Daniele Canavese,Luca Mannella,Leonardo Regano,Cataldo Basile

DOI: https://doi.org/10.3390/s24020590

IF: 3.9

2024-01-18

Sensors

Abstract:The Internet of Things (IoT) is rapidly growing, with an estimated 14.4 billion active endpoints in 2022 and a forecast of approximately 30 billion connected devices by 2027. This proliferation of IoT devices has come with significant security challenges, including intrinsic security vulnerabilities, limited computing power, and the absence of timely security updates. Attacks leveraging such shortcomings could lead to severe consequences, including data breaches and potential disruptions to critical infrastructures. In response to these challenges, this research paper presents the IoT Proxy, a modular component designed to create a more resilient and secure IoT environment, especially in resource-limited scenarios. The core idea behind the IoT Proxy is to externalize security-related aspects of IoT devices by channeling their traffic through a secure network gateway equipped with different Virtual Network Security Functions (VNSFs). Our solution includes a Virtual Private Network (VPN) terminator and an Intrusion Prevention System (IPS) that uses a machine learning-based technique called oblivious authentication to identify connected devices. The IoT Proxy's modular, scalable, and externalized security approach creates a more resilient and secure IoT environment, especially for resource-limited IoT devices. The promising experimental results from laboratory testing demonstrate the suitability of IoT Proxy to secure real-world IoT ecosystems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiruo Liu,Meiyuan Zhao,Sugang Li,Feixiong Zhang,Wade Trappe

DOI: https://doi.org/10.3390/fi9030027

2017-06-28

Future Internet

Abstract:The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the collected information will be exposed to a wide and often unknown audience. Unfortunately, due to the intrinsic capability limits of low-end IoT devices, which account for a majority of the IoT end hosts, many traditional security methods cannot be applied to secure IoT systems, which open a door for attacks and exploits directed both against IoT services and the broader Internet. This paper addresses this issue by introducing a unified IoT framework based on the MobilityFirst future Internet architecture that explicitly focuses on supporting security for the IoT. Our design integrates local IoT systems into the global Internet without losing usability, interoperability and security protection. Specifically, we introduced an IoT middleware layer that connects heterogeneous hardware in local IoT systems to the global MobilityFirst network. We propose an IoT name resolution service (IoT-NRS) as a core component of the middleware layer, and develop a lightweight keying protocol that establishes trust between an IoT device and the IoT-NRS.

Bharathi Shantha Loganathan,Sathya Priya Jaganathan

DOI: https://doi.org/10.1002/ett.5024

IF: 3.6

2024-07-30

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract The Internet of Things (IoT) plays a crucial role in enhancing technology by facilitating data transfer, storage, control, and management across networks. Secure communication within IoT environments remains a significant challenge. This research aims to enhance IoT security by integrating Message Queuing Telemetry Transport (MQTT) and MQTT‐Sensor Network (MQTT‐SN) protocols with the Dual Mutation‐Based Seagull Optimization Algorithm (DMBSOA). MQTT, known for its lightweight and dependable messaging, is widely used in the IoT community but is vulnerable to cyber‐attacks, particularly concerning privacy and authentication. DMBSOA, inspired by seagulls' foraging behavior, optimizes MQTT settings to enhance security, reliability, and performance. The proposed model dynamically adjusts key parameters such as transmission frequency, Quality of service (QoS) levels, and message size to improve energy consumption, throughput, end‐to‐end delay, and packet delivery ratio. A comprehensive system model is presented, comprising publisher, subscriber, and broker nodes, with security mechanisms integrated into the broker to ensure data integrity, authentication, and encryption. MQTT operates over Transmission Control Protocol/Internet Protocol (TCP/IP), while MQTT‐SN uses User Datagram Protocol (UDP), catering to resource‐constrained devices and low‐power modes. The proposed technique attained throughput (68 kB), energy consumption (120 mJ), security level (96%), energy efficiency (98.80%), path loss (22 dB), end‐to‐end delay (35 ms), processing time (230 s) and packet delivery ratio (0.98). The DMBSOA‐optimized MQTT protocol demonstrates superior performance compared to these models, highlighting its potential to meet the evolving demands of IoT security. This research underscores the effectiveness of DMBSOA in enhancing MQTT protocol security and efficiency, providing a promising solution for secure IoT communication.

telecommunications

Carlos Segarra,Ricard Delgado-Gonzalo,Valerio Schiavoni

DOI: https://doi.org/10.48550/arXiv.2007.12442

2020-08-27

Abstract:The publish-subscribe paradigm is an efficient communication scheme with strong decoupling between the nodes, that is especially fit for large-scale deployments. It adapts natively to very dynamic settings and it is used in a diversity of real-world scenarios, including finance, smart cities, medical environments, or IoT sensors. Several of the mentioned application scenarios require increasingly stringent security guarantees due to the sensitive nature of the exchanged messages as well as the privacy demands of the clients/stakeholders/receivers. MQTT is a lightweight topic-based publish-subscribe protocol popular in edge and IoT settings, a de-facto standard widely adopted nowadays by the industry and researchers. However, MQTT brokers must process data in clear, hence exposing a large attack surface. This paper presents MQT-TZ, a secure MQTT broker leveraging Arm TrustZone, a trusted execution environment (TEE) commonly found even on inexpensive devices largely available on the market (such as Raspberry Pi units). We define a mutual TLS-based handshake and a two-layer encryption for end-to-end security using the TEE as a trusted proxy. The experimental evaluation of our fully implemented prototype with micro-, macro-benchmarks, as well as with real-world industrial workloads from a MedTech use-case, highlights several trade-offs using TrustZone TEE. We report several lessons learned while building and evaluating our system. We release MQT-TZ as open-source.

Cryptography and Security

Jingxu Xiao,Chaowen Chang,Yingying Ma,Chenli Yang,Lu Yuan

DOI: https://doi.org/10.3934/mbe.2024148

2024-01-01

Mathematical Biosciences and Engineering

Abstract:In the realm of the Internet of Things (IoT), ensuring the security of communication links and evaluating the safety of nodes within these links remains a significant challenge. The continuous threat of anomalous links, harboring malicious switch nodes, poses risks to data transmission between edge nodes and between edge nodes and cloud data centers. To address this critical issue, we propose a novel trust evaluation based secure multi-path routing (TESM) approach for IoT. Leveraging the software-defined networking (SDN) architecture in the data transmission process between edge nodes, TESM incorporates a controller comprising a security verification module, a multi-path routing module, and an anomaly handling module. The security verification module ensures the ongoing security validation of data packets, deriving trust scores for nodes. Subsequently, the multi-path routing module employs multi-objective reinforcement learning to dynamically generate secure multiple paths based on node trust scores. The anomaly handling module is tasked with handling malicious switch nodes and anomalous paths. Our proposed solution is validated through simulation using the Ryu controller and P4 switches in an SDN environment constructed with Mininet. The results affirm that TESM excels in achieving secure data forwarding, malicious node localization, and the secure selection and updating of transmission paths. Notably, TESM introduces a minimal 12.4% additional forwarding delay and a 5.46% throughput loss compared to traditional networks, establishing itself as a lightweight yet robust IoT security defense solution.

mathematical & computational biology

Malisa Vucinic,Bernard Tourancheau,Franck Rousseau,Andrzej Duda,Laurent Damon,Roberto Guizzetti

DOI: https://doi.org/10.48550/arXiv.1404.7799

2014-05-01

Abstract:Billions of smart, but constrained objects wirelessly connected to the global network require novel paradigms in network design. New protocol standards, tailored to constrained devices, have been designed taking into account requirements such as asynchronous application traffic, need for caching, and group communication. The existing connection oriented security architecture is not able to keep up---first, in terms of the supported features, but also in terms of the scale and resulting latency on small constrained devices. In this paper, we propose an architecture that leverages the security concepts both from content-centric and traditional connection-oriented approaches. We rely on secure channels established by means of (D)TLS for key exchange, but we get rid of the notion of the 'state' among communicating entities. We provide a mechanism to protect from replay attacks by coupling our scheme with the CoAP application protocol. Our object-based security architecture (OSCAR) intrinsically supports caching and multicast, and does not affect the radio duty-cycling operation of constrained objects. We evaluate OSCAR in two cases: 802.15.4 Low Power and Lossy Networks (LLN) and Machine-to-Machine (M2M) communication for two different hardware platforms and MAC layers on a real testbed and using the Cooja emulator. We show significant energy savings at constrained servers and reasonable delays. We also discuss the applicability of OSCAR to Smart City deployments.

Networking and Internet Architecture,Cryptography and Security

Xin Huang,Paul Craig,Hangyu Lin,Zheng Yan

DOI: https://doi.org/10.1002/sec.1259

IF: 1.968

2015-05-11

Security and Communication Networks

Abstract:The 5th generation wireless system (5G) will support Internet of Things (IoT) by increasing the interconnectivity of electronic devices to support a variety of new and promising networked applications such as the home of the future, environmental monitoring networks, and infrastructure management systems. The potential benefits of the IoT are as profound as they are diverse. However, the benefits of the IoT come with some significant challenges. Not the least of these is that the increased interconnectivity integral to an IoT network increases its vulnerability to malevolent attacks. There is still no proven methodology for the design of security frameworks with device authentication and access control. This paper attempts to address this problem through the development of a prototype security framework with robust and transparent security protection. This includes an investigation into the security requirements of three different characteristic IoT scenarios (concretely, body IoT, home IoT, and hotel IoT), a design of new authentication mechanisms, and an access control subsystem with fine‐grained roles and risk indicators. Our prototype security framework gives us an insight into some of the major difficulties of IoT security as well as providing some feasible solutions. Copyright © 2015 John Wiley & Sons, Ltd. This paper includes an investigation into the security requirements of three different characteristic Internet of Things (IoT) scenarios (concretely, body IoT, home IoT, and hotel IoT), a design of new authentication mechanisms, and an access control subsystem with fine‐grained roles and risk indicators. Our prototype security framework gives us an insight into some of the major difficulties of IoT security and provides some feasible solutions.

computer science, information systems,telecommunications

Sijia Tian,Vassilios G. Vassilakis

DOI: https://doi.org/10.3390/electronics12143085

IF: 2.9

2023-07-17

Electronics

Abstract:The Internet of Things (IoT) deployment in emerging markets has increased dramatically, making security a prominent issue in IoT communication. Several protocols are available for IoT communication; among them, Message Queuing Telemetry Transport (MQTT) is pervasive in intelligent applications. However, MQTT is designed for resource-constrained IoT devices and, by default, does not have a security scheme, necessitating an additional security scheme to overcome its weaknesses. The security vulnerabilities in MQTT inherently lead to overhead and poor communication performance. Adding a lightweight security framework for MQTT is essential to overcome these problems in a resource-constrained environment. The conventional MQTT security schemes present a single trusted scheme and perform attribute verification and key generation, which tend to be a bottleneck at the server and pave the way for various security attacks. In addition to that, using the same secret key for an extended period and a flawed key revocation system can affect the security of MQTT. To address these issues, we propose an Improved Ciphertext Policy-Attribute-Based Encryption (ICP-ABE) integrated with a lightweight symmetric encryption scheme, PRESENT, to improve the security of MQTT. In this work, the PRESENT algorithm enables the secure sharing of blind keys among clients. We evaluated a previously proposed ICP-ABE scheme from the perspective of energy consumption and communication overhead. Furthermore, we evaluated the efficiency of the scheme using provable security and formal methods. The simulation results showed that the proposed scheme consumes less energy in standard and attack scenarios than the simple PRESENT, Key Schedule Algorithm (KSA)-PRESENT Secure Message Queue Telemetry Transport (SMQTT), and ECC-RSA frameworks, with a topology of 30 nodes. In general, the proposed lightweight security framework for MQTT addresses the vulnerabilities of MQTT and ensures secure communication in a resource-constrained environment, making it a promising solution for IoT applications in emerging markets.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mahmoud Ammar,Mahdi Washha,Gowri Sankar Ramachandran,Bruno Crispo

DOI: https://doi.org/10.48550/arXiv.1811.07367

2018-11-19

Abstract:The Internet of Things (IoT) is increasingly intertwined with critical industrial processes, yet contemporary IoT devices offer limited security features, creating a large new attack surface. Remote attestation is a well-known technique to detect cyber threats by remotely verifying the internal state of a networked embedded device through a trusted entity. Multi-device attestation has received little attention although current single-device approaches show limited scalability in IoT applications. Though recent work has yielded some proposals for scalable attestation, several aspects remain unexplored, and thus more research is required. This paper presents slimIoT, a scalable lightweight attestation protocol that is suitable for all IoT devices. slimIoT depends on an efficient broadcast authentication scheme along with symmetric key cryptography. It is resilient against a strong adversary with physical access to the IoT device. Our protocol is informative in the sense that it identifies the precise status of every device in the network. We implement and evaluate slimIoT considering many factors. On the one hand, our evaluation results show a low overhead in terms of memory footprint and runtime. On the other hand, simulations demonstrate that slimIoT is scalable, robust and highly efficient to be used in static and dynamic networks consisting of thousands of heterogenous IoT devices.

Cryptography and Security

Pantaleone Nespoli,David Useche Pelaez,Daniel Díaz López,Félix Gómez Mármol

DOI: https://doi.org/10.3390/s19071492

2019-03-27

Abstract:The Internet of Things (IoT) became established during the last decade as an emerging technology with considerable potentialities and applicability. Its paradigm of everything connected together penetrated the real world, with smart devices located in several daily appliances. Such intelligent objects are able to communicate autonomously through already existing network infrastructures, thus generating a more concrete integration between real world and computer-based systems. On the downside, the great benefit carried by the IoT paradigm in our life brings simultaneously severe security issues, since the information exchanged among the objects frequently remains unprotected from malicious attackers. The paper at hand proposes COSMOS (Collaborative, Seamless and Adaptive Sentinel for the Internet of Things), a novel sentinel to protect smart environments from cyber threats. Our sentinel shields the IoT devices using multiple defensive rings, resulting in a more accurate and robust protection. Additionally, we discuss the current deployment of the sentinel on a commodity device (i.e., Raspberry Pi). Exhaustive experiments are conducted on the sentinel, demonstrating that it performs meticulously even in heavily stressing conditions. Each defensive layer is tested, reaching a remarkable performance, thus proving the applicability of COSMOS in a distributed and dynamic scenario such as IoT. With the aim of easing the enjoyment of the proposed sentinel, we further developed a friendly and ease-to-use COSMOS App, so that end-users can manage sentinel(s) directly using their own devices (e.g., smartphone).

Carlotta Tagliaro,Martina Komsic,Andrea Continella,Kevin Borgolte,Martina Lindorfer

DOI: https://doi.org/10.1145/3678890.3678899

2024-10-01

Abstract:Internet-of-Things (IoT) devices, ranging from smart home assistants to health devices, are pervasive: Forecasts estimate their number to reach 29 billion by 2030. Understanding the security of their machine-to-machine communication is crucial. Prior work focused on identifying devices' vulnerabilities or proposed protocol-specific solutions. Instead, we investigate the security of backends speaking IoT protocols, that is, the backbone of the IoT ecosystem. We focus on three real-world protocols for our large-scale analysis: MQTT, CoAP, and XMPP. We gather a dataset of over 337,000 backends, augment it with geographical and provider data, and perform non-invasive active measurements to investigate three major security threats: information leakage, weak authentication, and denial of service. Our results provide quantitative evidence of a problematic immaturity in the IoT ecosystem. Among other issues, we find that 9.44% backends expose information, 30.38% CoAP-speaking backends are vulnerable to denial of service attacks, and 99.84% of MQTT- and XMPP-speaking backends use insecure transport protocols (only 0.16% adopt TLS, of which 70.93% adopt a vulnerable version).

Cryptography and Security,Networking and Internet Architecture

Antonio Francesco Gentile,Davide Macrì,Domenico Luca Carnì,Emilio Greco,Francesco Lamonaca

DOI: https://doi.org/10.3390/s24092781

IF: 3.9

2024-04-27

Sensors

Abstract:The widespread adoption of Internet of Things (IoT) devices in home, industrial, and business environments has made available the deployment of innovative distributed measurement systems (DMS). This paper takes into account constrained hardware and a security-oriented virtual local area network (VLAN) approach that utilizes local message queuing telemetry transport (MQTT) brokers, transport layer security (TLS) tunnels for local sensor data, and secure socket layer (SSL) tunnels to transmit TLS-encrypted data to a cloud-based central broker. On the other hand, the recent literature has shown a correlated exponential increase in cyber attacks, mainly devoted to destroying critical infrastructure and creating hazards or retrieving sensitive data about individuals, industrial or business companies, and many other entities. Much progress has been made to develop security protocols and guarantee quality of service (QoS), but they are prone to reducing the network throughput. From a measurement science perspective, lower throughput can lead to a reduced frequency with which the phenomena can be observed, generating, again, misevaluation. This paper does not give a new approach to protect measurement data but tests the network performance of the typically used ones that can run on constrained hardware. This is a more general scenario typical for IoT-based DMS. The proposal takes into account a security-oriented VLAN approach for hardware-constrained solutions. Since it is a worst-case scenario, this permits the generalization of the achieved results. In particular, in the paper, all OpenSSL cipher suites are considered for compatibility with the Mosquitto server. The most used key metrics are evaluated for each cipher suite and QoS level, such as the total ratio, total runtime, average runtime, message time, average bandwidth, and total bandwidth. Numerical and experimental results confirm the proposal's effectiveness in foreseeing the minimum network throughput concerning the selected QoS and security. Operating systems yield diverse performance metric values based on various configurations. The primary objective is identifying algorithms to ensure suitable data transmission and encryption ratios. Another aim is to explore algorithms that ensure wider compatibility with existing infrastructures supporting MQTT technology, facilitating secure connections for geographically dispersed DMS IoT networks, particularly in challenging environments like suburban or rural areas. Additionally, leveraging open firmware on constrained devices compatible with various MQTT protocols enables the customization of the software components, a crucial necessity for DMS.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rikard Höglund,Marco Tiloca,Göran Selander,John Preuß Mattsson,Mališa Vučinić,Thomas Watteyne

DOI: https://doi.org/10.1109/access.2024.3384095

IF: 3.9

2024-04-12

IEEE Access

Abstract:Communication security of an Internet-of-Things (IoT) product depends on the variety of protocols employed throughout its lifetime. The underlying low-power radio communication technologies impose constraints on maximum transmission units and data rates. Surpassing maximum transmission unit thresholds has an important effect on the efficiency of the solution: transmitting multiple fragments over low-power IoT radio technologies is often prohibitively expensive. Furthermore, IoT communication paradigms such as one-to-many require novel solutions to support the applications executing on constrained devices. Over the last decade, the Internet Engineering Task Force (IETF) has been working through its various Working Groups on defining lightweight protocols for Internet-of-Things use cases. "Lightweight" refers to the minimal processing overhead, memory footprint and number of bytes in the air, compared to the protocol counterparts used for non-constrained devices in the Internet. This article overviews the standardization efforts in the IETF on lightweight communication security protocols. It introduces EDHOC, a key exchange protocol, as well as OSCORE and Group OSCORE, application data protection protocols adapted for securing IoT applications. The article additionally highlights the design considerations taken into account during the design of these protocols, an aspect not present in the standards documents. Finally, we present an evaluation of these protocols in terms of the message sizes, and we compare them with the non-constrained counterpart, the (D)TLS protocol. We demonstrate that the novel key exchange protocol EDHOC achieves reduction over DTLS 1.3 authenticated with pre-shared keys in terms of total number of bytes transmitted over the air, while keeping the benefits of authentication with asymmetric credentials.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yasser D. Al-Otaibi

DOI: https://doi.org/10.1007/s00500-021-05864-5

IF: 3.732

2021-05-12

Soft Computing

Abstract:The heterogeneous nature of the Internet of Things (IoT) requires sophisticated and distributed security schemes for providing reliable communication. However, providing a unanimous security measure is a tedious task for heterogeneous devices is a complex task. This function requires multiple communication and information sharing constraints to be adapted by connected users. In this article, a distributed multi-party security computation framework for ensuring the security level of scalable information sharing and communications in heterogeneous IoT. This computation framework uses synchronized security measures through recurrent verification on different communicating ends of the devices. In this verification process, backpropagation learning verifies end-to-end security and the communication session between the connected devices. MPC is generally subject to a significant overhead for correspondence but has the benefit of being confidential even if pursued until a substantial percentage of the participants are aggressive and coordinated. Secret MPC exchanging will protect the specifications of both models and the training/inference information. The multi-party verification relies on both device and service providers for unanimously synchronizing the different security computations in a less complex manner. This framework is reliable in mitigating man-in-middle and information loss adversaries. The performance of the proposed method is verified using the metrics detection ratio, response rate, delay, and overhead.

computer science, artificial intelligence, interdisciplinary applications

José Cecílio,Alan Oliveira de Sá,André Souto

2024-04-10

Abstract:With the proliferation of Internet of Things (IoT) devices, ensuring secure communications has become imperative. Due to their low cost and embedded nature, many of these devices operate with computational and energy constraints, neglecting the potential security vulnerabilities that they may bring. This work-in-progress is focused on designing secure communication among remote servers and embedded IoT devices to balance security robustness and energy efficiency. The proposed approach uses lightweight cryptography, optimizing device performance and security without overburdening their limited resources. Our architecture stands out for integrating Edge servers and a central Name Server, allowing secure and decentralized authentication and efficient connection transitions between different Edge servers. This architecture enhances the scalability of the IoT network and reduces the load on each server, distributing the responsibility for authentication and key management.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Hezam Akram Abdulghani,Anastasija Collen,Niels Alexander Nijdam

DOI: https://doi.org/10.3390/s23084174

2023-04-21

Abstract:Internet of Things (IoT) faces security concerns different from existing challenges in conventional information systems connected through the Internet because of their limited resources and heterogeneous network setups. This work proposes a novel framework for securing IoT objects, the key objective of which is to assign different Security Level Certificates (SLC) for IoT objects according to their hardware capabilities and protection measures implemented. Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. The proposed framework is composed of five phases, namely: classification, mitigation guidelines, SLC assignment, communication plan, and legacy integration. The groundwork relies on the identification of a set of security attributes, termed security goals. By performing an analysis on common IoT attacks, we identify which of these security goals are violated for specific types of IoT. The feasibility and application of the proposed framework is illustrated at each phase using the smart home as a case study. We also provide qualitative arguments to demonstrate how the deployment of our framework solves IoT specific security challenges.

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Jose Macias,Harold Pinilla,Wilder Castellanos,Jose Alvarado,Andres Sánchez

DOI: https://doi.org/10.48550/arXiv.2001.08171

2020-01-12

Abstract:In the coming years, the interconnection of a large number of devices is expected, which will lead to a new form of interaction between the real and the virtual world. In this promising scenario, known as the Internet of Things, it is expected that different objects, such as sensors, industrial robots, cars, appliances, will be connected to the Internet. One of the main challenges of the Internet of Things is the interoperability of highly heterogeneous devices, mainly in terms of the communication capabilities and network protocols used. As consequence, the interconnection model of the different devices involves an intermediary device, known as gateway. This gateway is a centralized element for the management of the devices that make up an IoT application. In addition, it is essential for the transmission of information to the Internet, especially when many IoT devices are not IP-based. This paper describes the implementation of an IoT gateway that allows the exchange of data through different wireless technologies and forwarding of such data to the Internet. The proposed gateway has important advantages such as: supporting for multiprotocol interconnectivity; remote configuration of wireless nodes for sensor and actuators management; a flexible algorithm to translate the data obtained by sensors into a uniform format for transmission to a cloud server; low energy consumption due to efficient data transfer over the MQTT protocol. In order to demonstrate the usefulness of the developed gateway, a proof-of-concept test was implemented. The implemented scenario consists of 2 wireless nodes responsible for sensing environmental variables and transmitting data to the gateway node through different communication protocols. The obtained results show the feasibility for simultaneous data transmission from the remote wireless nodes to the gateway.

Networking and Internet Architecture

Chintan Patel

DOI: https://doi.org/10.48550/arXiv.2207.10353

2022-07-21

Abstract:The Internet of Things (IoT) is giving a boost to a plethora of new opportunities for the robust and sustainable deployment of cyber physical systems. The cornerstone of any IoT system is the sensing devices. These sensing devices have considerable resource constraints, including insufficient battery capacity, CPU capability, and physical security. Because of such resource constraints, designing lightweight cryptographic protocols is an opportunity. Remote User Authentication ensures that two parties establish a secure and durable session key. This study presents a lightweight and safe authentication strategy for the user-gateway (U GW) IoT network model. The proposed system is designed leveraging Elliptic Curve Cryptography (ECC). We undertake a formal security analysis with both the Automated Validation of Internet Security Protocols (AVISPA) and Burrows Abadi Needham (BAN) logic tools and an information security assessment with the Delev Yao channel. We use publish subscribe based Message Queuing Telemetry Transport (MQTT) protocol for communication. Additionally, the performance analysis and comparison of security features show that the proposed scheme is resilient to well known cryptographic threats.

Cryptography and Security

Jiawei Zhang,Teng Li,Zuobin Ying,Jianfeng Ma

DOI: https://doi.org/10.1109/tcc.2022.3147226

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud-Fog-Assisted Internet-of-Things (IoT) is a convincing paradigm to provide users with on-demand and low-latency services through Fog nodes in the edge of multiple clouds (Multi-Cloud). Multi-Cloud is a scalable multi-domain service-oriented net-centric system and can respond to complicated user requirements leveraging Multi-Cloud Service Composition (MCSC). However, in MCSC, user security can be easily compromised by untrusted and curious cloud service providers that may collect and violate the privacy and other essential assets of cloud users. Although many trust-based MCSC solutions have been proposed to seek a trustworthy composite service with highest trust level, most of them are vulnerable to malicious users intending to break through the clouds and inflict serious data leakage or asset damage. Considering these security concerns on both malicious users and untrusted service providers, in this article, we present a trust-based secure multi-cloud collaboration framework for Cloud-Fog-Assisted IoT systems. Specifically, to guarantee the security of users, we develop a role-based trust evaluation method to enhance the trustworthiness of MCSC. To preserve the security of services, we design an efficient user authentication scheme and a secure collaboration scheme to provide collaborative user authentication and access control mechanism for MCSC. We develop a proof of concept implementation for our framework and demonstrate its practicability by performance evaluation with extensive experiments.

computer science, information systems, theory & methods