sensors-logo

Journal Browser

Journal Browser

Cryptography and Security in IoT and Sensor Networks

A topical collection in Sensors (ISSN 1424-8220). This collection belongs to the section "Sensor Networks".

Viewed by 17372

Editors

Department of Industrial Software Engineering, The Maersk Mc-Kinney Moller Institute, University of Southern Denmark, 6400 Sonderborg, Denmark
Interests: threat intelligence; IoT and CPS security; cyber security; vulnerability assessment; 5G security; drone security; cryptography
Special Issues, Collections and Topics in MDPI journals
Pervasive and Mobile Computing Luleå, University of Technology, SE-93187 Skellefteå, Sweden
Interests: pervasive and mobile computing
Special Issues, Collections and Topics in MDPI journals

Topical Collection Information

Dear Colleagues,

The rapid advancement of the Internet of Things (IoT) and sensor networks is improving our quality of life and leading to a leap into a new world. It is of paramount importance to address various security threats and attacks for the successful establishment of such technologies. Accordingly, focusing on the aspect of cryptography and security for IoT and sensor networks, it is necessary to provide solid as well as evident solutions as countermeasures.

This Topical Collection aims to bring together current state-of-the-art research and future directions for cryptography and security in the IoT and sensor networks. For such a goal, we cordially invite researchers and engineers from both academia and industry to submit their original and novel work for inclusion in this Topical Collection. Tutorial or survey papers are also welcome.

The topics related to this collection include but are not limited to:

  • Secure architecture and models in the IoT and sensor networks;
  • Authentication and authorization in the IoT and sensor networks;
  • Privacy, trust, and reliability in the IoT and sensor networks;
  • Risk/threat assessment and management in the IoT and sensor networks;
  • Block and stream ciphers in the IoT and sensor networks;
  • Public key cryptography and digital signature in the IoT and sensor networks;
  • Secure cryptographic protocols and applications in the IoT and sensor networks;
  • Formal security verification in the IoT and sensor networks;
  • Post-quantum cryptography in the IoT and sensor networks;
  • Intrusion detection and prevention in the IoT and sensor networks;
  • Network security in the IoT and sensor networks;
  • Mobile security in the IoT and sensor networks;
  • Software security for the IoT and sensor networks;
  • AI security for the IoT and sensor networks;
  • Blockchain security for the IoT and sensor networks;
  • Others and emerging new topics.

Dr. Ilsun You
Dr. Gaurav Choudhary
Prof. Dr. Karl Andersson
Collection Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the collection website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (10 papers)

2023

Jump to: 2022

22 pages, 5811 KiB  
Article
A Privacy-Preserving Trajectory Publishing Method Based on Multi-Dimensional Sub-Trajectory Similarities
Sensors 2023, 23(24), 9652; https://doi.org/10.3390/s23249652 - 06 Dec 2023
Viewed by 463
Abstract
With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity [...] Read more.
With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity methods just consider point similarity, which results in a large dummy trajectory space. Suppose there are n similar point sets, each consisting of m points. The size of the space is then mn. Furthermore, to choose suitable k− 1 dummy trajectories for a given real trajectory, these methods need to evaluate the similarity between each trajectory in the space and the real trajectory, leading to a large performance overhead. To address these challenges, this paper proposes a k-anonymity trajectory privacy protection method based on the similarity of sub-trajectories. This method not only considers the multidimensional similarity of points, but also synthetically considers the area between the historic sub-trajectories and the real sub-trajectories to more fully describe the similarity between sub-trajectories. By quantifying the area enclosed by sub-trajectories, we can more accurately capture the spatial relationship between trajectories. Finally, our approach generates k1 dummy trajectories that are indistinguishable from real trajectories, effectively achieving k-anonymity for a given trajectory. Furthermore, our proposed method utilizes real historic sub-trajectories to generate dummy trajectories, making them more authentic and providing better privacy protection for real trajectories. In comparison to other frequently employed trajectory privacy protection methods, our method has a better privacy protection effect, higher data quality, and better performance. Full article
Show Figures

Figure 1

18 pages, 3004 KiB  
Article
Enhancing Security of Web-Based IoT Services via XSS Vulnerability Detection
Sensors 2023, 23(23), 9407; https://doi.org/10.3390/s23239407 - 25 Nov 2023
Viewed by 626
Abstract
The Internet of Things (IoT) technology is experiencing significant growth and integration into various aspects of daily life. With the rising number of connected devices, diverse security challenges are emerging as substantial threats to IoT. Cross-Site Scripting (XSS) is one of the major [...] Read more.
The Internet of Things (IoT) technology is experiencing significant growth and integration into various aspects of daily life. With the rising number of connected devices, diverse security challenges are emerging as substantial threats to IoT. Cross-Site Scripting (XSS) is one of the major security risks in web services and so is within the application layer of IoT. Many existing web applications remain susceptible to XSS vulnerabilities. In this paper, we propose an XSS detection scheme aimed at enhancing the security of IoT, particularly concerning web application services. To achieve this, we developed a framework for combining symbolic execution and dynamic taint analysis to provide a comprehensive security assessment. Our objective is to increase the ratio of vulnerability detection while avoiding false alarms and keeping the required analysis time as minimal. To realize our idea, we have defined an instrumentation scheme for taint analysis and concolic executions and automated the process of vulnerability detection for a web application. Our framework is capable of pinpointing the precise locations of security vulnerabilities and the exact input datasets at risk of XSS threats. Subsequently, the detected flaws can be easily removed. The experimental results demonstrate the validity of the proposed scheme. We achieved a detection rate of XSS threats of 90.62% using a test set of SecuriBench Micro and 69.11% using OWASP while showing 0% false positives. Full article
Show Figures

Figure 1

15 pages, 1452 KiB  
Article
K-XMSS and K-SPHINCS+: Enhancing Security in Next-Generation Mobile Communication and Internet Systems with Hash Based Signatures Using Korean Cryptography Algorithms
Sensors 2023, 23(17), 7558; https://doi.org/10.3390/s23177558 - 31 Aug 2023
Cited by 2 | Viewed by 1006
Abstract
As Mobile Communication and Internet Systems (MCIS) have rapidly developed, security issues related to MCIS have become increasingly important. Therefore, the development and research of security technologies for mobile communication and internet systems are actively being conducted. Hash-Based Signature (HBS) uses a hash [...] Read more.
As Mobile Communication and Internet Systems (MCIS) have rapidly developed, security issues related to MCIS have become increasingly important. Therefore, the development and research of security technologies for mobile communication and internet systems are actively being conducted. Hash-Based Signature (HBS) uses a hash function to construct a digital signature scheme, where its security is guaranteed by the collision resistance of the hash function used. To provide sufficient security in the post-quantum environment, the length of hash should be satisfied for the security requirement. Modern HBS can be classified into stateful and stateless schemes. Two representative stateful and stateless HBS are eXtended Merkle Signature Scheme(XMSS) and SPHINCS+, respectively. In this paper, we propose two HBS schemes: K-XMSS and K-SPHINCS+, which replace internal hash functions of XMSS and SPHINCS+ with Korean cryptography algorithms. K-XMSS is a stateful signature, while K-SPHINCS+ is its stateless counterpart. We showcase the reference implementation of K-XMSS and K-SPHINCS+ employing Lightweight Secure Hash (LSH) and two hash functions based on block ciphers (i.e., CHAM and LEA) as the internal hash function. In addition, K-XMSS and K-SPHINCS+ using Advanced Vector Extensions 2 (AVX2) have been provided, demonstrating that they can be optimized for better performance using advanced implementation techniques than previous approaches. Full article
Show Figures

Figure 1

16 pages, 390 KiB  
Article
Backward Compatible Identity-Based Encryption
Sensors 2023, 23(9), 4181; https://doi.org/10.3390/s23094181 - 22 Apr 2023
Cited by 1 | Viewed by 842
Abstract
In this paper, we present a new identity-based encryption (IBE) system that is named Backward Compatible Identity-based Encryption (BC-IBE). Our BC-IBE is proposed to solve the problem caused by the out-of-synchronization between users’ private keys and ciphertexts. Encryption systems such as revocable IBE [...] Read more.
In this paper, we present a new identity-based encryption (IBE) system that is named Backward Compatible Identity-based Encryption (BC-IBE). Our BC-IBE is proposed to solve the problem caused by the out-of-synchronization between users’ private keys and ciphertexts. Encryption systems such as revocable IBE or revocable Attribute-based Encryption (ABE) often require updating private keys to revoke users after a certain time period. However, in those schemes, an updated key can be used to decrypt the ciphertexts created only during the current time period. Once the key is updated and the previous keys are removed, the user, the owner of the updated key, will lose access to the past ciphertexts. In our paper, we propose BC-IBE that supports backward compatibility, to solve this problem. In our proposed system, user’s private keys and ciphertexts can be updated periodically with time tags, and these processes can be used to revoke users who do not receive an updated key as the other revocable encryption does. However, in our proposed system, a private key newly issued to a user is backward compatible. This means that it decrypts not only the ciphertexts at the present time period but also all past ciphertexts. This implies that our proposed scheme guarantees the decryption of all encrypted data even if they are not synchronized. Compared to the existing revocable identity-based encryption system, our proposed BC-IBE has the advantage of simplifying key management and securely delegating ciphertext updates. Our proposed scheme only requires a single backward-compatible private key to decrypt all past ciphertexts created. Moreover, the ciphertext update process in our proposed scheme does not require any special privileges and does not require decryption. This means that this process can be securely delegated to a third-party server, such as a cloud server, and it prevents the potential leakage of secrets. For those reasons, BC-IBE is suitable for a system where users are more dynamic, such as the Internet-of-Things (IoT) network, or a system that regularly updates the data, like cloud data storage. In this paper, we provide the construction of BC-IBE and prove its formal security. Full article
Show Figures

Figure 1

15 pages, 1384 KiB  
Communication
Efficient Lp Distance Computation Using Function-Hiding Inner Product Encryption for Privacy-Preserving Anomaly Detection
Sensors 2023, 23(8), 4169; https://doi.org/10.3390/s23084169 - 21 Apr 2023
Viewed by 1128
Abstract
In Internet of Things (IoT) systems in which a large number of IoT devices are connected to each other and to third-party servers, it is crucial to verify whether each device operates appropriately. Although anomaly detection can help with this verification, individual devices [...] Read more.
In Internet of Things (IoT) systems in which a large number of IoT devices are connected to each other and to third-party servers, it is crucial to verify whether each device operates appropriately. Although anomaly detection can help with this verification, individual devices cannot afford this process because of resource constraints. Therefore, it is reasonable to outsource anomaly detection to servers; however, sharing device state information with outside servers may raise privacy concerns. In this paper, we propose a method to compute the Lp distance privately for even p>2 using inner product functional encryption and we use this method to compute an advanced metric, namely p-powered error, for anomaly detection in a privacy-preserving manner. We demonstrate implementations on both a desktop computer and Raspberry Pi device to confirm the feasibility of our method. The experimental results demonstrate that the proposed method is sufficiently efficient for use in real-world IoT devices. Finally, we suggest two possible applications of the proposed computation method for Lp distance for privacy-preserving anomaly detection, namely smart building management and remote device diagnosis. Full article
Show Figures

Figure 1

14 pages, 1162 KiB  
Article
Quantum Binary Field Multiplication with Optimized Toffoli Depth and Extension to Quantum Inversion
Sensors 2023, 23(6), 3156; https://doi.org/10.3390/s23063156 - 15 Mar 2023
Viewed by 1279
Abstract
The Shor’s algorithm can find solutions to the discrete logarithm problem on binary elliptic curves in polynomial time. A major challenge in implementing Shor’s algorithm is the overhead of representing and performing arithmetic on binary elliptic curves using quantum circuits. Multiplication of binary [...] Read more.
The Shor’s algorithm can find solutions to the discrete logarithm problem on binary elliptic curves in polynomial time. A major challenge in implementing Shor’s algorithm is the overhead of representing and performing arithmetic on binary elliptic curves using quantum circuits. Multiplication of binary fields is one of the critical operations in the context of elliptic curve arithmetic, and it is especially costly in the quantum setting. Our goal in this paper is to optimize quantum multiplication in the binary field. In the past, efforts to optimize quantum multiplication have centred on reducing the Toffoli gate count or qubits required. However, despite the fact that circuit depth is an important metric for indicating the performance of a quantum circuit, previous studies have lacked sufficient consideration for reducing circuit depth. Our approach to optimizing quantum multiplication differs from previous work in that we aim at reducing the Toffoli depth and full depth. To optimize quantum multiplication, we adopt the Karatsuba multiplication method which is based on the divide-and-conquer approach. In summary, we present an optimized quantum multiplication that has a Toffoli depth of one. Additionally, the full depth of the quantum circuit is also reduced thanks to our Toffoli depth optimization strategy. To demonstrate the effectiveness of our proposed method, we evaluate its performance using various metrics such as the qubit count, quantum gates, and circuit depth, as well as the qubits-depth product. These metrics provide insight into the resource requirements and complexity of the method. Our work achieves the lowest Toffoli depth, full depth, and the best trade-off performance for quantum multiplication. Further, our multiplication is more effective when not used in stand-alone cases. We show this effectiveness by using our multiplication to the Itoh–Tsujii algorithm-based inversion of F(x8+x4+x3+x+1). Full article
Show Figures

Figure 1

23 pages, 847 KiB  
Article
APT Attack Detection Scheme Based on CK Sketch and DNS Traffic
Sensors 2023, 23(4), 2217; https://doi.org/10.3390/s23042217 - 16 Feb 2023
Viewed by 1557
Abstract
In recent years, Advanced Persistent Threat (APT) attacks against sensors have emerged as a prominent security concern. Due to the low level of protection provided by sensors, APT attack organizations are able to develop intrusion schemes that allow them to infiltrate, attack, lurk, [...] Read more.
In recent years, Advanced Persistent Threat (APT) attacks against sensors have emerged as a prominent security concern. Due to the low level of protection provided by sensors, APT attack organizations are able to develop intrusion schemes that allow them to infiltrate, attack, lurk, spread, and steal information from the target over an extended period of time. Through extensive research on the APT attack process and current defense mechanisms, it has been found that analyzing Domain Name Server (DNS) traffic in the communication control phase is an effective way of detecting APT attacks. However, analyzing APT attacks based on traffic usually involves the detection of a vast amount of DNS traffic, and current data preprocessing methods do not scale down data effectively, leading to low detection efficiency. In previous work, most efforts have been focused on calculating the features of request messages or corresponding messages without considering the association between request messages and corresponding messages. To address these issues, we propose a sketch-based APT attack traffic detection scheme. The scheme leverages the sketch structure to count and compress network traffic, improving the efficiency of APT detection. Our work also analyzes the limitations of traditional sketches in network traffic and proposes an improved sketch scheme. In addition, we propose several effective features for detecting APT attacks. We validate and evaluate our solution using 1,088,280 DNS traffic from a lab network and APT suspicious traffic from netresec and contagio, using eight machine learning models. The experimental results show that for the ExtraTrees model, our solution has a processing time of 0.0638 s and an accuracy of 0.97920, reducing the processing time by approximately 50 times and improving detection accuracy by a small margin compared to a dataset without sketch processing. Full article
Show Figures

Figure 1

2022

Jump to: 2023

30 pages, 7525 KiB  
Article
An Implementation of Trust Chain Framework with Hierarchical Content Identifier Mechanism by Using Blockchain Technology
Sensors 2022, 22(13), 4831; https://doi.org/10.3390/s22134831 - 26 Jun 2022
Cited by 4 | Viewed by 2630
Abstract
Advances in information technology (IT) and operation technology (OT) accelerate the development of manufacturing systems (MS) consisting of integrated circuits (ICs), modules, and systems, toward Industry 4.0. However, the existing MS does not support comprehensive identity forensics for the whole system, limiting its [...] Read more.
Advances in information technology (IT) and operation technology (OT) accelerate the development of manufacturing systems (MS) consisting of integrated circuits (ICs), modules, and systems, toward Industry 4.0. However, the existing MS does not support comprehensive identity forensics for the whole system, limiting its ability to adapt to equipment authentication difficulties. Furthermore, the development of trust imposed during their crosswise collaborations with suppliers and other manufacturers in the supply chain is poorly maintained. In this paper, a trust chain framework with a comprehensive identification mechanism is implemented for the designed MS system, which is based and created on the private blockchain in conjunction with decentralized database systems to boost the flexibility, traceability, and identification of the IC-module-system. Practical implementations are developed using a functional prototype. First, the decentralized application (DApp) and the smart contracts are proposed for constructing the new trust chain under the proposed comprehensive identification mechanism by using blockchain technology. In addition, the blockchain addresses of IC, module, and system are automatically registered to InterPlanetary File System (IPFS), individually. In addition, their corresponding hierarchical CID (content identifier) values are organized by using Merkle DAG (Directed Acyclic Graph), which is employed via the hierarchical content identifier mechanism (HCIDM) proposed in this paper. Based on insights obtained from this analysis, the trust chain based on HCIDM can be applied to any MS system, for example, this trust chain could be used to prevent the counterfeit modules and ICs employed in the monitoring system of a semiconductor factory environment. The evaluation results show that the proposed scheme could work in practice under the much lower costs, compared to the public blockchain, with a total cost of 0.002094 Ether. Finally, this research is developed an innovation trust chain mechanism that could be provided the system-level security for any MS toward Industrial 4.0 in order to meet the requirements of both manufacturing innovation and product innovation in Sustainable Development Goals (SDGs). Full article
Show Figures

Figure 1

21 pages, 3888 KiB  
Article
Effective Feature Selection Methods to Detect IoT DDoS Attack in 5G Core Network
Sensors 2022, 22(10), 3819; https://doi.org/10.3390/s22103819 - 18 May 2022
Cited by 16 | Viewed by 4014
Abstract
The 5G networks aim to realize a massive Internet of Things (IoT) environment with low latency. IoT devices with weak security can cause Tbps-level Distributed Denial of Service (DDoS) attacks on 5G mobile networks. Therefore, interest in automatic network intrusion detection using machine [...] Read more.
The 5G networks aim to realize a massive Internet of Things (IoT) environment with low latency. IoT devices with weak security can cause Tbps-level Distributed Denial of Service (DDoS) attacks on 5G mobile networks. Therefore, interest in automatic network intrusion detection using machine learning (ML) technology in 5G networks is increasing. ML-based DDoS attack detection in a 5G environment should provide ultra-low latency. To this end, utilizing a feature-selection process that reduces computational complexity and improves performance by identifying features important for learning in large datasets is possible. Existing ML-based DDoS detection technology mostly focuses on DDoS detection learning models on the wired Internet. In addition, studies on feature engineering related to 5G traffic are relatively insufficient. Therefore, this study performed feature selection experiments to reduce the time complexity of detecting and analyzing large-capacity DDoS attacks in real time based on ML in a 5G core network environment. The results of the experiment showed that the performance was maintained and improved when the feature selection process was used. In particular, as the size of the dataset increased, the difference in time complexity increased rapidly. The experiments show that the real-time detection of large-scale DDoS attacks in 5G core networks is possible using the feature selection process. This demonstrates the importance of the feature selection process for removing noisy features before training and detection. As this study conducted a feature study to detect network traffic passing through the 5G core with low latency using ML, it is expected to contribute to improving the performance of the 5G network DDoS attack automation detection technology using AI technology. Full article
Show Figures

Figure 1

11 pages, 2411 KiB  
Article
A Universal Detection Method for Adversarial Examples and Fake Images
Sensors 2022, 22(9), 3445; https://doi.org/10.3390/s22093445 - 30 Apr 2022
Cited by 1 | Viewed by 1603
Abstract
Deep-learning technologies have shown impressive performance on many tasks in recent years. However, there are multiple serious security risks when using deep-learning technologies. For examples, state-of-the-art deep-learning technologies are vulnerable to adversarial examples that make the model’s predictions wrong due to some specific [...] Read more.
Deep-learning technologies have shown impressive performance on many tasks in recent years. However, there are multiple serious security risks when using deep-learning technologies. For examples, state-of-the-art deep-learning technologies are vulnerable to adversarial examples that make the model’s predictions wrong due to some specific subtle perturbation, and these technologies can be abused for the tampering with and forgery of multimedia, i.e., deep forgery. In this paper, we propose a universal detection framework for adversarial examples and fake images. We observe some differences in the distribution of model outputs for normal and adversarial examples (fake images) and train the detector to learn the differences. We perform extensive experiments on the CIFAR10 and CIFAR100 datasets. Experimental results show that the proposed framework has good feasibility and effectiveness in detecting adversarial examples or fake images. Moreover, the proposed framework has good generalizability for the different datasets and model structures. Full article
Show Figures

Figure 1

Back to TopTop