scholarly journals Automatic Key Update Mechanism for Lightweight M2M Communication and Enhancement of IoT Security: A Case Study of CoAP Using Libcoap Library

Sensors ◽  
2022 ◽  
Vol 22 (1) ◽  
pp. 340
Author(s):  
Wen-Chung Tsai ◽  
Tzu-Hsuan Tsai ◽  
Te-Jen Wang ◽  
Mao-Lun Chiang

The ecosystem for an Internet of Things (IoT) generally comprises endpoint clients, network devices, and cloud servers. Thus, data transfers within the network present multiple security concerns. The recent boom in IoT applications has accelerated the need for a network infrastructure that provides timely and safe information exchange services. A shortcoming of many existing networks is the use of static key authentication. To enable the use of automatic key update mechanisms in IoT devices and enhance security in lightweight machine-to-machine (M2M) communications, we propose a key update mechanism, namely, double OTP (D-OTP), which combines both one-time password (OTP) and one-time pad to achieve an IoT ecosystem with theoretically unbreakable security. The proposed D-OTP was implemented into the Constrained Application Protocol (CoAP) through the commonly used libcoap library. The experimental results revealed that an additional 8.93% latency overhead was required to obtain an unbreakable guarantee of data transfers in 100 CoAP communication sessions.

Author(s):  
Mamata Rath ◽  
Bibudhendu Pati

Adoption of Internet of Things (IoT) and Cloud of Things (CoT) in the current developing technology era are expected to be more and more invasive, making them important mechanism of the future Internet-based communication systems. Cloud of Things and Internet of Things (IoT) are two emerging as well as diversified advanced domains that are diversified in current technological scenario. Paradigm where Cloud and IoT are merged together is foreseen as disruptive and as an enabler of a large number of application scenarios. Due to the adoption of the Cloud and IoT paradigm a number of applications are gaining important technical attention. In the future, it is going to be more complicated a setup to handle security in technology. Information till now will severely get changed and it will be very tough to keep up with varying technology. Organisations will have to repeatedly switch over to new skill-based technology with respect to higher expenditure. Latest tools, methods and enough expertise are highly essential to control threats and vulnerability to computing systems. Keeping in view the integration of Cloud computing and IoT in the new domain of Cloud of things, the said article provides an up-to-date eminence of Cloud-based IoT applications and Cloud of Things with a focus on their security and application-oriented challenges. These challenges are then synthesized in detail to present a technical survey on various issues related to IoT security, concerns, adopted mechanisms and their positive security assurance using Cloud of Things.


Sensors ◽  
2019 ◽  
Vol 19 (19) ◽  
pp. 4121 ◽  
Author(s):  
Alberto Giaretta ◽  
Nicola Dragoni ◽  
Fabio Massacci

Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.


Proceedings ◽  
2020 ◽  
Vol 54 (1) ◽  
pp. 24
Author(s):  
Iván Froiz-Míguez ◽  
Paula Fraga-Lamas ◽  
Tiago M. Fernández-Caramés

The recent increase in the number of connected IoT devices, as well as the heterogeneity of the environments where they are deployed, has derived into the growth of the complexity of Machine-to-Machine (M2M) communication protocols and technologies. In addition, the hardware used by IoT devices has become more powerful and efficient. Such enhancements have made it possible to implement novel decentralized computing architectures like the ones based on edge computing, which offload part of the central server processing by using multiple distributed low-power nodes. In order to ease the deployment and synchronization of decentralized edge computing nodes, this paper describes an M2M distributed protocol based on Peer-to-Peer (P2P) communications that can be executed on low-power ARM devices. In addition, this paper proposes to make use of brokerless communications by using a distributed publication/subscription protocol. Thanks to the fact that information is stored in a distributed way among the nodes of the swarm and since each node can implement a specific access control system, the proposed system is able to make use of write access mechanisms and encryption for the stored data so that the rest of the nodes cannot access sensitive information. In order to test the feasibility of the proposed approach, a comparison with an Message-Queuing Telemetry Transport (MQTT) based architecture is performed in terms of latency, network consumption and performance.


2019 ◽  
Vol 11 (21) ◽  
pp. 5952 ◽  
Author(s):  
Faisal Mehmood ◽  
Shabir Ahmad ◽  
DoHyeun Kim

An internet of things (IoT) platform is a multi-layer technology that enables automation of connected devices within IoT. IoT platforms serve as a middle-ware solution and act as supporting software that is able to connect different hardware devices, access points, and networks to other parts of the value chain. Virtual objects have become a vital component in every IoT platform. Virtual objects are the digital representation of a physical entity. In this paper, we design and implement a cloud-centric IoT platform that serves a purpose for registration and initialization of virtual objects so that technology tinkerers can consume them via the IoT marketplace and integrate them to build IoT applications. The proposed IoT platform differs from existing IoT platforms in the sense that they provide hardware and software services on the same platform that users can plug and play. The proposed IoT platform is separate from the IoT marketplace where users can consume virtual objects to build IoT applications. Experiments are conducted for IoT platform and interworking IoT marketplace based on virtual objects in CoT. The proposed IoT platform provides a user-friendly interface and is secure and reliable. An IoT testbed is developed and a case study is performed for a domestic environment to reuse virtual objects on the IoT marketplace. It also provides the discovery and sharing of virtual objects. IoT devices can be monitored and controlled via virtual objects. We have conducted a comparative analysis of the proposed IoT platform with FIWARE. Results conclude that the proposed system performs marginally better than FIWARE.


Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 567
Author(s):  
Muhammad Husnain ◽  
Khizar Hayat ◽  
Enrico Cambiaso ◽  
Ubaid U. Fayyaz ◽  
Maurizio Mongelli ◽  
...  

The advancement in the domain of IoT accelerated the development of new communication technologies such as the Message Queuing Telemetry Transport (MQTT) protocol. Although MQTT servers/brokers are considered the main component of all MQTT-based IoT applications, their openness makes them vulnerable to potential cyber-attacks such as DoS, DDoS, or buffer overflow. As a result of this, an efficient intrusion detection system for MQTT-based applications is still a missing piece of the IoT security context. Unfortunately, existing IDSs do not provide IoT communication protocol support such as MQTT or CoAP to validate crafted or malformed packets for protecting the protocol implementation vulnerabilities of IoT devices. In this paper, we have designed and developed an MQTT parsing engine that can be integrated with network-based IDS as an initial layer for extensive checking against IoT protocol vulnerabilities and improper usage through a rigorous validation of packet fields during the packet-parsing stage. In addition, we evaluate the performance of the proposed solution across different reported vulnerabilities. The experimental results demonstrate the effectiveness of the proposed solution for detecting and preventing the exploitation of vulnerabilities on IoT protocols.


Sensors ◽  
2019 ◽  
Vol 19 (4) ◽  
pp. 833 ◽  
Author(s):  
Ingook Jang ◽  
Donghun Lee ◽  
Jinchul Choi ◽  
Youngsung Son

The traditional Internet of Things (IoT) paradigm has evolved towards intelligent IoT applications which exploit knowledge produced by IoT devices using artificial intelligence techniques. Knowledge sharing between IoT devices is a challenging issue in this trend. In this paper, we propose a Knowledge of Things (KoT) framework which enables sharing self-taught knowledge between IoT devices which require similar or identical knowledge without help from the cloud. The proposed KoT framework allows an IoT device to effectively produce, cumulate, and share its self-taught knowledge with other devices at the edge in the vicinity. This framework can alleviate behavioral repetition in users and computational redundancy in systems in intelligent IoT applications. To demonstrate the feasibility of the proposed concept, we examine a smart home case study and build a prototype of the KoT framework-based smart home system. Experimental results show that the proposed KoT framework reduces the response time to use intelligent IoT devices from a user’s perspective and the power consumption for compuation from a system’s perspective.


2020 ◽  
Vol 21 (3) ◽  
pp. 515-542
Author(s):  
Neelam Saleem Khan ◽  
Mohammad Ahsan Chishti

As the IoT is moving out of its early stages, it is emerging as an area of future internet. The evolving communication paradigm among cloud servers, Fog nodes and IoT devices are establishing a multilevel communication infrastructure. Fog provides a platform for IoT along with other services like networking, storage and computing. With the tremendous expansion of IoT, security threats also arise. These security hazards cannot be addressed by mere dependence on cloud model. In this paper we present an overview of security landscape of Fog computing, challenges, and, existing solutions. We outline major authentication issues in IoT, map their existing solutions and further tabulate Fog and IoT security loopholes. Furthermore this paper presents Blockchain, a decentralized distributed technology as one of the solutions for authentication issues in IoT. We tried to discuss the strength of Blockchain technology, work done in this field, its adoption in COVID-19 fight and tabulate various challenges in Blockchain technology. At last we present the Cell Tree architecture as another solution to address some of the security issues in IoT, outlined its advantages over Blockchain technology and tabulated some future course to stir some attempts in this area.


2021 ◽  
Vol 10 (1) ◽  
pp. 13
Author(s):  
Claudia Campolo ◽  
Giacomo Genovese ◽  
Antonio Iera ◽  
Antonella Molinaro

Several Internet of Things (IoT) applications are booming which rely on advanced artificial intelligence (AI) and, in particular, machine learning (ML) algorithms to assist the users and make decisions on their behalf in a large variety of contexts, such as smart homes, smart cities, smart factories. Although the traditional approach is to deploy such compute-intensive algorithms into the centralized cloud, the recent proliferation of low-cost, AI-powered microcontrollers and consumer devices paves the way for having the intelligence pervasively spread along the cloud-to-things continuum. The take off of such a promising vision may be hurdled by the resource constraints of IoT devices and by the heterogeneity of (mostly proprietary) AI-embedded software and hardware platforms. In this paper, we propose a solution for the AI distributed deployment at the deep edge, which lays its foundation in the IoT virtualization concept. We design a virtualization layer hosted at the network edge that is in charge of the semantic description of AI-embedded IoT devices, and, hence, it can expose as well as augment their cognitive capabilities in order to feed intelligent IoT applications. The proposal has been mainly devised with the twofold aim of (i) relieving the pressure on constrained devices that are solicited by multiple parties interested in accessing their generated data and inference, and (ii) and targeting interoperability among AI-powered platforms. A Proof-of-Concept (PoC) is provided to showcase the viability and advantages of the proposed solution.


Symmetry ◽  
2021 ◽  
Vol 13 (5) ◽  
pp. 855
Author(s):  
Tzung-Her Chen ◽  
Wei-Bin Lee ◽  
Hsing-Bai Chen ◽  
Chien-Lung Wang

Although digital signature has been a fundamental technology for cryptosystems, it still draws considerable attention from both academia and industry due to the recent raising interest in blockchains. This article revisits the subliminal channel existing digital signature and reviews its abuse risk of the constructor’s private key. From a different perspective on the subliminal channel, we find the new concept named the chamber of secrets in blockchains. The found concept, whereby the secret is hidden and later recovered by the constructor from the common transactions in a blockchain, highlights a new way to encourage implementing various applications to benefit efficiency and security. Thus, the proposed scheme benefits from the following advantages: (1) avoiding the high maintenance cost of certificate chain of certificate authority, or public key infrastructure, and (2) seamlessly integrating with blockchains using the property of chamber of secrets. In order to easily understand the superiority of this new concept, a remote authentication scenario is taken as a paradigm of IoT to demonstrate that the further advantages are achieved: (1) avoiding high demand for storage space in IoT devices, and (2) avoiding maintaining a sensitive table in IoT server.


Sign in / Sign up

Export Citation Format

Share Document