Special Issue "IoT Security and Privacy"

A special issue of Future Internet (ISSN 1999-5903).

Deadline for manuscript submissions: 28 February 2018

Special Issue Editors

Guest Editor
Dr. Georgios Kambourakis

Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece
Website | E-Mail
Fax: +30 22730 82009
Interests: mobile and wireless communication systems security and privacy; VoIP security and privacy; mobile medical systems security and privacy; e-learning and m-learning security; DNS Security
Guest Editor
Dr. Constantinos Kolias

Computer Science department, George Mason University, VA, USA
Website | E-Mail
Interests: security for the Internet of Things; authentication schemes for 4G and 5G wireless protocols; wireless intrusion detection

Special Issue Information

Dear Colleagues,

As per recent estimates, the number of Internet of Things (IoT) devices will surpass 50 billion by 2020. Unsurprisingly, this growth of IoT devices has drawn the attention of attackers who seek to exploit the merits of this new technology for their own benefit. The direct or indirect exposure of the limited resources IoT devices to the dangers of the Internet opens the door to a plethora of potential security and privacy risks to the end‐users, including the unsanctioned access and abuse of private information, the enabling and strengthening of assaults against other systems, and the breeding of risks pertaining to personal safeness.

When considering conventional Internet applications, typical risks revolve around economic losses, leakage of personal private information and damage of reputation of the corporation. However, as IoT starts to penetrate to virtually all sectors of the society, such as retail, transportation, home automation and even healthcare, any security breach may prove catastrophic to the actual user and its physical world. Such considerations may diminish the user’s confidence towards the IoT technology as a whole and impede its adoption.

The Special Issue at hand intends to promote the dissemination of the latest methodologies, solutions, and case studies pertaining to IoT security and privacy issues. Its objective is to publish high‐quality articles presenting security algorithms, protocols, policies, frameworks, and solutions for the IoT ecosystem. Only technical papers describing previously unpublished, original, state‐of‐the‐art research, and not currently under review by a conference or journal will be considered.

Possible topics of interest of this special issue include, but are not limited to:

  • Security and privacy in heterogeneous IoT.
  • Secure and Privacy Preserving Data Mining and Aggregation in IoT applications.
  • Cross‐domain trust management in smart networks.
  • Secure authentication of IoT devices.
  • MAC layer security protocols for the IoT applications.
  • IoT security mechanisms targeting application layer protocols.
  • Resource‐savvy Intrusion Detection for Networks of Things.

Dr. Georgios Kambourakis
Dr. Constantinos Kolias
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Future Internet is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 550 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Internet of Things
  • Cybersecurity
  • Privacy
  • Threat
  • Attack
  • Vulnerability
  • Defense
  • Intrusion

Published Papers (3 papers)

View options order results:
result details:
Displaying articles 1-3
Export citation of selected articles as:

Research

Open AccessArticle IAACaaS: IoT Application-Scoped Access Control as a Service
Future Internet 2017, 9(4), 64; doi:10.3390/fi9040064
Received: 1 September 2017 / Revised: 4 October 2017 / Accepted: 13 October 2017 / Published: 17 October 2017
PDF Full-text (780 KB) | HTML Full-text | XML Full-text
Abstract
access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms
[...] Read more.
access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Open AccessArticle Extensions and Enhancements to “the Secure Remote Update Protocol”
Future Internet 2017, 9(4), 59; doi:10.3390/fi9040059
Received: 31 August 2017 / Revised: 26 September 2017 / Accepted: 27 September 2017 / Published: 30 September 2017
PDF Full-text (450 KB) | HTML Full-text | XML Full-text
Abstract
This paper builds on previous work introducing the Secure Remote Update Protocol (SRUP), a secure communications protocol for Command and Control applications in the Internet of Things, built on top of MQTT. This paper builds on the original protocol and introduces a number
[...] Read more.
This paper builds on previous work introducing the Secure Remote Update Protocol (SRUP), a secure communications protocol for Command and Control applications in the Internet of Things, built on top of MQTT. This paper builds on the original protocol and introduces a number of additional message types: adding additional capabilities to the protocol. We also discuss the difficulty of proving that a physical device has an identity corresponding to a logical device on the network and propose a mechanism to overcome this within the protocol. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Open AccessArticle A Security Framework for the Internet of Things in the Future Internet Architecture
Future Internet 2017, 9(3), 27; doi:10.3390/fi9030027
Received: 5 June 2017 / Revised: 24 June 2017 / Accepted: 25 June 2017 / Published: 28 June 2017
PDF Full-text (2528 KB) | HTML Full-text | XML Full-text
Abstract
The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the
[...] Read more.
The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the collected information will be exposed to a wide and often unknown audience. Unfortunately, due to the intrinsic capability limits of low-end IoT devices, which account for a majority of the IoT end hosts, many traditional security methods cannot be applied to secure IoT systems, which open a door for attacks and exploits directed both against IoT services and the broader Internet. This paper addresses this issue by introducing a unified IoT framework based on the MobilityFirst future Internet architecture that explicitly focuses on supporting security for the IoT. Our design integrates local IoT systems into the global Internet without losing usability, interoperability and security protection. Specifically, we introduced an IoT middleware layer that connects heterogeneous hardware in local IoT systems to the global MobilityFirst network. We propose an IoT name resolution service (IoT-NRS) as a core component of the middleware layer, and develop a lightweight keying protocol that establishes trust between an IoT device and the IoT-NRS. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Back to Top