Yanan Zhang,Jingru Xing,Yaozong Xu,Maode Ma,Cong Wang

DOI: https://doi.org/10.1007/978-981-97-5606-3_22

2024-01-01

Abstract:Named Data Networking (NDN) is one of the potential Future Internet Architectures, shifting from the traditional host-centric architecture to a data-centric one. Collusion Interest Flooding Attacks (CIFAs) is a new type of attack that intermittently sending malicious Interests to overwhelm the Pending Interest Table (PIT). Collusive producers working with the attackers respond to these malicious Interest packets just before they expire in the PIT, thereby disguising their attacks as legitimate, which makes detection methods against Interest Flooding Attacks (IFAs) unable to identify CIFAs. This paper proposes the DM-CIFA scheme, which aggregates decision tree and K-means algorithm for effective detection and mitigation of CIFAs. Firstly, a decision tree is trained to monitor the number of entries in the PIT, and the throughput of Interest and Data packets of the router for attack detection. Then the malicious prefix identification algorithm, based on the K-means algorithm, is activated after an attack is detected. Additionally, the bottleneck router mitigating CIFAs by informing the next hop router with a signed Interest packet (SIP) that carry the malicious prefixes to pinpoint attackers and reject forwarding malicious Interests. The simulation results demonstrate the proposed DM-CIFA has high sensitivity towards CIFAs and the capability to effectively mitigate the attack's effects on the NDN.

Gubei Yin,Junhua Tang,Futai Zou,Yue Wu,Jianhua Li

DOI: https://doi.org/10.1109/iccc47050.2019.9064357

2019-01-01

Abstract:Information-centric networking (ICN), which is believed to be one of the most promising technologies in the next-generation network, has drawn lots of attention from both academia and industry. While ICN solves many problems of the TCP/IP architecture, new security issues arise. The interest flooding attack is one of them. In this paper, we discuss the influences of this type of attack in Named Data Networking (NDN) and propose a novel detection and mitigation scheme. In this scheme, a controller is introduced in an NDN domain to collect routing and forwarding statistics from routers. These statistics are then analyzed by the controller to detect interest flooding attack as well as trace the adversaries and malicious prefixes. Simulation experiments are conducted using ndnSIM, and the results demonstrate that the proposed scheme is both effective and efficient.

Jiaqing Dong,Kai Wang,Yongqiang Lyu,Libo Jiao,Hao Yin

DOI: https://doi.org/10.1007/978-3-030-05063-4_39

2018-01-01

Abstract:Interest Flooding Attack (IFA) has been one of the biggest threats for the Named Data Networking (NDN) paradigm, while it is very easy to launch but very difficult to mitigate. In this paper, we propose the InterestFence, which is a simple, direct, lightweight yet efficient IFA countermeasure, and the first one to achieve fast detection meanwhile accurate and efficient attacking traffic filtering without harming any legitimate Interests. InterestFence detects IFA based on content servers rather than routers to guarantee accurate detection. All content items with the same prefix within a content server have a hash-based security label (HSL) to claim their existence, and a HSL verification method is securely transmitted to related routers to help filtering and cleaning IFA traffic in transit networks accurately and efficiently. Performance analysis demonstrates the effectiveness of InterestFence on mitigating IFA and its lightweight feature due to the limited overhead involved.

Yue Li,Yingjian Liu,Haoyu Yin,Zhongwen Guo,Yu Wang

DOI: https://doi.org/10.1109/jiot.2023.3297334

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Internet of Underwater Things (IoUT) needs to maintain effective communication even under the circumstances of severe environments and limited energy. Named Data Networking (NDN), a future network architecture, is starting to be used for IoUT as an effective architecture implementation. Despite having a good performance of data transmission, Underwater Named Data Networking (UNDN) nevertheless faces some security risks, such as Denial-of-Service (DoS) brought by Interest Flooding Attacks (IFAs). This paper proposes a novel DoS attack, Synergetic Denial-of-Service (SDoS), which can cause hiding damages to router’s Content Store (CS), Pending Interest Table (PIT), and Forwarding Information Base (FIB). We not only study the basic synergetic attack model of SDoS but also analyze some possible attack variants. Simulation results illustrate that SDoS entirely invalidates the only IFA detection algorithm in UNDN. Compared to ordinary IFAs, SDoS attacks increase network traffic fourfold. Furthermore, we discover a unique infection problem in UNDN and propose a countermeasure named Trident, which has meticulously designed adaptive threshold, Double Trial for attacker identification, and a self-proving mechanism based on leaky bucket. Experiment results demonstrate that Trident can detect and resist not only IFAs but also SDoS attacks effectively. Meanwhile, Trident also achieves good defense performance on the variants of SDoS and can take on burst traffic and network congestion robustly.

computer science, information systems,telecommunications,engineering, electrical & electronic

Alberto Compagno,Mauro Conti,Paolo Gasti,Gene Tsudik

DOI: https://doi.org/10.1109/LCN.2013.6761300

2013-08-02

Abstract:Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. In CCN, named content becomes a first-class entity. CCN focuses on content distribution, which dominates current Internet traffic and is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.

Networking and Internet Architecture,Cryptography and Security

Rawan Bukhowah,Ahmed Aljughaiman,M. M. Hafizur Rahman

DOI: https://doi.org/10.3390/electronics13061031

IF: 2.9

2024-03-10

Electronics

Abstract:The Internet of Things (IoT) is a rapidly growing network that shares information over the Internet via interconnected devices. In addition, this network has led to new security challenges in recent years. One of the biggest challenges is the impact of denial-of-service (DoS) attacks on the IoT. The Information-Centric Network (ICN) infrastructure is a critical component of the IoT. The ICN has gained recognition as a promising networking solution for the IoT by supporting IoT devices to be able to communicate and exchange data with each other over the Internet. Moreover, the ICN provides easy access and straightforward security to IoT content. However, the integration of IoT devices into the ICN introduces new security challenges, particularly in the form of DoS attacks. These attacks aim to disrupt or disable the normal operation of the ICN, potentially leading to severe consequences for IoT applications. Machine learning (ML) is a powerful technology. This paper proposes a new approach for developing a robust and efficient solution for detecting DoS attacks in ICN-IoT networks using ML technology. ML is a subset of artificial intelligence (AI) that focuses on the development of algorithms. While several ML algorithms have been explored in the literature, including neural networks, decision trees (DTs), clustering algorithms, XGBoost, J48, multilayer perceptron (MLP) with backpropagation (BP), deep neural networks (DNNs), MLP-BP, RBF-PSO, RBF-JAYA, and RBF-TLBO, researchers compare these detection approaches using classification metrics such as accuracy. This classification metric indicates that SVM, RF, and KNN demonstrate superior performance compared to other alternatives. The proposed approach was carried out on the NDN architecture because, based on our findings, it is the most used one and has a high percentage of various types of cyberattacks. The proposed approach can be evaluated using an ndnSIM simulation and a synthetic dataset for detecting DoS attacks in ICN-IoT networks using ML algorithms.

engineering, electrical & electronic,computer science, information systems,physics, applied

Seyed Meysam Zarei,Reza Fotohi

DOI: https://doi.org/10.1002/spy2.152

2021-02-19

Abstract:The Internet of Things (IoT) ecosystem allows communication between billions of devices worldwide that are collecting data autonomously. The vast amount of data generated by these devices must be controlled totally securely. The centralized solutions are not capable of responding to these concerns due to security challenges problems. Thus, the Average Packet Transmission RREQ (APT-RREQ) as an effective solution, has been employed to overcome these concerns to allow for entirely secure communication between devices. In this paper, an approach called LSFA-IoT is proposed that protects the AODV routing protocol as well as the IoT network against flooding. The proposed method is divided into two main phases; The first phase includes a physical layer intrusion and attack detection system used to detect attacks, and the second phase involves detecting incorrect events through APT-RREQ messages. The simulation results indicated the superiority of the proposed method in terms of False Positive Rate (FPR), False Negative Rate (FPR), Detection Rate (DR), and Packet Delivery Rate (PDR) compared to REATO and IRAD. Also, the simulation results show how the proposed approach can significantly increase the security of each thing and network security.

Cryptography and Security,Networking and Internet Architecture

Nadia Chaabouni,Mohamed Mosbah,Akka Zemmari,Cyrille Sauvignac,Parvez Faruki

DOI: https://doi.org/10.1109/comst.2019.2896380

2019-01-01

Abstract:Pervasive growth of Internet of Things (IoT) is visible across the globe. The 2016 Dyn cyberattack exposed the critical fault-lines among smart networks. Security of IoT has become a critical concern. The danger exposed by infested Internet-connected Things not only affects the security of IoT but also threatens the complete Internet eco-system which can possibly exploit the vulnerable Things (smart devices) deployed as botnets. Mirai malware compromised the video surveillance devices and paralyzed Internet via distributed denial of service attacks. In the recent past, security attack vectors have evolved bothways, in terms of complexity and diversity. Hence, to identify and prevent or detect novel attacks, it is important to analyze techniques in IoT context. This survey classifies the IoT security threats and challenges for IoT networks by evaluating existing defense techniques. Our main focus is on network intrusion detection systems (NIDSs); hence, this paper reviews existing NIDS implementation tools and datasets as well as free and open-source network sniffing software. Then, it surveys, analyzes, and compares state-of-the-art NIDS proposals in the IoT context in terms of architecture, detection methodologies, validation strategies, treated threats, and algorithm deployments. The review deals with both traditional and machine learning (ML) NIDS techniques and discusses future directions. In this survey, our focus is on IoT NIDS deployed via ML since learning algorithms have a good success rate in security and privacy. The survey provides a comprehensive review of NIDSs deploying different aspects of learning techniques for IoT, unlike other top surveys targeting the traditional systems. We believe that, this paper will be useful for academia and industry research, first, to identify IoT threats and challenges, second, to implement their own NIDS and finally to propose new smart techniques in IoT context considering IoT limitations. Moreover, the s-rvey will enable security individuals differentiate IoT NIDS from traditional ones.

computer science, information systems,telecommunications

P. Malini,K.R. Kavitha,Dr. K.R. Kavitha

DOI: https://doi.org/10.1016/j.cose.2024.103818

IF: 5.105

2024-03-29

Computers & Security

Abstract:In recent years, the development of Internet of Things (IoT) applications has increased, resulting in higher demands for sufficient bandwidth, data rates, latency, and quality of service (QoS). In advanced communications, managing network resources for allocating IoT services and identifying the exact IoT devices connected to a network is a major concern. The existing studies have introduced various methods for classifying IoT devices in a network. However, the previous studies faced challenges like limited attributes, low efficiency, inappropriate features, and computational complexities. Also, the existing studies failed to concentrate on IoT/Non-IoT classification along with attack detection. Detecting attacks on IoT devices is critical for making network services more effective. Thus, the proposed study introduces an efficient IoT device classification and attack detection mechanism using Software Defined Networking (SDN)-enabled Fiber-Wireless Access Networks Internet of Things (FiWi IoT) architecture. Initially, an effective resource allocation process is performed to mitigate the delay constraint issues by introducing a hybrid parallel neural network-based dynamic bandwidth allocation (DBA) method. Then, the input traffic information is gathered from the resource-efficient SDN-enabled FiWi IoT network, and the input data is pre-processed to eliminate unwanted noises using min-max normalization and standardization. Next, the essential attributes are extracted to attain enhanced classification performance. To reduce the feature dimensionality problem and thereby solve complexity issues, the most optimal features are selected by a new Chaotic Seagull Optimization (CSO) approach. After that, IoT/non-IoT classification is performed using a transformer-driven deep intelligent model. Finally, the attacks are detected and classified by introducing a novel Slice Attention-based Deep Capsule Autoencoder (SA_DCAE) model. For experimentation, the Python 3.7.0 tool is used in this work, and the performance of proposed classifiers is measured by evaluating varied matrices. Also, the comparison analysis proves the superiority of the proposed techniques to other existing methods.

computer science, information systems

Ghulam Musa Raza,Ihsan Ullah,Muhammad Salah Ud Din,Muhammad Atif Ur Rehman,Byung-Seo Kim

DOI: https://doi.org/10.1109/access.2024.3444903

IF: 3.9

2024-08-28

IEEE Access

Abstract:Internet of things (IoT) has emerged as a quintessential paradigm of communication systems. Current literature introduces notion of a named data network for IoT (NDN-IoT), optimizing IoT communication by employing name-based networking. However, the advancements introduced by this approach are inadequate when dealing with URL-based naming and forwarding. For instance, length and ambiguities in content names are still open challenges. In addition, the intelligent exploration of content names to discern a forwarding clue is a significant research gap. To achieve intelligent communication, understanding the interest name and acquiring a forwarding clue is crucial. Focusing on this gap, an intelligent naming scheme called INF-NDN IoT is proposed that correlates with a forwarding mechanism as well. The proposed INF-NDN IoT improves the NDN naming schemas by utilizing natural language processing (NLP) techniques and selecting supernodes and ordinary nodes in the network. INF-NDN IoT assigns (forwarding clue) semantic tags to content names as well as to supernodes that in turn perform the semantic forwarding. Experimental results have shown that INF-NDN IoT outperformed existing work, and has better results in terms of name length, name memory utilization, interest satisfaction rate, retrieval time, hop count, and energy consumption.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rabia Khan,Noshina Tariq,Muhammad Ashraf,Farrukh Aslam Khan,Saira Shafi,Aftab Ali

DOI: https://doi.org/10.3390/s24175834

IF: 3.9

2024-09-08

Sensors

Abstract:The Internet of Things (IoT) is a significant technological advancement that allows for seamless device integration and data flow. The development of the IoT has led to the emergence of several solutions in various sectors. However, rapid popularization also has its challenges, and one of the most serious challenges is the security of the IoT. Security is a major concern, particularly routing attacks in the core network, which may cause severe damage due to information loss. Routing Protocol for Low-Power and Lossy Networks (RPL), a routing protocol used for IoT devices, is faced with selective forwarding attacks. In this paper, we present a federated learning-based detection technique for detecting selective forwarding attacks, termed FL-DSFA. A lightweight model involving the IoT Routing Attack Dataset (IRAD), which comprises Hello Flood (HF), Decreased Rank (DR), and Version Number (VN), is used in this technique to increase the detection efficiency. The attacks on IoT threaten the security of the IoT system since they mainly focus on essential elements of RPL. The components include control messages, routing topologies, repair procedures, and resources within sensor networks. Binary classification approaches have been used to assess the training efficiency of the proposed model. The training step includes the implementation of machine learning algorithms, including logistic regression (LR), K-nearest neighbors (KNN), support vector machine (SVM), and naive Bayes (NB). The comparative analysis illustrates that this study, with SVM and KNN classifiers, exhibits the highest accuracy during training and achieves the most efficient runtime performance. The proposed system demonstrates exceptional performance, achieving a prediction precision of 97.50%, an accuracy of 95%, a recall rate of 98.33%, and an F1 score of 97.01%. It outperforms the current leading research in this field, with its classification results, scalability, and enhanced privacy.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Nadia A. Alfriehat,Mohammed Anbar,Shankar Karuppayah,Shaza Dawood Ahmed Rihan,Basim Ahmad Alabsi,Alaa M. Momani

DOI: https://doi.org/10.1109/access.2024.3368633

IF: 3.9

2024-03-06

IEEE Access

Abstract:The internet of things (IoT) is an emerging technological advancement with significant implications. It connects a wireless sensor or node network via low-power and lossy networks (LLN). The routing protocol over a low-power and lossy network (RPL) is the fundamental component of LLN. Its lightweight design effectively addresses the limitations imposed by bandwidth, energy, and memory on both LLNs and IoT devices. Notwithstanding its efficacy, RPL introduces susceptibilities, including the version number attack (VNA), which underscores the need for IoT systems to implement effective security protocols. This work reviews and categorizes the security mechanisms proposed in the literature to detect VNA against RPL-based IoT networks. The existing mechanisms are thoroughly discussed and analyzed regarding their performance, datasets, implementation details, and limitations. Furthermore, a qualitative comparison is presented to benchmark this work against existing studies, showcasing its uniqueness. Finally, this work analyzes research gaps and proposes future research avenues.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kim Jae-Dong

2024-10-17

Abstract:The rapid expansion of the Internet of Things (IoT) has revolutionized various domains, offering significant benefits through enhanced interconnectivity and data exchange. However, the security challenges associated with IoT networks have become increasingly prominent owing to their inherent vulnerability. This paper provides an in-depth analysis of the network layer in IoT architectures, highlighting the potential risks posed by routing attacks, such as blackholes, wormholes, sinkholes, Sybil, and selective forwarding attacks. This study explores the unique challenges posed by the constrained resources, heterogeneity, and dynamic topology of IoT networks, which complicate the implementation of robust security measures. Various countermeasures, including trust-based mechanisms, Intrusion Detection Systems (IDS), and routing protocols, are evaluated for their effectiveness in mitigating these threats. This study also emphasizes the importance of considering misbehavior observation, trust management, and lightweight defense strategies in the design of secure IoT networks. These findings contribute to the development of comprehensive defense mechanisms tailored to the specific challenges of IoT environments.

Cryptography and Security

Muhammad Abizar,Muhammad Ferry Septian Ihzanor Syahputra,Ahmad Rizky Habibullah,Christian Sri Kusuma Aditya,Fauzi Dwi Setiawan Sumadi

DOI: https://doi.org/10.11591/ijai.v12.i4.pp1974-1984

2023-12-01

IAES International Journal of Artificial Intelligence (IJ-AI)

Abstract:One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.

Mustafa Sanlı

DOI: https://doi.org/10.1007/s13369-023-08669-w

IF: 2.807

2024-02-23

Arabian Journal for Science and Engineering

Abstract:The increasing number of sensors and Internet of Things (IoT) devices have made the Denial of Service (DoS) attacks in IoT networks a significant security threat. The inherent characteristics of IoT networks such as the large number of end nodes, the heterogeneous nature of IoT networks, resource limitations in routers, and the multiplicity of application areas in daily life, make the investigation of attacks in these networks a major and important research problem. This paper presents a new approach for detecting and mitigating DoS attacks in IoT networks. The proposed approach is implemented on an Field Programmable Gate Array (FPGA)-based platform and tested for performance against different types of DoS attacks. The approach can respond quickly to attacks specific to IoT networks and can be easily implemented on hardware with low resource requirements.

multidisciplinary sciences

Bindu Bala,Sunny Behal

DOI: https://doi.org/10.1016/j.cosrev.2024.100631

IF: 8.757

2024-05-01

Computer Science Review

Abstract:Distributed Denial of Service (DDoS) attacks in IoT networks are one of the most devastating and challenging cyber-attacks. The number of IoT users is growing exponentially due to the increase in IoT devices over the past years. Consequently, DDoS attack has become the most prominent attack as vulnerable IoT devices are becoming victims of it. In the literature, numerous techniques have been proposed to detect IoT-based DDoS attacks. However, techniques based on Artificial Intelligence (AI) have proven to be effective in the detection of cyber-attacks in comparison to other alternative techniques. This paper presents a systematic literature review of AI-based tools and techniques used for analysis, classification, and detection of the most threatening, prominent, and dreadful IoT-based DDoS attacks between the years 2019 to 2023. A comparative study of real datasets having IoT traffic features has also been illustrated. The findings of this systematic review provide useful insights into the existing research landscape for designing AI-based models to detect IoT-based DDoS attacks specifically. Additionally, the study sheds light on IoT botnet lifecycle, various botnet families, the taxonomy of IoT-based DDoS attacks, prominent tools used to launch DDoS attack, publicly available IoT datasets, the taxonomy of AI techniques, popular software available for ML/DL modeling, a list of numerous research challenges and future directions that may aid in the development of novel and reliable methods for identifying and categorizing IoT-based DDoS attacks.

computer science, information systems, theory & methods, software engineering

Xin Wang,Xiaobo Ma,Jiahao Peng,Jianfeng Li,Lei Xue,Wenjun Hu,Li Feng

DOI: https://doi.org/10.1109/access.2021.3131503

IF: 3.9

2021-01-01

IEEE Access

Abstract:The emerging link flooding attacks (LFAs) are one type of attacks that attract significant attention in both academia and industry against the routing infrastructure. The attack traffic flows originating from bots (e.g., compromised IoT devices) are deliberately aggregated at upstream critical links and grow intensified, gradually making a network connected to the critical links disconnected. Although LFAs are far more sophisticated than traditional DDoS attacks, whether such sophistication comes without a downside has never been investigated. In this paper, by modeling link flooding attacks and defenses, we tackle a series of questions concerning the practical issues of LFAs. Specifically, from the perspective of attacks, we advance a novel notion of strike precision, and reveal that LFAs may exhibit attack interference (i.e., unexpectedly interfere the connectivity of innocent networks) which might undermine the stealthiness and persistence of LFAs. From the perspective of defenses, we make the first step to study attack intention, i.e., inversely inferring the target network to disconnect based on the identified links under attack. Furthermore, we consider a strong defender who employs traffic engineering to mitigate LFAs, and formulate the game-theoretic interactions between attackers and defenders. The experiment results show that attack interference is pervasive, and our proposed SPAH flooding strategy can substantially lower attack interference and increase strike precision. Moreover, we demonstrate that LFAs can be effectively mitigated based on traffic engineering from a game-theoretic perspective, wherein the defender can adopt non-cooperative measurement techniques to achieve light-weight and multi-protocol-based robust probe deployment.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ahmad Almadhor,Ali Altalbe,Imen Bouazzi,Abdullah Al Hejaili,Natalia Kryvinska

DOI: https://doi.org/10.1038/s41598-024-76016-6

IF: 4.6

2024-10-18

Scientific Reports

Abstract:Due to the rising use of the Internet of Things (IoT), the connectivity of networks increases the risk of Distributed Denial of Service (DDoS) attacks. Decentralized systems commonly used in centralized security systems fail to adequately prevent potential cyber threats in IoT because of the issues of privacy and scaling. The method proposed in this study seeks to remedy these facts by employing Explainable Artificial Intelligence (XAI) together with Federated Deep Neural Networks (FDNNs) to detect and prevent DDoS attacks. Our approach is thus to use federated learning models that are to be trained on distributed and dissimilar sources of data without compromising on the privacy aspect. FDNNs were trained over three rounds with information from three client gadgets incorporating pre-processed datasets of various types of DDoS attacks. Additionally, for feature selection, we integrated XGBoost with SHapley Additive exPlanations (SHAP) to improve model interpretability. The proposed solution can be considered to be quite robust, privacy-preserving, and highly scalable for the detection of DDoS attacks on the IoT network. The results shown on the server side indicate that this approach accurately detects 99.78% of DDoS attacks with a precision rate as high as 99.80%, recall rate (detection rate) going up to 99.74% and F1 score reaching 99.76%. They emphasize that FL-based IDSs are strong enough to cope with cybersecurity challenges in IoT, thus offering hope for securing modern network infrastructures against ever-growing cyber threats.

multidisciplinary sciences

Jiangfan Zhang,Rick S. Blum,H. Vincent Poor

DOI: https://doi.org/10.1109/msp.2018.2842261

IF: 15.204

2018-09-01

IEEE Signal Processing Magazine

Abstract:The Internet of Things (IoT) improves pervasive sensing and control capabilities via the aid of modern digital communication, signal processing, and massive deployment of sensors but presents severe security challenges. Attackers can modify the data entering or communicated from the IoT sensors, which can have a serious impact on any algorithm using these data for inference. This article describes how to provide tight bounds (with sufficient data) on the performance of the best unbiased algorithms estimating a parameter from the attacked data and communications under any assumed statistical model describing how the sensor data depends on the parameter before attack. The results hold regardless of the unbiased estimation algorithm adopted, which could employ deep learning, machine learning, statistical signal processing, or any other approach. Example algorithms that achieve performance close to these bounds are illustrated. Attacks that make the attacked data useless for reducing these bounds are also described. These attacks provide a guaranteed attack performance in terms of the bounds regardless of the algorithms the unbiased estimation system employs. References are supplied that provide various extensions to all of the specific results presented in this article and a brief discussion of low-complexity encryption and physical layer security is provided.

engineering, electrical & electronic