sensors-logo

Journal Browser

Journal Browser

Security and Privacy in Internet of Things (IoT)

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Internet of Things".

Deadline for manuscript submissions: closed (31 December 2022) | Viewed by 36673

Special Issue Editors

Warwick Manufacturing Group (WMG), Cyber Security Centre, University of Warwick, Coventry CV4 7AL, UK
Interests: Internet of Things (IoT); IoT security and privacy; dynamic and contextual access control; blockchain for security and privacy; digital forensics
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
Department of Electronics and Computer Science, University of Southampton, University Road, Southampton SO17 1BJ, UK
Interests: internet of things; blockchain; security; data protections; cloud computing

Special Issue Information

Dear Colleagues,

The Internet of Things (IoT) represents a technology that enables both virtual and physical objects to be connected and communicate with each other in order to produce new digitized services that improve our quality of life. In the IoT environment, we communicate confidential/sensitive data over the internet. As there are many hackers and malicious users over the internet, the security and privacy of data in the IoT has become one of the most severe issues that need to be addressed. IoT security is important, not only for the protection of the IoT infrastructures in terms of data integrity, confidentiality and non-repudiation but also in order to protect users’ privacy. Today, The IoT market has been flooded with various smart products in different domains. However, most of these products lack security and privacy mechanisms to protect communication and user data.

The purpose of this Special Issue is to provide the academic and industrial communities with an excellent venue covering all aspects of current work on emerging trends of IoT security and privacy. We welcome submissions that particularly focus on addressing security and privacy in the IoT. Review articles discussing the current state of the art are also welcomed.

Potential topics include but are not limited to the following:

  • Intrusion detection and mitigation techniques for the IoT;
  • Privacy-enhancing techniques for the IoT;
  • Security architectures and protection mechanisms for the IoT;
  • Distributed ledger technology for a secure IoT;
  • Authorization and access control for the IoT;
  • Machine and deep learning for addressing security in the IoT;
  • Privacy-preserving Edge Machine Learning;
  • Light-weighted security solutions for the IoT;
  • Authentication methods in the IoT;
  • Federated models for the privacy and security of IoT services;
  • Big data analytics for heterogeneous IoT systems;
  • Security and privacy in an industrial IoT;
  • Digital forensics investigations in the IoT

Dr. Hany Atlam
Dr. Nawfal Fadhel
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (6 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

18 pages, 4791 KiB  
Article
Enhancing Time-Frequency Analysis with Zero-Mean Preprocessing
by Sunghyun Jin, Philip Johansson, HeeSeok Kim and Seokhie Hong
Sensors 2022, 22(7), 2477; https://doi.org/10.3390/s22072477 - 23 Mar 2022
Cited by 3 | Viewed by 2651
Abstract
Side-channel analysis is a critical threat to cryptosystems on the Internet of Things and in relation to embedded devices, and appropriate side-channel countermeasure must be required for physical security. A combined countermeasure approach employing first-order masking and desynchronization simultaneously is a general and [...] Read more.
Side-channel analysis is a critical threat to cryptosystems on the Internet of Things and in relation to embedded devices, and appropriate side-channel countermeasure must be required for physical security. A combined countermeasure approach employing first-order masking and desynchronization simultaneously is a general and cost-efficient approach to counteracting side-channel analysis. With the development of side-channel countermeasures, there are plenty of advanced attacks introduced to defeat such countermeasures. At CARDIS 2013, Belgarric et al. first proposed time-frequency analysis, a promising attack regarding the complexity of computation and memory compared to other attacks, such as conventional second-order side-channel analysis after synchronization. Nevertheless, their time-frequency analysis seems to have lower performance than expected against some datasets protected by combined countermeasures. It is therefore required to study the factors that affect the performance of time-frequency analysis. In this paper, we investigate Belgarric et al.’s time-frequency analysis and conduct a mathematical analysis in regard to the preprocessing of frequency information for second-order side-channel analysis. Based on this analysis, we claim that zero-mean preprocessing enhances the performance of time-frequency analysis. We verify that our analysis is valid through experimental results from two datasets, which are different types of first-order masked Advanced Encryption Standard (AES) software implementations. The experimental results show that time-frequency analysis with zero-mean preprocessing seems to have an enhanced or complementary performance compared to the analysis without preprocessing. Full article
(This article belongs to the Special Issue Security and Privacy in Internet of Things (IoT))
Show Figures

Figure 1

23 pages, 1813 KiB  
Article
Efficient NFS Model for Risk Estimation in a Risk-Based Access Control Model
by Hany F. Atlam, Muhammad Ajmal Azad and Nawfal F. Fadhel
Sensors 2022, 22(5), 2005; https://doi.org/10.3390/s22052005 - 4 Mar 2022
Cited by 5 | Viewed by 2345
Abstract
Providing a dynamic access control model that uses real-time features to make access decisions for IoT applications is one of the research gaps that many researchers are trying to tackle. This is because existing access control models are built using static and predefined [...] Read more.
Providing a dynamic access control model that uses real-time features to make access decisions for IoT applications is one of the research gaps that many researchers are trying to tackle. This is because existing access control models are built using static and predefined policies that always give the same result in different situations and cannot adapt to changing and unpredicted situations. One of the dynamic models that utilize real-time and contextual features to make access decisions is the risk-based access control model. This model performs a risk analysis on each access request to permit or deny access dynamically based on the estimated risk value. However, the major issue associated with building this model is providing a dynamic, reliable, and accurate risk estimation technique, especially when there is no available dataset to describe risk likelihood and impact. Therefore, this paper proposes a Neuro-Fuzzy System (NFS) model to estimate the security risk value associated with each access request. The proposed NFS model was trained using three learning algorithms: Levenberg–Marquardt (LM), Conjugate Gradient with Fletcher–Reeves (CGF), and Scaled Conjugate Gradient (SCG). The results demonstrated that the LM algorithm is the optimal learning algorithm to implement the NFS model for risk estimation. The results also demonstrated that the proposed NFS model provides a short and efficient processing time, which can provide timeliness risk estimation technique for various IoT applications. The proposed NFS model was evaluated against access control scenarios of a children’s hospital, and the results demonstrated that the proposed model can be applied to provide dynamic and contextual-aware access decisions based on real-time features. Full article
(This article belongs to the Special Issue Security and Privacy in Internet of Things (IoT))
Show Figures

Figure 1

33 pages, 7235 KiB  
Article
HSAS-MD Analyzer: A Hybrid Security Analysis System Using Model-Checking Technique and Deep Learning for Malware Detection in IoT Apps
by Alyaa A. Hamza, Islam Tharwat Abdel Halim, Mohamed A. Sobh and Ayman M. Bahaa-Eldin
Sensors 2022, 22(3), 1079; https://doi.org/10.3390/s22031079 - 29 Jan 2022
Cited by 13 | Viewed by 3453
Abstract
Established Internet of Things (IoT) platforms suffer from their inability to determine whether an IoT app is secure or not. A security analysis system (SAS) is a protective shield against any attack that breaks down data privacy and security. Its main task focuses [...] Read more.
Established Internet of Things (IoT) platforms suffer from their inability to determine whether an IoT app is secure or not. A security analysis system (SAS) is a protective shield against any attack that breaks down data privacy and security. Its main task focuses on detecting malware and verifying app behavior. There are many SASs implemented in various IoT applications. Most of them build on utilizing static or dynamic analysis separately. However, the hybrid analysis is the best for obtaining accurate results. The SAS provides an effective outcome according to many criteria related to the analysis process, such as analysis type, characteristics, sensitivity, and analysis techniques. This paper proposes a new hybrid (static and dynamic) SAS based on the model-checking technique and deep learning, called an HSAS-MD analyzer, which focuses on the holistic analysis perspective of IoT apps. It aims to analyze the data of IoT apps by (1) converting the source code of the target applications to the format of a model checker that can deal with it; (2) detecting any abnormal behavior in the IoT application; (3) extracting the main static features from it to be tested and classified using a deep-learning CNN algorithm; (4) verifying app behavior by using the model-checking technique. HSAS-MD gives the best results in detecting malware from malicious smart Things applications compared to other SASs. The experimental results of HSAS-MD show that it provides 95%, 94%, 91%, and 93% for accuracy, precision, recall, and F-measure, respectively. It also gives the best results compared with other analyzers from various criteria. Full article
(This article belongs to the Special Issue Security and Privacy in Internet of Things (IoT))
Show Figures

Figure 1

16 pages, 3948 KiB  
Article
Attack-Aware IoT Network Traffic Routing Leveraging Ensemble Learning
by Qasem Abu Al-Haija and Ahmad Al-Badawi
Sensors 2022, 22(1), 241; https://doi.org/10.3390/s22010241 - 29 Dec 2021
Cited by 32 | Viewed by 3714
Abstract
Network Intrusion Detection Systems (NIDSs) are indispensable defensive tools against various cyberattacks. Lightweight, multipurpose, and anomaly-based detection NIDSs employ several methods to build profiles for normal and malicious behaviors. In this paper, we design, implement, and evaluate the performance of machine-learning-based NIDS in [...] Read more.
Network Intrusion Detection Systems (NIDSs) are indispensable defensive tools against various cyberattacks. Lightweight, multipurpose, and anomaly-based detection NIDSs employ several methods to build profiles for normal and malicious behaviors. In this paper, we design, implement, and evaluate the performance of machine-learning-based NIDS in IoT networks. Specifically, we study six supervised learning methods that belong to three different classes: (1) ensemble methods, (2) neural network methods, and (3) kernel methods. To evaluate the developed NIDSs, we use the distilled-Kitsune-2018 and NSL-KDD datasets, both consisting of a contemporary real-world IoT network traffic subjected to different network attacks. Standard performance evaluation metrics from the machine-learning literature are used to evaluate the identification accuracy, error rates, and inference speed. Our empirical analysis indicates that ensemble methods provide better accuracy and lower error rates compared with neural network and kernel methods. On the other hand, neural network methods provide the highest inference speed which proves their suitability for high-bandwidth networks. We also provide a comparison with state-of-the-art solutions and show that our best results are better than any prior art by 1~20%. Full article
(This article belongs to the Special Issue Security and Privacy in Internet of Things (IoT))
Show Figures

Figure 1

Review

Jump to: Research

51 pages, 1242 KiB  
Review
Internet of Things: Security and Solutions Survey
by Pintu Kumar Sadhu, Venkata P. Yanambaka and Ahmed Abdelgawad
Sensors 2022, 22(19), 7433; https://doi.org/10.3390/s22197433 - 30 Sep 2022
Cited by 113 | Viewed by 19248
Abstract
The overwhelming acceptance and growing need for Internet of Things (IoT) products in each aspect of everyday living is creating a promising prospect for the involvement of humans, data, and procedures. The vast areas create opportunities from home to industry to make an [...] Read more.
The overwhelming acceptance and growing need for Internet of Things (IoT) products in each aspect of everyday living is creating a promising prospect for the involvement of humans, data, and procedures. The vast areas create opportunities from home to industry to make an automated lifecycle. Human life is involved in enormous applications such as intelligent transportation, intelligent healthcare, smart grid, smart city, etc. A thriving surface is created that can affect society, the economy, the environment, politics, and health through diverse security threats. Generally, IoT devices are susceptible to security breaches, and the development of industrial systems could pose devastating security vulnerabilities. To build a reliable security shield, the challenges encountered must be embraced. Therefore, this survey paper is primarily aimed to assist researchers by classifying attacks/vulnerabilities based on objects. The method of attacks and relevant countermeasures are provided for each kind of attack in this work. Case studies of the most important applications of the IoT are highlighted concerning security solutions. The survey of security solutions is not limited to traditional secret key-based cryptographic solutions, moreover physical unclonable functions (PUF)-based solutions and blockchain are illustrated. The pros and cons of each security solution are also discussed here. Furthermore, challenges and recommendations are presented in this work. Full article
(This article belongs to the Special Issue Security and Privacy in Internet of Things (IoT))
Show Figures

Figure 1

25 pages, 1470 KiB  
Review
Security and Privacy Analysis of Youth-Oriented Connected Devices
by Sonia Solera-Cotanilla, Mario Vega-Barbas, Jaime Pérez, Gregorio López, Javier Matanza and Manuel Álvarez-Campana
Sensors 2022, 22(11), 3967; https://doi.org/10.3390/s22113967 - 24 May 2022
Cited by 5 | Viewed by 3697
Abstract
Under the Internet of Things paradigm, the emergence and use of a wide variety of connected devices and personalized telematics services have proliferated recently. As a result, along with the penetration of these devices in our daily lives, the users’ security and privacy [...] Read more.
Under the Internet of Things paradigm, the emergence and use of a wide variety of connected devices and personalized telematics services have proliferated recently. As a result, along with the penetration of these devices in our daily lives, the users’ security and privacy have been compromised due to some weaknesses in connected devices and underlying applications. This article focuses on analyzing the security and privacy of such devices to promote safe Internet use, especially by young people. First, the connected devices most used by the target group are classified, and an exhaustive analysis of the vulnerabilities that concern the user is performed. As a result, a set of differentiated security and privacy issues existing in the devices is identified. The study reveals that many of these vulnerabilities are related to the fact that device manufacturers often prioritize functionalities and services, leaving security aspects in the background. These companies even exploit the data linked to the use of these devices for various purposes, ignoring users’ privacy rights. This research aims to raise awareness of severe vulnerabilities in devices and to encourage users to use them correctly. Our results help other researchers address these issues with a more global perspective. Full article
(This article belongs to the Special Issue Security and Privacy in Internet of Things (IoT))
Show Figures

Graphical abstract

Back to TopTop