Privacy and Security for IoT Devices

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Microwave and Wireless Communications".

Deadline for manuscript submissions: closed (15 March 2024) | Viewed by 5265

Special Issue Editors

Department of Computer Science and Engineering, The Ohio State University, Columbus, OH 43210, USA
Interests: Bluetooth security; IoT security; mobile security; blockchain

E-Mail Website
Guest Editor
School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710061, China
Interests: public key cryptography; cloud security; network security
School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710061, China
Interests: authentication; encryption; blockchain
College of Information Science and Technology and the College of Cyber Security, Jinan University, Guangzhou 510632, China
Interests: blockchain security and its applications; two-layer state channel; security and privacy

Special Issue Information

Dear Colleagues,

Internet of Things (IoT) systems continue to experience rapid growth and have been used in numerous applications (e.g., smart healthcare, smart home, smart grid). The number of IoT devices is expected to surpass that of mobile phones by 2025.  Clearly, it is unlikely that there will be no vulnerabilities in such a vast number of IoT devices.  As such, it is imperative to discover these vulnerabilities and fix them before they can be exploited. Meanwhile, a lack of proper protections would also expose critical facilities and Internet-connected IoT systems to widespread cyber-attacks (e.g., device fingerprinting attacks may threaten the privacy of the IoT devices). As such, IoT security and privacy is increasingly important for both societies and individuals.

To respond to this urgent call, in this Special Issue, we will discuss the possible attack surface of IoT devices by proposing the attacks with novel insights or performing measurement studies and case studies to understand the impacts of the attacks. We will propose novel detection methods, which can effectively identify a specific attack or a wide range of attacks against IoT devices. We will also propose and discuss the security protection of IoT devices. The Special Issue will present the state of the science for the most relevant problems in IoT security and privacy, and contribute to the IoT ecosystem in academic and industrial areas. We invite investigators to submit original research articles to this Special Issue.

Potential submission topics include but are not limited to the following:

  • Attacks against security and privacy of IoT devices with novel insights; 
  • Case studies on attacks against IoT devices;
  • Measurement studies on attacks against IoT devices with novel results;
  • Detection methods for IoT device vulnerabilities;
  • IoT protocol security;
  • Security and privacy protection for IoT devices;
  • Intrusion and anomaly detection for IoT devices.

Dr. Yue Zhang
Prof. Dr. Yinghui Zhang
Dr. Gang Han
Dr. Ming Li
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • IoT
  • IoT protocol security
  • intrusion

Published Papers (5 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

20 pages, 2228 KiB  
Article
Blockchain Technology for Access and Authorization Management in the Internet of Things
by Maria Polychronaki, Dimitrios G. Kogias, Helen C. Leligkou and Panagiotis A. Karkazis
Electronics 2023, 12(22), 4606; https://doi.org/10.3390/electronics12224606 - 10 Nov 2023
Viewed by 858
Abstract
The Internet of Things (IoT) continues to suffer from security issues, even after 20 years of technological evolution and continuing efforts. While the decentralization of the IoT seems to be a solution for improved resource management and scalability, most of the services remain [...] Read more.
The Internet of Things (IoT) continues to suffer from security issues, even after 20 years of technological evolution and continuing efforts. While the decentralization of the IoT seems to be a solution for improved resource management and scalability, most of the services remain centralized, exposing IoT systems to malicious attacks. As a result, this leads to functionality failures and endangers user and data integrity. Identity and Access Management (IAM) has the ability to provide defense against a great number of security threats. Additionally, blockchain is a technology which can natively support decentralization, as well as access and authorization management techniques, using the corresponding programmable logic and leveraging cryptographic mechanisms for privacy and security. Using standardized frameworks (e.g., Decentralized Identifiers and Verifiable Credentials), a blockchain-based access and authorization solution can present the basis for a uniform decentralized IAM framework for the IoT. To this end, this paper presents a proof-of-concept design and implementation of an IAM solution based on Solidity smart contracts, targeting two areas: firstly, supporting the fact that blockchain can seamlessly provide the basis for a decentralized IAM framework, while secondly (and most importantly) exploring the challenge of integrating within existing IoT systems, avoiding redesigning and redeveloping on behalf of IoT manufacturers. Full article
(This article belongs to the Special Issue Privacy and Security for IoT Devices)
Show Figures

Figure 1

15 pages, 834 KiB  
Article
A Cross-Institution Information-Sharing Scheme Based on a Consortium Blockchain
by Bingbing Tan, Yanli Chen, Yonghui Zhou, Shouqing Li and Zhicheng Dong
Electronics 2023, 12(21), 4512; https://doi.org/10.3390/electronics12214512 - 02 Nov 2023
Viewed by 676
Abstract
In today’s data-driven world, efficient and secure cross-institution information-sharing is an urgent challenge. Traditional information-sharing methods based on access controlling often suffer from issues such as privacy breaches and high communication complexity. To address this issue, this paper proposes a cross-institution information-sharing solution [...] Read more.
In today’s data-driven world, efficient and secure cross-institution information-sharing is an urgent challenge. Traditional information-sharing methods based on access controlling often suffer from issues such as privacy breaches and high communication complexity. To address this issue, this paper proposes a cross-institution information-sharing solution based on a consortium blockchain, in which it combines on-chain transaction consensus with off-chain institution storage, thereby facilitating collaboration among nodes from different institutions on the blockchain. To enhance the efficiency and security of transactions on the blockchain, we also introduce a dynamic and adaptive Practical Byzantine Fault Tolerance (DA-PBFT) consensus protocol, which permits nodes to dynamically join and exit the blockchain network, consequently improving network scalability. Through a reputation mechanism, we swiftly identify and remove faulty and malicious nodes, enhancing the trustworthiness of nodes in the information-sharing network based on consortium blockchain, thereby improving consensus efficiency. We have also employed encryption techniques to enhance the privacy and integrity of data during the process of cross-institution information sharing. A comprehensive analysis of the communication complexity in the information-sharing network confirms the effectiveness and security of our proposed solution. We offer a unique solution to improve the efficiency and security of cross-institution information-sharing while ensuring data integrity and privacy. By addressing the challenges of privacy breaches and high communication complexity in information sharing, we establish a foundation for secure cross-institution data exchange. Full article
(This article belongs to the Special Issue Privacy and Security for IoT Devices)
Show Figures

Figure 1

13 pages, 4287 KiB  
Article
High-Capacity Imperceptible Data Hiding Using Permutation-Based Embedding Process for IoT Security
by Jui-Chuan Liu, Ching-Chun Chang, Chin-Chen Chang and Shuying Xu
Electronics 2023, 12(21), 4488; https://doi.org/10.3390/electronics12214488 - 31 Oct 2023
Cited by 1 | Viewed by 693
Abstract
The internet of things (IoT) has become a popular technology in communication which utilizes the concept of connecting things together and exchanges information through various networks. Since data can be transferred through a wide range of channels, IoT systems suffer from potential data [...] Read more.
The internet of things (IoT) has become a popular technology in communication which utilizes the concept of connecting things together and exchanges information through various networks. Since data can be transferred through a wide range of channels, IoT systems suffer from potential data leakages. One of the common ways to reduce such risks is to engage steganography with secret information during transmission. A novel scheme proposed in this paper exploits simple pixel permutations to embed secret data. Instead of handling pixel blocks, the proposed scheme maneuvers on pixels directly. The proposed scheme simply manipulates the sequenced pixels using two coefficients, a threshold of range for pixel values, and a specified clustering count to fulfill the two major requirements of effective data hiding. The experimental results indicate that the proposed scheme provides a satisfactory embedding capacity and preserves a high level of image visual quality. The overall performance of the proposed scheme demonstrates its high potential in IoT security. Full article
(This article belongs to the Special Issue Privacy and Security for IoT Devices)
Show Figures

Figure 1

17 pages, 1285 KiB  
Article
PD-PAn: Prefix- and Distribution-Preserving Internet of Things Traffic Anonymization
by Xiaodan Gu and Kai Dong
Electronics 2023, 12(20), 4369; https://doi.org/10.3390/electronics12204369 - 21 Oct 2023
Viewed by 683
Abstract
One of the features of network traffic in Internet of Things (IoT) environments is that various IoT devices periodically communicate with their vendor services by sending and receiving packets with unique characteristics through private protocols. This paper investigates semantic attacks in IoT environments. [...] Read more.
One of the features of network traffic in Internet of Things (IoT) environments is that various IoT devices periodically communicate with their vendor services by sending and receiving packets with unique characteristics through private protocols. This paper investigates semantic attacks in IoT environments. An IoT semantic attack is active, covert, and more dangerous in comparison with traditional semantic attacks. A compromised IoT server actively establishes and maintains a communication channel with its device, and covertly injects fingerprints into the communicated packets. Most importantly, this server not only de-anonymizes other IPs, but also infers the machine states of other devices (IPs). Traditional traffic anonymization techniques, e.g., Crypto-PAn and Multi-View, either cannot ensure data utility or is vulnerable to semantic attacks. To address this problem, this paper proposes a prefix- and distribution-preserving traffic anonymization method named PD-PAn, which generates multiple anonymized views of the original traffic log to defend against semantic attacks. The prefix relationship is preserved in the real view to ensure data utility, while the IP distribution characteristic is preserved in all the views to ensure privacy. Intensive experiments verify the vulnerability of the state-of-the-art techniques and effectiveness of PD-PAn. Full article
(This article belongs to the Special Issue Privacy and Security for IoT Devices)
Show Figures

Figure 1

19 pages, 503 KiB  
Article
Toward Privacy-Preserving Directly Contactable Symptom-Matching Scheme for IoT Devices
by Rongrong Guo, Jianhao Zhu, Mei Cai, Wen He and Qianheng Yang
Electronics 2023, 12(7), 1641; https://doi.org/10.3390/electronics12071641 - 30 Mar 2023
Viewed by 1228
Abstract
The development of IoT devices has driven technological advancements across industries, especially in healthcare. IoT devices have brought many conveniences to patients, such as symptom matching, the real-time acquisition of health data, and online diagnosis. However, the development of the Internet of Things [...] Read more.
The development of IoT devices has driven technological advancements across industries, especially in healthcare. IoT devices have brought many conveniences to patients, such as symptom matching, the real-time acquisition of health data, and online diagnosis. However, the development of the Internet of Things also brings security and privacy challenges, which have attracted the attention of many scholars. In symptom matching, patients can communicate with patients similar to themselves through symptom matching, exchange treatment experiences, and encourage each other. However, matching in plaintext will pose a huge threat to user privacy, such as discrimination, which in turn affects job hunting, etc. Therefore, this paper proposes a symptom-matching scheme for IoT devices based on the Diffie–Hellman key agreement. Specifically, we construct and formally define the Switching Threshold Label Private Set Intersection (STLPSI) protocol based on the Diffie–Hellman key agreement and apply it for medical symptom matching. Our protocol can not only set the threshold of the same symptoms, but also patients who meet the threshold can obtain one another’s contact information. Furthermore, our scheme does not rely on any trusted third parties. Through security analysis and experiments, our scheme is shown to be effective in preserving privacy during symptom matching. Full article
(This article belongs to the Special Issue Privacy and Security for IoT Devices)
Show Figures

Graphical abstract

Back to TopTop