Special Issue "Cyber Security for Internet of Things"

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Computer Science & Engineering".

Deadline for manuscript submissions: 30 November 2020.

Special Issue Editors

Prof. Dr. Carsten Maple
Website
Guest Editor
Cyber Security Centre, WMG, University of Warwick, Gibbett Hill Road, Coventry CV4 7AL, UK
Interests: security in cyber physical systems; privacy enhancing technologies; human aspects of security; threat modeling
Special Issues and Collections in MDPI journals
Dr. Matthew Bradbury
Website
Guest Editor
Cyber Security Centre, WMG, University of Warwick, Gibbett Hill Road, Coventry CV4 7AL, UK
Interests: Wireless Sensor Networks; VANETs; location privacy
Special Issues and Collections in MDPI journals
Dr. Munam Ali Shah
Website
Guest Editor
Department of Computer Science, COMSATS University Islamabad, Park Road, Chak Shahzad, Islamabad, Pakistan
Interests: MAC protocol design; Internet of Things; security issues in wireless communication systems

Special Issue Information

Dear Colleagues,

Internet of Things (IoT) devices are being deployed in a wide range of scenarios including, but not limited to, critical national infrastructure systems, intelligent transportation systems, smart homes, logistics, and manufacturing. Given the pervasiveness and importance of these deployments, it is vital to consider the cyber security implications. Understanding and addressing cyber security is complex and is best served by adopting an interdisciplinary approach. With IoT devices being connected and embedded in the existing cyber-physical world, new threats are emerging, and vulnerabilities are being exploited. This creates intrinsic difficulties in building secure systems, and the solution cannot be technical alone; we also need to consider the human-in-the-loop and process issues.

There have been many recent extensions of the IoT, such as the Internet of Everything, the Internet of Vehicles, the Internet of Bio-nano Things and the Internet of Space Things, among many others. Techniques and paradigms are having an impact on these Internet of X systems, such as advances in privacy aware computing, Edge computing, cyber-physical systems, human machine computing, distributed ledger technology, big data analytics, and artificial intelligence. With such a rapidly evolving ecosystem, these systems have become more complicated and vulnerable to new types of cyber security attacks, as well as more attractive targets to attackers.

This Special Issue aims to provide a platform for both academia and industry to present advances in new techniques, analyses, and evaluations in IoT cyber security and provide new ideas and solutions to address the advanced security challenges. Topics of interest include, but are not limited to, the following:

  • Cyber security threat models and architectures;
  • Cryptographic solutions for cyber security;
  • Human-centric cyber security solutions;
  • AI-based countermeasures;
  • Cyber artificial intelligence;
  • Cyber threat intelligence;
  • Adversarial machine learning;
  • Security in online social networks;
  • Forensics of cyber-physical systems;
  • Machine learning-driven malware analysis;
  • Cyber security analytics;
  • Blockchain-based cyber security;
  • Privacy and trust in the Internet of Things;
  • Cyber Security at the Edge;
  • Assessing risk in IoT deployments;
  • Testbeds for IoT cyber security.

Prof. Dr. Carsten Maple
Dr. Matthew Bradbury
Dr. Munam Ali Shah
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1500 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Cyber security
  • IoT security
  • Cyber physical systems
  • Edge security
  • Forensics in cyber physical systems
  • Information security
  • Security engineering
  • Cyber security risk and analytics

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Open AccessArticle
A Fast Deep Learning Method for Security Vulnerability Study of XOR PUFs
Electronics 2020, 9(10), 1715; https://doi.org/10.3390/electronics9101715 - 18 Oct 2020
Abstract
Physical unclonable functions (PUF) are emerging as a promising alternative to traditional cryptographic protocols for IoT authentication. XOR Arbiter PUFs (XPUFs), a group of well-studied PUFs, are found to be secure against machine learning (ML) attacks if the XOR gate is large enough, [...] Read more.
Physical unclonable functions (PUF) are emerging as a promising alternative to traditional cryptographic protocols for IoT authentication. XOR Arbiter PUFs (XPUFs), a group of well-studied PUFs, are found to be secure against machine learning (ML) attacks if the XOR gate is large enough, as both the number of CRPs and the computational time required for modeling n-XPUF increases fast with respect to n, the number of component arbiter PUFs. In this paper, we present a neural network-based method that can successfully attack XPUFs with significantly fewer CRPs and shorter learning time when compared with existing ML attack methods. Specifically, the experimental study in this paper shows that our new method can break the 64-bit 9-XPUF within ten minutes of learning time for all of the tested samples and runs, with magnitudes faster than the fastest existing ML attack method, which takes over 1.5 days of parallel computing time on 16 cores. Full article
(This article belongs to the Special Issue Cyber Security for Internet of Things)
Show Figures

Figure 1

Open AccessArticle
From Conventional to State-of-the-Art IoT Access Control Models
Electronics 2020, 9(10), 1693; https://doi.org/10.3390/electronics9101693 - 15 Oct 2020
Abstract
The advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) [...] Read more.
The advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) that continuously produce and exchange huge amounts of data with people and applications. Similarly, more than a billion people are connected through social networking sites to collaborate and share their knowledge. The applications of IoT such as smart health, smart city, social networking, video surveillance and vehicular communication are quickly evolving people’s daily lives. These applications provide accurate, information-rich and personalized services to the users. However, providing personalized information comes at the cost of accessing private information of users such as their location, social relationship details, health information and daily activities. When the information is accessible online, there is always a chance that it can be used maliciously by unauthorized entities. Therefore, an effective access control mechanism must be employed to ensure the security and privacy of entities using OSN and IoT services. Access control refers to a process which can restrict user’s access to data and resources. It enforces access rules to grant authorized users an access to resources and prevent others. This survey examines the increasing literature on access control for traditional models in general, and for OSN and IoT in specific. Challenges and problems related to access control mechanisms are explored to facilitate the adoption of access control solutions in OSN and IoT scenarios. The survey provides a review of the requirements for access control enforcement, discusses several security issues in access control, and elaborates underlying principles and limitations of famous access control models. We evaluate the feasibility of current access control models for OSN and IoT and provide the future development direction of access control for the same. Full article
(This article belongs to the Special Issue Cyber Security for Internet of Things)
Show Figures

Figure 1

Open AccessArticle
Multibit-Generating Pulsewidth-Based Memristive-PUF Structure and Circuit Implementation
Electronics 2020, 9(9), 1446; https://doi.org/10.3390/electronics9091446 - 04 Sep 2020
Cited by 1
Abstract
As Internet of Things (IoT) devices have evolved, physical unclonable functions (PUFs) have become a popular solution for hardware security. In particular, memristor devices are receiving attention as suitable candidates for reliable PUFs because they can be integrated into nano-cross point array circuits [...] Read more.
As Internet of Things (IoT) devices have evolved, physical unclonable functions (PUFs) have become a popular solution for hardware security. In particular, memristor devices are receiving attention as suitable candidates for reliable PUFs because they can be integrated into nano-cross point array circuits with ultra-high efficiency. However, it has been found that typical 1-bit generating PUFs consume too many challenge–response pairs (CRPs) to generate a single response. This issue has to be overcome to construct a strong and reliable PUF with a large number of valid CRPs. We suggest a bank design and quantizing entropy source method for constructing a multibit-generating PUF. In this paper, we propose a new pulsewidth-based memristive PUF (pm-PUF) architecture that incorporates analog memristor devices and a nano-cross point array. We describe the architecture’s circuit implementation and its operating process in detail. We also evaluate the inter and intra performances of the pm-PUF in terms of randomness, diffuseness, uniqueness, and steadiness to show that the proposed pm-PUF will be a promising solution for a high-density hardware security system. Full article
(This article belongs to the Special Issue Cyber Security for Internet of Things)
Show Figures

Figure 1

Open AccessArticle
Proactive Forensics in IoT: Privacy-Aware Log-Preservation Architecture in Fog-Enabled-Cloud Using Holochain and Containerization Technologies
Electronics 2020, 9(7), 1172; https://doi.org/10.3390/electronics9071172 - 19 Jul 2020
Abstract
Collecting and preserving the smart environment logs connected to cloud storage is challenging due to the black-box nature and the multi-tenant cloud models which can pervade log secrecy and privacy. The existing work for log secrecy and confidentiality depends on cloud-assisted models, but [...] Read more.
Collecting and preserving the smart environment logs connected to cloud storage is challenging due to the black-box nature and the multi-tenant cloud models which can pervade log secrecy and privacy. The existing work for log secrecy and confidentiality depends on cloud-assisted models, but these models are prone to multi-stakeholder collusion problems. This study proposes ’PLAF,’ a holistic and automated architecture for proactive forensics in the Internet of Things (IoT) that considers the security and privacy-aware distributed edge node log preservation by tackling the multi-stakeholder issue in a fog enabled cloud. We have developed a test-bed to implement the specification, as mentioned earlier, by incorporating many state-of-the-art technologies in one place. We used Holochain to preserve log integrity, provenance, log verifiability, trust admissibility, and ownership non-repudiation. We introduced the privacy preservation automation of log probing via non-malicious command and control botnets in the container environment. For continuous and robust integration of IoT microservices, we used docker containerization technology. For secure storage and session establishment for logs validation, Paillier Homomorphic Encryption, and SSL with Curve25519 is used respectively. We performed the security and performance analysis of the proposed PLAF architecture and showed that, in stress conditions, the automatic log harvesting running in containers gives a 95% confidence interval. Moreover, we show that log preservation via Holochain can be performed on ARM-Based architectures such as Raspberry Pi in a very less amount of time when compared with RSA and blockchain. Full article
(This article belongs to the Special Issue Cyber Security for Internet of Things)
Show Figures

Figure 1

Open AccessArticle
Boosted Trees Algorithm as Reliable Spectrum Sensing Scheme in the Presence of Malicious Users
Electronics 2020, 9(6), 1038; https://doi.org/10.3390/electronics9061038 - 23 Jun 2020
Abstract
Cooperative spectrum sensing (CSS) has the ability to accurately identify the activities of the primary users (PUs). As the secondary users’ (SUs) sensing performance is disturbed in the fading and shadowing environment, therefore the CSS is a suitable choice to achieve better sensing [...] Read more.
Cooperative spectrum sensing (CSS) has the ability to accurately identify the activities of the primary users (PUs). As the secondary users’ (SUs) sensing performance is disturbed in the fading and shadowing environment, therefore the CSS is a suitable choice to achieve better sensing results compared to individual sensing. One of the problems in the CSS occurs due to the participation of malicious users (MUs) that report false sensing data to the fusion center (FC) to misguide the FC’s decision about the PUs’ activity. Out of the different categories of MUs, Always Yes (AY), Always No (AN), Always Opposite (AO) and Random Opposite (RO) are of high interest these days in the literature. Recently, high sensing performance for the CSS can be achieved using machine learning techniques. In this paper, boosted trees algorithm (BTA) has been proposed for obtaining reliable identification of the PU channel, where the SUs can access the PU channel opportunistically with minimum disturbances to the licensee. The proposed BTA mitigates the spectrum sensing data falsification (SSDF) effects of the AY, AN, AO and RO categories of the MUs. BTA is an ensemble method for solving spectrum sensing problems using different classifiers. It boosts the performance of some weak classifiers in the combination by giving higher weights to the weak classifiers’ sensing decisions. Simulation results verify the performance improvement by the proposed algorithm compared to the existing techniques such as genetic algorithm soft decision fusion (GASDF), particle swarm optimization soft decision fusion (PSOSDF), maximum gain combination soft decision fusion (MGCSDF) and count hard decision fusion (CHDF). The experimental setup is conducted at different levels of the signal-to-noise ratios (SNRs), total number of cooperative users and sensing samples that show minimum error probability results for the proposed scheme. Full article
(This article belongs to the Special Issue Cyber Security for Internet of Things)
Show Figures

Figure 1

Open AccessArticle
Lightweight Modeling Attack-Resistant Multiplexer-Based Multi-PUF (MMPUF) Design on FPGA
Electronics 2020, 9(5), 815; https://doi.org/10.3390/electronics9050815 - 15 May 2020
Abstract
Physical unclonable function (PUF) is a primary hardware security primitive that is suitable for lightweight applications. However, it is found to be vulnerable to modeling attacks using machine learning algorithms. In this paper, multiplexer (MUX)-based Multi-PUF (MMPUF) design is proposed to thwart modeling [...] Read more.
Physical unclonable function (PUF) is a primary hardware security primitive that is suitable for lightweight applications. However, it is found to be vulnerable to modeling attacks using machine learning algorithms. In this paper, multiplexer (MUX)-based Multi-PUF (MMPUF) design is proposed to thwart modeling attacks. The proposed design uses a weak PUF to obfuscate the challenge of a strong PUF. A mathematical model of the proposed design is presented and analyzed. The three most widely used modeling attack techniques are used to evaluate the resistance of the proposed design. Experimental results show that the proposed MMPUF design is more resistant to the machine learning attack than the previously proposed XOR-based Multi-PUF (XMPUF) design. For a large sample size, the prediction rate of the proposed MMPUF is less than the conventional Arbiter PUF (APUF). Compared with existing attack-resistant PUF designs, the proposed MMPUF design demonstrates high resistance. To verify the proposed design, a hardware implementation on Xilinx 7 Series FPGAs is presented. The hardware experimental results show that the proposed MMPUF designs present good results of uniqueness and reliability. Full article
(This article belongs to the Special Issue Cyber Security for Internet of Things)
Show Figures

Figure 1

Open AccessArticle
θ-Sensitive k-Anonymity: An Anonymization Model for IoT based Electronic Health Records
Electronics 2020, 9(5), 716; https://doi.org/10.3390/electronics9050716 - 26 Apr 2020
Cited by 1
Abstract
The Internet of Things (IoT) is an exponentially growing emerging technology, which is implemented in the digitization of Electronic Health Records (EHR). The application of IoT is used to collect the patient’s data and the data holders and then to publish these data. [...] Read more.
The Internet of Things (IoT) is an exponentially growing emerging technology, which is implemented in the digitization of Electronic Health Records (EHR). The application of IoT is used to collect the patient’s data and the data holders and then to publish these data. However, the data collected through the IoT-based devices are vulnerable to information leakage and are a potential privacy threat. Therefore, there is a need to implement privacy protection methods to prevent individual record identification in EHR. Significant research contributions exist e.g., p+-sensitive k-anonymity and balanced p+-sensitive k-anonymity for implementing privacy protection in EHR. However, these models have certain privacy vulnerabilities, which are identified in this paper with two new types of attack: the sensitive variance attack and categorical similarity attack. A mitigation solution, the θ -sensitive k-anonymity privacy model, is proposed to prevent the mentioned attacks. The proposed model works effectively for all k-anonymous size groups and can prevent sensitive variance, categorical similarity, and homogeneity attacks by creating more diverse k-anonymous groups. Furthermore, we formally modeled and analyzed the base and the proposed privacy models to show the invalidation of the base and applicability of the proposed work. Experiments show that our proposed model outperforms the others in terms of privacy security (14.64%). Full article
(This article belongs to the Special Issue Cyber Security for Internet of Things)
Show Figures

Figure 1

Review

Jump to: Research

Open AccessReview
Location Proof Systems for Smart Internet of Things: Requirements, Taxonomy, and Comparative Analysis
Electronics 2020, 9(11), 1776; https://doi.org/10.3390/electronics9111776 - 26 Oct 2020
Abstract
In the current hyper-connected, data-driven era, smart devices are providing access to geolocation information, enabling a paradigm shift in diverse domains. Location proof systems utilize smart devices to provide witnessed proof of location to enable secure location-based services (LBS). Applications of location proof [...] Read more.
In the current hyper-connected, data-driven era, smart devices are providing access to geolocation information, enabling a paradigm shift in diverse domains. Location proof systems utilize smart devices to provide witnessed proof of location to enable secure location-based services (LBS). Applications of location proof systems include safety, asset management and operations monitoring in health care, supply chain tracking, and Internet-of-Things (IoT)-based location intelligence in businesses. In this paper, we investigate the state of the art in location proof systems, examining design challenges and implementation considerations for application in the real world. To frame the analysis, we have developed a taxonomy of location proof systems and performed a comparative analysis over the common attributes, highlighting their strength and weaknesses. Furthermore, we have identified future trends for this increasingly important area of investigation and development. Full article
(This article belongs to the Special Issue Cyber Security for Internet of Things)
Back to TopTop