IoT: Security, Privacy and Best Practices

A special issue of Computers (ISSN 2073-431X). This special issue belongs to the section "Internet of Things (IoT) and Industrial IoT".

Deadline for manuscript submissions: closed (31 December 2022) | Viewed by 49888

Special Issue Editor


E-Mail Website
Guest Editor
Fordham Center for Cybersecurity, Fordham University, New York, NY 10023, USA
Interests: security; information assurance and privacy; crypto-resilient attacks; applied cryptography; blockchain and cryptocurrency; IoT security and privacy; cyberphysical systems and WBAN security; steganography; lightweight cryptographic algorithms and protocols; cloud-computing security; ad hoc and WSNs; ecure remote patient monitoring systems; computer networks protocols and QoS; wireless networks coexistence
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

IoT devices have penetrated through a multitude of fields beyond those originally expected. In business, the IoT is used for product optimization. IoT-based solutions are being introduced on the factory floor, where they are having a dramatic impact on quality control through the detection of substandard production and material use. This promotes brand value by ensuring adherence to product specifications. Additionally, we are experiencing the use the IoT in financial decision processes, by providing real-time information of a holistic enterprise view that is complemented by data from resource planning and accounting systems. In academia, the IoT can be used to automatically track and deliver data records. Local governments are exploiting the IoT to increase the efficiency and safety of services provided to their population. The use of the IoT is integral to successful traffic management and mass transportation control. Accompanied by the increase in popularity and usage/reliance comes an increased possibility of cyberattack. It is a widely accepted theory that in many cases, malicious actors target popular devices for susceptible attack surfaces to amplify the effect of successful exploitation. Therefore, it is crucial to assess, understand, and, if possible, improve the protocols and security measures used in the devices and endpoints in an endeavor to create a safe environment for the user. A layered approach will provide optimal network and device defense. The perimeter security of an IoT network is essential for preventing breaches. Perimeter defense techniques include firewalls, IDS/IPSs, physical access controls, and network access control lists.
The Special Issue aims to gather innovative security solutions for IoT. We aim for security solutions the variety of IoT family including but not limited to: wireless sensor networks (WSN), wireless body area networks (WBANs), etc. Topics of interest include but are not limited to:

  • IoT privacy and security;
  • WSN security;
  • WBAN privacy and security;
  • Cloud-based IoT security;
  • Machine learning for IoT security;
  • IoT hardware security;
  • Blockchain for IoT security;
  • Industrial IoT security;
  • Medial IoT privacy and security;
  • Cryptography in IoT;
  • Layered security principles and ways to enhance perimeter defense in the IoT;
  • IoT gateway vulnerabilities and best practices of defense;
  • The malicious impact on IoT, Thingbots, Hivenets;
  • Forensics in IoT;
  • Law, Policy, and Privacy in IoT.

Prof. Dr. Thaier Hayajneh
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Computers is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1800 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (7 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

24 pages, 5244 KiB  
Article
Efficient, Lightweight Cyber Intrusion Detection System for IoT Ecosystems Using MI2G Algorithm
by Sunil Kaushik, Akashdeep Bhardwaj, Abdullah Alomari, Salil Bharany, Amjad Alsirhani and Mohammed Mujib Alshahrani
Computers 2022, 11(10), 142; https://doi.org/10.3390/computers11100142 - 20 Sep 2022
Cited by 7 | Viewed by 2236
Abstract
The increase in internet connectivity has led to an increased usage of the Internet of Things (IoT) and devices on the internet. These IoT devices are becoming the backbone of Industry 4.0. The dependence on IoT devices has made them vulnerable to cyber-attacks. [...] Read more.
The increase in internet connectivity has led to an increased usage of the Internet of Things (IoT) and devices on the internet. These IoT devices are becoming the backbone of Industry 4.0. The dependence on IoT devices has made them vulnerable to cyber-attacks. IoT devices are often deployed in harsh conditions, challenged with less computational costs, and starved with energy. All these limitations make it tough to deploy accurate intrusion detection systems (IDSs) in IoT devices and make the critical IoT ecosystem more susceptible to cyber-attacks. A new lightweight IDS and a novel feature selection algorithm are introduced in this paper to overcome the challenges of computational cost and accuracy. The proposed algorithm is based on the Information Theory models to select the feature with high statistical dependence and entropy reduction in the dataset. This feature selection algorithm also showed an increase in performance parameters and a reduction in training time of 27–63% with different classifiers. The proposed IDS with the algorithm showed accuracy, Precision, Recall, and F1-Score of more than 99% when tested with the CICIDS2018 dataset. The proposed IDS is competitive in accuracy, Precision, Recall, and training time compared to the latest published research. The proposed IDS showed consistent performance on the UNSWNB15 dataset. Full article
(This article belongs to the Special Issue IoT: Security, Privacy and Best Practices)
Show Figures

Figure 1

19 pages, 3508 KiB  
Article
Mitigation of Black-Box Attacks on Intrusion Detection Systems-Based ML
by Shahad Alahmed, Qutaiba Alasad, Maytham M. Hammood, Jiann-Shiun Yuan and Mohammed Alawad
Computers 2022, 11(7), 115; https://doi.org/10.3390/computers11070115 - 20 Jul 2022
Cited by 10 | Viewed by 2634
Abstract
Intrusion detection systems (IDS) are a very vital part of network security, as they can be used to protect the network from illegal intrusions and communications. To detect malicious network traffic, several IDS based on machine learning (ML) methods have been developed in [...] Read more.
Intrusion detection systems (IDS) are a very vital part of network security, as they can be used to protect the network from illegal intrusions and communications. To detect malicious network traffic, several IDS based on machine learning (ML) methods have been developed in the literature. Machine learning models, on the other hand, have recently been proved to be effective, since they are vulnerable to adversarial perturbations, which allows the opponent to crash the system while performing network queries. This motivated us to present a defensive model that uses adversarial training based on generative adversarial networks (GANs) as a defense strategy to offer better protection for the system against adversarial perturbations. The experiment was carried out using random forest as a classifier. In addition, both principal component analysis (PCA) and recursive features elimination (Rfe) techniques were leveraged as a feature selection to diminish the dimensionality of the dataset, and this led to enhancing the performance of the model significantly. The proposal was tested on a realistic and recent public network dataset: CSE-CICIDS2018. The simulation results showed that GAN-based adversarial training enhanced the resilience of the IDS model and mitigated the severity of the black-box attack. Full article
(This article belongs to the Special Issue IoT: Security, Privacy and Best Practices)
Show Figures

Figure 1

14 pages, 5647 KiB  
Article
Design and Implementation of Automated Steganography Image-Detection System for the KakaoTalk Instant Messenger
by Jun Park and Youngho Cho
Computers 2020, 9(4), 103; https://doi.org/10.3390/computers9040103 - 18 Dec 2020
Cited by 6 | Viewed by 3449
Abstract
As the popularity of social network service (SNS) messengers (such as Telegram, WeChat or KakaoTalk) grows rapidly, cyberattackers and cybercriminals start targeting them, and from various media, we can see numerous cyber incidents that have occurred in the SNS messenger platforms. Especially, according [...] Read more.
As the popularity of social network service (SNS) messengers (such as Telegram, WeChat or KakaoTalk) grows rapidly, cyberattackers and cybercriminals start targeting them, and from various media, we can see numerous cyber incidents that have occurred in the SNS messenger platforms. Especially, according to existing studies, a novel type of botnet, which is the so-called steganography-based botnet (stego-botnet), can be constructed and implemented in SNS chat messengers. In the stego-botnet, by using various steganography techniques, every botnet communication and control (C&C) messages are secretly embedded into multimedia files (such as image or video files) frequently shared in the SNS messenger. As a result, the stego-botnet can hide its malicious messages between a bot master and bots much better than existing botnets by avoiding traditional botnet-detection methods without steganography-detection functions. Meanwhile, existing studies have focused on devising and improving steganography-detection algorithms but no studies conducted automated steganography image-detection system although there are a large amount of SNS chatrooms on the Internet and thus may exist many potential steganography images on those chatrooms which need to be inspected for security. Consequently, in this paper, we propose an automated system that detects steganography image files by collecting and inspecting all image files shared in an SNS chatroom based on open image steganography tools. In addition, we implement our proposed system based on two open steganography tools (Stegano and Cryptosteganography) in the KakaoTalk SNS messenger and show our experimental results that validate our proposed automated detection system work successfully according to our design purposes. Full article
(This article belongs to the Special Issue IoT: Security, Privacy and Best Practices)
Show Figures

Graphical abstract

18 pages, 2665 KiB  
Article
PriADA: Management and Adaptation of Information Based on Data Privacy in Public Environments
by Hugo Lopes, Ivan Miguel Pires, Hector Sánchez San Blas, Raúl García-Ovejero and Valderi Leithardt
Computers 2020, 9(4), 77; https://doi.org/10.3390/computers9040077 - 28 Sep 2020
Cited by 22 | Viewed by 3638
Abstract
The mobile devices cause a constant struggle for the pursuit of data privacy. Nowadays, it appears that the number of mobile devices in the world is increasing. With this increase and technological evolution, thousands of data associated with everyone are generated and stored [...] Read more.
The mobile devices cause a constant struggle for the pursuit of data privacy. Nowadays, it appears that the number of mobile devices in the world is increasing. With this increase and technological evolution, thousands of data associated with everyone are generated and stored remotely. Thus, the topic of data privacy is highlighted in several areas. There is a need for control and management of data in circulation inherent to this theme. This article presents an approach to the interaction between the individual and the public environment, where this interaction will determine the access to information. This analysis was based on a data privacy management model in open environments created after reading and analyzing the current technologies. A mobile application based on location by Global Positioning System (GPS) was developed to substantiate this model, which considers the General Data Protection Regulation (GDPR) to control and manage access to each individual’s data. Full article
(This article belongs to the Special Issue IoT: Security, Privacy and Best Practices)
Show Figures

Figure 1

43 pages, 3528 KiB  
Article
A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures
by Muath A. Obaidat, Suhaib Obeidat, Jennifer Holst, Abdullah Al Hayajneh and Joseph Brown
Computers 2020, 9(2), 44; https://doi.org/10.3390/computers9020044 - 30 May 2020
Cited by 57 | Viewed by 16183
Abstract
The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of [...] Read more.
The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of IoT in different domains and areas of our daily lives has created an Internet of Vulnerabilities (IoV). In the rush to build and implement IoT devices, security and privacy have not been adequately addressed. IoT devices, many of which are highly constrained, are vulnerable to cyber attacks, which threaten the security and privacy of users and systems. This survey provides a comprehensive overview of IoT in regard to areas of application, security architecture frameworks, recent security and privacy issues in IoT, as well as a review of recent similar studies on IoT security and privacy. In addition, the paper presents a comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented. Moreover, the study proposes mitigations and countermeasures, taking a multi-faceted approach rather than a per layer approach. Open research areas are also covered to provide researchers with the most recent research urgent questions in regard to securing IoT ecosystem. Full article
(This article belongs to the Special Issue IoT: Security, Privacy and Best Practices)
Show Figures

Figure 1

14 pages, 2525 KiB  
Article
Improving Internet of Things (IoT) Security with Software-Defined Networking (SDN)
by Abdullah Al Hayajneh, Md Zakirul Alam Bhuiyan and Ian McAndrew
Computers 2020, 9(1), 8; https://doi.org/10.3390/computers9010008 - 7 Feb 2020
Cited by 79 | Viewed by 14568
Abstract
There has been an increase in the usage of Internet of Things (IoT), which has recently become a rising area of interest as it is being extensively used for numerous applications and devices such as wireless sensors, medical devices, sensitive home sensors, and [...] Read more.
There has been an increase in the usage of Internet of Things (IoT), which has recently become a rising area of interest as it is being extensively used for numerous applications and devices such as wireless sensors, medical devices, sensitive home sensors, and other related IoT devices. Due to the demand to rapidly release new IoT products in the market, security aspects are often overlooked as it takes time to investigate all the possible vulnerabilities. Since IoT devices are internet-based and include sensitive and confidential information, security concerns have been raised and several researchers are exploring methods to improve the security among these types of devices. Software defined networking (SDN) is a promising computer network technology which introduces a central program named ‘SDN Controller’ that allows overall control of the network. Hence, using SDN is an obvious solution to improve IoT networking performance and overcome shortcomings that currently exist. In this paper, we (i) present a system model to effectively use SDN with IoT networks; (ii) present a solution for mitigating man-in-the-middle attacks against IoT that can only use HTTP, which is a critical attack that is hard to defend; and (iii) implement the proposed system model using Raspberry Pi, Kodi Media Center, and Openflow Protocol. Our system implementation and evaluations show that the proposed technique is more resilient to cyber-attacks. Full article
(This article belongs to the Special Issue IoT: Security, Privacy and Best Practices)
Show Figures

Figure 1

17 pages, 367 KiB  
Article
A Novel Security Protocol for Wireless Sensor Networks with Cooperative Communication
by Abdullah Al Hayajneh, Md Zakirul Alam Bhuiyan and Ian McAndrew
Computers 2020, 9(1), 4; https://doi.org/10.3390/computers9010004 - 20 Jan 2020
Cited by 22 | Viewed by 5582
Abstract
This paper builds upon the foundation and clarifies specifications for a necessary security protocol in Wireless Sensor Networks (WSNs) with cooperative communications. It is designed to enhance performance and resiliency against cyber-attacks. Recent literature has shown that developing a WSN with Cooperative Communication [...] Read more.
This paper builds upon the foundation and clarifies specifications for a necessary security protocol in Wireless Sensor Networks (WSNs) with cooperative communications. It is designed to enhance performance and resiliency against cyber-attacks. Recent literature has shown that developing a WSN with Cooperative Communication greatly increases the performance of the network, but also exposes new vulnerabilities. The technique operates by transmitting packets of data to neighboring relay nodes in a cooperative fashion to reach the destination. In this paper, we consider security issues in WSNs with cooperative communication on each layer of the OSI model: physical layer, data link layer, network layer, service (topology) layer, and application layer. For each layer, we clarify the main task, enumerate the main attacks and threats, specify the primary security approaches and techniques (if any), and discuss possible new attacks and problems that may arise with the use of cooperative communications. Furthermore, we show for some attacks (e.g., jamming, packet dropping, and wormhole) that using cooperative communication improves the network resiliency and reliability. Finally, we propose a security protocol that addresses many of these shortcomings, while outlining the remaining issues that need further work and research. Full article
(This article belongs to the Special Issue IoT: Security, Privacy and Best Practices)
Show Figures

Figure 1

Back to TopTop