Wu Bo,Li Qi,Xu Ke,Li Ruoyu,Liu Zhuotao

DOI: https://doi.org/10.1109/MASS.2018.00053

2018-01-01

Abstract:Internet of Things (IoT) has already been in the period of rapid development and widespread deployment, while it is still vulnerable to various malicious attacks. Security detection before system installation is not enough to ensure that IoT devices are always secure, because newly emerging vulnerabilities can still be exploited to launch attacks. To address this issue, retrospective detection is often required to trace the security status of IoT systems. Unfortunately, existing centralized detection mechanisms cannot easily provide a comprehensive security analysis. In particular, consumers cannot automatically receive security notification whenever a new vulnerability is uncovered. In this paper, we propose a novel blockchain-powered incentive platform, called SmartRetro, that can incentivize and attract more distributed detectors to participate in retrospective vulnerability detection and contribute their detection results. Leveraging smart contracts, consumers in SmartRetro receive automatic security feedback about their installed IoT systems. We perform the security and theoretical analysis to demonstrate that SmartRetro achieves our desirable security goals. We further implement SmartRetro prototype on Ethereum to evaluate its performance. Our experimental results show SmartRetro is technically feasible and economically beneficial.

Bo Wu,Ke Xu,Qi Li,Zhuotao Liu,Yih-Chun Hu,Zhichao Zhang,Xinle Du,Bingyang Liu,Shoushou Ren

DOI: https://doi.org/10.1109/ICDCS.2019.00113

2019-01-01

Abstract:Internet of Things (IoT) devices achieve the rapid development and have been widely deployed recently. Meanwhile, inherent vulnerabilities of IoT systems (including firmware and software) have been continually uncovered and thus the systems are always exposed to various attacks. The root cause of the issue is that IoT systems always have design flaws and implementation bugs. In particular, the released systems (e.g., by third-party marketplaces and IoT vendors) may be maliciously repackaged with malware. Unfortunately, IoT consumers are not able to effectively capture such vulnerabilities because of the limited detection capabilities. In this paper, we propose SmartCrowd, a blockchain-based platform that aims to outsource security detection of IoT systems to distributed detectors with strong detection incentives. SmartCrowd enables built-in accountability for IoT providers and authoritative references of detection results for IoT consumers. By building smart contracts, we can incentivize the efficient and high-coverage security detection of IoT systems, while providing decentralized and automated incentives for both IoT providers releasing secure IoT systems and detectors uncovering vulnerabilities. We present the security and theoretical analysis that demonstrates the security of SmartCrowd and the incentives for participators. We prototype SmartCrowd by using Ethereum and the experimental results show that SmartCrowd has both technical feasibility and financial benefits, which can be applied to build a secure IoT ecosystem.

Chenglong Fu,Qiang Zeng,Xiaojiang Du

DOI: https://doi.org/10.48550/arXiv.1912.00264

2019-12-01

Abstract:The booming Internet of Things (IoT) market has drawn tremendous interest from cyber attackers. The centralized cloud-based IoT service architecture has serious limitations in terms of security, availability, and scalability, and is subject to single points of failure (SPOF). Recently, accommodating IoT services on blockchains has become a trend for better security, privacy, and reliability. However, blockchain's shortcomings of high cost, low throughput, and long latency make it unsuitable for IoT applications. In this paper, we take a retrospection of existing blockchain-based IoT solutions and propose a framework for efficient blockchain and IoT integration. Following the framework, we design a novel blockchain-assisted decentralized IoT remote accessing system, RS-IoT, which has the advantage of defending IoT devices against zero-day attacks without relying on any trusted third-party. By introducing incentives and penalties enforced by smart contracts, our work enables "an economic approach" to thwarting the majority of attackers who aim to achieve monetary gains. Our work presents an example of how blockchain can be used to ensure the fairness of service trading in a decentralized environment and punish misbehaviors objectively. We show the security of RS-IoT via detailed security analyses. Finally, we demonstrate its scalability, efficiency, and usability through a proof-of-concept implementation on the Ethereum testnet blockchain.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Serin V. Simpson,Y. Ravi Raju,K. Bhanu Rajesh Naidu,Gopika Venu

DOI: https://doi.org/10.1007/s41870-023-01467-5

2023-09-13

International Journal of Information Technology

Abstract:This study presents SECURE TRUST, a novel blockchain-enabled trust and reputation system designed to address the growing security risks associated with the proliferation of IoT devices. By leveraging blockchain technology, our system effectively evaluates the reliability of nodes in IoT networks and mitigates harmful activities. Our approach employs smart contracts to facilitate collaborative detection and mitigation of malicious behavior among nodes. Furthermore, we integrate a trust and reputation system that assigns trust ratings to nodes based on their past interactions and behavior. Our system is compatible with various hardware platforms and utilizes open-source software components. Extensive testing demonstrates that our proposed approach reliably detects and reduces security risks caused by malicious nodes, offering robust protection against unwanted activities.

John Wickström,Magnus Westerlund,Göran Pulkkis

DOI: https://doi.org/10.48550/arXiv.2007.02652

2020-07-06

Cryptography and Security

Abstract:Proliferation of IoT devices in society demands a renewed focus on securing the use and maintenance of such systems. IoT-based systems will have a great impact on society and therefore such systems must have guaranteed resilience. We introduce cryptographic-based building blocks that strive to ensure that distributed IoT networks remain in a healthy condition throughout their lifecycle. Our presented solution utilizes deterministic and interlinked smart contracts on the Ethereum blockchain to enforce secured management and maintenance for hardened IoT devices. A key issue investigated is the protocol development for securing IoT device deployments and means for communicating securely with devices. By supporting values of openness, automation, and provenance, we can introduce novel means that reduce the threats of surveillance and theft, while also improving operator accountability and trust in IoT technology.

Harshit Shah,Dhruvil Shah,Nilesh Kumar Jadav,Rajesh Gupta,Sudeep Tanwar,Osama Alfarraj,Amr Tolba,Maria Simona Raboaca,Verdes Marina

DOI: https://doi.org/10.3390/math11020418

IF: 2.4

2023-01-13

Mathematics

Abstract:The Internet of Things (IoT) is a key enabler technology that recently received significant attention from the scientific community across the globe. It helps transform everyone's life by connecting physical and virtual devices with each other to offer staggering benefits, such as automation and control, higher productivity, real-time information access, and improved efficiency. However, IoT devices and their accumulated data are susceptible to various security threats and vulnerabilities, such as data integrity, denial-of-service, interception, and information disclosure attacks. In recent years, the IoT with blockchain technology has seen rapid growth, where smart contracts play an essential role in validating IoT data. However, these smart contracts can be vulnerable and degrade the performance of IoT applications. Hence, besides offering indispensable features to ease human lives, there is also a need to confront IoT environment security attacks, especially data integrity attacks. Toward this aim, this paper proposed an artificial intelligence-based system model with a dual objective. It first detects the malicious user trying to compromise the IoT environment using a binary classification problem. Further, blockchain technology is utilized to offer tamper-proof storage to store non-malicious IoT data. However, a malicious user can exploit the blockchain-based smart contract to deteriorate the performance IoT environment. For that, this paper utilizes deep learning algorithms to classify malicious and non-malicious smart contracts. The proposed system model offers an end-to-end security pipeline through which the IoT data are disseminated to the recipient. Lastly, the proposed system model is evaluated by considering different assessment measures that comprise the training accuracy, training loss, classification measures (precision, recall, and F1 score), and receiver operating characteristic (ROC) curve.

mathematics

Haoxiang Song,Zhe Tu,Yajuan Qin

DOI: https://doi.org/10.3390/s22218339

2022-10-30

Abstract:With the development of 5G and the Internet of things (IoT), the multi-domain access of massive devices brings serious data security and privacy issues. At the same time, most access systems lack the ability to identify network attacks and cannot adopt dynamic and timely defenses against various security threats. To this end, we propose a blockchain-based access control and behavior regulation system for IoT. Relying on the attribute-based access control model, this system deploys smart contracts on the blockchain to achieve distributed and fine-grained access control and ensures that the identity and authority of access users can be trusted. At the same time, an inter-domain communication mechanism is designed based on the locator/identifier separation protocol and ensures the traffic of access users are authorized. A feedback module that combines traffic detection and credit evaluation is proposed, ensuring real-time detection and fast, proactive responses against malicious behavior. Ultimately, all modules are linked together through workflows to form an integrated security model. Experiments and analysis show that the system can effectively provide comprehensive security protection in IoT scenarios.

Jie Yin,Yang Xiao,Qingqi Pei,Ying Ju,Lei Liu,Ming Xiao,Celimuge Wu

DOI: https://doi.org/10.1109/jiot.2022.3145089

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) applications have penetrated into all aspects of human life. Millions of IoT users and devices, online services, and applications combine to create a complex and heterogeneous network, which complicates the digital identity management. Distributed identity is a promising paradigm to solve IoT identity problems and allows users to have soverignty over their private data. However, the existing state-of-the-art methods are unsuitable for IoT due to continuing issues regarding resource limitations for IoT devices, security and privacy issues, and lack of a systematic proof system. Accordingly, in this article, we propose SmartDID, a novel blockchain-based distributed identity aimed at establishing a self-sovereign identity and providing strong privacy preservation. First, we configure IoT devices as light nodes and design a Sybil-resistant, unlinkable, and supervisable distributed identity that does not rely on central identity providers. We further develop a dual-credential model based on commitment and zero-knowledge proofs to protect the privacy of sensitive attributes, on-chain identity data, and linkage of credentials. Moreover, we combine the basic credential proofs to prove the knowledge of solutions to more complex problems and create a systematic proof system. We go on to provide the security analysis of SmartDID. Experimental analysis shows that our scheme achieves better performance in terms of both credential generation and proof generation when compared with CanDID.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaoheng Deng,Bin Chen,Xuechen Chen,Xinjun Pei,Shaohua Wan,Sotirios K. Goudos

DOI: https://doi.org/10.1109/tii.2023.3245681

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:The Internet of Things (IoT) mainly consists of a large number of Internet-connected devices. The proliferation of untrusted third-party IoT applications has led to an increase in IoT-based malware attacks. In addition, it is infeasible for the IoT devices to support the sophisticated detection systems due to the restricted resources. Edge computing is considered to be promising. It provides solutions to the data security and privacy leakage brought by untrusted third-party IoT applications. In this article, an intelligent trusted and secure edge computing (ITEC) system is proposed for IoT malware detection. In this system, a signature-based preidentification mechanism is built for matching and identifying the malicious behaviors of untrusted third-party IoT applications. A delay strategy is then embedded into the risk detection engine in order to “buy time” for threat analysis and rate-limit the impact of suspicious third-party IoT applications in the system. We conduct extensive experiments to verify the effectiveness of the ITEC system and show that we can achieve accuracies of up to 98.52%.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Wen Wen,Xiao Han

DOI: https://doi.org/10.1002/mde.4043

2024-01-26

Managerial and Decision Economics

Abstract:Internet of Things (IoT)–based financial systems leverage the capabilities of blockchain and artificial intelligence (AI) to enable seamless transactions and data exchange between devices. IoT‐based financial systems involve interconnected devices and services, such as payment terminals, wearables, and smart appliances, which collect, transmit, and process sensitive financial information. The study explores security methods incorporated in the financial systems designed using IoT and blockchain technologies to improve the background features. The study data were gathered from Complaint Data from the Consumer Financial Protection Bureau 2018–2022, and data‐based analysis is used in this study for detecting illegitimate interrupted transactions. Propensity Score Matching (PSM) is used for the robustness and endogeneity test; descriptive statistics is utilized in this study. Financial security systems are introduced to reduce the forging and breaching of intruders amid transactions. This study offers a novel contribution to the field of blockchain technology by furnishing a comprehensive analysis of the features of IoT‐based financial security systems from the perspective of the transaction, broadening the understanding of the feature focusing on financial security, and providing practical recommendations to address the features of IoT‐based financial security systems in blockchain technology. The study highlights how IoT devices can securely record and verify financial transactions by leveraging the blockchain's distributed ledger, preventing tampering or unauthorized access. The results of the study identify that the TS3 program relies on the transaction gaps between financial sessions, security requests between successive transactions, and sessions saved depending on the time delay. The study finds that sessions were analyzed for violations and fraud using information stored on the blockchain. The study suggests the design and building of devices and sensors in an IoT in financial security systems. Transparency should contribute to setting data privacy and safety problems in financial security systems.

economics,management

Song Guo,Minzhao Lyu,Hassan Habibi Gharakheili

2023-12-30

Abstract:With rising concerns about the security of IoT devices, network operators need better ways to handle potential risks. Luckily, IoT devices show consistent patterns in how they communicate. But despite previous efforts, it remains unclear how knowledge of these patterns can be made available. As data marketplaces become popular in different domains, this paper1 proposes creating a special marketplace focused on IoT cybersecurity. The goal is to openly share knowledge about IoT devices' behavior, using structured data formats like Manufacturer Usage Description (MUD) files. To make this work, we employ technologies like blockchain and smart contracts to build a practical and secure foundation for sharing and accessing important information about how IoT devices should behave on the network. Our contributions are two-fold. (1) We identify the essential features of an effective marketplace for sharing data related to the expected behaviors of IoT devices. We develop a smart contract on the Ethereum blockchain with five concrete functions; and, (2) We implement a prototype of our marketplace in a private chain environment-our codes are publicly released. We demonstrate how effectively our marketplace functions through experiments involving MUD files from consumer IoT devices. Our marketplace enables suppliers and consumers to share MUD data on the Ethereum blockchain for under a hundred dollars, promoting accessibility and participation.

Cryptography and Security,Databases

Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

DOI: https://doi.org/10.48550/arXiv.1811.03241

2019-06-26

Abstract:A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and blackbox testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.

Cryptography and Security,Networking and Internet Architecture

Shaobin Xie,Boyang Cai,Quanyi Liang

DOI: https://doi.org/10.1109/ICPECA56706.2023.10076248

2023-01-29

Abstract:This paper analyzes the security requirements of smart home IoT system, and constructs its intrusion detection system environment on RISC-V. By simulating the attack behavior, the key nodes of the Internet of Things are tested for intrusion detection and warning. The test results show that the deployment of intrusion detection system in smart home IoT can effectively improve its security.

Engineering,Computer Science

Dongfang Jia,Zhicong Liu,Zhengqi Zhang,Jun Ye

DOI: https://doi.org/10.1007/978-981-16-7469-3_108

2022-01-01

Abstract:In recent years, the second-generation blockchain platforms and applications represented by smart contracts have seen explosive growth, but frequent smart contract vulnerability incidents have seriously threatened the ecological security of blockchain. In view of the low efficiency of code audit based on expert experience, it is important to develop a general automation tool to mine smart contract vulnerabilities. In the beginning, the security threats of smart contracts should be investigated and analyzed, and many smart contract vulnerabilities and attack modes that occur frequently, such as code reentrant, access control, integer overflow, etc., were summarized. Then, the technology method of smart contract vulnerability detection conforming to The Times is obtained, and the current samples of smart contract vulnerability detection are summarized. The current investigation includes too few types of vulnerabilities, with a variety of inaccuracies and deviations. It is only carried out through manual audit. Through these methods, according to the state of including after put forward the general ideas of this kind of situation, and puts forward a kind of symbolic execution auxiliary fuzzy test framework, can reduce the symbolic execution channel congestion and fuzzy test code coverage degree is too little, so as to improve test efficiency, easy to dig holes of large and medium-sized intelligent contracts quality improvement.

Nikos Fotiou,Iakovos Pittaras,Vasilios A. Siris,Spyros Voulgaris,George C. Polyzos

DOI: https://doi.org/10.48550/arXiv.1907.03904

2019-07-09

Abstract:Blockchains and smart contracts are an emerging, promising technology, that has received considerable attention. We use the blockchain technology, and in particular Ethereum, to implement a large-scale event-based Internet of Things (IoT) control system. We argue that the distributed nature of the "ledger," as well as, Ethereum's capability of parallel execution of replicated "smart contracts", provide the sought after automation, generality, flexibility, resilience, and high availability. We design a realistic blockchain-based IoT architecture, using existing technologies while by taking into consideration the characteristics and limitations of IoT devices and applications. Furthermore, we leverage blockchain's immutability and Ethereum's support for custom tokens to build a robust and efficient token-based access control mechanism. Our evaluation shows that our solution is viable and offers significant security and usability advantages.

Cryptography and Security

Jing Li,Tingting Liu,Dusit Niyato,Ping Wang,Jun Li,Zhu Han

DOI: https://doi.org/10.1109/jiot.2021.3049227

IF: 10.6

2021-06-15

IEEE Internet of Things Journal

Abstract:A sharded blockchain with the Proof-of-Stake (PoS) consensus protocol has advantages in increasing throughput and reducing energy consumption, enabling the resource-limited participants to manage transactions and in a decentralized way and obtain rewards at a lower cost, e.g., Internet-of-Things (IoT) users. However, the latest PoS (e.g., Casper) requires a steep security deposit, which is the key to provide more robust security guarantees than Proof of Work, but not practical for the owners of heterogeneous IoT devices. This article considers any individual and institute who owns the IoT devices as the potential participant and focuses on designing the proper security deposits in a practical scenario with hidden information and hidden action. To bridge blockchain and the IoT users, we study the problem of balancing the security incentive and the economic incentive under two cases: 1) stake oriented and 2) effort oriented. We propose two joint models under the contract theory framework to efficiently address the problems: 1) joint adverse selection and moral hazard and 2) joint adverse selection and tournament. Both optimal contracts can provide a maximized profit for blockchain. The optimal rewards and security deposits for different types of participants can be determined accordingly. Simulations indicate that the proposed models can overcome asymmetric information and offer feasible contracts. Moreover, it demonstrates that both joint models can provide an economic incentive for the participants without reducing security incentives for the sharded blockchain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Aswani Aguru,Suresh Erukala

DOI: https://doi.org/10.1145/3664287

IF: 5.3

2024-07-15

ACM Transactions on Internet Technology

Abstract:The Internet of Things (IoT) refers to a complex network comprising interconnected devices that transmit their data via the Internet. Due to their open environment, limited computation power, and absence of built-in security, IoT environments are susceptible to various cyberattacks. Denial of service (DDoS) attacks are among the most destructive types of threats. The Multi-vector DDoS attack is a contemporary and formidable form of DDoS wherein the attacker employs a collection of compromised IoT devices as zombies to initiate numerous DDoS attacks against a target server. A Blockchain-based Operational Threat Intelligence framework, OTI-IoT, is proposed in this article to counter multi-vector DDoS attacks in IoT networks. A “Prevent-then-Detect” methodology was utilized to deploy the OTI-IoT framework in two distinct stages. During Phase 1, the consortium Blockchain network validators employ the IPS module, composed of a smart contract for attack prevention and access control, and Proof of Voting consensus, to thwart attacks. Validators are outfitted with deep learning-based IDS instances to detect multi-vector DDoS attacks during Phase 2. Alert messages are generated by the IDS module’s alert generation and propagation smart contract in response to identifying malicious IoT sources. The feedback loop from the IDS module to the IPS module prevents incoming traffic from malicious sources. The proposed OTI framework capabilities are realized as an outcome of combining and storing the outcomes of the IDS and IPS modules on the consortium Blockchain. Each validator maintains a shared ledger containing information regarding threat sources to ensure robust security, transparency, and integrity. The operational execution of OTI-IoT occurs on an individual Ethereum Blockchain. The empirical findings indicate that our proposed framework is most suitable for real-time applications due to its ability to lower attack detection time, decreased block validation time, and higher attack prevention rate.

computer science, information systems, software engineering

Yingli Zhang,Jiali Ma,Xin Liu,Guodong Ye,Qun Jin,Jianhua Ma,Qingguo Zhou

DOI: https://doi.org/10.1109/jiot.2023.3294496

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) has become a focus of information infrastructure development in recent years. The smart blockchain can provide various solutions for trust, security, and privacy (TSP) challenges to protect IoT data, and smart contracts are the foundation of blockchain intelligence, and greatly enhance the ability of smart blockchain to solve TSP problems. So the security of smart contracts must be addressed. We propose an efficient smart contract vulnerability detector to improve the safety of smart contracts. It comprises a graph extraction method and a complete vulnerability detection process. The graph extraction method consists of vulnerability pattern extraction and a graph generation process. The vulnerability detection process first uses the approximate graph matching algorithm to select representative SCGraphs from the dataset to build vulnerability SCGraph libraries. Secondly, determine whether the contract contains vulnerabilities by calculating the similarity between the SCGraphs generated from the contracts to be detected and the SCGraphs in the vulnerability library. Experiments show that our approach achieves an inspiring high detection rate and is the fastest among existing vulnerability detection tools, which indicates that it can provide good vulnerability detection for smart contracts.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ji-Sun Park,Taek-Young Youn,Hye-Bin Kim,Kyung-Hyune Rhee,Sang-Uk Shin

DOI: https://doi.org/10.3390/s18103577

2018-10-22

Abstract:Internet of Things (IoT)-based devices, especially those used for home automation, consist of their own sensors and generate many logs during a process. Enterprises producing IoT devices convert these log data into more useful data through secondary processing; thus, they require data from the device users. Recently, a platform for data sharing has been developed because the demand for IoT data increases. Several IoT data marketplaces are based on peer-to-peer (P2P) networks, and in this type of marketplace, it is difficult for an enterprise to trust a data owner or the data they want to trade. Therefore, in this study, we propose a review system that can confirm the reputation of a data owner or the data traded in the P2P data marketplace. The traditional server-client review systems have many drawbacks, such as security vulnerability or server administrator's malicious behavior. However, the review system developed in this study is based on Ethereum smart contracts; thus, this system is running on the P2P network and is more flexible for the network problem. Moreover, the integrity and immutability of the registered reviews are assured because of the blockchain public ledger. In addition, a certain amount of gas is essential for all functions to be processed by Ethereum transactions. Accordingly, we tested and analyzed the performance of our proposed model in terms of gas required.

DOI: https://doi.org/10.35940/ijrte.e6861.018520

2020-01-30

International Journal of Recent Technology and Engineering

Abstract:Internet of Things (IoT) that has been developed owing toward the merging of various technologies such as instantaneous analytics, machine learning, artificial neural network, product sensors and implanted systems, etc. It also stages a significant part in multiple applications which are a smart city, smart home, agricultural, health monitoring, tourism, transportation, communication, business, education, etc. The security concern associating IoT has to be situated in the direction to attract the research community due to its immensely growing application in our daily life. Since it is light-weight nature, the security mechanism needs changes apart from comprehensive web security. PKI based certificate driven techniques, which in some instances seem not appropriate on the way toward encounter IoT challenges, e.g., as real-time effectiveness, costs, and performance from the security perspective. However, Blockchain has mind-blowing potentials to peer with the IoT aiming to build trust, transparency, and security. Its distinct properties, such as distributed behavior, immutability, and consensus mechanism, can stimulate and improve the rapidly growing IoT system through meaningful integration. We propose to address a practical smart home use case scenario using Ethereum Blockchain to improve IoT security. Public type and smart contract oriented Ethereum Blockchain are adaptable to enhance IoT security remains individual of the contributions that we claim throughout this research work.