A survey on data fusion in internet of things: Towards secure and privacy-preserving fusion

Internet of Things (IoT) aims to create a world that enables the interconnection and integration of things in physical world and cyber space. With the involvement of a great number of wireless sensor devices, IoT generates a diversity of datasets that are massive, multi-sourcing, heterogeneous, and sparse. By taking advantage of these data to further improve IoT services and offer intelligent services, data fusion is always employed first to reduce the size and dimension of data, optimize the amount of data traffic and extract useful information from raw data. Although there exist some surveys on IoT data fusion, the literature still lacks comprehensive insight and discussion on it with regard to different IoT application domains by paying special attention to security and privacy. In this paper, we investigate the properties of IoT data, propose a number of IoT data fusion requirements including the ones about security and privacy, classify the IoT applications into several domains and then provide a thorough review on the state-of-the-art of data fusion in main IoT application domains. In particular, we employ the requirements of IoT data fusion as a measure to evaluate and compare the performance of existing data fusion methods. Based on the thorough survey, we summarize open research issues, highlight promising future research directions and specify research challenges.     

IoT智能设备安全威胁及防护技术综述

伴随着物联网的产生和发展,IoT智能设备越来越多地出现,其大规模普及的同时,也给用户个人资产安全与隐私保护带来了极大地冲击和挑战。本文围绕智能设备,基于智能设备终端、云服务端和用户控制终端三端系统架构,综述目前智能设备安全威胁的主要来源和技术攻击手段,并针对性地梳理已有防护技术和安全研究现状。然后,针对现有IoT智能设备安全防护体系缺失和安全设计不足的问题,本文讨论提出了全生命周期的IoT智能设备系统防护模型设计思路。     

Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation

The Internet of Things (IoT) is the latest web evolution that incorporates billions of devices that are owned by different organisations and people who are deploying and using them for their own purposes. IoT-enabled harnessing of the information that is provided by federations of such IoT devices (which are often referred to as IoT things) provides unprecedented opportunities to solve internet-scale problems that have been too big and too difficult to tackle before. Just like other web-based information systems, IoT must also deal with the plethora of Cyber Security and privacy threats that currently disrupt organisations and can potentially hold the data of entire industries and even countries for ransom. To realise its full potential, IoT must deal effectively with such threats and ensure the security and privacy of the information collected and distilled from IoT devices. However, IoT presents several unique challenges that make the application of existing security and privacy techniques difficult. This is because IoT solutions encompass a variety of security and privacy solutions for protecting such IoT data on the move and in store at the device layer, the IoT infrastructure/platform layer, and the IoT application layer. Therefore, ensuring end-to-end privacy across these three IoT layers is a grand challenge in IoT. In this paper, we tackle the IoT privacy preservation problem. In particular, we propose innovative techniques for privacy preservation of IoT data, introduce a privacy preserving IoT Architecture, and also describe the implementation of an efficient proof of concept system that utilises all these to ensure that IoT data remains private. The proposed privacy preservation techniques utilise multiple IoT cloud data stores to protect the privacy of data collected from IoT. The proposed privacy preserving IoT Architecture and proof of concept implementation are based on extensions of OpenIoT - a widely used open source platform for IoT application development. Experimental evaluations are also provided to validate the efficiency and performance outcomes of the proposed privacy preserving techniques and architecture.     

一种高效隐私的区块链认知物联网框架

针对动态物联网隐私安全问题及低效推荐系统问题,提出一种高效隐私的区块链认知物联网框架。该框架分为区块链物联网管理层、认知过程层和需求层三层,区块链物联网管理层为认知层提供所需信息,然后对系统的可管理元素进行安全隐私的操作;在认知层中,认知引擎观察有关系统的信息,然后执行适当的算法来管理系统;在需求层中,通过认知规范语言（cognitive specification language,CSL）来描述网络的目标和行为。所提区块链物联网框架的认知推荐系统从过去发生的经验中学习,改进关于物联网推荐的决策,与其他物联网框架比较,所提框架和推荐系统具有隐私安全和高性能的推荐能力。     

A lightweight attribute-based encryption scheme for the Internet of Things

Internet of Things (IoT) is an emerging network paradigm, which realizes the interconnections among the ubiquitous things and is the foundation of smart society. Since IoT are always related to user’s daily life or work, the privacy and security are of great importance. The pervasive, complex and heterogeneous properties of IoT make its security issues very challenging. In addition, the large number of resources-constraint nodes makes a rigid lightweight requirement for IoT security mechanisms. Presently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission, storage and sharing in the distributed environment such as IoT. However, the existing ABE schemes are based on expensive bilinear pairing, which make them not suitable for the resources-constraint IoT applications. In this paper, a lightweight no-pairing ABE scheme based on elliptic curve cryptography (ECC) is proposed to address the security and privacy issues in IoT. The security of the proposed scheme is based on the ECDDH assumption instead of bilinear Diffie–Hellman assumption, and is proved in the attribute based selective-set model. By uniformly determining the criteria and defining the metrics for measuring the communication overhead and computational overhead, the comparison analyses with the existing ABE schemes are made in detail. The results show that the proposed scheme has improved execution efficiency and low communication costs. In addition, the limitations and the improving directions of it are also discussed in detail.     

Multi Level Key Exchange and Encryption Protocol for Internet of Things (IoT)

The burgeoning network communications for multiple applications such as commercial, IoT, consumer devices, space, military, and telecommunications are facing many security and privacy challenges. Over the past decade, the Internet of Things (IoT) has been a focus of study. Security and privacy are the most important problems for IoT applications and are still facing huge difficulties. To promote this high-security IoT domain and prevent security attacks from unauthorized users, keys are frequently exchanged through a public key exchange algorithm. This paper introduces a novel algorithm based on Elliptic Curve Cryptography(ECC) for multi-level Public Key Exchange and Encryption Mechanism. It also presents a random number generation technique for secret key generation and a new authentication methodology to enhance the security level. Finally, in terms of security, communication and computational overhead, the performance analysis of the proposed work is compared with the existing protocols.     

CLAPP: A self constructing feature clustering approach for anomaly detection

The term internet of things is a buzz word these days and as per Google survey conducted recently, it has even dominated the buzz word big data predominantly. However, IoT area is still not matured and is throwing light on lot of research issues towards the data mining researchers. Security in IoT throws several challenges because of limited resources. In this context, IoT gains importance once again from data miners towards anomaly mining or intrusion detection. Intrusion detection is classified as NP-class in the literature even today. Algorithms addressing privacy and security issues in IoT must consider the complexities involved and hence require re-attention from all researchers. One more problem faced when judging for intrusion is the use of high dimensionality, classifier choice, and distance measure. For example, the traditional distance measure, such as Euclidean misjudges the similarity. In this paper, the objective is to design a fuzzy membership function to address both dimensionality and anomaly mining so as reduce the computational complexity and increase computational accuracies of classifier algorithms. We validate the proposed measure using several experimentations on NSL-KDD and DARPA datasets using kNN, J48 and CANN using Gaussian measure. Improved accuracies of classifiers on U2R and R2L attacks have been recorded in the experimental results obtained for experiments conducted.     

Detecting Vulnerability on IoT Device Firmware: A Survey

Internet of things (IoT) devices make up 30%of all network-connected endpoints,introducing vulnerabilities and novel attacks that make many companies as primary targets for cybercriminals.To address this increasing threat surface,every organization deploying IoT devices needs to consider security risks to ensure those devices are secure and trusted.Among all the solutions for security risks,firmware security analysis is essential to fix software bugs,patch vulnerabilities,or add new security fea...     

物联网下的区块链访问控制综述

随着物联网的不断发展,物联网的隐私保护问题引起了人们的重视,而访问控制技术是保护隐私的重要方法之一.物联网访问控制模型多基于中央可信实体的概念构建.去中心化的区块链技术解决了中心化模型带来的安全隐患.从物联网自身环境特点出发,提出物联网终端节点设备轻量级、物联网海量终端节点和物联网动态性这3个物联网下访问控制必须要解决的问题.然后,以这3个问题为核心,分析、总结了现有物联网中主流访问控制模型以及使用区块链后的访问控制模型分别是怎么解决这些问题的.最后总结出两类区块链访问控制模型以及将区块链用于物联网访问控制中的优势,并对基于区块链的物联网访问控制在未来需要解决的问题进行了展望.     

物联网技术及其安全性研究

针对物联网_技术的发展趋势问题,基于物联网的体系结构和关键技术,分析了物联网的安全需求与相关特性,构建了一个以RFID安全和隐私保护为重点的物联网安全框架,提出了应对物联网所面临的安全挑战的解决途径,最后对物联网未来发展趋势作了展望.     

Exploring Factors Affecting the Adoption of Internet of Things Services

The Internet of things (IoT) is seen as a potentially effective means of integrating multiple technologies to improve the quality of life. However, little attention has been paid to factors that may have a significant effect on a user’s intention to use the IoT services. This study applies the value-based adoption model to examine the influences of benefits (i.e. perceived usefulness and perceived enjoyment) and sacrifices (i.e. perceived privacy risk and perceived costs) on the user’s perceived value of and intention to use the IoT services. A structural equation modeling approach is applied to a survey of 489 IoT users, with results indicating that perceived usefulness and perceived enjoyment significantly affect behavioral intention through perceived value. Moreover, perceived privacy risk also plays a key factor in determining IoT adoption. The implications of this study are discussed.     

面向医疗系统的隐私保护疾病预测研究

为了提高医疗数据的隐私性并有效对疾病进行预测,针对从物联网(IoT)设备收集的患者医疗数据,构建了面向医疗系统的隐私保护疾病预测系统框架,通过加密组合文本建立密钥提高了系统认证阶段的隐私性,加强系统和信息传输的安全性。利用基于对数循环值的椭圆曲线密码体制(LR-ECC)提高了数据传输阶段的安全性,从而授权的医护人员可以在医院侧安全地下载患者数据。运用基于象群遗传算法的的深度学习神经网络(EHGA-DLNN)分类技术在疾病预测系统(DPS)阶段实现了疾病数据的有效分类预测。实验结果表明,LR-ECC方法在加密时间和解密时间效率方面高于其他加密方法,并且能够达到98.87%的安全级别,EHGA-DLNN方法在疾病预测分类准确率达到98.35%。     

A secure fog-based platform for SCADA-based IoT critical infrastructure

The rapid proliferation of Internet of things (IoT) devices, such as smart meters and water valves, into industrial critical infrastructures and control systems has put stringent performance and scalability requirements on modern Supervisory Control and Data Acquisition (SCADA) systems. While cloud computing has enabled modern SCADA systems to cope with the increasing amount of data generated by sensors, actuators, and control devices, there has been a growing interest recently to deploy edge data centers in fog architectures to secure low-latency and enhanced security for mission-critical data. However, fog security and privacy for SCADA-based IoT critical infrastructures remains an under-researched area. To address this challenge, this contribution proposes a novel security “toolbox” to reinforce the integrity, security, and privacy of SCADA-based IoT critical infrastructure at the fog layer. The toolbox incorporates a key feature: a cryptographic-based access approach to the cloud services using identity-based cryptography and signature schemes at the fog layer. We present the implementation details of a prototype for our proposed secure fog-based platform and provide performance evaluation results to demonstrate the appropriateness of the proposed platform in a real-world scenario. These results can pave the way toward the development of a more secure and trusted SCADA-based IoT critical infrastructure, which is essential to counter cyber threats against next-generation critical infrastructure and industrial control systems. The results from the experiments demonstrate a superior performance of the secure fog-based platform, which is around 2.8 seconds when adding five virtual machines (VMs), 3.2 seconds when adding 10 VMs, and 112 seconds when adding 1000 VMs, compared to the multilevel user access control platform.     

Evolving privacy: From sensors to the Internet of Things

The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.     

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

Fighting COVID-19 and Future Pandemics With the Internet of Things: Security and Privacy Perspectives

The speed and pace of the transmission of severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2; also referred to as novel Coronavirus 2019 and COVID-19) have resulted in a global pandemic, with significant health, financial, political, and other implications. There have been various attempts to manage COVID-19 and other pandemics using technologies such as Internet of Things (IoT) and 5G/6G communications. However, we also need to ensure that IoT devices used to facilitate COVID-19 monitoring and treatment (e.g., medical IoT devices) are secured, as the compromise of such devices can have significant consequences (e.g., life-threatening risks to COVID-19 patients). Hence, in this paper we comprehensively survey existing IoT-related solutions, potential security and privacy risks and their requirements. For example, we classify existing security and privacy solutions into five categories, namely: authentication and access control solutions, key management and cryptography solutions, blockchain-based solutions, intrusion detection systems, and privacy-preserving solutions. In each category, we identify the associated challenges. We also identify a number of recommendations to inform future research.      

信息安全在物联网时代面临的挑战

物联网安全研究主要集中在物联网安全体系、物联网个体隐私保护模式、物联网安全相关法律的制定等方面。首先举例说明物联网在智能电网等生产生活领域的应用,然后讨论了物联网安全技术架构。最后根据物联网的安全架构分析了物联网安全面临的挑战。由此警示我们应提早应对物联网发展带来的信息安全等挑战。     

Robust session key generation protocol for social internet of vehicles with enhanced security provision

Social internet of things (SIoT) is an emerging concept that enables the autonomous interactions between social networks and internet of things (IoT). Vehicle-to-grid (V2G) networks are one of the instances of the SIoT. To mitigate privacy and security issues exist in the V2G networks, it is crucial to employ proper security solutions. One of the most important and popular security solutions is the key exchange protocol. During the last decade, several key exchange schemes have been proposed considering the specific requirements of V2G networks. However, the existing schemes have not reached a proper balance between security and efficiency. Therefore, in this paper, after the security assessment of a recent work, we propose a key exchange protocol, which can provide the desired performance and security properties. Rigorous formal security analyses besides the security features, communication overhead, and computational complexity comparisons indicate that the proposed scheme is a robust one to be employed in the V2G networks. To be more specific, in comparison to one of the most secure schemes, the proposed protocol has 84% improvement in execution time and 54% improvement in communication overhead. Furthermore, experiments on realistic platform indicate that the proposed protocol only takes 3 s to be executed by the computationally constrained onboard unit of electric vehicle.

     

A survey on solutions to support developers in privacy-preserving IoT development

Internet-of-Things (IoT) devices are rising in popularity and their usefulness often stems from the amount of data they collect. Data regulations such as the European General Data Protection Regulation (GDPR) require software developers to do their due diligence when it comes to privacy, as they are required to adhere to certain principles such as Privacy-by-Design (PbD). Due to the distributed and heterogeneous nature of IoT applications, privacy-preserving design is even more important in IoT environments. Studies have shown that developers are often not eager to implement privacy and generally do not see it as their duty or concern. However, developers are often left alone when it comes to engineering privacy in the realm of IoT. In this paper, we therefore survey which frameworks and tools have been developed for them, especially in the case of IoT. Our findings indicate that existing solutions are cumbersome to use, only work in certain scenarios, and are not enough to solve the privacy issues inherent IoT development. Based on our analysis, we further propose future research directions.