Daojing He,Ran Ye,Sammy Chan,Mohsen Guizani,Yanping Xu

DOI: https://doi.org/10.1109/MCOM.2018.1700809

IF: 9.03

2018-01-01

IEEE Communications Magazine

Abstract:With the rapid development of wearable biosensors and wireless communication technologies, various smart healthcare systems are proposed to monitor the health of patients in real time. However, many security problems exist in these systems. For example, a password guessing attack can compromise IoT devices, leading to invasion of health data privacy. After giving an overview of security threats of...

Chanapha Butpheng,Kuo-Hui Yeh,Jia-Li Hou

DOI: https://doi.org/10.1155/2022/5300253

IF: 1.968

2022-06-03

Security and Communication Networks

Abstract:Utilization of the Internet of Things (IoT) technology is virtually ubiquitous across various life disciplines. When the IoT is integrated into e-health system to enable more real-time on-demand services, it brings significant convenience to the physicians and patients. However, the risk of encountering unreliable information and potential security threat is promptly raised at the same time. Therefore, in this research, we establish a secure IoT and cloud computing-enabled e-health management system in which a distinctive authentication scheme is adopted. The proposed system ensures all major security requirements, such as confidentiality, entity anonymity, repudiation tracking, data integrity, and innate resistance to man-in-the-middle, location spoofing, and replay attacks. Moreover, our system can effectively be executed on low-powered processing units and simultaneously guarantees greater security than historically available alternatives.

computer science, information systems,telecommunications

Rui Yu,Xiaohua Zhang,Minyuan Zhang

DOI: https://doi.org/10.1109/icbaie52039.2021.9389849

2021-01-01

Abstract:In recent years, the Internet of Things technology has developed rapidly and has a wide range of applications in the fields of smart home, Internet of Vehicles, and Industrial Internet of Things. Most of the emerging smart devices have relatively simple architectures, and security vulnerabilities may exist in the perception layer, transport layer, and application layer. At present, most of the security analysis frameworks for IoT devices require additional high-performance devices. At the same time, the emerging “mining” malware and other attack methods that directly plunder the computing resources of the device have not received attention. In response to the above problems, this paper designs and implements a smart home security analysis system. Our experiments show that the system can effectively detect and defend against contactless attacks that smart homes may suffer, and has a small impact on home network performance. The system can better solve the contradiction between smart home network security requirements and device performance limitations.

Abasi-amefon Obot Affia,Hilary Finch,Woosub Jung,Issah Abubakari Samori,Lucas Potter,Xavier-Lewis Palmer

DOI: https://doi.org/10.3390/iot4020009

2023-05-25

IoT

Abstract:The concept of the Internet of Things (IoT) spans decades, and the same can be said for its inclusion in healthcare. The IoT is an attractive target in medicine; it offers considerable potential in expanding care. However, the application of the IoT in healthcare is fraught with an array of challenges, and also, through it, numerous vulnerabilities that translate to wider attack surfaces and deeper degrees of damage possible to both consumers and their confidence within health systems, as a result of patient-specific data being available to access. Further, when IoT health devices (IoTHDs) are developed, a diverse range of attacks are possible. To understand the risks in this new landscape, it is important to understand the architecture of IoTHDs, operations, and the social dynamics that may govern their interactions. This paper aims to document and create a map regarding IoTHDs, lay the groundwork for better understanding security risks in emerging IoTHD modalities through a multi-layer approach, and suggest means for improved governance and interaction. We also discuss technological innovations expected to set the stage for novel exploits leading into the middle and latter parts of the 21st century.

Jiajia Liu,Wen Sun

DOI: https://doi.org/10.1109/mcom.2016.1600553cm

IF: 9.03

2016-01-01

IEEE Communications Magazine

Abstract:The people-centric Internet of Things, as an essential part of the general IoT ecosystem, relies heavily on intelligent wearables to control and actuate the ambient/remote “things” according to the sensed information or collected instruction from the specific person. Intelligent wearables, although becoming increasingly prevalent and pervasive, are vulnerable to various cyber-attacks due to their intrinsic characteristics, which consequently brings up unprecedented security challenges in terms of privacy leakage, financial loss, and even malicious invasion of other connected IoT components and applications. Therefore, it is of great necessity to keep intelligent wearables reliable and trustworthy before being able to secure the core parts of IoT. Toward this end, we provide in this article a survey of available attack methodologies on intelligent wearables as well as the corresponding countermeasures, from the perspectives of data integrity, authenticity, and privacy.

Xing Liu,Cheng Qian,William Grant Hatcher,Hansong Xu,Weixian Liao,Wei Yu

DOI: https://doi.org/10.1109/access.2019.2920763

IF: 3.9

2019-01-01

IEEE Access

Abstract:The widespread adoption of the Internet of Things (IoT) technologies has drastically increased the breadth and depth of attack surfaces in networked systems, providing new mechanisms for the intrusion. In the context of smart-world critical infrastructures and cyber-physical systems, the rapid adoption of the IoT systems and infrastructures without thorough consideration for the risks and vulnerabilities has the potential for catastrophic damage to the privacy, safety, and security of individuals and corporations. While the IoT systems have the potential to increase productivity, accountability, traceability, and efficiency, their potential weaknesses are also more abundant. In this paper, we provide critical consideration of the security of the IoT systems as applied to smart-world critical infrastructures. Particularly, we carry out a detailed assessment of vulnerabilities in IoT-based critical infrastructures from the perspectives of applications, networking, operating systems, software, firmware, and hardware. In addition, we highlight the three key critical infrastructure IoT-based cyber-physical systems, namely the smart transportation, smart manufacturing, and smart grid. Moreover, we provide a broad collection of attack examples upon each of the key applications. Furthermore, we introduce a case study, in which we assess the impacts of potential attacks on critical IoT-based systems, using the smart transportation system as an example. Finally, we provide a set of best practices and address the necessary steps to enact countermeasures for any generic IoT-based critical infrastructure system.

Miao Yu,Jianwei Zhuge,Ming Cao,Zhiwei Shi,Lin Jiang

DOI: https://doi.org/10.3390/fi12020027

2020-01-01

Future Internet

Abstract:With the prosperity of the Internet of Things (IoT) industry environment, the variety and quantity of IoT devices have grown rapidly. IoT devices have been widely used in smart homes, smart wear, smart manufacturing, smart cars, smart medical care, and many other life-related fields. With it, security vulnerabilities of IoT devices are emerging endlessly. The proliferation of security vulnerabilities will bring severe risks to users’ privacy and property. This paper first describes the research background, including IoT architecture, device components, and attack surfaces. We review state-of-the-art research on IoT device vulnerability discovery, detection, mitigation, and other related works. Then, we point out the current challenges and opportunities by evaluation. Finally, we forecast and discuss the research directions on vulnerability analysis techniques of IoT devices.

Youakim Badr,Xiaoyang Zhu,Mansour Naser Alraja

DOI: https://doi.org/10.1007/s11761-021-00327-z

2021-10-01

Service Oriented Computing and Applications

Abstract:In the past few years, the Internet of Things (IoT) has emerged, grown and gradually affected the daily lives of human beings in many new application domains, ranging from wearable devices, smart manufacturing, to smart homes and ambient intelligence just to mention a few. However, realizing the full potential of IoT while ensuring user security and privacy remains an open research challenge. Existing security solutions and techniques are mainly conceived for centralized and distributed information systems and are not directly applicable to IoT-based systems. In fact, IoT systems have unconventional characteristics such as intermittent connectivity, high scalability, dynamic changes and limited resources and thus require a paradigm shift to develop innovative security and privacy solutions. In this survey, we firstly give an overview of security and privacy in IoT. After defining the context of IoT systems, we identify four main characteristics, which imply unprecedented threats and challenges to existing security solutions and techniques. From the perspective of these characteristics and IoT security requirements, we identify and elaborate specific threats and challenges related to the radio-frequency identification (RFID), wireless sensor networks (WSNs) and mobile delay tolerant networks (MDTNs), which are building blocks in many IoT-based systems. In addition, we discuss potential countermeasures to handle IoT threats and challenges.

Kevin Fu,Tadayoshi Kohno,Daniel Lopresti,Elizabeth Mynatt,Klara Nahrstedt,Shwetak Patel,Debra Richardson,Ben Zorn

DOI: https://doi.org/10.48550/arXiv.2008.00017

2020-08-01

Abstract:The Internet of Things (IoT) is already transforming industries, cities, and homes. The economic value of this transformation across all industries is estimated to be trillions of dollars and the societal impact on energy efficiency, health, and productivity are enormous. Alongside potential benefits of interconnected smart devices comes increased risk and potential for abuse when embedding sensing and intelligence into every device. One of the core problems with the increasing number of IoT devices is the increased complexity that is required to operate them safely and securely. This increased complexity creates new safety, security, privacy, and usability challenges far beyond the difficult challenges individuals face just securing a single device. We highlight some of the negative trends that smart devices and collections of devices cause and we argue that issues related to security, physical safety, privacy, and usability are tightly interconnected and solutions that address all four simultaneously are needed. Tight safety and security standards for individual devices based on existing technology are needed. Likewise research that determines the best way for individuals to confidently manage collections of devices must guide the future deployments of such systems.

Computers and Society,Cryptography and Security

Yas Vaseghi,Behnaz Behara,Mehdi Delrobaei

2023-12-13

Abstract:The Internet of Medical Things (IoMT) offers a promising solution to improve patient health and reduce human error. Wearable smart infusion pumps that accurately administer medication and integrate with electronic health records are an example of technology that can improve healthcare. They can even alert healthcare professionals or remote servers during operational failure, preventing distressing incidents. However, as the number of connected medical devices increases, the risk of cyber threats also increases. Wearable medication devices based on IoT attached to patients' bodies are prone to significant cyber threats. Being connected to the Internet exposes these devices to potential harm, which could disrupt or degrade device performance and harm patients. To ensure patient safety and well-being, it is crucial to establish secure data authentication for internet-connected medical devices. It is also important to note that the wearability option of such devices might downgrade the computational resources, making them more susceptible to security risks. This paper implements a security approach to a wearable infusion pump. We discuss practical challenges in implementing security-enabled devices and propose initial solutions to mitigate cyber threats.

Cryptography and Security,Systems and Control

Shui Yu,Guojun Wang,Xiting Liu,Jianwei Niu

DOI: https://doi.org/10.1109/mcom.2018.1701204

IF: 9.03

2018-01-01

IEEE Communications Magazine

Abstract:Pervasively implemented IoT systems are introducing unprecedented threats to our society. In this article, aiming to explore the security impact from the emerging and anarchistic IoT systems, we survey the state of the art of the security and privacy issues in the smart IoT world from a networking perspective. We predict that IoT systems will be extensively used by hackers to commit malicious actions given the features of IoT devices and systems. We also discuss the privacy issue caused by IoT systems. Finally, we present our understanding of counterattacks from both the application and theoretical aspects. We hope this article will shed light on the research field for interested readers.

LI Yuan-yuan,BI Xiao-dong,ZHANG Yong-sheng,HAN Bei-bei

DOI: https://doi.org/10.3969/j.issn.1673-629X.2011.12.040

2011-01-01

Abstract:Compared with traditional Internet,Internet of Things(IoT)has higher security needs.In the context of IoT,the basic management work will be handled by intelligent device software,so that people are free from redious low-level management,pouring more human and material resources into research of new technologies,resulting in huge economic and social benefits.However,once IoT is at stake or attacked,the loss will be immeasurable.Security is the premise of rapid development of IoT.On the basis of concept,structure and technology framework of IoT,analyzed characteristics on IoT.Aiming at the characteristics of levels on IoT,analyzed the safety problems of perception layer,network layer and application layer,put forward relevant countermeasures for different security problems.

Zhiqiang Wang,Pingchuan Ma,Xiaoxiang Zou,Jianyi Zhang,Tao Yang

DOI: https://doi.org/10.1109/infocomwkshps50562.2020.9162769

2020-07-01

Abstract:Recent years have witnessed a boom of connected medical devices, which brings security issues in the meantime. Medical imaging devices, an essential part of medical cyber-physical systems, play a vital role in modern hospitals and are often life-critical. However, security and privacy issues in these medical cyber-physical systems are sometimes ignored. We perform an empirical study on imaging devices to analyse the security of medical cyber-physical systems. To be precise, we design a threat model and propose prospective attack techniques for medical imaging devices. To tackle potential cyber threats, we introduce protection mechanisms, evaluate the effectiveness and efficiency of protection mechanisms as well as its interplay with attack techniques. To scoring security, we design a hierarchical system that provides actionable suggestions for imaging devices in different scenarios. We investigate 15 devices from 9 manufacturers to demonstrate empirical comprehension and real-world security issues.

Shengling Wang,Rongfang Bie,Feng Zhao,Nan Zhang,Xiuzhen Cheng,Hyeong-Ah Choi

DOI: https://doi.org/10.1109/mnet.2016.7579028

IF: 10.294

2016-01-01

IEEE Network

Abstract:Wearable computing has great potential to revolutionize the future of everyday lives. Nonetheless, communications among wearable devices may lead to significant security concerns, given that wearable devices often capture sensitive personal information and may have to operate in hostile environments. In this article, we systematically study the security issues in wearable communications. Specifically, we start with an overview of security concerns for typical wearable applications. Then we review the state-of-the-art research and state-of-the-practice development for security in wearable computing in both industry and academia. At last, we propose a layered adaptive security architecture, with the aim of preventing adversaries from "breaking through" all layers of security by simply compromising one particular security measure, and discuss possible mechanisms to enhance the security of each layer.

Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

2018-01-01

Abstract:Smart home connects tens of home devices into the Internet, running a smart algorithm in the cloud that sends remote commands to the devices. While bringing unprecedented convenience, accessibility, and efficiency, it also introduces safety hazards to users. Prior research studied smart home security from various aspects. However, we found that the complexity of the interactions among the participating entities (device, IoT cloud, and mobile app) has not yet been systematically investigated. In this work, we conducted an in-depth analysis to four widely used smart home solutions. Combining firmware reverse-engineering, network traffic interception, and black-box testing, we distill the general state transitions representing the complex interactions among the three entities. Based on the state machine, we reveal several vulnerabilities that lead to unexpected state transitions. While these minor security flaws appear to be irrelevant, we show that combining them in a surprising way poses serious security or privacy hazards to smart home users. To this end, five concrete attacks are constructed and illustrated. We also discuss the implications of the disclosed attacks in the context of business competition. Finally, we propose some general design suggestions for building a more secure smart home solution.

Simon Liebl,Leah Lathrop,Ulrich Raithel,Matthias Söllner,Andreas Aßmuth

DOI: https://doi.org/10.48550/arXiv.2405.16314

2024-05-26

Abstract:As part of the Internet of Things, industrial devices are now also connected to cloud services. However, the connection to the Internet increases the risks for Industrial Control Systems. Therefore, a threat analysis is essential for these devices. In this paper, we examine Industrial Internet of Things devices, identify and rank different sources of threats and describe common threats and vulnerabilities. Finally, we recommend a procedure to carry out a threat analysis on these devices.

Cryptography and Security

Kejun Chen,Shuai Zhang,Zhikun Li,Yi Zhang,Qingxu Deng,Sandip Ray,Yier Jin

DOI: https://doi.org/10.1007/s41635-017-0029-7

2018-01-01

Journal of Hardware and Systems Security

Abstract:Recent years have seen rapid development and deployment of Internet-of-Things (IoT) applications in a diversity of application domains. This has resulted in creation of new applications (e.g., vehicle networking, smart grid, and wearables) as well as advancement, consolidation, and transformation of various traditional domains (e.g., medical and automotive). One upshot of this scale and diversity of applications is the emergence of new and critical threats to security and privacy: it is getting increasingly easier for an adversary to break into an application, make it unusable, or steal sensitive information and data. This paper provides a summary of IoT security attacks and develops a taxonomy and classification based on the application domain and underlying system architecture. We also discuss some key characteristics of IoT that make it difficult to develop robust security architectures for IoT applications.

Abhishek Raghuvanshi,Umesh Kumar Singh,Thanwamas Kassanuk,Khongdet Phasinam

DOI: https://doi.org/10.1149/10701.15043ecst

2022-04-24

ECS Transactions

Abstract:People's lives will be transformed by the Internet of Things (IoT), which connects everything from smart phones and sensors to the cloud to mobile apps and web-based controls. Security concerns are on the rise as the number of heterogeneous devices and data processing grows. Most IoT apps and devices are also well-known for their security flaws, making them vulnerable to many forms of attacks. To further complicate matters, threats have variable consequences on the device's security and quality. Unfortunately, enterprises are having difficulty determining which risks they face from their data assets and how to mitigate them. To better identify IoT security risks, this article has built a taxonomy based on the application domain and the design of the architecture. Servers, clients, IoT development boards, sensors, cloud subscriptions, and other components all play a role in this test setup. Vulnerability and network host scanning technologies are used to obtain raw data relevant to IoT-based smart city projects. This article also includes a mitigation approach for IoT network flaws.

Shengbao Wang,Xin Zhou,Kang Wen,Bosen Weng,Peng Zeng

DOI: https://doi.org/10.1109/jiot.2022.3228921

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Very recently, Masud et al. (2022) proposed a lightweight and anonymity-preserving user authentication scheme to establish secure communication between the doctor, the gateway, and sensor nodes in IoT-based healthcare, aiming to ensure the privacy of the patients’ physiological data. In this article, however, we carefully revisit their scheme and first point out that the scheme is not practically implementable in its current form, and second we show that it is vulnerable to session key disclosure attacks, off-line password guessing attacks, and traceability attacks, under the assumption that the attacker can gain access to the sensor nodes and the doctor’s device. We also propose fixes for each of these issues or vulnerabilities.

Wei Wang,Lin Yang,Qian Zhang,Tao Jiang

DOI: https://doi.org/10.48550/arXiv.1801.09224

2018-01-28

Abstract:On-body devices are an intrinsic part of the Internet-of-Things (IoT) vision to provide human-centric services. These on-body IoT devices are largely embedded devices that lack a sophisticated user interface to facilitate traditional Pre-Shared Key based security protocols. Motivated by this real-world security vulnerability, this paper proposes SecureTag, a system designed to add defense in depth against active attacks by integrating physical layer (PHY) information with upper-layer protocols. The underpinning of SecureTag is a signal processing technique that extracts the peculiar propagation characteristics of creeping waves to discern on-body devices. Upon overhearing a suspicious transmission, SecureTag initiates a PHY-based challenge-response protocol to mitigate attacks. We implement our system on different commercial off-the-shelf (COTS) wearables and a smartphone. Extensive experiments are conducted in a lab, apartments, malls, and outdoor areas, involving 12 volunteer subjects of different age groups, to demonstrate the robustness of our system. Results show that our system can mitigate 96.13% of active attack attempts while triggering false alarms on merely 5.64% of legitimate traffic.

Networking and Internet Architecture