Proposed Embedded Security Framework for Internet of Things (IoT)

Artificial Intelligence and Technologies, 2021

Journal of Computer and Communications, 2020

Living in the Internet of Things: Cybersecurity of the IoT - 2018, 2018

The Internet of Things (IoT) holds great potential for productivity, quality control, supply chain efficiencies and overall business operations. However, with this broader connectivity, new vulnerabilities and attack vectors are being introduced, increasing opportunities for systems to be compromised by hackers and targeted attacks. These vulnerabilities pose severe threats to a myriad of IoT applications within areas such as manufacturing, healthcare, power and energy grids, transportation and commercial building management. While embedded OEMs offer technologies, such as hardware Trusted Platform Module (TPM), that deploy strong chain-of-trust and authentication mechanisms, still they struggle to protect against vulnerabilities introduced by vendors and end users, as well as additional threats posed by potential technical vulnerabilities and zero-day attacks. This paper proposes a pro-active policy-based approach, enforcing the principle of least privilege, through hardware Security Policy Engine (SPE) that actively monitors communication of applications and system resources on the system communication bus (ARM AMBA-AXI4). Upon detecting a policy violation, for example, a malicious application accessing protected storage, it counteracts with predefined mitigations to limit the attack. The proposed SPE approach widely complements existing embedded hardware and software security technologies, targeting the mitigation of risks imposed by unknown vulnerabilities of embedded applications and protocols.

2020 IEEE 33rd International System-on-Chip Conference (SOCC), 2020

In recent years, the proliferation of intelligent embedded technologies is opening venues to new service and computing models, providing diverse socioeconomic benefits. These intelligent technologies are giving rise to a wide range of public and private applications by sharing and analysing generated data. This includes smart home, smart health, smart city, autonomous vehicles, smart grid and smart manufacturing etc. However, where this sharing of data brings benefits and opportunities, it simultaneously presents security risks and challenges. The realisation and prototyping of such technologies require a computing hardware widely available in the form of an embedded platform. The security perimeter and the attack surface of these platforms rely on their supported security and defence mechanisms. This paper aims to build a body-of-knowledge in this area for the security research community. It present the state-of-theart security frameworks and architectures, discuss architectural shortcomings and root-causes of leading security technologies rather than discussing vulnerabilities and attacks. The paper concludes advocating secure-by-design platform approach and classifying platform security methods to realise robust embedded platform security architecture.

Internet of Things (IoT) is the interconnection of heterogeneous smart devices through the Internet with diverse application areas. The huge number of smart devices and the complexity of networks has made it impossible to secure the data and communication between devices. Various conventional security controls are insufficient to prevent numerous attacks against these information-rich devices. Along with enhancing existing approaches, a peripheral defence, Intrusion Detection System (IDS), proved efficient in most scenarios. However, conventional IDS approaches are unsuitable to mitigate continuously emerging zero-day attacks. Intelligent mechanisms that can detect unfamiliar intrusions seems a prospective solution. This article explores popular attacks against IoT architecture and its relevant defence mechanisms to identify an appropriate protective measure for different networking practices and attack categories. Besides, a security framework for IoT architecture is provided with a list of security enhancement techniques.

Access Publications, 2024

The Internet of Things (IoT) has revolutionized various domains, offering connectivity and data sharing among diverse devices and services. However, this interconnectedness poses significant security challenges, primarily centered around confidentiality, integrity, and availability. This paper investigates the security issues embedded in the layers of IoT architecture, ranging from the perception layer to the application layer. By leveraging the Defense-in-Depth security mechanism, we propose a comprehensive approach to fortify IoT systems against cyber threats. The Defense-in-Depth strategy is illustrated through a layered model, addressing security concerns at the perimeter, host, OS/application, and data layers. The study explores various security measures applicable to each layer, emphasizing the need for a multi-faceted approach to ensure the robustness of IoT security.

The concept of the Internet of Things (IoT) was introduced by Kevin Ashton, a cofounder of the Auto-ID Center at MIT, in 1998. The vision is that objects ("things") are connected to each other and thereby they create IoT in which each object has its distinct identity and can communicate with other objects. IoT objects can vary dramatically in size from a small wearable device to a cruise ship. IoT transforms ordinary products such as cars, buildings, and machines into smart, connected objects that can communicate with people, applications and each other.

Stochastic Modeling and Applications, 2022

Many technologies, media, and telecommunication businesses are already battling with many cyber risk problems. To achieve an integrated risk mindset, we should place cyber risk management and innovation on same footing. For a variety of reasons, protecting IoT devices is a challenging undertaking. Security is sometimes sacrificed in favor of time-to-market metrics when manufacturers and inventors are under pressure to release innovative goods. The Department of Homeland Security's Science and Technology (S&T) Directive is a valuable resource for establishing the best practices for securing the Internet of Things (IoT) devices. Several scholars have contributed insights and analyses into the IoT's applications, which have a substantial influence in various fields to find the best and most secure method for securing the source-location privacy of IoT devices. In this paper, a model will talk about a proposed model which will be more secure and more efficient as compared to traditional security technique. The time consumption, error rate in the case of both previous work and proposed work will be noted according to the different number of packets in regards various attacks like man-in-the-middle, brute force, denial of service etc.

2020

Due to the rapid growth in the field of science and technology, IoT (Internet of Things) has become emerging technique for connecting heterogeneous technologies related to our daily needs that can affect our lives tremendously. It allows the devices to be con nected to each other and controlled or monitored through handheld devices. The IoT network is a heterogeneous network that links several small hardware restriction devices, and where conventional security architectures and techniques cannot be used. So, providing protection to the IoT network involves a diverse range of specialized techniques and architectures. This paper focuses on the requirements of defense, current state of the art and future directions in the field of IoT.

Nowadays most of the electronic gadgets and other sensor devices getting connected with Internet of things, these devices having many security flaws. As researchers find that companies only taking care of these devices at firmware level and there is no mechanism to update the security flaws from these devices afterwards. In this paper first we have talked about security engineering for the Internet of Things and purposed our protection instrument. In our purposed guard component there are three levels of barrier, every one of these levels of safeguard we have discussed the counteractive action methods, finding of the defenselessness point in the connected gadgets and their conceivable arrangements, assurance and protection of the gathered information. The move from close systems to big business IoT based systems to general society Internet is quickening at a faster pace—and legitimately raising alerts about security. As we get to be progressively dependent on canny, interconnected gadgets in each part of our lives, how do we shield possibly billions of them from interruptions and impedance that could trade off individual security? In this paper we have tried to answer these questions.