Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations

Neshenko, Nataliia; Bou‐Harb, Elias; Crichigno, Jorge; Kaddoum, Georges; Ghani, Nasir

doi:10.1109/comst.2019.2910750

Cited by 627 publications

(347 citation statements)

References 159 publications

Supporting

Mentioning

345

Contrasting

Unclassified

Order By: Relevance

“…Let C be the cipher text space consisting of symbols that are different from the one defined in M. The encryption mechanism is a bijective function, denoted by Ee, between M and C, which can be uniquely determined by an element {e ∈ K}, where K is the key space. Likewise, the decryption mechanism that can be defined as a Security in IoT is still a factor of concern and boundless applications of the IoT technology portend a wide range of security challenges [9,10]. Unauthorized access and data manipulation have become common threats in these networks.…”

Section: Security Preliminariesmentioning

confidence: 99%

Proof of Concept of Scalable Integration of Internet of Things and Blockchain in Healthcare

Satamraju

Malarkodi

2020

Sensors

View full text Add to dashboard Cite

The advent of Internet of Things (IoT) brought innovation along with unprecedented benefits of convenience and efficacy in many operations that were otherwise very cumbersome. This innovation explosion has surfaced a new dimension of vulnerability and physical threat to the data integrity of IoT networks. Implementing conventional cryptographic algorithms on IoT devices is not future-proof as these devices are constrained in terms of computational power, performance, and memory. In this paper, we are proposing a novel framework, a unique model that integrates IoT networks with a blockchain to address potential privacy and security threats for data integrity. Smart contracts are instrumental in this integration process and they are used to handle device authentication, authorization and access-control, and data management. We further share a new design model for interfaces to integrate both platforms while highlighting its performance results over the existing models. With the incorporation of off-chain data storage into the framework, overall scalability of the system can be increased. Finally, our research concludes how the proposed framework can be fused virtually into any existing IoT applications with minimal modifications.

show abstract

Section: Security Preliminariesmentioning

confidence: 99%

Proof of Concept of Scalable Integration of Internet of Things and Blockchain in Healthcare

Satamraju

Malarkodi

2020

Sensors

View full text Add to dashboard Cite

show abstract

“…We consider four data security dimensions: integrity, authenticity, confidentiality and privacy. For more details on the state‐of‐the‐art, we refer the reader to a number of excellent surveys presenting the state‐of‐the‐art in security in IoT …”

Section: State Of the Art/related Workmentioning

confidence: 99%

A systematic approach toward security in Fog computing: Assets, vulnerabilities, possible countermeasures

et al. 2020

View full text Add to dashboard Cite

Fog computing is an emerging paradigm in the Internet of Things (IoT) space, consisting of a middle computation layer, sitting between IoT devices and Cloud servers. Fog computing provides additional computing, storage, and networking resources in close proximity to where data is being generated and/or consumed. As the Fog layer has direct access to data streams generated by IoT devices and responses/commands sent from the Cloud, it is in a critical position in terms of security of the entire IoT system. Currently, there is no specific tool or methodology for analysing the security of Fog computing systems in a comprehensive way.Generic security evaluation procedures applicable to most information technology products are time consuming, costly, and badly suited to the Fog context. In this article, we introduce a methodology for evaluating the security of Fog computing systems in a systematic way. We also apply our methodology to a generic Fog computing system, showcasing how it can be purposefully used by security analysts and system designers. K E Y W O R D Sattack, common criteria, fog computing, methodology, security INTRODUCTIONFog computing is an emerging technology which enriches Cloud computing with additional compute, storage and networking resources in close proximity with the end-user devices which generate and/or consume data streams. 1 With the development of Internet of Things (IoT) systems and applications, increasing volumes of data are being produced by IoT devices at the edges of the network. In this situation, it is often not feasible to send all IoT data to a remote Cloud data center and expect acceptable Quality of Service, especially for applications with low-latency requirements such as augmented reality, industrial control systems, and video streaming. Moreover, many applications such as quantified self which use wearable sensors to monitor individuals life often deal with sensitive personal data. In solely Cloud-based approaches for these applications, all these sensitive data would be sent to the Cloud for processing, leaving the user with little control over the usage of their data.An IoT system architecture with support of Fog computing comprises at least the following three layers: 2 (a) An IoT device layer (comprising the actual sensors and actuators); (b) A Fog computing layer located very close to the IoT devices; and (c) A Cloud computing layer.Fog computing therefore acts as a middle layer, sitting between the Cloud and the IoT devices. Depending on the application, some parts of the computation may be delegated to the Fog layer, which prevents one from having to send Softw: Pract Exper. 2020;50:973-997. wileyonlinelibrary.com/journal/spe © 2020 John Wiley & Sons, Ltd. 973 974 FARHADI et al.raw data to the Cloud. As Fog computing servers process local data locally, we also expect a lower usage of long-distance network bandwidth as well as reduced response times. Also, the user data are now processed by computing elements which are geographically close to where data is generated, l...

show abstract

“…IoT security is a vast topic, including several aspects of the IoT architecture . Those range from protocol design to the analysis of vulnerabilities using compiler tools .…”

Section: Related Workmentioning

confidence: 99%

CASA‐IoT: Scalable and context‐aware IoT access control supporting multiple users

et al. 2019

View full text Add to dashboard Cite

Summary The Internet of Things (IoT) supports many users and context‐aware applications controlling heterogeneous IoT devices. This differs from traditional networks, in which a single entity manages each device. Thus, new access control models must be created in order to support more responsive, scalable, secure, and autonomous management. This article presents an attribute‐based access control model, which applies conflict resolution and access delegation in a multiuser and multiapplication environment. With scalability in mind, we propose the caching of access permissions, as well as a split policy processing model in which the devices with enough computational power perform part of the processing. The proposed model was implemented as part of the ManIoT architecture an d evaluated in experiments on a testbed to demonstrate its efficiency. Results show that our model accelerates the processing of access management policies from 51% by up to 79%.

show abstract

Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations

Cited by 627 publications

References 159 publications

Proof of Concept of Scalable Integration of Internet of Things and Blockchain in Healthcare

Proof of Concept of Scalable Integration of Internet of Things and Blockchain in Healthcare

A systematic approach toward security in Fog computing: Assets, vulnerabilities, possible countermeasures

CASA‐IoT: Scalable and context‐aware IoT access control supporting multiple users

Contact Info

Product

Resources

About