Special Issue "IoT Security and Privacy"

A special issue of Future Internet (ISSN 1999-5903).

Deadline for manuscript submissions: closed (31 October 2018)

Special Issue Editors

Guest Editor
Dr. Georgios Kambourakis

Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece
Website | E-Mail
Fax: +30 22730 82009
Interests: mobile and wireless communication systems security and privacy; VoIP security and privacy; mobile medical systems security and privacy; e-learning and m-learning security; DNS Security
Guest Editor
Dr. Constantinos Kolias

Computer Science department, George Mason University, VA, USA
Website | E-Mail
Interests: security for the Internet of Things; authentication schemes for 4G and 5G wireless protocols; wireless intrusion detection

Special Issue Information

Dear Colleagues,

As per recent estimates, the number of Internet of Things (IoT) devices will surpass 50 billion by 2020. Unsurprisingly, this growth of IoT devices has drawn the attention of attackers who seek to exploit the merits of this new technology for their own benefit. The direct or indirect exposure of the limited resources IoT devices to the dangers of the Internet opens the door to a plethora of potential security and privacy risks to the end‐users, including the unsanctioned access and abuse of private information, the enabling and strengthening of assaults against other systems, and the breeding of risks pertaining to personal safeness.

When considering conventional Internet applications, typical risks revolve around economic losses, leakage of personal private information and damage of reputation of the corporation. However, as IoT starts to penetrate to virtually all sectors of the society, such as retail, transportation, home automation and even healthcare, any security breach may prove catastrophic to the actual user and its physical world. Such considerations may diminish the user’s confidence towards the IoT technology as a whole and impede its adoption.

The Special Issue at hand intends to promote the dissemination of the latest methodologies, solutions, and case studies pertaining to IoT security and privacy issues. Its objective is to publish high‐quality articles presenting security algorithms, protocols, policies, frameworks, and solutions for the IoT ecosystem. Only technical papers describing previously unpublished, original, state‐of‐the‐art research, and not currently under review by a conference or journal will be considered.

Possible topics of interest of this special issue include, but are not limited to:

  • Security and privacy in heterogeneous IoT.
  • Secure and Privacy Preserving Data Mining and Aggregation in IoT applications.
  • Cross‐domain trust management in smart networks.
  • Secure authentication of IoT devices.
  • MAC layer security protocols for the IoT applications.
  • IoT security mechanisms targeting application layer protocols.
  • Resource‐savvy Intrusion Detection for Networks of Things.

Dr. Georgios Kambourakis
Dr. Constantinos Kolias
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Future Internet is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Internet of Things
  • Cybersecurity
  • Privacy
  • Threat
  • Attack
  • Vulnerability
  • Defense
  • Intrusion

Related Special Issue

Published Papers (7 papers)

View options order results:
result details:
Displaying articles 1-7
Export citation of selected articles as:

Research

Jump to: Review

Open AccessArticle
Security Risk Analysis of LoRaWAN and Future Directions
Future Internet 2019, 11(1), 3; https://doi.org/10.3390/fi11010003
Received: 20 November 2018 / Revised: 17 December 2018 / Accepted: 18 December 2018 / Published: 21 December 2018
Cited by 1 | PDF Full-text (1111 KB) | HTML Full-text | XML Full-text
Abstract
LoRa (along with its upper layers definition—LoRaWAN) is one of the most promising Low Power Wide Area Network (LPWAN) technologies for implementing Internet of Things (IoT)-based applications. Although being a popular technology, several works in the literature have revealed vulnerabilities and risks regarding [...] Read more.
LoRa (along with its upper layers definition—LoRaWAN) is one of the most promising Low Power Wide Area Network (LPWAN) technologies for implementing Internet of Things (IoT)-based applications. Although being a popular technology, several works in the literature have revealed vulnerabilities and risks regarding the security of LoRaWAN v1.0 (the official 1st specification draft). The LoRa-Alliance has built upon these findings and introduced several improvements in the security and architecture of LoRa. The result of these efforts resulted in LoRaWAN v1.1, released on 11 October 2017. This work aims at reviewing and clarifying the security aspects of LoRaWAN v1.1. By following ETSI guidelines, we provide a comprehensive Security Risk Analysis of the protocol and discuss several remedies to the security risks described. A threat catalog is presented, along with discussions and analysis in view of the scale, impact, and likelihood of each threat. To the best of the authors’ knowledge, this work is one of the first of its kind, by providing a detailed security risk analysis related to the latest version of LoRaWAN. Our analysis highlights important practical threats, such as end-device physical capture, rogue gateway and self-replay, which require particular attention by developers and organizations implementing LoRa networks. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Open AccessArticle
“Network Sentiment” Framework to Improve Security and Privacy for Smart Home
Future Internet 2018, 10(12), 125; https://doi.org/10.3390/fi10120125
Received: 31 October 2018 / Revised: 16 December 2018 / Accepted: 17 December 2018 / Published: 19 December 2018
Cited by 2 | PDF Full-text (10555 KB) | HTML Full-text | XML Full-text
Abstract
A Smart Home is characterized by the presence of a huge number of small, low power devices, along with more classical devices. According to the Internet of Things (IoT) paradigm, all of them are expected to be always connected to the Internet in [...] Read more.
A Smart Home is characterized by the presence of a huge number of small, low power devices, along with more classical devices. According to the Internet of Things (IoT) paradigm, all of them are expected to be always connected to the Internet in order to provide enhanced services. In this scenario, an attacker can undermine both the network security and the user’s security/privacy. Traditional security measures are not sufficient, because they are too difficult to setup and are either too weak to effectively protect the user or too limiting for the new services effectiveness. The paper suggests to dynamically adapt the security level of the smart home network according to the user perceived risk level what we have called network sentiment analysis. The security level is not fixed, established by a central system (usually by the Internet Service Provider) but can be changed with the users cooperation. The security of the smart home network is improved by a distributed firewalls and Intrusion Detection Systems both to the smart home side as to the Internet Service Provider side. These two parts must cooperate and integrate their actions for reacting dynamically to new and on going threats. Moreover, the level of network sentiment detected can be propagate to nearby home networks (e.g., the smart home networks of the apartments inside a building) to increase/decrease their level of security, thus creating a true in-line Intrusion Prevention System (IPS). The paper also presents a test bed for Smart Home to detect and counteract to different attacks against the IoT sensors, Wi-Fi and Ethernet connections. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Open AccessArticle
Secure and Dynamic Memory Management Architecture for Virtualization Technologies in IoT Devices
Future Internet 2018, 10(12), 119; https://doi.org/10.3390/fi10120119
Received: 15 October 2018 / Revised: 26 November 2018 / Accepted: 28 November 2018 / Published: 30 November 2018
PDF Full-text (340 KB) | HTML Full-text | XML Full-text
Abstract
The introduction of the internet in embedded devices led to a new era of technology—the Internet of Things (IoT) era. The IoT technology-enabled device market is growing faster by the day, due to its complete acceptance in diverse areas such as domicile systems, [...] Read more.
The introduction of the internet in embedded devices led to a new era of technology—the Internet of Things (IoT) era. The IoT technology-enabled device market is growing faster by the day, due to its complete acceptance in diverse areas such as domicile systems, the automobile industry, and beyond. The introduction of internet connectivity in objects that are frequently used in daily life raises the question of security—how secure is the information and the infrastructure handled by these devices when they are connected to the internet? Security enhancements through standard cryptographic techniques are not suitable due to the power and performance constraints of IoT devices. The introduction of virtualization technology into IoT devices is a recent development, meant for fulfilling security and performance needs. However, virtualization augments the vulnerability present in IoT devices, due to the addition of one more software layer—namely, the hypervisor, which enables the sharing of resources among different users. This article proposes the adaptation of ASMI (Architectural Support for Memory Isolation—a general architecture available in the literature for the improvement of the performance and security of virtualization technology) on the popular MIPS (Microprocessor without Interlocked Pipeline Stages) embedded virtualization platform, which could be adopted in embedded virtualization architectures for IoT devices. The article illustrates the performance enhancement achieved by the proposed architecture with the existing architectures. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Open AccessArticle
IAACaaS: IoT Application-Scoped Access Control as a Service
Future Internet 2017, 9(4), 64; https://doi.org/10.3390/fi9040064
Received: 1 September 2017 / Revised: 4 October 2017 / Accepted: 13 October 2017 / Published: 17 October 2017
Cited by 2 | PDF Full-text (780 KB) | HTML Full-text | XML Full-text
Abstract
access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms [...] Read more.
access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Open AccessArticle
Extensions and Enhancements to “the Secure Remote Update Protocol”
Future Internet 2017, 9(4), 59; https://doi.org/10.3390/fi9040059
Received: 31 August 2017 / Revised: 26 September 2017 / Accepted: 27 September 2017 / Published: 30 September 2017
Cited by 1 | PDF Full-text (450 KB) | HTML Full-text | XML Full-text
Abstract
This paper builds on previous work introducing the Secure Remote Update Protocol (SRUP), a secure communications protocol for Command and Control applications in the Internet of Things, built on top of MQTT. This paper builds on the original protocol and introduces a number [...] Read more.
This paper builds on previous work introducing the Secure Remote Update Protocol (SRUP), a secure communications protocol for Command and Control applications in the Internet of Things, built on top of MQTT. This paper builds on the original protocol and introduces a number of additional message types: adding additional capabilities to the protocol. We also discuss the difficulty of proving that a physical device has an identity corresponding to a logical device on the network and propose a mechanism to overcome this within the protocol. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Open AccessArticle
A Security Framework for the Internet of Things in the Future Internet Architecture
Future Internet 2017, 9(3), 27; https://doi.org/10.3390/fi9030027
Received: 5 June 2017 / Revised: 24 June 2017 / Accepted: 25 June 2017 / Published: 28 June 2017
Cited by 11 | PDF Full-text (2528 KB) | HTML Full-text | XML Full-text
Abstract
The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the [...] Read more.
The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the collected information will be exposed to a wide and often unknown audience. Unfortunately, due to the intrinsic capability limits of low-end IoT devices, which account for a majority of the IoT end hosts, many traditional security methods cannot be applied to secure IoT systems, which open a door for attacks and exploits directed both against IoT services and the broader Internet. This paper addresses this issue by introducing a unified IoT framework based on the MobilityFirst future Internet architecture that explicitly focuses on supporting security for the IoT. Our design integrates local IoT systems into the global Internet without losing usability, interoperability and security protection. Specifically, we introduced an IoT middleware layer that connects heterogeneous hardware in local IoT systems to the global MobilityFirst network. We propose an IoT name resolution service (IoT-NRS) as a core component of the middleware layer, and develop a lightweight keying protocol that establishes trust between an IoT device and the IoT-NRS. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Review

Jump to: Research

Open AccessReview
Exploiting JTAG and Its Mitigation in IOT: A Survey
Future Internet 2018, 10(12), 121; https://doi.org/10.3390/fi10120121
Received: 30 October 2018 / Revised: 29 November 2018 / Accepted: 30 November 2018 / Published: 3 December 2018
Cited by 1 | PDF Full-text (1139 KB) | HTML Full-text | XML Full-text
Abstract
Nowadays, companies are heavily investing in the development of “Internet of Things(IoT)” products. These companies usually and obviously hunt for lucrative business models. Currently, each person owns at least 3–4 devices (such as mobiles, personal computers, Google Assistant, Alexa, etc.) that are connected [...] Read more.
Nowadays, companies are heavily investing in the development of “Internet of Things(IoT)” products. These companies usually and obviously hunt for lucrative business models. Currently, each person owns at least 3–4 devices (such as mobiles, personal computers, Google Assistant, Alexa, etc.) that are connected to the Internet 24/7. However, in the future, there might be hundreds of devices that will be constantly online behind each person, keeping track of body health, banking transactions, status of personal devices, etc. to make one’s life more efficient and streamlined. Thus, it is very crucial that each device should be highly secure since one’s life will become dependent on these devices. However, the current security of IoT devices is mainly focused on resiliency of device. In addition, less complex node devices are easily accessible to the public resulting in higher vulnerability. JTAG is an IEEE standard that has been defined to test proper mounting of components on PCBs (printed circuit boards) and has been extensively used by PCB manufacturers to date. This JTAG interface can be used as a backdoor entry to access and exploit devices, also defined as a physical attack. This attack can be used to make products malfunction, modify data, or, in the worst case, stop working. This paper reviews previous successful JTAG exploitations of well-known devices operating online and also reviews some proposed possible solutions to see how they can affect IoT products in a broader sense. Full article
(This article belongs to the Special Issue IoT Security and Privacy)
Figures

Figure 1

Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top