Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
6.8
3.9
Journals
Sensors
Special Issues
Security and Privacy in the Internet of Things (IoT)
sensors-logo
Submit to Sensors Review for Sensors Propose a Special Issue

Journal Menu

Journal Menu

Journal Browser

Journal Browser
share announcement

Security and Privacy in the Internet of Things (IoT)

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Internet of Things".

Deadline for manuscript submissions: closed (14 July 2022) | Viewed by 35576

Special Issue Editors

Dr. Jun Zhao

E-Mail Website
Guest Editor
School of Computer Science and Engineering, Nanyang Technological University, Singapore 639798, Singapore
Interests: communications; networks; AI and data science; security and privacy
Special Issues, Collections and Topics in MDPI journals
Dr. Feng Li

E-Mail Website
Guest Editor
School of Information and Electronic Engineering, Zhejiang Gongshang University, Hangzhou 310018, China
Interests: Internet of Things; satellite communications
Dr. Zeeshan Kaleem

E-Mail Website
Guest Editor
Electrical and Computer Engineering Department, COMSATS University Islamabad, Wah Campus, Rawalpindi, Punjab 47050, Pakistan
Interests: IoT; D2D communications; UAV communications; physical layer security
Special Issues, Collections and Topics in MDPI journals
Dr. Quoc-Viet PHAM

E-Mail Website
Guest Editor
Research Institute of Computer, Information, and Communication, Pusan National University, Busan 46241, Korea
Interests: network optimization; edge computing; resource allocation; wireless AI
Dr. Huimei Han

E-Mail Website
Guest Editor
College of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China
Interests: MIMO communication
Special Issues, Collections and Topics in MDPI journals
Dr. Helin Yang

E-Mail Website
Guest Editor
School of Electrical and Electronic Engineering, Nanyang Technological University (NTU), Singapore, Singapore
Interests: 5G/6G; wireless communications; machine learning

Special Issue Information

Dear Colleagues,

The Internet of Things (IoT) is growing at a rapid pace and transforming daily lives. IoT connects physical devices such as mobile phones, smart watches, sensors, actuators, and thermostats, and enables these devices to collect and exchange data. Technology firms predict that the number of IoT devices will hit over dozens of billions in 2025. IoT poses security and privacy challenges with ubiquitous connectivity and ultimate functionality. The following presents security and privacy issues in IoT respectively. For IoT security, the threats are not only spread in the cyberspace, but also extend to the physical world. Both the cyberspace and the physical world need to be protected to improve the end-to-end security of IoT devices. Addressing IoT security has unique challenges due to (1) the heterogeneity among devices and service providers, and (2) the massive-scale, geographically distributed data in IoT applications. For privacy, IoT devices may collect sensitive information about users or organizations. With the enforcement of privacy laws such as the General Data Protection Regulation (GDPR) is in the European Union (EU), privacy protection has received much attention. Recent techniques such as differential privacy and federated learning aim to protect privacy in various ways. How these techniques can be applied in the IoT context is of great research interest and practical significance.

This Special Issue focuses on the following topics but not limited to:

  • Secure communication protocols for the IoT
  • Threat modelling in the IoT
  • Secure architectures for the IoT
  • Trust models for the IoT
  • Device attestation for the IoT
  • Vulnerability analysis in the IoT
  • Risk assessment in the IoT
  • Intrusion detection for the IoT
  • Forensics in the IoT
  • Privacy enhancing techniques for the IoT
  • Anonymization techniques the IoT
  • Access control in the IoT
  • Federated learning in the IoT

Dr. Jun Zhao
Dr. Feng Li
Dr. Zeeshan Kaleem
Dr. Quoc-Viet PHAM
Dr. Huimei Han
Dr. Helin Yang
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • security
  • privacy
  • Internet of things (IoT)
  • threat modeling
  • anonymization
  • access control

Published Papers (8 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review, Other

41 pages, 1198 KiB  
Article
Let the Cat out of the Bag: Popular Android IoT Apps under Security Scrutiny
by Efstratios Chatzoglou, Georgios Kambourakis and Christos Smiliotopoulos
Sensors 2022, 22(2), 513; https://doi.org/10.3390/s22020513 - 10 Jan 2022
Cited by 9 | Viewed by 3892
Abstract
The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, [...] Read more.
The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly magnify the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyse each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

24 pages, 805 KiB  
Article
Provisioning, Authentication and Secure Communications for IoT Devices on FIWARE
by Patrícia R. Sousa, Luís Magalhães, João S. Resende, Rolando Martins and Luís Antunes
Sensors 2021, 21(17), 5898; https://doi.org/10.3390/s21175898 - 02 Sep 2021
Cited by 4 | Viewed by 3421
Abstract
The increasing pervasiveness of the Internet of Things is resulting in a steady increase of cyberattacks in all of its facets. One of the most predominant attack vectors is related to its identity management, as it grants the ability to impersonate and circumvent [...] Read more.
The increasing pervasiveness of the Internet of Things is resulting in a steady increase of cyberattacks in all of its facets. One of the most predominant attack vectors is related to its identity management, as it grants the ability to impersonate and circumvent current trust mechanisms. Given that identity is paramount to every security mechanism, such as authentication and access control, any vulnerable identity management mechanism undermines any attempt to build secure systems. While digital certificates are one of the most prevalent ways to establish identity and perform authentication, their provision at scale remains open. This provisioning process is usually an arduous task that encompasses device configuration, including identity and key provisioning. Human configuration errors are often the source of many security and privacy issues, so this task should be semi-autonomous to minimize erroneous configurations during this process. In this paper, we propose an identity management (IdM) and authentication method called YubiAuthIoT. The overall provisioning has an average runtime of 1137.8 ms ±65.11+δ. We integrate this method with the FIWARE platform, as a way to provision and authenticate IoT devices. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

22 pages, 2572 KiB  
Article
The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices
by Abdullah Al-Boghdady, Khaled Wassif and Mohammad El-Ramly
Sensors 2021, 21(7), 2329; https://doi.org/10.3390/s21072329 - 26 Mar 2021
Cited by 15 | Viewed by 4941
Abstract
Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report [...] Read more.
Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report the results of our investigations of the security status and the presence of security vulnerabilities in the source code of the most popular open source IoT OSs. Through this research, three Static Analysis Tools (Cppcheck, Flawfinder and RATS) were used to examine the code of sixteen different releases of four different C/C++ IoT OSs, with 48 examinations, regarding the presence of vulnerabilities from the Common Weakness Enumeration (CWE). The examination reveals that IoT OS code still suffers from errors that lead to security vulnerabilities and increase the opportunity of security breaches. The total number of errors in IoT OSs is increasing from version to the next, while error density, i.e., errors per 1K of physical Source Lines of Code (SLOC) is decreasing chronologically for all IoT Oss, with few exceptions. The most prevalent vulnerabilities in IoT OS source code were CWE-561, CWE-398 and CWE-563 according to Cppcheck, (CWE-119!/CWE-120), CWE-120 and CWE-126 according to Flawfinder, and CWE-119, CWE-120 and CWE-134 according to RATS. Additionally, the CodeScene tool was used to investigate the development of the evolutionary properties of IoT OSs and the relationship between them and the presence of IoT OS vulnerabilities. CodeScene reveals strong positive correlation between the total number of security errors within IoT OSs and SLOC, as well as strong negative correlation between the total number of security errors and Code Health. CodeScene also indicates strong positive correlation between security error density (errors per 1K SLOC) and the presence of hotspots (frequency of code changes and code complexity), as well as strong negative correlation between security error density and the Qualitative Team Experience, which is a measure of the experience of the IoT OS developers. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

17 pages, 3658 KiB  
Article
Utilising Flow Aggregation to Classify Benign Imitating Attacks
by Hanan Hindy, Robert Atkinson, Christos Tachtatzis, Ethan Bayne, Miroslav Bures and Xavier Bellekens
Sensors 2021, 21(5), 1761; https://doi.org/10.3390/s21051761 - 04 Mar 2021
Cited by 2 | Viewed by 2611
Abstract
Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend [...] Read more.
Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend against these attacks. In many applications, the choice of features is more important than the choice of model. A range of studies have, with varying degrees of success, attempted to discriminate between benign traffic and well-known cyber-attacks. The features used in these studies are broadly similar and have demonstrated their effectiveness in situations where cyber-attacks do not imitate benign behaviour. To overcome this barrier, in this manuscript, we introduce new features based on a higher level of abstraction of network traffic. Specifically, we perform flow aggregation by grouping flows with similarities. This additional level of feature abstraction benefits from cumulative information, thus qualifying the models to classify cyber-attacks that mimic benign traffic. The performance of the new features is evaluated using the benchmark CICIDS2017 dataset, and the results demonstrate their validity and effectiveness. This novel proposal will improve the detection accuracy of cyber-attacks and also build towards a new direction of feature extraction for complex ones. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

25 pages, 7804 KiB  
Article
Epidemic Analysis of Wireless Rechargeable Sensor Networks Based on an Attack–Defense Game Model
by Guiyun Liu, Baihao Peng and Xiaojing Zhong
Sensors 2021, 21(2), 594; https://doi.org/10.3390/s21020594 - 15 Jan 2021
Cited by 17 | Viewed by 2559
Abstract
Energy constraint hinders the popularization and development of wireless sensor networks (WSNs). As an emerging technology equipped with rechargeable batteries, wireless rechargeable sensor networks (WRSNs) are being widely accepted and recognized. In this paper, we research the security issues in WRSNs which need [...] Read more.
Energy constraint hinders the popularization and development of wireless sensor networks (WSNs). As an emerging technology equipped with rechargeable batteries, wireless rechargeable sensor networks (WRSNs) are being widely accepted and recognized. In this paper, we research the security issues in WRSNs which need to be addressed urgently. After considering the charging process, the activating anti-malware program process, and the launching malicious attack process in the modeling, the susceptible–infected–anti-malware–low-energy–susceptible (SIALS) model is proposed. Through the method of epidemic dynamics, this paper analyzes the local and global stabilities of the SIALS model. Besides, this paper introduces a five-tuple attack–defense game model to further study the dynamic relationship between malware and WRSNs. By introducing a cost function and constructing a Hamiltonian function, the optimal strategies for malware and WRSNs are obtained based on the Pontryagin Maximum Principle. Furthermore, the simulation results show the validation of the proposed theories and reveal the influence of parameters on the infection. In detail, the Forward–Backward Sweep method is applied to solve the issues of convergence of co-state variables at terminal moment. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

14 pages, 1267 KiB  
Article
A Secure IoT-Based Authentication System in Cloud Computing Environment
by Hsiao-Ling Wu, Chin-Chen Chang, Yao-Zhu Zheng, Long-Sheng Chen and Chih-Cheng Chen
Sensors 2020, 20(19), 5604; https://doi.org/10.3390/s20195604 - 30 Sep 2020
Cited by 15 | Viewed by 2593
Abstract
The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et [...] Read more.
The Internet of Things (IoT) is currently the most popular field in communication and information techniques. However, designing a secure and reliable authentication scheme for IoT-based architectures is still a challenge. In 2019, Zhou et al. showed that schemes pro-posed by Amin et al. and Maitra et al. are vulnerable to off-line guessing attacks, user tracking attacks, etc. On this basis, a lightweight authentication scheme based on IoT is proposed, and an authentication scheme based on IoT is proposed, which can resist various types of attacks and realize key security features such as user audit, mutual authentication, and session security. However, we found weaknesses in the scheme upon evaluation. Hence, we proposed an enhanced scheme based on their mechanism, thus achieving the security requirements and resisting well-known attacks. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Review

Jump to: Research, Other

34 pages, 1290 KiB  
Review
Machine Learning for Authentication and Authorization in IoT: Taxonomy, Challenges and Future Research Direction
by Kazi Istiaque Ahmed, Mohammad Tahir, Mohamed Hadi Habaebi, Sian Lun Lau and Abdul Ahad
Sensors 2021, 21(15), 5122; https://doi.org/10.3390/s21155122 - 28 Jul 2021
Cited by 36 | Viewed by 7461
Abstract
With the ongoing efforts for widespread Internet of Things (IoT) adoption, one of the key factors hindering the wide acceptance of IoT is security. Securing IoT networks such as the electric power grid or water supply systems has emerged as a major national [...] Read more.
With the ongoing efforts for widespread Internet of Things (IoT) adoption, one of the key factors hindering the wide acceptance of IoT is security. Securing IoT networks such as the electric power grid or water supply systems has emerged as a major national and global priority. To address the security issue of IoT, several studies are being carried out that involve the use of, but are not limited to, blockchain, artificial intelligence, and edge/fog computing. Authentication and authorization are crucial aspects of the CIA triad to protect the network from malicious parties. However, existing authorization and authentication schemes are not sufficient for handling security, due to the scale of the IoT networks and the resource-constrained nature of devices. In order to overcome challenges due to various constraints of IoT networks, there is a significant interest in using machine learning techniques to assist in the authentication and authorization process for IoT. In this paper, recent advances in authentication and authorization techniques for IoT networks are reviewed. Based on the review, we present a taxonomy of authentication and authorization schemes in IoT focusing on machine learning-based schemes. Using the presented taxonomy, a thorough analysis is provided of the authentication and authorization (AA) security threats and challenges for IoT. Furthermore, various criteria to achieve a high degree of AA resiliency in IoT implementations to enhance IoT security are evaluated. Lastly, a detailed discussion on open issues, challenges, and future research directions is presented for enabling secure communication among IoT nodes. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Other

Jump to: Research, Review

38 pages, 4317 KiB  
Systematic Review
Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework
by Thulfiqar Jabar and Manmeet Mahinderjit Singh
Sensors 2022, 22(13), 4662; https://doi.org/10.3390/s22134662 - 21 Jun 2022
Cited by 14 | Viewed by 4430
Abstract
During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, [...] Read more.
During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation. Full article
(This article belongs to the Special Issue Security and Privacy in the Internet of Things (IoT))
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-8
Back to TopTop