Connecting food supply chains

The number of attacks exploiting Internet of Things (IoT) devices has been increasing with the emergence of IoT malware targeting IoT devices. The use of IoT devices in a wide variety of situations has resulted in an urgent need to improve the security of the IoT devices themselves. However, the IoT devices themselves have low hardware performance and their operating systems and applications are not frequently updated, leaving many devices vulnerable to IoT malware attacks. Mandatory Access Control (MAC) systems based on Linux Security Modules (LSM), such as SELinux and AppArmor, can mitigate the impact of these attacks, even if software vulnerabilities are discovered and exploited. However, most IoT devices do not currently employ these systems. While existing approaches have examined on-board resources as one factor affecting the applicability of MAC systems, they are insufficient to address all relevant factors. In this paper, we report the factors that may prevent the deployment of LSM-based secure OS in IoT devices and the results of our evaluation of the effectiveness of LSM-based secure OS against IoT malware attacks. First, we comprehensively investigated the impact of each factor of IoT devices on the deployment of LSM-based secure OS. To improve the comprehensiveness of the factors affecting the deployment, we investigated the kernel version, CPU architecture, and BusyBox support. Next, we conducted an attack experiment that simulated the attack method of Mirai, a typical IoT malware, to investigate whether it is possible to protect against IoT malware. We also showed how to modify the security policy, and the cost of modifying it, for secure OSs that cannot prevent attacks from IoT malware with the default security policy. Finally, we report the results of our investigation into the impact of these factors in combination.

Currently, the growth of cybercrime and online attacks reflects the increase in the use of Internet of Things (IoT) devices. This has become a challenge as the use of IoT devices continues to grow and diversify in variety. It is challenging to cater to all security problems at once due to IoT devices have many designs and updates. These variations are likely to create security concerns, as there is currently no industry-wide standard for IoT device security. This situation raises security concerns. In addition, since IoT devices hold sensitive and personal information, they are susceptible to a variety of risks as attackers attempt to take advantage of the flaws that exist. As a consequence, ensuring the safety of all applications and devices connected to the IoT is crucial. This paper presents a project that executes penetration testing on a Raspberry Pi 4 that could act as an IoT device and a laptop running on Kali Linux as a hacking tool in order to determine the vulnerabilities of IoT devices. This project successfully conducted cyber-attacks against the exploitable vulnerabilities in the Raspberry Pi 4 acting as an IoT device by executing DoS attack, man-in-the-middle attack and brute force attack. Finally, this paper also presents a set of best practices for mitigating the cyber-attacks.

The Internet of Things (IoT) are devices which are connected and controlled over the internet. The use of IoT devices has increased exponentially over time and knowingly or unknowingly our data is captured by IoT devices on a daily basis. Recent news on malware targeting IoT devices and some current research reveals that in most cases there are no security controls implemented on these devices. The exponential rise in the use of IoT devices, more processing of sensitive data by these devices, and their mass exploitation was the motivation behind our work. Malware like Mirai is currently being used to build large botnets which are used in DDoS attacks where up to 1.2 Terabytes of networks traffic is generated every second. We will discuss the threats when there is a compromise of an IoT device's security and provide a case study of an IP camera. We also cover aspects of how and why modern malware targets IoT devices specifically. We finally discuss the importance of securing IoT and provide essential security practices for mitigating device exploitation.

The use of Internet of things (IoT) devices in smart cities has been increasing in recent years. The use of IoT devices, which facilitate the daily life of people living in the smart city, on wearable and mobile devices causes the vulnerability. Some countermeasures should be taken to prevent unauthorized access to IoT devices that contain personal data and to protect the data. In this study, the protocol created to ensure the security of the data communication of IoT devices in smart cities is explained. In the proposed design, IoT device-based secure data communication protocol with limited resources is presented. Data privacy methods that will work on IoT devices are designed to achieve high performance by consuming as few resources as possible. The proposed protocol provides secure data communication against 4 different attacks: Man-in-the-middle attack, malicious code injection attack, denial of service (DoS) attack, and replay attack. As a result of the formal analysis made with the Scyther tool, it is shown that data security is ensured.

Seeing is not always believing: Insights on IoT manufacturing from firmware composition analysis and vendor survey

Cutting edge technologies to end food waste

In September of 2016, a new threat appeared on the internet that launched crippling Denial of Service Attacks against several high-profile targets. The Mirai Botnet, as it was called, took advantage of the weak security measures on Internet of Things (IoT) devices and used them to launch these DDoS attacks. The severity of these attacks awakened the technology industry to the lack of security for IoT devices. The use of IoT devices is expanding rapidly, creating an increasingly large attack surface for threats like Mirai. Multiple technology organizations have since been working to develop standards to push manufacturers to emphasize security on their devices and implement new technologies to improve security for consumers and enterprises. The renewed interest in security and the development of security standards may not be enough, as the market for IoT devices often incentivizes ease of use and practicality over security. The goal of this document is two-fold. First, I will explore the workings of one of the most disruptive pieces of malware in recent history, the Mirai Botnet. Second, I will explore methods to secure IoT devices from being compromised by malware such as the Mirai Botnet.

Smart devices have become an integral part of our everyday life. In contrast to smartphones and laptops, Internet of Things (IoT) devices are typically managed by the vendor. They allow little or no user-driven customization. Users need to use and trust IoT devices as they are, including the ecosystems involved in the processing and sharing of personal data. Ensuring that an IoT device does not leak private data is imperative. This thesis analyzes security practices in popular IoT ecosystems across several price segments. Our results show a gap between real-world implementations and state-of-the-art security measures. The process of responsible disclosure with the vendors revealed further practical challenges. Do they want to support backward compatibility with the same app and infrastructure over multiple IoT device generations? To which extent can they trust their supply chains in rolling out keys? Mature vendors have a budget for security and are aware of its demands. Despite this goodwill, developers sometimes fail at securing the concrete implementations in those complex ecosystems. Our analysis of real-world products reveals the actual efforts made by vendors to secure their products. Our responsible disclosure processes and publications of design recommendations not only increase security in existing products but also help connected ecosystem manufacturers to develop secure products. Moreover, we enable users to take control of their connected devices with firmware binary patching. If a vendor decides to no longer offer cloud services, bootstrapping a vendor-independent ecosystem is the only way to revive bricked devices. Binary patching is not only useful in the IoT context but also opens up these devices as research platforms. We are the first to publish tools for Bluetooth firmware and lower-layer analysis and uncover a security issue in Broadcom chips affecting hundreds of millions of devices manufactured by Apple, Samsung, Google, and more. Although we informed Broadcom and customers of their technologies of the weaknesses identified, some of these devices no longer receive official updates. For these, our binary patching framework is capable of building vendor-independent patches and retrofit security. Connected device vendors depend on standards; they rarely implement lower-layer communication schemes from scratch. Standards enable communication between devices of different vendors, which is crucial in many IoT setups. Secure standards help making products secure by design and, thus, need to be analyzed as early as possible. One possibility to integrate security into a lower-layer standard is Physical-Layer Security (PLS). PLS establishes security on the Physical Layer (PHY) of wireless transmissions. With new wireless technologies emerging, physical properties change. We analyze how suitable PLS techniques are in the domain of mmWave and Visible Light Communication (VLC). Despite VLC being commonly believed to be very secure due to its limited range, we show that using VLC instead for PLS is less secure than using it with Radio Frequency (RF) communication. The work in this thesis is applied to mature products as well as upcoming standards. We consider security for the whole product life cycle to make connected devices and IoT ecosystems more secure in the long term.

Internet of things (IoT) is a ubiquitous network which supports and offers a system that observes and manages the physical world through the aggregation, filtering, and investigation of generated data using IoT devices. Aggregation of data and routing of nodes in IoT devices are always challenging tasks. A well-organized data aggregation and routing of nodes is necessary factor for successful placement and use of IoT devices. IoT devices usually share large amount of data that can be converted into information. The information is aggregated to enhance the overall efficiency of the IoT network. Data aggregation is the process in which information is collected and expressed for the purpose of statistical analysis. Routing in the IoT network plays a vital role. IoT devices act as routers for sending information to the gateways. The routing of data affects the power consumption of progressing IoT devices. For these reasons, aggregation of data and routing of nodes are important for IoT devices. This paper conveys and evaluates comparison on current data aggregation and routing techniques of IoT devices. Ad hoc On-demand Distance Vector (AODV) routing protocol is simulated for ten different mobility conditions, and its performance is observed in respect of throughput, delay, and packet delivery ratio.

In concert with advances of wireless technologies in facilitating internet connectivity of Internet of Things (IoT) devices, mobile edge computing can provision and distribute computing resources at the cloudlets to efficiently process a high volume of IoT data. Among the IoT applications, multi-party data sharing among IoT devices, wireless access nodes and cloudlets is becoming increasingly critical, not only because the data collected by each single IoT device will often stay unmined, but also because of the security concern. As IoT applications' dependence on the cloud environment grows, the rich resources at cloudlets often become the attack targets, and the IoT data that are stored or processed using the cloud resources will be jeopardized. For the internet of important things, we have investigated how to efficiently and securely share the data among multi-party. In particular, for a group of cooperative IoT devices, by leveraging the cloud resources available at the wireless access points, a secure cache site with fast data uploading rate is chosen for each user. To minimize the overall data downloading time, the multi-party multi-path data delivery scheme is also designed such that each user can efficiently retrieve the data belonging to other parties.

Smart home consists of various Internet of things (IoT) devices. These IoT devices are designed to help and simplify people’s lives. The technical progress of the IoT field is aimed at simplifying human life, thereby creating new cyber threats. Different scientific papers are mentioned that number of IoT devices is growing constantly by 15% per year. As a result, around 1.6 billion IoT devices will be used globally over the internet. It means that IoT devices will be accessed over internet by consumers. Nowadays, Internet is accessible easily by everyone, so they can afford freely the ecosystem of IoT devices at home. Within this development of IoT ecosystem, consumers can face serious problems of transmission and storage of information by IoT devices. These problems might be data theft from IoT devices, using such IoT devices for Denial of Service (DoS) attacks, user tracking and so on. Local cyber threats provide an opportunity for an attacker to gain access to a home network and take advantages of it. Global cyber threats are dangerous because IoT devices can be controlled remotely from anywhere in the world without the knowledge of the user. One of the risks is that the user’s home network of IoT devices could be controlled by botnets to carry out cyber-attacks. The article describes and analyzes current threats to IoT smart home devices and provides examples of data collected and processed by smart devices. Collecting information about users through IoT devices is a novelty of this work.

Internet of Things (IoT) technology provides the basic infrastructure for a hyper connected society where all things are connected and exchange information through the Internet. IoT technology is fused with 5G and artificial intelligence (AI) technologies for use various fields such as the smart city and smart factory. As the demand for IoT technology increases, security threats against IoT infrastructure, applications, and devices have also increased. A variety of studies have been conducted on the detection of IoT malware to avoid the threats posed by malicious code. While existing models may accurately detect malicious IoT code identified through static analysis, detecting the new and variant IoT malware quickly being generated may become challenging. Due to the complexity of design and implementation in both hardware and software, as well as the lack of security functions and abilities, IoT devices are becoming an attractive target for cyber criminals who take advantage of weak authentication, outdated firmware’s , and malwares to compromise IoT devices .This project provides the light on the system named as malware classification and detection of IOT devices, used to detect the cyber-attacks caused by malware on IOT devices by using machine learning techniques. The malware classification and detection system detect and identifies the various types of malwares using static analysis with the help of machine learning algorithm. An easy-to-use user interface for easy uploading of files and checking for virus is designed. Also, acceptance testing is performed on the application to remove vulnerabilities.

Greenhouse gas emissions and production cost footprints in Australian gold mines

There is a large variety of Internet of things (IoT) devices and their peripherals available in consumer markets, and IoT deployers should work on customizing device drivers that are compatible with their peripherals. Implementing compatible device drivers, however, often requires a burden of work. This paper proposes a generic platform that enables plug-and-play (PnP) integration for sensors and actuators to allow the addition and removal of IoT device peripherals without re-customizing all the device drivers. To this end, we employ IoT ontologies and semantics to represent IoT device characteristics and to infer IoT device behaviors. IoT device behavior is then passed to the generic device driver to cover device-specific operation. Since the generic device driver selectively operates most of the available function calls required in IoT devices, most of the programming work that is normally required for device customization is removed, and management overhead for software installation and maintenance can be minimized. To this end, we employ IoT ontologies and semantics as well as generic programming techniques in the generic platform in order to configure and control IoT devices. In the proposed platform, IoT device characteristics, including I/O functions and configuration rules, are defined using custom-built IoT ontologies, and operational behaviors are inferred through SPARQL queries. The generic platform then passes function-call name and configuration rules corresponding to the newly added peripheral device’s specification. The experimental results show that our generic platform covers most of the popular sensors available in the market. Our solution therefore enables a true PnP experience of sensors and actuator peripherals in IoT devices.

The continuous rapid growth of Internet of Things (IoT) devices has presented a new model in fourth generation and beyond cellular networks. This continuous growth and the increasing demand in the provision of high transmission rate, delay sensitive and spectrum efficient cellular networks have made the development of fifth generation (5G) networks a reality. The design of the end-to-end 5G networks anticipated the need for terrestrial radio access networks to be complemented by its satellite counterpart in order to ensure that 5G services are provided seamlessly. These 5G services include IoT communications. This has necessitated the need for 5G satellite radio access networks to provide access to IoT devices that are located in remote and rural areas. This type of IoT devices are termed Internet of Remote Things (IoRT) devices. While this remain an appealing solution, many radio resource management issues including packet scheduling for IoRT communications in 5G satellite networks remains undefined. Hence, this paper aims to propose a new dynamic packet scheduling algorithm that will be appropriate for mixed traffic type IoRT communications in 5G satellite networks. The performance evaluation of the proposed packet scheduler is conducted through simulations, using delay, spectral efficiency, throughput and fairness index as the performance indices.