Yang Xiao

Bio: Yang Xiao is an academic researcher from Western Michigan University. The author has contributed to research in topics: Wireless sensor network & Key distribution in wireless sensor networks. The author has an hindex of 2, co-authored 2 publications receiving 137 citations. Previous affiliations of Yang Xiao include University of Nebraska–Lincoln.

A Routing-Driven Key Management Scheme for Heterogeneous Sensor Networks

Abstract: The many-to-one traffic pattern dominates in sensor networks, where a large number of sensor nodes send data to one sink. A sensor node may only communicate with a small portion of its neighbors. Most existing key management schemes for sensor networks are designed to establish shared keys for all pairs of neighbor sensors, no matter whether they communicate with each other or not, and this causes large overhead. To achieve better security and performance, we adopt a heterogeneous sensor network (HSN) model. In this paper, we propose a novel routing-driven key management scheme, which only establishes shared keys for neighbor sensors that may communicate with each other. Work has demonstrated the feasibility of implementing elliptic curve cryptography on small sensor nodes. We utilize elliptic curve cryptography to design an efficient key management scheme for HSN. The performance evaluation and security analysis show that our key management scheme can provide better security with significant saving on sensor storage space and energy consumption than some existing key management schemes.

Defending DoS Attacks on Broadcast Authentication in Wireless Sensor Networks

Abstract: Security is critical for wireless sensor networks deployed in military, homeland security and other hostile environments. In this paper, we study a security issue related with broadcast in sensor networks. Due to the broadcast nature of wireless communications, often it is more efficient to broadcast packets to sensor nodes. Typically, broadcast authentication is achieved by digital signatures. Since digital signature operations are expensive for small sensor nodes, an attacker can launch a serious denial of service (DoS) attack. That is, an attacker may forge a large number of broadcast messages with digital signatures, and then force sensor nodes to verify these signatures, which can cause them run out of power. In this paper, we present an effective and efficient scheme that can defend such DoS attack on broadcast authentication. Our performance evaluation shows that the scheme is much more secure and efficient than an existing scheme.

A Survey on Security and Privacy Issues in Internet-of-Things

Abstract: Internet-of-Things (IoT) are everywhere in our daily life. They are used in our homes, in hospitals, deployed outside to control and report the changes in environment, prevent fires, and many more beneficial functionality. However, all those benefits can come of huge risks of privacy loss and security issues. To secure the IoT devices, many research works have been conducted to countermeasure those problems and find a better way to eliminate those risks, or at least minimize their effects on the user’s privacy and security requirements. The survey consists of four segments. The first segment will explore the most relevant limitations of IoT devices and their solutions. The second one will present the classification of IoT attacks. The next segment will focus on the mechanisms and architectures for authentication and access control. The last segment will analyze the security issues in different layers.

Internet of Things Architecture: Recent Advances, Taxonomy, Requirements, and Open Challenges

Abstract: Recent years have witnessed tremendous growth in the number of smart devices, wireless technologies, and sensors. In the foreseeable future, it is expected that trillions of devices will be connected to the Internet. Thus, to accommodate such a voluminous number of devices, scalable, flexible, interoperable, energy-efficient, and secure network architectures are required. This article aims to explore IoT architectures. In this context, first, we investigate, highlight, and report premier research advances made in IoT architecture recently. Then we categorize and classify IoT architectures and devise a taxonomy based on important parameters such as applications, enabling technologies, business objectives, architectural requirements, network topologies, and IoT platform architecture types. We identify and outline the key requirements for future IoT architecture. A few prominent case studies on IoT are discovered and presented. Finally, we enumerate and outline future research challenges.

CorrAUC: A Malicious Bot-IoT Traffic Detection Method in IoT Network Using Machine-Learning Techniques

Abstract: Identification of anomaly and malicious traffic in the Internet-of-Things (IoT) network is essential for the IoT security to keep eyes and block unwanted traffic flows in the IoT network. For this purpose, numerous machine-learning (ML) technique models are presented by many researchers to block malicious traffic flows in the IoT network. However, due to the inappropriate feature selection, several ML models prone misclassify mostly malicious traffic flows. Nevertheless, the significant problem still needs to be studied more in-depth that is how to select effective features for accurate malicious traffic detection in the IoT network. To address the problem, a new framework model is proposed. First, a novel feature selection metric approach named CorrAUC is proposed, and then based on CorrAUC, a new feature selection algorithm named CorrAUC is developed and designed, which is based on the wrapper technique to filter the features accurately and select effective features for the selected ML algorithm by using the area under the curve (AUC) metric. Then, we applied the integrated TOPSIS and Shannon entropy based on a bijective soft set to validate selected features for malicious traffic identification in the IoT network. We evaluate our proposed approach by using the Bot-IoT data set and four different ML algorithms. The experimental results analysis showed that our proposed method is efficient and can achieve >96% results on average.

Achieving Efficient and Secure Data Acquisition for Cloud-Supported Internet of Things in Smart Grid

Abstract: Cloud-supported Internet of Things (Cloud-IoT) has been broadly deployed in smart grid systems. The IoT front-ends are responsible for data acquisition and status supervision, while the substantial amount of data is stored and managed in the cloud server. Achieving data security and system efficiency in the data acquisition and transmission process are of great significance and challenging, because the power grid-related data is sensitive and in huge amount. In this paper, we present an efficient and secure data acquisition scheme based on ciphertext policy attribute-based encryption. Data acquired from the terminals will be partitioned into blocks and encrypted with its corresponding access subtree in sequence, thereby the data encryption and data transmission can be processed in parallel. Furthermore, we protect the information about the access tree with threshold secret sharing method, which can preserve the data privacy and integrity from users with the unauthorized sets of attributes. The formal analysis demonstrates that the proposed scheme can fulfill the security requirements of the Cloud-IoT in smart grid. The numerical analysis and experimental results indicate that our scheme can effectively reduce the time cost compared with other popular approaches.

A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network

Abstract: The Internet of Things has broad application in military field, commerce, environmental monitoring, and many other fields. However, the open nature of the information media and the poor deployment environment have brought great risks to the security of wireless sensor networks, seriously restricting the application of wireless sensor network. Internet of Things composed of wireless sensor network faces security threats mainly from Dos attack, replay attack, integrity attack, false routing information attack, and flooding attack. In this paper, we proposed a new intrusion detection system based on -nearest neighbor (-nearest neighbor, referred to as KNN below) classification algorithm in wireless sensor network. This system can separate abnormal nodes from normal nodes by observing their abnormal behaviors, and we analyse parameter selection and error rate of the intrusion detection system. The paper elaborates on the design and implementation of the detection system. This system has achieved efficient, rapid intrusion detection by improving the wireless ad hoc on-demand distance vector routing protocol (Ad hoc On-Demand Distance the Vector Routing, AODV). Finally, the test results show that: the system has high detection accuracy and speed, in accordance with the requirement of wireless sensor network intrusion detection.