sensors-logo

Journal Browser

Journal Browser

Security, Privacy, and Trust Management in IoT

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Internet of Things".

Deadline for manuscript submissions: closed (30 June 2022) | Viewed by 24082

Special Issue Editors

Department of Psychology, University of Milano Bicocca, 20126 Milano, Italy
Interests: trust and reputation systems; internet of things; distributed artificial intelligence; intelligent transportation systems; multiagent systems
Special Issues, Collections and Topics in MDPI journals
Faculty of Computer and Information Science, Hosei University, 2 Chome-17-1 Fujimi, Chiyoda, Tokyo 102-8160, Japan
Interests: ubiquitous/pervasive computing and smart environment; u-Things, u-Intelligence and u-Science; cyber space, science and sociology; service and social computing; mobile multimedia and wireless network; IoT/iThings and Wisdom Web of Things (W2T); location and context-aware application; autonomic, trusted and ubisafe computing; hyperspace/hyperworld and cyber-I (digital colone)
Special Issues, Collections and Topics in MDPI journals
DIIES, University Mediterranea of Reggio Calabria, 89122 Reggio Calabria, Italy
Interests: trust and reputation systems; Internet of Things; distributed artificial intelligence; artificial neural network; multiagent systems
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

This Special Issue is dedicated to security, privacy and trust management issues in the Internet of Things (IoT), and is intended to gather the latest visions proposed in the literature, the latest research efforts and contributions from industrial practitioners and other stakeholders in order to advance the state of the art, and the latest improvements in the best practices to build IoT systems with advanced features in terms of assuring security, privacy, and trustworthiness, by developing new security models, architectures, protocols, and standards.

In particular, it is meaningful to develop covering architectures, communication protocols, practical applications and use cases, and further, to perform threat analysis for understanding the threat landscapes. We are particularly interested to cover the important issue of the convergence among IoT, software agents, and edge computing to introduce in IoT systems social features, exploiting algorithms that combine reliability and reputation information collected by agents at the edge with security and privacy mechanisms. We also solicit the submission of papers dealing with experimental campaigns by means of simulated frameworks, which allow researchers to evaluate strategies to improve the security and privacy of the IoT environment, as well as to improve the capability to prevent and discourage misleading behaviors.

Prof. Dr. Giuseppe M.L. Sarne
Prof. Dr. Jianhua Ma
Prof. Dr. Domenico Rosaci
Prof. Dr. Gautam Srivastava
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Secure trust and identity management in IoT
  • Security and privacy in heterogeneous IoT
  • Modelling, simulation, and verification of security, privacy, and trustworthiness for intelligent IoT devices
  • Detection, evaluation, and prevention of threats in IoT applications
  • Security and privacy in health IoT
  • Data security, privacy, and trustworthiness in IoT data management
  • AI-based security and trust solutions for IoT
  • Trusted industrial IoT applications
  • Secure and trustworthy cloud, fog, and edge computing for intelligent IoT
  • Innovative trustworthy smart IoT systems
  • Secure and intelligent design of smart IoT grids, mobile IoT, social IoT and automotive IoT

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

20 pages, 3961 KiB  
Article
A Trust-Based Model for Secure Routing against RPL Attacks in Internet of Things
by Syeda Mariam Muzammal, Raja Kumar Murugesan, Noor Zaman Jhanjhi, Mamoona Humayun, Ashraf Osman Ibrahim and Abdelzahir Abdelmaboud
Sensors 2022, 22(18), 7052; https://0-doi-org.brum.beds.ac.uk/10.3390/s22187052 - 17 Sep 2022
Cited by 15 | Viewed by 2601
Abstract
In IoT networks, the de facto Routing Protocol for Low Power and Lossy Networks (RPL) is vulnerable to various attacks. Routing attacks in RPL-based IoT are becoming critical with the increase in the number of IoT applications and devices globally. To address routing [...] Read more.
In IoT networks, the de facto Routing Protocol for Low Power and Lossy Networks (RPL) is vulnerable to various attacks. Routing attacks in RPL-based IoT are becoming critical with the increase in the number of IoT applications and devices globally. To address routing attacks in RPL-based IoT, several security solutions have been proposed in literature, such as machine learning techniques, intrusion detection systems, and trust-based approaches. Studies show that trust-based security for IoT is feasible due to its simple integration and resource-constrained nature of smart devices. Existing trust-based solutions have insufficient consideration of nodes’ mobility and are not evaluated for dynamic scenarios to satisfy the requirements of smart applications. This research work addresses the Rank and Blackhole attacks in RPL considering the static as well as mobile nodes in IoT. The proposed Security, Mobility, and Trust-based model (SMTrust) relies on carefully chosen trust factors and metrics, including mobility-based metrics. The evaluation of the proposed model through simulation experiments shows that SMTrust performs better than the existing trust-based methods for securing RPL. The improvisation in terms of topology stability is 46%, reduction in packet loss rate is 45%, and 35% increase in throughput, with only 2.3% increase in average power consumption. Full article
(This article belongs to the Special Issue Security, Privacy, and Trust Management in IoT)
Show Figures

Figure 1

23 pages, 4470 KiB  
Article
Integrity Verification of Distributed Nodes in Critical Infrastructures
by Silvia Sisinni, Davide Margaria, Ignazio Pedone, Antonio Lioy and Andrea Vesco
Sensors 2022, 22(18), 6950; https://0-doi-org.brum.beds.ac.uk/10.3390/s22186950 - 14 Sep 2022
Cited by 2 | Viewed by 1539
Abstract
The accuracy and reliability of time synchronization and distribution are essential requirements for many critical infrastructures, including telecommunication networks, where 5G technologies place increasingly stringent conditions in terms of maintaining highly accurate time. A lack of synchronization between the clocks causes a malfunction [...] Read more.
The accuracy and reliability of time synchronization and distribution are essential requirements for many critical infrastructures, including telecommunication networks, where 5G technologies place increasingly stringent conditions in terms of maintaining highly accurate time. A lack of synchronization between the clocks causes a malfunction of the 5G network, preventing it from providing a high quality of service; this makes the time distribution network a very viable target for attacks. Various solutions have been analyzed to mitigate attacks on the Global Navigation Satellite System (GNSS) radio-frequency spectrum and the Precision Time Protocol (PTP) used for time distribution over the network. This paper highlights the significance of monitoring the integrity of the software and configurations of the infrastructural nodes of a time distribution network. Moreover, this work proposes an attestation scheme, based on the Trusted Computing principles, capable of detecting both software violations on the nodes and hardware attacks aimed at tampering with the configuration of the GNSS receivers. The proposed solution has been implemented and validated on a testbed representing a typical synchronization distribution network. The results, simulating various types of adversaries, emphasize the effectiveness of the proposed approach in a wide range of typical attacks and the certain limitations that need to be addressed to enhance the security of the current GNSS receivers. Full article
(This article belongs to the Special Issue Security, Privacy, and Trust Management in IoT)
Show Figures

Figure 1

17 pages, 576 KiB  
Article
Transfer-Learning-Based Intrusion Detection Framework in IoT Networks
by Eva Rodríguez, Pol Valls, Beatriz Otero, Juan José Costa, Javier Verdú, Manuel Alejandro Pajuelo and Ramon Canal
Sensors 2022, 22(15), 5621; https://0-doi-org.brum.beds.ac.uk/10.3390/s22155621 - 27 Jul 2022
Cited by 21 | Viewed by 2895
Abstract
Cyberattacks in the Internet of Things (IoT) are growing exponentially, especially zero-day attacks mostly driven by security weaknesses on IoT networks. Traditional intrusion detection systems (IDSs) adopted machine learning (ML), especially deep Learning (DL), to improve the detection of cyberattacks. DL-based IDSs require [...] Read more.
Cyberattacks in the Internet of Things (IoT) are growing exponentially, especially zero-day attacks mostly driven by security weaknesses on IoT networks. Traditional intrusion detection systems (IDSs) adopted machine learning (ML), especially deep Learning (DL), to improve the detection of cyberattacks. DL-based IDSs require balanced datasets with large amounts of labeled data; however, there is a lack of such large collections in IoT networks. This paper proposes an efficient intrusion detection framework based on transfer learning (TL), knowledge transfer, and model refinement, for the effective detection of zero-day attacks. The framework is tailored to 5G IoT scenarios with unbalanced and scarce labeled datasets. The TL model is based on convolutional neural networks (CNNs). The framework was evaluated to detect a wide range of zero-day attacks. To this end, three specialized datasets were created. Experimental results show that the proposed TL-based framework achieves high accuracy and low false prediction rate (FPR). The proposed solution has better detection rates for the different families of known and zero-day attacks than any previous DL-based IDS. These results demonstrate that TL is effective in the detection of cyberattacks in IoT environments. Full article
(This article belongs to the Special Issue Security, Privacy, and Trust Management in IoT)
Show Figures

Figure 1

18 pages, 411 KiB  
Article
ConTra Preference Language: Privacy Preference Unification via Privacy Interfaces
by Stefan Becher and Armin Gerl
Sensors 2022, 22(14), 5428; https://0-doi-org.brum.beds.ac.uk/10.3390/s22145428 - 20 Jul 2022
Cited by 1 | Viewed by 1435
Abstract
After the enactment of the GDPR in 2018, many companies were forced to rethink their privacy management in order to comply with the new legal framework. These changes mostly affect the Controller to achieve GDPR-compliant privacy policies and management.However, measures to give users [...] Read more.
After the enactment of the GDPR in 2018, many companies were forced to rethink their privacy management in order to comply with the new legal framework. These changes mostly affect the Controller to achieve GDPR-compliant privacy policies and management.However, measures to give users a better understanding of privacy, which is essential to generate legitimate interest in the Controller, are often skipped. We recommend addressing this issue by the usage of privacy preference languages, whereas users define rules regarding their preferences for privacy handling. In the literature, preference languages only work with their corresponding privacy language, which limits their applicability. In this paper, we propose the ConTra preference language, which we envision to support users during privacy policy negotiation while meeting current technical and legal requirements. Therefore, ConTra preferences are defined showing its expressiveness, extensibility, and applicability in resource-limited IoT scenarios. In addition, we introduce a generic approach which provides privacy language compatibility for unified preference matching. Full article
(This article belongs to the Special Issue Security, Privacy, and Trust Management in IoT)
Show Figures

Figure 1

17 pages, 520 KiB  
Article
IoT Platforms and Security: An Analysis of the Leading Industrial/Commercial Solutions
by Giancarlo Fortino, Antonio Guerrieri, Pasquale Pace, Claudio Savaglio and Giandomenico Spezzano
Sensors 2022, 22(6), 2196; https://doi.org/10.3390/s22062196 - 11 Mar 2022
Cited by 20 | Viewed by 5093
Abstract
For simplifying and speeding up the development of the Internet of Things (IoT) ecosystem, there has been a proliferation of IoT platforms, built up according to different design principles, computing paradigms, technologies, and targets. This paper proposes a review of main examples populating [...] Read more.
For simplifying and speeding up the development of the Internet of Things (IoT) ecosystem, there has been a proliferation of IoT platforms, built up according to different design principles, computing paradigms, technologies, and targets. This paper proposes a review of main examples populating the wide landscape of IoT platforms and their comparison based on the IoT-A reference architecture. In such a way, heterogeneous IoT platforms (both current and future) can be analyzed regardless of their low-level specifications but exclusively through the lens of those key functionalities and architectural building blocks that enable the interplay among devices, data flow, software, and stakeholders within the IoT ecosystem. Among these, security by design (i.e., the inclusion of security design principles, technology, and governance at every level) must be integrated into every tier, component, and application to minimize the risk of cyber threats and preserve the integrity of the IoT platforms, not only within individual components but also for all the components working together as a whole. Full article
(This article belongs to the Special Issue Security, Privacy, and Trust Management in IoT)
Show Figures

Figure 1

20 pages, 552 KiB  
Article
Privacy Preserving Multi-Party Key Exchange Protocol for Wireless Mesh Networks
by Amit Kumar Roy, Keshab Nath, Gautam Srivastava, Thippa Reddy Gadekallu and Jerry Chun-Wei Lin
Sensors 2022, 22(5), 1958; https://0-doi-org.brum.beds.ac.uk/10.3390/s22051958 - 02 Mar 2022
Cited by 17 | Viewed by 2433
Abstract
Presently, lightweight devices such as mobile phones, notepads, and laptops are widely used to access the Internet throughout the world; however, a problem of privacy preservation and authentication delay occurs during handover operation when these devices change their position from a home mesh [...] Read more.
Presently, lightweight devices such as mobile phones, notepads, and laptops are widely used to access the Internet throughout the world; however, a problem of privacy preservation and authentication delay occurs during handover operation when these devices change their position from a home mesh access point (HMAP) to a foreign mesh access point (FMAP). Authentication during handover is mostly performed through ticket-based techniques, which permit the user to authenticate itself to the foreign mesh access point; therefore, a secure communication method should be formed between the mesh entities to exchange the tickets. In two existing protocols, this ticket was not secured at all and exchanged in a plaintext format. We propose a protocol for handover authentication with privacy preservation of the transfer ticket via the Diffie–Hellman method. Through experimental results, our proposed protocol achieves privacy preservation with minimum authentication delay during handover operation. Full article
(This article belongs to the Special Issue Security, Privacy, and Trust Management in IoT)
Show Figures

Figure 1

22 pages, 3338 KiB  
Article
Multi-Aspect Based Approach to Attack Detection in IoT Clouds
by Vasily Desnitsky, Andrey Chechulin and Igor Kotenko
Sensors 2022, 22(5), 1831; https://0-doi-org.brum.beds.ac.uk/10.3390/s22051831 - 25 Feb 2022
Cited by 2 | Viewed by 1625
Abstract
This article covers the issues of constructing tools for detecting network attacks targeting devices in IoT clouds. The detection is performed within the framework of cloud infrastructure, which receives data flows that are limited in size and content, and characterize the current network [...] Read more.
This article covers the issues of constructing tools for detecting network attacks targeting devices in IoT clouds. The detection is performed within the framework of cloud infrastructure, which receives data flows that are limited in size and content, and characterize the current network interaction of the analyzed IoT devices. The detection is based on the construction of training models and uses machine learning methods, such as AdaBoostClassifier, RandomForestClassifier, MultinomialNB, etc. The proposed combined multi-aspect approach to attack detection relies on session-based spaces, host-based spaces, and other spaces of features extracted from incoming traffic. An attack-specific ensemble of various machine learning methods is applied to improve the detection quality indicators. The performed experiments have confirmed the correctness of the constructed models and their effectiveness, expressed in terms of the precision, recall, and f1-measure indicators for each analyzed type of attack, using a series of existing samples of benign and attacking traffic. Full article
(This article belongs to the Special Issue Security, Privacy, and Trust Management in IoT)
Show Figures

Figure 1

Review

Jump to: Research

34 pages, 1082 KiB  
Review
Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches
by Igor Kotenko, Konstantin Izrailov and Mikhail Buinevich
Sensors 2022, 22(4), 1335; https://0-doi-org.brum.beds.ac.uk/10.3390/s22041335 - 10 Feb 2022
Cited by 20 | Viewed by 4649
Abstract
Ensuring security for modern IoT systems requires the use of complex methods to analyze their software. One of the most in-demand methods that has repeatedly been proven to be effective is static analysis. However, the progressive complication of the connections in IoT systems, [...] Read more.
Ensuring security for modern IoT systems requires the use of complex methods to analyze their software. One of the most in-demand methods that has repeatedly been proven to be effective is static analysis. However, the progressive complication of the connections in IoT systems, the increase in their scale, and the heterogeneity of elements requires the automation and intellectualization of manual experts’ work. A hypothesis to this end is posed that assumes the applicability of machine-learning solutions for IoT system static analysis. A scheme of this research, which is aimed at confirming the hypothesis and reflecting the ontology of the study, is given. The main contributions to the work are as follows: systematization of static analysis stages for IoT systems and decisions of machine-learning problems in the form of formalized models; review of the entire subject area publications with analysis of the results; confirmation of the machine-learning instrumentaries applicability for each static analysis stage; and the proposal of an intelligent framework concept for the static analysis of IoT systems. The novelty of the results obtained is a consideration of the entire process of static analysis (from the beginning of IoT system research to the final delivery of the results), consideration of each stage from the entirely given set of machine-learning solutions perspective, as well as formalization of the stages and solutions in the form of “Form and Content” data transformations. Full article
(This article belongs to the Special Issue Security, Privacy, and Trust Management in IoT)
Show Figures

Figure 1

Back to TopTop