sensors-logo

Journal Browser

Journal Browser

Security and Trustworthiness in Industrial IoT

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Internet of Things".

Deadline for manuscript submissions: closed (31 August 2022) | Viewed by 43788
Please contact the Guest Editor or the Section Managing Editor at ([email protected]) for any queries.

Special Issue Editors


E-Mail Website
Guest Editor
Department of Computing, University of Turku, Vesilinnatie 5, 20500 Turku, Finland
Interests: Internet of Things; IIoT; cybersecurity for low-power networks; self-aware networked systems; ICT4D
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor

Special Issue Information

Dear Colleagues,

Industrial IoT (IIoT) systems are revolutionizing industry and businesses by improving service delivery and increasing productivity. They facilitate innovations, developments and disruptive business models in various sectors. However, IIoTs are subject to a multitude of threats. Cyberattacks may have a catastrophic impact on industrial applications including stolen proprietary information and cause physical damage to production systems. The research community has done much work on improving the security of IoT systems, but industrial scenarios bring further constraints to the security solutions. IIoT applications are often safety critical with timing constraints, thus addressing the security and trustworthiness of IIoT systems requires consideration of several dimensions.

This Special Issue encourages authors to submit research results covering security and trust of IIoT systems. Contributions addressing relevant theoretical and practical aspects as well as state-of-the-art review works are welcomed. The Special Issue topics include, but are not limited to:

  • IIoT devices and protocols security;
  • Tailored security solutions for specific IIoT applications;
  • Intrusion detection and prevention system;
  • Data security, privacy and trustworthiness;
  • Security and trust management for fog and edge computing;
  • Machine learning, deep learning and blockchain based security solutions;
  • Threat and vulnerability in platforms and protocols;
  • Threat models;
  • Adaptive security management;
  • Security metrics and risks;
  • Hardware security.

Dr. Ethiopia Nigussie
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cybersecurity
  • industrial IoT
  • trust evaluation
  • intrusion detection and prevention systems
  • hardware security
  • adaptive security

Published Papers (10 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review, Other

17 pages, 1463 KiB  
Article
Lightweight Authentication Mechanism for Industrial IoT Environment Combining Elliptic Curve Cryptography and Trusted Token
by Yu-Sheng Yang, Shih-Hsiung Lee, Jie-Min Wang, Chu-Sing Yang, Yuen-Min Huang and Ting-Wei Hou
Sensors 2023, 23(10), 4970; https://doi.org/10.3390/s23104970 - 22 May 2023
Cited by 3 | Viewed by 1604
Abstract
With the promotion of Industry 4.0, which emphasizes interconnected and intelligent devices, several factories have introduced numerous terminal Internet of Things (IoT) devices to collect relevant data or monitor the health status of equipment. The collected data are transmitted back to the backend [...] Read more.
With the promotion of Industry 4.0, which emphasizes interconnected and intelligent devices, several factories have introduced numerous terminal Internet of Things (IoT) devices to collect relevant data or monitor the health status of equipment. The collected data are transmitted back to the backend server through network transmission by the terminal IoT devices. However, as devices communicate with each other over a network, the entire transmission environment faces significant security issues. When an attacker connects to a factory network, they can easily steal the transmitted data and tamper with them or send false data to the backend server, causing abnormal data in the entire environment. This study focuses on investigating how to ensure that data transmission in a factory environment originates from legitimate devices and that related confidential data are encrypted and packaged. This paper proposes an authentication mechanism between terminal IoT devices and backend servers based on elliptic curve cryptography and trusted tokens with packet encryption using the TLS protocol. Before communication between terminal IoT devices and backend servers can occur, the authentication mechanism proposed in this paper must first be implemented to confirm the identity of the devices and, thus, the problem of attackers imitating terminal IoT devices transmitting false data is resolved. The packets communicated between devices are also encrypted, preventing attackers from knowing their content even if they steal the packets. The authentication mechanism proposed in this paper ensures the source and correctness of the data. In terms of security analysis, the proposed mechanism in this paper effectively withstands replay attacks, eavesdropping attacks, man-in-the-middle attacks, and simulated attacks. Additionally, the mechanism supports mutual authentication and forward secrecy. In the experimental results, the proposed mechanism demonstrates approximately 73% improvement in efficiency through the lightweight characteristics of elliptic curve cryptography. Moreover, in the analysis of time complexity, the proposed mechanism exhibits significant effectiveness. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

21 pages, 555 KiB  
Article
A System-on-a-Chip Implementation of a Post-Quantum Cryptography Scheme for Smart Meter Data Communications
by Vinícius Lagrota Rodrigues da Costa, Julio López and Moisés Vidal Ribeiro
Sensors 2022, 22(19), 7214; https://doi.org/10.3390/s22197214 - 23 Sep 2022
Cited by 2 | Viewed by 1747
Abstract
The security of Smart Meter (SM) systems will be a challenge in the era of quantum computing because a quantum computer might exploit characteristics of well-established cryptographic schemes to reach a successful security breach. From a practical perspective, this paper focuses on the [...] Read more.
The security of Smart Meter (SM) systems will be a challenge in the era of quantum computing because a quantum computer might exploit characteristics of well-established cryptographic schemes to reach a successful security breach. From a practical perspective, this paper focuses on the feasibility of implementing a quantum-secure lattice-based key encapsulation mechanism in a SM, hardware-constrained equipment. In this regard, the post-quantum cryptography (PQC) scheme, FrodoKEM, an alternate candidate for the National Institute for Standards and Technology (NIST) post-quantum standardization process, is implemented using a System-on-a-Chip (SoC) device in which the Field Programmable Gate Array (FPGA) component is exploited to accelerate the most time-consuming routines in this scheme. Experimental results show that the execution time to run the FrodoKEM scheme in an SoC device reduces to one-third of that obtained by the benchmark implementation (i.e., the software implementation). Also, the attained execution time and hardware resource usage of this SoC-based implementation of the FrodoKEM scheme show that lattice-based cryptography may fit into SM equipment. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

30 pages, 9107 KiB  
Article
Vulnerabilities of the Open Platform Communication Unified Architecture Protocol in Industrial Internet of Things Operation
by Dong-Hyuk Shin, Ga-Yeong Kim and Ieck-Chae Euom
Sensors 2022, 22(17), 6575; https://doi.org/10.3390/s22176575 - 31 Aug 2022
Cited by 4 | Viewed by 2288
Abstract
Recently, as new threats from attackers are discovered, the damage and scale of these threats are increasing. Vulnerabilities should be identified early, and countermeasures should be implemented to solve this problem. However, there are limitations to applying the vulnerability discovery framework used in [...] Read more.
Recently, as new threats from attackers are discovered, the damage and scale of these threats are increasing. Vulnerabilities should be identified early, and countermeasures should be implemented to solve this problem. However, there are limitations to applying the vulnerability discovery framework used in practice. Existing frameworks have limitations in terms of the analysis target. If the analysis target is abstract, it cannot be easily applied to the framework. Therefore, this study proposes a framework for vulnerability discovery and countermeasures that can be applied to any analysis target. The proposed framework includes a structural analysis to discover vulnerabilities from a scenario composition, including analysis targets. In addition, a proof of concept is conducted to derive and verify threats that can actually occur through threat modeling. In this study, the open platform communication integrated architecture used in the industrial control system and industrial Internet of Things environment was selected as an analysis target. We find 30 major threats and four vulnerabilities based on the proposed framework. As a result, the validity of malicious client attacks using certificates and DoS attack scenarios using flooding were validated, and we create countermeasures for these vulnerabilities. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

17 pages, 2578 KiB  
Article
Quantum Key Distribution: Modeling and Simulation through BB84 Protocol Using Python3
by Akwasi Adu-Kyere, Ethiopia Nigussie and Jouni Isoaho
Sensors 2022, 22(16), 6284; https://doi.org/10.3390/s22166284 - 21 Aug 2022
Cited by 7 | Viewed by 4217
Abstract
Autonomous “Things” is becoming the future trend as the role, and responsibility of IoT keep diversifying. Its applicability and deployment need to re-stand technological advancement. The versatile security interaction between IoTs in human-to-machine and machine-to-machine must also endure mathematical and computational cryptographic attack [...] Read more.
Autonomous “Things” is becoming the future trend as the role, and responsibility of IoT keep diversifying. Its applicability and deployment need to re-stand technological advancement. The versatile security interaction between IoTs in human-to-machine and machine-to-machine must also endure mathematical and computational cryptographic attack intricacies. Quantum cryptography uses the laws of quantum mechanics to generate a secure key by manipulating light properties for secure end-to-end communication. We present a proof-of-principle via a communication architecture model and implementation to simulate these laws of nature. The model relies on the BB84 quantum key distribution (QKD) protocol with two scenarios, without and with the presence of an eavesdropper via the interception-resend attack model from a theoretical, methodological, and practical perspective. The proposed simulation initiates communication over a quantum channel for polarized photon transmission after a pre-agreed configuration over a Classic Channel with parameters. Simulation implementation results confirm that the presence of an eavesdropper is detectable during key generation due to Heisenberg’s uncertainty and no-cloning principles. An eavesdropper has a 0.5 probability of guessing transmission qubit and 0.25 for the polarization state. During simulation re-iterations, a base-mismatch process discarded about 50 percent of the total initial key bits with an Error threshold of 0.11 percent. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

19 pages, 731 KiB  
Article
DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic
by Naoto Yoshimura, Hiroki Kuzuno, Yoshiaki Shiraishi and Masakatu Morii
Sensors 2022, 22(12), 4405; https://doi.org/10.3390/s22124405 - 10 Jun 2022
Cited by 9 | Viewed by 2659
Abstract
With the growing diversity of cyberattacks in recent years, anomaly-based intrusion detection systems that can detect unknown attacks have attracted significant attention. Furthermore, a wide range of studies on anomaly detection using machine learning and deep learning methods have been conducted. However, many [...] Read more.
With the growing diversity of cyberattacks in recent years, anomaly-based intrusion detection systems that can detect unknown attacks have attracted significant attention. Furthermore, a wide range of studies on anomaly detection using machine learning and deep learning methods have been conducted. However, many machine learning and deep learning-based methods require significant effort to design the detection feature values, extract the feature values from network packets, and acquire the labeled data used for model training. To solve the aforementioned problems, this paper proposes a new model called DOC-IDS, which is an intrusion detection system based on Perera’s deep one-class classification. The DOC-IDS, which comprises a pair of one-dimensional convolutional neural networks and an autoencoder, uses three different loss functions for training. Although, in general, only regular traffic from the computer network subject to detection is used for anomaly detection training, the DOC-IDS also uses multi-class labeled traffic from open datasets for feature extraction. Therefore, by streamlining the classification task on multi-class labeled traffic, we can obtain a feature representation with highly enhanced data discrimination abilities. Simultaneously, we perform variance minimization in the feature space, even on regular traffic, to further improve the model’s ability to discriminate between normal and abnormal traffic. The DOC-IDS is a single deep learning model that can automatically perform feature extraction and anomaly detection. This paper also reports experiments for evaluating the anomaly detection performance of the DOC-IDS. The results suggest that the DOC-IDS offers higher anomaly detection performance while reducing the load resulting from the design and extraction of feature values. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

11 pages, 259 KiB  
Article
Symmetric-Key-Based Authentication among the Nodes in a Wireless Sensor and Actuator Network
by Thibaut Vandervelden, Ruben De Smet, Kris Steenhaut and An Braeken
Sensors 2022, 22(4), 1403; https://doi.org/10.3390/s22041403 - 11 Feb 2022
Cited by 4 | Viewed by 1423
Abstract
To enable today’s industrial automation, a significant number of sensors and actuators are required. In order to obtain trust and isolate faults in the data collected by this network, protection against authenticity fraud and nonrepudiation is essential. In this paper, we propose a [...] Read more.
To enable today’s industrial automation, a significant number of sensors and actuators are required. In order to obtain trust and isolate faults in the data collected by this network, protection against authenticity fraud and nonrepudiation is essential. In this paper, we propose a very efficient symmetric-key-based security mechanism to establish authentication and nonrepudiation among all the nodes including the gateway in a distributed cooperative network, without communicating additional security parameters to establish different types of session keys. The solution also offers confidentiality and anonymity in case there are no malicious nodes. If at most one of the nodes is compromised, authentication and nonrepudiation still remain valid. Even if more nodes get compromised, the impact is limited. Therefore, the proposed method drastically differs from the classical group key management schemes, where one compromised node completely breaks the system. The proposed method is mainly based on a hash chain with multiple outputs defined at the gateway and shared with the other nodes in the network. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

Review

Jump to: Research, Other

38 pages, 1463 KiB  
Review
Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications
by Jasone Astorga, Marc Barcelo, Aitor Urbieta and Eduardo Jacob
Sensors 2022, 22(7), 2561; https://doi.org/10.3390/s22072561 - 27 Mar 2022
Cited by 4 | Viewed by 2749
Abstract
Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital [...] Read more.
Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

30 pages, 5210 KiB  
Review
IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses
by Khalid Albulayhi, Abdallah A. Smadi, Frederick T. Sheldon and Robert K. Abercrombie
Sensors 2021, 21(19), 6432; https://doi.org/10.3390/s21196432 - 26 Sep 2021
Cited by 39 | Viewed by 7531
Abstract
This paper surveys the deep learning (DL) approaches for intrusion-detection systems (IDSs) in Internet of Things (IoT) and the associated datasets toward identifying gaps, weaknesses, and a neutral reference architecture. A comparative study of IDSs is provided, with a review of anomaly-based IDSs [...] Read more.
This paper surveys the deep learning (DL) approaches for intrusion-detection systems (IDSs) in Internet of Things (IoT) and the associated datasets toward identifying gaps, weaknesses, and a neutral reference architecture. A comparative study of IDSs is provided, with a review of anomaly-based IDSs on DL approaches, which include supervised, unsupervised, and hybrid methods. All techniques in these three categories have essentially been used in IoT environments. To date, only a few have been used in the anomaly-based IDS for IoT. For each of these anomaly-based IDSs, the implementation of the four categories of feature(s) extraction, classification, prediction, and regression were evaluated. We studied important performance metrics and benchmark detection rates, including the requisite efficiency of the various methods. Four machine learning algorithms were evaluated for classification purposes: Logistic Regression (LR), Support Vector Machine (SVM), Decision Tree (DT), and an Artificial Neural Network (ANN). Therefore, we compared each via the Receiver Operating Characteristic (ROC) curve. The study model exhibits promising outcomes for all classes of attacks. The scope of our analysis examines attacks targeting the IoT ecosystem using empirically based, simulation-generated datasets (namely the Bot-IoT and the IoTID20 datasets). Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

Other

Jump to: Research, Review

19 pages, 1032 KiB  
Systematic Review
A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook
by Abdullah Alqahtani and Frederick T. Sheldon
Sensors 2022, 22(5), 1837; https://doi.org/10.3390/s22051837 - 25 Feb 2022
Cited by 37 | Viewed by 8479
Abstract
Recently, ransomware attacks have been among the major threats that target a wide range of Internet and mobile users throughout the world, especially critical cyber physical systems. Due to its unique characteristics, ransomware has attracted the attention of security professionals and researchers toward [...] Read more.
Recently, ransomware attacks have been among the major threats that target a wide range of Internet and mobile users throughout the world, especially critical cyber physical systems. Due to its unique characteristics, ransomware has attracted the attention of security professionals and researchers toward achieving safer and higher assurance systems that can effectively detect and prevent such attacks. The state-of-the-art crypto ransomware early detection models rely on specific data acquired during the runtime of an attack’s lifecycle. However, the evasive mechanisms that these attacks employ to avoid detection often nullify the solutions that are currently in place. More effort is needed to keep up with an attacks’ momentum to take the current security defenses to the next level. This survey is devoted to exploring and analyzing the state-of-the-art in ransomware attack detection toward facilitating the research community that endeavors to disrupt this very critical and escalating ransomware problem. The focus is on crypto ransomware as the most prevalent, destructive, and challenging variation. The approaches and open issues pertaining to ransomware detection modeling are reviewed to establish recommendations for future research directions and scope. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

19 pages, 407 KiB  
Perspective
Cybersecurity in Power Grids: Challenges and Opportunities
by Tim Krause, Raphael Ernst, Benedikt Klaer, Immanuel Hacker and Martin Henze
Sensors 2021, 21(18), 6225; https://doi.org/10.3390/s21186225 - 16 Sep 2021
Cited by 57 | Viewed by 8290
Abstract
Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids [...] Read more.
Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids. Full article
(This article belongs to the Special Issue Security and Trustworthiness in Industrial IoT)
Show Figures

Figure 1

Back to TopTop