Cyber Security and Privacy in IoT

A special issue of IoT (ISSN 2624-831X).

Deadline for manuscript submissions: closed (30 April 2021) | Viewed by 60495

Special Issue Editors

Computer and Information Sciences, Northumbria University, Ellison Building, Ellison Place, Newcastle upon Tyne NE1 8ST, UK
Interests: Auditory Display; HCI; sonification; visualization; cyber security
Computer and Information Sciences, Northumbria University, Ellison Building, Ellison Place, Newcastle upon Tyne NE1 8ST, UK
Interests: usable security, social engineering, user authentication

Special Issue Information

Dear Colleagues,

The uptake of IoT devices continues to rise in many sectors. IoT devices, while convenient for the user, also introduce a myriad of security and privacy issues into the space. In order to protect users against security and privacy compromises, we must look at ways of improving users’ awareness of IoT security and privacy as well as better ways of presenting key information for users to act on.

The aim of this Special Issue is to report on cutting edge methods for i.) educating users on IoT threats and/or ii.) tools that support user understanding and action. Examples may include visualisations, auditory interfaces (e.g. sonification), and voice interfaces, although solutions are not limited to these modes. We also encourage exploratory studies reporting on mental modals, possible design guidelines, or future scenarios.

Dr. Paul Vickers
Dr. James Nicholson
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. IoT is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1200 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Usable security
  • Smart homes
  • Visualisation
  • Sonification
  • Device data sharing
  • Interoperability
  • Privacy
  • HCI

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

20 pages, 5187 KiB  
Article
A Client/Server Malware Detection Model Based on Machine Learning for Android Devices
by Arthur Fournier, Franjieh El Khoury and Samuel Pierre
IoT 2021, 2(3), 355-374; https://0-doi-org.brum.beds.ac.uk/10.3390/iot2030019 - 24 Jun 2021
Cited by 11 | Viewed by 3748
Abstract
The rapid adoption of Android devices comes with the growing prevalence of mobile malware, which leads to serious threats to mobile phone security and attacks private information on mobile devices. In this paper, we designed and implemented a model for malware detection on [...] Read more.
The rapid adoption of Android devices comes with the growing prevalence of mobile malware, which leads to serious threats to mobile phone security and attacks private information on mobile devices. In this paper, we designed and implemented a model for malware detection on Android devices to protect private and financial information, for the mobile applications of the ATISCOM project. This model is based on client/server architecture, to reduce the heavy computations on a mobile device by sending data from the mobile device to the server for remote processing (i.e., offloading) of the predictions. We then gradually optimized our proposed model for better classification of the newly installed applications on Android devices. We at first adopted Naive Bayes to build the model with 92.4486% accuracy, then the classification method that gave the best accuracy of 93.85% for stochastic gradient descent (SGD) with binary class (i.e., malware and benign), and finally the regression method with numerical values ranging from −100 to 100 to manage the uncertainty predictions. Therefore, our proposed model with random forest regression gives a good accuracy in terms of performance, with a good correlation coefficient, minimum computation time and the smallest number of errors for malware detection. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT)
Show Figures

Graphical abstract

15 pages, 1189 KiB  
Article
Secure Path: Block-Chaining IoT Information for Continuous Authentication in Smart Spaces
by Lorenzo Bracciale, Pierpaolo Loreti, Claudio Pisa and Alex Shahidi
IoT 2021, 2(2), 326-340; https://0-doi-org.brum.beds.ac.uk/10.3390/iot2020017 - 18 May 2021
Cited by 4 | Viewed by 3811
Abstract
The Internet of Things offers a wide range of possibilities that can be exploited more or less explicitly for user authentication, ranging from specifically designed systems including biometric devices to environmental sensors that can be opportunistically used to feed behavioural authentication systems. How [...] Read more.
The Internet of Things offers a wide range of possibilities that can be exploited more or less explicitly for user authentication, ranging from specifically designed systems including biometric devices to environmental sensors that can be opportunistically used to feed behavioural authentication systems. How to integrate all this information in a reliable way to get a continuous authentication service presents several open challenges. Among these: how to combine semi-trusted information coming from non-tamper-proof sensors, where to store such data avoiding a single point of failure, how to analyse data in a distributed way, which interface to use to provide an authentication service to a multitude of different services and applications. In this paper, we present a Blockchain-based architectural solution of a distributed system able to transform IoT interactions into useful data for an authentication system. The design includes: (i) a security procedure to certify users’ positions and identities, (ii) a secure storage to hold this information, and (iii) a service to dynamically assign a trust level to a user’s position. We call this system “Secure Path”. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT)
Show Figures

Figure 1

13 pages, 4145 KiB  
Article
Enabling Secure Guest Access for Command-and-Control of Internet of Things Devices
by Andrew John Poulter and Simon J. Cox
IoT 2021, 2(2), 236-248; https://0-doi-org.brum.beds.ac.uk/10.3390/iot2020013 - 29 Apr 2021
Cited by 3 | Viewed by 2958
Abstract
Internet of Things (IoT) devices are becoming ubiquitous, and may be arranged to form formal or ad hoc Command and Control (C2) networks. Such networks typically do not have a mechanism to facilitate the sharing of either data or control inputs. This paper [...] Read more.
Internet of Things (IoT) devices are becoming ubiquitous, and may be arranged to form formal or ad hoc Command and Control (C2) networks. Such networks typically do not have a mechanism to facilitate the sharing of either data or control inputs. This paper examines this problem in the context of IoT devices operating within C2 systems which do not have a trusted relationship with each other. We propose a solution which we call syndication, to provide a controlled mechanism to share data between C2 systems of devices without a fully trusted relationship. This paper builds upon previous work which established a lightweight protocol for secure C2 operations within the IoT. Using the proposed approach enables not only sharing of data but also permits the external controller to submit moderated requests for actions to be performed. The paper concludes by examining how this approach could also be adopted to provide secure guest access to connected systems in a domestic or commercial context. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT)
Show Figures

Graphical abstract

24 pages, 2053 KiB  
Article
Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures
by Konstantinos Tsiknas, Dimitrios Taketzis, Konstantinos Demertzis and Charalabos Skianis
IoT 2021, 2(1), 163-186; https://0-doi-org.brum.beds.ac.uk/10.3390/iot2010009 - 07 Mar 2021
Cited by 79 | Viewed by 14916
Abstract
In today’s Industrial Internet of Things (IIoT) environment, where different systems interact with the physical world, the state proposed by the Industry 4.0 standards can lead to escalating vulnerabilities, especially when these systems receive data streams from multiple intermediaries, requiring multilevel security approaches, [...] Read more.
In today’s Industrial Internet of Things (IIoT) environment, where different systems interact with the physical world, the state proposed by the Industry 4.0 standards can lead to escalating vulnerabilities, especially when these systems receive data streams from multiple intermediaries, requiring multilevel security approaches, in addition to link encryption. At the same time taking into account the heterogeneity of the systems included in the IIoT ecosystem and the non-institutionalized interoperability in terms of hardware and software, serious issues arise as to how to secure these systems. In this framework, given that the protection of industrial equipment is a requirement inextricably linked to technological developments and the use of the IoT, it is important to identify the major vulnerabilities and the associated risks and threats and to suggest the most appropriate countermeasures. In this context, this study provides a description of the attacks against IIoT systems, as well as a thorough analysis of the solutions for these attacks, as they have been proposed in the most recent literature. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT)
Show Figures

Figure 1

16 pages, 808 KiB  
Article
Decentralized Actionable Cyber Threat Intelligence for Networks and the Internet of Things
by Diego Mendez Mena and Baijian Yang
IoT 2021, 2(1), 1-16; https://0-doi-org.brum.beds.ac.uk/10.3390/iot2010001 - 30 Dec 2020
Cited by 9 | Viewed by 4992
Abstract
Security presents itself as one of the biggest threats to the enabling and the deployment of the Internet of Things (IoT). Security challenges are evident in light of recent cybersecurity attacks that targeted major internet service providers and crippled a significant portion of [...] Read more.
Security presents itself as one of the biggest threats to the enabling and the deployment of the Internet of Things (IoT). Security challenges are evident in light of recent cybersecurity attacks that targeted major internet service providers and crippled a significant portion of the entire Internet by taking advantage of faulty and ill-protected embedded devices. Many of these devices reside at home networks with user-administrators who are not familiar with network security best practices, making them easy targets for the attackers. Therefore, security solutions are needed to navigate the insecure and untrusted public networks by automating protections through affordable and accessible first-hand network information sharing. This paper proposes and implements a proof of concept (PoC) to secure Internet Service Providers (ISPs), home networks, and home-based IoT devices using blockchain technologies. The results obtained support the idea of a distributed cyber threat intelligence data sharing network capable of protecting various stakeholders. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT)
Show Figures

Graphical abstract

27 pages, 2781 KiB  
Article
IoT Network Security: Threats, Risks, and a Data-Driven Defense Framework
by Charles Wheelus and Xingquan Zhu
IoT 2020, 1(2), 259-285; https://0-doi-org.brum.beds.ac.uk/10.3390/iot1020016 - 19 Oct 2020
Cited by 51 | Viewed by 12332
Abstract
The recent surge in Internet of Things (IoT) deployment has increased the pace of integration and extended the reach of the Internet from computers, tablets and phones to a myriad of devices in our physical world. Driven by the IoT, with each passing [...] Read more.
The recent surge in Internet of Things (IoT) deployment has increased the pace of integration and extended the reach of the Internet from computers, tablets and phones to a myriad of devices in our physical world. Driven by the IoT, with each passing day, the Internet becomes more integrated with everyday life. While IoT devices provide endless new capabilities and make life more convenient, they also vastly increase the opportunity for nefarious individuals, criminal organizations and even state actors to spy on, and interfere with, unsuspecting users of IoT systems. As this looming crisis continues to grow, calls for data science approaches to address these problems have increased, and current research shows that predictive models trained with machine learning algorithms hold great potential to mitigate some of these issues. In this paper, we first carry out an analytics approach to review security risks associated with IoT systems, and then propose a machine learning-based solution to characterize and detect IoT attacks. We use a real-world IoT system with secured gate access as a platform, and introduce the IoT system in detail, including features to capture security threats/attacks to the system. By using data collected from a nine month period as our testbed, we evaluate the efficacy of predictive models trained by means of machine learning, and propose design principles and a loose framework for implementing secure IoT systems. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT)
Show Figures

Graphical abstract

20 pages, 3062 KiB  
Article
A User Study of a Wearable System to Enhance Bystanders’ Facial Privacy
by Alfredo J. Perez, Sherali Zeadally, Scott Griffith, Luis Y. Matos Garcia and Jaouad A. Mouloud
IoT 2020, 1(2), 198-217; https://0-doi-org.brum.beds.ac.uk/10.3390/iot1020013 - 10 Oct 2020
Cited by 8 | Viewed by 2885
Abstract
The privacy of users and information are becoming increasingly important with the growth and pervasive use of mobile devices such as wearables, mobile phones, drones, and Internet of Things (IoT) devices. Today many of these mobile devices are equipped with cameras which enable [...] Read more.
The privacy of users and information are becoming increasingly important with the growth and pervasive use of mobile devices such as wearables, mobile phones, drones, and Internet of Things (IoT) devices. Today many of these mobile devices are equipped with cameras which enable users to take pictures and record videos anytime they need to do so. In many such cases, bystanders’ privacy is not a concern, and as a result, audio and video of bystanders are often captured without their consent. We present results from a user study in which 21 participants were asked to use a wearable system called FacePET developed to enhance bystanders’ facial privacy by providing a way for bystanders to protect their own privacy rather than relying on external systems for protection. While past works in the literature focused on privacy perceptions of bystanders when photographed in public/shared spaces, there has not been research with a focus on user perceptions of bystander-based wearable devices to enhance privacy. Thus, in this work, we focus on user perceptions of the FacePET device and/or similar wearables to enhance bystanders’ facial privacy. In our study, we found that 16 participants would use FacePET or similar devices to enhance their facial privacy, and 17 participants agreed that if smart glasses had features to conceal users’ identities, it would allow them to become more popular. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT)
Show Figures

Graphical abstract

Review

Jump to: Research

21 pages, 946 KiB  
Review
Post-Quantum Cryptosystems for Internet-of-Things: A Survey on Lattice-Based Algorithms
by Rameez Asif
IoT 2021, 2(1), 71-91; https://0-doi-org.brum.beds.ac.uk/10.3390/iot2010005 - 05 Feb 2021
Cited by 44 | Viewed by 11862
Abstract
The latest quantum computers have the ability to solve incredibly complex classical cryptography equations particularly to decode the secret encrypted keys and making the network vulnerable to hacking. They can solve complex mathematical problems almost instantaneously compared to the billions of years of [...] Read more.
The latest quantum computers have the ability to solve incredibly complex classical cryptography equations particularly to decode the secret encrypted keys and making the network vulnerable to hacking. They can solve complex mathematical problems almost instantaneously compared to the billions of years of computation needed by traditional computing machines. Researchers advocate the development of novel strategies to include data encryption in the post-quantum era. Lattices have been widely used in cryptography, somewhat peculiarly, and these algorithms have been used in both; (a) cryptoanalysis by using lattice approximation to break cryptosystems; and (b) cryptography by using computationally hard lattice problems (non-deterministic polynomial time hardness) to construct stable cryptographic functions. Most of the dominant features of lattice-based cryptography (LBC), which holds it ahead in the post-quantum league, include resistance to quantum attack vectors, high concurrent performance, parallelism, security under worst-case intractability assumptions, and solutions to long-standing open problems in cryptography. While these methods offer possible security for classical cryptosytems in theory and experimentation, their implementation in energy-restricted Internet-of-Things (IoT) devices requires careful study of regular lattice-based implantation and its simplification in lightweight lattice-based cryptography (LW-LBC). This streamlined post-quantum algorithm is ideal for levelled IoT device security. The key aim of this survey was to provide the scientific community with comprehensive information on elementary mathematical facts, as well as to address real-time implementation, hardware architecture, open problems, attack vectors, and the significance for the IoT networks. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT)
Show Figures

Graphical abstract

Back to TopTop