Karim Lounis scite author profile

The Internet of Things, abbreviated as IoT, is a new networking paradigm composed of wireless and wired networks, geographically distributed and interconnected by a ''secured'' backbone, essentially, the Internet. It connects billions of heterogeneous devices, called Things, using different communication technologies and provides end-users, all over the world, with a variety of smart applications. IoT constitutes a new evolution for the Internet in terms of diversity, size, and applications. It also invites cybercriminals who exploit IoT infrastructures to conduct large scale, distributed, and devastating cyberattacks that may have serious consequences. The security of IoT infrastructures strongly depends on the security of its wired and wireless infrastructures. Still, the wireless infrastructures are thought to be the most outspread, important, and vulnerable part of IoT. To achieve the security goals in the wireless infrastructures of IoT, it is crucial to have a comprehensive understanding of IoT attacks, their classification, and security solutions in such infrastructures. In this paper, we provide a survey of attacks related to the wireless infrastructures of IoT in general, and to the most used short-range wireless communication technologies in the resource-constrained part of IoT in particular. Namely, we consider Wi-Fi, Bluetooth, ZigBee, and RFID wireless communication technologies. The paper also provides a taxonomy of these attacks based on a security service-based attack classification and discusses existing security defenses and mechanisms that mitigate certain attacks as well as the limitations of these security mechanisms.

show abstract

Fast authentication in wireless sensor networks

Benzaid

Lounis

Al-Nemrat³

et al. 2016

Future Generation Computer Systems

View full text Add to dashboard Cite

Broadcast authentication is a fundamental security service in wireless sensor networks (WSNs). Although symmetric-key-based µTESLA-like schemes were employed due to their energy efficiency, they all suffer from DoS attacks resulting from the nature of delayed message authentication. Recently, several public-key-based schemes were proposed to achieve immediate broadcast authentication that may significantly improved security strength. However, while the public-key-based schemes obviate the security vulnerability inherent to symmetric-key-based µTESLA-like schemes, their signature verification is time-consuming. Thus, speeding up signature verification is a problem of considerable practical importance, especially in resource-constrained environments. This paper exploits the cooperation among sensor nodes to accelerate the signature verification of vBNN-IBS, a pairing-free identity-based signature with reduced signature size. We demonstrate through on extensive performance evaluation study that the accelerated vBNN-IBS achieves the longest network lifetime compared to both the traditional vBNN-IBS and the accelerated ECDSA schemes. The accelerated vBNN-IBS runs 66% faster than the traditional signature verification method. Results from theoretical analysis, simulation, and real-world experimentation on a MICAz platform are provided to validate our claims.

show abstract

Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0

Gadyatskaya

Jhawar

Kordy

et al. 2016

View full text Add to dashboard Cite

In this tool demonstration paper we present the ADTool2.0: an open-source software tool for design, manipulation and analysis of attack trees. The tool supports ranking of attack scenarios based on quantitative attributes entered by the user; it is scriptable; and it incorporates attack trees with sequential conjunctive refinement.The research leading to the results presented in this work received funding from the European Commission's Seventh Framework Programme (FP7/2007-2013) under grant agreement number 318003 (TREsPASS) and Fonds National de la Recherche Luxembourg under the grant C13/IS/5809105 (ADT2P). 1 http://www.docking-frames.org/.

show abstract

Bluetooth Low Energy Makes “Just Works” Not Work

Lounis

Zulkernine

2019

View full text Add to dashboard Cite

BLE (Bluetooth Low Energy) is being heavily deployed in many devices and IoT (Internet of Things) smart applications of various fields, such as medical, home automation, transportation and agriculture. It has transformed the classic Bluetooth into a technology that can be embedded into resource constrained devices running on a cell coin battery for months or years. Most BLE devices that are sold in the market use the Just Works pairing mode to establish a connection with peer devices. This mode is so lightweight that it leaves the implementation of security to application developers and device manufacturers. Unfortunately, as the market does not want to pay for security, a number of vulnerable smart devices are strolling around in the market. In this paper, we discuss how Bluetooth devices that use the Just Works pairing mode can be exploited to become nonoperational. We conduct a case study on three different Bluetooth smart devices. We show how these devices can be attacked and abused to not work properly. We also present a vulnerability that is due to the behavior of BLE smart devices and the Just Works pairing mode. This vulnerability can be exploited to generate an attack that affects BLE availability. We propose a solution to mitigate the attack.

show abstract

Semi-automatically Augmenting Attack Trees Using an Annotated Attack Tree Library

Jhawar

Lounis

Mauw

et al. 2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Karim Lounis

Attacks and Defenses in Short-Range Wireless Technologies for IoT

Fast authentication in wireless sensor networks

Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0

Bluetooth Low Energy Makes “Just Works” Not Work

Semi-automatically Augmenting Attack Trees Using an Annotated Attack Tree Library

Contact Info

Product

Resources

About