A methodological review on attack and defense strategies in cyber warfare

Cyberspace is an integration of cyber physical system components that integrates computation, networking, physical processes, embedded computers and network monitors which uses feedback loops for controlling the processes where the computations are affected by processes and vice versa. More general, cyber physical systems include all equipments operated on preprogrammed instructions ranging from simple electronic devices to the ultra-modern warfare equipments along with life saving devices. Active cyber-attacks can cause cyber warfare situations by disrupting an entire community of people, which in turn raises an emergency situation to the nation. Thus, cyber warfare is a major threat to the nation at large. In this paper, we analyze the various aspects of cyber warfare situations and a survey on ongoing attacks, defense and cyber forensics strategies in that field. Internet of Things (IoT) is an emerging computing area which enables Machine to Machine communication in cyber physical systems. An attack on IoT causes major issues to the security on the devices and thus, the various threats and attacks on IoT are analyzed here. Overall monitoring and data acquisition in cyber physical systems is done by Supervisory Control and Data Acquisition systems and are mainly targeted by the attackers in order to leave the cyberspace applications not functioning. Therefore, the various threats, attacks and research issues pertaining to the cyberspace are surveyed in this paper along with a few research issues and challenges that are to be solved in the area of cyber warfare.

     

Lightweight PUF based authentication scheme for fog architecture

Fog computing improves efficiency and reduces the amount of bandwidth to the cloud. In many use cases, the internet of things (IoT) devices do not know the fog nodes in advance. Moreover, as the fog nodes are often placed in open publicly available places, they can be easily captured. Therefore, it should be ensured that even if the key material is leaked from the fog devices, the previously generated session keys and the identity of the devices can be kept secret, i.e. satisfying anonymity, unlinkability, perfect forward secrecy and resistance against stolen devices attack. Such demands require a multi-factor authentication scheme, which is typically done by providing input of the user with password or biometric data. However, in real use case scenarios, IoT devices should be able to automatically start the process without requiring such manual interaction and also fog devices need to autonomously operate. Therefore, this paper proposes a physical unclonable function (PUF) based mutual authentication scheme, being the first security scheme for a fog architecture, capable of providing simultaneously all these suggested security features. In addition, we also show the resistance against other types of attacks like synchronization and known session specific temporary information attack. Moreover, the scheme only relies on symmetric key based operations and thus results in very good performance, compared to the other fog based security systems proposed in literature.

     

一种含有安全可信任中心的量子秘密共享方案

量子秘密共享（Quantum secret sharing , QSS）可以在不完全信任的通信双方间传递密钥,是量子密码的一个重要分支。本文提出一种含有安全可信任中心的QSS方案。其中,中心能够产生并提供量子态,也能够测量并提取量子态信息。通信用户（Alice、Bob和Charlie）不拥有量子比特产生器和测量器,只需通过幺正操作和交换操作实现密钥传输和窃听防范;同时,Bob和Charlie必须合作才能获得正确的密钥。理论分析表明该方案可有效地抵御截取重发攻击、纠缠测量攻击和关联提取攻击等常见攻击策略;由于方案减少了量子比特产生器和测量器的数量,降低了量子通信的费用。这将为量子秘密共享实用化提供一种可参考的方法。     

Secure and efficient scheme for fast initial link setup against key reinstallation attacks in IEEE 802.11ah networks

IEEE 802.11ah is a recently released IEEE standard to specify a wireless communication system with a long‐range, low‐power, and low data transmission rate over smart devices used in Internet of Things (IoT) systems. This new standard belongs to IEEE 802.11 wireless local area networks (WLANs) protocol family. It requires lightweight protocols to support the low‐power and low‐latency features of the IoT devices. On the other hand, an upcoming solution of fast initial link setup (FILS) specified by IEEE 802.11ai standard is a brand‐new approach aiming to establish fast and secure links among devices in WLANs to meet this new demand. It is natural and feasible to apply it to the 802.11ah networks to support massively deployed wireless nodes. However, security concerns on the link connection by the FILS scheme have not been fully eliminated, especially in the authentication process. It has been explored that a type of recently revealed malicious attack, key reinstallation attack (KRA) might be a threat to the FILS authentication. To prevent the success of the KRAs, in this paper, we proposed a secure and efficient FILS (SEF) protocol as the optional substitute of the FILS scheme. The SEF scheme is designed to eradicate potential threats from the KRAs without degrading the network performance.     

Integration of IoT and DRAGON-lab in cloud environment

Distributed research & academic gigabits open network lab (DRAGON-lab) is the only test-bed for research purpose related to next generation internct (NGI) which based on the confederation network using...     

Internet of Things Applications: Opportunities and Threats

In the century of automation, which is digitized, and more and more technology is used, automatic systems' replacement of old manual systems makes people's lives easier. Nowadays, people have made the Internet an integral part of humans' daily lives unless they are insecure. The Internet of Things (IoT) secures a platform that authorizes devices and sensors to be remotely detected, connected, and controlled over the Internet. Due to the developments in sensor technologies, the production of tiny and low-cost sensors has increased. Many sensors, such as temperature, pressure, vibration, sound, light, can be used in the IoT. As a result of the development of these sensors with new generations, the power of the IoT technology increases, and accordingly, the revolution of IoT applications are developing rapidly. Therefore, their security issues and threats are challenging topics. In this paper, the benefits and open issues, threats, limitations of IoT applications are presented. The assessment shows that the most influential factor for evaluating IoT applications is the cost that is used in 79% of all articles, then the real-time-ness that is used in 64%, and security and error are used in 57% of all reviewed articles.

     

Securing Internet of Things (IoT) with machine learning

Advances in hardware, software, communication, embedding computing technologies along with their decreasing costs and increasing performance have led to the emergence of the Internet of Things (IoT) paradigm. Today, several billions of Internet‐connected devices are part of the IoT ecosystem. IoT devices have become an integral part of the information and communication technology (ICT) infrastructure that supports many of our daily activities. The security of these IoT devices has been receiving a lot of attention in recent years. Another major recent trend is the amount of data that is being produced every day which has reignited interest in technologies such as machine learning and artificial intelligence. We investigate the potential of machine learning techniques in enhancing the security of IoT devices. We focus on the deployment of supervised, unsupervised learning techniques, and reinforcement learning for both host‐based and network‐based security solutions in the IoT environment. Finally, we discuss some of the challenges of machine learning techniques that need to be addressed in order to effectively implement and deploy them so that they can better protect IoT devices.     

Survey of Testing Methods and Testbed Development Concerning Internet of Things

The concept of Internet of Things (IoT) was designed to change everyday lives of people via multiple forms of computing and easy deployment of applications. In recent years, the increasing complexity of IoT-ready devices and processes has led to potential risks related to system reliability. Therefore, the comprehensive testing of IoT technology has attracted the attention of many researchers, which promotes the extensive development of IoT testing methods and infrastructure. However, the current research on IoT testing methods and testbeds mainly focuses on specific application scenarios, lacking systematic review and analysis of many applications from different points of view. This paper systematically summarizes the latest testing methods covering different IoT fields and discusses the development status of the existing Internet of things testbed. Findings of this review demonstrate that IoT testing is moving toward larger scale and intelligent testing, and that in near future, IoT test architecture is set to become more standardized and universally applicable with multi-technology convergence—i.e., a combination of big data, cloud computing, and artificial intelligence—being the prime focus of IoT testing.

     

Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme

Internet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen-verifier attack. We then propose a lightweight authentication protocol for secure communication of IoT embedded devices and cloud servers. The proposed scheme is proved to provide essential security requirements such as mutual authentication, device anonymity, and perfect forward secrecy and is robust against security attacks. We also formally verify the security of the proposed protocol using BAN logic and also the Scyther tool. We also evaluate the computation and communication costs of the proposed scheme and demonstrate that the proposed scheme incurs minimum computation and communication overhead, compared to related schemes, making it suitable for IoT environments with low processing and storage capacity.     

A lightweight IoT‐based security framework for inventory automation using wireless sensor network

Internet of things (IoT) has evolved as an innovation of next generation in this world of smart devices. IoT tends to provide services for data collection, data management, and data and device security required for application development. Things or devices in IoT communicate and compute to make our lives comfortable and safe. In inventory automation, real‐time check on items, their information management, and status management, monitoring can be carried out using IoT. The huge amount of data that flows among the devices in the network demands for a security framework that ensures authentication, authorization, integrity, and confidentiality of data. The existing security solutions like SIMON or SPECK offer lightweight security solutions but are vulnerable to differential attack because of their simplicity. Moreover, existing solutions do not offer inbuilt authentication. Therefore, this research work contributes a secure and lightweight IoT‐based framework using wireless sensor network (WSN) as a technology. The existing security solutions SPECK and SIMON are compared with the proposed security approach using COOJA simulator. The results show that proposed approach outstands others by 2% reduction in number of CPU cycles, 10% less execution time, 4% less memory requirements of security approach, and with minimum 10% more security impact.     

Imp Raft: a consensus algorithm based on Raft and storage compression consensus for IoT scenario

In order to meet various challenges in the Internet of things (IoT), such as identity authentication, privacy preservation of distributed data and network security, the integration of blockchain and IoT became a new trend in recent years. As the key supporting technology of blockchain, the consensus algorithm is a hotspot of distributed system research. At present, the research direction of the consensus algorithm is mainly focused on improving throughput and reducing delay. However, when blockchain is applied to IoT scenario, the storage capacity of lightweight IoT devices is limited, and the normal operations of blockchain system cannot be guaranteed. To solve this problem, an improved version of Raft (Imp Raft) based on Raft and the storage compression consensus (SCC) algorithm is proposed, where initialization process and compression process are added into the flow of Raft. Moreover, the data validation process aims to ensure that blockchain data cannot be tampered with. It is obtained from experiments and analysis that the new proposed algorithm can effectively reduce the size of the blockchain and the storage burden of lightweight IoT devices.     

Future IoT‐enabled threats and vulnerabilities: State of the art,challenges, and future prospects

In the recent era, the security issues affecting the future Internet‐of‐Things (IoT) standards has fascinated noteworthy consideration from numerous research communities. In this view, numerous assessments in the form of surveys were proposed highlighting several future IoT‐centric subjects together with threat modeling, intrusion detection systems (IDS), and various emergent technologies. In contrast, in this article, we have focused exclusively on the emerging IoT‐related vulnerabilities. This article is a multi‐fold survey that emphasizes on understanding the crucial causes of novel vulnerabilities in IoT paradigms and issues in existing research. Initially, we have emphasized on different layers of IoT architecture and highlight various emerging security challenges associated with each layer along with the key issues of different IoT systems. Secondly, we discuss the exploitation, detection, and defense methodologies of IoT malware‐enabled distributed denial of service (DDoS), Sybil, and collusion attack capabilities. We have also discussed numerous state‐of‐the‐art strategies for intrusion detection and methods for IDS setup in future IoT systems. Third, we have presented a brief classification of existing IoT authentication protocols and a comparative analysis of such protocols based on different IoT‐enabled cyber attacks. For conducting a real‐time future IoT research, we have presented some emerging blockchain solutions. We have also discussed a comparative examination of some of the recently developed simulation tools and IoT test beds that are characterized based on different layers of IoT infrastructure. We have also outlined some of the open issues and future research directions and also facilitate the readers with broad classification of existing surveys in this domain that addresses several scopes related to the IoT paradigm. This survey article focuses in enabling IoT‐related research activities by comparing and merging scattered surveys in this domain.     

Collaboration IoT-Based RBAC with Trust Evaluation Algorithm Model for Massive IoT Integrated Application

With the recent advances in ubiquitous communications and the growing demand for low-power wireless technology, smart IoT device (SID) to access various Internet of Things (IoT) resources through Internet at any time and place alternately. There are some new requirements for integration IoT servers in which each one is individually gathering its local resources in Internet, which cooperatively supports SID to get some flexibility or temporary contract(s) and privileges in order to access their corresponding desired service(s) in a group of collaboration IoT servers. However, traditional access control schemes designed for a single server are not sufficient to handle such applications across multiple collaboration IoT servers to get rich services in IoT environments. It does not take into account both security and efficiency of IoT servers, which securely share their resources. Therefore, the collaboration IoT-based RBAC (Role-based Access Control) with trust evaluation (TE) algorithm model to reducing internal security threats in intra-server and inter server for the massive IoT integrated application is proposed in this paper. Finally, the three trust evaluation algorithms including a local trust evaluation algorithm, a virtual trust evaluation algorithm and a cooperative trust evaluation algorithm in the proposed collaboration IoT-based RBAC model, which are designed and presented for reducing internal security threats in collaborative IoT servers.

     

Design and development of dynamic Agri-ontology for IoT interoperability

In recent years, the usage and applications of Internet of Things (IoT) have increased exponentially. IoT connects multiple heterogeneous devices like sensors, micro controllers, actuators, smart devices like mobiles, watches, etc. IoT contributes the data produced in the context of data collection, including the domains like military, agriculture, healthcare, etc. The diversity of possible applications at the intersection of the IoT and the web semantics has prompted many research teams to work at the interface between these two disciplines. This makes it possible to collect data and control various objects in transparent way. The challenge lies in the use of this data. Ontologies address this challenge to meet specific data needs in the IoT field. This paper presents the implementation of a dynamic agriculture ontology-building tool that parses the ontology files to extract full data and update it based on the user needs. The technology is used to create the angular library for parsing the OWL files. The proposed ontology framework would accept user-defined ontologies and provide an interface for an online updating of the owl files to ensure the interoperability in the agriculture IoT.     

基于雾计算的物联网架构研究

物联网是一种能将物体连接至互联网使其更加智能的技术.但是物联网设备产生的大数据难以处理,网络架构的可扩展性差,以及用户的安全隐私容易泄露等问题都限制了物联网的发展.为了解决这些问题,通过分析雾计算所具有的优势提出基于雾计算的物联网架构.基于该架构,同时考虑到用户的安全隐私问题,又提出分层的网络架构.最后对文章进行总结和展望.     

Adversarial Attacks on Voice Recognition Based on Hyper Dimensional Computing

Recently, there is a great demand for experimenting with Artificial Intelligence (AI) algorithms on the Internet of Things (IoT) devices that have only limited computing or transmission resources. Hyper-Dimensional Computing (HDC), which can effectively run on low-cost CPUs, is one of the solutions. However, since the AI algorithms are proved to be vulnerable to Adversarial Examples (AE) in recent research, it is then important to investigate the same security issues on other intelligent algorithms such as HDC. In our paper, motivated by the AE attacks for AI algorithms, we propose an attack measured based on the Differential Evolution (DE), which does not rely on the gradient. By attacking the VoiceHD model in the Isolet dataset, we prove that HDC is also vulnerable to AEs. In our experimentation, we can launch non-targeted attacks on the VoiceHD with the highest 85.7% success rate.

     

Cyber Forensic Investigation in IoT Using Deep Learning Based Feature Fusion in Big Data

International Journal of Wireless Information Networks - The Internet of Things (IoT) device is becoming universal domain and its success cannot be ignored, but its threats on IoT devices increases...     

基于关注人员动态感知技术的警务物联网构架研究

在当前全球范围内不断增加的恐怖袭击威胁下,公安机关和相关执法机构试图找到更有效的方法来实现对重点关注人员的监测和预警。物联网技术手段的出现为实现这个目标提供了可能,但采用什么体系架构更加有利于实现这个目标是一个挑战。本文通过现有架构和实际需求的具体分析,基于分层模式提出了一个分布式的、可互操作的、适应于警务工作的物联网体系结构,来解决我们传统物联网架构中遇到的问题,为解决实际工作需求提供了一种全新思路。     

量子密钥分发系统的现实无条件安全性

量子密钥分发系统由于能够提供一种物理上安全的密钥分发方式,因此成为量子信息领域的研究热点,其中如何在现实条件下保证量子密钥分发的无条件安全性是该领域的一个重要研究课题。本文从经典保密通信系统中具有完善保密性的一次一密体制出发,介绍了量子密钥分发系统的应用模型和整体保密通信系统的安全性基础,以及自量子密钥分发协议被提出以来量子密钥传输现实无条件安全性的研究进展,重点介绍了针对现实条件安全漏洞的各种类型的量子黑客攻击方案、防御方式,以及最近两年被广泛重视的与测量设备无关的量子密钥分发系统的理论和实验进展。     

Machine Learning Based Intrusion Detection Systems for IoT Applications

Internet of Things (IoT) and its applications are the most popular research areas at present. The characteristics of IoT on one side make it easily applicable to real-life applications, whereas on the other side expose it to cyber threats. Denial of Service (DoS) is one of the most catastrophic attacks against IoT. In this paper, we investigate the prospects of using machine learning classification algorithms for securing IoT against DoS attacks. A comprehensive study is carried on the classifiers which can advance the development of anomaly-based intrusion detection systems (IDSs). Performance assessment of classifiers is done in terms of prominent metrics and validation methods. Popular datasets CIDDS-001, UNSW-NB15, and NSL-KDD are used for benchmarking classifiers. Friedman and Nemenyi tests are employed to analyze the significant differences among classifiers statistically. In addition, Raspberry Pi is used to evaluate the response time of classifiers on IoT specific hardware. We also discuss a methodology for selecting the best classifier as per application requirements. The main goals of this study are to motivate IoT security researchers for developing IDSs using ensemble learning, and suggesting appropriate methods for statistical assessment of classifier’s performance.