scispace - formally typeset
Search or ask a question
Author

Ahmed Alenezi

Other affiliations: Taibah University, King Saud University, King Saud Medical City  ...read more
Bio: Ahmed Alenezi is an academic researcher from University of Southampton. The author has contributed to research in topics: Cloud computing & Cloud computing security. The author has an hindex of 13, co-authored 32 publications receiving 591 citations. Previous affiliations of Ahmed Alenezi include Taibah University & King Saud University.

Papers
More filters
Journal ArticleDOI
TL;DR: It is concluded that the combination of blockchain and IoT can provide a powerful approach which can significantly pave the way for new business models and distributed applications.
Abstract: The Internet of Things (IoT) has extended the internet connectivity to reach not just computers and humans, but most of our environment things. The IoT has the potential to connect billions of objects simultaneously which has the impact of improving information sharing needs that result in improving our life. Although the IoT benefits are unlimited, there are many challenges facing adopting the IoT in the real world due to its centralized server/client model. For instance, scalability and security issues that arise due to the excessive numbers of IoT objects in the network. The server/client model requires all devices to be connected and authenticated through the server, which creates a single point of failure. Therefore, moving the IoT system into the decentralized path may be the right decision. One of the popular decentralization systems is blockchain. The Blockchain is a powerful technology that decentralizes computation and management processes which can solve many of IoT issues, especially security. This paper provides an overview of the integration of the blockchain with the IoT with highlighting the integration benefits and challenges. The future research directions of blockchain with IoT are also discussed. We conclude that the combination of blockchain and IoT can provide a powerful approach which can significantly pave the way for new business models and distributed applications.

236 citations

Proceedings ArticleDOI
21 Jun 2017
TL;DR: An overview of the integration of the Cloud into the IoT is provided by highlighting the integration benefits and implementation challenges and the architecture of the resultant Cloud-based IoT paradigm and its new applications scenarios are discussed.
Abstract: The Internet of Things (IoT) is becoming the next Internet-related revolution. It allows billions of devices to be connected and communicate with each other to share information that improves the quality of our daily lives. On the other hand, Cloud Computing provides on-demand, convenient and scalable network access which makes it possible to share computing resources, indeed, this, in turn, enables dynamic data integration from various data sources. There are many issues standing in the way of the successful implementation of both Cloud and IoT. The integration of Cloud Computing with the IoT is the most effective way on which to overcome these issues. The vast number of resources available on the Cloud can be extremely beneficial for the IoT, while the Cloud can gain more publicity to improve its limitations with real world objects in a more dynamic and distributed manner. This paper provides an overview of the integration of the Cloud into the IoT by highlighting the integration benefits and implementation challenges. Discussion will also focus on the architecture of the resultant Cloud-based IoT paradigm and its new applications scenarios. Finally, open issues and future research directions are also suggested.

132 citations

Proceedings ArticleDOI
01 Jun 2017
TL;DR: A risk-based access control model for IoT technology that takes into account real-time data information request for IoT devices and gives dynamic feedback and uses smart contracts to provide adaptive features in which the user behaviour is monitored to detect any abnormal actions from authorized users.
Abstract: The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco reported that there were 25 billion IoT devices in 2015 and modest estimation that this number will almost double by 2020. Society has become dependent on these billions of devices, devices that are connected and communicating with each other all the time with information constantly share between users, services, and internet providers. The emergent IoT devices as a technology are creating a huge security rift between users and usability, sacrificing usability for security created a number of major issues. First, IoT devices are classified under Bring Your Own Device (BYOD) that blows any organization security boundary and make them a target for espionage or tracking. Second, the size of the data generated from IoT makes big data problems pale in comparison not to mention IoT devices need a real-time response. Third, is incorporating secure access and control for IoT devices ranging from edge nodes devices to application level (business intelligence reporting tools) is a challenge because it has to account for several hardware and application levels. Establishing a secure access control model between different IoT devices and services is a major milestone for the IoT. This is important because data leakage and unauthorized access to data have a high impact on our IoT devices. However, traditional access control models with the static and rigid infrastructure cannot provide the required security for the IoT infrastructure. Therefore, this paper proposes a risk-based access control model for IoT technology that takes into account real-time data information request for IoT devices and gives dynamic feedback. The proposed model uses IoT environment features to estimate the security risk associated with each access request using user context, resource sensitivity, action severity and risk history as inputs for security risk estimation algorithm that is responsible for access decision. Then the proposed model uses smart contracts to provide adaptive features in which the user behaviour is monitored to detect any abnormal actions from authorized users.

69 citations

Journal ArticleDOI
TL;DR: The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision and has four inputs/risk factors: user context, resource sensitivity, action severity and risk history.
Abstract: The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things These things are connected together using different communication technologies to provide unlimited services These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems However, authentication and access control models can be used to address the security issue in the IoT To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions One of the dynamic features is the security risk This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history These risk factors are used to estimate a risk value associated with the access request to make the access decision To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model

48 citations

Proceedings ArticleDOI
01 Mar 2018
TL;DR: An overview of most common access policy languages is presented and XACML is proposed as the most efficient and appropriate policy language for the IoT as it compatible with different platforms, provides a distributed and flexible approach to work with different access control scenarios of the IoT system.
Abstract: Although the Internet of things (IoT) brought unlimited benefits, it also brought many security issues. The access control is one of the main elements to address these issues. It provides the access to system resources only to authorized users and ensures that they behave in an authorized manner during their access sessions. One of the significant components of any access control model is access policies. They are used to build the criteria to permit or deny any access request. Building an efficient access control model for the IoT require selecting an appropriate access policy language to implement access policies. Therefore, this paper presents an overview of most common access policy languages. It starts with discussing different access control models and features of the access policy. After reviewing different access policy languages, we proposed XACML as the most efficient and appropriate policy language for the IoT as it compatible with different platforms, provides a distributed and flexible approach to work with different access control scenarios of the IoT system. In addition, we proposed an XACML model for an Adaptive Risk-Based Access Control (AdRBAC) for the IoT and showed how the access decision will be made using XACML.

46 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: A taxonomy of the security research areas in IoT/IIoT along with their corresponding solutions is designed and several open research directions relevant to the focus of this survey are identified.

476 citations

Journal ArticleDOI
TL;DR: The purpose of this paper is to identify and discuss the main issues involved in the complex process of IoT-based investigations, particularly all legal, privacy and cloud security challenges, as well as some promising cross-cutting data reduction and forensics intelligence techniques.
Abstract: Today is the era of the Internet of Things (IoT). The recent advances in hardware and information technology have accelerated the deployment of billions of interconnected, smart and adaptive devices in critical infrastructures like health, transportation, environmental control, and home automation. Transferring data over a network without requiring any kind of human-to-computer or human-to-human interaction, brings reliability and convenience to consumers, but also opens a new world of opportunity for intruders, and introduces a whole set of unique and complicated questions to the field of Digital Forensics. Although IoT data could be a rich source of evidence, forensics professionals cope with diverse problems, starting from the huge variety of IoT devices and non-standard formats, to the multi-tenant cloud infrastructure and the resulting multi-jurisdictional litigations. A further challenge is the end-to-end encryption which represents a trade-off between users’ right to privacy and the success of the forensics investigation. Due to its volatile nature, digital evidence has to be acquired and analyzed using validated tools and techniques that ensure the maintenance of the Chain of Custody. Therefore, the purpose of this paper is to identify and discuss the main issues involved in the complex process of IoT-based investigations, particularly all legal, privacy and cloud security challenges. Furthermore, this work provides an overview of the past and current theoretical models in the digital forensics science. Special attention is paid to frameworks that aim to extract data in a privacy-preserving manner or secure the evidence integrity using decentralized blockchain-based solutions. In addition, the present paper addresses the ongoing Forensics-as-a-Service (FaaS) paradigm, as well as some promising cross-cutting data reduction and forensics intelligence techniques. Finally, several other research trends and open issues are presented, with emphasis on the need for proactive Forensics Readiness strategies and generally agreed-upon standards.

440 citations

Journal ArticleDOI
08 Apr 2018
TL;DR: The state-of-the-art of fog computing and its integration with the IoT is presented by highlighting the benefits and implementation challenges and the architecture of the fog and emerging IoT applications that will be improved by using the fog model are focused on.
Abstract: With the rapid growth of Internet of Things (IoT) applications, the classic centralized cloud computing paradigm faces several challenges such as high latency, low capacity and network failure. To address these challenges, fog computing brings the cloud closer to IoT devices. The fog provides IoT data processing and storage locally at IoT devices instead of sending them to the cloud. In contrast to the cloud, the fog provides services with faster response and greater quality. Therefore, fog computing may be considered the best choice to enable the IoT to provide efficient and secure services for many IoT users. This paper presents the state-of-the-art of fog computing and its integration with the IoT by highlighting the benefits and implementation challenges. This review will also focus on the architecture of the fog and emerging IoT applications that will be improved by using the fog model. Finally, open issues and future research directions regarding fog computing and the IoT are discussed.

410 citations

Journal ArticleDOI
TL;DR: An in-depth survey of state-of-the-art proposals having 5G-enabled IoT as a backbone for blockchain-based industrial automation for the applications such as-Smart city, Smart Home, Healthcare 4.0, Smart Agriculture, Autonomous vehicles and Supply chain management is presented.

366 citations