scholarly journals Firmware Over-the-air Programming Techniques for IoT Networks - A Survey

2022 ◽  
Vol 54 (9) ◽  
pp. 1-36
Author(s):  
Konstantinos Arakadakis ◽  
Pavlos Charalampidis ◽  
Antonis Makrogiannakis ◽  
Alexandros Fragkiadakis

The devices forming Internet of Things (IoT) networks need to be re-programmed over the air, so that new features are added, software bugs or security vulnerabilities are resolved, and their applications can be re-purposed. The limitations of IoT devices, such as installation in locations with limited physical access, resource-constrained nature, large scale, and high heterogeneity, should be taken into consideration for designing an efficient and reliable pipeline for over-the-air programming (OTAP). In this work, we present a survey of OTAP techniques, which can be applied to IoT networks. We highlight the main challenges and limitations of OTAP for IoT devices and analyze the essential steps of the firmware update process, along with different approaches and techniques that implement them. In addition, we discuss schemes that focus on securing the OTAP process. Finally, we present a collection of state-of-the-art open-source and commercial platforms that integrate secure and reliable OTAP.

2021 ◽  
Vol 2021 (1) ◽  
pp. 209-228
Author(s):  
Yuantian Miao ◽  
Minhui Xue ◽  
Chao Chen ◽  
Lei Pan ◽  
Jun Zhang ◽  
...  

AbstractWith the rapid development of deep learning techniques, the popularity of voice services implemented on various Internet of Things (IoT) devices is ever increasing. In this paper, we examine user-level membership inference in the problem space of voice services, by designing an audio auditor to verify whether a specific user had unwillingly contributed audio used to train an automatic speech recognition (ASR) model under strict black-box access. With user representation of the input audio data and their corresponding translated text, our trained auditor is effective in user-level audit. We also observe that the auditor trained on specific data can be generalized well regardless of the ASR model architecture. We validate the auditor on ASR models trained with LSTM, RNNs, and GRU algorithms on two state-of-the-art pipelines, the hybrid ASR system and the end-to-end ASR system. Finally, we conduct a real-world trial of our auditor on iPhone Siri, achieving an overall accuracy exceeding 80%. We hope the methodology developed in this paper and findings can inform privacy advocates to overhaul IoT privacy.


2019 ◽  
Vol 11 (4) ◽  
pp. 100 ◽  
Author(s):  
Maurizio Capra ◽  
Riccardo Peloso ◽  
Guido Masera ◽  
Massimo Ruo Roch ◽  
Maurizio Martina

In today’s world, ruled by a great amount of data and mobile devices, cloud-based systems are spreading all over. Such phenomenon increases the number of connected devices, broadcast bandwidth, and information exchange. These fine-grained interconnected systems, which enable the Internet connectivity for an extremely large number of facilities (far beyond the current number of devices) go by the name of Internet of Things (IoT). In this scenario, mobile devices have an operating time which is proportional to the battery capacity, the number of operations performed per cycle and the amount of exchanged data. Since the transmission of data to a central cloud represents a very energy-hungry operation, new computational paradigms have been implemented. The computation is not completely performed in the cloud, distributing the power load among the nodes of the system, and data are compressed to reduce the transmitted power requirements. In the edge-computing paradigm, part of the computational power is moved toward data collection sources, and, only after a first elaboration, collected data are sent to the central cloud server. Indeed, the “edge” term refers to the extremities of systems represented by IoT devices. This survey paper presents the hardware architectures of typical IoT devices and sums up many of the low power techniques which make them appealing for a large scale of applications. An overview of the newest research topics is discussed, besides a final example of a complete functioning system, embedding all the introduced features.


2019 ◽  
Author(s):  
Renato Mota ◽  
André Riker ◽  
Denis Rosário

Internet-of-Things (IoT) environments will have a large number of nodes organized into groups to collect and to disseminate data. In this sense, one of the main challenges in IoT environments is to dynamically manage communication characteristics of IoT devices to decrease congestion, traffic collisions, and excessive data collection, as well as to balance the use of energy resources. In this paper, we introduce an energy-efficient and reliable Self Adjusting group communication of dense IoT Network, called SADIN. It configures the communication settings to ensure a dynamic control of IoT devices considering a comprehensive set of aspects, i.e., traffic loss, event relevance, amount of nodes with renewable batteries, and the number of observers. Specifically, SADIN changes the communication interval, the number of data producers, the reliability level of the network. Extensive evaluation results show that SADIN improves system performance in terms of message loss, energy consumption, and reliability compared to state-of-the-art protocol.


Internet of Things (IoT), data analytics is supporting multiple applications. These numerous applications try to gather data from different environments, here the gathered data may be homogeneous or heterogeneous, but most of the data collected from multiple environments were heterogeneous, the task of gathering, processing, storing and the analysis that is being performed on data are still challenging. Providing security to all these things is also a challenging task due to untrusted networks and big data. Big data management in the ever-expanding network may rise several non-trivial concerns on data collection, data-efficient processing, analytics, and security. However, the above said scenarios depends on large scale sensor deployed. Sensors continuously transmit data to clouds for real time use, which can raise the issue of privacy disclosure because IoT devices may gather data including a kind of sensitive private information. In this context, we propose a two-layer system or model for analyzing IoT data, collected from multiple applications. The first layer is mainly used for gathering data from multiple environments and acts as a service-oriented interface to ingest data. The second layer is responsible for storing and analyses data securely. The Proposed solutions are implemented by the use of open source components.


Sensors ◽  
2019 ◽  
Vol 19 (14) ◽  
pp. 3208 ◽  
Author(s):  
Armin Babaei ◽  
Gregor Schiele

Attacks on Internet of Things (IoT) devices are on the rise. Physical Unclonable Functions (PUFs) are proposed as a robust and lightweight solution to secure IoT devices. The main advantage of a PUF compared to the current classical cryptographic solutions is its compatibility with IoT devices with limited computational resources. In this paper, we investigate the maturity of this technology and the challenges toward PUF utilization in IoT that still need to be addressed.


Sensors ◽  
2019 ◽  
Vol 19 (14) ◽  
pp. 3188 ◽  
Author(s):  
Vitor Hugo Bezerra ◽  
Victor Guilherme Turrisi da Costa ◽  
Sylvio Barbon Junior ◽  
Rodrigo Sanches Miani ◽  
Bruno Bogaz Zarpelão

Internet of Things (IoT) devices have become increasingly widespread. Despite their potential of improving multiple application domains, these devices have poor security, which can be explored by attackers to build large-scale botnets. In this work, we propose a host-based approach to detect botnets in IoT devices, named IoTDS (Internet of Things Detection System). It relies on one-class classifiers, which model only the legitimate device behaviour for further detection of deviations, avoiding the manual labelling process. The proposed solution is underpinned by a novel agent-manager architecture based on HTTPS, which prevents the IoT device from being overloaded by the training activities. To analyse the device’s behaviour, the approach extracts features from the device’s CPU utilisation and temperature, memory consumption, and number of running tasks, meaning that it does not make use of network traffic data. To test our approach, we used an experimental IoT setup containing a device compromised by bot malware. Multiple scenarios were made, including three different IoT device profiles and seven botnets. Four one-class algorithms (Elliptic Envelope, Isolation Forest, Local Outlier Factor, and One-class Support Vector Machine) were evaluated. The results show the proposed system has a good predictive performance for different botnets, achieving a mean F1-score of 94% for the best performing algorithm, the Local Outlier Factor. The system also presented a low impact on the device’s energy consumption, and CPU and memory utilisation.


Author(s):  
Parikshit N. Mahalle ◽  
Bayu Anggorojati ◽  
Neeli R. Prasad ◽  
Ramjee Prasad

In the last few years the Internet of Things (IoT) has seen widespreadapplication and can be found in each field. Authentication and accesscontrol are important and critical functionalities in the context of IoTto enable secure communication between devices. Mobility, dynamicnetwork topology and weak physical security of low power devices in IoTnetworks are possible sources for security vulnerabilities. It ispromising to make an authentication and access control attack resistant andlightweight in a resource constrained and distributed IoT environment.This paper presents the Identity Authentication and Capability basedAccess Control (IACAC) model with protocol evaluation and performanceanalysis. To protect IoT from man-in-the-middle, replay and denial ofservice (Dos) attacks, the concept of capability for access control isintroduced. The novelty of this model is that, it presents an integratedapproach of authentication and access control for IoT devices. Theresults of other related study have also been analyzed to validate andsupport our findings. Finally, the proposed protocol is evaluated byusing security protocol verification tool and verification results showsthat IACAC is secure against aforementioned attacks. This paper alsodiscusses performance analysis of the protocol in terms of computationaltime compared to other existing solutions. Furthermore, this paper addresseschallenges in IoT and security attacks are modelled with the use casesto give an actual view of IoT networks.


2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Shudong Li ◽  
Qianqing Zhang ◽  
Xiaobo Wu ◽  
Weihong Han ◽  
Zhihong Tian

In recent years, the popularity of IoT (Internet of Things) applications and services has brought great convenience to people's lives, but ubiquitous IoT has also brought many security problems. Among them, advanced persistent threat (APT) is one of the most representative attacks, and its continuous outbreak has brought unprecedented security challenges for the large-scale deployment of the IoT. However, important research on analyzing the attribution of APT malware samples is still relatively few. Therefore, we propose a classification method for attribution organizations with APT malware in IoT using machine learning. It aims to mark the real attacking organization entities to better identify APT attack activity and protect the security of IoT. This method performs feature representation and feature selection based on APT behavior data obtained from devices in the Internet of Things and selects the features with a high degree of differentiation among organizations. Then, it trains a multiclass model named SMOTE-RF that can better deal with imbalance and multiclassification problems. Our experiments on real dynamic behavior data are combined to verify the effectiveness of the method proposed in this paper for attribution analysis of APT malware samples and achieve good performance. Our method could identify the organization behind complex APT attacks in IoT devices and services.


2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Xu Yuan ◽  
Fang Luo ◽  
Muhammad Zeeshan Haider ◽  
Zhikui Chen ◽  
Yucheng Li

Blockchain technology has advanced rapidly in recent years and is now widely used in a variety of fields. Blockchain appears to be one of the best solutions for managing massive heterogeneous devices while achieving advanced data security and data reputation, particularly in the field of large-scale IoT (Internet of Things) networks. Despite the numerous advantages, there are still challenges while deploying IoT applications on blockchain systems due to the limited storage, power, and computing capability of IoT devices, and some of these problems are caused by the consensus algorithm, which plays a significant role in blockchain systems by ensuring overall system reliability and robustness. Nonetheless, most existing consensus algorithms are prone to poor node reliability, low transaction per second (TPS) rates, and scalability issues. Aiming at some critical problems in the existing consensus algorithms, this paper proposes the Efficient Byzantine Reputation-based Consensus (EBRC) mechanism to resolve the issues raised above. In comparison to traditional algorithms, we reinvented ways to evaluate node reliability and robustness and manage active nodes. Our experiments show that the EBRC algorithm has lower consensus delay, higher throughput, improved security, and lower verification costs. It offers new reference ideas for solving the Internet of Things+blockchain+Internet court construction problem.


Author(s):  
Mingyi Huang ◽  
Chengyu  Song

With the rapid advancement of hardware and internet technologies, we are surrounded by more and more Internet of Things (IoT) devices. Despite the convenience and boosted productivity that these devices have brought to our lives and industries, new security implications have arisen. IoT devices bring many new attack vectors, causing an increment of cyber-attacks that target these systems in the recent years. However, security vulnerabilities on numerous devices are often not fixed. This may due to providers not being informed in time, they have stopped maintaining these models, or they simply no longer exist. Even if an official fix for a security issue is finally released, it usually takes a long time. This gives hackers time to exploit vulnerabilities extensively, which in many cases requires customers to disconnect vulnerable devices, leading to outages. As the software is usually closed source, it is also unlikely that the community will review and modify the source code themselves and provide updates. In this study, we present ARMPatch, a flexible static binary patching framework for ARM-based IoT devices, with a focus on security fixes. After identified the unique challenges of performing binary patching on ARM platforms, we have provided novel features by replacing, modifying, and adding code to already compiled programs. Then, the viability and usefulness of our solution has been verified through demos and final programs on real devices. Finally, we have discussed the current limitations of our approach and future challenges.


Sign in / Sign up

Export Citation Format

Share Document