Loading...
8 results
Search Results
Now showing 1 - 8 of 8
- Security Challenges of the Internet of ThingsPublication . Samaila, Musa Gwani; Neto, Miguel; Fernandes, Diogo A. B.; Freire, Mario; Inácio, Pedro R. M.The Internet of Things (IoT) is an environment in which ordinary and complex consumer products, buildings, bridges, animals or even people, etc. are embedded with sensors, equipped with a variety of communication technologies and given unique identifiers that can enable them connect to the Internet. This allows them to talk to each other, collect data and transfer data over the Internet. IoT has the potential to enhance the way we do things by increasing productivity and efficiency. It also has the prospects of delivering significant business benefits. Nonetheless, implementing secure communication in the IoT and integrating security mechanisms into some of its devices have been a major impediment to its progress, resulting in many privacy concerns. Although IoT is a hybrid network of the Internet, many security solutions for the Internet cannot be directly used on the resource-constrained devices of the IoT, hence the need for new security solutions. In this chapter, we discuss the security challenges of the IoT. First, we discuss some basic concepts of security and security requirements in the context of IoT. We then consider fundamental security issues in the IoT and thereafter highlight the security issues that need immediate attention.
- Security Threats and Possible Countermeasures in Applications Covering Different Industry DomainsPublication . Samaila, Musa Gwani; Sequeiros, João B. F.; Freire, Mario; Inácio, Pedro R. M.The world is witnessing the emerging role of Internet of Things (IoT) as a technology that is transforming different industries, global community and its economy. Currently, a plethora of interconnected smart devices have been deployed for diverse pervasive applications and services, and billions more are expected to be connected to the Internet in the near future. The potential benefits of IoT include improved quality of life, convenience, enhanced energy efficiency, and more productivity. Alongside these potential benefits, however, come increased security risks and potential for abuse. Arguably, this is partly because many IoT start-ups and electronics hobbyists lack security expertise, and some established companies do not make security a priority in their designs, and hence they produce IoT devices that are often ill-equipped in terms of security. In this paper, we discuss different IoT application areas, and identify security threats in IoT architecture. We consider security requirements and present typical security threats for each of the application domains. Finally, we present several possible security countermeasures, and introduce the IoT Hardware Platform Security Advisor (IoT-HarPSecA) framework, which is still under development. IoT-HarPSecA is aimed at facilitating the design and prototyping of secure IoT devices.
- Challenges of Securing Internet of Things DevicesPublication . Samaila, Musa Gwani; Neto, Miguel; Fernandes, Diogo A. B.; Freire, Mario; Inácio, Pedro R. M.The current vision of the Internet of Things (IoT) is to ensure that everything from everywhere is connected to the Internet at all times using Internet Protocol (IP). This idea has the potential of making homes, cities, electric grids, among others, safer, more efficient, and easier to manage. Nevertheless, a number of obstacles still remain to fully realize the IoT vision, with security and privacy among the most critical. Ensuring security and privacy in the IoT is particularly complicated, especially for the resource-constrained devices due to finite energy supply and low computing power. These factors are typically at odds with most of the existing security protocols and schemes proposed for the IoT because of the intensive computational nature of the cryptographic algorithms involved. This paper performs an extensive comparison of previous surveys on the subject, and shows its novelty with respect to the previous work. It describes 9 application domains and presents, in detail, security requirements, system models, threat models along with protocols and technologies for those 9 application areas. The survey also performs an exhaustive examination of some existing mechanisms and approaches proposed in the literature for ensuring security and privacy of IoT devices. Finally, it outlines some open research issues associated with IoT security.
- Internet of Things Hardware Platform Security AdvisorPublication . Samaila, Musa Gwani; Inácio, Pedro Ricardo MoraisThe term Internet of Things (IoT) describes an ever-growing ecosystem of physical objects or things interconnected with each other and connected to the Internet. IoT devices consist of a wide range of highly heterogeneous inanimate and animate objects. Thus, a thing in the context of the IoT can even mean a person with blood pressure or heart rate monitor implant or a pet with a biochip transponder. IoT devices range from ordinary household appliances, such as smart light bulbs or smart coffee makers, to sophisticated tools for industrial automation. IoT is currently leading a revolutionary change in many industries and, as a result, a lot of industries and organizations are adopting the paradigm to gain a competitive edge. This allows them to boost operational efficiency and optimize system performance through real-time data management, which results in an optimized balance between energy usage and throughput. Another important application area is the Industrial Internet of Things (IIoT), which is the application of the IoT in industrial settings. This is also referred to as the Industrial Internet or Industry 4.0, where Cyber- Physical Systems (CPS) are interconnected using various technologies to achieve wireless control as well as advanced manufacturing and factory automation. IoT applications are becoming increasingly prevalent across many application domains, including smart healthcare, smart cities, smart grids, smart farming, and smart supply chain management. Similarly, IoT is currently transforming the way people live and work, and hence the demand for smart consumer products among people is also increasing steadily. Thus, many big industry giants, as well as startup companies, are competing to dominate the market with their new IoT products and services, and hence unlocking the business value of IoT. Despite its increasing popularity, potential benefits, and proven capabilities, IoT is still in its infancy and fraught with challenges. The technology is faced with many challenges, including connectivity issues, compatibility/interoperability between devices and systems, lack of standardization, management of the huge amounts of data, and lack of tools for forensic investigations. However, the state of insecurity and privacy concerns in the IoT are arguably among the key factors restraining the universal adoption of the technology. Consequently, many recent research studies reveal that there are security and privacy issues associated with the design and implementation of several IoT devices and Smart Applications (smart apps). This can be attributed, partly, to the fact that as some IoT device makers and smart apps development companies (especially the start-ups) reap business value from the huge IoT market, they tend to neglect the importance of security. As a result, many IoT devices and smart apps are created with security vulnerabilities, which have resulted in many IoT related security breaches in recent years. This thesis is focused on addressing the security and privacy challenges that were briefly highlighted in the previous paragraph. Given that the Internet is not a secure environ ment even for the traditional computer systems makes IoT systems even less secure due to the inherent constraints associated with many IoT devices. These constraints, which are mainly imposed by cost since many IoT edge devices are expected to be inexpensive and disposable, include limited energy resources, limited computational and storage capabilities, as well as lossy networks due to the much lower hardware performance compared to conventional computers. While there are many security and privacy issues in the IoT today, arguably a root cause of such issues is that many start-up IoT device manufacturers and smart apps development companies do not adhere to the concept of security by design. Consequently, some of these companies produce IoT devices and smart apps with security vulnerabilities. In recent years, attackers have exploited different security vulnerabilities in IoT infrastructures which have caused several data breaches and other security and privacy incidents involving IoT devices and smart apps. These have attracted significant attention from the research community in both academia and industry, resulting in a surge of proposals put forward by many researchers. Although research approaches and findings may vary across different research studies, the consensus is that a fundamental prerequisite for addressing IoT security and privacy challenges is to build security and privacy protection into IoT devices and smart apps from the very beginning. To this end, this thesis investigates how to bake security and privacy into IoT systems from the onset, and as its main objective, this thesis particularly focuses on providing a solution that can foster the design and development of secure IoT devices and smart apps, namely the IoT Hardware Platform Security Advisor (IoT-HarPSecA) framework. The security framework is expected to provide support to designers and developers in IoT start-up companies during the design and implementation of IoT systems. IoT-HarPSecA framework is also expected to facilitate the implementation of security in existing IoT systems. To accomplish the previously mentioned objective as well as to affirm the aforementioned assertion, the following step-by-step problem-solving approach is followed. The first step is an exhaustive survey of different aspects of IoT security and privacy, including security requirements in IoT architecture, security threats in IoT architecture, IoT application domains and their associated cyber assets, the complexity of IoT vulnerabilities, and some possible IoT security and privacy countermeasures; and the survey wraps up with a brief overview of IoT hardware development platforms. The next steps are the identification of many challenges and issues associated with the IoT, which narrowed down to the abovementioned fundamental security/privacy issue; followed by a study of different aspects of security implementation in the IoT. The remaining steps are the framework design thinking process, framework design and implementation, and finally, framework performance evaluation. IoT-HarPSecA offers three functionality features, namely security requirement elicitation security best practice guidelines for secure development, and above all, a feature that recommends specific Lightweight Cryptographic Algorithms (LWCAs) for both software and hardware implementations. Accordingly, IoT-HarPSecA is composed of three main components, namely Security Requirements Elicitation (SRE) component, Security Best Practice Guidelines (SBPG) component, and Lightweight Cryptographic Algorithms Recommendation (LWCAR) component, each of them servicing one of the aforementioned features. The author has implemented a command-line tool in C++ to serve as an interface between users and the security framework. This thesis presents a detailed description, design, and implementation of the SRE, SBPG, and LWCAR components of the security framework. It also presents real-world practical scenarios that show how IoT-HarPSecA can be used to elicit security requirements, generate security best practices, and recommend appropriate LWCAs based on user inputs. Furthermore, the thesis presents performance evaluation of the SRE, SBPG, and LWCAR components framework tools, which shows that IoT-HarPSecA can serve as a roadmap for secure IoT development.
- A Tutorial Introduction to IoT Design and Prototyping with ExamplesPublication . Meruje, Manuel; Samaila, Musa Gwani; Franqueira, Virginia; Freire, Mario; Inácio, Pedro R. M.The dramatic drop in the price of computing hardware, coupled with the recent breakthroughs in embedded systems design that enabled the integration of high-level software and low-level electronics, have created a paradigm shift in embedded systems development. This has led to the development of different varieties of user-friendly Internet of Things (IoT) hardware development platforms for IoT prototyping. The ubiquity of such prototyping platforms has undoubtedly contributed towards the explosive growth of the IoT, which is already seeping into all areas of human endeavor, including transportation, logistics, business, and healthcare. Building IoT projects that can be controlled over the Internet can be challenging, especially for beginners. This chapter discusses the design and development of prototypes for IoT applications with focus on Arduino and Raspberry Pi platforms. The aim is to provide insightful information on best practices for designing and prototyping IoT projects, as well as to serve as step-by-step guidelines for beginners.
- IoT Hardware Development Platforms: Past, Present, and FuturePublication . Samaila, Musa Gwani; Sequeiros, João B. F.; Correia, Acácio; Freire, Mario; Inácio, Pedro R. M.An Internet of Things (IoT) hardware development platform refers to a self-contained module of interconnected electronic components that include microcontrollers, wireless radio chips, memory and input/output interfaces for prototyping and large-scale production of IoT devices. Competition among different vendors is a major driving force for improved performance in the IoT hardware industry, resulting in the creation of diverse IoT hardware development platforms. Although IoT has been really hyped up recently, there is limited amount of work in the literature on IoT hardware development platforms. This chapter examines several IoT hardware development platforms that were released in the past, those that are recently launched on the market, and those that will be released in the near future. It focuses specifically on some essential attributes of the hardware development platforms that include processing speed, memory capacity, battery life, and security features.
- A Quick Perspective on the Current State of IoT SecurityPublication . Samaila, Musa Gwani; Sequeiros, João B. F.; Correia, Acácio; Freire, Mario; Inácio, Pedro R. M.An Internet of Things (IoT) hardware development platform refers to a self-contained module of interconnected electronic components that include microcontrollers, wireless radio chips, memory and input/output interfaces for prototyping and large-scale production of IoT devices. Competition among different vendors is a major driving force for improved performance in the IoT hardware industry, resulting in the creation of diverse IoT hardware development platforms. Although IoT has been really hyped up recently, there is limited amount of work in the literature on IoT hardware development platforms. This chapter examines several IoT hardware development platforms that were released in the past, those that are recently launched on the market, and those that will be released in the near future. It focuses specifically on some essential attributes of the hardware development platforms that include processing speed, memory capacity, battery life, and security features.
- IoT-HarPSecA: A Framework for Facilitating the Design and Development of Secure IoT DevicesPublication . Samaila, Musa Gwani; Sequeiros, João B. F.; Freire, Mario; Inácio, Pedro R. M.devices and applications in recent years can be attributed partly to the emergence of several new IoT startup companies and potential applications. While many of these startups offer significant innovations in the IoT, some of them lack security expertise, resulting in the development of ill-equipped IoT devices and applications in terms of security. For example, one of the fundamental problems faced by non-security experts in the IoT space is how to select the right Lightweight Cryptographic Algorithm (LWCA) for a given security requirement. To address this specific problem, an IoT Hardware Platform Security Advisor (IoT-HarPSecA) framework is proposed in this paper. The security framework is aimed at facilitating the choice of specific security algorithms given a set of security goals, hardware specifications, message payload size, application area, and energy requirement. Within the scope of this framework, we develop an easy-to-use tool in C++ that allows users to interact with the IoT-HarPSecA framework. The tool can potentially help non-security experts, such as electronics and computer engineers as well as application developers make informed decisions on selecting the appropriate security algorithms for their various applications. Finally, the paper presents some preliminary results and discussion.