Privacy-preserving edge-assisted image retrieval and classification in IoT

Internet of Things (IoT) has drawn much attention in recent years. However, the image data captured by IoT terminal devices are closely related to users’ personal information, which are sensitive and should be protected. Though traditional privacy-preserving outsourced computing solutions such as homomorphic cryptographic primitives can support privacy-preserving computing, they consume a significant amount of computation and storage resources. Thus, it becomes a heavy burden on IoT terminal devices with limited resources. In order to reduce the resource consumption of terminal device, we propose an edge-assisted privacy-preserving outsourced computing framework for image processing, including image retrieval and classification. The edge nodes cooperate with the terminal device to protect data and support privacy-preserving computing on the semitrusted cloud server. Under this framework, edge-assisted privacy-preserving image retrieval and classification schemes are proposed in this paper. The security analysis and performance evaluation show that the proposed schemes greatly reduce the computational, communication and storage burden of IoT terminal device while ensuring image data security.     

物联网无线协议安全综述

近些年来,随着物联网的快速发展,其应用场景涵盖智慧家庭、智慧城市、智慧医疗、智慧工业以及智慧农业.相比于传统的以太网,物联网能够将各种传感设备与网络结合起来,实现人、电脑和物体的互联互通.形式多样的物联网协议是实现物联网设备互联互通的关键,物联网协议拥有不同的协议栈,这使得物联网协议往往能表现出不同的特性.目前应用较广...     

物联网中多设备多服务器的移动边缘计算任务卸载技术综述

随着物联网(Internet of Things,IoT)技术的快速发展,出现了大量具有不同功能的设备(如多种带不同传感器的智能家居设备、移动智能交通设备、智能物流或仓储管理设备等),它们相互连接,被广泛应用于智能城市、智慧工厂等领域。然而,这些物联网设备的处理能力有限,很难满足延迟敏感、计算密集型应用的需求。移动边缘计算(Mobile Edge Computing,MEC)的出现有效解决了这一问题。物联网设备可以将任务卸载到MEC服务器上,借助它们完成相应的计算任务。这些服务器通常由网络运营商部署在网络边缘,即靠近用户端的网络接入层,用于汇聚用户网络的网络层面。某一段时间内,物联网设备可能处于多个MEC服务器的覆盖区域中,多个设备共享服务器有限的计算和通信资源。在这个复杂环境下,制定一个任务卸载和资源分配方案,使得任务完成的时延或物联网设备的能耗达到最优化,是一个NP-难问题。目前,已有许多工作对这一问题进行了研究,并取得了一定的成果,但在实际的应用中仍面临着一些问题。为了更深入地推进该领域的研究,文中对近几年的最新研究成果进行了分析、归纳和总结,对比分析了它们的优缺点,并对未来的工作进行了展望。     

面向物联网的基于智能合约的认证和授权方案

由于存在单点失效、规模受限等问题,传统中心化的解决方案很难满足物联网的安全需求。针对这种情况,提出一个面向IoT的基于智能合约的访问控制方案。通过引用IoT智能网关作为IoT设备的中心管理节点和公有区块链的全能节点,采用中心化与去中心化相结合、私有区块链和公有区块相结合、本地局部存储和外部公共存储相结合的方法加以实现。该方案实现IoT设备和IoT智能网关的相互认证,并实现用户对IoT设备中资源及存储在数据库中的数据的授权访问,具有去中心化、分布式优点,满足了规模性和安全性要求。     

A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.     

Optimal Deep Learning Based Ransomware Detection and Classification in the Internet of Things Environment

With the advent of the Internet of Things (IoT), several devices like sensors nowadays can interact and easily share information. But the IoT model is prone to security concerns as several attackers try to hit the network and make it vulnerable. In such scenarios, security concern is the most prominent. Different models were intended to address these security problems; still, several emergent variants of botnet attacks like Bashlite, Mirai, and Persirai use security breaches. The malware classification and detection in the IoT model is still a problem, as the adversary reliably generates a new variant of IoT malware and actively searches for compromise on the victim devices. This article develops a Sine Cosine Algorithm with Deep Learning based Ransomware Detection and Classification (SCADL-RWDC) method in an IoT environment. In the presented SCADL-RWDC technique, the major intention exists in recognizing and classifying ransomware attacks in the IoT platform. The SCADL-RWDC technique uses the SCA feature selection (SCA-FS) model to improve the detection rate. Besides, the SCADL-RWDC technique exploits the hybrid grey wolf optimizer (HGWO) with a gated recurrent unit (GRU) model for ransomware classification. A widespread experimental analysis is performed to exhibit the enhanced ransomware detection outcomes of the SCADL-RWDC technique. The comparison study reported the enhancement of the SCADL-RWDC technique over other models.     

物联网固件安全缺陷检测研究进展

固件是物联网设备的基础使能软件,其中存在的安全缺陷是物联网设备遭受攻击的根本原因之一。由于物联网设备资源受限,难以部署完善的安全防护机制,身处不安全的网络环境中,其固件缺陷一旦被恶意利用,轻则使设备宕机,重则威胁安全攸关领域基础设施,造成巨大的生命财产损失。因此,有效的固件安全缺陷检测已然成为保障物联网设备安全的关键,也成为学术界和工业界研究的热点。面对物联网设备数量的高速增长、固件自身规模和复杂性的不断攀升、固件类型的日益多样化、固件缺陷的持续增多,现有的物联网固件安全缺陷检测研究面临挑战。本文归纳了典型物联网固件实现缺陷类型,分析了典型缺陷产生机理,从静态分析、符号执行、模糊测试、程序验证、基于机器学习的方法等角度综述了现有固件缺陷检测方法。通过对不同方法优势与不足的分析,为进一步提升固件安全缺陷检测方法的智能化、精准化、自动化、有效性、可扩展性提供指导。在此基础上,本文展望了未来可以开展的研究工作。     

A CPK-Based Identity Authentication Scheme for IoT

As the power Internet of Things (IoT) enters the security construction stage, the massive use of perception layer devices urgently requires an identity authentication scheme that considers both security and practicality. The existing public key infrastructure (PKI)-based security authentication scheme is currently difficult to apply in many terminals in IoT. Its key distribution and management costs are high, which hinders the development of power IoT security construction. Combined Public Key (CPK) technology uses a small number of seeds to generate unlimited public keys. It is very suitable for identity authentication in the power Internet of Things. In this paper, we propose a novel identity authentication scheme for power IoT. The scheme combines the physical unclonable function (PUF) with improved CPK technology to achieve mutual identity authentication between power IoT terminals and servers. The proposed scheme does not require third-party authentication and improves the security of identity authentication for power IoT. Moreover, the scheme reduces the resource consumption of power IoT devices. The improved CPK algorithm solves the key collision problem, and the third party only needs to save the private key and the public key matrix. Experimental results show that the amount of storage resources occupied in our scheme is small. The proposed scheme is more suitable for the power IoT.     

Lightweight and Secure Mutual Authentication Scheme for IoT Devices Using CoAP Protocol

Internet of things enables every real world objects to be seamlessly integrated with traditional internet. Heterogeneous objects of real world are enhanced with capability to communicate, computing capabilities and standards to interoperate with existing network and these entities are resource constrained and vulnerable to various security attacks. Huge number of research works are being carried out to analyze various possible attacks and to propose standards for securing communication between devices in internet of things (IoT). In this article, a robust and lightweight authentication scheme for mutual authentication between client and server using constrained application protocol is proposed. Internet of things enables devices with different characteristics and capabilities to be integrated with internet. These heterogeneous devices should interoperate with each other to accumulate, process and transmit data for facilitating smart services. The growth of IoT applications leads to the rapid growth of IoT devices incorporated to the global network and network traffic over the traditional network. This scheme greatly reduces the authentication overhead between the devices by reducing the packet size of messages, number of messages transmitted and processing overhead on communicating devices. Efficiency of this authentication scheme against attacks such as DoS (denial of service), replay attacks and attacks to exhaust the resources are also examined. Message transmission time reduced upto 50% of using proposed techniques.     

物联网设备识别及异常检测研究综述

随着物联网技术的发展,物联网设备广泛应用于生产和生活的各个领域,但也为设备资产管理和安全管理带来了严峻的挑战.首先,由于物联网设备类型和接入方式的多样性,网络管理员通常难以得知网络中的物联网设备类型及运行状态.其次,物联网设备由于其计算、存储资源有限,难以部署传统防御措施,正逐渐成为网络攻击的焦点.因此,通过设备识别了解网络中的物联网设备并基于设备识别结果进行异常检测,以保证其正常运行尤为重要.近几年来,学术界围绕上述问题开展了大量的研究.系统地梳理物联网设备识别和异常检测方面的相关工作.在设备识别方面,根据是否向网络中发送数据包,现有研究可分为被动识别方法和主动识别方法.针对被动识别方法按照识别方法、识别粒度和应用场景进行进一步的调研,针对主动识别方法按照识别方法、识别粒度和探测粒度进行进一步的调研.在异常检测方面,按照基于机器学习算法的检测方法和基于行为规范的规则匹配方法进行梳理.在此基础上,总结物联网设备识别和异常检测领域的研究挑战并展望其未来发展方向.     

基于搜索的物联网设备识别框架

越来越多的物联网设备接入到互联网中,但由于设计上的缺陷或者缺乏安全防护手段,这些暴露在公网上的物联网设备极容易受到黑客的攻击与利用。研究表明,具有相似产品属性的物联网设备很有可能存在相同漏洞,因此有效的识别网络空间中的物联网设备,对其产品属性,如设备品牌、型号等相关信息进行细粒度识别和标定,对把握网络空间实体设备的安全态势具有重要意义。本文提出一种基于搜索的物联网设备识别框架,利用物联网设备协议标语中富含的产品属性信息,通过自动化网络搜索技术构建物联网设备信息库,进而实现对未知新设备细粒度地自动分级识别和标定。通过公网实验,该框架能够很好识别视频监控和工控设备的产品属性,型号识别准确率均超过90%。     

A resource oriented integration architecture for the Internet of Things: A business process perspective

The vision of the Internet of Things (IoT) foresees a future Internet incorporating smart physical objects that offer hosted functionality as IoT services. These services when integrated with the traditional enterprise level services form the creation of ambient intelligence for a wide range of applications. To facilitate seamless access and service life cycle management of large, distributed and heterogeneous IoT resources, service oriented computing and resource oriented approaches have been widely used as promising technologies. However, a reference architecture integrating IoT services into either of these two technologies is still an open research challenge. In this article, we adopt the resource oriented approach to provide an end-to-end integration architecture of front-end IoT devices with the back-end business process applications. The proposed architecture promises a programmer friendly access to IoT services, an event management mechanism to propagate context information of IoT devices, a service replacement facility upon service failure, and a decentralized execution of the IoT aware business processes.     

基于序列模型的无线传感网入侵检测系统

随着物联网(IoT)的快速发展，越来越多的IoT节点设备被部署，但伴随而来的安全问题也不可忽视。IoT的网络层节点设备主要通过无线传感网进行通信，其相较于互联网更开放也更容易受到拒绝服务等网络攻击。针对无线传感网面临的网络层安全问题，提出了一种基于序列模型的网络入侵检测系统，对网络层入侵进行检测和报警，具有较高的识别率以及较低的误报率。另外，针对无线传感网节点设备面临的节点主机设备的安全问题，在考虑节点开销的基础上，提出了一种基于简单序列模型的主机入侵检测系统。实验结果表明，针对无线传感网的网络层以及主机层的两个入侵检测系统的准确率都达到了99%以上，误报率在1%左右，达到了工业需求，这两个系统可以全面有效地保护无线传感网安全。     

A review study on blockchain-based IoT security and forensics

The term Internet of Things (IoT) represents all communicating countless heterogeneous devices to share data and resources via the internet. The speedy advance of IoT devices proposes limitless benefits, but it also brings new challenges regarding security and forensics. Likewise, IoT devices can generate a massive amount of data that desires integrity and security during its handling and processing in an efficient way. IoT devices and data can be vulnerable to various types of cyber-crimes at each IoT layer. For combating these cyber-crimes in IoT infrastructure, IoT forensic term has shown up. The IoT forensic is the process of performing digital forensic investigation in the IoT environment in a forensically sound and timely fashion manner. Sundry challenges face the IoT forensics that requires urgent solutions and mitigation methods; digital evidence needs to be collected, preserved, analyzed, processed, and reported in a trusted manner to be acceptable for presenting in the court of law. Preserving the evidence unchanged or tampered with is the most critical challenge in digital forensics. Authentication is another challenge facing digital forensics; who is allowed to deal with the evidence? One of the most recent solutions for supporting IoT forensics is the use of Blockchain. Using Blockchain in digital forensics guarantees data integrity, immutability, scalability, and security. Therefore, this paper presents a comprehensive review of IoT security and forensics with the integration with Blockchain technology. It begins by providing an inclusive discussion of IoT security, as well as the need for IoT forensics, and the concepts of Blockchain. Then, a review of Blockchain-based IoT security and forensics issues is presented. Finally, a discussion of open research directions is provided.

     

Cyber Secure Framework for Smart Containers Based on Novel Hybrid DTLS Protocol

The Internet of Things (IoTs) is apace growing, billions of IoT devices are connected to the Internet which communicate and exchange data among each other. Applications of IoT can be found in many fields of engineering and sciences such as healthcare, traffic, agriculture, oil and gas industries, and logistics. In logistics, the products which are to be transported may be sensitive and perishable, and require controlled environment. Most of the commercially available logistic containers are not integrated with IoT devices to provide controlled environment parameters inside the container and to transmit data to a remote server. This necessitates the need for designing and fabricating IoT based smart containers. Due to constrained nature of IoT devices, these are prone to different cyber security attacks such as Denial of Service (DoS), Man in Middle (MITM) and Replay. Therefore, designing efficient cyber security framework are required for smart container. The Datagram Transport Layer Security (DTLS) Protocol has emerged as the de facto standard for securing communication in IoT devices. However, it is unable to minimize cyber security attacks such as Denial of Service and Distributed Denial of Service (DDoS) during the handshake process. The main contribution of this paper is to design a cyber secure framework by implementing novel hybrid DTLS protocol in smart container which can efficiently minimize the effects of cyber attacks during handshake process. The performance of our proposed framework is evaluated in terms of energy efficiency, handshake time, throughput and packet delivery ratio. Moreover, the proposed framework is tested in IoT based smart containers. The proposed framework decreases handshake time more than 9% and saves 11% of energy efficiency for transmission in compare of the standard DTLS, while increases packet delivery ratio and throughput by 83% and 87% respectively.     

Constructing a secure hacking-resistant IoT U-healthcare environment

There has been an increasing demand of work that required high level of computing power in IoT or establishment of server in IoT environment due to development of computing power. Excessive diagnosis has recently been a significant issue in the field of medicine. Excessive diagnosis issue is expected to be significantly reduced if establishing the easily configurable IoT server, communication with medical devices, and communication among hospitals by transmitting medical results to users. With the advancement of hacking technology, many hackers are interested in medical information and medical infrastructure, and the Information Security Management System (ISMS) is expanding in Korea. A number of medical ISMS projects are discussed, based on ISO 27791 standards derived from ISO 27001 standards. Large hospitals in South Korea have a variety of platforms that misrepresent personal information, and various platforms deal with sensitive medical information, but small and medium-sized hospitals use platforms that are not considered legal considerations.In this paper, we intend to establish a legal information sharing platform, which is legally considered legally limited and is responsible for the safety of the medical information.In the IoT server with limited resources, light-weighted and user-friendly protocols are frequently utilized over those that derive traffic and consume much resource. Under these circumstances, this study is intended to suggest IoT network that medical devices are able to create ubiquitous environment for users by utilizing simple service discovery protocol as a protocol provided without imposing much burden on limited resources and highly secured extensible messaging and presence protocol.     

Security of lightweight mutual authentication protocols

Sensors and IoT (Internet of Things), which include RFID (Radio-Frequency IDentification) tags, have witnessed widespread adoption across a wide variety of application domains over the last two decades. These sensors and IoT devices are often a part of distributed sensor networks. As with any distributed processing scenario, there is a need to ensure that these devices provide required security and privacy to the tagged object as well as its bearer. Cryptography has been used to address the security and privacy aspects of RFID tags. Unlike a majority of other IoT devices, the commonly used passive RFID tags are extremely resource-constrained and therefore can accommodate only lightweight operations. Security and privacy concerns still need to be addressed as they remain significant regardless of implementation details. We evaluate RFID-based lightweight mutual authentication protocols that have been recently proposed and identify vulnerabilities.

     

Fighting COVID-19 and Future Pandemics With the Internet of Things: Security and Privacy Perspectives

The speed and pace of the transmission of severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2; also referred to as novel Coronavirus 2019 and COVID-19) have resulted in a global pandemic, with significant health, financial, political, and other implications. There have been various attempts to manage COVID-19 and other pandemics using technologies such as Internet of Things (IoT) and 5G/6G communications. However, we also need to ensure that IoT devices used to facilitate COVID-19 monitoring and treatment (e.g., medical IoT devices) are secured, as the compromise of such devices can have significant consequences (e.g., life-threatening risks to COVID-19 patients). Hence, in this paper we comprehensively survey existing IoT-related solutions, potential security and privacy risks and their requirements. For example, we classify existing security and privacy solutions into five categories, namely: authentication and access control solutions, key management and cryptography solutions, blockchain-based solutions, intrusion detection systems, and privacy-preserving solutions. In each category, we identify the associated challenges. We also identify a number of recommendations to inform future research.      

智能燃气系统中的通信加密方法

在信息技术快速发展的今天,物联网技术在各行各业中都得到了广泛的应用,其中对硬件设备信息的采集以及传输是其主要应用,但是数据传输过程中会出现严重的数据安全问题,因此本文提出了一种混合通信加密方法.本文首先从物联网设备角度出发,介绍物联网无线通信技术和CoAP传输协议以及加密方法,然后结合物联网设备资源受限制情况,采用NB-IoT技术,并在智能燃气系统中实现了上述加密方法,实验以及测试比较的结果表明,本方法具有可行性.     

Design and Implementation of Novel BRISI Lightweight Cipher for Resource Constrained Devices

The Internet of Things (IoT) and cyber-physical systems (CPS) has grown exponentially over the recent years, has motivated the development and deployment of the low resource devices for a wide range of applications in the IoT. Many such resource constrained devices are deployed to match the heterogeneous application requirements of IoT and CPS systems, wherein privacy and security have emerged, as the most difficult challenges, as the constrained devices are not been designed to have security features. This paper presents a lightweight cipher, based on ARX (Addition-Modulo, Rotation and XOR) operations, Fiestel structure, an amalgamation of BRIGHT and SIMON structure, hence the name BRISI. The cipher encrypts 32-bit plaintext using 64-bit key. The software implementation is performed using MATLAB tool and it fulfils the Avalanche criterion, Key-sensitivity, correlation coefficient, entropy and histogram. The proposed design is simulated using Xilinx Vivado and is implemented on Nexys-4 DDR Artix-7 and Basys-3 Artix-7 FPGA family and is evaluated for (LUT and register) power and timing