

Internet of Things (IoT) era has gradually entered our life, with the rapid development of communication and embedded system, IoT technology has been widely used in many fields. Therefore, to maintain the security of the IoT system is becoming a priority of the successful deployment of IoT networks. This paper presents an intrusion detection model based on improved Deep Belief Network (DBN). Through multiple iterations of the genetic algorithm (GA), the optimal network structure is generated adaptively, so that the intrusion detection model based on DBN achieves a high detection rate. Finally, the KDDCUP data set was used to simulate and evaluate the model. Experimental results show that the improved intrusion detection model can effectively improve the detection rate of intrusion attacks.

2019-02-22
Yu, R., Xue, G., Kilari, V. T., Zhang, X..  2018.  Deploying Robust Security in Internet of Things. 2018 IEEE Conference on Communications and Network Security (CNS). :1-9.

Popularization of the Internet-of-Things (IoT) has brought widespread concerns on IoT security, especially in face of several recent security incidents related to IoT devices. Due to the resource-constrained nature of many IoT devices, security offloading has been proposed to provide good-enough security for IoT with minimum overhead on the devices. In this paper, we investigate the inevitable risk associated with security offloading: the unprotected and unmonitored transmission from IoT devices to the offloaded security mechanisms. An important challenge in modeling the security risk is the dynamic nature of IoT due to demand fluctuations and infrastructure instability. We propose a stochastic model to capture both the expected and worst-case security risks of an IoT system. We then propose a framework to efficiently address the optimal robust deployment of security mechanisms in IoT. We use results from extensive simulations to demonstrate the superb performance and efficiency of our approach compared to several other algorithms.

2018-11-14
Wakenshaw, S. Y. L., Maple, C., Schraefel, M. C., Gomer, R., Ghirardello, K..  2018.  Mechanisms for Meaningful Consent in Internet of Things. Living in the Internet of Things: Cybersecurity of the IoT - 2018. :1–10.

Consent is a key measure for privacy protection and needs to be `meaningful' to give people informational power. It is increasingly important that individuals are provided with real choices and are empowered to negotiate for meaningful consent. Meaningful consent is an important area for consideration in IoT systems since privacy is a significant factor impacting on adoption of IoT. Obtaining meaningful consent is becoming increasingly challenging in IoT environments. It is proposed that an ``apparency, pragmatic/semantic transparency model'' adopted for data management could make consent more meaningful, that is, visible, controllable and understandable. The model has illustrated the why and what issues regarding data management for potential meaningful consent [1]. In this paper, we focus on the `how' issue, i.e. how to implement the model in IoT systems. We discuss apparency by focusing on the interactions and data actions in the IoT system; pragmatic transparency by centring on the privacy risks, threats of data actions; and semantic transparency by focusing on the terms and language used by individuals and the experts. We believe that our discussion would elicit more research on the apparency model' in IoT for meaningful consent.

2018-10-26
Alharbi, S., Rodriguez, P., Maharaja, R., Iyer, P., Subaschandrabose, N., Ye, Z..  2017.  Secure the internet of things with challenge response authentication in fog computing. 2017 IEEE 36th International Performance Computing and Communications Conference (IPCCC). :1–2.

As the Internet of Things (IoT) continues to grow, there arises concerns and challenges with regard to the security and privacy of the IoT system. In this paper, we propose a FOg CompUting-based Security (FOCUS) system to address the security challenges in the IoT. The proposed FOCUS system leverages the virtual private network (VPN) to secure the access channel to the IoT devices. In addition, FOCUS adopts a challenge-response authentication to protect the VPN server against distributed denial of service (DDoS) attacks, which can further enhance the security of the IoT system. FOCUS is implemented in fog computing that is close to the end users, thus achieving a fast and efficient protection. We demonstrate FOCUS in a proof-of-concept prototype, and conduct experiments to evaluate its performance. The results show that FOCUS can effectively filter out malicious attacks with a very low response latency.

2018-06-11
Liu, Y., Briones, J., Zhou, R., Magotra, N..  2017.  Study of secure boot with a FPGA-based IoT device. 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS). :1053–1056.
Internet of Things (loT) is network connected “Things” such as vehicles, buildings, embedded systems, sensors, as well as people. IoT enables these objects to collect and exchange data of interest to complete various tasks including patient health monitoring, environmental monitoring, system condition prognostics and prediction, smart grid, smart buildings, smart cities, and do on. Due to the large scale of and the limited host processor computation power in an IoT system, effective security provisioning is shifting from software-based security implementation to hardware-based security implementation in terms of efficiency and effectiveness. Moreover, FPGA can take over the work of infrastructure components to preserve and protect critical components and minimize the negative impacts on these components. In this paper, we employ Xilinx Zynq-7000 Series System-on-Chip (SoC) ZC706 prototype board to design an IoT device. To defend against threats to FPGA design, we have studied Zynq-ZC706 to (1) encrypt FPGA bitstream to protect the IoT device from bitstream decoding; (2) encrypt system boot image to enhance system security; and (3) ensure the FPGA operates correctly as intended via authentication to avoid spoofing and Trojan Horse attacks.
2018-05-09
Andy, S., Rahardjo, B., Hanindhito, B..  2017.  Attack scenarios and security analysis of MQTT communication protocol in IoT system. 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI). :1–6.
Various communication protocols are currently used in the Internet of Things (IoT) devices. One of the protocols that are already standardized by ISO is MQTT protocol (ISO / IEC 20922: 2016). Many IoT developers use this protocol because of its minimal bandwidth requirement and low memory consumption. Sometimes, IoT device sends confidential data that should only be accessed by authorized people or devices. Unfortunately, the MQTT protocol only provides authentication for the security mechanism which, by default, does not encrypt the data in transit thus data privacy, authentication, and data integrity become problems in MQTT implementation. This paper discusses several reasons on why there are many IoT system that does not implement adequate security mechanism. Next, it also demonstrates and analyzes how we can attack this protocol easily using several attack scenarios. Finally, after the vulnerabilities of this protocol have been examined, we can improve our security awareness especially in MQTT protocol and then implement security mechanism in our MQTT system to prevent such attack.