No Arabic abstract
The Internet of Things (IoT) has been on the rise in the last decade as it finds applications in various domains. Hospitality is one of the pioneer sectors that has adopted this technology to create novel services such as smart hotel rooms, personalized services etc. Hotels, restaurants, theme parks, and cruise ships are some specific application areas to improve customer satisfaction by creating an intense interactive environment and data collection with the use of appropriate sensors and actuators. However, applying IoT solutions in the hospitality environment has some unique challenges such as easy physical access to devices. In addition, due to the very nature of these domains, the customers are at the epicenter of these IoT technologies that result in a massive amount of data collection from them. Such data and its management along with business purposes also raises new concerns regarding privacy and ethical considerations. Therefore, this paper surveys and analyzes security, privacy and ethical issues regarding the utilization of IoT devices by focusing on the hospitality industry specifically. We explore some exemplary uses, cases, potential problems and solutions in order to contribute to better understanding and guiding the business operators in this sector.
With an enormous range of applications, Internet of Things (IoT) has magnetized industries and academicians from everywhere. IoT facilitates operations through ubiquitous connectivity by providing Internet access to all the devices with computing capabilities. With the evolution of wireless infrastructure, the focus from simple IoT has been shifted to smart, connected and mobile IoT (M-IoT) devices and platforms, which can enable low-complexity, low-cost and efficient computing through sensors, machines, and even crowdsourcing. All these devices can be grouped under a common term of M-IoT. Even though the positive impact on applications has been tremendous, security, privacy and trust are still the major concerns for such networks and an insufficient enforcement of these requirements introduces non-negligible threats to M-IoT devices and platforms. Thus, it is important to understand the range of solutions which are available for providing a secure, privacy-compliant, and trustworthy mechanism for M-IoT. There is no direct survey available, which focuses on security, privacy, trust, secure protocols, physical layer security and handover protections in M-IoT. This paper covers such requisites and presents comparisons of state-the-art solutions for IoT which are applicable to security, privacy, and trust in smart and connected M-IoT networks. Apart from these, various challenges, applications, advantages, technologies, standards, open issues, and roadmap for security, privacy and trust are also discussed in this paper.
Information-Centric Networking (ICN) is a new networking paradigm, which replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet, mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents origin. Content and client security are more intrinsic in the ICN paradigm versus the current host centric paradigm where they have been instrumented as an after thought. By design, the ICN paradigm inherently supports several security and privacy features, such as provenance and identity privacy, which are still not effectively available in the host-centric paradigm. However, given its nascency, the ICN paradigm has several open security and privacy concerns, some that existed in the old paradigm, and some new and unique. In this article, we survey the existing literature in security and privacy research sub-space in ICN. More specifically, we explore three broad areas: security threats, privacy risks, and access control enforcement mechanisms. We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In the broad area of security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In the broad area of privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICNs feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. In this broad area, we review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.
Machine learning finds rich applications in Internet of Things (IoT) networks such as information retrieval, traffic management, spectrum sensing, and signal authentication. While there is a surge of interest to understand the security issues of machine learning, their implications have not been understood yet for wireless applications such as those in IoT systems that are susceptible to various attacks due the open and broadcast nature of wireless communications. To support IoT systems with heterogeneous devices of different priorities, we present new techniques built upon adversarial machine learning and apply them to three types of over-the-air (OTA) wireless attacks, namely jamming, spectrum poisoning, and priority violation attacks. By observing the spectrum, the adversary starts with an exploratory attack to infer the channel access algorithm of an IoT transmitter by building a deep neural network classifier that predicts the transmission outcomes. Based on these prediction results, the wireless attack continues to either jam data transmissions or manipulate sensing results over the air (by transmitting during the sensing phase) to fool the transmitter into making wrong transmit decisions in the test phase (corresponding to an evasion attack). When the IoT transmitter collects sensing results as training data to retrain its channel access algorithm, the adversary launches a causative attack to manipulate the input data to the transmitter over the air. We show that these attacks with different levels of energy consumption and stealthiness lead to significant loss in throughput and success ratio in wireless communications for IoT systems. Then we introduce a defense mechanism that systematically increases the uncertainty of the adversary at the inference stage and improves the performance. Results provide new insights on how to attack and defend IoT networks using deep learning.
Internet of Things (IoT) is an innovative paradigm envisioned to provide massive applications that are now part of our daily lives. Millions of smart devices are deployed within complex networks to provide vibrant functionalities including communications, monitoring, and controlling of critical infrastructures. However, this massive growth of IoT devices and the corresponding huge data traffic generated at the edge of the network created additional burdens on the state-of-the-art centralized cloud computing paradigm due to the bandwidth and resources scarcity. Hence, edge computing (EC) is emerging as an innovative strategy that brings data processing and storage near to the end users, leading to what is called EC-assisted IoT. Although this paradigm provides unique features and enhanced quality of service (QoS), it also introduces huge risks in data security and privacy aspects. This paper conducts a comprehensive survey on security and privacy issues in the context of EC-assisted IoT. In particular, we first present an overview of EC-assisted IoT including definitions, applications, architecture, advantages, and challenges. Second, we define security and privacy in the context of EC-assisted IoT. Then, we extensively discuss the major classifications of attacks in EC-assisted IoT and provide possible solutions and countermeasures along with the related research efforts. After that, we further classify some security and privacy issues as discussed in the literature based on security services and based on security objectives and functions. Finally, several open challenges and future research directions for secure EC-assisted IoT paradigm are also extensively provided.
Internet of Things (IoT) consists of a large number of devices connected through a network, which exchange a high volume of data, thereby posing new security, privacy, and trust issues. One way to address these issues is ensuring data confidentiality using lightweight encryption algorithms for IoT protocols. However, the design and implementation of such protocols is an error-prone task; flaws in the implementation can lead to devastating security vulnerabilities. Here we propose a new verification approach named Encryption-BMC and Fuzzing (EBF), which combines Bounded Model Checking (BMC) and Fuzzing techniques to check for security vulnerabilities that arise from concurrent implementations of cyrptographic protocols, which include data race, thread leak, arithmetic overflow, and memory safety. EBF models IoT protocols as a client and server using POSIX threads, thereby simulating both entities communication. It also employs static and dynamic verification to cover the systems state-space exhaustively. We evaluate EBF against three benchmarks. First, we use the concurrency benchmark from SV-COMP and show that it outperforms other state-of-the-art tools such as ESBMC, AFL, Lazy-CSeq, and TSAN with respect to bug finding. Second, we evaluate an open-source implementation called WolfMQTT. It is an MQTT client implementation that uses the WolfSSL library. We show that tool detects a data race bug, which other approaches are unable to find. Third, to show the effectiveness of EBF, we replicate some known vulnerabilities in OpenSSL and CyaSSL (lately WolfSSL) libraries. EBF can detect the bugs in minimum time.