IoT-based Application of Information Security Triad

Information Security is the foremost concern for IoT (Internet of things) devices and applications. Since the advent of IoT, its applications and devices have experienced an exponential increase in numerous applications which are utilized. Nowadays we people are becoming smart because we started using smart devices like a smartwatch, smart TV, smart home appliances. These devices are part of the IoT devices. The IoT device differs widely in capacity storage, size, computational power, and supply of energy. With the rapid increase of IoT devices in different IoT fields, information security, and privacy are not addressed well. Most IoT devices having constraints in computational and operational capabilities are a threat to security and privacy, also prone to cyber-attacks. This study presents a CIA triad-based information security implementation for the four-layer architecture of the IoT devices. An overview of layer-wise threats to the IoT devices and finally suggest CIA triad-based security techniques for securing the IoT devices.

Download Full-text

Lightweight Blockchain to Improve Security and Privacy in Smarthome

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.f9006.038620 ◽

2020 ◽

Vol 8 (6) ◽

pp. 5021-5027

Keyword(s):

Internet Of Things ◽

Smart Home ◽

Resource Constraints ◽

Security And Privacy ◽

Cyber Threats ◽

Distributed Ledger ◽

Application Architecture ◽

Share Data ◽

Iot Devices ◽

Smart Home Appliances

Internet of Things (IoT) growing at a rate of exponential numbers in recent years has received extensive attention with BlockChain (BC) technology which provide trust to IoT with its immutable nature, decentralization in computing, resource constraints, security and privacy. The distributed ledger of transactions in BC is path leading technology for addressing Cyber Threats in the form of data theft; it provides secure application architecture which has proven track of record for securing data. IoT devices using BC enabled to communicate between objects, share data, decide based on business criteria and act as a medium to securely transmit information. This work provides lightweight BlockChain with two prominent consensus mechanism PoW – Proof of Work and PoS – Proof of Stake for smart IoT devices. Next, Smart Home Device (SMD) is ensures providing best-in-class Security and Privacy for smart home Appliances. Further provides future advances in the Approach.

Download Full-text

Towards Secure and Privacy-Preserving IoT Enabled Smart Home: Architecture and Experimental Study

Sensors ◽

10.3390/s20216131 ◽

2020 ◽

Vol 20 (21) ◽

pp. 6131

Author(s):

Mamun Abu-Tair ◽

Soufiene Djahel ◽

Philip Perry ◽

Bryan Scotney ◽

Unsub Zia ◽

...

Keyword(s):

Experimental Study ◽

Smart Home ◽

Privacy Preservation ◽

Smart Cities ◽

Security And Privacy ◽

Test Cases ◽

Security Threats ◽

Hardware Implementations ◽

Cryptographic Algorithms ◽

Iot Devices

Internet of Things (IoT) technology is increasingly pervasive in all aspects of our life and its usage is anticipated to significantly increase in future Smart Cities to support their myriad of revolutionary applications. This paper introduces a new architecture that can support several IoT-enabled smart home use cases, with a specified level of security and privacy preservation. The security threats that may target such an architecture are highlighted along with the cryptographic algorithms that can prevent them. An experimental study is performed to provide more insights about the suitability of several lightweight cryptographic algorithms for use in securing the constrained IoT devices used in the proposed architecture. The obtained results showed that many modern lightweight symmetric cryptography algorithms, as CLEFIA and TRIVIUM, are optimized for hardware implementations and can consume up to 10 times more energy than the legacy techniques when they are implemented in software. Moreover, the experiments results highlight that CLEFIA significantly outperforms TRIVIUM under all of the investigated test cases, and the latter performs 100 times worse than the legacy cryptographic algorithms tested.

Download Full-text

Collaboration Management System between the Device based on Machine Socialization

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v6i6.13266 ◽

2016 ◽

Vol 6 (6) ◽

pp. 3148

Author(s):

Han Kyung Kim ◽

In Shik Kang ◽

Wung Jun Kim ◽

Hoe Kyung Jung

Keyword(s):

Management System ◽

Smart Home ◽

Smart Devices ◽

Network Module ◽

Human Intervention ◽

Collaboration Management ◽

Device To Device ◽

Common Goals ◽

Device To Device Communication ◽

Smart Home Appliances

<p>The basis of IoT is in the interconnection and communication between different devices to achieve common goals through internet. These devices are interconnected through a network which enables communication within these devices without any direct human intervention. But with such great potential, this technology reached a road-block due to incompatibility within various manufacturers of the same type of device and proprietary standards. I started this project with this problem in mind and I have created a brand and platform independent machine socialization device manager system. In this paper, to overcome the above mentioned problem, I have utilized micro controllers to connect to various existing device to solve the problem and propose a device to device communication with collaboration management. This technology is not restricted to usage in only the new network module enabled smart devices but also this can be used to operate the existing old (not smart) home appliances. Machine socialization was made possible with the use of XML, (an internet standard schema language) which we have used to gather device, task and relationship information of all the devices to show schema information.</p>

Download Full-text

A scoping review of Legal Aspect of Information Security Requirement in healthcare: A Benchmark for Assessing the Security Practice in hospitals (Preprint)

10.2196/preprints.30050 ◽

2021 ◽

Author(s):

Prosper Yeng ◽

Muhammad Ali Fauzi ◽

Luyi Sun ◽

Bian Yang

Keyword(s):

Information Security ◽

Scoping Review ◽

Legal Aspect ◽

Code Of Conduct ◽

Cyber Attacks ◽

Security Requirements ◽

Security And Privacy ◽

Healthcare Sector ◽

Security Requirement ◽

Security Practices

BACKGROUND The loss of human lives from cyber-attacks in healthcare is no longer a probabilistic quantification but a reality which has begun. Additionally, the threat scope has expanded to involve threat of National security among others, resulting in surging data breaches within the healthcare sector. For that matter, there have been provisions of various legislations, regulations, and information security governance tools such as policies, standards and directives towards enhancing healthcare information security conscious care behavior among users. But in a research scenario where these required security practices are needed to be compared with ongoing security practices in healthcare, where can the security requirements pertaining to healthcare be obtained in a comprehensive way? Which of the requirements need more concentration of management, end users or both? OBJECTIVE The objective of this paper is therefore to systematically identify, assess and analyze the state-of-the-art information security requirements in healthcare. These requirements were used to develop a framework to serve as a yardstick for measuring the security practice of healthcare staff. METHODS A scoping review was adopted to identify the information security requirement sources within healthcare in Norway, Indonesia, and Ghana. A literature search was conducted in Scopus, PubMed, Google scholar, IEEE Explore and other sources such as legal, regulations, directive, policy and code of conduct related databases of Norway/EU, Indonesia and Ghana. The identified sources were reported with a PRISMA diagram in terms of identification, screening eligibility and inclusion. RESULTS Out of a total of 180 security and privacy requirement sources which were initially identified, 122 of them were fully read by the authors. Subsequently, 74 of these requirement documents fully met the inclusion criteria which were access and analyzed. A total of 68 security and privacy requirements were identified in this work. The findings were then used to develop a framework to serve as a benchmark for modeling and analyzing healthcare security practice. CONCLUSIONS Legal requirements for analyzing healthcare security practice were comprehensively identified and analyzed. The finding was used to develop a framework of which the legal requirement serves as a benchmark for modeling and analyzing healthcare security practice.

Download Full-text

A Framework for Malicious Traffic Detection in IoT Healthcare Environment

Sensors ◽

10.3390/s21093025 ◽

2021 ◽

Vol 21 (9) ◽

pp. 3025

Author(s):

Faisal Hussain ◽

Syed Ghazanfar Abbas ◽

Ghalib A. Shah ◽

Ivan Miguel Pires ◽

Ubaid U. Fayyaz ◽

...

Keyword(s):

Open Source ◽

Human Life ◽

Cyber Attacks ◽

Smart Devices ◽

Use Case ◽

Context Aware ◽

Iot Security ◽

Healthcare Environment ◽

Data Generator ◽

Iot Devices

The Internet of things (IoT) has emerged as a topic of intense interest among the research and industrial community as it has had a revolutionary impact on human life. The rapid growth of IoT technology has revolutionized human life by inaugurating the concept of smart devices, smart healthcare, smart industry, smart city, smart grid, among others. IoT devices’ security has become a serious concern nowadays, especially for the healthcare domain, where recent attacks exposed damaging IoT security vulnerabilities. Traditional network security solutions are well established. However, due to the resource constraint property of IoT devices and the distinct behavior of IoT protocols, the existing security mechanisms cannot be deployed directly for securing the IoT devices and network from the cyber-attacks. To enhance the level of security for IoT, researchers need IoT-specific tools, methods, and datasets. To address the mentioned problem, we provide a framework for developing IoT context-aware security solutions to detect malicious traffic in IoT use cases. The proposed framework consists of a newly created, open-source IoT data generator tool named IoT-Flock. The IoT-Flock tool allows researchers to develop an IoT use-case comprised of both normal and malicious IoT devices and generate traffic. Additionally, the proposed framework provides an open-source utility for converting the captured traffic generated by IoT-Flock into an IoT dataset. Using the proposed framework in this research, we first generated an IoT healthcare dataset which comprises both normal and IoT attack traffic. Afterwards, we applied different machine learning techniques to the generated dataset to detect the cyber-attacks and protect the healthcare system from cyber-attacks. The proposed framework will help in developing the context-aware IoT security solutions, especially for a sensitive use case like IoT healthcare environment.

Download Full-text

Big Data and Personalisation for Non-Intrusive Smart Home Automation

Big Data and Cognitive Computing ◽

10.3390/bdcc5010006 ◽

2021 ◽

Vol 5 (1) ◽

pp. 6

Author(s):

Suriya Priya R. Asaithambi ◽

Sitalakshmi Venkatraman ◽

Ramanathan Venkatraman

Keyword(s):

Big Data ◽

Data Analytics ◽

Smart Home ◽

Big Data Analytics ◽

Cost Effective ◽

Smart Devices ◽

Home Automation ◽

Open Standard ◽

Iot Devices ◽

And Control

With the advent of the Internet of Things (IoT), many different smart home technologies are commercially available. However, the adoption of such technologies is slow as many of them are not cost-effective and focus on specific functions such as energy efficiency. Recently, IoT devices and sensors have been designed to enhance the quality of personal life by having the capability to generate continuous data streams that can be used to monitor and make inferences by the user. While smart home devices connect to the home Wi-Fi network, there are still compatibility issues between devices from different manufacturers. Smart devices get even smarter when they can communicate with and control each other. The information collected by one device can be shared with others for achieving an enhanced automation of their operations. This paper proposes a non-intrusive approach of integrating and collecting data from open standard IoT devices for personalised smart home automation using big data analytics and machine learning. We demonstrate the implementation of our proposed novel technology instantiation approach for achieving non-intrusive IoT based big data analytics with a use case of a smart home environment. We employ open-source frameworks such as Apache Spark, Apache NiFi and FB-Prophet along with popular vendor tech-stacks such as Azure and DataBricks.

Download Full-text

Deep Learning-Based Security Behaviour Analysis in IoT Environments: A Survey

Security and Communication Networks ◽

10.1155/2021/8873195 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Yawei Yue ◽

Shancang Li ◽

Phil Legg ◽

Fuzhong Li

Keyword(s):

Deep Learning ◽

Smart Home ◽

Ad Hoc ◽

Security Analysis ◽

Home Healthcare ◽

Security And Privacy ◽

Iot Security ◽

Privacy Concerns ◽

Iot Devices ◽

Primary Focus

Internet of Things (IoT) applications have been used in a wide variety of domains ranging from smart home, healthcare, smart energy, and Industrial 4.0. While IoT brings a number of benefits including convenience and efficiency, it also introduces a number of emerging threats. The number of IoT devices that may be connected, along with the ad hoc nature of such systems, often exacerbates the situation. Security and privacy have emerged as significant challenges for managing IoT. Recent work has demonstrated that deep learning algorithms are very efficient for conducting security analysis of IoT systems and have many advantages compared with the other methods. This paper aims to provide a thorough survey related to deep learning applications in IoT for security and privacy concerns. Our primary focus is on deep learning enhanced IoT security. First, from the view of system architecture and the methodologies used, we investigate applications of deep learning in IoT security. Second, from the security perspective of IoT systems, we analyse the suitability of deep learning to improve security. Finally, we evaluate the performance of deep learning in IoT system security.

Download Full-text

IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law

Business Systems Research Journal ◽

10.2478/bsrj-2020-0033 ◽

2020 ◽

Vol 11 (3) ◽

pp. 167-185

Author(s):

Goran Vojković ◽

Melita Milenković ◽

Tihomir Katulić

Keyword(s):

Information Security ◽

Data Protection ◽

Smart Home ◽

Personal Information ◽

Legal Framework ◽

Smart Devices ◽

General Data Protection Regulation ◽

General Data ◽

Data Controller ◽

Security Incidents

AbstractBackgroundIoT and smart devices have become extremely popular in the last few years. With their capabilities to collect data, it is reasonable to have concerns about the protection of users’ personal information and privacy in general.ObjectivesComparing existing regulations on data protection and information security rules with the new capabilities provided by IoT and smart devices.Methods/approachThis paper will analyse information on data collected by IoT and smart devices and the corresponding legal framework to explore whether the legal framework also covers these new devices and their functionalities.ResultsVarious IoT and smart devices pose a high risk to an individual's privacy. The General Data Protection Regulation, although a relatively recent law, may not adequately regulate all instances and uses of this technology. Also, due to inadequate technological protection, abuse of such devices by unauthorized persons is possible and even likely.ConclusionsThe number of IoT and smart devices is rapidly increasing. The number of IoT and smart home device security incidents is on the rise. The regulatory framework to ensure data controller and processor compliance needs to be improved in order to create a safer environment for new innovative IoT services and products without jeopardizing the rights and freedoms of data subjects. Also, it is important to increase awareness of homeowners about potential security threats when using IoT and smart devices and services.

Download Full-text