IoT Security-Quality-Metrics Method and Its Conformity with Emerging Guidelines

This study proposes a security-quality-metrics method tailored for the Internet of things (IoT) and evaluates conformity of the proposed approach with pertinent cybersecurity regulations and guidelines for IoT. Cybersecurity incidents involving IoT devices have recently come to light; consequently, IoT security correspondence has become a necessity. The ISO 25000 series is used for software; however, the concept of security as a quality factor has not been applied to IoT devices. Because software vulnerabilities were not the device vendors’ responsibility as product liability, most vendors did not consider the security capability of IoT devices as part of their quality control. Furthermore, an appropriate IoT security-quality metric for vendors does not exist; instead, vendors have to set their security standards, which lack consistency and are difficult to justify by themselves. To address this problem, the authors propose a universal method for specifying IoT security-quality metrics on a globally accepted scale, inspired by the goal/question/metric (GQM) method. The method enables vendors to verify their products to conform to the requirements of existing baselines and certification programs and to help vendors to tailor their quality requirements to meet the given security requirements. The IoT users would also be able to use these metrics to verify the security quality of IoT devices.

Download Full-text

Predicting Internet of Things (IOT) Security and Privacy Risks – A Proposal Model: توقع مخاطر أمن وخصوصية إنترنت الأشياء (IOT) – نموذج مقترح بحثي

Journal of engineering sciences and information technology - مجلة العلوم الهندسية و تكنولوجيا المعلومات ◽

10.26389/ajsrp.q070621 ◽

2021 ◽

Vol 5 (3) ◽

pp. 133-112

Author(s):

Awad Saad Al-Qahtani, Mohammad Ayoub Khan Awad Saad Al-Qahtani, Mohammad Ayoub Khan

Keyword(s):

Internet Of Things ◽

Security Management ◽

Cyber Attacks ◽

Security Requirements ◽

Security And Privacy ◽

The Internet ◽

Security Risks ◽

Iot Security ◽

Iot Devices ◽

The Internet Of Things

The Internet of things (IOT) users lack awareness of IOT security infrastructure to handle the risks including Threats, attack and penetration associated with its use. IOT devices are main targets for cyber-attacks due to variable personally identifiable information (PII) stored and transmit in the cyber centers. The security risks of the Internet of Things aimed to damage user's security and privacy. All information about users can be collected from their related objects which are stored in the system or transferred through mediums among diverse smart objects and may exposed to exposed dangerous of attacks and threats if it lack authentication so there are essential need to make IOT security requirements as important part of its efficient implementation. These requirements include; availability, accountability, authentication, authorization, privacy and confidentiality, Integrity and Non-repudiation. The study design is a survey research to investigate the visibility of the proposed model of security management for IOT uses, the security risks of IOT devices, and the changes IOT technology on the IT infrastructure of IOT users through answering of the research questionnaires. This work proposes a model of security management for IOT to predict IOT security and privacy threats, protect IOT users from any unforeseen dangers, and determine the right security mechanisms and protocols for IOT security layers, as well as give the most convenient security mechanisms. Moreover, for enhancing the performance of IOT networks by selecting suitable security mechanisms for IOT layers to increase IOT user's security satisfaction.

Download Full-text

Bringing Security to The Smallest Embedded Systems

10.34048/2017.1.f5 ◽

2017 ◽

Author(s):

JOSEPH YIU

Keyword(s):

Internet Of Things ◽

Embedded Systems ◽

Low Cost ◽

Security Requirements ◽

The Internet ◽

Security Measures ◽

Significant Challenge ◽

Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

Download Full-text

Revisited—The Subliminal Channel in Blockchain and Its Application to IoT Security

Symmetry ◽

10.3390/sym13050855 ◽

2021 ◽

Vol 13 (5) ◽

pp. 855

Author(s):

Tzung-Her Chen ◽

Wei-Bin Lee ◽

Hsing-Bai Chen ◽

Chien-Lung Wang

Keyword(s):

Digital Signature ◽

Public Key Infrastructure ◽

Maintenance Cost ◽

Iot Security ◽

Remote Authentication ◽

Certificate Chain ◽

The Common ◽

Iot Devices ◽

Subliminal Channel ◽

Abuse Risk

Although digital signature has been a fundamental technology for cryptosystems, it still draws considerable attention from both academia and industry due to the recent raising interest in blockchains. This article revisits the subliminal channel existing digital signature and reviews its abuse risk of the constructor’s private key. From a different perspective on the subliminal channel, we find the new concept named the chamber of secrets in blockchains. The found concept, whereby the secret is hidden and later recovered by the constructor from the common transactions in a blockchain, highlights a new way to encourage implementing various applications to benefit efficiency and security. Thus, the proposed scheme benefits from the following advantages: (1) avoiding the high maintenance cost of certificate chain of certificate authority, or public key infrastructure, and (2) seamlessly integrating with blockchains using the property of chamber of secrets. In order to easily understand the superiority of this new concept, a remote authentication scenario is taken as a paradigm of IoT to demonstrate that the further advantages are achieved: (1) avoiding high demand for storage space in IoT devices, and (2) avoiding maintaining a sensitive table in IoT server.

Download Full-text

Identity and Access Management Resilience against Intentional Risk for Blockchain-Based IOT Platforms

Electronics ◽

10.3390/electronics10040378 ◽

2021 ◽

Vol 10 (4) ◽

pp. 378

Author(s):

Alberto Partida ◽

Regino Criado ◽

Miguel Romance

Keyword(s):

Security Requirements ◽

Access Management ◽

Iot Security ◽

Complex Network Theory ◽

Scale Free ◽

Blockchain Technology ◽

Technology Transfers ◽

Iot Platforms ◽

Market Capitalisation ◽

Security Incidents

Some Internet of Things (IoT) platforms use blockchain to transport data. The value proposition of IoT is the connection to the Internet of a myriad of devices that provide and exchange data to improve people’s lives and add value to industries. The blockchain technology transfers data and value in an immutable and decentralised fashion. Security, composed of both non-intentional and intentional risk management, is a fundamental design requirement for both IoT and blockchain. We study how blockchain answers some of the IoT security requirements with a focus on intentional risk. The review of a sample of security incidents impacting public blockchains confirm that identity and access management (IAM) is a key security requirement to build resilience against intentional risk. This fact is also applicable to IoT solutions built on a blockchain. We compare the two IoT platforms based on public permissionless distributed ledgers with the highest market capitalisation: IOTA, run on an alternative to a blockchain, which is a directed acyclic graph (DAG); and IoTeX, its contender, built on a blockchain. Our objective is to discover how we can create IAM resilience against intentional risk in these IoT platforms. For that, we turn to complex network theory: a tool to describe and compare systems with many participants. We conclude that IoTeX and possibly IOTA transaction networks are scale-free. As both platforms are vulnerable to attacks, they require resilience against intentional risk. In the case of IoTeX, DIoTA provides a resilient IAM solution. Furthermore, we suggest that resilience against intentional risk requires an IAM concept that transcends a single blockchain. Only with the interplay of edge and global ledgers can we obtain data integrity in a multi-vendor and multi-purpose IoT network.

Download Full-text

USE OF ONTOLOGIES IN MAPPING OF INFORMATION SECURITY REQUIREMENTS / ONTOLOGIJOS NAUDOJIMAS INFORMACIJOS SAUGUMO REIKALAVIMAMS SUSIET

Mokslas - Lietuvos ateitis ◽

10.3846/mla.2013.15 ◽

2013 ◽

Vol 5 (2) ◽

pp. 88-91

Author(s):

Simona Ramanauskaitė ◽

Eglė Radvilė ◽

Dmitrij Olifer

Keyword(s):

Information Security ◽

Best Practices ◽

Security Requirements ◽

Security Standards

A large amount of different security documents, standards, guidelines and best practices requires to ensure mapping between different security requirements. As the result of mapping, security requirements of different standards can coincide or require to be amended or harmonised. This is the reason why it is so difficult to map more than two different security documents. Ontologies can be used to solve this issue. The article offers a review of different security documents and ontology types as well as investigates possible use of ontologies for mapping of security standards. Article in Lithuanian Santrauka Esant daugybei informacijos saugą reglamentuojančių dokumentų, gairių ir standartų, aktualu tarpusavyje susieti juose apibrėžtus saugumo reikalavimus. Skirtinguose saugos dokumentuose aprašyti saugumo reikalavimai gali ne tik sutapti arba papildyti vienas kitą, bet ir prieštarauti vienas kitam. Tai labai apsunkina daugiau negu dviejų informacijos saugą reglamentuojančių dokumentų susiejimą. Vienas būdų susieti daugiau negu du saugą reglamentuojančius dokumentus galėtų būti ontologijos naudojimas. Straipsnyje apžvelgiami šiuo metu pagrindiniai saugą reglamentuojantys standartai, egzistuojančios saugumo ontologijos, išnagrinėta galimybė naudoti ontologiją saugą reglamentuojančių dokumentų reikalavimams susieti ir galimybę tokį susiejimą atvaizduoti grafais.

Download Full-text

Intrusion Detection System for AES Encripted Low-Power IoT Networks

10.14210/cotb.v12.p392-399 ◽

2021 ◽

Author(s):

Eduardo De Oliveira Burger Monteiro Luiz ◽

Alessandro Copetti ◽

Luciano Bertini ◽

Juliano Fontoura Kazienko

Keyword(s):

Low Power ◽

Detection System ◽

Denial Of Service ◽

Security Requirements ◽

Power Devices ◽

Dos Attacks ◽

Reflection Attack ◽

Ipv6 Protocol ◽

Iot Devices ◽

High Level

The introduction of the IPv6 protocol solved the problem of providingaddresses to network devices. With the emergence of the Internetof Things (IoT), there was also the need to develop a protocolthat would assist in connecting low-power devices. The 6LoWPANprotocols were created for this purpose. However, such protocolsinherited the vulnerabilities and threats related to Denial of Service(DoS) attacks from the IPv4 and IPv6 protocols. In this paper, weprepare a network environment for low-power IoT devices usingCOOJA simulator and Contiki operating system to analyze theenergy consumption of devices. Besides, we propose an IntrusionDetection System (IDS) associated with the AES symmetric encryptionalgorithm for the detection of reflection DoS attacks. Thesymmetric encryption has proven to be an appropriate methoddue to low implementation overhead, not incurring in large powerconsumption, and keeping a high level of system security. The maincontributions of this paper are: (i) implementation of a reflectionattack algorithm for IoT devices; (ii) implementation of an intrusiondetection system using AES encryption; (iii) comparison ofthe power consumption in three distinct scenarios: normal messageexchange, the occurrence of a reflection attack, and runningIDS algorithm. Finally, the results presented show that the IDSwith symmetric cryptography meets the security requirements andrespects the energy limits of low-power sensors.

Download Full-text

Template Matching and Matrix Profile for Signal Quality Assessment of Carotid and Femoral Laser Doppler Vibrometer Signals

Frontiers in Physiology ◽

10.3389/fphys.2021.775052 ◽

2022 ◽

Vol 12 ◽

Author(s):

Silvia Seoni ◽

Simeon Beeckman ◽

Yanlu Li ◽

Soren Aasmul ◽

Umberto Morbiducci ◽

...

Keyword(s):

Logistic Regression ◽

Quality Assessment ◽

Real Time ◽

Template Matching ◽

Quality Metrics ◽

Laser Doppler ◽

Signal Quality ◽

Laser Doppler Vibrometry ◽

Quality Metric

Background: Laser-Doppler Vibrometry (LDV) is a laser-based technique that allows measuring the motion of moving targets with high spatial and temporal resolution. To demonstrate its use for the measurement of carotid-femoral pulse wave velocity, a prototype system was employed in a clinical feasibility study. Data were acquired for analysis without prior quality control. Real-time application, however, will require a real-time assessment of signal quality. In this study, we (1) use template matching and matrix profile for assessing the quality of these previously acquired signals; (2) analyze the nature and achievable quality of acquired signals at the carotid and femoral measuring site; (3) explore models for automated classification of signal quality.Methods: Laser-Doppler Vibrometry data were acquired in 100 subjects (50M/50F) and consisted of 4–5 sequences of 20-s recordings of skin displacement, differentiated two times to yield acceleration. Each recording consisted of data from 12 laser beams, yielding 410 carotid-femoral and 407 carotid-carotid recordings. Data quality was visually assessed on a 1–5 scale, and a subset of best quality data was used to construct an acceleration template for both measuring sites. The time-varying cross-correlation of the acceleration signals with the template was computed. A quality metric constructed on several features of this template matching was derived. Next, the matrix-profile technique was applied to identify recurring features in the measured time series and derived a similar quality metric. The statistical distribution of the metrics, and their correlates with basic clinical data were assessed. Finally, logistic-regression-based classifiers were developed and their ability to automatically classify LDV-signal quality was assessed.Results: Automated quality metrics correlated well with visual scores. Signal quality was negatively correlated with BMI for femoral recordings but not for carotid recordings. Logistic regression models based on both methods yielded an accuracy of minimally 80% for our carotid and femoral recording data, reaching 87% for the femoral data.Conclusion: Both template matching and matrix profile were found suitable methods for automated grading of LDV signal quality and were able to generate a quality metric that was on par with the signal quality assessment of the expert. The classifiers, developed with both quality metrics, showed their potential for future real-time implementation.

Download Full-text

Honeypots for Internet of Things Research: An Effective Mitigation Tool

10.20944/preprints202109.0461.v1 ◽

2021 ◽

Author(s):

Shen Xin En ◽

Liu Si Ling ◽

Fan Cheng Hao

Keyword(s):

Internet Of Things ◽

Operating Systems ◽

Network Resources ◽

Iot Security ◽

Frequent Use ◽

Attack Patterns ◽

Iot Devices

In recent years, due to their frequent use and widespread use, IoT (Internet of Things) devices have become an attractive target for hackers. As a result of their limited network resources and complex operating systems, they are vulnerable to attacks. Using a honeypot can, therefore, be a very effective way of detecting malicious requests and capturing samples of exploits. The purpose of this article is to introduce honeypots, the rise of IoT devices, and how they can be exploited by attackers. Various honeypot ecosystems will be investigated further for capturing and analyzing information from attacks against these IoT devices. As well as how to leverage proactive strategies in terms of IoT security, it will provide insights on the attack vectors present in most IoT systems, along with understanding attack patterns.

Download Full-text

Healthcare-Internet of Things and Its Components

Advances in Medical Technologies and Clinical Practice - Optimizing Health Monitoring Systems With Wireless Technology ◽

10.4018/978-1-5225-6067-8.ch018 ◽

2021 ◽

pp. 258-277

Author(s):

Aman Tyagi

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Communication Technologies ◽

The Internet ◽

Healthcare Resources ◽

Iot Security ◽

Global Epidemic ◽

Security Issues ◽

Analyse Data ◽

Iot Devices

Elderly population in the Asian countries is increasing at a very fast rate. Lack of healthcare resources and infrastructure in many countries makes the task of provding proper healthcare difficult. Internet of things (IoT) in healthcare can address the problem effectively. Patient care is possible at home using IoT devices. IoT devices are used to collect different types of data. Various algorithms may be used to analyse data. IoT devices are connected to the internet and all the data of the patients with various health reports are available online and hence security issues arise. IoT sensors, IoT communication technologies, IoT gadgets, components of IoT, IoT layers, cloud and fog computing, benefits of IoT, IoT-based algorithms, IoT security issues, and IoT challenges are discussed in the chapter. Nowadays global epidemic COVID19 has demolished the economy and health services of all the countries worldwide. Usefulness of IoT in COVID19-related issues is explained here.

Download Full-text

A Strongly Unforgeable Certificateless Signature Scheme and Its Application in IoT Environments

Sensors ◽

10.3390/s19122692 ◽

2019 ◽

Vol 19 (12) ◽

pp. 2692 ◽

Cited By ~ 4

Author(s):

Xiaodong Yang ◽

Xizhen Pei ◽

Guilan Chen ◽

Ting Li ◽

Meiding Wang ◽

...

Keyword(s):

Security Requirements ◽

Widespread Application ◽

Random Oracles ◽

Replay Attacks ◽

Security Research ◽

Viable Solution ◽

Iot Devices ◽

Certificateless Signature ◽

The Internet Of Things ◽

Strong Unforgeability

With the widespread application of the Internet of Things (IoT), ensuring communication security for IoT devices is of considerable importance. Since IoT data are vulnerable to eavesdropping, tampering, forgery, and other attacks during an open network transmission, the integrity and authenticity of data are fundamental security requirements in the IoT. A certificateless signature (CLS) is a viable solution for providing data integrity, data authenticity, and identity identification in resource-constrained IoT devices. Therefore, designing a secure and efficient CLS scheme for IoT environments has become one of the main objectives of IoT security research. However, the existing CLS schemes rarely focus on strong unforgeability and replay attacks. Herein, we design a novel CLS scheme to protect the integrity and authenticity of IoT data. In addition to satisfying the strong unforgeability requirement, the proposed scheme also resists public key replacement attacks, malicious-but-passive key-generation-centre attacks, and replay attacks. Compared with other related CLS schemes without random oracles, our CLS scheme has a shorter private key, stronger security, and lower communication and computational costs.

Download Full-text