sensors-logo

Journal Browser

Journal Browser

Threat Identification and Defence for Internet-of-Things

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Internet of Things".

Deadline for manuscript submissions: closed (20 December 2019) | Viewed by 87461

Special Issue Editors


E-Mail Website
Guest Editor

E-Mail Website
Guest Editor
Hong Kong Polytechnic University, Hong Kong, China
Interests: Information security; Applied Cryptography; Accountable Anonymity and Blockchain

E-Mail Website
Guest Editor
Kyushu University, Japan
Interests: Internet-of-Things; Threat identification; Sensor networks; Security mechanism design; Privacy issues; Trust management

Special Issue Information

Dear Colleagues,

The Internet of Things (IoT) is the network of physical devices and various kinds of embedded software, which enable different Internet-connected objects to exchange data. However, the Internet-enabled devices also bring many new challenges. For example, the fundamental security weakness of IoT is that it increases the number of devices behind a network firewall. In addition, many companies may not update their devices very often, which means that an IoT device that was safe at first will become unsafe if hackers discover new threats and vulnerabilities. As a result, how to protect IoT from various threats is a challenging task.

This Special Issue focuses on all IoT security issues, especially threat detection and defense, and aims to publish recent research studies for IoT development that discuss novel ways in securing IoT security, privacy and trust.

In particular, the topics of interest include, but are not limited to:

  • Secure network architecture for IoT
  • Trust management of IoT
  • Secure data storage and segregation
  • Secure cloud storage and computation for IoT
  • Availability, recovery and auditing for IoT
  • Secure and energy efficient management for IoT
  • IoT cyber crime
  • Denial-of-service attacks for IoT
  • IoT security and privacy- IoT forensic techniques
  • Usable security and privacy for IoT
  • Intrusion detection and prevention for IoT
  • Cyber intelligence techniques for IoT

Dr. Weizhi Meng
Dr. Man Ho Au
Dr. Chunhua Su
Prof. Kouichi Sakurai
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (19 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

17 pages, 1488 KiB  
Article
Novel Secure Group Data Exchange Protocol in Smart Home with Physical Layer Network Coding
by Qiao Liu, Wenjing Zhang, Sheng Ding, Hui Li and Yong Wang
Sensors 2020, 20(4), 1138; https://doi.org/10.3390/s20041138 - 21 Feb 2020
Cited by 8 | Viewed by 2553
Abstract
Smart homes have been shown to be one of the most important applications of Internet of Things (IoT); however, security issues are still the main drawback to be improved, especially facing the problem of terminal power constraint and distributed network architecture. In this [...] Read more.
Smart homes have been shown to be one of the most important applications of Internet of Things (IoT); however, security issues are still the main drawback to be improved, especially facing the problem of terminal power constraint and distributed network architecture. In this paper, we propose a novel secure group data exchange protocol in smart homes with physical layer approaches which retains the benefit of key sharing needless and lightweight computation. As the core technique, nested lattice physical layer network coding is conduct in each sensor node to form a summed data at a home router. With such summed data, the untrusted home router attack and external eavesdropper attack can be resistant. Performance has been analyzed for the proposed protocol in terms of time slot cost, security resistance, and secrecy capacity. Finally, simulations have been conducted to demonstrate the theoretical analysis. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

21 pages, 3846 KiB  
Article
SNPL: One Scheme of Securing Nodes in IoT Perception Layer
by Yongkai Fan, Guanqun Zhao, Kuan-Ching Li, Bin Zhang, Gang Tan, Xiaofeng Sun and Fanglue Xia
Sensors 2020, 20(4), 1090; https://doi.org/10.3390/s20041090 - 17 Feb 2020
Cited by 10 | Viewed by 3667
Abstract
The trustworthiness of data is vital data analysis in the age of big data. In cyber-physical systems, most data is collected by sensors. With the increase of sensors as Internet of Things (IoT) nodes in the network, the security risk of data tampering, [...] Read more.
The trustworthiness of data is vital data analysis in the age of big data. In cyber-physical systems, most data is collected by sensors. With the increase of sensors as Internet of Things (IoT) nodes in the network, the security risk of data tampering, unauthorized access, false identify, and others are overgrowing because of vulnerable nodes, which leads to the great economic and social loss. This paper proposes a security scheme, Securing Nodes in IoT Perception Layer (SNPL), for protecting nodes in the perception layer. The SNPL is constructed by novel lightweight algorithms to ensure security and satisfy performance requirements, as well as safety technologies to provide security isolation for sensitive operations. A series of experiments with different types and numbers of nodes are presented. Experimental results and performance analysis show that SNPL is efficient and effective at protecting IoT from faulty or malicious nodes. Some potential practical application scenarios are also discussed to motivate the implementation of the proposed scheme in the real world. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

20 pages, 3390 KiB  
Article
A Stackelberg Security Game for Adversarial Outbreak Detection in the Internet of Things
by Lili Chen, Zhen Wang, Fenghua Li, Yunchuan Guo and Kui Geng
Sensors 2020, 20(3), 804; https://doi.org/10.3390/s20030804 - 1 Feb 2020
Cited by 11 | Viewed by 3587
Abstract
With limited computing resources and a lack of physical lines of defense, the Internet of Things (IoT) has become a focus of cyberattacks. In recent years, outbreak propagation attacks against the IoT have occurred frequently, and these attacks are often strategical. In order [...] Read more.
With limited computing resources and a lack of physical lines of defense, the Internet of Things (IoT) has become a focus of cyberattacks. In recent years, outbreak propagation attacks against the IoT have occurred frequently, and these attacks are often strategical. In order to detect the outbreak propagation as soon as possible, t embedded Intrusion Detection Systems (IDSs) are widely deployed in the IoT. This paper tackles the problem of outbreak detection in adversarial environment in the IoT. A dynamic scheduling strategy based on specific IDSs monitoring of IoT devices is proposed to avoid strategic attacks. Firstly, we formulate the interaction between the defender and attacker as a Stackelberg game in which the defender first chooses a set of device nodes to activate, and then the attacker selects one seed (one device node) to spread the worms. This yields an extremely complex bilevel optimization problem. Our approach is to build a modified Column Generation framework for computing the optimal strategy effectively. The optimal response of the defender’s problem is expressed as mixed-integer linear programming (MILPs). It is proved that the solution of the defender’s optimal response is a NP-hard problem. Moreover, the optimal response of defenders is improved by an approximate algorithm--a greedy algorithm. Finally, the proposed scheme is tested on some randomly generated instances. The experimental results show that the scheme is effective for monitoring optimal scheduling. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

21 pages, 558 KiB  
Article
Access Control Based on Ciphertext Attribute Authentication and Threshold Policy for the Internet of Things
by Qikun Zhang, Yongjiao Li, Zhigang Li, Junling Yuan, Yong Gan and Xiangyang Luo
Sensors 2019, 19(23), 5237; https://doi.org/10.3390/s19235237 - 28 Nov 2019
Cited by 9 | Viewed by 3052
Abstract
The development of the Internet of Things has led to great development of data sharing and data interaction, which has made security and privacy more and more a concern for users. How to ensure the safe sharing of data, avoid the leakage of [...] Read more.
The development of the Internet of Things has led to great development of data sharing and data interaction, which has made security and privacy more and more a concern for users. How to ensure the safe sharing of data, avoid the leakage of sensitive information, and protect the privacy of users is a serious challenge. Access control is an important issue to ensure the trust of the Internet of Things. This paper proposes an access control scheme based on ciphertext attribute authentication and threshold policy, which uses the identity authentication of hidden attributes and divides the user’s permission grade by setting the threshold function with the user’s attributes. Users obtain different permission grades according to attribute authentication and access data of different sensitivity grades to achieve fine-grained, flexible and secure access to data in the cloud server while protecting personal privacy issues. In addition, when the resource is acquired, the identity and permission joint authentication method is adopted to avoid the collusion attack of the illegal member, which makes the resource access control more secure. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

28 pages, 1274 KiB  
Article
Detecting IoT User Behavior and Sensitive Information in Encrypted IoT-App Traffic
by Alanoud Subahi and George Theodorakopoulos
Sensors 2019, 19(21), 4777; https://doi.org/10.3390/s19214777 - 3 Nov 2019
Cited by 32 | Viewed by 6710
Abstract
Many people use smart-home devices, also known as the Internet of Things (IoT), in their daily lives. Most IoT devices come with a companion mobile application that users need to install on their smartphone or tablet to control, configure, and interface with the [...] Read more.
Many people use smart-home devices, also known as the Internet of Things (IoT), in their daily lives. Most IoT devices come with a companion mobile application that users need to install on their smartphone or tablet to control, configure, and interface with the IoT device. IoT devices send information about their users from their app directly to the IoT manufacturer’s cloud; we call this the ”app-to-cloud way”. In this research, we invent a tool called IoT-app privacy inspector that can automatically infer the following from the IoT network traffic: the packet that reveals user interaction type with the IoT device via its app (e.g., login), the packets that carry sensitive Personal Identifiable Information (PII), the content type of such sensitive information (e.g., user’s location). We use Random Forest classifier as a supervised machine learning algorithm to extract features from network traffic. To train and test the three different multi-class classifiers, we collect and label network traffic from different IoT devices via their apps. We obtain the following classification accuracy values for the three aforementioned types of information: 99.4%, 99.8%, and 99.8%. This tool can help IoT users take an active role in protecting their privacy. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

18 pages, 3127 KiB  
Article
A Quality of Service-Aware Secured Communication Scheme for Internet of Things-Based Networks
by Fazlullah Khan, Ateeq ur Rehman, Abid Yahya, Mian Ahmad Jan, Joseph Chuma, Zhiyuan Tan and Khalid Hussain
Sensors 2019, 19(19), 4321; https://doi.org/10.3390/s19194321 - 6 Oct 2019
Cited by 17 | Viewed by 4088
Abstract
The Internet of Things (IoT) is an emerging technology that aims to enable the interconnection of a large number of smart devices and heterogeneous networks. Ad hoc networks play an important role in the designing of IoT-enabled platforms due to their efficient, flexible, [...] Read more.
The Internet of Things (IoT) is an emerging technology that aims to enable the interconnection of a large number of smart devices and heterogeneous networks. Ad hoc networks play an important role in the designing of IoT-enabled platforms due to their efficient, flexible, low-cost and dynamic infrastructures. These networks utilize the available resources efficiently to maintain the Quality of Service (QoS) in a multi-hop communication. However, in a multi-hop communication, the relay nodes can be malicious, thus requiring a secured and reliable data transmission. In this paper, we propose a QoS-aware secured communication scheme for IoT-based networks (QoS-IoT). In QoS-IoT, a Sybil attack detection mechanism is used for the identification of Sybil nodes and their forged identities in multi-hop communication. After Sybil nodes detection, an optimal contention window (CW) is selected for QoS provisioning, that is, to achieve per-flow fairness and efficient utilization of the available bandwidth. In a multi-hop communication, the medium access control (MAC) layer protocols do not perform well in terms of fairness and throughput, especially when the nodes generate a large amount of data. It is because the MAC layer has no capability of providing QoS to prioritized or forwarding flows. We evaluate the performance of QoS-IoT in terms of Sybil attack detection, fairness, throughput and buffer utilization. The simulation results show that the proposed scheme outperforms the existing schemes and significantly enhances the performance of the network with a large volume of data. Moreover, the proposed scheme is resilient against Sybil attack. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

21 pages, 3689 KiB  
Article
Cyber Situation Comprehension for IoT Systems based on APT Alerts and Logs Correlation
by Xiang Cheng, Jiale Zhang and Bing Chen
Sensors 2019, 19(18), 4045; https://doi.org/10.3390/s19184045 - 19 Sep 2019
Cited by 16 | Viewed by 4025
Abstract
With the emergence of the Advanced Persistent Threat (APT) attacks, many Internet of Things (IoT) systems have faced large numbers of potential threats with the characteristics of concealment, permeability, and pertinence. However, existing methods and technologies cannot provide comprehensive and prompt recognition of [...] Read more.
With the emergence of the Advanced Persistent Threat (APT) attacks, many Internet of Things (IoT) systems have faced large numbers of potential threats with the characteristics of concealment, permeability, and pertinence. However, existing methods and technologies cannot provide comprehensive and prompt recognition of latent APT attack activities in the IoT systems. To address this problem, we propose an APT Alerts and Logs Correlation Method, named APTALCM and a framework of deploying APTALCM on the IoT system, where an edge computing architecture was used to achieve cyber situation comprehension without too much data transmission cost. Specifically, we firstly present a cyber situation ontology for modeling the concepts and properties to formalize APT attack activities in the IoT systems. Then, we introduce a cyber situation instance similarity measurement method based on the SimRank mechanism for APT alerts and logs Correlation. Combining with instance similarity, we further propose an APT alert instances correlation method to reconstruct APT attack scenarios and an APT log instances correlation method to detect log instance communities. Through the coalescence of these methods, APTALCM can accomplish the cyber situation comprehension effectively by recognizing the APT attack intentions in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, i.e., Alert Instance Correlation Module (AICM) and Log Instance Correlation Module (LICM) in our APTALCM, can achieve both high true-positive rate and low false-positive rate. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

23 pages, 1373 KiB  
Article
Heuristic Approaches for Enhancing the Privacy of the Leader in IoT Networks
by Jie Ji, Guohua Wu, Jinguo Shuai, Zhen Zhang, Zhen Wang and Yizhi Ren
Sensors 2019, 19(18), 3886; https://doi.org/10.3390/s19183886 - 9 Sep 2019
Cited by 3 | Viewed by 2406
Abstract
The privacy and security of the Internet of Things (IoT) are emerging as popular issues in the IoT. At present, there exist several pieces of research on network analysis on the IoT network, and malicious network analysis may threaten the privacy and security [...] Read more.
The privacy and security of the Internet of Things (IoT) are emerging as popular issues in the IoT. At present, there exist several pieces of research on network analysis on the IoT network, and malicious network analysis may threaten the privacy and security of the leader in the IoT networks. With this in mind, we focus on how to avoid malicious network analysis by modifying the topology of the IoT network and we choose closeness centrality as the network analysis tool. This paper makes three key contributions toward this problem: (1) An optimization problem of removing k edges to minimize (maximize) the closeness value (rank) of the leader; (2) A greedy (greedy and simulated annealing) algorithm to solve the closeness value (rank) case of the proposed optimization problem in polynomial time; and (3)UpdateCloseness (FastTopRank)—algorithm for computing closeness value (rank) efficiently. Experimental results prove the efficiency of our pruning algorithms and show that our heuristic algorithms can obtain accurate solutions compared with the optimal solution (the approximation ratio in the worst case is 0.85) and outperform the solutions obtained by other baseline algorithms (e.g., choose k edges with the highest degree sum). Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

17 pages, 3096 KiB  
Article
Y-DWMS: A Digital Watermark Management System Based on Smart Contracts
by Bo Zhao, Liming Fang, Hanyi Zhang, Chunpeng Ge, Weizhi Meng, Liang Liu and Chunhua Su
Sensors 2019, 19(14), 3091; https://doi.org/10.3390/s19143091 - 12 Jul 2019
Cited by 30 | Viewed by 5060
Abstract
With the development of information technology, films, music, and other publications are inclined to be distributed in digitalized form. However, the low cost of data replication and dissemination leads to digital rights problems and brings huge economic losses. Up to now, existing digital [...] Read more.
With the development of information technology, films, music, and other publications are inclined to be distributed in digitalized form. However, the low cost of data replication and dissemination leads to digital rights problems and brings huge economic losses. Up to now, existing digital rights management (DRM) schemes have been powerless to deter attempts of infringing digital rights and recover losses of copyright holders. This paper presents a YODA-based digital watermark management system (Y-DWMS), adopting non-repudiation of smart contract and blockchain, to implement a DRM mechanism to infinitely amplify the cost of infringement and recover losses copyright holders suffered once the infringement is reported. We adopt game analysis to prove that in Y-DWMS, the decision of non-infringement always dominates rational users, so as to fundamentally eradicate the infringement of digital rights, which current mainstream DRM schemes cannot reach. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

19 pages, 464 KiB  
Article
Hierarchical Identifier: Application to User Privacy Eavesdropping on Mobile Payment App
by Yaru Wang, Ning Zheng, Ming Xu, Tong Qiao, Qiang Zhang, Feipeng Yan and Jian Xu
Sensors 2019, 19(14), 3052; https://doi.org/10.3390/s19143052 - 11 Jul 2019
Cited by 13 | Viewed by 3945
Abstract
Mobile payment apps have been widely-adopted, which brings great convenience to people’s lives. However, at the same time, user’s privacy is possibly eavesdropped and maliciously exploited by attackers. In this paper, we consider a possible way for an attacker to monitor people’s privacy [...] Read more.
Mobile payment apps have been widely-adopted, which brings great convenience to people’s lives. However, at the same time, user’s privacy is possibly eavesdropped and maliciously exploited by attackers. In this paper, we consider a possible way for an attacker to monitor people’s privacy on a mobile payment app, where the attacker aims to identify the user’s financial transactions at the trading stage via analyzing the encrypted network traffic. To achieve this goal, a hierarchical identification system is established, which can acquire users’ privacy information in three different manners. First, it identifies the mobile payment app from traffic data, then classifies specific actions on the mobile payment app, and finally, detects the detailed steps within the action. In our proposed system, we extract reliable features from the collected traffic data generated on the mobile payment app, then use a series of well-performing ensemble learning strategies to deal with three identification tasks. Compared with prior works, the experimental results demonstrate that our proposed hierarchical identification system performs better. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

16 pages, 611 KiB  
Article
A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch
by Liming Fang, Minghui Li, Lu Zhou, Hanyi Zhang and Chunpeng Ge
Sensors 2019, 19(9), 2109; https://doi.org/10.3390/s19092109 - 7 May 2019
Cited by 5 | Viewed by 4594
Abstract
A smart watch is a kind of emerging wearable device in the Internet of Things. The security and privacy problems are the main obstacles that hinder the wide deployment of smart watches. Existing security mechanisms do not achieve a balance between the privacy-preserving [...] Read more.
A smart watch is a kind of emerging wearable device in the Internet of Things. The security and privacy problems are the main obstacles that hinder the wide deployment of smart watches. Existing security mechanisms do not achieve a balance between the privacy-preserving and data access control. In this paper, we propose a fine-grained privacy-preserving access control architecture for smart watches (FPAS). In FPAS, we leverage the identity-based authentication scheme to protect the devices from malicious connection and policy-based access control for data privacy preservation. The core policy of FPAS is two-fold: (1) utilizing a homomorphic and re-encrypted scheme to ensure that the ciphertext information can be correctly calculated; (2) dividing the data requester by different attributes to avoid unauthorized access. We present a concrete scheme based on the above prototype and analyze the security of the FPAS. The performance and evaluation demonstrate that the FPAS scheme is efficient, practical, and extensible. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

16 pages, 685 KiB  
Article
Improving IoT Botnet Investigation Using an Adaptive Network Layer
by João Marcelo Ceron, Klaus Steding-Jessen, Cristine Hoepers, Lisandro Zambenedetti Granville and Cíntia Borges Margi
Sensors 2019, 19(3), 727; https://doi.org/10.3390/s19030727 - 11 Feb 2019
Cited by 53 | Viewed by 8069
Abstract
IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when [...] Read more.
IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

14 pages, 1069 KiB  
Article
Tell the Device Password: Smart Device Wi-Fi Connection Based on Audio Waves
by Liang Liu, Zhaoyang Han, Liming Fang and Zuchao Ma
Sensors 2019, 19(3), 618; https://doi.org/10.3390/s19030618 - 1 Feb 2019
Cited by 6 | Viewed by 5244
Abstract
IoT devices are now enriching people’s life. However, the security of IoT devices seldom attracts manufacturers’ attention. There are already some solutions to the problem of connecting a smart device to a user’s wireless network based on the 802.11 transmission such as Smart [...] Read more.
IoT devices are now enriching people’s life. However, the security of IoT devices seldom attracts manufacturers’ attention. There are already some solutions to the problem of connecting a smart device to a user’s wireless network based on the 802.11 transmission such as Smart Config from TI. However, it is insecure in many situations, and it does not have a satisfactory transmission speed, which does not mean that it has a low bit rate. It usually takes a long time for the device to recognize the data it receives and decode them. In this paper, we propose a new Wi-Fi connection method based on audio waves. This method is based on MFSK (Multiple frequency-shift keying) and works well in short distance, which enables the correctness and efficiency. In addition, audio waves can hardly be eavesdropped, which provides higher security than other methods. We also put forward an encryption solution by using jamming signal, which can greatly improve the security of the transmission. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

26 pages, 1651 KiB  
Article
An Adversarial-Risk-Analysis Approach to Counterterrorist Online Surveillance
by César Gil and Javier Parra-Arnau
Sensors 2019, 19(3), 480; https://doi.org/10.3390/s19030480 - 24 Jan 2019
Cited by 6 | Viewed by 4821
Abstract
The Internet, with the rise of the IoT, is one of the most powerful means of propagating a terrorist threat, and at the same time the perfect environment for deploying ubiquitous online surveillance systems. This paper tackles the problem of online surveillance, which [...] Read more.
The Internet, with the rise of the IoT, is one of the most powerful means of propagating a terrorist threat, and at the same time the perfect environment for deploying ubiquitous online surveillance systems. This paper tackles the problem of online surveillance, which we define as the monitoring by a security agency of a set of websites through tracking and classification of profiles that are potentially suspected of carrying out terrorist attacks. We conduct a theoretical analysis in this scenario that investigates the introduction of automatic classification technology compared to the status quo involving manual investigation of the collected profiles. Our analysis starts examining the suitability of game-theoretic-based models for decision-making in the introduction of this technology. We propose an adversarial-risk-analysis (ARA) model as a novel way of approaching the online surveillance problem that has the advantage of discarding the hypothesis of common knowledge. The proposed model allows us to study the rationality conditions of the automatic suspect detection technology, determining under which circumstances it is better than the traditional human-based approach. Our experimental results show the benefits of the proposed model. Compared to standard game theory, our ARA-based model indicates in general greater prudence in the deployment of the automatic technology and exhibits satisfactory performance without having to relax crucial hypotheses such as common knowledge and therefore subtracting realism from the problem, although at the expense of higher computational complexity. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

16 pages, 1953 KiB  
Article
Stackelberg Dynamic Game-Based Resource Allocation in Threat Defense for Internet of Things
by Bingjie Liu, Haitao Xu and Xianwei Zhou
Sensors 2018, 18(11), 4074; https://doi.org/10.3390/s18114074 - 21 Nov 2018
Cited by 12 | Viewed by 4188
Abstract
With the rapid development of the Internet of Things, there are a series of security problems faced by the IoT devices. As the IoT devices are generally devices with limited resources, how to effectively allocate the restricted resources facing the security problems is [...] Read more.
With the rapid development of the Internet of Things, there are a series of security problems faced by the IoT devices. As the IoT devices are generally devices with limited resources, how to effectively allocate the restricted resources facing the security problems is the key issue at present. In this paper, we study the resource allocation problem in threat defense for the resource-constrained IoT system, and propose a Stackelberg dynamic game model to get the optimal allocated resources for both the defender and attackers. The proposed Stackelberg dynamic game model is composed by one defender and many attackers. Given the objective functions of the defender and attackers, we analyze both the open-loop Nash equilibrium and feedback Nash equilibrium for the defender and attackers. Then both the defender and attackers can control their available resources based on the Nash equilibrium solutions of the dynamic game. Numerical simulation results show that correctness and effeteness of the proposed model. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

14 pages, 464 KiB  
Article
Message Integration Authentication in the Internet-of-Things via Lattice-Based Batch Signatures
by Xiuhua Lu, Wei Yin, Qiaoyan Wen, Kaitai Liang, Liqun Chen and Jiageng Chen
Sensors 2018, 18(11), 4056; https://doi.org/10.3390/s18114056 - 20 Nov 2018
Cited by 4 | Viewed by 3208
Abstract
The internet-of-things (also known as IoT) connects a large number of information-sensing devices to the Internet to collect all kinds of information needed in real time. The reliability of the source of a large number of accessed information tests the processing speed of [...] Read more.
The internet-of-things (also known as IoT) connects a large number of information-sensing devices to the Internet to collect all kinds of information needed in real time. The reliability of the source of a large number of accessed information tests the processing speed of signatures. Batch signature allows a signer to sign a group of messages at one time, and signatures’ verification can be completed individually and independently. Therefore, batch signature is suitable for data integration authentication in IoT. An outstanding advantage of batch signature is that a signer is able to sign as many messages as possible at one time without worrying about the size of signed messages. To reduce complexity yielded by multiple message signing, a binary tree is usually leveraged in the construction of batch signature. However, this structure requires a batch residue, making the size of a batch signature (for a group of messages) even longer than the sum of single signatures. In this paper, we make use of the intersection method from lattice to propose a novel generic method for batch signature. We further combine our method with hash-and-sign paradigm and Fiat–Shamir transformation to propose new batch signature schemes. In our constructions, a batch signature does not need a batch residue, so that the size of the signature is relatively smaller. Our schemes are securely proved to be existential unforgeability against adaptive chosen message attacks under the small integer solution problem, which shows great potential resisting quantum computer attacks. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

16 pages, 1230 KiB  
Article
Privacy-Preserving Data Aggregation against False Data Injection Attacks in Fog Computing
by Yinghui Zhang, Jiangfan Zhao, Dong Zheng, Kaixin Deng, Fangyuan Ren, Xiaokun Zheng and Jiangang Shu
Sensors 2018, 18(8), 2659; https://doi.org/10.3390/s18082659 - 13 Aug 2018
Cited by 44 | Viewed by 4986
Abstract
As an extension of cloud computing, fog computing has received more attention in recent years. It can solve problems such as high latency, lack of support for mobility and location awareness in cloud computing. In the Internet of Things (IoT), a series of [...] Read more.
As an extension of cloud computing, fog computing has received more attention in recent years. It can solve problems such as high latency, lack of support for mobility and location awareness in cloud computing. In the Internet of Things (IoT), a series of IoT devices can be connected to the fog nodes that assist a cloud service center to store and process a part of data in advance. Not only can it reduce the pressure of processing data, but also improve the real-time and service quality. However, data processing at fog nodes suffers from many challenging issues, such as false data injection attacks, data modification attacks, and IoT devices’ privacy violation. In this paper, based on the Paillier homomorphic encryption scheme, we use blinding factors to design a privacy-preserving data aggregation scheme in fog computing. No matter whether the fog node and the cloud control center are honest or not, the proposed scheme ensures that the injection data is from legal IoT devices and is not modified and leaked. The proposed scheme also has fault tolerance, which means that the collection of data from other devices will not be affected even if certain fog devices fail to work. In addition, security analysis and performance evaluation indicate the proposed scheme is secure and efficient. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

15 pages, 1308 KiB  
Article
Centralized Duplicate Removal Video Storage System with Privacy Preservation in IoT
by Hongyang Yan, Xuan Li, Yu Wang and Chunfu Jia
Sensors 2018, 18(6), 1814; https://doi.org/10.3390/s18061814 - 4 Jun 2018
Cited by 49 | Viewed by 4995
Abstract
In recent years, the Internet of Things (IoT) has found wide application and attracted much attention. Since most of the end-terminals in IoT have limited capabilities for storage and computing, it has become a trend to outsource the data from local to cloud [...] Read more.
In recent years, the Internet of Things (IoT) has found wide application and attracted much attention. Since most of the end-terminals in IoT have limited capabilities for storage and computing, it has become a trend to outsource the data from local to cloud computing. To further reduce the communication bandwidth and storage space, data deduplication has been widely adopted to eliminate the redundant data. However, since data collected in IoT are sensitive and closely related to users’ personal information, the privacy protection of users’ information becomes a challenge. As the channels, like the wireless channels between the terminals and the cloud servers in IoT, are public and the cloud servers are not fully trusted, data have to be encrypted before being uploaded to the cloud. However, encryption makes the performance of deduplication by the cloud server difficult because the ciphertext will be different even if the underlying plaintext is identical. In this paper, we build a centralized privacy-preserving duplicate removal storage system, which supports both file-level and block-level deduplication. In order to avoid the leakage of statistical information of data, Intel Software Guard Extensions (SGX) technology is utilized to protect the deduplication process on the cloud server. The results of the experimental analysis demonstrate that the new scheme can significantly improve the deduplication efficiency and enhance the security. It is envisioned that the duplicated removal system with privacy preservation will be of great use in the centralized storage environment of IoT. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

15 pages, 788 KiB  
Article
An Identity-Based Anti-Quantum Privacy-Preserving Blind Authentication in Wireless Sensor Networks
by Hongfei Zhu, Yu-an Tan, Liehuang Zhu, Xianmin Wang, Quanxin Zhang and Yuanzhang Li
Sensors 2018, 18(5), 1663; https://doi.org/10.3390/s18051663 - 22 May 2018
Cited by 29 | Viewed by 5644
Abstract
With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people’s lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a [...] Read more.
With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people’s lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a quantum computer attack. In order to protect user privacy and guarantee trustworthy of big data, we propose a new identity-based blind signature scheme based on number theorem research unit lattice, this scheme mainly uses a rejection sampling theorem instead of constructing a trapdoor. Meanwhile, this scheme does not depend on complex public key infrastructure and can resist quantum computer attack. Then we design an e-payment protocol using the proposed scheme. Furthermore, we prove our scheme is secure in the random oracle, and satisfies confidentiality, integrity, and non-repudiation. Finally, we demonstrate that the proposed scheme outperforms the other traditional existing identity-based blind signature schemes in signing speed and verification speed, outperforms the other lattice-based blind signature in signing speed, verification speed, and signing secret key size. Full article
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Show Figures

Figure 1

Back to TopTop