sensors-logo

Journal Browser

Journal Browser

Special Issue "Security and Privacy in the Internet of Things (IoT)"

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Internet of Things".

Deadline for manuscript submissions: 14 July 2022 | Viewed by 10266

Special Issue Editors

Dr. Jun Zhao
E-Mail Website
Guest Editor
School of Computer Science and Engineering, Nanyang Technological University, Singapore 639798, Singapore
Interests: communications, networks, control, learning; AI and data science; security and privacy
Special Issues, Collections and Topics in MDPI journals
Dr. Feng Li
E-Mail Website
Guest Editor
School of Information and Electronic Engineering, Zhejiang Gongshang University, Hangzhou 310018, China
Interests: Internet of Things; satellite communications
Dr. Zeeshan Kaleem
E-Mail Website
Guest Editor
Electrical and Computer Engineering Department, COMSATS University Islamabad, Wah Campus, Rawalpindi, Punjab 47050, Pakistan
Interests: IoT; D2D communications; UAV communications; physical layer security
Special Issues, Collections and Topics in MDPI journals
Dr. Quoc-Viet PHAM
E-Mail Website
Guest Editor
Research Institute of Computer, Information, and Communication, Pusan National University, Busan 46241, Korea
Interests: network optimization; edge computing; resource allocation; wireless AI
Dr. Huimei Han
E-Mail Website
Guest Editor
Department of Information Engineering, Zhejiang University of Technology, Hangzhou 310014, China
Interests: Internet of Things; federated learning; massive access
Dr. Helin Yang
E-Mail Website
Guest Editor
School of Electrical and Electronic Engineering, Nanyang Technological University (NTU), Singapore, Singapore
Interests: 5G/6G; wireless communications; machine learning

Special Issue Information

Dear Colleagues,

The Internet of Things (IoT) is growing at a rapid pace and transforming daily lives. IoT connects physical devices such as mobile phones, smart watches, sensors, actuators, and thermostats, and enables these devices to collect and exchange data. Technology firms predict that the number of IoT devices will hit over dozens of billions in 2025. IoT poses security and privacy challenges with ubiquitous connectivity and ultimate functionality. The following presents security and privacy issues in IoT respectively. For IoT security, the threats are not only spread in the cyberspace, but also extend to the physical world. Both the cyberspace and the physical world need to be protected to improve the end-to-end security of IoT devices. Addressing IoT security has unique challenges due to (1) the heterogeneity among devices and service providers, and (2) the massive-scale, geographically distributed data in IoT applications. For privacy, IoT devices may collect sensitive information about users or organizations. With the enforcement of privacy laws such as the General Data Protection Regulation (GDPR) is in the European Union (EU), privacy protection has received much attention. Recent techniques such as differential privacy and federated learning aim to protect privacy in various ways. How these techniques can be applied in the IoT context is of great research interest and practical significance.

This Special Issue focuses on the following topics but not limited to:

  • Secure communication protocols for the IoT
  • Threat modelling in the IoT
  • Secure architectures for the IoT
  • Trust models for the IoT
  • Device attestation for the IoT
  • Vulnerability analysis in the IoT
  • Risk assessment in the IoT
  • Intrusion detection for the IoT
  • Forensics in the IoT
  • Privacy enhancing techniques for the IoT
  • Anonymization techniques the IoT
  • Access control in the IoT
  • Federated learning in the IoT

Dr. Jun Zhao
Dr. Feng Li
Dr. Zeeshan Kaleem
Dr. Quoc-Viet PHAM
Dr. Huimei Han
Dr. Helin Yang
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • security
  • privacy
  • Internet of things (IoT)
  • threat modeling
  • anonymization
  • access control

Published Papers (7 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Article
Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny
Sensors 2022, 22(2), 513; https://doi.org/10.3390/s22020513 - 10 Jan 2022
Viewed by 1006
Abstract
The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, [...] Read more.
The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly magnify the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyse each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Article
Provisioning, Authentication and Secure Communications for IoT Devices on FIWARE
Sensors 2021, 21(17), 5898; https://doi.org/10.3390/s21175898 - 02 Sep 2021
Viewed by 945
Abstract
The increasing pervasiveness of the Internet of Things is resulting in a steady increase of cyberattacks in all of its facets. One of the most predominant attack vectors is related to its identity management, as it grants the ability to impersonate and circumvent [...] Read more.
The increasing pervasiveness of the Internet of Things is resulting in a steady increase of cyberattacks in all of its facets. One of the most predominant attack vectors is related to its identity management, as it grants the ability to impersonate and circumvent current trust mechanisms. Given that identity is paramount to every security mechanism, such as authentication and access control, any vulnerable identity management mechanism undermines any attempt to build secure systems. While digital certificates are one of the most prevalent ways to establish identity and perform authentication, their provision at scale remains open. This provisioning process is usually an arduous task that encompasses device configuration, including identity and key provisioning. Human configuration errors are often the source of many security and privacy issues, so this task should be semi-autonomous to minimize erroneous configurations during this process. In this paper, we propose an identity management (IdM) and authentication method called YubiAuthIoT. The overall provisioning has an average runtime of 1137.8 ms ±65.11+δ. We integrate this method with the FIWARE platform, as a way to provision and authenticate IoT devices. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Article
The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices
Sensors 2021, 21(7), 2329; https://doi.org/10.3390/s21072329 - 26 Mar 2021
Cited by 2 | Viewed by 1707
Abstract
Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report [...] Read more.
Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report the results of our investigations of the security status and the presence of security vulnerabilities in the source code of the most popular open source IoT OSs. Through this research, three Static Analysis Tools (Cppcheck, Flawfinder and RATS) were used to examine the code of sixteen different releases of four different C/C++ IoT OSs, with 48 examinations, regarding the presence of vulnerabilities from the Common Weakness Enumeration (CWE). The examination reveals that IoT OS code still suffers from errors that lead to security vulnerabilities and increase the opportunity of security breaches. The total number of errors in IoT OSs is increasing from version to the next, while error density, i.e., errors per 1K of physical Source Lines of Code (SLOC) is decreasing chronologically for all IoT Oss, with few exceptions. The most prevalent vulnerabilities in IoT OS source code were CWE-561, CWE-398 and CWE-563 according to Cppcheck, (CWE-119!/CWE-120), CWE-120 and CWE-126 according to Flawfinder, and CWE-119, CWE-120 and CWE-134 according to RATS. Additionally, the CodeScene tool was used to investigate the development of the evolutionary properties of IoT OSs and the relationship between them and the presence of IoT OS vulnerabilities. CodeScene reveals strong positive correlation between the total number of security errors within IoT OSs and SLOC, as well as strong negative correlation between the total number of security errors and Code Health. CodeScene also indicates strong positive correlation between security error density (errors per 1K SLOC) and the presence of hotspots (frequency of code changes and code complexity), as well as strong negative correlation between security error density and the Qualitative Team Experience, which is a measure of the experience of the IoT OS developers. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Article
Utilising Flow Aggregation to Classify Benign Imitating Attacks
Sensors 2021, 21(5), 1761; https://doi.org/10.3390/s21051761 - 04 Mar 2021
Cited by 1 | Viewed by 1016
Abstract
Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend [...] Read more.
Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend against these attacks. In many applications, the choice of features is more important than the choice of model. A range of studies have, with varying degrees of success, attempted to discriminate between benign traffic and well-known cyber-attacks. The features used in these studies are broadly similar and have demonstrated their effectiveness in situations where cyber-attacks do not imitate benign behaviour. To overcome this barrier, in this manuscript, we introduce new features based on a higher level of abstraction of network traffic. Specifically, we perform flow aggregation by grouping flows with similarities. This additional level of feature abstraction benefits from cumulative information, thus qualifying the models to classify cyber-attacks that mimic benign traffic. The performance of the new features is evaluated using the benchmark CICIDS2017 dataset, and the results demonstrate their validity and effectiveness. This novel proposal will improve the detection accuracy of cyber-attacks and also build towards a new direction of feature extraction for complex ones. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Article
Epidemic Analysis of Wireless Rechargeable Sensor Networks Based on an Attack–Defense Game Model
Sensors 2021, 21(2), 594; https://doi.org/10.3390/s21020594 - 15 Jan 2021
Cited by 11 | Viewed by 977
Abstract
Energy constraint hinders the popularization and development of wireless sensor networks (WSNs). As an emerging technology equipped with rechargeable batteries, wireless rechargeable sensor networks (WRSNs) are being widely accepted and recognized. In this paper, we research the security issues in WRSNs which need [...] Read more.
Energy constraint hinders the popularization and development of wireless sensor networks (WSNs). As an emerging technology equipped with rechargeable batteries, wireless rechargeable sensor networks (WRSNs) are being widely accepted and recognized. In this paper, we research the security issues in WRSNs which need to be addressed urgently. After considering the charging process, the activating anti-malware program process, and the launching malicious attack process in the modeling, the susceptible–infected–anti-malware–low-energy–susceptible (SIALS) model is proposed. Through the method of epidemic dynamics, this paper analyzes the local and global stabilities of the SIALS model. Besides, this paper introduces a five-tuple attack–defense game model to further study the dynamic relationship between malware and WRSNs. By introducing a cost function and constructing a Hamiltonian function, the optimal strategies for malware and WRSNs are obtained based on the Pontryagin Maximum Principle. Furthermore, the simulation results show the validation of the proposed theories and reveal the influence of parameters on the infection. In detail, the Forward–Backward Sweep method is applied to solve the issues of convergence of co-state variables at terminal moment. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Article
A Secure IoT-Based Authentication System in Cloud Computing Environment
Sensors 2020, 20(19), 5604; https://doi.org/10.3390/s20195604 - 30 Sep 2020
Cited by 1 | Viewed by 1017
Abstract
The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et [...] Read more.
The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et al. and Maitra et al. are vulnerable to off-line guessing attacks, user tracking attacks, etc. On this basis, a lightweight authentication scheme based on IoT is proposed, and an authentication scheme based on IoT is proposed, which can resist various types of attacks and realize key security features such as user audit, mutual authentication, and session security. However, we found weaknesses in the scheme upon evaluation. Hence, we proposed an enhanced scheme based on their mechanism, thus achieving the security requirements and resisting well-known attacks. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Review

Jump to: Research

Review
Machine Learning for Authentication and Authorization in IoT: Taxonomy, Challenges and Future Research Direction
Sensors 2021, 21(15), 5122; https://doi.org/10.3390/s21155122 - 28 Jul 2021
Cited by 4 | Viewed by 1375
Abstract
With the ongoing efforts for widespread Internet of Things (IoT) adoption, one of the key factors hindering the wide acceptance of IoT is security. Securing IoT networks such as the electric power grid or water supply systems has emerged as a major national [...] Read more.
With the ongoing efforts for widespread Internet of Things (IoT) adoption, one of the key factors hindering the wide acceptance of IoT is security. Securing IoT networks such as the electric power grid or water supply systems has emerged as a major national and global priority. To address the security issue of IoT, several studies are being carried out that involve the use of, but are not limited to, blockchain, artificial intelligence, and edge/fog computing. Authentication and authorization are crucial aspects of the CIA triad to protect the network from malicious parties. However, existing authorization and authentication schemes are not sufficient for handling security, due to the scale of the IoT networks and the resource-constrained nature of devices. In order to overcome challenges due to various constraints of IoT networks, there is a significant interest in using machine learning techniques to assist in the authentication and authorization process for IoT. In this paper, recent advances in authentication and authorization techniques for IoT networks are reviewed. Based on the review, we present a taxonomy of authentication and authorization schemes in IoT focusing on machine learning-based schemes. Using the presented taxonomy, a thorough analysis is provided of the authentication and authorization (AA) security threats and challenges for IoT. Furthermore, various criteria to achieve a high degree of AA resiliency in IoT implementations to enhance IoT security are evaluated. Lastly, a detailed discussion on open issues, challenges, and future research directions is presented for enabling secure communication among IoT nodes. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Back to TopTop