Internet of things: Survey on security

The Internet of things (IoT) is intended for ubiquitous connectivity among different entities or “things”. While it provides effective and efficient solutions to many real world challenges, the security aspect of it has always been questioned. The situation is further exacerbated by the number of connected devices growing exponentially. As a result, security and privacy has emerged as a significant challenge for the IoT. In this paper, we aim to provide a thorough survey on IoT security and privacy challenges from the perspective of technologies and architecture used. This work focuses on IoT intrinsic vulnerabilities and their implications to the fundamental information security challenges in confidentiality, integrity, and availability. The approach of this survey is to summarize and synthesize published work in IoT; relate it to the security conjuncture of the field; and project future research directions.     

Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation

The Internet of Things (IoT) is the latest web evolution that incorporates billions of devices that are owned by different organisations and people who are deploying and using them for their own purposes. IoT-enabled harnessing of the information that is provided by federations of such IoT devices (which are often referred to as IoT things) provides unprecedented opportunities to solve internet-scale problems that have been too big and too difficult to tackle before. Just like other web-based information systems, IoT must also deal with the plethora of Cyber Security and privacy threats that currently disrupt organisations and can potentially hold the data of entire industries and even countries for ransom. To realise its full potential, IoT must deal effectively with such threats and ensure the security and privacy of the information collected and distilled from IoT devices. However, IoT presents several unique challenges that make the application of existing security and privacy techniques difficult. This is because IoT solutions encompass a variety of security and privacy solutions for protecting such IoT data on the move and in store at the device layer, the IoT infrastructure/platform layer, and the IoT application layer. Therefore, ensuring end-to-end privacy across these three IoT layers is a grand challenge in IoT. In this paper, we tackle the IoT privacy preservation problem. In particular, we propose innovative techniques for privacy preservation of IoT data, introduce a privacy preserving IoT Architecture, and also describe the implementation of an efficient proof of concept system that utilises all these to ensure that IoT data remains private. The proposed privacy preservation techniques utilise multiple IoT cloud data stores to protect the privacy of data collected from IoT. The proposed privacy preserving IoT Architecture and proof of concept implementation are based on extensions of OpenIoT - a widely used open source platform for IoT application development. Experimental evaluations are also provided to validate the efficiency and performance outcomes of the proposed privacy preserving techniques and architecture.     

Data fusion and transfer learning empowered granular trust evaluation for Internet of Things

In the Internet of Things (IoT), a huge amount of valuable data is generated by various IoT applications. As the IoT technologies become more complex, the attack methods are more diversified and can cause serious damages. Thus, establishing a secure IoT network based on user trust evaluation to defend against security threats and ensure the reliability of data source of collected data have become urgent issues, in this paper, a Data Fusion and transfer learning empowered granular Trust Evaluation mechanism (DFTE) is proposed to address the above challenges. Specifically, to meet the granularity demands of trust evaluation, time–space empowered fine/coarse grained trust evaluation models are built utilizing deep transfer learning algorithms based on data fusion. Moreover, to prevent privacy leakage and task sabotage, a dynamic reward and punishment mechanism is developed to encourage honest users by dynamically adjusting the scale of reward or punishment and accurately evaluating users’ trusts. The extensive experiments show that: (i) the proposed DFTE achieves high accuracy of trust evaluation under different granular demands through efficient data fusion; (ii) DFTE performs excellently in participation rate and data reliability.     

A security-and quality-aware system architecture for Internet of Things

Internet of Things (IoT) is characterized, at the system level, by high diversity with respect to enabling technologies and supported services. IoT also assumes to deal with a huge amount of heterogeneous data generated by devices, transmitted by the underpinning infrastructure and processed to support value-added services. In order to provide users with valuable output, the IoT architecture should guarantee the suitability and trustworthiness of the processed data. This is a major requirement of such systems in order to guarantee robustness and reliability at the service level. In this paper, we introduce a novel IoT architecture able to support security, privacy and data quality guarantees, thereby effectively boosting the diffusion of IoT services.     

Evaluating cloud deployment scenarios based on security and privacy requirements

Migrating organisational services, data and application on the Cloud is an important strategic decision for organisations due to the large number of benefits introduced by the usage of cloud computing, such as cost reduction and on-demand resources. Despite, however, many benefits, there are challenges and risks for cloud adaption related to (amongst others) data leakage, insecure APIs and shared technology vulnerabilities. These challenges need to be understood and analysed in the context of an organisation’s security and privacy goals and relevant cloud computing deployment models. Although the literature provides a large number of references to works that consider cloud computing security issues, no work has been provided, to our knowledge, which supports the elicitation of security and privacy requirements and the selection of an appropriate cloud deployment model based on such requirements. This work contributes towards this gap. In particular, we propose a requirements engineering framework to support the elicitation of security and privacy requirements and the selection of an appropriate deployment model based on the elicited requirements. Our framework provides a modelling language that builds on concepts from requirements, security, privacy and cloud engineering, and a systematic process. We use a real case study, based on the Greek National Gazette, to demonstrate the applicability of our work.     

A secure and quality-aware prototypical architecture for the Internet of Things

The increasing diffusion of services enabled by Internet of Things (IoT) technologies raises several risks associated to security and data quality. Together with the high number of heterogeneous interconnected devices, this creates scalability issues, thereby calling for a flexible middleware platform able to deal with both security threats and data quality issues in a dynamic IoT environment. In this paper a lightweight and cross-domain prototype of a distributed architecture for IoT is presented, providing minimum data caching functionality and in-memory data processing. A number of supporting algorithms for the assessment of data quality and security are presented and discussed. In the presented system, users can request services on the basis of a publish/subscribe mechanism, data from IoT devices being filtered according to users requirements in terms of security and quality. The prototype is validated in an experimental setting characterized by the usage of real-time open data feeds presenting different levels of reliability, quality and security.     

基于实体-数据的物联网服务建模

物联网服务作为信息世界软件服务通过物联网向现实世界的延伸,其在物联网系统具有重要的作用.然而,不同于传统Web服务,物联网服务具有现实感知、数据驱动、异构分布、时空相关等新特点,使得现有的服务模型不足以对物联网服务有效刻画,进而也不能满足物联网应用中的后续服务发现、服务卸载、服务组合等需求.在凝练分析物联网服务建模需求和已有物联网服务模型的基础上,提出了一种基于实体-数据的物联网服务建模框架,该框架提出了服务、实体、数据三元信息融合的物联网服务模型概念及概念关系,重点定义了服务、实体、数据的时空属性及时空依赖关系,以支持基于时空相关性的物联网服务关联表示与分析,并通过扩展OWL-S(ontology Web language for services)给出了基于实体-数据的物联网服务描述方式.最后,结合一个高速公路物联网应用案例对模型的使用方式和效果进行了讨论.     

物联网安全测评技术综述

近年来,物联网大规模应用于智能制造、智能家居、智慧医疗等产业,物联网的安全问题日益突出,给物联网的发展带来了前所未有的挑战。安全测评技术是保障物联网安全的重要手段,在物联网应用的整个开发生命周期都需要进行安全测评工作,以保证物联网服务的安全性和健壮性。物联网节点面临计算能力、体积和功耗受限等挑战,智慧城市等应用场景提出了大规模泛在异构连接和复杂跨域的需求。本文首先总结了目前物联网中常用的安全测评方法和风险管理技术;然后从绿色、智能和开放三个方面分析物联网安全技术的发展现状和存在的安全问题,并总结了物联网安全测评面临的挑战以及未来的研究方向。     

An Empirical Study of Home IoT Services in South Korea: The Moderating Effect of the Usage Experience

This article examines the responses of users to home Internet of Things (IoT) services in South Korea, which is taking progressive steps in the field of IoT. It is important to investigate the user’s response because home IoT users are the core users of the IoT business. To this end, the research model includes two trust constructs — “trust in the service provider” and “institutional trust”; two risk constructs — “perceived security risk” and “perceived privacy risk”; and “perceived benefit” construct. This study has two main objectives: (1) to establish the functional relationship among the five constructs listed above; (2) to examine the moderating role of home IoT usage experience in these relationships. The study first reviews the literature on home IoT services and describes the Korean situation. Data were collected from residents living in a smart apartment complex. They were made aware of not only the benefits of home IoT but also the security and privacy risks before they moved into their new homes. The research model was empirically analyzed with structural equation modeling (SEM) using Amos 22.0. The results show that (1) “trust in the service provider” negatively influences “perceived security risk” and “perceived privacy risk” while “institutional trust” does not have a significant influence on them, (2) “perceived security risk” and “perceived privacy risk” negatively influence “perceived benefit,” and (3) “trust in service provider” does not directly influence “perceived benefit” while “institutional trust” has a positive and direct influence on it. In addition, there is a significant moderating effect of home IoT usage experience on some paths. Finally, the study’s findings and limitations are discussed, and potential avenues for future research are suggested.     

Fighting COVID-19 and Future Pandemics With the Internet of Things: Security and Privacy Perspectives

The speed and pace of the transmission of severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2; also referred to as novel Coronavirus 2019 and COVID-19) have resulted in a global pandemic, with significant health, financial, political, and other implications. There have been various attempts to manage COVID-19 and other pandemics using technologies such as Internet of Things (IoT) and 5G/6G communications. However, we also need to ensure that IoT devices used to facilitate COVID-19 monitoring and treatment (e.g., medical IoT devices) are secured, as the compromise of such devices can have significant consequences (e.g., life-threatening risks to COVID-19 patients). Hence, in this paper we comprehensively survey existing IoT-related solutions, potential security and privacy risks and their requirements. For example, we classify existing security and privacy solutions into five categories, namely: authentication and access control solutions, key management and cryptography solutions, blockchain-based solutions, intrusion detection systems, and privacy-preserving solutions. In each category, we identify the associated challenges. We also identify a number of recommendations to inform future research.      

Multi-sensor fusion in body sensor networks: State-of-the-art and research challenges

Body Sensor Networks (BSNs) have emerged as a revolutionary technology in many application domains in health-care, fitness, smart cities, and many other compelling Internet of Things (IoT) applications. Most commercially available systems assume that a single device monitors a plethora of user information. In reality, BSN technology is transitioning to multi-device synchronous measurement environments; fusion of the data from multiple, potentially heterogeneous, sensor sources is therefore becoming a fundamental yet non-trivial task that directly impacts application performance. Nevertheless, only recently researchers have started developing technical solutions for effective fusion of BSN data. To the best of our knowledge, the community is currently lacking a comprehensive review of the state-of-the-art techniques on multi-sensor fusion in the area of BSN. This survey discusses clear motivations and advantages of multi-sensor data fusion and particularly focuses on physical activity recognition, aiming at providing a systematic categorization and common comparison framework of the literature, by identifying distinctive properties and parameters affecting data fusion design choices at different levels (data, feature, and decision). The survey also covers data fusion in the domains of emotion recognition and general-health and introduce relevant directions and challenges of future research on multi-sensor fusion in the BSN domain.     

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

一种高效隐私的区块链认知物联网框架

针对动态物联网隐私安全问题及低效推荐系统问题,提出一种高效隐私的区块链认知物联网框架。该框架分为区块链物联网管理层、认知过程层和需求层三层,区块链物联网管理层为认知层提供所需信息,然后对系统的可管理元素进行安全隐私的操作;在认知层中,认知引擎观察有关系统的信息,然后执行适当的算法来管理系统;在需求层中,通过认知规范语言（cognitive specification language,CSL）来描述网络的目标和行为。所提区块链物联网框架的认知推荐系统从过去发生的经验中学习,改进关于物联网推荐的决策,与其他物联网框架比较,所提框架和推荐系统具有隐私安全和高性能的推荐能力。     

NVM Storage in IoT Devices: Opportunities and Challenges

Edge storage stores the data directly at the data collection point, and does not need to transmit the collected data to the storage central server through the network. It is a critical technology that supports applications such as edge computing and 5G network applications, with lower network communication overhead, lower interaction delay and lower bandwidth cost. However, with the explosion of data and higher real-time requirements, the traditional Internet of Things (IoT) storage architecture cannot meet the requirements of low latency and large capacity. Non-volatile memory (NVM) presents new possibilities regarding this aspect. This paper classifies the different storage architectures based on NVM and compares the system goals, architectures, features, and limitations to explore new research opportunities. Moreover, the existing solutions to reduce the write latency and energy consumption and increase the lifetime of NVM IoT storage devices are analyzed. Furthermore, we discuss the security and privacy issues of IoT devices and compare the mainstream solutions. Finally, we present the opportunities and challenges of building IoT storage systems based on NVM.     

一种基于区块链的数据完整性验证解决方案

数据在物联网环境下采集、传递、存储过程中,如果缺少严密的安全防范措施,可能会出现假冒的、被篡改的或者过期的数据,这些缺乏完整性保护的物联网数据会对物联网应用造成极大的危害。数据的完整性是确保数据可信的必要条件。区块链的去中心化、分布式、持久性、不可篡改等属性,使得区块链目前成为在具有隐私保护应用需求的数据完整性验证的优选方法。文中提出了一种基于区块链的数据完整性验证的区块链结构和基于去中心化时间戳的数据完整性验证机制,设计了基于区块链的数据完整性验证的智能合约,在以太坊平台上模拟真实场景。实验结果表明,基于区块链的数据完整性验证技术方案,可以在去中心化的应用环境下,并在数据分散存储以保护数据隐私的前提下,确保数据的完整性。     

云计算环境安全综述

伴随云计算技术的飞速发展,其所面临的安全问题日益凸显,在工业界和学术界引起了广泛的关注.传统的云基础架构中存在较高安全风险,攻击者对虚拟机的非法入侵破坏了云服务或资源的可用性,不可信的云存储环境增大了用户共享、检索私有数据的难度,各类外包计算和云应用需求带来了隐私泄露的风险.该文从云计算环境下安全与隐私保护技术的角度出发,通过介绍云虚拟化安全、云数据安全以及云应用安全的相关研究进展,分析并对比典型方案的特点、适用范围及其在安全防御和隐私保护方面的不同效用,讨论已有工作的局限性,进而指出未来发展趋势和后续研究方向.     

物联网安全威胁与安全模型

随着物联网应用的发展和普及利用,针对物联网的攻击事件日益增多且危害严重。目前面对物联网安全问题主要采用被动补救的方式,缺乏对物联网安全的体系化思考和研究。本论文首先介绍物联网系统架构和各实体的发展,然后分析物联网面临的多层次安全威胁,包括各实体自身的安全威胁,也包括跨域的安全威胁。其中,实体自身安全威胁涉及到云平台、设备端、管道、云端交互。物联网跨域安全威胁包含4个方面:多域级联攻击、物理域的冲突与叠加、信息域对物理域进行非预期的控制、信息域对物理域输入的理解不全面。在此基础上,论文研究了基于PDRR网络安全体系的物联网安全模型,包含安全防护、安全检测、响应、恢复4个维度。安全防护包含认证、授权与访问控制、通信加密等技术,需要考虑物联网种类繁多,规模巨大,异构等特点进行设计与实施。安全检测需要对各实体进行入侵检测、在线安全监测、脆弱性检测以及恶意代码检测。其中,在线安全监测获取系统内部设备、应用程序的行为、状态、是否存在已知脆弱性等。脆弱性检测偏向于对未知脆弱性进行深度挖掘。在响应阶段,除了配合相关部门机关完成安全行动资源配置、态势感知等响应工作外,还需要进行入侵事件的分析与响应,漏洞...     

网络空间物联网信息搜索

本篇论文总结和分析了网络空间物联网信息搜索相关研究工作,作为物联网信息搜索的综述性工作。物联网信息是网络空间中最重要的资产,在各个领域行业发挥着越来越重要的作用。探测、发现和识别网络空间中的物联网信息,已经成为了保障网络空间关键基础设施安全的前提和有效手段。本文,首先提出了网络空间物联网信息搜索的基本架构。其次,论文讨论了四类典型物联网信息的相关研究工作,包括操作系统信息、应用服务、设备种类和标识信息。网络空间存在着海量、动态和异构的物联网信息,本文总结和分析了物联网信息搜索关键技术的研究,包括探测技术和识别技术。最后,论文探讨了两类基于物联网信息搜索的应用,包括互联网空间测量和大规模安全事件分析。     

物联网技术及其安全性研究

针对物联网_技术的发展趋势问题,基于物联网的体系结构和关键技术,分析了物联网的安全需求与相关特性,构建了一个以RFID安全和隐私保护为重点的物联网安全框架,提出了应对物联网所面临的安全挑战的解决途径,最后对物联网未来发展趋势作了展望.     

A comprehensive approach to privacy in the cloud-based Internet of Things

In the near future, the Internet of Things is expected to penetrate all aspects of the physical world, including homes and urban spaces. In order to handle the massive amount of data that becomes collectible and to offer services on top of this data, the most convincing solution is the federation of the Internet of Things and cloud computing. Yet, the wide adoption of this promising vision, especially for application areas such as pervasive health care, assisted living, and smart cities, is hindered by severe privacy concerns of the individual users. Hence, user acceptance is a critical factor to turn this vision into reality.To address this critical factor and thus realize the cloud-based Internet of Things for a variety of different application areas, we present our comprehensive approach to privacy in this envisioned setting. We allow an individual user to enforce all her privacy requirements before any sensitive data is uploaded to the cloud, enable developers of cloud services to integrate privacy functionality already into the development process of cloud services, and offer users a transparent and adaptable interface for configuring their privacy requirements.