Security and Privacy in IoT Systems and Applications

Dear Colleagues,

The Internet of Things (IoT) allows for the collection a huge amount of data from our natural and artificial environments, which we can convert to information that can be used to better understand and control the processes that our society depends on. For instance, we can use data collected from industry equipment to better predict when maintenance is needed; we can use data collected from vehicles and transport infrastructure to eliminate traffic jams and accidents; we can use connected home equipment to run our household more energy efficiently; and we can use connected medical devices to take care of the growing number of elderly people remotely. However, all this potential can only be realized if we can trust the data obtained from the environment via the Internet of Things, which ultimately leads to the requirement of making it secure. An equally important problem is to avoid turning the Internet of Things into a massive surveillance system, which could be misused to endanger the privacy of citizens that rely on its services.

Indeed, IoT affects the current balance of cyber security in two ways. First, attacks originating from cyber space can now target IoT systems and embedded IoT devices that interact with our physical environment. Hence, cyber attacks may have physical consequences, ranging from the damage of expensive equipment, through the unavailability of vital services, to maybe even loss of human life. Second, connected IoT devices can be converted to a substantial attack infrastructure to be used for attacking systems and services in cyber space. For instance, botnets built from millions of IoT devices hold the record for the most intensive DDoS attacks ever against popular Internet-based services. In addition, IoT systems often collect data from which privacy sensitive information can be derived, such as everyday habits, location, or health conditions of human users. Hence, improper handling and leakage of these data can result in massive privacy breaches.

The above-described challenges reinforce the need to better understand the security and privacy issues of IoT systems and applications and to find solutions to them. Hence, this Special Issue of Sensors aims at collecting original research papers, surveys, and case studies that advance the area of security and privacy for IoT systems and applications. This Special Issue includes but is not limited to the following topics:

• security and privacy challenges and solutions in various IoT application domains (including but not limited to smart buildings, smart cities, intelligent transportation systems, smart factories and Industry 4.0, precision agriculture, digital healthcare, supply chain automation);
• security architectures, protocols, and mechanisms for IoT systems (including but not limited to authentication, authorization, access control, auditing, intrusion detection, secured communications, lightweight and postquantum cryptography, key management, protection against denial-of-service attacks);
• security mechanisms for embedded IoT devices (including but not limited to malware protection, firmware security, OS hardening, secure software development, root-of-trust establishment, runtime integrity verification, remote attestation, secure update mechanisms);
• security design and analysis methods tailored to IoT systems and applications (including but not limited to threat modelling, security requirement specification, verification of security properties, security testing, ethical hacking, security certifications);
• physical attacks on and countermeasures for IoT devices (including but not limited to device counterfeiting, battery exhaustion, wireless jamming, side channel attacks);
• privacy-enhancing technologies for IoT systems (including but not limited to anonymization, differential privacy, query auditing, location privacy mechanisms, privacy preserving computation);
• case studies of real security incidents and privacy breaches related to IoT systems and applications from which lessons can be derived to make IoT systems and applications more trustworthy and privacy preserving;
• emerging trends and new directions in security and privacy of IoT systems and applications.

Prof. Dr. Levente Buttyan
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

• authentication, authorization, access control, and auditing in IoT systems
• lightweight and postquantum cryptography with key management in IoT systems
• malware protection of IoT devices
• threat modelling, security testing, and security certifications of IoT systems
• physical attacks on and countermeasures for IoT devices
• privacy-enhancing technologies for IoT systems
• case studies of real security incidents and privacy breaches related to IoT systems
• emerging trends and new directions in security and privacy of IoT systems and applications