Information Security Commons^™

Examination Of Traditional Botnet Detection On Iot-Based Bots, Ashley Woodiss-Field, Michael N. Johnstone, Paul Haskell-Dowland

Research outputs 2022 to 2026

A botnet is a collection of Internet-connected computers that have been suborned and are controlled externally for malicious purposes. Concomitant with the growth of the Internet of Things (IoT), botnets have been expanding to use IoT devices as their attack vectors. IoT devices utilise specific protocols and network topologies distinct from conventional computers that may render detection techniques ineffective on compromised IoT devices. This paper describes experiments involving the acquisition of several traditional botnet detection techniques, BotMiner, BotProbe, and BotHunter, to evaluate their capabilities when applied to IoT-based botnets. Multiple simulation environments, using internally developed network traffic generation software, were …

Secure Authentication Scheme Based On Numerical Series Cryptography For Internet Of Things, Dr Khaled Nagaty, Maha Aladin, Abeer Hamdy Dr.

Computer Science

The rapid advancement of cellular networks and wireless networks has laid a solid basis for the Internet of Things. IoT has evolved into a unique standard that allows diverse physical devices to collaborate with one another. A service provider gives a variety of services that may be accessed via smart apps anywhere, at any time, and from any location over the Internet. Because of the public environment of mobile communication and the Internet, these services are highly vulnerable to a several malicious attacks, such as unauthorized disclosure by hostile attackers. As a result, the best option for overcoming these vulnerabilities …

Vpsl: Verifiable Privacy-Preserving Data Search For Cloud-Assisted Internet Of Things, Qiuyun Tong, Yinbin Miao, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng

Research Collection School Of Computing and Information Systems

Cloud-assisted Internet of Things (IoT) is increasingly prevalent used in various fields, such as the healthcare system. While in such a scenario, sensitive data (e.g., personal electronic medical records) can be easily revealed, which incurs potential security challenges. Thus, Symmetric Searchable Encryption (SSE) has been extensively studied due to its capability of supporting efficient search on encrypted data. However, most SSE schemes require the data owner to share the complete key with query users and take malicious cloud servers out of consideration. Seeking to address these limitations, in this paper we propose a Verifiable Privacy-preserving data Search scheme with Limited …

Using Blockchain To Improve Security Of The Internet Of Things, Joshua W. Quist

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

The Internet of Things has increased in popularity in recent years, with daily life now being surrounded by “smart devices.” This network of smart devices, such as thermostats, refrigerators, and even stationary bikes affords us convenience, but at a cost. Security measures are typically inferior on these devices; considering that they collect our data around the clock, this is a big reason for concern. Recent research shows that blockchain technology may be one way to address these security concerns. This paper discusses the Internet of Things and the current issues with how security is handled, discusses how blockchain can shore …

Healthcare 5.0 Security Framework: Applications, Issues And Future Research Directions, Mohammad Wazid, Ashok Kumar Das, Noor Mohd, Youngho Park

VMASC Publications

Healthcare 5.0 is a system that can be deployed to provide various healthcare services. It does these services by utilising a new generation of information technologies, such as Internet of Things (IoT), Artificial Intelligence (AI), Big data analytics, blockchain and cloud computing. Due to the introduction of healthcare 5.0, the paradigm has been now changed. It is disease-centered to patient-centered care where it provides healthcare services and supports to the people. However, there are several security issues and challenges in healthcare 5.0 which may cause the leakage or alteration of sensitive healthcare data. This demands that we need a robust …

A Blockchain-Based Self-Tallying Voting Protocol In Decentralized Iot, Yannan Li, Willy Susilo, Guomin Yang, Yong Yu, Dongxi Liu, Xiaojiang Du, Mohsen Guizani

Research Collection School Of Computing and Information Systems

The Internet of Things (IoT) is experiencing explosive growth and has gained extensive attention from academia and industry in recent years. However, most of the existing IoT infrastructures are centralized, which may cause the issues of unscalability and single-point-of-failure. Consequently, decentralized IoT has been proposed by taking advantage of the emerging technology called blockchain. Voting systems are widely adopted in IoT, for example a leader election in wireless sensor networks. Self-tallying voting systems are alternatives to unsuitable, traditional centralized voting systems in decentralized IoT. Unfortunately, self-tallying voting systems inherently suffer from fairness issues, such as adaptive and abortive issues caused …

Moonshine: An Online Randomness Distiller For Zero-Involvement Authentication, Jack West, Kyuin Lee, Suman Banerjee, Younghyun Kim, George K. Thiruvathukal, Neil Klingensmith

Computer Science: Faculty Publications and Other Works

Context-based authentication is a method for transparently validating another device's legitimacy to join a network based on location. Devices can pair with one another by continuously harvesting environmental noise to generate a random key with no user involvement. However, there are gaps in our understanding of the theoretical limitations of environmental noise harvesting, making it difficult for researchers to build efficient algorithms for sampling environmental noise and distilling keys from that noise. This work explores the information-theoretic capacity of context-based authentication mechanisms to generate random bit strings from environmental noise sources with known properties. Using only mild assumptions about the …

Trust Models And Risk In The Internet Of Things, Jeffrey Hemmes

Regis University Faculty Publications

The Internet of Things (IoT) is envisaged to be a large-scale, massively heterogeneous ecosystem of devices with varying purposes and capabilities. While architectures and frameworks have focused on functionality and performance, security is a critical aspect that must be integrated into system design. This work proposes a method of risk assessment of devices using both trust models and static capability profiles to determine the level of risk each device poses. By combining the concepts of trust and secure device fingerprinting, security mechanisms can be more efficiently allocated across networked IoT devices. Simultaneously, devices can be allowed a greater degree of …

A Review Of Security Standards And Frameworks For Iot-Based Smart Environments, Nickson M. Karie, Nor Masri Sahri, Wencheng Yang, Craig Valli, Victor R. Kebande

Research outputs 2014 to 2021

Assessing the security of IoT-based smart environments such as smart homes and smart cities is becoming fundamentally essential to implementing the correct control measures and effectively reducing security threats and risks brought about by deploying IoT-based smart technologies. The problem, however, is in finding security standards and assessment frameworks that best meets the security requirements as well as comprehensively assesses and exposes the security posture of IoT-based smart environments. To explore this gap, this paper presents a review of existing security standards and assessment frameworks which also includes several NIST special publications on security techniques highlighting their primary areas of …

Improving A Wireless Localization System Via Machine Learning Techniques And Security Protocols, Zachary Yorio

Masters Theses, 2020-current

The recent advancements made in Internet of Things (IoT) devices have brought forth new opportunities for technologies and systems to be integrated into our everyday life. In this work, we investigate how edge nodes can effectively utilize 802.11 wireless beacon frames being broadcast from pre-existing access points in a building to achieve room-level localization. We explain the needed hardware and software for this system and demonstrate a proof of concept with experimental data analysis. Improvements to localization accuracy are shown via machine learning by implementing the random forest algorithm. Using this algorithm, historical data can train the model and make …

Toward A Sustainable Cybersecurity Ecosystem, Shahrin Sadik, Mohiuddin Ahmed, Leslie F. Sikos, A.K.M. Najmul Islam

Research outputs 2014 to 2021

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. Cybersecurity issues constitute a key concern of today’s technology-based economies. Cybersecurity has become a core need for providing a sustainable and safe society to online users in cyberspace. Considering the rapid increase of technological implementations, it has turned into a global necessity in the attempt to adapt security countermeasures, whether direct or indirect, and prevent systems from cyberthreats. Identifying, characterizing, and classifying such threats and their sources is required for a sustainable cyber-ecosystem. This paper focuses on the cybersecurity of smart grids and the emerging trends such as using blockchain in …

Resource Optimization In Support Of Iot Applications, Ihab Ahmed Mohammed

Dissertations

With the rise of the Internet of Things (IoT) and smart communities, managing computation and communication resources required by billions of smart devices becomes a concern. To tackle this problem, we develop algorithms for resource management to ensure better Quality of Service (QoS), safety, and performance. We focus our efforts on three problems.

In the first problem, we studied the strict QoS requirements of applications and differentiated service requirements in different situations of vehicular networks. We propose a generic prioritization and resource management algorithm that can be used to prioritize the processing of received packets in vehicular networks. We formulate …

Lightweight And Privacy-Aware Fine-Grained Access Control For Iot-Oriented Smart Health, Jianfei Sun, Hu Xiong, Ximeng Liu, Yinghui Zhang, Xuyun Nie, Robert H. Deng

Research Collection School Of Computing and Information Systems

With the booming of Internet of Things (IoT), smart health (s-health) is becoming an emerging and attractive paradigm. It can provide an accurate prediction of various diseases and improve the quality of healthcare. Nevertheless, data security and user privacy concerns still remain issues to be addressed. As a high potential and prospective solution to secure IoT-oriented s-health applications, ciphertext policy attribute-based encryption (CP-ABE) schemes raise challenges, such as heavy overhead and attribute privacy of the end users. To resolve these drawbacks, an optimized vector transformation approach is first proposed to efficiently transform the access policy and user attribute set into …

Editing-Enabled Signatures: A New Tool For Editing Authenticated Data, Binanda Sengupta, Yingjiu Li, Yangguang Tian, Robert H. Deng

Research Collection School Of Computing and Information Systems

Data authentication primarily serves as a tool to achieve data integrity and source authentication. However, traditional data authentication does not fit well where an intermediate entity (editor) is required to modify the authenticated data provided by the source/data owner before sending the data to other recipients. To ask the data owner for authenticating each modified data can lead to higher communication overhead. In this article, we introduce the notion of editing-enabled signatures where the data owner can choose any set of modification operations applicable on the data and still can restrict any possibly untrusted editor to authenticate the data modified …

Knot Flow Classification And Its Applications In Vehicular Ad-Hoc Networks (Vanet), David Schmidt

Electronic Theses and Dissertations

Intrusion detection systems (IDSs) play a crucial role in the identification and mitigation for attacks on host systems. Of these systems, vehicular ad hoc networks (VANETs) are difficult to protect due to the dynamic nature of their clients and their necessity for constant interaction with their respective cyber-physical systems. Currently, there is a need for a VANET-specific IDS that meets this criterion. To this end, a spline-based intrusion detection system has been pioneered as a solution. By combining clustering with spline-based general linear model classification, this knot flow classification method (KFC) allows for robust intrusion detection to occur. Due its …

Trajectory Privacy Preservation And Lightweight Blockchain Techniques For Mobility-Centric Iot, Abdur Bin Shahid

FIU Electronic Theses and Dissertations

Various research efforts have been undertaken to solve the problem of trajectory privacy preservation in the Internet of Things (IoT) of resource-constrained mobile devices. Most attempts at resolving the problem have focused on the centralized model of IoT, which either impose high delay or fail against a privacy-invading attack with long-term trajectory observation. These proposed solutions also fail to guarantee location privacy for trajectories with both geo-tagged and non-geo-tagged data, since they are designed for geo-tagged trajectories only. While a few blockchain-based techniques have been suggested for preserving trajectory privacy in decentralized model of IoT, they require large storage capacity …

Iot Ignorance Is Digital Forensics Research Bliss: A Survey To Understand Iot Forensics Definitions, Challenges And Future Research Directions, Tina Wu, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Interactions with IoT devices generates vast amounts of personal data that can be used as a source of evidence in digital investigations. Currently, there are many challenges in IoT forensics such as the difficulty in acquiring and analysing IoT data/devices and the lack IoT forensic tools. Besides technical challenges, there are many concepts in IoT forensics that have yet to be explored such as definitions, experience and capability in the analysis of IoT data/devices and current/future challenges. A deeper understanding of these various concepts will help progress the field. To achieve this goal, we conducted a survey which received 70 …

Securing Our Future Homes: Smart Home Security Issues And Solutions, Nicholas Romano

Senior Honors Theses

The Internet of Things, commonly known as IoT, is a new technology transforming businesses, individuals’ daily lives and the operation of entire countries. With more and more devices becoming equipped with IoT technology, smart homes are becoming increasingly popular. The components that make up a smart home are at risk for different types of attacks; therefore, security engineers are developing solutions to current problems and are predicting future types of attacks. This paper will analyze IoT smart home components, explain current security risks, and suggest possible solutions. According to “What is a Smart Home” (n.d.), a smart home is a …

Evaluating Machine Learning Techniques For Smart Home Device Classification, Angelito E. Aragon Jr.

Theses and Dissertations

Smart devices in the Internet of Things (IoT) have transformed the management of personal and industrial spaces. Leveraging inexpensive computing, smart devices enable remote sensing and automated control over a diverse range of processes. Even as IoT devices provide numerous benefits, it is vital that their emerging security implications are studied. IoT device design typically focuses on cost efficiency and time to market, leading to limited built-in encryption, questionable supply chains, and poor data security. In a 2017 report, the United States Government Accountability Office recommended that the Department of Defense investigate the risks IoT devices pose to operations security, …

Iot Forensics Curriculum: Is It A Myth Or Reality?, Bilge Karabacak, Kemal Aydin, Andy Igonor

All Faculty and Staff Scholarship

In this research paper, two questions are answered. The first question is "Should universities invest in the preparation of an IoT forensics curriculum?". The second question is "If the IoT forensics curriculum is worth investing in, what are the basic building steps in the development of an loT forensics curriculum?". To answer those questions, the authors conducted a comprehensive literature review spanning academia, the private sector, and non-profit organizations. The authors also performed semi-structured interviews with two experts from academia and the private sector. The results showed that because of the proliferation of IoT technology and the increasing number of …

Security Analysis Of The Internet Of Things Using Digital Forensic And Penetration Testing Tools, Olajide Ojagbule

Electronic Theses and Dissertations

We exist in a universe where everything is related to the internet or each other like smart TVs, smart telephones, smart thermostat, cars and more. Internet of Things has become one of the most talked about technologies across the world and its applications range from the control of home appliances in a smart home to the control of machines on the production floor of an industry that requires less human intervention in performing basic daily tasks. Internet of Things has rapidly developed without adequate attention given to the security and privacy goals involved in its design and implementation. This document …

Agent-Based Iot Coordination For Smart Cities Considering Security And Privacy, Iván García-Magariño, Geraldine Gray, Rajarajan Muttukrishnan, Waqar Asif

Conference papers

The interest in Internet of Things (IoT) is increasing steeply, and the use of their smart objects and their composite services may become widespread in the next few years increasing the number of smart cities. This technology can benefit from scalable solutions that integrate composite services of multiple-purpose smart objects for the upcoming large-scale use of integrated services in IoT. This work proposes an agent-based approach for supporting large-scale use of IoT for providing complex integrated services. Its novelty relies in the use of distributed blackboards for implicit communications, decentralizing the storage and management of the blackboard information in the …

Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally

Information Science Faculty Publications

One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources (i.e., storage, …

A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt

FIU Electronic Theses and Dissertations

The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages. …

Security And Privacy In Smart Health: Efficient Policy-Hiding Attribute-Based Access Control, Yinghui Zhang, Dong Zheng, Robert H. Deng

Research Collection School Of Computing and Information Systems

With the rapid development of the Internet of Things (IoT) and cloud computing technologies, smart health (s-health) is expected to significantly improve the quality of health care. However, data security and user privacy concerns in s-health have not been adequately addressed. As a well-received solution to realize fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has the potential to ensure data security in s-health. Nevertheless, direct adoption of the traditional CP-ABE in s-health suffers two flaws. For one thing, access policies are in cleartext form and reveal sensitive health-related information in the encrypted s-health records (SHRs). For another, it usually supports …

Forensic State Acquisition From Internet Of Things (Fsaiot): A General Framework And Practical Approach For Iot Forensics Through Iot Device State Acquisition, Christopher S. Meffert, Devon R. Clark, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

IoT device forensics is a difficult problem given that manufactured IoT devices are not standardized, many store little to no historical data, and are always connected; making them extremely volatile. The goal of this paper was to address these challenges by presenting a primary account for a general framework and practical approach we term Forensic State Acquisition from Internet of Things (FSAIoT). We argue that by leveraging the acquisition of the state of IoT devices (e.g. if an IoT lock is open or locked), it becomes possible to paint a clear picture of events that have occurred. To this end, …

Preliminary Analysis Of Cyberterrorism Threats To Internet Of Things (Iot) Applications, Bilge Karabacak, Mobolarinwa Balogun, Hayretdin Bahsi

All Faculty and Staff Scholarship

The era of Internet of Things (IoT) being a combination of various networking and computing technologies already in a state of growth that introduces a new age of data aggregation mechanism and ubiquitous connectivity among physical objects. However, the most of the cyber threats still remain unsolved and may create huge impact on our lives. One of the possible major changes in impact landscape is the imminent physical results of cyber threats as IoT technologies enable closer interactions between humans and information systems. Although the cyber threats to critical infrastructures have been highly considered by the cyber security community, the …

The Convergence Of It And Ot In Critical Infrastructure, Glenn Murray, Michael N. Johnstone, Craig Valli

Australian Information Security Management Conference

Automation and control systems, such as SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems) and are often referred to as Operational Technology (OT). These systems are used to monitor and control critical infrastructures such as power, pipelines, water distribution, sewage systems and production control,). Traditionally, these OT systems have had a degree of physical separation from Information Technology (IT) infrastructures. With changing technologies and a drive towards data-driven and remote operations the two technology environments are starting to converge. With this convergence, what was a relatively standalone secure and isolated environment is now connected and accessible via the …

An Investigation Into Some Security Issues In The Dds Messaging Protocol, Thomas White, Michael N. Johnstone, Matthew Peacock

Australian Information Security Management Conference

The convergence of Operational Technology and Information Technology is driving integration of the Internet of Things and Industrial Control Systems to form the Industrial Internet of Things. Due to the influence of Information Technology, security has become a high priority particularly when implementations expand into critical infrastructure. At present there appears to be minimal research addressing security considerations for industrial systems which implement application layer IoT messaging protocols such as Data Distribution Services (DDS). Simulated IoT devices in a virtual environment using the DDSI-RTPS protocol were used to demonstrate that enumeration of devices is possible by a non-authenticated client in …

Secds: A Secure Epc Discovery Services System In Epcglobal Network, Jie Shi, Darren Sim, Yingjiu Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

In recent years, the Internet of Things (IOT) has drawn considerable attention from the industrial and research communities. Due to the vast amount of data generated through IOT devices and users, there is an urgent need for an effective search engine to help us make sense of this massive amount of data. With this motivation, we begin our initial works on developing a secure and efficient search engine (SecDS) based on EPC Discovery Services (EPCDS) for EPCglobal network, an integral part of IOT. SecDS is designed to provide a bridge between different partners of supply chains to share information while …