IoT

The Internet of Vehicles (IoV) is a rapidly evolving technology that provides real-time connectivity, enhanced road safety, and reduced traffic congestion; however, its inherently open communication channels expose it to serious security and privacy threats. In 2021, Chaudhry proposed SMEP-IoV, a lightweight message authentication protocol designed to satisfy essential security requirements. This paper presents a comprehensive security analysis of SMEP-IoV and reveals several serious vulnerabilities. Specifically, sensitive credentials are stored in plaintext without tamper-resistant protection, and both authentication and session key derivation depend directly on these credentials. These structural flaws allow an adversary to extract the stored secrets, generate valid authentication messages, and derive the established session key, enabling vehicle impersonation and session key disclosure attacks. Moreover, compromise of long-term secrets facilitates key compromise impersonation attacks. It also fails to ensure anonymity and perfect forward secrecy. To address these issues, we propose an enhanced authentication protocol for resource-constrained IoV environments, leveraging a three-factor authentication mechanism combined with lightweight cryptographic primitives. Formal security analyses using BAN logic, Tamarin, and ProVerif confirm its resilience against known attacks, while NS-3 simulations validate its scalability, high throughput, and low End-to-End Delay (E2ED). The results highlight the protocol as a robust, efficient, and scalable solution for large-scale IoV deployments. Full article

The proliferation of Internet of Things (IoT) devices has introduced significant security challenges. Resource-constrained devices face sophisticated threats but lack the computational capacity for advanced security analysis. This study investigates optimal security task allocation in Cognitive IoT (CIoT) networks. It specifically examines when IoT devices should process security tasks locally or offload them to Mobile Edge Computing (MEC) servers. The problem is formulated as a Continuous-Time Markov Decision Process (CTMDP). The study demonstrates that the optimal offloading policy has a threshold structure. Security tasks are offloaded to MEC servers when the offloading queue length is below a critical threshold, $k^{\ast }$. Otherwise, tasks are processed locally. This structural property is robust to changes in MEC server configurations and threat arrival patterns. It ensures an optimal and easily implementable security policy under the exponential model. Theoretical analysis establishes upper bounds on the performance of AI-based security controllers using the same models. The results also show that standard model-free Q-learning algorithms can recover optimal thresholds without any prior knowledge of the system parameters. Simulations across multiple reinforcement learning architectures, including Q-learning, State–Action–Reward–State–Action (SARSA), and Deep Q-networks (DQN), confirm that all methods converge to the predicted threshold. This empirically validates the analytical findings. The threshold structure remains effective under practical imperfections such as imperfect sensing and parameter estimation errors. Systems maintain 85% to 93% of their optimal performance. This work extends threshold Markov Decision Process (MDP) analysis from classical queuing theory to the context of CIoT security offloading. It provides optimal and practical policies and model-free algorithms for use by resource-constrained devices. Full article

Wireless Sensor Networks (WSNs) commonly employ clustering to improve scalability and energy efficiency; however, cluster heads (CHs) located near the base station (BS) often suffer from excessive relay traffic, leading to rapid energy depletion and reduced network lifetime. This article proposes an Energy-Efficient Distance-Controlled Clustering (EEDC) scheme that adjusts CH density and transmission power according to each node’s distance from the BS. In EEDC, a higher number of CHs is deployed near the BS to balance forwarding loads, while fewer CHs are selected in distant regions to conserve energy. Additionally, CHs adapt their transmission power to enable distance-proportional communication. A mathematical model is developed to analyze the relationship between CH distribution, transmission power, and overall energy consumption. Performance evaluation is conducted through simulations and compared with LEACH, HEED, DEEC, SEP, and EECS. The results show that EEDC improves the stability period by up to 42%, extends network lifetime by 23%, increases average residual energy by 13–29%, enhances throughput by 16–44%, and achieves 23–61% higher packet delivery efficiency. Moreover, cumulative CH energy consumption is reduced by 5–21%, leading to more balanced energy distribution. These findings indicate that distance-controlled CH selection and adaptive transmission power effectively alleviate the BS energy bottleneck and enhance the energy efficiency and operational longevity of clustered WSNs. Full article

This study presents an Internet of Things (IoT)-assisted semi-open hydroponic system for cultivating Andrographis paniculata under tropical conditions, aiming to enhance biomass productivity, andrographolide (AG) yield, and production efficiency. IoT-assisted hydroponics, non-IoT hydroponics, and soil-based cultivation were compared in 10 m² greenhouses. The IoT system enabled real-time monitoring and adaptive regulation of temperature, relative humidity, light intensity, nutrient solution pH, and electrical conductivity (EC). IoT-assisted hydroponics achieved earlier harvest (≈90 days) and the highest fresh biomass yield (0.409 ± 0.014 kg m⁻²) while maintaining per-plant productivity (15.74 ± 0.54 g plant⁻¹) comparable to soil-based cultivation. Andrographolide concentration reached 25.58 ± 3.36 mg g⁻¹ DW (2.56% w/w), meeting pharmacopeial requirements. Owing to stable environmental regulation and tolerance to high planting density, the IoT system produced the highest areal AG productivity (209.5 mg m⁻²), representing a four- to tenfold increase over the other systems. Despite higher operational costs, IoT-assisted hydroponics achieved the lowest AG unit cost (≈6.77 USD g⁻¹). While most previous studies emphasize tissue-level AG concentration, system-level productivity and cost efficiency under realistic cultivation conditions remain insufficiently explored. Overall, IoT-enabled semi-open hydroponics provides a scalable and economically viable approach for medicinal plant production, bridging the gap between open-field cultivation and fully controlled plant factory systems. Full article

The pervasive adoption of AI and AIoT applications at the network edge presents both opportunities and challenges for smart cities. With a focus on the energy efficiency of AI in urban environments, this paper provides a systematic comparative analysis of representative edge hardware platforms, i.e., embedded GPUs, FPGAs, and ultra-low-power microcontroller-/sensor-class devices, assessing their suitability for AI workloads in IoT-driven smart city infrastructures. The evaluation, based on direct characterization of diverse neural networks and relevant datasets, quantifies computational performance and energy behavior through inference latency, throughput, and energy/per inference measurements. Across the evaluated network–board pairs, the measured inference power spans several orders of magnitude, ranging from 0.1–10 mW for ultra-low-power Intelligent Sensor Processing Units (ISPUs) up to 1–10 W for embedded GPUs, highlighting the wide design space between the least and most power-demanding configurations. Results indicate that embedded GPUs provide a favorable performance-to-power ratio for computationally intensive workloads, while MCU/ISPU-class solutions, despite throughput limitations, offer compelling advantages in ultra-low-power scenarios when combined with quantization and pruning, making them well-suited for distributed sensing and actuation typical of smart city deployments. Overall, this comparative analysis guides hardware selection for heterogeneous, sustainable AI-enabled urban services. Full article

The continuous expansion of the Internet of Things (IoT) has intensified the need to evaluate and guarantee the quality of entropy sources used in random number generation, an essential element in securing communications used in IoT ecosystems. This work presents an automated and web-based framework designed to execute and analyze the results of statistical tests defined in the NIST SP 800-22 standard, enabling systematic assessment of entropy sources and random numbers generators in IoT devices and environments. The proposed system integrates a Python-based backend built upon an optimized implementation of the original NIST suite, along with an intuitive web interface that facilitates configuration, monitoring, and parallel execution of tests through Representational State Transfer (REST) endpoints. Session management based on Redis ensures reliable and concurrent operation of multiple users or devices while maintaining isolation and data integrity. To demonstrate its applicability, an emulated IoT ecosystem was implemented in which multiple virtual devices periodically and asynchronously request real-time validation of their local random numbers generators. The obtained results confirm the system’s capability to detect deficiencies in pseudo random generators and validate true random number sources, highlighting its potential as a diagnostic and verification tool for distributed IoT security systems. The tool developed in this work is fully accessible to the public, allowing researchers, engineers, and practitioners to evaluate random number generators without requiring specialized hardware or proprietary software. Full article

Occupant presence is a primary driver of Heating, Ventilation, and Air Conditioning (HVAC) and lighting energy consumption in office environments. Existing occupancy-sensing solutions often rely on privacy-sensitive modalities or require costly infrastructure, limiting their applicability in Small and Medium Offices (SMOs). To address these limitations, this study proposes a lightweight CSI-based occupancy-sensing framework based on a dual-core ESP32-S3 architecture, enabling concurrent CSI processing, environmental sensing, and cloud communication. A multi-stage signal preprocessing pipeline compresses raw CSI streams into a compact $56\times 8$ statistical feature matrix, achieving 98.86% classification accuracy for multi-level occupancy estimation. Compared with image-based baselines such as DenseNet121, the proposed approach reduces input data size to 24 kB and model parameters to 138 K, yielding over 129× reduction in transmission volume without sacrificing performance. These results demonstrate that the proposed framework provides a practical, privacy-preserving, and edge-deployable solution for occupancy-aware energy management in SMOs. Full article

Malware’s proliferation in the Internet of Things (IoT) ecosystem requires precise, efficient detection systems capable of operating on IoT devices. Existing static analysis approaches often fail due to computational inefficiency stemming from high feature dimensionality inherent in raw opcode features. This research addresses this limitation by proposing a novel machine-learning (ML)-driven Intelligent Hybrid Feature Selection (IHFS) framework with two distinct architectures. IHFS1 combines a filter method (variance threshold) with an embedded method (LGBM feature importance). Conversely, IHFS2 integrates variance thresholding with a wrapper method (Recursive Feature Elimination with Cross-Validation using LGBM) for optimal selection. This framework is specifically designed to select an optimally stable and minimal feature subset from the initial 1183 opcode frequency vector extracted from ARM binaries. Applying this framework to a multi-family IoT malware dataset, the IHFS architectures yielded distinct and highly efficient feature subsets: IHFS1 achieved a 95.77% reduction (to 50 features), while IHFS2 attained a 98.06% reduction (to 23 features). Evaluation across eight ML models confirmed that the Random Forest (with IHFS1 subset) and Decision Tree (with IHFS2 subset) classifiers were the best performing, achieving robust classification metrics that outperform current state-of-the-art solutions. The Decision Tree model demonstrated exceptional detection capabilities, with an accuracy of 99.87%, a precision of 99.82%, a recall of 99.88%, and an F1-score of 99.85%. It achieved an average inference time of 0.058 ms per sample. Experimental results attained on a native ARM64 environment validate the deployment feasibility of the proposed system for resource-constrained IoT devices, such as the Raspberry Pi. The proposed system achieves a high-throughput, low-overhead security posture while maintaining host operational stability, processing a single ELF binary in just 3.431 ms. Full article

The growing demand for IoT applications in highly dynamic environments with multiple connected devices introduces significant scalability and low-latency challenges. In the context of software-defined networking (SDN) integrated with Edge environments, adopting machine learning (ML) techniques has emerged as a promising approach to meet these requirements. This study presents a Systematic Literature Review (SLR) that identifies and analyzes ML-based solutions applied to Software-Defined Internet of Things (SD-IoT) infrastructures in Edge environments, emphasizing improving low latency and scalability. Following established methodological best practices, we conducted the review, including a clear definition of research questions, well-defined inclusion and exclusion criteria, a structured search protocol, and multiple scientific databases. Based on the analysis of selected studies, the main strategies employed to enhance network performance are categorized, along with the level of fidelity and complexity of the experimental environments used, and the realism and applicability of the proposed solutions are discussed. Furthermore, drawing from the context of the selected studies, the most recurrent ML approaches are presented—including supervised, unsupervised, and reinforcement learning methods—along with a discussion of their advantages and limitations in dynamic network scenarios. By compiling and organizing the contributions from the literature, this paper provides a comprehensive overview of the state of the art in applying ML to SD-IoT networks, shedding light on current trends, existing gaps, and research opportunities aimed at building more intelligent and adaptable solutions for IoT environments. Full article

Traffic congestion and travel time uncertainty remain major challenges to the operational efficiency of Bus Rapid Transit (BRT) systems in urban areas of developing countries. This study proposes an integrated solution for the Trans Metro Bandung (TMB) system by leveraging Internet of Things (IoT)–based GPS data and tree-based ensemble machine learning algorithms. Spatio-temporal data collected from on-board GPS modules are processed to predict traffic congestion levels and estimate travel time across route segments. The performance of Decision Tree, Random Forest, and XGBoost models is evaluated in terms of prediction accuracy, interpretability, and computational efficiency, with particular consideration for deployment on resource-constrained hardware. Experiments conducted on 20,156 data samples show that the Decision Tree model achieves the highest congestion classification accuracy of 96.8%, while Random Forest outperforms other models in travel time regression, achieving an R² value of 0.95 and a root mean square error (RMSE) of 5.80 min. The trained models are successfully deployed on a Raspberry Pi 3B microcontroller for real-time inference, enabling fleet management and travel planning without reliance on cloud connectivity. The results demonstrate that cost-effective and interpretable machine learning solutions can deliver reliable performance in heterogeneous urban infrastructures while providing a replicable framework for medium-sized cities seeking to implement affordable smart transportation systems. Full article

Multi-tenancy is essential for scalable IoT–Cloud systems; however, it introduces complex security vulnerabilities at the intersection of shared cloud infrastructures and resource-constrained IoT environments. This systematic review evaluates next-generation security frameworks designed to enforce tenant isolation without violating the strict latency (<10 ms) and energy bounds of lightweight sensors. Adhering to PRISMA guidelines, we analyze selected high-quality studies to categorize intersectional threats, including cross-tenant data leakage, side-channel attacks, and privilege escalation. Our analysis identifies a critical, unresolved conflict: existing mitigation strategies often incur a 12% computational and communication overhead, creating a significant barrier for real-time applications. Furthermore, we critically analyze emerging technologies, including Zero Trust Architectures (ZTA), adaptive Artificial Intelligence (AI), blockchain, and Post-Quantum Cryptography (PQC). We find that direct PQC deployment is currently infeasible for LPWAN protocols due to key-size constraints (1.6 KB) that exceed typical payload limits. To address these challenges, we propose a novel multi-layer security design principle that offloads heavy isolation and cryptographic workloads to hardware-accelerated edge gateways, thereby maintaining tenant isolation without compromising real-time performance. Finally, this review serves as a roadmap for future research, highlighting federated learning and hardware enclaves as essential pathways for securing next-generation multi-tenant IoT ecosystems. Full article

The prevalence of radio frequency signals in indoor environments has in recent years given rise to new technologies across many domains such as robotics, healthcare, and surveillance. Radio frequency signals propagate in the wireless medium through multiple paths and carry useful environment-dependent information. Capturing and analyzing these signal patterns can offer new solutions for a number of applications relevant to ranging, tracking, perception and recognition. In this work we propose a novel architecture, separating physical, back-bone networks, and inference layers, towards fully ubiquitous passive recognition systems that scale with the number of environments and applications. We propose a back-bone architecture that utilizes a novel Cross Dual-Path Attention (CDPA) block to capture spatial and temporal correlations from Channel State Information (CSI) for device-free, multi-task applications. Subsequently, a distill and transfer algorithm is proposed to generalize the inference capabilities of CDPA over multiple target environments for scalable training and reduced computational costs. By sharing knowledge between models across a shared network, experimentation shows that edge devices can be deployed with improved performance while simultaneously meeting strict computation and memory requirements. Our distributed learning paradigm demonstrates that CDPA-based models are capable of using passive signals in a non-intrusive and privacy-protecting manner, in order to achieve ubiquitous recognition at scale in smart environments. Full article

Smart homes are becoming increasingly common, bringing convenience to users but also raising serious security concerns. As the number of connected devices grows, so does the research interest in securing smart homes. However, the literature is broad, making it difficult to understand the main research directions and how they are connected. Given the scope and diversity of existing research, a systematic mapping study was chosen to provide a high-level overview of smart home security research by mapping research communities, identifying dominant themes, and examining their evolution over time. We retrieved articles from the Scopus database published between 2000 and April 2025, resulting in approximately 13,600 articles. After filtering out unrelated domains such as smart vehicles, smart industry, and general IoT, a final set of 6313 publications specifically focused on smart home security was used for analysis. We applied a citation-based network analysis approach, constructed an author citation graph, and used the Louvain community detection algorithm to identify 12 main research communities. Each community was further analyzed based on its keywords, most-cited publications, leading authors, and institutions. Our results provide a structured overview of the field, highlighting its key themes and evolution over time. This work can help researchers better navigate the smart home security landscape and identify future research opportunities. Full article

Since the deployment of the Internet of Things (IoT), it has transformed everyday life by enabling intelligent environments that improve efficiency and automate services in domains such as agriculture, healthcare, smart cities, and industry. However, the rapid proliferation of IoT devices has introduced significant security challenges, largely driven by the heterogeneity of devices, resource constraints, and the increasing exposure of network communications. This work proposes a lightweight security protection mechanism for IoT networks based on trust modelling. The proposed approach integrates machine learning techniques to evaluate IoT node behavior using network-layer (Layer 3) traffic features under different labeling granularities, including binary, categorical, and subcategorical classifications. By focusing on network-layer observations, the model remains applicable across heterogeneous IoT devices while preserving a low computational footprint. In addition, the Common Vulnerability Scoring System (CVSS) is incorporated as a standardized vulnerability severity metric, enabling the integration of probabilistic security evidence with contextual information about potential impact. This combination allows the estimation of trust to reflect not only the likelihood of anomalous behavior but also its associated severity. Experimental evaluation was conducted using a representative IoT traffic dataset, multiple preprocessing strategies, and several classical machine learning models. The results demonstrate that aggregating traffic-based intrusion detection outputs with vulnerability severity metrics enables a more robust, flexible, and interpretable trust estimation process. This approach supports the early identification of potentially compromised nodes while maintaining scalability and efficiency, making it suitable for deployment in heterogeneous IoT environments. Full article

Migrating to Post-Quantum Cryptography (PQC) is critical for securing resource-constrained Internet of Things (IoT) devices against the “harvest-now, decrypt-later” threat. While ML-KEM (CRYSTALS-Kyber) has been standardized under FIPS 203 for general encryption, these devices often operate on unreliable networks suffering from high latency and packet loss. Our recent systematic review identified a critical gap that existing research overwhelmingly focuses on Transport Layer Security (TLS). This leaves the resilience of lightweight protocols like MQTT and CoAP under challenging network conditions largely unexplored. This paper introduces PQC-IoTNet, a novel Software-in-the-Loop (SITL) framework to address this gap. Our three-tier architecture integrates a Python-based IoT client with kernel-level emulation to test the full protocol stack. Validation results comparing Kyber and ECC demonstrate the framework’s ability to capture critical performance cliffs caused by TCP retransmissions. Notably, the framework revealed that while Kyber maintained an 18% speed advantage over ECC at 5% packet loss, both protocols experienced nonlinear latency spikes. This work provides a reproducible blueprint to identify operational boundaries and select resilient protocols for secure IoT systems. Full article

The rapid growth of the Internet of Things (IoT) has exposed billions of interconnected, heterogeneous, and resource-constrained devices to increasingly sophisticated threats. To evaluate the readiness of current intrusion detection systems (IDSs), this study reviews 32 recent IoT-IDS proposals spanning conventional, machine-learning, deep-learning, and hybrid approaches. Each system is assessed against 10 criteria that reflect practical IoT requirements, including real-time performance, latency, lightweight design, detection accuracy, mitigation capabilities, integrated detection-and-mitigation workflows, adaptability, resilience to advanced attacks, validation in realistic environments, and scalability. The results indicate that although many approaches achieve high detection accuracy, most do not meet real-time and lightweight thresholds commonly cited in IoT deployment literature. Mitigation features are often absent, adaptability is rarely implemented, and 29 out of 32 studies rely solely on offline datasets, thereby limiting confidence in their robustness to deployment. Scalability remains the most significant limitation, as none of the reviewed IDSs have tested their performance under realistic multi-node or high-traffic conditions, even though scalability is critical for large IoT ecosystems. Overall, the review suggests that future IoT IDS research should move beyond accuracy-focused models and toward lightweight, adaptive, and autonomous solutions that incorporate mitigation, support real-time inference, and undergo standardized evaluations under real-world operating conditions. Full article

Gun violence in U.S. schools not only causes loss of life and physical injury but also leaves enduring psychological trauma, damages property, and results in significant economic losses. One way to reduce this loss is to detect the gun early, notify the police as soon as possible, and implement lockdown procedures immediately. In this project, a novel gun detector Internet of Things (IoT) system is developed that automatically detects the presence of a gun either from images or from gunshot sounds, and sends notifications with exact location information to the first responder’s smartphones using the Internet within a second. The device also sends wireless commands using Message Queuing Telemetry Transport (MQTT) protocol to close the smart door locks in classrooms and announce to act using public address (PA) system automatically. The proposed system will remove the burden of manually calling the police and implementing the lockdown procedure during such traumatic situations. Police will arrive sooner, and thus it will help to stop the shooter early, the injured people can be taken to the hospital quickly, and more lives can be saved. Two custom deep learning AI models are used: (a) to detect guns from image data having an accuracy of 94.6%, and (b) the gunshot sounds from audio data having an accuracy of 99%. No single gun detector device is available in the literature that can detect guns from both image and audio data, implement lockdown and make PA announcement automatically. A prototype of the proposed gunshot detector IoT system, and a smartphone app is developed, and tested with gun replicas and blank guns in real-time. Full article

Healthcare 5.0 and the Internet of Medical Things (IoMT) is emerging as a scalable model for the delivery of customised healthcare and chronic disease management, through Remote Patient Monitoring (RPM) in patient smart home environments. Large-scale RPM initiatives are being rolled out by healthcare providers (HCPs); however, the constrained nature of IoMT devices and proximity to poorly administered smart home technologies create a cyber risk for highly personalised patient data. The recent Network and Information Systems (NIS 2) directive requires HCPs to improve their cyber risk management approaches, mandating heavy penalties for non-compliance. Current research into cyber risk management in smart home-based RPM does not address scalability. This research examines scalability through the lens of the Non-adoption, Abandonment, Scale-up, Spread and Sustainability (NASSS) framework and develops a novel Scalability Index (SI), informed by a PRISMA guided systematic literature review. Our search strategy identified 57 studies across major databases including ACM, IEEE, MDPI, Elsevier, and Springer, authored between January 2016 and March 2025 (final search 21 March 2025), which focussed on cyber security risk management in the RPM context. Studies focussing solely on healthcare institutional settings were excluded. To mitigate bias, a sample of the papers (30/57) were assessed by two other raters; the resulting Cohen’s Kappa inter-rater agreement statistic (0.8) indicating strong agreement on study selection. The results, presented in graphical and tabular format, provide evidence that most cyber risk approaches do not consider scalability from the HCP perspective. Applying the SI to the 57 studies in our review resulted in a low to medium scalability potential of most cyber risk management proposals, indicating that they would not support the requirements of NIS 2 in the RPM context. A limitation of our work is that it was not tested in a live large-scale setting. However, future research could validate the proposed SI, providing guidance for researchers and practitioners in enhancing cyber risk management of large-scale RPM initiatives. Full article

Intrusion detection in IoT networks is challenged by data heterogeneity, label scarcity, and privacy constraints. Traditional federated learning (FL) methods often assume IID data or require supervised labels, limiting their practicality. We propose G-PFL-ID, a graph-driven personalized federated learning framework for unsupervised intrusion detection in non-IID IoT systems. Our method trains a global graph encoder (GCN or GAE) with a DeepSVDD objective under a federated regularizer (FedReg) that combines proximal and variance penalties, then personalizes local models via a lightweight fine-tuning head. We evaluate G-PFL-ID on the IoT-23 (Mirai-based captures) and N-BaIoT (device-level dataset) under realistic heterogeneity (Dirichlet-based partitioning with concentration parameters $\alpha \in \{0.1,0.5,\infty \}$ and client counts $K\in \{10,15,20\}$ for IoT-23, and natural device-based partitioning for N-BaIoT). G-PFL-ID outperforms global FL baselines and recent graph-based federated anomaly detectors, achieving up to 99.46% AUROC on IoT-23 and 97.74% AUROC on N-BaIoT. Ablation studies confirm that the proximal and variance penalties reduce inter-round drift and representation collapse, and that lightweight personalization recovers local sensitivity—especially for clients with limited data. Our work bridges graph-based anomaly detection with personalized FL for scalable, privacy-preserving IoT security. Full article