Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation

The Internet of Things (IoT) is the latest web evolution that incorporates billions of devices that are owned by different organisations and people who are deploying and using them for their own purposes. IoT-enabled harnessing of the information that is provided by federations of such IoT devices (which are often referred to as IoT things) provides unprecedented opportunities to solve internet-scale problems that have been too big and too difficult to tackle before. Just like other web-based information systems, IoT must also deal with the plethora of Cyber Security and privacy threats that currently disrupt organisations and can potentially hold the data of entire industries and even countries for ransom. To realise its full potential, IoT must deal effectively with such threats and ensure the security and privacy of the information collected and distilled from IoT devices. However, IoT presents several unique challenges that make the application of existing security and privacy techniques difficult. This is because IoT solutions encompass a variety of security and privacy solutions for protecting such IoT data on the move and in store at the device layer, the IoT infrastructure/platform layer, and the IoT application layer. Therefore, ensuring end-to-end privacy across these three IoT layers is a grand challenge in IoT. In this paper, we tackle the IoT privacy preservation problem. In particular, we propose innovative techniques for privacy preservation of IoT data, introduce a privacy preserving IoT Architecture, and also describe the implementation of an efficient proof of concept system that utilises all these to ensure that IoT data remains private. The proposed privacy preservation techniques utilise multiple IoT cloud data stores to protect the privacy of data collected from IoT. The proposed privacy preserving IoT Architecture and proof of concept implementation are based on extensions of OpenIoT - a widely used open source platform for IoT application development. Experimental evaluations are also provided to validate the efficiency and performance outcomes of the proposed privacy preserving techniques and architecture.     

NVM Storage in IoT Devices: Opportunities and Challenges

Edge storage stores the data directly at the data collection point, and does not need to transmit the collected data to the storage central server through the network. It is a critical technology that supports applications such as edge computing and 5G network applications, with lower network communication overhead, lower interaction delay and lower bandwidth cost. However, with the explosion of data and higher real-time requirements, the traditional Internet of Things (IoT) storage architecture cannot meet the requirements of low latency and large capacity. Non-volatile memory (NVM) presents new possibilities regarding this aspect. This paper classifies the different storage architectures based on NVM and compares the system goals, architectures, features, and limitations to explore new research opportunities. Moreover, the existing solutions to reduce the write latency and energy consumption and increase the lifetime of NVM IoT storage devices are analyzed. Furthermore, we discuss the security and privacy issues of IoT devices and compare the mainstream solutions. Finally, we present the opportunities and challenges of building IoT storage systems based on NVM.     

Internet of things: Survey on security

The Internet of things (IoT) is intended for ubiquitous connectivity among different entities or “things”. While it provides effective and efficient solutions to many real world challenges, the security aspect of it has always been questioned. The situation is further exacerbated by the number of connected devices growing exponentially. As a result, security and privacy has emerged as a significant challenge for the IoT. In this paper, we aim to provide a thorough survey on IoT security and privacy challenges from the perspective of technologies and architecture used. This work focuses on IoT intrinsic vulnerabilities and their implications to the fundamental information security challenges in confidentiality, integrity, and availability. The approach of this survey is to summarize and synthesize published work in IoT; relate it to the security conjuncture of the field; and project future research directions.     

Security of lightweight mutual authentication protocols

Sensors and IoT (Internet of Things), which include RFID (Radio-Frequency IDentification) tags, have witnessed widespread adoption across a wide variety of application domains over the last two decades. These sensors and IoT devices are often a part of distributed sensor networks. As with any distributed processing scenario, there is a need to ensure that these devices provide required security and privacy to the tagged object as well as its bearer. Cryptography has been used to address the security and privacy aspects of RFID tags. Unlike a majority of other IoT devices, the commonly used passive RFID tags are extremely resource-constrained and therefore can accommodate only lightweight operations. Security and privacy concerns still need to be addressed as they remain significant regardless of implementation details. We evaluate RFID-based lightweight mutual authentication protocols that have been recently proposed and identify vulnerabilities.

     

Malicious insiders attack in IoT based Multi-Cloud e-Healthcare environment: <Emphasis Type="Italic">A Systematic Literature Review</Emphasis>

The emergence of Internet of Things (IoT) has introduced smart objects as the fundamental building blocks for developing a smart cyber-physical universal environment. The IoTs have innumerable daily life applications. The healthcare industry particularly has been benefited due to the provision of ubiquitous health monitoring, emergency response services, electronic medical billing, etc. Since IoT devices possess limited storage and processing power, therefore these intelligent objects are unable to efficiently provide the e-health facilities, or process and store enormous amount of collected data. IoTs are merged with Cloud Computing technology in Multi-Cloud form that basically helps cover the limitations of IoTs by offering a secure and on-demand shared pool of resources i.e., networks, servers, storage, applications, etc., to deliver effective and well-organized e-health amenities. Although the framework based on the integration of IoT and Multi-Cloud is contributing towards better patient care, yet on the contrary, it is challenging the privacy and reliability of the patients’ information. The purpose of this systematic literature review is to identify the top security threat and to evaluate the existing security techniques used to combat this attack and their applicability in IoT and Multi-Cloud based e-Healthcare environment.     

IoT智能设备安全威胁及防护技术综述

伴随着物联网的产生和发展,IoT智能设备越来越多地出现,其大规模普及的同时,也给用户个人资产安全与隐私保护带来了极大地冲击和挑战。本文围绕智能设备,基于智能设备终端、云服务端和用户控制终端三端系统架构,综述目前智能设备安全威胁的主要来源和技术攻击手段,并针对性地梳理已有防护技术和安全研究现状。然后,针对现有IoT智能设备安全防护体系缺失和安全设计不足的问题,本文讨论提出了全生命周期的IoT智能设备系统防护模型设计思路。     

Security towards the edge: Sticky policy enforcement for networked smart objects

One of the hottest topics in the Internet of Things (IoT) domain relates to the ability of enabling computation and storage at the edges of the network. This is becoming a key feature in order to ensure the ability of managing in a scalable way service requests with low response times. This means being able to acquire, store, and process IoT-generated data closer to the data producers and data consumers. In this scenario, also security and privacy solutions must be applied in a capillary way at the edges of the network. In particular, a control on access to data generated by IoT devices is necessary for guaranteeing proper levels of security and privacy as well as for preventing violation attempts, while allowing data owners to monitor and control their information. In this paper, a sticky policy approach is proposed as a strategy for efficiently managing the access to IoT resources within an existing distributed middleware architecture. As demonstrated in the experimental evaluation, sticky policies represent a promising and efficient technique to increase the robustness (in a security perspective) of the IoT system.     

Multi Level Key Exchange and Encryption Protocol for Internet of Things (IoT)

The burgeoning network communications for multiple applications such as commercial, IoT, consumer devices, space, military, and telecommunications are facing many security and privacy challenges. Over the past decade, the Internet of Things (IoT) has been a focus of study. Security and privacy are the most important problems for IoT applications and are still facing huge difficulties. To promote this high-security IoT domain and prevent security attacks from unauthorized users, keys are frequently exchanged through a public key exchange algorithm. This paper introduces a novel algorithm based on Elliptic Curve Cryptography(ECC) for multi-level Public Key Exchange and Encryption Mechanism. It also presents a random number generation technique for secret key generation and a new authentication methodology to enhance the security level. Finally, in terms of security, communication and computational overhead, the performance analysis of the proposed work is compared with the existing protocols.     

Evolving privacy: From sensors to the Internet of Things

The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.     

A survey on solutions to support developers in privacy-preserving IoT development

Internet-of-Things (IoT) devices are rising in popularity and their usefulness often stems from the amount of data they collect. Data regulations such as the European General Data Protection Regulation (GDPR) require software developers to do their due diligence when it comes to privacy, as they are required to adhere to certain principles such as Privacy-by-Design (PbD). Due to the distributed and heterogeneous nature of IoT applications, privacy-preserving design is even more important in IoT environments. Studies have shown that developers are often not eager to implement privacy and generally do not see it as their duty or concern. However, developers are often left alone when it comes to engineering privacy in the realm of IoT. In this paper, we therefore survey which frameworks and tools have been developed for them, especially in the case of IoT. Our findings indicate that existing solutions are cumbersome to use, only work in certain scenarios, and are not enough to solve the privacy issues inherent IoT development. Based on our analysis, we further propose future research directions.     

Detecting Vulnerability on IoT Device Firmware: A Survey

Internet of things (IoT) devices make up 30%of all network-connected endpoints,introducing vulnerabilities and novel attacks that make many companies as primary targets for cybercriminals.To address this increasing threat surface,every organization deploying IoT devices needs to consider security risks to ensure those devices are secure and trusted.Among all the solutions for security risks,firmware security analysis is essential to fix software bugs,patch vulnerabilities,or add new security fea...     

A survey on data fusion in internet of things: Towards secure and privacy-preserving fusion

Internet of Things (IoT) aims to create a world that enables the interconnection and integration of things in physical world and cyber space. With the involvement of a great number of wireless sensor devices, IoT generates a diversity of datasets that are massive, multi-sourcing, heterogeneous, and sparse. By taking advantage of these data to further improve IoT services and offer intelligent services, data fusion is always employed first to reduce the size and dimension of data, optimize the amount of data traffic and extract useful information from raw data. Although there exist some surveys on IoT data fusion, the literature still lacks comprehensive insight and discussion on it with regard to different IoT application domains by paying special attention to security and privacy. In this paper, we investigate the properties of IoT data, propose a number of IoT data fusion requirements including the ones about security and privacy, classify the IoT applications into several domains and then provide a thorough review on the state-of-the-art of data fusion in main IoT application domains. In particular, we employ the requirements of IoT data fusion as a measure to evaluate and compare the performance of existing data fusion methods. Based on the thorough survey, we summarize open research issues, highlight promising future research directions and specify research challenges.     

面向物联网的高效集群证明机制

随着物联网的迅速发展,巨量的嵌入式设备广泛应用于现代生活,安全和隐私成为了物联网发展的重要挑战.物联网设备互联构成集群网络,设备集群证明是验证集群环境内所有设备的可信状态的一种安全技术,也是物联网安全研究需要解决的一个重要问题.传统证明技术主要针对单一证明者的场景,无法满足大规模集群的全局证明需求;而简单扩展的集群证明机制通常难以抵抗合谋攻击,且效率低下.为了解决这些问题,本文提出了一种基于设备分组的高效集群证明方案.该方案将同构设备分组,并于每组设立一个管理节点负责该组的组内节点验证.当进行远程证明时,由于每个管理节点已经预先获悉该组节点可信性状态,所以只需要对全局集群环境内所有管理节点进行验证,从而提高了效率.该方案不仅高效,还具有较高的安全性,能够抵抗合谋攻击等.我们实现的原型系统实验测试结果表明,当同构设备越多,管理节点越少的时候,本文方案的证明效率更高.     

Highly private blockchain-based management system for digital COVID-19 certificates

As a result of the declaration of the COVID-19 pandemic, several proposals of blockchain-based solutions for digital COVID-19 certificates have been presented. Considering that health data have high privacy requirements, a health data management system must fulfil several strict privacy and security requirements. On the one hand, confidentiality of the medical data must be assured, being the data owner (the patient) the actor that maintain control over the privacy of their certificates. On the other hand, the entities involved in the generation and validation of certificates must be supervised by a regulatory authority. This set of requirements are generally not achieved together in previous proposals. Moreover, it is required that a digital COVID-19 certificate management protocol provides an easy verification process and also strongly avoid the risk of forgery. In this paper we present the design and implementation of a protocol to manage digital COVID-19 certificates where individual users decide how to share their private data in a hierarchical system. In order to achieve this, we put together two different technologies: the use of a proxy re-encryption (PRE) service in conjunction with a blockchain-based protocol. Additionally, our protocol introduces an authority to control and regulate the centers that can generate digital COVID-19 certificates and offers two kinds of validation of certificates for registered and non-registered verification entities. Therefore, the paper achieves all the requirements, that is, data sovereignty, high privacy, forgery avoidance, regulation of entities, security and easy verification.

     

A survey on privacy in decentralized online social networks

Decentralized Online Social Networks (DOSNs) have recently captured the interest of users because of the more control given to them over their shared contents. Indeed, most of the user privacy issues related to the centralized Online Social Network (OSN) services (such as Facebook or Google+) do not apply in the case of DOSNs because of the absence of the centralized service provider. However, these new architectures have motivated researchers to investigate new privacy solutions that allow DOSN’s users to protect their contents by taking into account the decentralized nature of the DOSNs platform.In this survey, we provide a comprehensive overview of the privacy solutions adopted by currently available DOSNs, and we compare them by exploiting several criteria. After presenting the differences that existing DOSNs present in terms of provided services and architecture, we identify, for each of them, the privacy model used to define the privacy policies and the mechanisms for their management (i.e., initialization and modification of the privacy policy). In addition, we evaluate the overhead introduced by the security mechanisms adopted for privacy policy management and enforcement by discussing their advantages and drawbacks.     

Highly efficient key agreement for remote patient monitoring in MEC-enabled 5G networks

Remote patient monitoring is one of the cornerstones to enable Ambient Assisted Living. Here, a set of devices provide their corresponding input, which should be carefully aggregated and analysed to derive health-related conclusions. In the new Fifth-Generation (5G) networks, Internet of Things (IoT) devices communicate directly to the mobile network without any need of proxy devices. Moreover, 5G networks consist of Multi-access Edge Computing (MEC) nodes, which are taking the role of a mini-cloud, able to provide sufficient computation and storage capacity at the edge of the network. MEC IoT integration in 5G offers a lot of benefits such as high availability, high scalability, low backhaul bandwidth costs, low latency, local awareness and additional security and privacy. In this paper, we first detail the procedure on how to establish such remote monitoring in 5G networks. Next, we focus on the key agreement between IoT, MEC and registration center in order to guarantee mutual authentication, anonymity, and unlinkability properties. Taking into account the high heterogeneity of IoT devices that can contribute to an accurate image of the health status of a patient, it is of utmost importance to design a very lightweight scheme that allows even the smallest devices to participate. The proposed protocol is symmetric key based and thus highly efficient. Moreover, it is shown that the required security features are established and protection against the most of the well-known attacks is guaranteed.

     

Privacy-preserving contact tracing in 5G-integrated and blockchain-based medical applications

The current pandemic situation due to COVID-19 is seriously affecting our daily work and life. To block the propagation of infectious diseases, an effective contact tracing mechanism needs to be implemented. Unfortunately, existing schemes have severe privacy issues that jeopardize the identity-privacy and location-privacy for both users and patients. Although some privacy-preserving systems have been proposed, there remain several issues caused by centralization. To mitigate this issues, we propose a Privacy-preserving contact Tracing scheme in 5G-integrated and Blockchain-based Medical applications, named PTBM. In PTBM, the 5G-integrated network is leveraged as the underlying infrastructure where everyone can perform location checking with his mobile phones or even wearable devices connected to 5G network to find whether they have been in possible contact with a diagnosed patient without violating their privacy. A trusted medical center can effectively trace the patients and their corresponding close contacts. Thorough security and performance analysis show that the proposed PTBM scheme achieves privacy protection, traceability, reliability, and authentication, with high computation & communication efficiency and low latency.     

SupAUTH: A new approach to supply chain authentication for the IoT

Recent advances of the Internet of Things (IoT) technologies have enhanced the use of radio‐frequency identification‐based tracking system to be widely deployed in supply chain management covering every step involved in the flow of merchandise from the supplier to the customer to ensure a trustworthy delivery environment. Such authentication system (also known as path authentication) not only guarantees the merchandise to be available in the right destination with no discrepancies and errors but also ensures the route of the merchandise progress to be valid. This paper outlines the current state‐of‐the‐art cryptographic solutions for path authentication, highlights their properties and weakness, and proposes a novel, privacy‐preserving, and efficient solution. Compared with the existing elliptic curve ElGamal re‐encryption–based solution, our homomorphic message authentication code on arithmetic circuit–based solution offers less memory storage (with limited scalability) and no computational requirement on the reader. Moreover, we allow computational ability inside the tag that articulates a new privacy direction to the state‐of‐the‐art path privacy. This privacy notion helps support the confidentiality of the tag movement in the context of IoT‐enabled cross‐organizational tracking environment where the stakeholders can be from different organizations associated together with the merchandise being delivered. As a potential extension to the path authentication protocol, we further propose a polynomial‐based mutual authentication as a security extension and batch initialization as an efficiency extension. Besides our brief security and privacy analysis, our evaluation shows that the proposed solution can significantly reduce memory requirements on tags with marginal computational overhead to ensure transmission path confidentiality. We observe that SupAUTH requires maximum 513‐bit tag memory and 57.3 ms of processing time during evaluation, which is not only practical but also suitable for any suitable low‐cost radio‐frequency identification deployment in IoT.     

Scalable,password-based and threshold authentication for smart homes

Smart homes are a special use-case of the IoT paradigm, which is becoming more and more important in our lives. Although sensors, devices and applications make our daily lives easier, they often collect our sensitive data, which may lead to security problems (e.g., hacked devices, botnets, etc.). In several cases, the appropriate security mechanisms are missing within the devices. Therefore, security measures have become a central topic in the field of IoT. The most essential requirements are secure user–device authentication and confidentiality of transferred sensitive data. Passwords are the most widely used factors in various areas, such as user authentication, key establishment, and also secret sharing. Password-based protocols that are resistant to typical threats, such as offline dictionary, man-in-the-middle and phishing attacks, generate new session keys. The major aim of these solutions is to guarantee high-level security, even if a user applies a single low-entropy human memorable password for all their accounts. We introduce a threshold and password-based, distributed, mutual authenticated key agreement with key confirmation protocol for a smart home environment. The proposed protocol is a scalable and robust scheme, which forces the adversary to corrupt \(l-1\) smart home devices, where l is the threshold, in order to perform an offline dictionary attack. The protocol is designed to achieve password-only setting, and end-to-end security if the chosen IoT devices are also authenticated besides the user. We also provide a security analysis of the protocol in AVISPA. We apply the on-the-fly model checker and the constraint-logic-based attack searcher to perform protocol verification for bounded numbers of sessions. We show that the proposed protocol provides session key secrecy and mutual authentication of the user and the device manager. Since efficiency is a crucial aspect, we implemented our protocol to measure the computation and communication costs and demonstrate that our solution is appropriate and eligible for smart homes.

     

A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.