Security Of Internet Of Things Devices Research Articles

A Review on Security and Privacy Issues in IoT Devices

In our everyday lives, the IoT is everywhere. They are used for the monitoring and documentation of environmental improvements, fire safety and even other useful roles in our homes, hospitals and the outdoors. IoT-enabled devices that are linked to the internet transmit and receive a large amount of essential data over the network. This provides an opportunity for attackers to infiltrate IoT networks and obtain sensitive data. However, the risk of a loss of privacy and security could outweigh any of these benefits. Many tests have been carried out in order to solve these concerns and find a safer way to minimize or remove the effect of IoT technologies on privacy and security practices in order to protect them. The issue with IoT devices is that they have small output modules, making it impossible to adapt current protection methods to them. This constraint necessitates the presentation of lightweight algorithms that enable IoT devices. In this article, investigated the context and identify different safety, protection, and approaches for securing components of IoT-based ecosystems and systems, as well as evolving security solutions. In addition, several proposed algorithms and authentication methods in IoT were discussed in order to avoid various types of attacks while keeping the limitations of the IoT framework in mind. Also discuss some hardware security in IoT devices.

Blockchain-Based Security Model for LoRaWAN Firmware Updates

The Internet of Things (IoT) is changing the way consumers, businesses, and governments interact with the physical and cyber worlds. More often than not, IoT devices are designed for specific functional requirements or use cases without paying too much attention to security. Consequently, attackers usually compromise IoT devices with lax security to retrieve sensitive information such as encryption keys, user passwords, and sensitive URLs. Moreover, expanding IoT use cases and the exponential growth in connected smart devices significantly widen the attack surface. Despite efforts to deal with security problems, the security of IoT devices and the privacy of the data they collect and process are still areas of concern in research. Whenever vulnerabilities are discovered, device manufacturers are expected to release patches or new firmware to fix the vulnerabilities. There is a need to prioritize firmware attacks, because they enable the most high-impact threats that go beyond what is possible with traditional attacks. In IoT, delivering and deploying new firmware securely to affected devices remains a challenge. This study aims to develop a security model that employs Blockchain and the InterPlanentary File System (IPFS) to secure firmware transmission over a low data rate, constrained Long-Range Wide Area Network (LoRaWAN). The proposed security model ensures integrity, confidentiality, availability, and authentication and focuses on resource-constrained low-powered devices. To demonstrate the utility and applicability of the proposed model, a proof of concept was implemented and evaluated using low-powered devices. The experimental results show that the proposed model is feasible for constrained and low-powered LoRaWAN devices.

Ensemble learning-based IDS for sensors telemetry data in IoT networks.

The Internet of Things (IoT) is a paradigm that connects a range of physical smart devices to provide ubiquitous services to individuals and automate their daily tasks. IoT devices collect data from the surrounding environment and communicate with other devices using different communication protocols such as CoAP, MQTT, DDS, etc. Study shows that these protocols are vulnerable to attack and prove a significant threat to IoT telemetry data. Within a network, IoT devices are interdependent, and the behaviour of one device depends on the data coming from another device. An intruder exploits vulnerabilities of a device's interdependent feature and can alter the telemetry data to indirectly control the behaviour of other dependent devices in a network. Therefore, securing IoT devices have become a significant concern in IoT networks. The research community often proposes intrusion Detection Systems (IDS) using different techniques. One of the most adopted techniques is machine learning (ML) based intrusion detection. This study suggests a stacking-based ensemble model makes IoT devices more intelligent for detecting unusual behaviour in IoT networks. The TON-IoT (2020) dataset is used to assess the effectiveness of the proposed model. The proposed model achieves significant improvements in accuracy and other evaluation measures in binary and multi-class classification scenarios for most of the sensors compared to traditional ML algorithms and other ensemble techniques.

Securing the Internet of Things (IoT) with Blockchain: A Proof-of-Concept Implementation and Analysis

The Internet of Things (IoT) has revolutionized the way we interact with everyday objects, enabling devices to collect and share data seamlessly. However, this increased connectivity has also increased the security risks associated with these devices, as they often lack the necessary security mechanisms to prevent malicious attacks. To address this issue, we propose using blockchain technology to secure IoT devices. In this paper, we present a proof-of-concept implementation of a blockchain-based IoT security system and analyze its effectiveness. Our system leverages blockchain's distributed ledger technology to ensure data integrity, decentralization, and transparency, making it more resilient to attacks. We evaluate our system's performance and compare it with other existing IoT security solutions. Our results show that our blockchain-based approach outperforms traditional security measures and is a viable solution for securing IoT devices. Finally, we discuss the limitations of our study and suggest future research directions for improving the security of IoT devices.

An Efficient and Reliable Chaos-Based IoT Security Core for UDP/IP Wireless Communication

The ultimate focus of this paper is to provide a hyperchaos-based reconfigurable platform for the real-time securing of communicating embedded systems interconnected in networks according to the Internet of Things (IoT) standards. The proposed platform’s Register Transfer Level (RTL) architecture is entirely developed and designed from scratch using the VHSIC Hardware Description Language (VHDL). The original idea consists of exploiting the nonlinearity of a discretized and optimized 4D Lorenz hyperchaotic system as an encryption keystream generator in a symmetric cryptosystem to secure wireless communicating embedded systems and adapted to the UDP/IP protocol. It was necessary to go through three essential steps to achieve this goal. First, a lightweight and energy-efficient hyperchaos-based encryption IP core is designed, implemented on an FPGA circuit and dedicated to IoT device security, denoted Hyperchaotic-based IoT Device Security Core (HC-IoT-DSC). The designed encryption IP core combines three subsystems: a multiple key size hyperchaotic key generator (HC-KG), a hyperchaotic synchronization by dynamic feedback modulation technique (HCS-DFM), and an online FIPS 140-2-based built-in self-security test (BISST) module. Second, a secure UDP/IP stack is totally implemented using the VHDL language. Third, the proposed architecture was integrated into real-world and real-time secure wireless communication at a distance of 2 km between two delocalized network nodes employing the Xilinx ML605 FPGA platform and the ZigBee E800-DTU module. A panoply of online/offline investigations and experiments were carried out intensely, deeply, and thoroughly to analyze, evaluate and validate the robustness and security aspects of the proposed scheme regarding all the aspects related to embedded system security. Notably, the evaluations were conducted in two phases for all the platform components before and after integrating the proposed security core in real-time wireless communication. The investigations and implementation findings validate that the proposed architecture can attain good performances, and confirm the feasibility of the adopted approach for IoT applications. Furthermore, the timing and power efficiency results present an excellent trade-off between design performance and high-security achievement.

Nesnelerin İnterneti Cihazlarına Karşı Yapılan Makine Öğrenmesi Saldırıları

As the number of Internet of Things (IoT) devices increases day by day, attacks against these devices are also increasing. In this study, methods of ensuring security in IoT devices and attacks on IoT devices are discussed, and the importance of zero-trust architecture in ensuring IoT security is explained. In addition, the defense rates of padding methods against machine learning used by the attacker are shown and the defense methods used with machine learning techniques are explained. For this purpose, machine learning methods that are effective on attacks, attacks and violations that are achieved by machine learning techniques are specified. In addition, the effectiveness of machine learning techniques in classifying IoT devices in encrypted traffic is examined. The effectiveness of Random Forest and Decision Tree classification algorithms in classifying IoT devices are evaluated. Finally, experiments are carried out for commonly used attack and defense methods. For this purpose, the accuracy rates of the padded and unpadded experiments are compared by analyzing the IoT device traffic. When classifying unpadded data, 84% accuracy rate of IoT devices is achieved, while this accuracy rate has been reduced to 19% with the random padding method that aims to reduce the attacker's rate of accessing correct information.

Light-Weight Present Block Cipher Model for IoT Security on FPGA

The Internet of Things (IoT) plays an essential role in connecting a small number of billion devices with people for diverse applications. The security and privacy with authentication are challenging work for IoT devices. A light-weight block cipher is designed and modeled with IoT security for real-time scenarios to overcome the above challenges. The light-weight PRESENT module with the integration of encryption (E)-decryption (D) is modeled and implemented on FPGA. The PRESENT module has 64-bit data input with 80/128/256-bit symmetric keys for IoT security. The PRESENT module performs16/32/64 round operations for state register and key updation. The design mainly uses Substitution-permutation (SP) network for state updation. The permutation layer is used to create more diffusion and confusion in the state for unauthorized access. The results and analysis of the PRESENT-80/128/256 are designed using Verilog-HDL with Xilinx Environment and implemented on Artix-7 FPGA. The PRESENT-80/128/256 module is compared with similar recent works with performance improvements. Similarly, the proposed work is compared with different light-weight algorithms with improvements for better security in IoT devices. The proposed PRESENT-256 module with 64-rounds on Artix-7 FPGA utilizes less than 2% Chip area (Slices and LUTs), works at 412.4 MHz frequency, and consumes 192 mW total power and 0.58 Mbps/slice of hardware efficiency.

Effective Classification of Synovial Sarcoma Cancer Using Structure Features and Support Vectors

In this research work, we proposed a medical image analysis framework with two separate releases whether or not Synovial Sarcoma (SS) is the cell structure for cancer. Within this framework the histopathology images are decomposed into a third-level sub-band using a two-dimensional Discrete Wavelet Transform. Subsequently, the structure features (SFs) such as Principal Components Analysis (PCA), Independent Components Analysis (ICA) and Linear Discriminant Analysis (LDA) were extracted from this sub-band image representation with the distribution of wavelet coefficients. These SFs are used as inputs of the Support Vector Machine (SVM) classifier. Also, classification of PCA + SVM, ICA + SVM, and LDA + SVM with Radial Basis Function (RBF) kernel the efficiency of the process is differentiated and compared with the best classification results. Furthermore, data collected on the internet from various histopathological centres via the Internet of Things (IoT) are stored and shared on blockchain technology across a wide range of image distribution across secure data IoT devices. Due to this, the minimum and maximum values of the kernel parameter are adjusted and updated periodically for the purpose of industrial application in device calibration. Consequently, these resolutions are presented with an excellent example of a technique for training and testing the cancer cell structure prognosis methods in spindle shaped cell (SSC) histopathological imaging databases. The performance characteristics of cross-validation are evaluated with the help of the receiver operating characteristics (ROC) curve, and significant differences in classification performance between the techniques are analyzed. The combination of LDA + SVM technique has been proven to be essential for intelligent SS cancer detection in the future, and it offers excellent classification accuracy, sensitivity, specificity.

Consistent Round Hash optimized SRP-6a-based end-to-end mutual authentication for secure data transfer in industry 4.0

When the Internet of Things (IoT) is used in a typical manufacturing system, the industrial plant can be controlled remotely through the Internet. This enables manufacturing and execution systems to obtain real-time work orders directly from the Enterprise Resource Planning (ERP) system. Therefore, workflows for development, production, and manufacturing can be integrated with sales, market, and finance business processes. The possibility of implementing this integration, however, is dependent on the trust, security, and authentication of IoT devices. Many IoT devices face significant security risks such as device hijacking and data leaks due to limited resources and inadequate self-protection capabilities. Despite the fact that several studies have been conducted using the physical unclonable function to protect communication between IoT devices from the aforementioned security threats, current solutions rely on the participation of the server to distribute the key parameters, which requires high message overhead and has a significant impact on efficiency. To fill this gap, this article proposes a Consistent Round Hash optimized SRP-6a-based end-to-end mutual authentication for secure data transfer technique with single-share trusted device collaboration can detect an unauthenticated device. In addition, our proposed technique ensures the overall system's integrity and stability during a scaling-out phenomenon, which is becoming increasingly common in complex industrial environments. Furthermore, we present a formal and informal security analysis of the proposed protocol. According to the results of the performance analysis, our proposed technique has the lowest communication overhead, computational cost, and round-trip time when compared to other state-of-the-art schemes.

Survey on Blockchain-Based IoT Payment and Marketplaces

The ever-growing smart applications will expand the Internet of Things (IoT) ecosystem to connect over 75 billion devices by 2025. IoT ecosystems comprise sensors that act as data suppliers and applications where monetary transactions are required to compensate the data producers. This signifies the importance of IoT payments and marketplaces to facilitate micro-transactions of billions of connected devices in the IoT ecosystem, which is heterogeneous, decentralized, and diverse. However, realizing such an ecosystem raises multiple challenges such as overcoming poor inter-operability, resource constraints, and security and privacy vulnerabilities of IoT devices and platforms. Blockchain is a Distributed Ledger Technology (DLT) that can be identified as a potential solution to overcome the challenges in realizing IoT payments and marketplaces. This is due to the characteristics of blockchain such as decentralization, traceability, immutability, and non-repudiation. This paper presents a comprehensive survey on blockchain-based IoT payments and marketplaces. This paper provides a brief introduction to the concepts of IoT payments and IoT marketplaces. Then the technical challenges involved in realizing IoT payment and marketplaces are discussed by highlighting the blockchain-based solutions. Furthermore, blockchain-based smart applications which use IoT marketplace and IoT payment concepts are presented marking the role of blockchain in each of the application. Subsequently, the paper discussed the integration challenges while also highlighting possible solutions. It is envisaged that this paper would shed light on the development of blockchain-based solutions to realize IoT payments and marketplaces.

Hardware-Assisted Machine Learning in Resource-Constrained IoT Environments for Security: Review and Future Prospective

As the Internet of Things (IoT) technology advances, billions of multidisciplinary smart devices act in concert, rarely requiring human intervention, posing significant challenges in supporting trusted computing and user privacy, as well as protecting against attacks such as spoofing, denial of service (DoS), jamming, and eavesdropping. To tackle attacks on the IoT and cyber-physical ecosystem, many intrusion detection and security approaches have been presented in the literature. Machine learning (ML) based intrusion and anomaly detection has lately gained traction due to its capacity to cope with encrypted and rapidly developing threat techniques. This work investigates into machine learning (ML) and deep learning (DL) methodologies for IoT device security and examine the benefits, drawbacks, and potential. To protect an IoT infrastructure, various solutions look into hardware-based methods for ML-based IoT authentication, access control, secure offloading, and malware detection schemes. This review aims to illuminate the value of various approaches for addressing IoT security in a truly effective, flexible, and seamless manner, as well as to provide answers to questions about tradeoffs in integrating accelerators and customizing embedded device architectures for effective use of ML-based methods.

Single-Byte Error-Based Practical Differential Fault Attack on Bit-Sliced Lightweight Block Cipher PIPO

With the recent development of the Internet of Things (IoT), related device use is increasing rapidly. As a result, accessing and hijacking the devices is an increasing security threat. The challenges of side-channel security of IoT devices are having a way of coming to the surface due to this physical accessibility. Accordingly, there is active research on lightweight block ciphers to provide security even in resource-scarce environments situations such as IoT. The bit-sliced structure increases memory and time efficiency using an implementation method that replaces a lookup table with a bit-wise operation. Therefore, it is a widely-used design technique for lightweight block ciphers. In this paper, we show a differential fault attack study, a type of side-channel analysis, targeting bit-sliced block ciphers. In particular, it proposes a novel attack rationale on the recently proposed lightweight block cipher PIPO and shows that it applies sufficiently to other bit-sliced block ciphers. The proposed attack is based on a more alleviated attacker’s assumption than the previously proposed attack, and it shows that less than 32 fewer fault ciphertext may fully recover the 128-bit of the PIPO 64/128 secret key. It proves that the attack is practical by verifying the attack through the actual electromagnetic fault injection. It also discusses the applicability of various bit-sliced block ciphers and shows how redundancy-based countermeasures might improve fault-robustness. Therefore, when using the bit-sliced block ciphers on IoT devices, we recommend applying appropriate countermeasures against fault injection attacks.

Identification of the state of information security of IoT devices based on time series processing

The article describes the use of time series for the mathematical description of the state of security of devices in the IoT network. Time series data analysis methods are analyzed in order to obtain significant statistics and other data characteristics.

Data Augmented Hardware Trojan Detection Using Label Spreading Algorithm Based Transductive Learning for Edge Computing-Assisted IoT Devices

IoT devices handle a large amount of information including sensitive information pertaining to the deployed application. Such a scenario, makes IoT devices susceptible to various attacks. In addition to securing IoT devices, it is equally important to secure communication among devices and with the outside world. RS232 is a common communication protocol used in IoT and embedded devices. Hence ensuring, Trojan detection in RS232 plays a major role in providing secured communication among edge assisted IoT devices. The inclusion of malicious circuits known as hardware Trojans can occur at any stage of the IC design and manufacturing. Existing pre-silicon detection schemes with static features is limited by the number of features that are learned by the detection scheme. In contrast, machine learning allows enhanced Trojan space exploration. Existing machine learning-based Trojan detection consists primarily of supervised algorithms that rely on high-quality labeled datasets for efficient Trojan detection. Unsupervised methods, on the other hand, underperform due to limited training data and severe imbalance within the available data. To handle such a situation, a semi-supervised hardware Trojan detection has been proposed. In this work, permutation importance guided principal component analysis, correlation aware data augmentation, and hyper-parameter optimization using genetic algorithm aid in optimal dataset and model generation. Pseudo label generation using semi-supervised schemes is utilized to handle partially labeled datasets. For the Trust-HUB benchmarks, the proposed methodology achieves an average of 88.48% true positive rate and 95.77% true negative rate which, clearly indicates the effectiveness and feasibility of semi-supervised hardware Trojan detection.

Edge security for SIP-enabled IoT devices with P4

The exponential growth of IoT devices poses security concerns, in part because they provide a fertile breeding ground for botnets. For example, the Mirai botnet infected almost 65,000 devices in its first 20 h. With the prevalence of Session Initiation Protocol (SIP) phones and devices on the networks today, the attacker could easily target and recruit these IoT devices as bots. Conventional network security measures do not provide adequate attack prevention, detection, and mitigation for these widely distributed IoT devices. This paper presents microVNF, a Virtualized Network Function (VNF) that leverages the programmable data plane feature on the edge switch. Based on knowledge gained from the Mirai botnet incident and following the defense-in-depth principle, microVNF protects IoT devices against SIP DDoS attacks in two stages: before and after infection. Prior to infection, it protects against SIP scanning, enumeration, and dictionary attacks. After infection, microVNF blocks botnet registration attempts to the command-and-control (CNC) server, thereby preventing the botnet from receiving commands sent from the CNC server, and detects and mitigates botnet SIP DDoS attacks. We conducted six experiments that involved using popular attack tools against microVNF, and it successfully performed deep-packet inspection of unencrypted SIP packets so as to track anomalies from a typical SIP state-machine. In this use case, besides providing physical connectivity to the IoT devices, the edge switch containing microVNF also provides the first line of defense in stopping malicious packets from propagating upstream to the core network. In addition to securing SIP, the microVNF approach can be adapted to other text-based, application-layer protocols such as HTTP and SMTP. MicroVNF leverages the native capability of programmable data planes without depending on external devices, thereby making this approach practical for securing edge-computing environments against application-layer attacks.

A Comprehensive Study of Anomaly Detection Schemes in IoT Networks Using Machine Learning Algorithms

The Internet of Things (IoT) consists of a massive number of smart devices capable of data collection, storage, processing, and communication. The adoption of the IoT has brought about tremendous innovation opportunities in industries, homes, the environment, and businesses. However, the inherent vulnerabilities of the IoT have sparked concerns for wide adoption and applications. Unlike traditional information technology (I.T.) systems, the IoT environment is challenging to secure due to resource constraints, heterogeneity, and distributed nature of the smart devices. This makes it impossible to apply host-based prevention mechanisms such as anti-malware and anti-virus. These challenges and the nature of IoT applications call for a monitoring system such as anomaly detection both at device and network levels beyond the organisational boundary. This suggests an anomaly detection system is strongly positioned to secure IoT devices better than any other security mechanism. In this paper, we aim to provide an in-depth review of existing works in developing anomaly detection solutions using machine learning for protecting an IoT system. We also indicate that blockchain-based anomaly detection systems can collaboratively learn effective machine learning models to detect anomalies.

RPPUF: An Ultra-Lightweight Reconfigurable Pico-Physically Unclonable Function for Resource-Constrained IoT Devices

With the advancement of the Internet of Things (IoTs) technology, security issues have received an increasing amount of attention. Since IoT devices are typically resource-limited, conventional security solutions, such as classical cryptography, are no longer applicable. A physically unclonable function (PUF) is a hardware-based, low-cost alternative solution to provide security for IoT devices. It utilizes the inherent nature of hardware to generate a random and unpredictable fingerprint to uniquely identify an IoT device. However, despite existing PUFs having exhibited a good performance, they are not suitable for effective application on resource-constrained IoT devices due to the limited number of challenge-response pairs (CRPs) generated per unit area and the large hardware resources overhead. To solve these problems, this article presents an ultra-lightweight reconfigurable PUF solution, which is named RPPUF. Our method is built on pico-PUF (PPUF). By incorporating configurable logics, one single RPPUF can be instantiated into multiple samples through configurable information K. We implement and verify our design on the Xilinx Spartan-6 field programmable gate array (FPGA) microboards. The experimental results demonstrate that, compared to previous work, our method increases the uniqueness, reliability and uniformity by up to 4.13%, 16.98% and 10.5%, respectively, while dramatically reducing the hardware resource overhead by 98.16% when a 128-bit PUF response is generated. Moreover, the bit per cost (BPC) metric of our proposed RPPUF increased by up to 28.5 and 53.37 times than that of PPUF and the improved butterfly PUF, respectively. This confirms that the proposed RPPUF is ultra-lightweight with a good performance, making it more appropriate and efficient to apply in FPGA-based IoT devices with constrained resources.

E-CIS: Edge-based classifier identification scheme in green & sustainable IoT smart city

• E-CIS changes the traditional centralized architecture and realizes low time delay and efficient identification of IoT devices based on edge computing. • The types of IoT devices E-CIS can identify keeps growing. • All gateways of E-CIS have the continuous learning ability synchronously. Smart city has brought the unprecedented development and application of Internet of things (IoT) devices. Meanwhile, since both of the quantity and the type of IoT devices are growing rapidly, how to quickly identify the type of IoT devices is of paramount importance, especially in the fields of IoT Device Security, IoT Forensics, Cyber Defense, and Cyber Threats Intelligence Sharing, to make the IoT smart city green and sustainable. Traditional identification mode based on device or gateway often suffers from their limited computing and storage resources. Our work is motivated by the observation of the emergence of edge computing, in which computing and storage servers are placed in close proximity to IoT/mobile devices. In this paper, we propose an Edge-based Classifier Identification Scheme (E-CIS) for IoT Devices, where the neighboring edge servers provide powerful computing and storage capabilities. E-CIS changes the traditional centralized architecture and realizes low time delay and efficient identification of IoT devices based on edge computing. Experiments show that the average identification accuracy is as high as 99.2%. Besides, the optimization and security of the classification model can be maintained by the edge servers at the same time.

DDoS Attack Detection on Internet o Things using Unsupervised Algorithms

The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.

Centralized, Distributed, and Everything in between

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.