ARMPatch: A Binary Patching Framework for ARM-based IoT Devices

Journal of Web Engineering ◽

10.13052/jwe1540-9589.2066 ◽

2021 ◽

Author(s):

Mingyi Huang ◽

Chengyu Song

Keyword(s):

Internet Of Things ◽

Source Code ◽

Cyber Attacks ◽

Security Issue ◽

Security Vulnerabilities ◽

Internet Technologies ◽

Future Challenges ◽

Long Time ◽

Iot Devices ◽

Closed Source

With the rapid advancement of hardware and internet technologies, we are surrounded by more and more Internet of Things (IoT) devices. Despite the convenience and boosted productivity that these devices have brought to our lives and industries, new security implications have arisen. IoT devices bring many new attack vectors, causing an increment of cyber-attacks that target these systems in the recent years. However, security vulnerabilities on numerous devices are often not fixed. This may due to providers not being informed in time, they have stopped maintaining these models, or they simply no longer exist. Even if an official fix for a security issue is finally released, it usually takes a long time. This gives hackers time to exploit vulnerabilities extensively, which in many cases requires customers to disconnect vulnerable devices, leading to outages. As the software is usually closed source, it is also unlikely that the community will review and modify the source code themselves and provide updates. In this study, we present ARMPatch, a flexible static binary patching framework for ARM-based IoT devices, with a focus on security fixes. After identified the unique challenges of performing binary patching on ARM platforms, we have provided novel features by replacing, modifying, and adding code to already compiled programs. Then, the viability and usefulness of our solution has been verified through demos and final programs on real devices. Finally, we have discussed the current limitations of our approach and future challenges.

Download Full-text

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Sensors ◽

10.3390/s21051598 ◽

2021 ◽

Vol 21 (5) ◽

pp. 1598

Author(s):

Sigurd Frej Joel Jørgensen Ankergård ◽

Edlira Dushku ◽

Nicola Dragoni

Keyword(s):

Internet Of Things ◽

Smart Cities ◽

Cyber Attacks ◽

Resource Constrained ◽

Remote Attestation ◽

Comprehensive Overview ◽

Research Issues ◽

Advantages And Disadvantages ◽

Iot Devices ◽

Specialized Hardware

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

Download Full-text

Efficient and Secure Data Transmission Approach in Cloud-MANET-IoT Integrated Framework

10.31219/osf.io/zthf6 ◽

2020 ◽

Author(s):

Tanweer Alam

Keyword(s):

Internet Of Things ◽

Data Transmission ◽

Ad Hoc ◽

Mobile Ad Hoc Network ◽

The Internet ◽

Security Issue ◽

Integrated Framework ◽

Secure Data Transmission ◽

Iot Devices ◽

The Internet Of Things

The Internet of Things (IoT) devices have the capabilities to interact and communicate in 5G heterogeneous networks. They also have the capabilities to form a network with neighborhood devices without a centralized approach. This network is called the mobile ad hoc network (MANET). Through an infrastructure-less system of the Internet of Things environment, the MANET enables IoT nodes to interact with one another. Those IoT nodes could interactively connect, communicate as well as share knowledge between several nodes. The role of cloud throughout this structure is to store as well as interpret information through IoT nodes. The communication security has been introduced as one of the techniques to solve the data transmission security issue that could result in increased performance in cloud consumption and ubiquity. The purpose of this research is to establish a communication system among IoT nodes in an embedded Cloud and MANET structure. Aiming to create an efficient and secure approach for communication in Cloud-MANET-IoT integrated framework, this approach has been implemented and tested.

Download Full-text

Botnet and Internet of Things (IoTs)

Security, Privacy, and Forensics Issues in Big Data - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9742-1.ch013 ◽

2020 ◽

pp. 304-316

Author(s):

Kamal Alieyan ◽

Ammar Almomani ◽

Rosni Abdullah ◽

Badr Almutairi ◽

Mohammad Alauthman

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

The Internet ◽

Ddos Attacks ◽

Botnet Detection ◽

The Public ◽

Detection Techniques ◽

Channel Information ◽

Iot Devices ◽

The Internet Of Things

In today's internet world the internet of things (IoT) is becoming the most significant and developing technology. The primary goal behind the IoT is enabling more secure existence along with the improvement of risks at various life levels. With the arrival of IoT botnets, the perspective towards IoT products has transformed from enhanced living enabler into the internet of vulnerabilities for cybercriminals. Of all the several types of malware, botnet is considered as really a serious risk that often happens in cybercrimes and cyber-attacks. Botnet performs some predefined jobs and that too in some automated fashion. These attacks mostly occur in situations like phishing against any critical targets. Files sharing channel information are moved to DDoS attacks. IoT botnets have subjected two distinct problems, firstly, on the public internet. Most of the IoT devices are easily accessible. Secondly, in the architecture of most of the IoT units, security is usually a reconsideration. This particular chapter discusses IoT, botnet in IoT, and various botnet detection techniques available in IoT.

Download Full-text

Block-Chain-Based Security and Privacy in Smart City IoT

Handbook of Research on Implementation and Deployment of IoT Projects in Smart Cities - Advances in Civil and Industrial Engineering ◽

10.4018/978-1-5225-9199-3.ch009 ◽

2019 ◽

pp. 134-148

Author(s):

Thangaraj Muthuraman ◽

Punitha Ponmalar Pichiah ◽

Anuradha S.

Keyword(s):

Big Data ◽

Internet Of Things ◽

Data Communication ◽

Security And Privacy ◽

Distributed Transactions ◽

The Public ◽

Data Collection And Analysis ◽

Long Time ◽

Block Chain ◽

Iot Devices

The current technology has given arms, hands, and wings to the smart objects-internet of things, which create the centralized data collection and analysis nightmare. Even with the distributed big data-enabled computing, the relevant data filtering for the localized decisions take a long time. To make the IOT data communication smoother and make the devices talk to each other in a coherent way the device data transactions are made to communicate through the block chain, and the applications on the localized destination can take the decisions or complete transaction without the centralized hub communication. This chapter focuses on adding vendor-specific IOT devices to the public or private block chain and the emerging challenges and the possible solutions to make the devices talk to each other and have the decision enablement through the distributed transactions through the block chain technology.

Download Full-text

Botnet and Internet of Things (IoTs)

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch007 ◽

2021 ◽

pp. 138-150

Author(s):

Kamal Alieyan ◽

Ammar Almomani ◽

Rosni Abdullah ◽

Badr Almutairi ◽

Mohammad Alauthman

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

The Internet ◽

Ddos Attacks ◽

Botnet Detection ◽

The Public ◽

Detection Techniques ◽

Channel Information ◽

Iot Devices ◽

The Internet Of Things

Download Full-text

Decades of Internet of Things towards 21st Century: A Research-Based Introspective

10.21203/rs.3.rs-193005/v1 ◽

2021 ◽

Author(s):

NAGAJAYANTHI BOOBALAKRISHNAN

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

Embedded Internet ◽

Industrial Iot ◽

Voice User ◽

Block Chain ◽

Iot Devices ◽

Data Ecosystem ◽

The Internet Of Things ◽

Exchange Data

Abstract Internet connects people to people, people to machine, and machine to machine for a life of serendipity through a Cloud. Internet of Things networks objects or people and integrates them with software to collect and exchange data. The Internet of things (IoT) influences our lives based on how we ruminate, respond, and anticipate. IoT 2020 heralds from the fringes to the data ecosystem and panaches a comfort zone. IoT is overwhelmingly embraced by businessmen and consumers due to increased productivity and convenience. Internet of Things facilitates intelligent device control with cloud vendors like Amazon and Google using artificial intelligence for data analytics, and with digital assistants like Alexa and Siri providing a voice user interface. Smart IoT is all about duplex connecting, processing, and implementing. With 5G, lightning faster rate of streaming analytics is realistic. An amalgamation of technologies has led to this techno-industrial IoT revolution. Centralized IoT architecture is vulnerable to cyber-attacks. With Block Chain, it is possible to maintain transparency and security of the transaction's data. Standardization of IoT devices is achievable with limited vendors based on Platform, Connectivity, and Application. Robotic Process Automation (RPA) using bots has automated laborious tasks in 2019. Embedded Internet using Facial Recognition could reduce the pandemic crisis. Security concerns are addressed with micro-segmentation approaches. IoT, an incredible vision of the future makes systems adaptive with customized features, responsive with increased efficiency, and procurable with optimized cost. This paper delivers a comprehensive insight into the technical perspectives of IoT, focusing on interoperability, flexibility, scalability, mobility, security, transparency, standardization, and low energy.

Download Full-text

Survey of Machine Learning Algorithms to Detect Malware in Consumer Internet of Things Devices

International Journal of Artificial Intelligence Tools ◽

10.1142/s0218213021500202 ◽

2021 ◽

Vol 30 (04) ◽

pp. 2150020

Author(s):

Luke Holbrook ◽

Miltiadis Alamaniotis

Keyword(s):

Neural Network ◽

Machine Learning ◽

Internet Of Things ◽

Deep Neural Network ◽

Learning Algorithms ◽

Cyber Attacks ◽

Machine Learning Algorithms ◽

Coefficient Of Determination ◽

Support Vector ◽

Iot Devices

With the increase of cyber-attacks on millions of Internet of Things (IoT) devices, the poor network security measures on those devices are the main source of the problem. This article aims to study a number of these machine learning algorithms available for their effectiveness in detecting malware in consumer internet of things devices. In particular, the Support Vector Machines (SVM), Random Forest, and Deep Neural Network (DNN) algorithms are utilized for a benchmark with a set of test data and compared as tools in safeguarding the deployment for IoT security. Test results on a set of 4 IoT devices exhibited that all three tested algorithms presented here detect the network anomalies with high accuracy. However, the deep neural network provides the highest coefficient of determination R2, and hence, it is identified as the most precise among the tested algorithms concerning the security of IoT devices based on the data sets we have undertaken.

Download Full-text

A Review of Intrusion Detection Systems Using Machine and Deep Learning in Internet of Things: Challenges, Solutions and Future Directions

Electronics ◽

10.3390/electronics9071177 ◽

2020 ◽

Vol 9 (7) ◽

pp. 1177

Author(s):

Javed Asharf ◽

Nour Moustafa ◽

Hasnat Khurshid ◽

Essam Debie ◽

Waqas Haider ◽

...

Keyword(s):

Deep Learning ◽

Internet Of Things ◽

Intrusion Detection ◽

Cyber Attacks ◽

The Internet ◽

Cyber Attack ◽

Control Approach ◽

Detection Systems ◽

Desktop Computers ◽

Iot Devices

The Internet of Things (IoT) is poised to impact several aspects of our lives with its fast proliferation in many areas such as wearable devices, smart sensors and home appliances. IoT devices are characterized by their connectivity, pervasiveness and limited processing capability. The number of IoT devices in the world is increasing rapidly and it is expected that there will be 50 billion devices connected to the Internet by the end of the year 2020. This explosion of IoT devices, which can be easily increased compared to desktop computers, has led to a spike in IoT-based cyber-attack incidents. To alleviate this challenge, there is a requirement to develop new techniques for detecting attacks initiated from compromised IoT devices. Machine and deep learning techniques are in this context the most appropriate detective control approach against attacks generated from IoT devices. This study aims to present a comprehensive review of IoT systems-related technologies, protocols, architecture and threats emerging from compromised IoT devices along with providing an overview of intrusion detection models. This work also covers the analysis of various machine learning and deep learning-based techniques suitable to detect IoT systems related to cyber-attacks.

Download Full-text

Efficient and Secure Data Transmission Approach in Cloud-MANET-IoT Integrated Framework

10.36227/techrxiv.12657194.v1 ◽

2020 ◽

Author(s):

Tanweer Alam

Keyword(s):

Internet Of Things ◽

Data Transmission ◽

Ad Hoc ◽

Mobile Ad Hoc Network ◽

The Internet ◽

Security Issue ◽

Integrated Framework ◽

Secure Data Transmission ◽

Iot Devices ◽

The Internet Of Things

The Internet of Things (IoT) devices have capabilities to interact and communicate in 5G heterogeneous networks. The IoT devices also have capabilities to form a network with neighborhood devices without a centralized approach. This network is called the mobile ad hoc network (MANET). Through an infrastructure-less system of the Internet of Things environment, the MANET enables IoT nodes to interact with one another. Those IoT nodes could interactively connect, communicate as well as share knowledge between several nodes. The role of cloud throughout this structure would be to store as well as interpret information through IoT nodes. The communication security has also been introduced to be one of the techniques in which trying to solve the data transmission security issue that could result in the performance increase in cloud consumption and ubiquity. Our purpose in this research would be to establish a communication system among IoT nodes in such an embedded Cloud and MANET structure. The main goal of this research is to create an efficient and secure approach for communication in Cloud-MANET-IoT integrated framework. This approach is implemented and tested.

Download Full-text

Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.142 ◽

2013 ◽

Author(s):

Parikshit N. Mahalle ◽

Bayu Anggorojati ◽

Neeli R. Prasad ◽

Ramjee Prasad

Keyword(s):

Internet Of Things ◽

Access Control ◽

Secure Communication ◽

Identity Authentication ◽

Security Protocol ◽

The Internet ◽

Dos Attacks ◽

Security Vulnerabilities ◽

Iot Devices ◽

The Internet Of Things

In the last few years the Internet of Things (IoT) has seen widespreadapplication and can be found in each field. Authentication and accesscontrol are important and critical functionalities in the context of IoTto enable secure communication between devices. Mobility, dynamicnetwork topology and weak physical security of low power devices in IoTnetworks are possible sources for security vulnerabilities. It ispromising to make an authentication and access control attack resistant andlightweight in a resource constrained and distributed IoT environment.This paper presents the Identity Authentication and Capability basedAccess Control (IACAC) model with protocol evaluation and performanceanalysis. To protect IoT from man-in-the-middle, replay and denial ofservice (Dos) attacks, the concept of capability for access control isintroduced. The novelty of this model is that, it presents an integratedapproach of authentication and access control for IoT devices. Theresults of other related study have also been analyzed to validate andsupport our findings. Finally, the proposed protocol is evaluated byusing security protocol verification tool and verification results showsthat IACAC is secure against aforementioned attacks. This paper alsodiscusses performance analysis of the protocol in terms of computationaltime compared to other existing solutions. Furthermore, this paper addresseschallenges in IoT and security attacks are modelled with the use casesto give an actual view of IoT networks.

Download Full-text