sensors-logo

Journal Browser

Journal Browser

Security, Privacy, and Trustworthiness of Sensor Networks and Internet of Things

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Sensor Networks".

Deadline for manuscript submissions: closed (15 April 2020) | Viewed by 81638

Special Issue Editors


E-Mail Website
Guest Editor
Department of Information Security and Communication Technology, Norwegian University of Science Technology (NTNU), P.O. Box 191, N-2802 Gjøvik, Norway
Interests: critical infrastructure cyber security; information and communication systems security; cyber physical systems security; systems of systems security; network security; security awareness
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The rapid developments in hardware, software, and communication technologies have facilitated the spread of interconnected sensors, actuators and heterogeneous devices such as single board computers, which collect and exchange a large amount of data to offer a new class of advanced services characterized by being available anywhere, at any time and for anyone. This ecosystem is widely referred to as the Internet of Things (IoT). In the past years, the number of deployments both for sensor networks and the IoT grew significantly. This continuous and exponential growth is facilitated by investments and research activities originating from industry, academia and governments, while the penetration of these technologies is also driven by the high technology acceptance rates of both consumers and technologists across disciplines. Such networks collect, store, and exchange a large volume of heterogeneous data. Nevertheless, their rapid and widespread deployment, along with their participation in the provisioning of potentially critical services (e.g. safety applications, healthcare, manufacturing), raise numerous issues related to the security, privacy, and trustworthiness of the performed operations and provided services. Accordingly, research into the security and privacy of the IoT and sensor networks is attracting increasing attention from both industry and academia. In line with these efforts, the central theme of this Special Issue is to investigate novel methodologies, theories, technologies, techniques, and solutions for IoT/SN security, trust and privacy. In particular, this Special Issue aims at addressing these topics across multiple abstraction levels, ranging from architectural models, the provisioning of services, protocols and interfaces, as well as specific implementation approaches. Furthermore, additional focus will be given to areas related to the role of data mining and machine learning in modeling and deploying secure and trustworthy sensor networks and IoT systems.

Topics of Interest:

This Special Issue aims to present the most important and relevant advances to overcome the challenges related to security, privacy, and trustworthiness in sensor networks and the Internet of Things.

We seek original and high quality submissions on, but not limited to, one or more of the following topics:

  • Novel trustworthy architectures, protocols, or applications that achieve usable security in sensor networks and the IoT
  • Privacy preservation in sensor networks and the IoT
  • Privacy by design for sensor networks and the IoT
  • Vulnerability analysis in the IoT and sensor networks
  • Threat modeling in sensor networks and the IoT
  • Risk assessment in sensor networks and the IoT
  • Secure communications in sensor networks and the IoT
  • Device attestation in sensor networks and the IoT
  • Trustworthiness management models for sensor networks and the IoT
  • Intrusion detection for sensor networks and the IoT
  • Disaster recovery for sensor networks and the IoT
  • Forensics in sensor networks and the IoT
  • Privacy-preserving, machine-learning-based data analytics in sensor networks and the IoT
  • Real-time processing of sensor network and IoT data for intrusion detection and cyber security situational awareness
  • Security testbeds and experimental results for sensor networks and the IoT
  • Lightweight security protocols and architectures for the IoT and sensor networks
  • Privacy enhancing and anonymization techniques in sensor networks and the IoT
  • Trust and identity management in sensor networks and the IoT
  • Secure discovery and authentication in sensor networks and the IoT
  • Sensor networks and the IoT security life cycle
  • Access control for shared data in IoT devices
  • Algorithmic developments and applications of machine learning and data mining for big data in sensor networks and IoT security
  • Methods for modeling intentions and/or behaviors relevant to cybersecurity and privacy for sensor networks and the IoT
  • Distributed data mining and machine learning systems for sensor networks and IoT security.

Prof. Sokratis Katsikas
Dr. Vasileios Gkioulos
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (16 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Editorial

Jump to: Research, Review, Other

5 pages, 166 KiB  
Editorial
Security, Privacy, and Trustworthiness of Sensor Networks and Internet of Things
by Sokratis Katsikas and Vasileios Gkioulos
Sensors 2020, 20(14), 3846; https://doi.org/10.3390/s20143846 - 10 Jul 2020
Cited by 7 | Viewed by 2458
Abstract
This editorial gives an overview of the papers included in the Special Issue on “Security, Privacy, and Trustworthiness of Sensor Networks and Internet of Things” of Sensors. The context of the special issue theme is first briefly described. This is then followed [...] Read more.
This editorial gives an overview of the papers included in the Special Issue on “Security, Privacy, and Trustworthiness of Sensor Networks and Internet of Things” of Sensors. The context of the special issue theme is first briefly described. This is then followed by an outline of each paper that provides information on the problem addressed; the proposed solution/approach; and, where relevant, the results of the evaluation of the proposed solution. Full article

Research

Jump to: Editorial, Review, Other

23 pages, 861 KiB  
Article
RESPOnSE—A Framework for Enforcing Risk-Aware Security Policies in Constrained Dynamic Environments
by Christina Michailidou, Vasileios Gkioulos, Andrii Shalaginov, Athanasios Rizos and Andrea Saracino
Sensors 2020, 20(10), 2960; https://doi.org/10.3390/s20102960 - 23 May 2020
Cited by 1 | Viewed by 3289
Abstract
The enforcement of fine-grained access control policies in constrained dynamic networks can become a challenging task. The inherit constraints present in those networks, which result from the limitations of the edge devices in terms of power, computational capacity and storage, require an effective [...] Read more.
The enforcement of fine-grained access control policies in constrained dynamic networks can become a challenging task. The inherit constraints present in those networks, which result from the limitations of the edge devices in terms of power, computational capacity and storage, require an effective and efficient access control mechanism to be in place to provide suitable monitoring and control of actions and regulate the access over the resources. In this article, we present RESPOnSE, a framework for the specification and enforcement of security policies within such environments, where the computational burden is transferred to high-tier nodes, while low-tier nodes apply risk-aware policy enforcement. RESPOnSE builds on a combination of two widely used access control models, Attribute-Based Access Control and Role-Based Access Control, exploiting the benefits each one provides. Moreover, the proposed mechanism is founded on a compensatory multicriteria decision-making algorithm, based on the calculation of the Euclidean distance between the run-time values of the attributes present in the security policy and their ideal values, as those are specified within the established policy rules. Full article
Show Figures

Figure 1

25 pages, 705 KiB  
Article
Data Security and Trading Framework for Smart Grids in Neighborhood Area Networks
by Jayme Milanezi Junior, João Paulo C. L. da Costa, Caio C. R. Garcez, Robson de Oliveira Albuquerque, Arnaldo Arancibia, Lothar Weichenberger, Fábio Lucio Lopes de Mendonça, Giovanni del Galdo and Rafael T. de Sousa Jr.
Sensors 2020, 20(5), 1337; https://doi.org/10.3390/s20051337 - 29 Feb 2020
Cited by 8 | Viewed by 4984
Abstract
Due to the drastic increase of electricity prosumers, i.e., energy consumers that are also producers, smart grids have become a key solution for electricity infrastructure. In smart grids, one of the most crucial requirements is the privacy of the final users. The vast [...] Read more.
Due to the drastic increase of electricity prosumers, i.e., energy consumers that are also producers, smart grids have become a key solution for electricity infrastructure. In smart grids, one of the most crucial requirements is the privacy of the final users. The vast majority of the literature addresses the privacy issue by providing ways of hiding user’s electricity consumption. However, open issues in the literature related to the privacy of the electricity producers still remain. In this paper, we propose a framework that preserves the secrecy of prosumers’ identities and provides protection against the traffic analysis attack in a competitive market for energy trade in a Neighborhood Area Network (NAN). In addition, the amount of bidders and of successful bids are hidden from malicious attackers by our framework. Due to the need for small data throughput for the bidders, the communication links of our framework are based on a proprietary communication system. Still, in terms of data security, we adopt the Advanced Encryption Standard (AES) 128 bit with Exclusive-OR (XOR) keys due to their reduced computational complexity, allowing fast processing. Our framework outperforms the state-of-the-art solutions in terms of privacy protection and trading flexibility in a prosumer-to-prosumer design. Full article
Show Figures

Figure 1

18 pages, 2520 KiB  
Article
A Stepwise and Hybrid Trust Evaluation Scheme for Tactical Wireless Sensor Networks
by Jihun Lim, Dooho Keum and Young-Bae Ko
Sensors 2020, 20(4), 1108; https://doi.org/10.3390/s20041108 - 18 Feb 2020
Cited by 10 | Viewed by 2472
Abstract
In tactical wireless sensor networks, tactical sensors are increasingly expected to be exploited for information collection in battlefields or dangerous areas on behalf of soldiers. The main function of these networks is to use sensors to measure radiation, nuclear, and biochemical values for [...] Read more.
In tactical wireless sensor networks, tactical sensors are increasingly expected to be exploited for information collection in battlefields or dangerous areas on behalf of soldiers. The main function of these networks is to use sensors to measure radiation, nuclear, and biochemical values for the safety of allies and also to monitor and carry out reconnaissance of enemies. These tactical sensors require a network traffic flow that sends various types of measured information to the gateway, which needs high reliability. To ensure reliability, it must be able to detect malicious nodes that perform packet-dropping attacks to disrupt the network traffic flow, and energy-constrained sensors require energy-efficient methods to detect them. Therefore, in this paper, we propose a stepwise and hybrid trust evaluation scheme for locating malicious nodes that perform packet-dropping attacks in a tree-based network. Sensors send a query to the gateway by observing the traffic patterns of their child nodes. Moreover, depending on the situation, the gateway detects malicious nodes by choosing between gateway-assisted trust evaluation and gateway-independent trust evaluation. We implemented and evaluated the proposed scheme with the OPNET simulator, and the results showed that a higher packet delivery ratio can be achieved with significantly lower energy consumption. Full article
Show Figures

Figure 1

21 pages, 956 KiB  
Article
Information-Aware Secure Routing in Wireless Sensor Networks
by Qiong Shi, Li Qin, Yinghua Ding, Boli Xie, Jiajie Zheng and Lipeng Song
Sensors 2020, 20(1), 165; https://doi.org/10.3390/s20010165 - 26 Dec 2019
Cited by 38 | Viewed by 3899
Abstract
Secure routing is crucial for wireless sensor networks (WSNs) because they are vulnerable to various attacks. In this paper, we propose a new secure routing protocol for WSNs in the presence of malicious nodes. For each relay node in the route, associated information [...] Read more.
Secure routing is crucial for wireless sensor networks (WSNs) because they are vulnerable to various attacks. In this paper, we propose a new secure routing protocol for WSNs in the presence of malicious nodes. For each relay node in the route, associated information such as its trust value and status is considered in the protocol. The trust value is defined as the attack probability of the node according to previous packet-forwarding behaviors, and the status is a hybrid metric that combines the residual energy and distance to the sink node. Therefore, the route generated by the protocol is secure against malicious attacks and globally optimal according to the associated information. We used an improved variant of the Dijkstra algorithm to generate the secure route for WSNs in the presence of malicious nodes. Compared with the Reputation-Based Mechanism to Stimulate Cooperation (RBMSC) model in the same simulation environment, the proposed model can maintain a higher delivery ratio, which verifies the effectiveness of the proposed model on the basis of global optimization. Furthermore, compared with the traditional Dijkstra algorithm, the packet loss ratio in the improved Dijkstra algorithm is lower because it can more effectively avoid malicious nodes, thus verifying the effectiveness of the improved algorithm. Full article
Show Figures

Figure 1

24 pages, 5686 KiB  
Article
A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach
by Santiago Figueroa-Lorenzo, Javier Añorga and Saioa Arrizabalaga
Sensors 2019, 19(20), 4455; https://doi.org/10.3390/s19204455 - 14 Oct 2019
Cited by 41 | Viewed by 7590
Abstract
Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads [...] Read more.
Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol’s resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites. Full article
Show Figures

Figure 1

20 pages, 701 KiB  
Article
Mitigating the Impact on Users’ Privacy Caused by over Specifications in the Design of IoT Applications
by Alfredo Pérez Fernández and Guttorm Sindre
Sensors 2019, 19(19), 4318; https://doi.org/10.3390/s19194318 - 6 Oct 2019
Cited by 4 | Viewed by 2874
Abstract
Privacy has long been an important issue for IT systems that handle personal information, and is further aggravated as technology for collecting and analyzing massive amounts of data is becoming increasingly effective. There are methods to help practitioners analyze the privacy implications of [...] Read more.
Privacy has long been an important issue for IT systems that handle personal information, and is further aggravated as technology for collecting and analyzing massive amounts of data is becoming increasingly effective. There are methods to help practitioners analyze the privacy implications of a system during the design time. However, this is still a difficult task, especially when dealing with Internet of Things scenarios. The problem of privacy can become even more unmanageable with the introduction of overspecifications during the system development life cycle. In this paper, we carried out a controlled experiment with students performing an analysis of privacy implications using two different methods. One method aims at reducing the impact of overspecifications through the application of a goal-oriented analysis. The other method does not involve a goal-oriented analysis and is used as a control. Our initial findings show that conducting a goal-oriented analysis early during design time can have a positive impact over the privacy friendliness of the resulting system. Full article
Show Figures

Figure 1

19 pages, 736 KiB  
Article
False Data Detection for Fog and Internet of Things Networks
by Romano Fantacci, Francesca Nizzi, Tommaso Pecorella, Laura Pierucci and Manuel Roveri
Sensors 2019, 19(19), 4235; https://doi.org/10.3390/s19194235 - 29 Sep 2019
Cited by 15 | Viewed by 3270
Abstract
The Internet of Things (IoT) context brings new security issues due to billions of smart end-devices both interconnected in wireless networks and connected to the Internet by using different technologies. In this paper, we propose an attack-detection method, named Data Intrusion Detection System [...] Read more.
The Internet of Things (IoT) context brings new security issues due to billions of smart end-devices both interconnected in wireless networks and connected to the Internet by using different technologies. In this paper, we propose an attack-detection method, named Data Intrusion Detection System (DataIDS), based on real-time data analysis. As end devices are mainly resource constrained, Fog Computing (FC) is introduced to implement the DataIDS. FC increases storage, computation capabilities, and processing capabilities, allowing it to detect promptly an attack with respect to security solutions on the Cloud. This paper also considers an attack tree to model threats and vulnerabilities of Fog/IoT scenarios with heterogeneous devices and suggests countermeasure costs. We verify the performance of the proposed DataIDS, implementing a testbed with several devices that measure different physical quantities and by using standard data-gathering protocols. Full article
Show Figures

Figure 1

26 pages, 755 KiB  
Article
IoT Security Configurability with Security-by-Contract
by Alberto Giaretta, Nicola Dragoni and Fabio Massacci
Sensors 2019, 19(19), 4121; https://doi.org/10.3390/s19194121 - 23 Sep 2019
Cited by 8 | Viewed by 3991
Abstract
Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and [...] Read more.
Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events. Full article
Show Figures

Figure 1

19 pages, 3501 KiB  
Article
An Edge-Fog Secure Self-Authenticable Data Transfer Protocol
by Algimantas Venčkauskas, Nerijus Morkevicius, Vaidas Jukavičius, Robertas Damaševičius, Jevgenijus Toldinas and Šarūnas Grigaliūnas
Sensors 2019, 19(16), 3612; https://doi.org/10.3390/s19163612 - 19 Aug 2019
Cited by 21 | Viewed by 5127
Abstract
Development of the Internet of Things (IoT) opens many new challenges. As IoT devices are getting smaller and smaller, the problems of so-called “constrained devices” arise. The traditional Internet protocols are not very well suited for constrained devices comprising localized network nodes with [...] Read more.
Development of the Internet of Things (IoT) opens many new challenges. As IoT devices are getting smaller and smaller, the problems of so-called “constrained devices” arise. The traditional Internet protocols are not very well suited for constrained devices comprising localized network nodes with tens of devices primarily communicating with each other (e.g., various sensors in Body Area Network communicating with each other). These devices have very limited memory, processing, and power resources, so traditional security protocols and architectures also do not fit well. To address these challenges the Fog computing paradigm is used in which all constrained devices, or Edge nodes, primarily communicate only with less-constrained Fog node device, which collects all data, processes it and communicates with the outside world. We present a new lightweight secure self-authenticable transfer protocol (SSATP) for communications between Edge nodes and Fog nodes. The primary target of the proposed protocol is to use it as a secure transport for CoAP (Constrained Application Protocol) in place of UDP (User Datagram Protocol) and DTLS (Datagram Transport Layer Security), which are traditional choices in this scenario. SSATP uses modified header fields of standard UDP packets to transfer additional protocol handling and data flow management information as well as user data authentication information. The optional redundant data may be used to provide increased resistance to data losses when protocol is used in unreliable networks. The results of experiments presented in this paper show that SSATP is a better choice than UDP with DTLS in the cases, where the CoAP block transfer mode is used and/or in lossy networks. Full article
Show Figures

Figure 1

13 pages, 5482 KiB  
Article
RPAS Forensic Validation Analysis Towards a Technical Investigation Process: A Case Study of Yuneec Typhoon H
by Fahad E. Salamh, Umit Karabiyik and Marcus K. Rogers
Sensors 2019, 19(15), 3246; https://doi.org/10.3390/s19153246 - 24 Jul 2019
Cited by 19 | Viewed by 6239
Abstract
The rapid pace of invention in technology and the evolution of network communication has produced a new lifestyle with variety of opportunities and challenges. Remotely Piloted Aerial Systems (RPAS) technology, which includes drones, is one example of a recently invented technology that requires [...] Read more.
The rapid pace of invention in technology and the evolution of network communication has produced a new lifestyle with variety of opportunities and challenges. Remotely Piloted Aerial Systems (RPAS) technology, which includes drones, is one example of a recently invented technology that requires the collection of a solid body of defensible and admissible evidence to help eliminate potential real-world threats posed by their use. With the advent of smartphones, there has been an increase in digital forensic investigation processes developed to assist specialized digital forensic investigators in presenting forensically sound evidence in the courts of law. Therefore, it is necessary to apply digital forensic techniques and procedures to different types of RPASs in order to create a line of defense against new challenges, such as aerial-related incidents, introduced by the use of these technologies. Drone operations by bad actors are rapidly increasing and these actors are constantly developing new approaches. These criminal operations include invasion of privacy, drug smuggling, and terrorist activities. Additionally, drone crashes and incidents raise significant concerns. In this paper, we propose a technical forensic process consisting of ten technical phases for the analysis of RPAS forensic artifacts, which can reduce the complexity of the identification and investigation of drones. Using the proposed technical process, we analyze drone images using the Computer Forensics Reference Datasets (CFReDS) and present results for the Typhoon H aerial vehicle manufactured by Yuneec, Inc. Furthermore, this paper explores the availability and value of digital evidence that would allow a more practical digital investigation to be able to build an evidence-based experience. Therefore, we particularly focus on developing a technical drone investigation process that can be applied to various types of drones. Full article
Show Figures

Figure 1

29 pages, 3490 KiB  
Article
SPS and DPS: Two New Grid-Based Source Location Privacy Protection Schemes in Wireless Sensor Networks
by Qiuhua Wang, Jiacheng Zhan, Xiaoqin Ouyang and Yizhi Ren
Sensors 2019, 19(9), 2074; https://doi.org/10.3390/s19092074 - 4 May 2019
Cited by 13 | Viewed by 4307
Abstract
Wireless Sensor Networks (WSNs) have been widely deployed to monitor valuable objects. In these applications, the sensor node senses the existence of objects and transmitting data packets to the sink node (SN) in a multi hop fashion. The SN is a powerful node [...] Read more.
Wireless Sensor Networks (WSNs) have been widely deployed to monitor valuable objects. In these applications, the sensor node senses the existence of objects and transmitting data packets to the sink node (SN) in a multi hop fashion. The SN is a powerful node with high performance and is used to collect all the information sensed by the sensor nodes. Due to the open nature of the wireless medium, it is easy for an adversary to trace back along the routing path of the packets and get the location of the source node. Once adversaries have got the source node location, they can capture the monitored targets. Thus, it is important to protect the source node location privacy in WSNs. Many methods have been proposed to deal with this source location privacy protection problem, and most of them provide routing path diversity by using phantom node (PN) which is a fake source node used to entice the adversaries away from the actual source node. But in the existing schemes, the PN is determined by the source node via flooding, which not only consumes a lot of communication overhead, but also shortens the safety period of the source node. In view of the above problems, we propose two new grid-based source location privacy protection schemes in WSNs called grid-based single phantom node source location privacy protection scheme (SPS) and grid-based dual phantom node source location privacy protection scheme (DPS) in this paper. Different from the idea of determining the phantom node by the source node in the existing schemes, we propose to use powerful sink node to help the source node to determine the phantom node candidate set (PNCS), from which the source node randomly selects a phantom node acting as a fake source node. We evaluate our schemes through theoretical analysis and experiments. Experimental results show that compared with other schemes, our proposed schemes are more efficient and achieves higher security, as well as keeping lower total energy consumption. Our proposed schemes can protect the location privacy of the source node even in resource-constrained wireless network environments. Full article
Show Figures

Figure 1

Review

Jump to: Editorial, Research, Other

34 pages, 825 KiB  
Review
A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues
by A. S. M. Kayes, Rudri Kalaria, Iqbal H. Sarker, Md. Saiful Islam, Paul A. Watters, Alex Ng, Mohammad Hammoudeh, Shahriar Badsha and Indika Kumara
Sensors 2020, 20(9), 2464; https://doi.org/10.3390/s20092464 - 27 Apr 2020
Cited by 58 | Viewed by 8479
Abstract
Over the last few decades, the proliferation of the Internet of Things (IoT) has produced an overwhelming flow of data and services, which has shifted the access control paradigm from a fixed desktop environment to dynamic cloud environments. Fog computing is associated with [...] Read more.
Over the last few decades, the proliferation of the Internet of Things (IoT) has produced an overwhelming flow of data and services, which has shifted the access control paradigm from a fixed desktop environment to dynamic cloud environments. Fog computing is associated with a new access control paradigm to reduce the overhead costs by moving the execution of application logic from the centre of the cloud data sources to the periphery of the IoT-oriented sensor networks. Indeed, accessing information and data resources from a variety of IoT sources has been plagued with inherent problems such as data heterogeneity, privacy, security and computational overheads. This paper presents an extensive survey of security, privacy and access control research, while highlighting several specific concerns in a wide range of contextual conditions (e.g., spatial, temporal and environmental contexts) which are gaining a lot of momentum in the area of industrial sensor and cloud networks. We present different taxonomies, such as contextual conditions and authorization models, based on the key issues in this area and discuss the existing context-sensitive access control approaches to tackle the aforementioned issues. With the aim of reducing administrative and computational overheads in the IoT sensor networks, we propose a new generation of Fog-Based Context-Aware Access Control (FB-CAAC) framework, combining the benefits of the cloud, IoT and context-aware computing; and ensuring proper access control and security at the edge of the end-devices. Our goal is not only to control context-sensitive access to data resources in the cloud, but also to move the execution of an application logic from the cloud-level to an intermediary-level where necessary, through adding computational nodes at the edge of the IoT sensor network. A discussion of some open research issues pertaining to context-sensitive access control to data resources is provided, including several real-world case studies. We conclude the paper with an in-depth analysis of the research challenges that have not been adequately addressed in the literature and highlight directions for future work that has not been well aligned with currently available research. Full article
Show Figures

Figure 1

19 pages, 774 KiB  
Review
Use Of Smartphones for Ensuring Vulnerable Road User Safety through Path Prediction and Early Warning: An In-Depth Review of Capabilities, Limitations and Their Applications in Cooperative Intelligent Transport Systems
by Ioannis Vourgidis, Leandros Maglaras, Ahmed S. Alfakeeh, Ali H. Al-Bayatti and Mohamed Amine Ferrag
Sensors 2020, 20(4), 997; https://doi.org/10.3390/s20040997 - 13 Feb 2020
Cited by 21 | Viewed by 6278
Abstract
The field of cooperative intelligent transport systems and more specifically pedestrians to vehicles could be characterized as quite challenging, since there is a broad research area to be studied, with direct positive results to society. Pedestrians to vehicles is a type of cooperative [...] Read more.
The field of cooperative intelligent transport systems and more specifically pedestrians to vehicles could be characterized as quite challenging, since there is a broad research area to be studied, with direct positive results to society. Pedestrians to vehicles is a type of cooperative intelligent transport system, within the group of early warning collision/safety system. In this article, we examine the research and applications carried out so far within the field of pedestrians to vehicles cooperative transport systems by leveraging the information coming from vulnerable road users’ smartphones. Moreover, an extensive literature review has been carried out in the fields of vulnerable road users outdoor localisation via smartphones and vulnerable road users next step/movement prediction, which are closely related to pedestrian to vehicle applications and research. We identify gaps that exist in these fields that could be improved/extended/enhanced or newly developed, while we address future research objectives and methodologies that could support the improvement/development of those identified gaps. Full article
Show Figures

Figure 1

22 pages, 1294 KiB  
Review
Survey on Revocation in Ciphertext-Policy Attribute-Based Encryption
by Ruqayah R. Al-Dahhan, Qi Shi, Gyu Myoung Lee and Kashif Kifayat
Sensors 2019, 19(7), 1695; https://doi.org/10.3390/s19071695 - 9 Apr 2019
Cited by 50 | Viewed by 6649
Abstract
Recently, using advanced cryptographic techniques to process, store, and share data securely in an untrusted cloud environment has drawn widespread attention from academic researchers. In particular, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a promising, advanced type of encryption technique that resolves an open challenge [...] Read more.
Recently, using advanced cryptographic techniques to process, store, and share data securely in an untrusted cloud environment has drawn widespread attention from academic researchers. In particular, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a promising, advanced type of encryption technique that resolves an open challenge to regulate fine-grained access control of sensitive data according to attributes, particularly for Internet of Things (IoT) applications. However, although this technique provides several critical functions such as data confidentiality and expressiveness, it faces some hurdles including revocation issues and lack of managing a wide range of attributes. These two issues have been highlighted by many existing studies due to their complexity which is hard to address without high computational cost affecting the resource-limited IoT devices. In this paper, unlike other survey papers, existing single and multiauthority CP-ABE schemes are reviewed with the main focus on their ability to address the revocation issues, the techniques used to manage the revocation, and comparisons among them according to a number of secure cloud storage criteria. Therefore, this is the first review paper analysing the major issues of CP-ABE in the IoT paradigm and explaining the existing approaches to addressing these issues. Full article
Show Figures

Figure 1

Other

11 pages, 538 KiB  
Technical Note
Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk
by Sharad Agarwal, Pascal Oser and Stefan Lueders
Sensors 2019, 19(19), 4107; https://doi.org/10.3390/s19194107 - 23 Sep 2019
Cited by 21 | Viewed by 8094
Abstract
The introduction of the Internet of Things (IoT), i.e., the interconnection of embedded devices over the Internet, has changed the world we live in from the way we measure, make calls, print information and even the way we get energy in our offices [...] Read more.
The introduction of the Internet of Things (IoT), i.e., the interconnection of embedded devices over the Internet, has changed the world we live in from the way we measure, make calls, print information and even the way we get energy in our offices or homes. The convenience of IoT products, like closed circuit television (CCTV) cameras, internet protocol (IP) phones, and oscilloscopes, is overwhelming for end users. In parallel, however, security issues have emerged and it is essential for infrastructure providers to assess the associated security risks. In this paper, we propose a novel method to detect IoT devices and identify the manufacturer, device model, and the firmware version currently running on the device using the page source from the web user interface. We performed automatic scans of the large-scale network at the European Organization for Nuclear Research (CERN) to evaluate our approach. Our tools identified 233 IoT devices that fell into eleven distinct device categories and included 49 device models manufactured by 26 vendors from across the world. Full article
Show Figures

Figure 1

Back to TopTop