editorial - hindawi · 2019. 7. 30. · international journal ofaerospace engineering hindawi...
Post on 27-Feb-2021
13 Views
Preview:
TRANSCRIPT
EditorialSecurity, Privacy, and Trust on Internet of Things
Constantinos Kolias ,1 Weizhi Meng,2 Georgios Kambourakis ,3 and Jiageng Chen4
1Computer Science Department, University of Idaho, USA2Department of Applied Mathematics and Computer Science, Technical University of Denmark, Denmark3Department of Information and Communication Systems Engineering, University of the Aegean, Greece4School of Computer Science, Central China Normal University, China
Correspondence should be addressed to Constantinos Kolias; kolias@uidaho.edu
Received 25 December 2018; Accepted 31 December 2018; Published 3 February 2019
Copyright © 2019 Constantinos Kolias et al. This is an open access article distributed under the Creative Commons AttributionLicense, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properlycited.
1. Introduction
The ability of smart objects to stay connected to the Internetfor purposes of transmitting and receiving data is referredto as the Internet of Things (IoT). As per recent estimates,the number of IoT devices will surpass 50 billion by 2020.Unsurprisingly, this mushrooming of IoT devices has drawnthe attention of attackers who seek to exploit them for theirown benefit, with the Mirai botnet being perhaps the mostprominent example of IoT specific malware [1, 2]. Basically,IoT brings along a plethora of potential security and privacyrisks to the end-users, including the unsanctioned access andabuse of private information, the enabling and strengtheningof assaults against other systems, and the breeding of riskspertaining to personal safeness [3]. Especially, IoT facilitatesthe creation of an assortment of privacy risks to the consumerassociated with the collection of personal and sensitiveinformation, like their preferences, locations, habits, and soon. In the mid- or long-run these pieces of data can be usedto, say, profile or impersonate the user or group of interest.On the other hand, such risks to security, privacy, and trustmay significantly diminish end-user’s confidence in IoT andtherefore impede its full realization.
The feature topic at hand intends to promote the dis-semination of the latest methodologies, solutions, and casestudies pertaining to IoT security, privacy, and trust issues.Its objective is to publish high-quality articles presentingsecurity algorithms, protocols, policies, frameworks, andsolutions for the IoT ecosystem.
The goal of this special issue was to attract high-qualitycontributions from researchers working in the broad area of
security, privacy, and trust for IoT ecosystems, including butnot limited to (a) cloud computing-based security solutionsfor IoT data, (b) mobile service privacy for IoT devices,(c) standardization efforts related to IoT, (d) testbeds andcase studies for IoT, (e) Intrusion detection for IoT, (f) trustmanagement for IoT, and (g) virtualization solutions to IoTsecurity
2. Submissions
This special issue presents high-quality articles describingsecurity and privacy issues, attacks as well as their remediesfor the IoT ecosystems. We received a total of 29 submissionsand, after a rigorous review process, we selected 10 articlescovering the subject from different perspectives, i.e., about30% of all the submitted papers.
In “On the RCCA Security of Hybrid Signcryption forInternet of Things” by H. Dai et al., hybrid signcryptionschemes are lucrative for protecting communications in IoTenvironments. Such schemes achieve multiple cryptographicservices simultaneously but with much lower overhead thanseparate traditional cryptographic schemes. This attributemakes them ideal for resource-constrained environments.Unlike most approaches that verify such security schemesprimarily against Chosen Ciphertext Attacks, this paperproposes verification against Repayable Chosen CiphertextAttacks. Despite being a theoretically weaker security notion,it is “secure enough” for IoT applications and at the same timemuch more efficient.
In “A Hierarchical Matrix Decomposition-Based Sign-cryption without Key-Recovery in Large-Scale WSN” by C.
HindawiWireless Communications and Mobile ComputingVolume 2019, Article ID 6452157, 3 pageshttps://doi.org/10.1155/2019/6452157
2 Wireless Communications and Mobile Computing
Yuan et al., identity-based encryption schemes present a greatpotential for wireless, low resources networks due to theirlower resource requirements. However, such schemes assumethat a central entity, namely, the Private Key Generator(PKG), maintains all private keys; therefore, it can easilyimpersonate any user. The paper proposes a novel signcryp-tion technique based on hierarchical matrix decompositionto generate the keys for cluster head nodes. By limiting thecontrol of central authorities on the private keys it becomespossible to solve the key escrow issue associated with suchschemes.
In “A Blockchain-Based Contractual Routing Protocolfor the Internet of Things Using Smart Contracts” by G.Ramezan and C. Leung, conventional secure routing proto-cols assume a central authority (CA) to facilitate the identi-fication and authentication for each device in the network.Particularly, in the highly heterogeneous IoT environmentsthe lack of a standardized central management system intro-duces the problem of trust. The paper proposes a blockchainbased contractual routing protocol which operates in a fullydistributed manner without requiring any trusted CA. Theintroduced protocolmakes use of the smart contracts conceptto discover a route to a destination or data gateway withinheterogeneous IoT networks.The protocol is proven resistantto both Blackhole and Greyhole attacks.
While in “Shielding IoT against cyber-attacks: An event-based approach using SIEM” by D. D. Lopez et al., dueto the high level of heterogeneity in IoT environmentstraditional security solutions cannot perform ideally. SecurityInformation and Event Management systems seem to be anappealing solution; however, current practices known fromconventional computer networks fail to take into account thepossible correlations between IoT layers and the peculiaritiesof corresponding security events and attack surfaces. Thepaper proposes a custom-tailored security architecture andexplores possible mappings between events, vulnerabilities,and attack surfaces for typical IoT ecosystems.
In “BaDS: Blockchain-Based Architecture for Data Shar-ing with ABS and CP-ABE in IoT” by Y. Zhang et al.,cloud infrastructures are an indispensable component of IoTapplications, yet they may not always be considered as fullytrusted entities. This paper proposes a privacy-preservingand user-controlled data sharing architecture which permitsdetailed access control. The proposed approach is based onthe Blockchain model and smart contracts to ensure thescalability of access control tables.
In “Towards Secure Network Computing Services forLightweight Clients using Blockchain” by Y. Xu et al.,the network-based service sharing paradigm may indi-rectly extend the abilities of the resource-constrained IoTdevices; nevertheless it introduces additional risks sinceuntrusted/unverified code can be loaded from the networkand then be executed even natively. This paper proposes anovel blockchain-based secure service provisioning mech-anism for protecting lightweight IoT devices from mali-cious or insecure services in network computing scenarios.The power of blockchain is primarily leveraged towardsidentifying and verifying the corresponding provider andservice.
In “Security Vulnerabilities and Countermeasures forTime Synchronization in TSCH Networks” by W. Yanget al., numerous IoT applications require that all nodesmust maintain high-precision time synchronization. Suchcommunication systems suffer from time-synchronizationattacks, primarily in single-hop pair-wise synchronizationsituations. The paper examines the security vulnerabilities ofTSCH technology to identify the potential vulnerabilities andattacks. The corresponding security enhancements are alsooutlined and an authentication-based mechanism along witha clock-offset filter is proposed.
In “Towards Smart Healthcare: Patient Data Privacy andSecurity in Sensor-Cloud Infrastructure” by I. Masood et al.,Modern Wireless Body Area Networks (WBANs) systemsextensively rely on cloud computing (CC) technologies toovercome their inherent computational constraints. Suchhybrid infrastructures have been applied in the healthcaredomain with great success, but at the same time, new threatsagainst patient data privacy and security were surfaced. Thispaper surveys the techniques for patient data privacy andsecurity in sensor-based cloud infrastructures.The paper alsoprovides a framework for patient physiological parameters(PPPs) privacy and security particularly appropriate for suchecosystems.
In “Towards Privacy Preserving IoT Environments: ASurvey” byM. Seliem et al., privacy is one pivotal requirementof IoT applications. One of the most essential concerns ofIoT applications is the lack of control over raw personaldata communicated from the sensors to the cloud applicationcounterparts. This paper conducts a thorough survey ofexisting research and proposed solutions regarding privacyin IoT ecosystems, from a multipoint of view to outline thenumerous associated risks and potential mitigations.
In “FAPRP: A Machine Learning Approach to FloodingAttacks Prevention Routing Protocol in Mobile Ad HocNetworks” by N. T. Luong et al., IoT communications maysometimes be deprived of a centralized infrastructure thuscompletely relying on number of self-organizing nodes toform Mobile Ad hoc Networks (MANETs). Such types ofnetworks are prone to request route flooding attack, a dev-astating attack which is trivial to initiate and challenging toremedy.The authors introduce the FloodingAttackDetectionAlgorithm (FADA) which is based on historical networktraces and the k-NN algorithm to detect and isolate themalicious nodes in the network.Then a new routing protocolfor such settings is introduced which incorporates FADAalgorithm as part of its route request phase, minimizing therisk.
Conflicts of Interest
The authors declare that there are no conflicts of interestregarding the publication of this special issue.
Acknowledgments
The guest editors would like to express their gratitude toSPTT editorial board for giving the opportunity to editthis special issue. Also, they wish to thank the authors for
Wireless Communications and Mobile Computing 3
submitting their work as well as the tireless reviewers whohave constructively evaluated the papers within the short-stipulated time. Finally, they sincerely hope the reader willshare their view and find this special issue very useful.
Constantinos KoliasWeizhi Meng
Georgios KambourakisJiageng Chen
References
[1] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS inthe IoT: mirai and other botnets,” IEEE Computer Society, vol.50, no. 7, pp. 80–84, 2017.
[2] M. Antonakakis, T. April, M. Bailey et al., “Understanding themirai botnet,” in Proceedings of the USENIX Security Sympo-sium, pp. 1092–1110, August, 2017.
[3] J. Voas, R. Kuhn, C. Kolias, A. Stavrou, and G. Kambourakis,“Cybertrust in the IoT Age,” The Computer Journal, vol. 51, no.7, pp. 12–15, 2018.
International Journal of
AerospaceEngineeringHindawiwww.hindawi.com Volume 2018
RoboticsJournal of
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Active and Passive Electronic Components
VLSI Design
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Shock and Vibration
Hindawiwww.hindawi.com Volume 2018
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawiwww.hindawi.com
Volume 2018
Hindawi Publishing Corporation http://www.hindawi.com Volume 2013Hindawiwww.hindawi.com
The Scientific World Journal
Volume 2018
Control Scienceand Engineering
Journal of
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com
Journal ofEngineeringVolume 2018
SensorsJournal of
Hindawiwww.hindawi.com Volume 2018
International Journal of
RotatingMachinery
Hindawiwww.hindawi.com Volume 2018
Modelling &Simulationin EngineeringHindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Navigation and Observation
International Journal of
Hindawi
www.hindawi.com Volume 2018
Advances in
Multimedia
Submit your manuscripts atwww.hindawi.com
top related