The widespread adoption of the Internet of Things (IoT) technologies has drastically increased the breadth and depth of attack surfaces in networked systems, providing new mechanisms for the intrusion. In the context of smart-world critical infrastructures and cyber-physical systems, the rapid adoption of the IoT systems and infrastructures without thorough consideration for the risks and vulnerabilities has the potential for catastrophic damage to the privacy, safety, and security of individuals and corporations. While the IoT systems have the potential to increase productivity, accountability, traceability, and efficiency, their potential weaknesses are also more abundant. In this paper, we provide critical consideration of the security of the IoT systems as applied to smart-world critical infrastructures. Particularly, we carry out a detailed assessment of vulnerabilities in IoT-based critical infrastructures from the perspectives of applications, networking, operating systems, software, firmware, and hardware. In addition, we highlight the three key critical infrastructure IoT-based cyber-physical systems, namely the smart transportation, smart manufacturing, and smart grid. Moreover, we provide a broad collection of attack examples upon each of the key applications. Furthermore, we introduce a case study, in which we assess the impacts of potential attacks on critical IoT-based systems, using the smart transportation system as an example. Finally, we provide a set of best practices and address the necessary steps to enact countermeasures for any generic IoT-based critical infrastructure system.

/pdf/secure-internet-of-things-iot-based-smart-world-critical-3lxmbqjmn7.pdf

Secure Internet of Things (IoT)-Based Smart-World Critical Infrastructures: Survey, Case Study and Research Opportunities

Interconnecting “things” and devices that takes the form of wearables, sensors, actuators, mobiles, computers, meters, or even vehicles is a critical requirement for the current era. These inter-networked connections are serving the emerging applications home and building automation, smart cities and infrastructure, smart industries, and smart-everything. However, the security of these connected Internet of things (IoT) plays a centric role with no margin for error. After a review of the relevant, online literature on the topic and after looking at the market trends and developments, one can notice that there are still concerns with regard to security in IoT products and services. This paper is focusing on a survey on IoT security and aims to highlight the most significant problems related to safety and security in the IoT ecosystems. This survey identifies the general threat and attack vectors against IoT devices while highlighting the flaws and weak points that can lead to breaching the security. Furthermore, this paper presents solutions for remediation of the compromised security, as well as methods for risk mitigation, with prevention and improvement suggestions.

https://link.springer.com/content/pdf/10.1007/s42979-020-00201-3.pdf

Security Considerations for Internet of Things: A Survey

Smart agriculture integrates a set of technologies, devices, protocols, and computational paradigms to improve agricultural processes. Big data, artificial intelligence, cloud, and edge computing provide capabilities and solutions to keep, store, and analyze the massive data generated by components. However, smart agriculture is still emerging and has a low level of security features. Future solutions will demand data availability and accuracy as key points to help farmers, and security is crucial to building robust and efficient systems. Since smart agriculture comprises a wide variety and quantity of resources, security addresses issues such as compatibility, constrained resources, and massive data. Conventional protection schemes used in the traditional Internet or Internet of Things may not be useful for agricultural systems, creating extra demands and opportunities. This paper aims at reviewing the state-of-the art of smart agriculture security, particularly in open-field agriculture, discussing its architecture, describing security issues, presenting the major challenges and future directions.

Security challenges to smart agriculture: Current state, key issues, and future directions

For this research, our primary goal is to define an attack surface for networks utilizing the IoT (Internet of Things) devices. The IoT consists of systems of integrated objects, computing devices, digital, or mechanical machines that are given the ability to transmit and receive the data over a network without the need for human interaction. Each of these devices can operate independently within the existing Internet infrastructure. Issues will continue to increase as devices become more prevalent and continuously evolve to counter newer threats and schemes. The attack surface of a network sums up all penetration points, otherwise known as attack vectors. An attacker or an unauthorized user can take advantage of these attack vectors to penetrate and change or extract data from the threat environment. For this research, we define a threat model that allows us to systematically analyze the security solutions to mitigate potential risks from the beginning of the design phase. By designing an IoT architecture and breaking it down into several zones, we focus on each zone to identify any vulnerability or weaknesses within a system that allows unauthorized privileges, as well as any attacks that can target that area. We also investigate the available IoT devices across several domains (e.g., wellness, industrial, home, etc.) to provide a 1:1 and 1:n mapping across devices, vulnerabilities, and potential security threats based on the subjective assessment.

Identifying the attack surface for IoT network

The recent digital revolution led robots to become integrated more than ever into different domains such as agricultural, medical, industrial, military, police (law enforcement), and logistics. Robots are devoted to serve, facilitate, and enhance the human life. However, many incidents have been occurring, leading to serious injuries and devastating impacts such as the unnecessary loss of human lives. Unintended accidents will always take place, but the ones caused by malicious attacks represent a very challenging issue. This includes maliciously hijacking and controlling robots and causing serious economic and financial losses. This paper reviews the main security vulnerabilities, threats, risks, and their impacts, and the main security attacks within the robotics domain. In this context, different approaches and recommendations are presented in order to enhance and improve the security level of robotic systems such as multi-factor device/user authentication schemes, in addition to multi-factor cryptographic algorithms. We also review the recently presented security solutions for robotic systems.

/pdf/robotics-cyber-security-vulnerabilities-attacks-40d9b2dkuj.pdf

Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendations.

Context: Internet-of-Things (IoT) systems are increasingly deployed in the real world, but their security lags behind the state of the art of non-IoT systems. Moving target defense (MTD) is a cyberdefense paradigm, successfully implemented in conventional systems, that could improve IoT security. Objective: Identify and synthesize existing MTD techniques for IoT and validate the feasibility of MTD as a cybersecurity paradigm suitable for IoT systems. Method: We use a systematic literature review method to search and analyze existing MTD for IoT techniques up to July 2020. We evaluated the existing techniques in terms of security foundations and real-world deployability using the evidence they provide. We define and use entropy-related metrics to categorize them. This is the first MTD survey to use Shannon’s entropy metric empirically. Results: Thirty-two distinct MTD for IoT techniques exist: 54% are Network-layer-based, 50% present strong evidence about their real-world deployment, and 64% have weak security foundations. Conclusion: MTD for IoT is a feasible cyberdefense approach. A variety of proposals exist, with evidence about their implementation and evaluation. Nevertheless, the MTD for IoT state of the art is still immature: the security foundations of most existing proposals are weak. Novel techniques should prioritize providing convincing security foundations and real-world deployment evidence.

/pdf/mtd-where-art-thou-a-systematic-review-of-moving-target-2zyuhchp6f.pdf

MTD, Where Art Thou? A Systematic Review of Moving Target Defense Techniques for IoT

This demonstration defines a small IoT wireless network that uses TI CC2538-OpenMote as hardware platform and state-of-the-art IETF network standards such as 6LoWPAN, RPL, and CoAP implemented by ContikiOS The IoT nodes are controlled from outside the IoT network using end-to-end connectivity provided by IPv6-CoAP messages We implement a man-in-the-middle attack that disrupts the normal behavior of the system Our attack leverages on the inherent hierarchical routing topology of RPL-based IoT networks The demonstration aims at highlighting the need for end-to-end source-authentication and authorization enforcement of information even inside a trusted IoT network We also provide some insights on how these services can be offered in a IoT-friendly way

/pdf/demo-do-not-trust-your-neighbors-a-small-iot-platform-4l1e01102h.pdf

Demo: Do not trust your neighbors! A small IoT platform illustrating a man-in-the-middle attack

The Internet of Things will scale to billions of devices in the next coming years. A secure communication framework is needed to interconnect all these objects, by taking into account their intrinsic constrained in terms of energy, cpu and memory; Several proposals relying on adapting existing well-known and standardized security solutions exist, but we believe there is still a gap for most-constrained nodes to provide fine-grained authorization and secure establishment of fresh cryptographic keys. We propose a mechanism that runs on top of the OAuth Authorization architecture and provides the bootstrapping of fresh authenticated symmetric cryptographic material between previously unknown parties using a nonce-based protocol. We set up an energy measurement platform to evaluate our proposal and compare it with existing work.

/pdf/nonce-based-authenticated-key-establishment-over-oauth-2-0-ich10g37ig.pdf

Nonce-based authenticated key establishment over OAuth 2.0 IoT proof-of-possession architecture

The current and future IEEE 802.11 deployment could potentially offer wireless Internet connectivity to mobile users. The limited AP radio coverage forces mobile devices to perform frequent handovers while current operating systems lack efficient mechanisms to manage AP transition. Thus we propose an anticipation-based handover solution that uses a Kalman filter to predict the short term evolution of the received power. This mechanism allows a mobile device to proactively start scanning and executing a handover as soon as better APs are available. We implement our mechanism in Android and we show that our solution provides a better wireless connection.

/pdf/handover-triggering-in-ieee-802-11-networks-32kikauw13.pdf

Handover triggering in IEEE 802.11 networks

https://hal.archives-ouvertes.fr/hal-03088384/document

Renzo E. Navas

Papers

MTD, Where Art Thou? A Systematic Review of Moving Target Defense Techniques for IoT

Demo: Do not trust your neighbors! A small IoT platform illustrating a man-in-the-middle attack

Nonce-based authenticated key establishment over OAuth 2.0 IoT proof-of-possession architecture

Handover triggering in IEEE 802.11 networks

Physical resilience to insider attacks in IoT networks: Independent cryptographically secure sequences for DSSS anti-jamming