Random forest classifier‐based safe and reliable routing for opportunistic IoT networks

Designing a safe and reliable way for communicating the messages among the devices and humans forming the Opportunistic Internet of Things network (OppIoT) has been a challenge since the broadcast mode of message sharing is used. To contribute toward addressing such challenge, this paper proposes a Random Forest Classifier (RFC)‐based safe and reliable routing protocol for OppIoT (called RFCSec) which ensures space efficiency, hash‐based message integrity, and high packet delivery, simultaneously protecting the network against safety threats viz. packet collusion, hypernova, supernova, and wormhole attacks. The proposed RFCSec scheme is composed of two phases. In the first one, the RFC is trained on real data trace, and based on the output of this training, the second phase consists in classifying the encountered nodes of a given node as belonging to one of the output classes of nodes based on their past behavior in the network. This helps in proactively isolating the malicious nodes from participating in the routing process and encourages the participation of the ones with good message forwarding behavior, low packet dropping rate, high buffer availability, and a higher probability of delivering the messages in the past. Simulation results using the ONE simulator show that the proposed RFCSec secure routing scheme is superior to the MLProph, RLProph, and CAML routing protocols, chosen as benchmarks, in terms of legitimate packet delivery, probability of message delivery, count of dropped messages, and latency in packet delivery. The out‐of‐bag error obtained is also minimal     

Authentication-based Access Control and Data Exchanging Mechanism of IoT Devices in Fog Computing Environment

The emergence of fog computing has witnessed a big role in initiating secure communication amongst users. Fog computing poses the ability to perform analysis, processing, and storage for a set of Internet of Things (IoT) devices. Several IoT solutions are devised by utilizing the fog nodes to alleviate IoT devices from complex computation and heavy processing. This paper proposes an authentication scheme using fog nodes to manage IoT devices by providing security without considering a trusted third party. The proposed authentication scheme employed the benefits of fog node deployment. The authentication scheme using fog node offers reliable verification between the data owners and the requester without depending on the third party users. The proposed authentication scheme using fog nodes effectively solved the problems of a single point of failure in the storage system and offers many benefits by increasing the throughput and reducing the cost. The proposed scheme considers several entities, like end-users, IoT devices, fog nodes, and smart contracts, which help to administrate the authentication using access policies. The proposed authentication scheme using fog node provided superior results than other methods with minimal memory value of 4009.083 KB, minimal time of 76.915 s, and maximal Packet delivery ratio (PDR) of 76.

     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

Group and hierarchical key management for secure communications in internet of things

Different devices with different characteristics form a network to communicate among themselves in Internet of Things (IoT). Thus, IoT is of heterogeneous in nature. Also, Internet plays a major role in IoT. So, issues related to security in Internet become issues of IoT also. Hence, the group and hierarchical management scheme for solving security issues in Internet of Things is proposed in this paper. The devices in the network are formed into groups. One of the devices is selected as a leader of each group. The communication of the devices from each group takes place with the help of the leader of the corresponding group using encrypted key to enhance the security in the network. Blom's key predistribution technique is used to establish secure communication among any nodes of group. The hierarchy is maintained such that the security can be increased further, but the delay is increased as it takes time to encrypt at every level of hierarchy. Hence, the numbers of levels of hierarchy need to be optimized such that delay is balanced. Hence, this algorithm is more suitable for delay‐tolerant applications. The performance of the proposed Algorithm is evaluated and is proved to perform better when compared with the legacy systems like Decentralized Batch‐based Group Key Management Protocol for Mobile Internet of Things (DBGK).     

A reputation-based RPL protocol to detect selective forwarding attack in Internet of Things

Internet of Things (IoT) is an internet of smart objects where smart objects communicate with each other. IoT objects are deployed in open medium with dynamic topology. Due lack of infrastructure and centralized management, IoT present serious vulnerabilities to security attacks. Therefore, security is an essential prerequisite for the real-world deployment of IoT. In this work, we propose reputation-based RPL protocol where reputation-based mechanism is embedded into RPL protocol to enhance its capabilities against selective forwarding attack. Reputation is calculated by evaluating data forwarding behavior of IoT node. Data forwarding behavior of IoT node is evaluated by the difference between monitored actual packet loss and estimated normal loss. Calculated reputation value is considered in parent selection. Simulation results show that the proposed approach can accurately detect and isolate selective forwarding attack with improving data delivery ratio of the IoT network.     

ECC-CoAP: Elliptic Curve Cryptography Based Constraint Application Protocol for Internet of Things

Constraint Application Protocol (CoAP), an application layer based protocol, is a compressed version of HTTP protocol that is used for communication between lightweight resource constraint devices in Internet of Things (IoT) network. The CoAP protocol is generally associated with connectionless User Datagram Protocol (UDP) and works based on Representational State Transfer architecture. The CoAP is associated with Datagram Transport Layer Security (DTLS) protocol for establishing a secure session using the existing algorithms like Lightweight Establishment of Secure Session for communication between various IoT devices and remote server. However, several limitations regarding the key management, session establishment and multi-cast message communication within the DTLS layer are present in CoAP. Hence, development of an efficient protocol for secure session establishment of CoAP is required for IoT communication. Thus, to overcome the existing limitations related to key management and multicast security in CoAP, we have proposed an efficient and secure communication scheme to establish secure session key between IoT devices and remote server using lightweight elliptic curve cryptography (ECC). The proposed ECC-based CoAP is referred to as ECC-CoAP that provides a CoAP implementation for authentication in IoT network. A number of well-known cryptographic attacks are analyzed for validating the security strength of the ECC-CoAP and found that all these attacks are well defended. The performance analysis of the ECC-CoAP shows that our scheme is lightweight and secure.

     

Security in Internet of Things: issues,challenges, taxonomy,and architecture

Internet technology is very pervasive today. The number of devices connected to the Internet, those with a digital identity, is increasing day by day. With the developments in the technology, Internet of Things (IoT) become important part of human life. However, it is not well defined and secure. Now, various security issues are considered as major problem for a full-fledged IoT environment. There exists a lot of security challenges with the proposed architectures and the technologies which make the backbone of the Internet of Things. Some efficient and promising security mechanisms have been developed to secure the IoT environment, however, there is a lot to do. The challenges are ever increasing and the solutions have to be ever improving. Therefore, aim of this paper is to discuss the history, background, statistics of IoT and security based analysis of IoT architecture. In addition, we will provide taxonomy of security challenges in IoT environment and taxonomy of various defense mechanisms. We conclude our paper discussing various research challenges that still exist in the literature, which provides better understanding of the problem, current solution space, and future research directions to defend IoT against different attacks.     

Capability-based IoT access control using blockchain

Internet of Things (IoT) devices facilitate intelligent service delivery in a broad range of settings, such as smart offices, homes and cities. However, the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures. There are known security and privacy limitations with such schemes and architectures, such as the single-point failure or surveillance (e.g., device tracking). Hence, in this paper, we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices. Then, we propose a protocol to provide a systematic view of system interactions, to improve security. We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case. Our evaluation results show that the proposed solution is feasible, secure, and scalable.     

物联网安全管理技术研究

在物联网网络结构的基础上,分析物联网各个层次的安全威胁,从而给出物联网安全管理框架：安全措施包括应用安全、网络安全和终端安全三个层面,安全管理覆盖以上三个层面,并对所有安全设备进行统一管理和实现安全设备间的联防联动。针对物联网的网络结构特点和发展趋势,设计了基于服务架构（SOA）架构的物联网安全管理系统。     

Internet of Things-based wireless sensor networks for monitoring access constraint security measures in liable data aggregation

A wireless sensor network (WSN) is a network of autonomous, small sensors that can detect, collect, and send data about their surrounding environment. In the Internet of Things (IoT) infrastructure, WSNs are the smart devices that provide the platform with resource input. Security breaches and insider attacks are possible due to the WSN's resource-constrained design. However, the IoT platform's intelligence may be extended to WSN nodes for managing device and data-level security. This paper proposes Monitored Access Constraint Security (MACS) to ensure the privacy of data collected via the ubiquitous processing enabled by the Internet of Things. The IoT platform performs frequent checks on the quality of the interactions between the various nodes to ensure that they are functioning properly and that the sensor aggregation instances are accountable. Node liability is considered while adjusting the aggregate level and the continuity. The method guarantees secure information from the environment and the data sources. The quality of the data gathered in the suggested technique is evaluated based on node liability and information extraction feature. Accordingly, security measures are implemented at data gathering and filtering levels and then assessed using a recurrent learning process. Since there are fewer security breaches overall, the rate of aggregation increases. Aggregation loss, delay time, false rate, throughput, and verification time are used to evaluate the performance.     

物联网发展中的安全风险及对策研究

分析了国内外物联网安全政策、技术、标准、产业等形势,重点强调了当前我国物联网发展中存在的安全风险,包括大连接环境下的设备风险、物联网网络本身安全风险以及物联网上承载的各类应用安全风险,提出了打造以密码为核心的物联网安全体系,加速新技术在物联网安全的应用,以新基建为契机建立物联网领域安全设备泛在化部署新体系,以多层次立体式理念确保物联网安全,呼吁供给侧需求侧建立安全协同新机制,共同促进物联网产业安全可持续发展。     

Cross Layer Security MAC Aware Routing Protocol for IoT Networks

Wireless Personal Communications - Proliferation Internet of Things (IoT) devices is increasing security vulnerabilities across the enterprise besides its intrinsic constraints such as processing...     

An Energy Efficient Message Scheduling Algorithm Considering Node Failure in IoT Environment

Advancements in the area of computing and the networking gave birth to a new concept Internet of Things (IoT). This can be thought as “network of future” connecting diverse objects/things together. The focus is on scheduling the messages in an IoT environment where things/sensors are clustered into IoT subgroups, each subgroup has a message broker that delivers the messages originated from the group to the ultimate receiver of the sensed data. The message scheduler works at the broker level to decide which message to be transmitted first. This scheduling improves the overall IoT system efficiency. Furthermore to keep the flow of services provided by these things/sensors continuous and non-disruptive, the optimal tackling of the faulty or failed nodes has become the salient feature of the proposed scheduling algorithm. The faults or failures identified on time help to initiate recovery or replacement procedures. To find the right level of replacement nodes deployed for the sensor network, we consider the energy a scarce resource and the cost of deployment of the backup nodes as per failure of the node occurring in the underlying environment. In this work we propose an energy efficient recovery and backup node selection for IoT systems followed with energy efficient message scheduling. Simulation results show the effectiveness and efficiency of the proposed message scheduling considering the node failure with recovery and replacement technique.     

A Constrained Monitoring Protocol for the Internet of Things

Network monitoring has been traditionally conducted using Simple Network Management Protocol (SNMP): a network monitoring protocol that allows network administrators to keep track of every node in the network and ensure that it behaves correctly. This paper presents the Constrained Monitored Protocol (CoMP): a lightweight resource-efficient alternative to SNMP that targets the low-end devices of the Internet of Things (IoT). These devices are characterised by severe resource constraints in terms of memory, processing power, and bandwidth. Moreover, they are often energy-constrained as well, powered either by small batteries or energy harvesting. While SNMP does work with these devices, it has an unnecessary overhead resulting in a waste of resources that could otherwise be used for some other task, or to save energy. Furthermore, this paper proposes a cross-protocol CoMP-SNMP proxy that operates at the border router of the resource-constrained network and enables the efficient monitoring of resource-constrained IoT devices using CoMP from existing SNMP-based network monitoring infrastructures.

     

IoT–Cloud collaboration to establish a secure connection for lightweight devices

Internet of Things (IoT) technologies allow everyday objects including small devices in sensor networks to be capable of connecting to the Internet. Such an innovative technology can lead to positive changes in human life. However, if there is no proper security mechanism, private and sensitive data around humans can be revealed to the public Internet. In this aspect, this paper considers security issues of the IoT. In particular, we focus on various challenges in deploying Datagram Transport Layer Security (DTLS) protocol into a resource constrained environment. DTLS provides secure communication with UDP-based applications the same as TLS does for TCP-based applications. Several standard organizations such as IETF, oneM2M and OMA recommend using the DTLS as a default secure scheme for CoAP which is a new standard specified for resource-constrained environments. To find a practical way to deploy the DTLS in such a constrained IoT environments, we propose an IoT–Cloud collaboration system, where DTLS handshake delegation is the main component. We also implement and evaluate the proposed system in our real IoT testbed, where constrained devices are interconnected with each other in a multi-hop fashion. Evaluation results show that the proposed scheme dramatically reduces DTLS handshake latency, implementation code size and energy consumption.     

Security and Privacy in IoT: A Survey

The Internet of Things (IoT) is a network of globally connected physical objects, which are associated with each other via Internet. The IoT foresees the interconnection of few trillions of intelligent objects around us, uniquely and addressable every day, these objects have the ability to accumulate process and communicate data about themselves and their surrounding environment. The best examples of IoT systems are health care, building smart city with advance construction management system, public and defense surveillance and data acquisition. Recent advancement in the technology has developed smart and intelligent sensor nodes and RFIDs lead to a large number of wireless networks with smart and intelligent devices (object, or things) connected to the Internet continuously transmit the data. So to provide security and privacy to this data in IoT is a very challenging task, which is to be concerned at highest priority for several current and future applications of IoT. Devices such as smart phone, WSNs and RFIDs etc., are the major components of IoT network which are basically resource constrained devices. Design and development of security and privacy management schemes for these devices is guided by factors like good performance, low power consumption, robustness to attacks, tampering of the data and end to end security. Security schemes in IoT provide unauthorized access to information or other objects by protecting against alterations or destruction. Privacy schemes maintain the right to control about the collected information for its usage and purpose. In this paper, we have surveyed major challenges such as Confidentiality, Integrity, Authentication, and Availability for IoT in a brief manner.

     

Securing Internet of Things (IoT) with machine learning

Advances in hardware, software, communication, embedding computing technologies along with their decreasing costs and increasing performance have led to the emergence of the Internet of Things (IoT) paradigm. Today, several billions of Internet‐connected devices are part of the IoT ecosystem. IoT devices have become an integral part of the information and communication technology (ICT) infrastructure that supports many of our daily activities. The security of these IoT devices has been receiving a lot of attention in recent years. Another major recent trend is the amount of data that is being produced every day which has reignited interest in technologies such as machine learning and artificial intelligence. We investigate the potential of machine learning techniques in enhancing the security of IoT devices. We focus on the deployment of supervised, unsupervised learning techniques, and reinforcement learning for both host‐based and network‐based security solutions in the IoT environment. Finally, we discuss some of the challenges of machine learning techniques that need to be addressed in order to effectively implement and deploy them so that they can better protect IoT devices.     

物联网的安全威胁及需求分析

物联网分布范围的广泛性、节点的移动性以及业务应用的复杂性给物联网的安全带来严峻挑战。根据物联网的架构和特点,划分物联网的安全体系,并分析了不同层面所面临的多种安全问题。分别从物联网末端节点、感知层、网络层、应用层、管理控制五个层面全面分析了物联网可能面临的多种安全威胁,并在此基础上提出了物联网面临的安全需求。     

Novel Method for DNA-Based Elliptic Curve Cryptography for IoT Devices

Elliptic curve cryptography (ECC) can achieve relatively good security with a smaller key length, making it suitable for Internet of Things (IoT) devices. DNA-based encryption has also been proven to have good security. To develop a more secure and stable cryptography technique, we propose a new hybrid DNA-encoded ECC scheme that provides multilevel security. The DNA sequence is selected, and using a sorting algorithm, a unique set of nucleotide groups is assigned. These are directly converted to binary sequence and then encrypted using the ECC; thus giving double-fold security. Using several examples, this paper shows how this complete method can be realized on IoT devices. To verify the performance, we implement the complete system on the embedded platform of a Raspberry Pi 3 board, and utilize an active sensor data input to calculate the time and energy required for different data vector sizes. Connectivity and resilience analysis prove that DNA-mapped ECC can provide better security compared to ECC alone. The proposed method shows good potential for upcoming IoT technologies that require a smaller but effective security system.     

RAD‐EI: A routing attack detection scheme for edge‐based Internet of Things environment

Internet of Things (IoT) offers various types of application services in different domains, such as “smart infrastructure, health‐care, critical infrastructure, and intelligent transportation system.” The name edge computing signifies a corner or edge in a network at which traffic enters or exits from the network. In edge computing, the data analysis task happens very close to the IoT smart sensors and devices. Edge computing can also speed up the analysis process, which allows decision makers to take action within a short duration of time. However, edge‐based IoT environment has several security and privacy issues similar to those for the cloud‐based IoT environment. Various types of attacks, such as “replay, man‐in‐the middle, impersonation, password guessing, routing attack, and other denial of service attacks” may be possible in edge‐based IoT environment. The routing attacker nodes have the capability to deviate and disrupt the normal flow of traffic. These malicious nodes do not send packets (messages) to the edge node and only send packets to its neighbor collaborator attacker nodes. Therefore, in the presence of such kind of routing attack, edge node does not get the information or sometimes it gets the partial information. This further affects the overall performance of communication of edge‐based IoT environment. In the presence of such an attack, the “throughput of the network” decreases, “end‐to‐end delay” increases, “packet delivery ratio” decreases, and other parameters also get affected. Consequently, it is important to provide solution for such kind of attack. In this paper, we design an intrusion detection scheme for the detection of routing attack in edge‐based IoT environment called as RAD‐EI. We simulate RAD‐EI using the widely used “NS2 simulator” to measure different network parameters. Furthermore, we provide the security analysis of RAD‐EI to prove its resilience against routing attacks. RAD‐EI accomplishes around 95.0% “detection rate” and 1.23% “false positive rate” that are notably better than other related existing schemes. In addition, RAD‐EI is efficient in terms of computation and communication costs. As a result, RAD‐EI is a good match for some critical and sensitive applications, such as smart security and surveillance system.