Special issue on Symmetry and Asymmetry in IoT and CPS Security and Privacy

A special issue of Symmetry (ISSN 2073-8994). This special issue belongs to the section "Computer".

Deadline for manuscript submissions: closed (30 September 2022) | Viewed by 79944

Special Issue Editors


E-Mail Website
Guest Editor
Department of Information and Communication Systems Engineering, University of the Aegean, 83100 Samos, Greece
Interests: mobile and wireless networks security and privacy; VoIP security; IoT security and privacy; DNS security; intrusion detection systems; security education
Special Issues, Collections and Topics in MDPI journals

E-Mail
Guest Editor
Zhejiang Gongshang University, China

Special Issue Information

Dear Colleagues,

Internet of Things (IoT) enables Internet-connected devices to maintain seamless connections between people, networks, and physical services. It allows billions of objects in the physical world, as well as virtual environments, to exchange data with each other in an autonomous way, which is the basis of smart ecosystems, including automotive, healthcare, smart cities, smart homes, logistics, and environmental monitoring. With their connection capability, cyber-physical systems (CPS) comprise interacting digital, analog, physical, and human components engineered for functioning via integrated physics and logic. These systems provide the foundation of critical infrastructures, form the basis of emerging and future smart services, and improve quality of life in many domains.

In the context of IoT and CPS, and given the broadcast nature of wireless channels, security and privacy have become of utmost concern. For instance, because of increasingly skilled cybercriminals, transmitting confidential data over IoT/CPS remains a challenging task in both academia and industry. Even more, with the global rollout of 5G systems, which will eventually lead to an even tighter integration of the legacy internet and IoT, there is a greater need to safeguard IoT and CPS and adequately defend such systems against the plethora of modern external and insider threats.

This Special Issue will focus on IoT and CPS security and privacy with the aim to solicit the latest technologies, solutions, case studies, and prototypes on this topic.

Topics of interest include, but are limited to, the following:

Ь Secure data management in IoT/CPS
Ь Intrusion detection and prevention, firewalls, and packet filters
Ь Malware, botnets, and distributed denial of service
Ь IoT/CPS communication privacy and anonymity
Ь Forensics techniques
Ь Public key infrastructures, key management, and credential management
Ь Secure routing in IoT/CPS
Ь Security and privacy in pervasive and ubiquitous computing
Ь Security and privacy for IoT/CPS applications.
Ь Disaster recovery in IoT/CPS communication
Ь Reliability of IoT/CPS communication

Dr. Weizhi Meng
Dr. Georgios Kambourakis
Prof. Dr. Jun Shao
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Symmetry is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (19 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

19 pages, 3514 KiB  
Article
Aye: A Trusted Forensic Method for Firmware Tampering Attacks
by Yipeng Zhang, Ye Li and Zhoujun Li
Symmetry 2023, 15(1), 145; https://doi.org/10.3390/sym15010145 - 3 Jan 2023
Cited by 6 | Viewed by 3009
Abstract
The Programmable Logic Controller (PLC) is located at the junction of the virtual network and physical reality in the Industrial Control System (ICS), which is vulnerable to attacks due to its weak security. Specifically, firmware tampering attacks take the firmware under the PLC [...] Read more.
The Programmable Logic Controller (PLC) is located at the junction of the virtual network and physical reality in the Industrial Control System (ICS), which is vulnerable to attacks due to its weak security. Specifically, firmware tampering attacks take the firmware under the PLC operating system as the primary attack target. The firmware provides the bridge between PLC’s hardware and software, which means tampering against the firmware can be more destructive and harmful than other attacks. However, existing defense and forensics methods against firmware tampering attacks are asymmetrical, which directly leads to the proliferation of such attacks and the difficulty of forensic tracing. How to accurately, quickly, and efficiently conduct forensics for such attacks is an urgent problem. In this paper, we designed and implemented a reliable detection method based on Joint Test Action Group (JTAG) and memory comparison—Aye, which can detect mainstream firmware tampering attacks reliably. To determine the effectiveness and reliability of Aye, we selected a widely used PLC to observe Aye’s performance in defense and forensics by simulating the two latest PLC firmware tampering attack methods. The experimental results show that Aye can effectively defend against firmware tampering attacks, helping improve the efficiency and accuracy of such attack detection and forensics. Full article
Show Figures

Figure 1

24 pages, 2070 KiB  
Article
A Robust and Anonymous Three-Factor Authentication Scheme Based ECC for Smart Home Environments
by Xiong Wang, Yuan Teng, Yaping Chi and Hongbo Hu
Symmetry 2022, 14(11), 2394; https://doi.org/10.3390/sym14112394 - 12 Nov 2022
Cited by 8 | Viewed by 1798
Abstract
With the rapid development of the Internet of Things (IoT) industry, the smart home is fully integrated with people’s shelter and transportation, which facilitates people’s daily life. A smart home without a security authentication mechanism will inevitably cause a series of security threats. [...] Read more.
With the rapid development of the Internet of Things (IoT) industry, the smart home is fully integrated with people’s shelter and transportation, which facilitates people’s daily life. A smart home without a security authentication mechanism will inevitably cause a series of security threats. This is essentially a problem of symmetry model worth solving. In fact, researchers have designed various authentication schemes to verify the identity of users and to ensure smart devices can be legally accessed through authorization in the smart home. In 2021, Yu proposed a three-factor anonymous authentication scheme for smart homes using lightweight symmetric encryption primitives and stated that their scheme is resistant to various known security attacks. However, after careful analysis, we found that Yu’s scheme needs further improvement in node capture attack and offline password guessing attack and that forward security cannot be guaranteed. Therefore, we first design a robust three-factor anonymous authentication scheme for smart homes based on asymmetric encryption Elliptic Curve Cryptography (ECC). Then, we perform formal and informal security analysis in which the formal analysis tools include Burrows-Abadi-Needham (BAN) logic and Scyther simulation tool to prove that the proposed scheme can achieve user anonymity, untraceability, and session key forward security. Meanwhile, mutual authentication is performed, and the scheme is resistant to all known attacks described in this article. Finally, a performance comparison is made in terms of efficiency, which shows that our scheme can have certain advantages with those newly designed schemes, achieve a delicate balance in performance and safety, and is more practical for the real smart home environment. Full article
Show Figures

Figure 1

16 pages, 1907 KiB  
Article
Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT
by Da-Zhi Sun
Symmetry 2021, 13(10), 1952; https://doi.org/10.3390/sym13101952 - 16 Oct 2021
Cited by 6 | Viewed by 1920
Abstract
Vinoth et al. proposed an authenticated key agreement scheme for industrial IoT (Internet of Things) applications. Vinoth et al.’s scheme aimed to protect the remote sensing data of industrial IoT devices under hostile environments. The scheme is interesting because the authorized user is [...] Read more.
Vinoth et al. proposed an authenticated key agreement scheme for industrial IoT (Internet of Things) applications. Vinoth et al.’s scheme aimed to protect the remote sensing data of industrial IoT devices under hostile environments. The scheme is interesting because the authorized user is allowed simultaneously to access the multiple IoT sensing devices. Therefore, we carefully analyzed the security and privacy implications of Vinoth et al.’s scheme. Our findings are summarized as follows. One, Vinoth et al.’s scheme failed to defeat user impersonation attacks. Second, Vinoth et al.’s scheme did not prevent IoT sensing device impersonation attacks. Third, Vinoth et al.’s scheme suffered from replay attacks. Fourth, Vinoth et al.’s scheme was vulnerable to desynchronization attacks. Fifth, Vinoth et al.’s scheme could not maintain user privacy. As a case study, our analysis results enlighten researchers and engineers on the design of robust and efficient authenticated key agreement schemes for IoT applications. Full article
Show Figures

Figure 1

18 pages, 1792 KiB  
Article
A Practical Privacy-Preserving Publishing Mechanism Based on Personalized k-Anonymity and Temporal Differential Privacy for Wearable IoT Applications
by Junqi Guo, Minghui Yang and Boxin Wan
Symmetry 2021, 13(6), 1043; https://doi.org/10.3390/sym13061043 - 9 Jun 2021
Cited by 20 | Viewed by 3335
Abstract
With the rapid development of the Internet of Things (IoT), wearable devices have become ubiquitous and interconnected in daily lives. Because wearable devices collect, transmit, and monitor humans’ physiological signals, data privacy should be a concern, as well as fully protected, throughout the [...] Read more.
With the rapid development of the Internet of Things (IoT), wearable devices have become ubiquitous and interconnected in daily lives. Because wearable devices collect, transmit, and monitor humans’ physiological signals, data privacy should be a concern, as well as fully protected, throughout the whole process. However, the existing privacy protection methods are insufficient. In this paper, we propose a practical privacy-preserving mechanism for physiological signals collected by intelligent wearable devices. In the data acquisition and transmission stage, we employed existing asymmetry encryption-based methods. In the data publishing stage, we proposed a new model based on the combination and optimization of k-anonymity and differential privacy. An entropy-based personalized k-anonymity algorithm is proposed to improve the performance on processing the static and long-term data. Moreover, we use the symmetry of differential privacy and propose the temporal differential privacy mechanism for real-time data to suppress the privacy leakage while updating data. It is proved theoretically that the combination of the two algorithms is reasonable. Finally, we use smart bracelets as an example to verify the performance of our mechanism. The experiment results show that personalized k-anonymity improves up to 6.25% in terms of security index compared with traditional k-anonymity, and the grouping results are more centralized. Moreover, temporal differential privacy effectively reduces the amount of information exposed, which protects the privacy of IoT-based users. Full article
Show Figures

Figure 1

19 pages, 6144 KiB  
Article
Test for Detection of Weak Graphic Passwords in Passpoint Based on the Mean Distance between Points
by Joaquín Alberto Herrera-Macías, Carlos Miguel Legón-Pérez, Lisset Suárez-Plasencia, Luis Ramiro Piñeiro-Díaz, Omar Rojas and Guillermo Sosa-Gómez
Symmetry 2021, 13(5), 777; https://doi.org/10.3390/sym13050777 - 30 Apr 2021
Cited by 4 | Viewed by 1954
Abstract
This work demonstrates the ineffectiveness of the Ripley’s K function tests, the distance to the nearest neighbor, and the empty space function in the Graphical Authentication scenario with Passpoint for the detection of non-random graphical passwords. The results obtained show that none of [...] Read more.
This work demonstrates the ineffectiveness of the Ripley’s K function tests, the distance to the nearest neighbor, and the empty space function in the Graphical Authentication scenario with Passpoint for the detection of non-random graphical passwords. The results obtained show that none of these tests effectively detect non-random graphical passwords; the reason for their failure is attributed to the small sample of the spatial pattern in question, where only the five points of the graphical password are analyzed. Consequently, a test based on mean distances is proposed, whose experiments show that it detects with good efficiency non-random graphical passwords in Passpoint. The test was designed to be included in the Graphical Authentication systems with Passpoint to warn the user about a possibly weak password during the registration phase, and in this way, the security of the system is increased. Full article
Show Figures

Figure 1

20 pages, 548 KiB  
Article
Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems
by Ivan Babić, Aleksandar Miljković, Milan Čabarkapa, Vojkan Nikolić, Aleksandar Đorđević, Milan Ranđelović and Dragan Ranđelović
Symmetry 2021, 13(4), 557; https://doi.org/10.3390/sym13040557 - 27 Mar 2021
Cited by 12 | Viewed by 2871
Abstract
This paper presents a novel approach for an Intrusion Detection System (IDS) based on one kind of asymmetric optimization which use any three already well-known IDS algorithms and Triple Modular Redundancy (TMR) algorithm together. Namely, a variable threshold which indicates an attack on [...] Read more.
This paper presents a novel approach for an Intrusion Detection System (IDS) based on one kind of asymmetric optimization which use any three already well-known IDS algorithms and Triple Modular Redundancy (TMR) algorithm together. Namely, a variable threshold which indicates an attack on an observed and protected network is determined by using all three values obtained with three known IDS algorithms i.e., on previously recorded data by making a decision by majority. For these algorithms authors used algorithm of k-nearest neighbors, cumulative sum algorithm, and algorithm of exponentially weighted moving average. Using a proposed method we can get a threshold that is more precisely determined than in the case of any method individual. Practically, using TMR we obtain a dynamically threshold adjustment of IDS software, which reduces the existence of false alarms and undetected attacks, so the efficiency of such IDS software is notably higher and can get better results. Today, Denial of Service attacks (DoS) are one of the most present type of attacks and the reason for the special attention paid to them in this paper. In addition, the authors of the proposed method for IDS software used a known CIC-DDoS2019 dataset, which contains various data recordings of such attacks. Obtained results with the proposed solution showed better characteristics than each individual used algorithm in this solution. IDS software with the proposed method worked precisely and timely, which means alarms were triggered properly and efficiently. Full article
Show Figures

Figure 1

12 pages, 979 KiB  
Article
Secure the IoT Networks as Epidemic Containment Game
by Juntao Zhu, Hong Ding, Yuchen Tao, Zhen Wang and Lanping Yu
Symmetry 2021, 13(2), 156; https://doi.org/10.3390/sym13020156 - 20 Jan 2021
Viewed by 2076
Abstract
The spread of a computer virus among the Internet of Things (IoT) devices can be modeled as an Epidemic Containment (EC) game, where each owner decides the strategy, e.g., installing anti-virus software, to maximize his utility against the susceptible-infected-susceptible (SIS) model of the [...] Read more.
The spread of a computer virus among the Internet of Things (IoT) devices can be modeled as an Epidemic Containment (EC) game, where each owner decides the strategy, e.g., installing anti-virus software, to maximize his utility against the susceptible-infected-susceptible (SIS) model of the epidemics on graphs. The EC game’s canonical solution concepts are the Minimum/Maximum Nash Equilibria (MinNE/MaxNE). However, computing the exact MinNE/MaxNE is NP-hard, and only several heuristic algorithms are proposed to approximate the MinNE/MaxNE. To calculate the exact MinNE/MaxNE, we provide a thorough analysis of some special graphs and propose scalable and exact algorithms for general graphs. Especially, our contributions are four-fold. First, we analytically give the MinNE/MaxNE for EC on special graphs based on spectral radius. Second, we provide an integer linear programming formulation (ILP) to determine MinNE/MaxNE for the general graphs with the small epidemic threshold. Third, we propose a branch-and-bound (BnB) framework to compute the exact MinNE/MaxNE in the general graphs with several heuristic methods to branch the variables. Fourth, we adopt NetShiled (NetS) method to approximate the MinNE to improve the scalability. Extensive experiments demonstrate that our BnB algorithm can outperform the naive enumeration method in scalability, and the NetS can improve the scalability significantly and outperform the previous heuristic method in solution quality. Full article
Show Figures

Figure 1

22 pages, 1110 KiB  
Article
An Efficient Login Authentication System against Multiple Attacks in Mobile Devices
by Yang Li, Xinyu Yun, Liming Fang and Chunpeng Ge
Symmetry 2021, 13(1), 125; https://doi.org/10.3390/sym13010125 - 13 Jan 2021
Cited by 3 | Viewed by 3478
Abstract
Access management of IoT devices is extremely important, and a secure login authentication scheme can effectively protect users’ privacy. However, traditional authentication schemes are threatened by shoulder-surfing attacks, and biometric-based schemes, such as fingerprint recognition and face recognition, that are commonly used today [...] Read more.
Access management of IoT devices is extremely important, and a secure login authentication scheme can effectively protect users’ privacy. However, traditional authentication schemes are threatened by shoulder-surfing attacks, and biometric-based schemes, such as fingerprint recognition and face recognition, that are commonly used today can also be cracked. Researchers have proposed some schemes for current attacks, but they are limited by usability. For example, the login authentication process requires additional device support. This method solves the problem of attacks, but it is unusable, which limits its application. At present, most authentication schemes for the Internet of Things and mobile platforms either focus on security, thus ignoring availability, or have excellent convenience but insufficient security. This is a symmetry problem worth exploring. Therefore, users need a new type of login authentication scheme that can balance security and usability to protect users’ private data or maintain device security. In this paper, we propose a login authentication scheme named PinWheel, which combines a textual password, a graphical password, and biometrics to prevent both shoulder-surfing attacks and smudge attacks and solves the current schemes’ lack of usability. We implemented PinWheel and evaluated it from the perspective of security and usability. The experiments required 262 days, and 573 subjects participated in our investigation. The evaluation results show that PinWheel can at least effectively resist both mainstream attacks and is superior to most existing schemes in terms of usability. Full article
Show Figures

Figure 1

11 pages, 2148 KiB  
Article
A Physical Layer Security Enhancement Scheme under the Ambient Backscatter System
by Pengfei Hou, Jianping Gong and Jumin Zhao
Symmetry 2021, 13(1), 5; https://doi.org/10.3390/sym13010005 - 22 Dec 2020
Cited by 4 | Viewed by 2587
Abstract
In this paper, we proposed a scheme that Injects artificial noise from the tag end (IANT) to enhance the physical layer security of the ambient backscatter communication (ABC) system. The difference between the ABC system and the traditional radio frequency identification system is [...] Read more.
In this paper, we proposed a scheme that Injects artificial noise from the tag end (IANT) to enhance the physical layer security of the ambient backscatter communication (ABC) system. The difference between the ABC system and the traditional radio frequency identification system is whether it uses the radio frequency (RF) signals in the environment to supply energy and modulation information for passive tags. In the IANT scheme, we select the best tag to communicate with the reader according to the channel quality between tags and reader, and at the same time select another tag to generate artificial noise that affects the receiving effect of the eavesdropper. This paper uses the method of generating noise copies in the reader to reduce the interference of artificial noise on the signal received by the reader. The simulation results show that with the increase in channel quality between tags and reader and the increase in the number of tags, the proposed IANT scheme is significantly superior to the contrast scheme in terms of system achievable secrecy rate, effectively enhancing the physical layer security of the ABC system. Full article
Show Figures

Figure 1

17 pages, 379 KiB  
Article
Priority Measurement of Patches for Program Repair Based on Semantic Distance
by Yukun Dong, Meng Wu, Li Zhang, Wenjing Yin, Mengying Wu and Haojie Li
Symmetry 2020, 12(12), 2102; https://doi.org/10.3390/sym12122102 - 17 Dec 2020
Cited by 4 | Viewed by 2436
Abstract
Automated program repair is an effective way to ensure software quality and improve software development efficiency. At present, there are many methods and tools of automated program reapir in real world, but most of them have low repair accuracy, resulting in a large [...] Read more.
Automated program repair is an effective way to ensure software quality and improve software development efficiency. At present, there are many methods and tools of automated program reapir in real world, but most of them have low repair accuracy, resulting in a large number of incorrect patches in the generated patches. To solve this problem, we propose a patch quality evaluation method based on semantic distance, which measures the semantic distance of patches by using features of interval distance, output coverage, and path matching. For each evaluation feature, we give a quantitative formula to obtain a specific distance value and use the distance to calculate the recommended patch value to measure the quality of the patch. Our quality evaluation method evaluated 279 patches from previous program repair tools, including Nopol, DynaMoth, ACS, jGenProg, and CapGen. This quality evaluation method successfully arranged the correct patches before the plausible but incorrect patches, and it recommended the higher-ranked patches to users first. On this basis, we compared our evaluation method with the existing evaluation methods and judged the evaluation ability of each feature. We showed that our proposed patch quality evaluation method can improve the repair accuracy of repair tools. Full article
Show Figures

Figure 1

11 pages, 1888 KiB  
Article
A Ring Signature Based Anonymity Authentication Scheme for Group Medical Consultation
by Chia-Chen Lin, Chin-Chen Chang and Yao-Zhu Zheng
Symmetry 2020, 12(12), 2009; https://doi.org/10.3390/sym12122009 - 5 Dec 2020
Cited by 5 | Viewed by 3368
Abstract
Due to the rapid development of physiological monitoring devices, internet of things (IoT) and communication technology, telecare medical information systems (TMIS) are getting more and more important in assisting doctors in completing medical work nowadays. Because of the open nature of wireless networks, [...] Read more.
Due to the rapid development of physiological monitoring devices, internet of things (IoT) and communication technology, telecare medical information systems (TMIS) are getting more and more important in assisting doctors in completing medical work nowadays. Because of the open nature of wireless networks, a secure TMIS which offers authentication, anonymity and privacy features is required. There are many schemes protecting TMIS that have been proposed recently. Unfortunately, they cannot guarantee both patient’s and doctor’s privacy and security at the same time. This paper proposes a ring signature-based TMIS authentication scheme for a group consultation environment. In our proposed scheme, a patient can inquire about their symptoms without revealing their identity, and a doctor can also keep their own identity confidential when making a diagnosis. In view of the increasing number of serious patient–physician disputes, our proposed scheme can have a practical application. Compared to other related work, our scheme achieves improved security properties and higher efficiency. Full article
Show Figures

Figure 1

18 pages, 1358 KiB  
Article
A Model of Threats to the Confidentiality of Information Processed in Cyberspace Based on the Information Flows Model
by Egoshin N. S., Konev A. A. and Shelupanov A. A.
Symmetry 2020, 12(11), 1840; https://doi.org/10.3390/sym12111840 - 6 Nov 2020
Cited by 7 | Viewed by 2833
Abstract
This article covers one of the fundamental problems of information security—building a threat model. The article discusses a new method for identifying typical threats to information confidentiality based on the information flow model. The threat model is based on the description of the [...] Read more.
This article covers one of the fundamental problems of information security—building a threat model. The article discusses a new method for identifying typical threats to information confidentiality based on the information flow model. The threat model is based on the description of the system. An incorrect description of the system leads to the formation of an incorrect threat model. A review of the subject area revealed several approaches used to describe the system in terms of circulating information flows. Each of these approaches has its own pros and cons. The model of information flows proposed in this work reduces the description of any information system to an eight-digit alphabet. Analysis of the structure of the elementary information flow identified four typical threats to confidentiality, the Cartesian product of a set of threats and a set of streams is a complete model of typical threats to the confidentiality of information processed in cyberspace. Full article
Show Figures

Figure 1

18 pages, 3964 KiB  
Article
Towards a Secure Signature Scheme Based on Multimodal Biometric Technology: Application for IOT Blockchain Network
by Oday A. Hassen, Ansam A. Abdulhussein, Saad M. Darwish, Zulaiha Ali Othman, Sabrina Tiun and Yasmin A. Lotfy
Symmetry 2020, 12(10), 1699; https://doi.org/10.3390/sym12101699 - 15 Oct 2020
Cited by 22 | Viewed by 3685
Abstract
Blockchain technology has been commonly used in the last years in numerous fields, such as transactions documenting and monitoring real assets (house, cash) or intangible assets (copyright, intellectual property). The internet of things (IoT) technology, on the other hand, has become the main [...] Read more.
Blockchain technology has been commonly used in the last years in numerous fields, such as transactions documenting and monitoring real assets (house, cash) or intangible assets (copyright, intellectual property). The internet of things (IoT) technology, on the other hand, has become the main driver of the fourth industrial revolution, and is currently utilized in diverse fields of industry. New approaches have been established through improving the authentication methods in the blockchain to address the constraints of scalability and protection in IoT operating environments of distributed blockchain technology by control of a private key. However, these authentication mechanisms do not consider security when applying IoT to the network, as the nature of IoT communication with numerous entities all the time in various locations increases security risks resulting in extreme asset damage. This posed many difficulties in finding harmony between security and scalability. To address this gap, the work suggested in this paper adapts multimodal biometrics to strengthen network security by extracting a private key with high entropy. Additionally, via a whitelist, the suggested scheme evaluates the security score for the IoT system with a blockchain smart contract to guarantee that highly secured applications authenticate easily and restrict compromised devices. Experimental results indicate that our system is existentially unforgeable to an efficient message attack, and therefore, decreases the expansion of infected devices to the network by up to 49 percent relative to traditional schemes. Full article
Show Figures

Figure 1

25 pages, 396 KiB  
Article
Mitigation of Privacy Threats due to Encrypted Traffic Analysis through a Policy-Based Framework and MUD Profiles
by Gianmarco Baldini, José L. Hernandez-Ramos, Slawomir Nowak, Ricardo Neisse and Mateusz Nowak
Symmetry 2020, 12(9), 1576; https://doi.org/10.3390/sym12091576 - 22 Sep 2020
Cited by 6 | Viewed by 3573
Abstract
It has been proven in research literature that the analysis of encrypted traffic with statistical analysis and machine learning can reveal the type of activities performed by a user accessing the network, thus leading to privacy risks. In particular, different types of traffic [...] Read more.
It has been proven in research literature that the analysis of encrypted traffic with statistical analysis and machine learning can reveal the type of activities performed by a user accessing the network, thus leading to privacy risks. In particular, different types of traffic (e.g., skype, web access) can be identified by extracting time based features and using them in a classifier. Such privacy attacks are asymmetric because a limited amount of resources (e.g., machine learning algorithms) can extract information from encrypted traffic generated by cryptographic systems implemented with a significant amount of resources. To mitigate privacy risks, studies in research literature have proposed a number of techniques, but in most cases only a single technique is applied, which can lead to limited effectiveness. This paper proposes a mitigation approach for privacy risks related to the analysis of encrypted traffic which is based on the integration of three main components: (1) A machine learning component which proactively analyzes the encrypted traffic in the network to identify potential privacy threats and evaluate the effectiveness of various mitigation techniques (e.g., obfuscation), (2) a policy based component where policies are used to enforce privacy mitigation solutions in the network and (3) a network node profile component based on the Manufacturer Usage Description (MUD) standard to enable changes in the network nodes in the cases where the first two components are not effective in mitigating the privacy risks. This paper describes the different components and how they interact in a potential deployment scenario. The approach is evaluated on the public dataset ISCXVPN2016 and the results show that the privacy threat can be mitigated significantly by removing completely the identification of specific types of traffic or by decreasing the probability of their identification as in the case of VOIP by 50%, Chat by 40% and Browsing by 33%, thus reducing significantly the privacy risk. Full article
Show Figures

Figure 1

14 pages, 341 KiB  
Article
Automatic Repair of Semantic Defects Using Restraint Mechanisms
by Yukun Dong, Li Zhang, Shanchen Pang, Wenjing Yin, Mengying Wu, Meng Wu and Haojie Li
Symmetry 2020, 12(9), 1563; https://doi.org/10.3390/sym12091563 - 22 Sep 2020
Cited by 2 | Viewed by 2615
Abstract
Recently, software, especially CPS and Internet of Things (IoT), increasingly have high requirements for quality, while program defects exist inevitably duo to the high complexity. Program defect repair faces serious challenges in that such repairs require considerable manpower, and the existing automatic repair [...] Read more.
Recently, software, especially CPS and Internet of Things (IoT), increasingly have high requirements for quality, while program defects exist inevitably duo to the high complexity. Program defect repair faces serious challenges in that such repairs require considerable manpower, and the existing automatic repair approaches have difficulty generating correct patches efficiently. This paper proposes an automatic method for repairing semantic defects in Java programs based on restricted sets which refer to the interval domains of related variables that can trigger program semantic defects. Our work introduces a repair mechanism symmetrically combining defect patterns and repair templates. First, the program semantic defects are summarized into defect patterns according to their grammar and semantic features. A repair template for each type of defect pattern is predefined based on a restricted-set. Then, for each specific defect, a patch statement is automatically synthesized according to the repair template, and the detected defect information is reported by the static detection tool (DTSJava). Next, the patch location is determined by the def-use chain of defect-related variables. Finally, we evaluate the patches generated by our method using DTSJava. We implemented the method in the defect automatic repair prototype tool DTSFix to verify the effect of repairing the semantic defects detected by DTSJava in 6 Java open-source projects. The experimental results showed that 109 of 129 program semantic defects were repaired. Full article
Show Figures

Figure 1

16 pages, 336 KiB  
Article
Towards a Formal IoT Security Model
by Tania Martin, Dimitrios Geneiatakis, Ioannis Kounelis, Stéphanie Kerckhof and Igor Nai Fovino
Symmetry 2020, 12(8), 1305; https://doi.org/10.3390/sym12081305 - 5 Aug 2020
Cited by 12 | Viewed by 2932
Abstract
The heterogeneity of Internet of Things (IoT) systems has so far prevented the definition of adequate standards, hence making it difficult to compare meaningfully the security degree of diverse architectural choices. This task can be nonetheless achieved with formal methodologies. However, the dedicated [...] Read more.
The heterogeneity of Internet of Things (IoT) systems has so far prevented the definition of adequate standards, hence making it difficult to compare meaningfully the security degree of diverse architectural choices. This task can be nonetheless achieved with formal methodologies. However, the dedicated IoT literature shows no evidence of a universal model allowing the security evaluation of any arbitrary system. Based on these considerations, we propose a new model that aims at being global and all-encompassing. Our model can be used to fairly analyse the security level of different IoT systems and compare them in a significant way. It is designed to be adaptive with realistic definitions of the adversary’s (1) actions of interacting with IoT systems; (2) capabilities of accessing the data generated by and exchanged in IoT systems with established rules; and (3) objectives of attacking IoT systems according to the four recognised security properties of confidentiality, integrity, availability and soundness. Such a design enables the straightforward characterization of new adversaries. It further helps in providing a fine-grained security evaluation of IoT systems by either accurately describing attacks against the analysed systems or formally proving their guaranteed level of security. Full article
Show Figures

Figure 1

21 pages, 1222 KiB  
Article
Two Anatomists Are Better than One—Dual-Level Android Malware Detection
by Vasileios Kouliaridis, Georgios Kambourakis, Dimitris Geneiatakis and Nektaria Potha
Symmetry 2020, 12(7), 1128; https://doi.org/10.3390/sym12071128 - 7 Jul 2020
Cited by 34 | Viewed by 4073
Abstract
The openness of the Android operating system and its immense penetration into the market makes it a hot target for malware writers. This work introduces Androtomist, a novel tool capable of symmetrically applying static and dynamic analysis of applications on the Android platform. [...] Read more.
The openness of the Android operating system and its immense penetration into the market makes it a hot target for malware writers. This work introduces Androtomist, a novel tool capable of symmetrically applying static and dynamic analysis of applications on the Android platform. Unlike similar hybrid solutions, Androtomist capitalizes on a wealth of features stemming from static analysis along with rigorous dynamic instrumentation to dissect applications and decide if they are benign or not. The focus is on anomaly detection using machine learning, but the system is able to autonomously conduct signature-based detection as well. Furthermore, Androtomist is publicly available as open source software and can be straightforwardly installed as a web application. The application itself is dual mode, that is, fully automated for the novice user and configurable for the expert one. As a proof-of-concept, we meticulously assess the detection accuracy of Androtomist against three different popular malware datasets and a handful of machine learning classifiers. We particularly concentrate on the classification performance achieved when the results of static analysis are combined with dynamic instrumentation vis-à-vis static analysis only. Our study also introduces an ensemble approach by averaging the output of all base classification models per malware instance separately, and provides a deeper insight on the most influencing features regarding the classification process. Depending on the employed dataset, for hybrid analysis, we report notably promising to excellent results in terms of the accuracy, F1, and AUC metrics. Full article
Show Figures

Figure 1

18 pages, 911 KiB  
Article
AACS: Attribute-Based Access Control Mechanism for Smart Locks
by Zhenghao Xin, Liang Liu and Gerhard Hancke
Symmetry 2020, 12(6), 1050; https://doi.org/10.3390/sym12061050 - 23 Jun 2020
Cited by 8 | Viewed by 5290
Abstract
This article researched the security and application of smart locks in Internet of Things environments in the domain of computer and engineer science and symmetry. Smart locks bring much convenience for users. However, most smart lock systems are cloud-based and it is problematic [...] Read more.
This article researched the security and application of smart locks in Internet of Things environments in the domain of computer and engineer science and symmetry. Smart locks bring much convenience for users. However, most smart lock systems are cloud-based and it is problematic managing and enforcing the permissions of an authorized device if the device is offline. Moreover, most smart lock systems lack fine-grained access control and cascading removal of permissions. In this paper, we leverage attribute-based access control mechanisms to manage the access of visitors with different identities. We use identity-based encryption to verify the identity of the visitor. In our proposed system, the administrator uses the policy set in the smart lock to implement access control on the device side, which reduces the dependence of access control on the server. We set attributes such as role, time, date, and location to have fine-grained control over access to different permissions and roles that might appear in the house. And the scheme provides the cascading delete function while providing the group access function. Our solution considers multiple roles in the home as well as hierarchical management issues, and improves the applicability of the smart lock system in complex residential and commercial situations. In the experimental section, we show that our system can be applied to premises with many different inhabitant identities. Full article
Show Figures

Figure 1

Review

Jump to: Research

37 pages, 2158 KiB  
Review
Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review
by Chanapha Butpheng, Kuo-Hui Yeh and Hu Xiong
Symmetry 2020, 12(7), 1191; https://doi.org/10.3390/sym12071191 - 17 Jul 2020
Cited by 146 | Viewed by 22843
Abstract
When the Internet and other interconnected networks are used in a health system, it is referred to as “e-Health.” In this paper, we examined research studies from 2017–2020 to explore the utilization of intelligent techniques in health and its evolution over time, particularly [...] Read more.
When the Internet and other interconnected networks are used in a health system, it is referred to as “e-Health.” In this paper, we examined research studies from 2017–2020 to explore the utilization of intelligent techniques in health and its evolution over time, particularly the integration of Internet of Things (IoT) devices and cloud computing. E-Health is defined as “the ability to seek, find, understand and appraise health information derived from electronic sources and acquired knowledge to properly solve or treat health problems. As a repository for health information as well as e-Health analysis, the Internet has the potential to protect consumers from harm and empower them to participate fully in informed health-related decision-making. Most importantly, high levels of e-Health integration mitigate the risk of encountering unreliable information on the Internet. Various research perspectives related to security and privacy within IoT-cloud-based e-Health systems are examined, with an emphasis on the opportunities, benefits and challenges of the implementation such systems. The combination of IoT-based e-Health systems integrated with intelligent systems such as cloud computing that provide smart objectives and applications is a promising future trend. Full article
Show Figures

Figure 1

Back to TopTop