Future Generation Computer Systems: Kewei Sha Wei Wei T. Andrew Yang Zhiwei Wang Weisong Shi

Download as pdf or txt
Download as pdf or txt
You are on page 1of 12

Future Generation Computer Systems 83 (2018) 326–337

Contents lists available at ScienceDirect

Future Generation Computer Systems


journal homepage: www.elsevier.com/locate/fgcs

On security challenges and open issues in Internet of Things


Kewei Sha a, *, Wei Wei a , T. Andrew Yang a , Zhiwei Wang b , Weisong Shi c
a
University of Houston — Clear Lake, Houston, TX, United States
b
Nanjing University of Posts and Communications, Nanjing, China
c
Wayne State University, Detroit, MI, United States

highlights

• Analysis of security related characteristics of IoT systems and IoT applications.


• The insufficiency of the existing security solutions.
• Comparison of three architectural security designs.
• Example implementations of the three architectural security designs.
• Identifying a set of open security issues in the context of IoT architecture.

article info a b s t r a c t
Article history: When Internet of Things (IoT) applications become a part of people’s daily life, security issues in IoT have
Received 31 October 2017 caught significant attention in both academia and industry. Compared to traditional computing systems,
Received in revised form 27 December 2017 IoT systems have more inherent vulnerabilities, and meanwhile, could have higher security requirements.
Accepted 28 January 2018
However, the current design of IoT does not effectively address the higher security requirements posed
Available online 7 February 2018
by those vulnerabilities. Many recent attacks on IoT systems have shown that novel security solutions are
needed to protect this emerging system. This paper aims to analyze security challenges resulted from the
Keywords:
Internet of Things special characteristics of the IoT systems and the new features of the IoT applications. This could help pave
Security the road to better security solution design. In addition, three architectural security designs are proposed
Architecture and analyzed. Examples of how to implement these designs are discussed. Finally, for each layer in IoT
Challenges architecture, open issues are also identified.
IoT © 2018 Elsevier B.V. All rights reserved.
Open issues

1. Introduction complex security issues and concerns. If those security concerns


cannot be adequately addressed, wider adoption of IoT applica-
Internet of Things (IoT) is becoming the largest computing plat- tions will be greatly hindered. For example, considering two of
form [1]. With recent developed applications such as Smart Trans- the typical application domains of IoT, i.e., Smart Home and Smart
portation [2], Smart City [3], Smart House [4], and Smart Grid [5], Healthcare, it is essential to protect the sensitive information mov-
IoT technologies are significantly changing our life style [6,7]. The ing around the system and the critical assets in the system [8–
pervasive interconnection of smart IoT things which are physically 10]. The characteristics of the IoT devices, however, make the
distributed extends the computation and communication to IoT security design in IoT more challenging than before. These char-
things with various specifications. Sensing capability of these de- acteristics include extremely large scale, low cost design, resource
vices helps collect real-time data from the physical world directly constraints, device heterogeneity, preference of functions over
or remotely. The analysis of the collected data provides us the security, higher privacy requirements, and harder trust manage-
ability of building an intelligent world and making better decisions ments. To be more specific, resource constraints often include
to manage it. limited computation power, energy supply, and memory capacity.
IoT devices are becoming pervasive and they extend the Cyber These features make it difficult to apply many traditional security
world to the physical world, which creates new types of and more solutions to IoT, including the widely used public key scheme and
IP-based security solution. Due to insufficient IoT security design,
it is often easier to compromise IoT devices than conventional
* Corresponding author.
E-mail addresses: [email protected] (K. Sha), [email protected] (W. Wei), computers. For example, Forbes.com reports a successful hack into
[email protected] (T. Andrew Yang), [email protected] (Z. Wang), a baby monitor in Houston area [11]. Someone also demonstrated
[email protected] (W. Shi). how to hack and remotely control and stop a Jeep car on the road

https://doi.org/10.1016/j.future.2018.01.059
0167-739X/© 2018 Elsevier B.V. All rights reserved.
K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337 327

when the driver is in operation [12]. It is also reported by CNN enter the house; compromising of baby monitors can scare babies
Money that hackers have found volatilities in most smart home remotely by strangers; hacking microwave can cause fire at the
devices [13], including Smart Plugs [14,15], Smart Cameras [16,17], home. Owners of Smart Home may not want to live in Smart Home
DVRs [18] as well as vulnerabilities revealed by researchers [19– if security is a concern. Instead, they may expect to improve the
25]. safety of the house by using intelligent surveillance services [4].
Above cases illustrate the urgent needs of improving security of In addition, privacy of Smart Home owners need to be preserved.
IoT systems. Serious consequences can be expected from security However, continuously collecting data from Smart Home devices
breaches in IoT systems. For example, fatal accidents can be the can reveal private activities of home owners as indicated in [31,32].
result of remotely turning off a vehicle through a security breach. It poses serious threats to the home owners’ privacy.
Current weaknesses in IoT security may be attributed to insuf-
ficient understanding of security challenges of new IoT systems. 2.2. Smart grid
In this paper, we aim to conduct a detailed analysis of security
challenges in IoT systems, because we believe an intimate under- The other typical IoT application is to build Smart Grid. Smart
standing of IoT security challenges will pave the road to better Grid has been designed and implemented to improve the relia-
security solution design. Moreover, the differences in security chal- bility, reduce the cost, and optimize the performance of the tra-
lenges between IoT systems and Wireless Sensor Networks (WSNs) ditional power grid systems [33]. In addition to integrating more
are summarized and compared. Finally three architectural security green and renewable energy such as wind power, geothermal heat
designs for IoT are proposed and compared. Examples of how to and solar power, it also aims to improve the reliability and man-
implement these designs are presented and discussed. One of our agement of the traditional power grid more efficiently. Smart grid
findings is that, without aid of highly capable devices, it is difficult data communication networks, which interconnect many smart
to achieve high level of security with the low capable devices grid devices, play a critical role to achieve above goals. It not only
in the system. This observation necessitates the deployment of collects the energy usage data, but also monitors the status of
secure services in the new Edge computing paradigm [26,27]. The the smart grid system. Many novel applications can be developed
contributions of the paper include in-depth analysis of IoT security based on the smart grid data communication networks. For in-
challenges, proposals of security function deployment, and identi- stance, based on the collected energy usage information, utility
fication of open issues in IoT security designs. companies can distribute and balance the load more wisely. It
The rest of the paper is organized as follows. Importance of also helps to design a fair but scaled pricing model by considering
security in IoT applications in the context of several typical IoT the unbalanced energy consumption in the dimension of time
applications is discussed in Section 2. Then Section 3 overviews and space. By building smart grid status monitoring applications,
a typical IoT architecture. A comprehensive analysis on new IoT it is possible to identify failures in the grid system as early as
security challenges is presented in Section 4, which is followed possible, and design novel fault-tolerant mechanisms to better
by comparisons of security challenges between WSNs and IoT in respond to the failures. Many techniques including automated
Section 5. In Section 6 our proposal of architectural designs of IoT metering infrastructure (AMI) [34,35] have been proposed to build
security solutions are presented and discussed. We list a set of the smart grid communication networks. Having so many data
related work in Section 7. Finally, conclusion and future work are moving around this mission-critical system, security is also one of
depicted in Section 8. the most important concerns in building such systems. Intrusion
to Smart Grid [36] and cutting electricity supply to a large area
2. IoT applications and needs of security can cause huge physical and economical damage to the society.
Analyzing power usage data can also reveal people’s daily private
IoT is becoming the largest computing platform. It has been ap- activities [37]. Moreover, attacks against data integrity [38,39] and
plied in many application domains including Logistics [28], Smart false data injection [40–42] can disturb the billing system of the
Home [4], Smart City [3], Smart Health, Smart Connected Vehi- smart grid and mess up start grid state estimation, torture the
cles [2], Smart Grid [5], and so on [1]. In this section, we present power flow, and delay demand response.
three typical applications of IoT in the context of the importance of
security in these applications. 2.3. Smart connected health

2.1. Smart home Smart Connected Health is proposed to improve the efficiency
of healthcare systems and to reduce healthcare costs [43]. The
Smart Home is becoming increasingly popular recently [29]. analysts at MarketResearch.com claim that the sector will be worth
Gartner’s IT Hype Cycle 2016 Report identifies that smart con- $117 billion by 2020. By embedding smart healthcare devices in
nected home is an emerging technology. It is predicted that a typi- the existing medical infrastructure, healthcare professionals will
cal home could contain 500 or more smart devices by 2022 [30]. be able to monitor patients more effectively, and use the data
Smart Home has the vision of adding intelligence to everyday collected from these devices to figure out who needs the most
home objects, such as appliances, door locks, surveillance cameras, attention. In other words, by making the most of this network of
furniture, garage doors, and so on, and making them communicate devices, healthcare professionals could build a system of proactive
with existing cyber-infrastructure. The addition of intelligence to management based on the collected data, as it is believed that
physical objects offers many benefits to better human lives, in- prevention can be more important and effective than the cure.
cluding increased convenience, safety, security, and efficient usage Researchers also study techniques on how to implant sensors into
of natural resources. For example, the Smart Home can adjust human body and monitor the health condition of these people [44].
the blinds to save energy based on the environmental changes, Analyzing the collected data, healthcare professionals are able to
automatically open the garage door when it senses an authorized discover behavioral changes of patients with the disease and with
vehicle approaching, or automatically order medical service when the medicines during the treatments. In Smart Connected Health,
emergency is detected. In Smart Home, traditional physical home security is also a critical concern. With networked medical devices,
devices become a part of the extension of the existing Internet. it is convenient to collect data and check the status of that device,
If devices are compromised, the consequence can be severe. For but it is also risky because instructions can be sent to stop the
example, successfully hacking smart lock will enable strangers to function of the device [45]. It will be extremely dangerous to stop
328 K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337

Fig. 1. An architecture of Internet of Things.

a medical device that is critical to the life of the patient, like heart complicated tasks like distributed intrusion detection. In addition,
bumps. In addition, privacy can be a significant concern in Smart there exist many powerful tools and advanced algorithms that
Connected Health because most data collected in the system are can be utilized to build powerful applications. The cloud and the
very sensitive medical data [46]. things are connected, but they are usually located far away from
There are many more IoT-based applications [6]. For example, each other and have no direct communication channels. It is very
when IoT technologies are applied in Smart Transportation, secu- costly to transfer all data from things to the cloud via multiple-hop
rity solutions are necessary to protect the intelligent transporta- routing. Therefore, cloud is not an optimal choice to support IoT
tion systems such as navigation and safety [47,48]. Because the application that have features such as high real-time requirements,
focus of this paper is to investigate security issues in IoT, we only extensively geo-distribution or high mobility [51].
introduce the three typical IoT applications in detail as listed above. The edge layer (also called the fog layer or the gateway layer) is
We can conclude that security is an essential component for most proposed to fill the gap between the resource-constrained things
IoT applications, and higher level of security is required comparing
layer and the resource-rich cloud layer. The edge layer has become
with many existing networked systems since most IoT applications
a very important layer in the IoT architecture. Usually edge devices
are critical applications that deal with persons’ daily life.
are directly connected to or several hops away from the things.
Compared with things, edge devices generally have more resources
3. An architectural view of IoT
including power supply, computing power and storage spaces.
IoT is a system that interconnects a set of large-scale and het- Having multiple communication interfaces, they can help mask
erogeneous IoT end devices. Large volume of data is collected and the heterogeneity of the things, and provide other services to the
transferred in IoT [49]. Based on the analysis of the collected data, things such as offloading heavy tasks. Finally, the edge devices are
IoT targets to build an intelligent world [6,50]. A typical three-layer mostly connected with the cloud via high speed Internet. They
architecture of IoT systems is depicted in Fig. 1. IoT applications can easily utilize the powerful cloud services, or they can work
run on top of the three layers, i.e., the cloud layer, the edge layer, together with the cloud layer on heavy tasks. Therefore, the edge
and the things layer. Each layer is capable of collecting, processing, layer plays a critical role in this architecture to link the things and
and analyzing data. Two-way communication is usually supported, the cloud.
although generally speaking, much more data is streamed from the In conclusion, each layer in IoT architecture has its own special
things layer to the cloud layer through the edge layer than the other characteristics. It is essential to make them work collaboratively to
way around. build an efficient IoT system. Deployment of IoT tasks can be opti-
The things layer contains huge number of heterogeneous mized by taking into consideration the characteristics of different
things including sensors and actuators. IoT Things (also called layers.
end devices) are integrations of physical parts and cyber parts;
Physical parts of the things reaches deeply into the physical world,
4. Why security is more challenging in IoT?
while the cyber parts bring connectivity computability and storage.
The things can be extremely different in specifications including
computation, storage, communication, and power supply. For ex- Security is a must for IoT systems to protect the sensitive data
ample, things like smart meters are powerful enough to support and critical physical infrastructures [52]. Without a good level of
heavy computation, while things like smart bulb can only actuate protection, users may not adopt many IoT systems and applica-
some simple operations and almost have no computation power. tions. Security in traditional networked systems remains challeng-
In conclusion, most things are resource-constrained and energy- ing while IoT systems bring many more challenges to researchers
limited. Therefore, they are not suitable to run heavy tasks. because of several special characteristics of IoT systems. A thor-
Not like the things layer, the cloud layer is very powerful and ough understanding of these challenges is essential to develop
has many resources available to support heavy tasks, such as min- novel security solutions. In this section, we discuss these security
ing intelligence from a huge volume of data and implementing very challenges in depth.
K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337 329

4.1. Integration with the physical world operating systems such as Android, iOS, TinyOS, Contiki, and mbed.
In addition, IP based security solutions including IPSec, SSL, HTTPS,
In a typical IoT application, the cyber world is tightly coupled and SSH cannot work in low-capable devices such as smart meters
with the physical world. The coupling poses extra security con- and sensors that do not support IP-based protocols directly. As a
cerns since the physical world now can be compromised or con- result, we will see different levels of security for different parts
trolled through the cyber world, which could generate extremely in a single IoT systems. The least secure device becomes the most
detrimental consequences. The following discussion explains some vulnerable point-of-entry and it determines the overall level of
of those concerns. security of the IoT systems. Once it is compromised, other devices
Many IoT systems are mission-critical and non-interruptible, may be exploited as well.
such as the SCADA systems used in oil and gas industry. Con- In conclusion, when designing IoT security solutions, we need
ventional security rescue mechanisms are often not applicable in to adapt security algorithms and protocols to the hardware and
those scenarios. For instance, the turn off, reset, and then reboot software specifications of the devices. Security of low capable de-
sequence simply cannot work because the production processes vices needs to be enhanced through facilitation from more capable
cannot halt. In addition, an IoT system consists of the neces- devices. Compared to Bring Your Own Device (BYOD) concept and
sary cyber parts and the physical parts. These two parts must be its corresponding security issues [56], IoT brings a far more chal-
compatible for the system to function properly, which may be lenging computing environment that calls for effective security
problematic. Imagine a legacy physical device that uses a driver solutions, in which the core should be a novel security abstraction
that only works with an old operating systems that is no longer independent of device specification, operating systems, and com-
supported and updated by the vendor. Obviously, the old OS has to munication channels.
stay but it becomes a serious vulnerability. The whole system may
be compromised through this weakest link. 4.3. Resource constraints
In addition, with the tight coupling of the physical system and
the cyber world, compromising one can put the other at great To drive down the development and manufacturing cost, ven-
dors often equip the IoT devices with limited capabilities. This
risks and negative impact can propagate both ways. For example,
results in low capable devices with various resource constraints
compromising the cyber part of the systems allows the attackers
such as small memory space, low computation capability, low com-
to control the physical system. What may be in jeopardy is no
munication bandwidth and limited power supply. For example, a
longer just the sensitive and private data and information, but
typical IoT device may run an 8-bit or 16-bit system. These resource
possibly the physical devices as well. Considering the IoT appli-
constraints directly contribute to many of the IoT insecurities
cations such as Smart Grid or Smart Health, there could be both
because traditional security solutions often cannot work on low
financial loss and human life loss. On the other hand, captured
capable devices.
IoT devices could provide attackers access to coupled cyber parts.
National Institute of Standards and Technology (NIST) defined
Not like more sophisticated traditional computing devices, many
the high level goals of security as data integrity, availability, and
IoT devices are not sufficiently safeguarded. Once gaining access
confidentiality. Mechanisms including encryption, authentication,
to those vulnerable and unprotected devices, attackers can further
access control, intrusion detection, and firewalls are used to help
invade and compromise the cyber systems [53,54].
achieve those goals. However, the inherent resource constraints
The ultimate goal of IoT is to build an intelligent world based
of IoT greatly narrowed the possible choices of security solutions
on analysis results of data gleaned across the systems. Typically, because many established security mechanisms cannot be carried
control messages are often sent from the cloud or edge layer to the out by low capable devices. For instance, most IoT devices can-
actuators or end devices to control the physical world. Along this not use asymmetric key based encryption algorithms because the
path, the cyber system could be compromised at multiple points- computation cost is prohibitive, even for some relatively powerful
including all the three layers plus the communication network. Smart Meters such as GE I-210 [57]. In turn, for those devices, any
Therefore, in the IoT security design, we need to compartmen- security solution that involves public–private key scheme, such as
talize compromised systems so negative impacts will not prop- PKI-based security solutions and digital signature based authenti-
agate. To achieve this, we need to study granularity access con- cation, are not feasible either. For some even lower capable devices
trol models and mechanisms that restrict proliferation of security such as RFID tags [58], the situation is even worse because the
breaches [55]. tags cannot even support symmetric key based cryptographical
algorithms such as AES, DES, and 3DES. As far as authentication
4.2. Heterogeneous devices and communications is concerned, only symmetric key based authentication or other
lighter approaches can be used by IoT systems. For example, digital
The value of IoT technology lies greatly in its versatility and signature based authentication is not applicable because it needs to
applicability. When used for different application domains, IoT use the public–private key scheme. The other candidate, Kerberos,
systems often adopt various devices with disparate hardware and has its own limitations such as scalability issues and the fact that
software specifications. Take Smart Home as an example, the sys- it mainly works with IP-based networks. In addition, it requires a
tem power usage is monitored by low capable sensors that can only trusted path through which passwords are entered. Furthermore,
conduct simple calculations and provide readings occasionally. On there are also challenges to the key distribution and key manage-
the contrary, home security surveillance systems need to provide ment tasks. Neither the traditional certificate authority (CA) nor
monitoring of the home area in real-time. They also need to run the Diffie–Hellman key exchange algorithm would work because
detection algorithms to detect abnormal activities. In addition, they require asymmetric key scheme. In terms of access control,
in Smart Homes, we can also see very powerful devices such as intrusion detection systems, and firewalls, their application to IoT
smart TV and gaming consoles that need to perform complicated systems are also greatly limited due to the resources constraints
computation tasks. In summary, we see many IoT devices that run since they are often more computationally expensive than cryp-
on a wide range of operating systems using various communi- tographic algorithms. Take role-based access control protocols as
cation channels. These heterogeneities make traditional security example, they often need to work with a big policy library, which
solutions not applicable to IoT systems. cannot be stored in the end devices or even some edge devices. The
Traditional security solutions often assume certain types of same applies to intrusion detection systems firewalls. In summary,
software systems and communication methods. Therefore, secu- effective security design for IoT systems must be mindful of the
rity solutions that work in Window systems may not work for other resource constraints and focus on being lightweight and applicable.
330 K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337

4.4. Privacy 4.7. Less preparation for security

As large scale IoT systems often generate, collect, and analyze Last but not the least, IoT security breaches are caused by little
large volume of data to derive intelligence, privacy becomes a security preparation in people’s mindset in IoT device design and
great concern. When used in a medical domain, IoT may pose manufacture; however, it is challenging to change the people’s
threats to the privacy of people’s medical information. When used mind. Firstly, a lot of current IoT device manufacturers do not have
in smart home, IoT may expose one’s personal life to the outside the same level of understanding about cybersecurity as traditional
world, which can be potentially dangerous. For example, recent cyber device manufactures. Thus, it is difficult for them to produce
research [59] has revealed that based on utility readings, one can high secure IoT devices in the short run; for example, many IoT
infer the daily activities of the users, including private activities devices will still use simple default configurations. Because of that,
such as when they take showers, when they cook, and when they attackers can hack devices by using simple hacking techniques to
leave and come home. Other personal details such as whether obtain the username and password. Secondly, because functional-
they have kids or what types of diseases do they have can also be ity and usability are easier to sell, they are usually preferred over
derived. IoT systems need to utilize data to achieve its functions, security and it is hard to persuade people to invest in security.
but privacy also needs to be preserved to a satisfactory level. The Therefore, limited security budget does not allow to build strong
dilemma is obvious and calls for solution. security for a lot of IoT devices. A study from OEM Hub at Bit-
There also exists a tradeoff between privacy and security. defender [67] confirms above observations by pointing out that
Higher privacy demand tends to require weaker identity. Algo- security seemed to be one of the first things to be cut off. Moreover,
rithms like k-anonymity [60] was designed for such purpose. On many security solutions may not be considered by the market and
the other hand, strong security often demands strong identity the users because they degrade the functionality and usability.
especially in authentication. Considering intrusion detection and Finally, IoT devices may be treated as physical dummy devices and
firewalls, both need information traceability and linkability to can be poorly administrated by users. Considering the fact that
function. But these are exactly what privacy tries to avoid. Ag- so many successful security breaches in the traditional networked
gregation is another approach often taken to enhance privacy. systems are resulted from insufficient security design and weak se-
But aggregated data often fails to provide the necessary details curity configuration at the current level of security administration,
required for certain security analysis. In design of IoT security we will see more security problems in a less administrated system
solutions, privacy needs to be emphasized, but how to achieve the like IoT with so many mental difficulties. How to efficiently educate
most optimal balance between privacy and security is an open- and train the IoT designers, users and administrators needs to be
ended question that needs to be answered. explored.

5. Security challenges: IoT vs. wireless sensor networks


4.5. The large scale
Wireless Sensor Network (WSN) is one of the major enabling
The ever-increasing scale complicates the challenges of de-
technologies of IoT [68,69]. Security is also an important design
signing security solutions for IoT systems. First of all, the huge
challenge in WSN mainly caused by constrained available re-
amount of interaction between all the devices increase the security
sources at each sensor and the scale of sensors [70,71]. Besides
deployment cost significantly. Second, it is difficult to apply key
common challenges of security design in both WSN and IoT, several
management schemes that are already plagued with scalability is-
differences between IoT and WSN, however, indicate that security
sues to large scale IoT systems [61]. Third, post-deployment system
issues in IoT are more challenging than those in WSN because
administration will be very challenging as well [62]. For example,
of the different characteristics of WSN and IoT as well as the
people may fail to view IoT devices (such as TVs, refrigerators, ACs,
different targeted applications. Detailed comparisons in terms of
etc.) as devices that involves computing and need to be secured.
characteristics of IoT and WSN are summarized in Table 1.
On the other hand, trying to manage all the IoT devices the same First, WSNs are mostly used in data collection applications, such
way we do with traditional computing devices is impractical, both as environmental monitoring [72] and surveillance [73]. The data is
financially and technically. A potential consequence is that neces- typically collected by sensors and transmitted to sinks via reliable
sary security updates will not take place in a timely manner [63]. multihop routing protocols [74]; therefore, the communication is
Finally, the large number of connected IoT devices greatly increases mostly one direction, although the other direction is also used to
the attack space, and each device may become the next target of disseminate control messages, which is used to manage the sen-
certain attacks. Therefore, we conclude that the ideal IoT security sors. In addition, these messages usually do not intend to control
solutions should be scalable, distributed, and automatically config- the physical world, but are used to instruct sensors. Consequently,
urable. The solution should also be hierarchical and isolable. the impact of WSN to the physical world is not as significant as
IoT to the physical world. The tight coupling between the physical
4.6. Trust management world and the cyber world in IoT systems makes it essential to
consider the safety of the physical system as a part of security
Trust computing is an essential component in security de- design.
sign [64]. With a big portion of the IoT systems organized as peer- Second, both sensors in WSNs and end devices in IoT suffer
to-peer or ad hoc networks, trust management remains a signif- from constrained resources; sensors, however, may have more
icant challenge in IoT as it is a challenging issue in any peer-to- concerns on energy constraints [71], while some end devices in
peer or ad hoc networks [65]. In addition, high mobility, no global IoT systems may have more concerns on computation capability
identity, and temporary relationship among IoT devices further and storage spaces because of the low-cost design of these devices,
complicate the design for an efficient trust solution. Finally, IoT even comparing with typical sensor boards. Sensors in a WSN
systems usually do not have a central administration and lack a are mostly homogeneous, but device and communication hetero-
good infrastructure to record the behavior of IoT devices. Therefore geneity are more common in IoT systems. Above heterogeneity
it is difficult to generate reputation ratings for the devices. Study not only brings significant challenges in interconnection, but also
on novel trust models are required to evaluate the reputation of IoT makes it difficult to design a general solution that can be applied
devices [66]. in many heterogeneous devices. For example, in an IoT system that
K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337 331

Table 1
Comparison of different characterizes of IoT and WSNs.
Characteristics IoT WSNs
Physical coupling Tightly coupled Monitoring the physical world
Communication Two-direction communication Mostly one-direction communication
Constraints Computation and storage and energy More on energy
Heterogeneity Heterogeneous communications and devices Mostly homogeneous devices
Scalability Very large scale Large scale
Privacy Very high privacy expectation Some privacy expectation

consists of low-capable end devices, such as RFID and smart bulbs, 6.1. End-to-End security at Things
which barely support any encryption algorithm, the design of the
encryption algorithms, secure communication protocols and even End-to-End communication is essentially important in net-
architectural security designs all need to be reconsidered. worked systems [81], including both traditional Internet and IoT.
Third, WSNs are peer-to-peer ad hoc networks. One WSN is Protocols such as IPv6 [82] and 6LoWPAN [83] have been designed
mostly isolated from other WSNs, and one WSN is usually designed to support End-to-End communication in IoT. Similarly, End-to-
for one specific application. Contrarily, IoT, as the extension of the End security at Things is also of great interests [84]. Although
existing Internet, intends to connect many domain specific au- resource constraints at this layer limit the choices of available
tonomous systems including ad hoc networks like WSNs. System- security techniques, there exist necessities of deploying End-to-
wide key management is much more challenging in IoT than in End security. First of all, to ease trust management, it is better
WSNs because of the larger scale of IoT as IoT connects more num- to let end devices manage security by themselves. Moreover, en-
ber of devices and cover more heterogeneous devices than that in abling End-to-End security among end devices or between the end
connected autonomous subsystems. Random key distribution [75– device and other devices is important for many IoT applications.
78] is a widely adopted key management mechanism in WSNs, For instance, End-to-End security is needed in a Vehicular Net-
but because it requires a centralized key pool and has good but work application [85], where vehicles need to work together to
still limited scalability. It is hard to apply random key distribution accomplish collaborative tasks like driving safety enhancement.
mechanism in IoT, considering the large scale and lacking of central Furthermore, when End-to-End security is achieved at the Things
management in IoT. Polynomial based key predistribution [79,80] layer, many existing Internet based applications can be naturally
also has limitations of higher memory usage and computational extended to be IoT applications. Finally, end devices may want to
overhead. It requires to design complicated key-distribution mech- manage security and privacy by themselves.
anism for various IoT applications. One solution to support end-to-end security in IoT systems is
Last but not the least, comparing typical IoT applications, such to increase the available resources such as memory and compu-
as smart home and smart grid systems, with typical WSN appli- tational power at IoT devices so that they can utilize traditional
cations such as environmental monitoring and industrial moni- security solutions. The other solution is to add extra security-
toring, more human-related data is collected in IoT applications related hardware like Physically Unclonable Function (PUF) [86],
than in WSN applications. Analyzing collected human-centric data, which is a hardware based solution, working as a digital fingerprint
sensitive activities of people’s daily life will be discovered. Privacy and serves as a unique identity for a device. With PUF, authenti-
becomes a much more significant concern in IoT systems than in cation can be implemented like that are demonstrated in [87,88].
WSNs. It can even be one of the biggest obstacles of deployment The advantage of PUF technology exists that it only requires less
and adaptation of IoT systems. or comparable size of hardware (digital gates) to implement PUF
Based on the above analysis, security requirements are higher in compared with other commonly used cryptographic algorithms
IoT and it is more challenging to design efficient security solutions including popular secure hash functions (such as MD5 and SHA)
in IoT than in WSNs. and symmetric encryption algorithms like AES [89]. Therefore
PUF technology has great potential when it is implemented in
6. Architectural security design for IoT IoT systems, but there are also limitations of PUF. Firstly, not
so many existing IoT devices are equipped with PUF hardware,
From previous sections, we can see that it is challenging to so we cannot assume the existence of PUF when we design IoT
satisfy security requirements of IoT applications. Novel security so- security solutions for a large scale IoT system. In addition, many
lutions are needed to achieve a high level security in IoT, including PUF-based IoT devices require enough memory to store all the
designs of lightweight security algorithms and protocols, efficient challenge/response pairs [89]. It may significantly increase the cost
privacy-preserving algorithms and protocols, safety mechanisms of each IoT device. Generally speaking, the PUF-based security
to protect the physical systems, and many automatous approaches solutions are attractive in end-to-end security solution design for
to manage and configure security settings of IoT devices. Among IoT systems, but there are still extra hardware cost to have PUF in
them, architectural security design is of the most importance and IoT devices. Finally, PUF still has problem of modeling attacks and
should be considered first, because other security solutions are side-channel attacks [90,91].
embedded in IoT’s new architecture as depicted in Section 3, which Besides the above hardware-based solutions, End-to-End se-
is different from the architecture of existing Internet based systems curity protocols for IoT have also been studied in the literature.
and WSNs. In other words, the architectural security design can Most of them are extensions of the existing IP-based security
guide other novel security designs for IoT. In the rest of this section, solutions. Two categories of protocols are most common, including
we present three typical architectural security designs, including IPv6 based security solutions [92,93] and 6LoWPAN [83] based
End-to-End security at things, security service deployed at the security solutions [94,95]. When IP is supported by the end devices
edge, and a distributed security model. These designs can be used as shown at the right part of Fig. 2, IP-based security solutions can
to model future security solution designs like security protocols for be naturally extended to end devices, although the computational
IoT. Moreover, for each type of architectural security design, we overhead can still be high for these devices. Several efforts have
discuss the advantage and limitations of each design and present been made to make the IP-based security protocols lightweight.
examples that illustrate how to implement these designs. More- Hummen et al. tailors HIP DEX protocol [92] for IoT applications.
over, we identify a set of open issues for the design of each layer. In their design, a comprehensive session resumption mechanism
332 K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337

Fig. 2. End-to-End security at Things.

is used to reduce the heavy cost in the handshaking caused by the


Fig. 3. Deploy security service at edge.
public key based encryption. A DTLS based End-to-End security
architecture has also been proposed to support two-way authenti-
cation [93].
To interconnect end devices that do not support IP stack as
shown at the left part of Fig. 2, 6LoWPAN [83] is designed to
support End-to-End communication among devices supporting
various networking technologies. Security can also be integrated
into the design of the 6LoWPAN [83] protocol. Hennebert and
Santos [94] review several security protocols that have been inte-
grated into the 6LoWPAN protocol stack. Working with 6LoWPAN,
security can be supported at different layers, such as at the link
layer and at the network layer. In IEEE 802.15.4-2011 [96] and
its amendment [97], three fields have been added to the frames
for security purposes, including frame control, auxiliary security
header and frame payload. Auxiliary security header specifies se-
curity control to identify security mode; frame counter is used to
Fig. 4. The architecture of EdgeSec.
prevent replay attack, and key identifier is utilized to define the key
used in the communication. In the network layer, IPsec has been
adapted by compressing IPsec header into 6LoWPAN frame [98].
Similarly, DTLS protocol has been considered to be compressed of having end devices handle security by themselves, security
into a 6LoWPAN frame [93]. management tasks may be offloaded from low capable end devices
From above analysis, we can see that to support End-to-End to more powerful edge devices. In this scenario, the end device may
security, end devices are required to be capable of supporting IPv6 have to chooses to trust the edge layer, and use the edge layer as
protocol or 6LoWPAN protocol. Both cases require end devices to the security agent to manage its security needs. Fig. 3 illustrates
have reasonable rich resources, although lightweight algorithms how the edge layer can be used to enhance the security of the end
and protocols have been studied. For example, most existing End- devices. In the figure, edge device creates a security profile for each
to-End security solutions utilize public key schemes in the protocol end device. Any access to end device or instruction sent to end
design. ECC [99] has been utilized to reduce the overhead of the devices is taken care of by the edge layer on behalf of these end
public key based security solutions. Other lightweight security devices through well-designed security checking mechanism. For
protocols such as symmetric key based protocols could also be example, representing the end device, the edge device makes use of
explored. Many end devices, however, may still be not powerful an authentication protocol to mutually authenticate a third device
enough to support these lightweight protocols. End-to-End secu- that wants to communicate with the end device. Authorization
rity at Things has several advantages. First, the end devices do not can also be managed by the edge device that decides which other
need to trust any other devices because they do not rely on other devices have the right to access the data collected by the end
devices to achieve security goals. Second, the system architecture device or can send control commands to it. In addition, with more
is a kind of flat architecture. It reduces management cost. Third, data available at the edge device and the available computation
privacy of end devices can be better protected because they can capability, the edge device can run intrusion detection algorithms
decide how much information to share. to detect attacks so that the intrusion can be controlled as early as
Although many research efforts have been made to achieve possible.
End-to-End security, there are still many open research problems. EdgeSec [26] presents an example of such a design. The archi-
Firstly it is difficult to address safety issues of end devices because tecture of EdgeSec is shown in Fig. 4. From the figure, EdgeSec
of little protection can be delivered [100]. Secondly lightweight consists of seven major function components, including Security
protocols that enable End-to-End security need to be designed. Profile Manager, Security Analysis Module, Protocol Mapping, In-
Thirdly, novel protocols are needed to handle the heterogeneity terface Manager, Security Simulation Module, Request Handler,
in IoT devices. Finally, how to extend existing IP network to cover and User Interface. Security Profile Manager registers end devices
more IoT end devices can be studied. to EdgeSec. It creates a security profile and also collects security
requirements of each end device. Based on device security profile
6.2. Edge layer security service and requirements, Security Analysis Module decides if a specific
security function will be deployed at the edge layer. Then the
Many end devices such as smart bulbs and RFID tags do not Protocol Mapping module chooses appropriate protocols to satisfy
have sufficient resources to support End-to-End security. Instead the security requirements based on security function deployment
K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337 333

by presenting the verifiable credential from the cloud. This idea


can be implemented in four steps as shown in Fig. 5. In the first
step, before the edge device starts its communication with the end
device, the edge device sends a request asking access to a specific
end device to the cloud. Then the cloud verifies the trustworthiness
of the edge device either based on an authentication and authoriza-
tion check or based on the trust score calculated from a trust model
available at the cloud. Next, the cloud issues credentials to the edge
Fig. 5. Distributed security model for IoT. device. In the third step, the edge device presents the credentials
from the cloud to the end device and the end device verifies the
credentials. If above steps are all successful, the end device can
decisions. Interface Manager is designed to mask communication start trusting the edge device at the fourth step.
heterogeneity in end devices. After Request Handler receives the The secure framework to read isolated smart meter [101,59]
request of accessing the end devices, Security Analysis Module will presents an example that implements the above design by design-
be contacted to analyze potential security risks of the requests. ing a two-phase authentication protocol. In [59], the smart meters
Moreover, if the request is a critical request, e.g., it may cause are the IoT things, resource-constrained devices that can support
physical damages to the IoT system, it will first simulate the execu- neither asymmetric cryptographic algorithms nor the IP based
tion of the request using Security Simulation Module. Finally, User security solutions. The utility cloud needs to securely read data
Interfaces allows administrators and users to interact with EdgeSec from smart meters to build smart grid applications, but it cannot
components. securely communicate with the smart readers directly. Therefore,
The advantages of deploying security at the edge layer are as a smart reader is used as an edge device that connects the utility
follows. First, with more resources available at the edge layer, cloud and the smart meters. It also helps to securely read data
it can leverage these resources to offload computation-intensive from the smart meter and send them to the utility cloud. The
tasks, such as data encryption, key generation, and intrusion de- above goal is achieved by designing a two-phase authentication
tection, from end devices. This is critical for end devices with protocols that involves all three parties. In the first phase of the
very constrained resources, such as passive RFID tags and smart framework, after receiving the data reading request from the smart
bulbs. Second, edge devices are physically close to end devices. reader, the cloud verifies the legitimation of the smart reader using
This not only reduces the communication cost significantly but a digital signature based authentication protocol and the cloud
also improves real-time performance of IoT applications. Third, database also confirms the legitimation of the task by checking
the Edge layer has more information than end devices about the the job schedule. Then a credential is sent from the cloud to the
whole system; thus it is possible to deploy more optimized secu- smart reader. It is used to generate a one-time shared key between
rity management at the Edge layer. Fourth, the relatively stable the smart reader and the smart meter. In the second phase of the
relationship between edge devices and end devices is very ben- framework, the smart reader completes a symmetric key based
eficial to establish trust between them by designing novel trust authentication using the generated one-time shared key and wins
models. Fifth, the Edge layer can be used to protect the privacy the trust from the smart meter. Therefore, the smart meter will
of end devices by utilizing secure aggregation algorithms or other allow the smart reader to read the collected data.
k-anonymity algorithms [60]. Finally, the Edge layer usually has Besides the trust management, cloud can help in many other
high-speed connection with Cloud and it is cost-effective for them perspectives of security solution design. For example, although
to get security support from Cloud as needed. One limitation of edge devices are generally powerful, they still may not have suf-
this approach is that the end device has to fully trust the edge ficient resources to handle very heavy tasks. In these cases, the
device. In addition, novel security solutions are needed to enhance cloud can be very helpful in implementing security solutions by
the security level of the edge layer. Furthermore, how to secure offloading heavy computation and storage needs at the edge layer
the communication between the end device and the edge device to the cloud layer. For instance, intrusion detection mechanisms
remains a challenge. can be more powerful when they are implemented in the cloud
Edge based security solutions attract more attention recently. in that the cloud has the capability to store and process a huge
Open research issues include how to build a secure and efficient volume of data. Like what is indicated in [102], the intrusion can be
edge layer, i.e., security design to secure edge devices, how to se- detected as early as possible based on the analysis of the collected
curely connect the edge layer with end devices using a lightweight data in the cloud. In addition, the cloud can be a better choice to
protocol, how to organize edge devices to collaboratively perform manage key distribution and help to manage the security of edge
complicated security functions, and how to build novel trust mod- layer [103].
els for edge and end communications. In addition, research issues In the above design, the end device, the edge device and the
such as edge-based intrusion detection and threats analysis will be cloud work together to achieve a high level of security. Therefore
of great interests. we name this architectural security design as distributed security
model for IoT. The advantages of distributed security model are
6.3. Distributed security model for IoT three folds. First, cloud layer service is usually more trustable than
edge layer service. It can lower the risk of trusting the edge layer.
Above edge based security solution requires end devices to trust Second, with the available resources in the cloud, many compli-
edge devices. This can be risky in many cases. Authentication can cated security solutions can be supported, i.e., the cloud can be
be utilized to build the trust between end devices and edge devices. compliment to other layers in security solution design. Third, it is
Most existing scalable authentication protocols depend on public beneficial to distribute the security workload to multiple layers; in
key or symmetric key schemes, but end devices may not have other words, distributing the storage of security information helps
sufficient resources to support these needed operations. Compared to enhance the security. One problem of using cloud in IoT security
with temporary connected edge devices, the permanent available design is that the cloud is usually located far away from the end
cloud services are more trustable to end devices in most cases. devices and they may not be able to communicate directly with the
With this level of trust, the cloud can provide credentials to edge end devices. Several performance related requirements such as the
devices so that the edge device can win the trust from end devices real-time requirement are not easy to be satisfied. Moreover, using
334 K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337

cloud to improve the security at end devices can make the security well. In [113], Covington and Carskadden present a list of attacks
solution design more complicated. More types of communication that can be launched against the IoT systems. Zhang et al. [114]
make it necessary to secure all the communications. Finally, there describe various communication scenarios in IoT systems and ana-
are also requirements like that the end device should be reasonably lyzes several authentication schemes for their application in IoT.
powerful to support necessary security functions such as symmet- As an important layer in the IoT architecture, security issues in
ric key algorithms and secure hash functions like in [59]. the fog/edge layer are analyzed in [115]. The authors investigate
The end layer, the edge layer and the cloud layer working the security and privacy issues in the Fog computation paradigm
together on security solutions is of great interests, but there are still and study the man-in-the-middle attack. Similarly, cloudlet mesh
open research issues, such as how to distribute security functions is used to secure mobile clouds in [116]. There are also many
to each layer, how to minimize the complexity of the security other papers working on a specific security problem and proposing
solutions when all three layers are involved, how to maximally solutions for that problem like Sybil attack [117].
utilize the cloud layer resources for security design, and how to
preserve privacy when all three layers are involved in security
8. Conclusion
solution design. Moreover, how to produce distributed log files and
conduct distributed security analysis across multiple layers is the
With increasing deployments of IoT systems, security becomes
other open research issue.
a key component to protect both the cyber and the physical world.
In conclusion, three options of architectural security designs
are available. If the end devices are powerful enough to support This paper first analyzes the new security challenges presented
necessary security functions and have the appropriate networking by the features of IoT systems, especially by resource-constrained
capability, it is preferred to have end-to-end security at IoT things. IoT end devices and the tight coupling of the cyber and physical
It is necessary, otherwise, to offload security related tasks to the world. Then three architectural security designs are summarized
edge devices and the cloud that have enough computational and to guide future security protocol and algorithm design. Advantages
storage capacity to support security functions. Then a certain level and limitations of each design are analyzed in detail. Examples
of trust to either the edge layer or to the cloud layer is needed. Each of how to implement each design are presented. Based on our
above design has its advantages and limitations. Applications need analysis, low capable end devices need help from the levels above
to choose the most suitable architectural security design based on in order to achieve a good level of security of the whole IoT system.
their security requirements and available resources.
Acknowledgment
7. Related work
This research is partially supported by the National Natural
IoT has attracted lots of attentions in the recent years. There Science Foundation of China under Grant No: 61672016.
exist many efforts that focus on how to secure the IoT systems.
In this section, we lists a set of work related to this paper. A
References
comprehensive survey of IoT is presented in [104]. The authors
not only summarize the architecture, application and enabling [1] A.L.L. Atzori, G. Morabito, The internet of things: A survey, Comput. Netw.
techniques for IoT, but also provide a discussion on security and 54 (15) (2010) 2787–2805.
privacy issues. Roman et al. [105] present features and challenges [2] S. Greengard, Smart transportation networks drive gains, Commun. ACM
of security and privacy in distributed IoT. In their paper, the authors 58 (1) (2015) 25–27.
[3] G. Pan, et al., Trace analysis and mining for smart cities: issues, methods, and
classify IoT systems into four types: centralized IoT, collaborative
applications, IEEE Commun. Mag. 121 (6) (2015) 120–126.
IoT, connected IoT, and distributed IoT. After analyzing the features [4] A. GhaffarianHoseini, et al., The essence of future smart houses: From em-
of each type of IoT systems, they list a set of security challenges in bedding ict to adapting to sustainability principles, Renewable Sustainable
terms of the traditional security requirements and discuss promis- Energy Rev. 24 (1) (2013) 593–607.
ing approaches to address these challenges. Similarly, work by Jing [5] M. Amin, W. Bruce, Toward a smart grid: power delivery for the 21st century,
IEEE Power Energ. Mag. 3 (5) (2005) 34–41.
et al. [106] surveys security in different layers including percep-
[6] J. Gubbi, et al., Internet of Things (iot): A vision, architectural elements, and
tion layer, transportation layer and application layer. The paper future directions, Future Gener. Comput. Syst. 29 (7) (2013) 1645–1660.
discusses security issues in RFID, Wireless Sensor Networks, and [7] Z. Liu, K-K.R. Choo, M. Zhao, Practical-oriented protocols for
in network communication protocols as well as application layer privacy-preserving outsourced big data analysis: Challenges and future re-
protocols. Suo et al. present a review of security in IoT [107]. They search directions, Comput. Secur. 69 (2017) 97–113.
[8] H. J, G.W. B, C.K.-K. R, Medical device vulnerability mitigation effort gap
analyze security issues in each layer of IoT systems in a general
analysis taxonomy, Smart Health (2018). http://dx.doi.org/10.1016/j.smhl.
IoT architecture and give a review of the existing security tools. 2017.12.001. (in press).
Security challenges are discussed briefly. Security and privacy is- [9] A. Anjum, et al., An efficient privacy mechanism for electronic health records,
sues are also examined in [108] and [109]. They summarize the Comput. Secur. 72 (2018) 196–211.
challenges from the viewpoint of traditional security requirements [10] V. Casola, A. Castiglione, K.-K.R. Choo, C. Esposito, Healthcare-related data in
the cloud: challenges and opportunities, IEEE Cloud Comput. 3 (6) (2016) 10–
and present a brief review of the existing technologies. Similarly,
14.
Hossain et al. review security issues and challenges in IoT from the [11] Baby monitor hacker still terrorizing babies and their parents. URL http://
viewpoint of limitations in hardware, software and networks [110]. www.forbes.com/sites/kashmirhill/2014/04/29/baby-monitor-hacker-still-
Security challenges in the IP-based IoT system are studied in [81]. terrorizing-babies-and-their-parents/#5b91ff7717e2.
The paper reviews the architecture design of a IP-based IoT and [12] Previous next black hat usa 2015: The full story of how that Jeep was hacked.
URL https://blog.kaspersky.com/blackhat-jeep-cherokee-hack-explained/94
presents a list of security challenges in the context of standard IP- 93/.
based security protocols. IoT security challenges are also reviewed [13] Your hackable house. URL http://money.cnn.com/interactive/technology/
in [111]. Our work extends [111] and differs from all above listed hackable-house/.
related work by presenting a comprehensive analysis on the new [14] Z. Ling, J. Luo, Y. Xu, C. Gao, K. Wu, X. Fu, Security vulnerabilities of internet
challenges and analyzing the security deployment problem in IoT of things: A case study of the smart plug system, IIEEE Int.-of-Things (IoT) J.
pp (99) (2017) 1–1.
systems. Several open security issues are identified at each layer in [15] C. Osborne, Vulnerable smart home iot sockets let hackers access your
the IoT architecture. email account, [http://www.zdnet.com/article/vulnerable-smart-home-iot-
Weber provides a review of privacy issues in IoT systems from sockets-act-as-bridge-to-take-down-full-networks/], online; (accessed
the legal point of view [112]. A list of attack models are discussed as 24.10.17).
K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337 335

[16] M.-A. Russon, Hackers turning millions of smart cctv cameras into botnets for [43] G. Leroy, H. Chen, T. Rindflesch, Smart and connected health, IEEE Intell. Syst.
ddos attacks, [http://www.ibtimes.co.uk/hackers-turning-millions-smart- 29 (3) (2014) 2–5.
cctv-cameras-into-botnets-ddos-attacks-1525736], online; (accessed [44] M. Hartman, Tools for the vision impaired [opinion], IEEE Technol. Soc. Mag.
24.10.17). 34 (2) (2015) 16–17.
[17] T. Fox-Brewster, How hacked cameras are helping launch the biggest attacks [45] M. Rahman, B. Carbunar, M. Banik, Fit and vulnerable: Attacks and defenses
the internet has ever seen, [https://www.forbes.com/sites/thomasbrewster/ for a health monitoring device arXiv Preprint, arXiv, 1304, 2013, p. 5672.
2016/09/25/brian-krebs-overwatch-ovh-smashed-by-largest-ddos-attacks- [46] J.L. Fernandez-Aleman, et al., Security and privacy in electronic health
ever/#705007235899], online; (accessed 24.10.17). records: A systematic literature review, J. Biomed. Inform. 46 (3) (2013) 541–
[18] KrebsOnSecurity.com, Hacked cameras, dvrs powered todays massive inter- 562.
net outage, [https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs- [47] N. Ekedebe, W. Yu, C. Lu, H. Song, Y. Wan, Securing transportation cyberphys-
powered-todays-massive-internet-outage/], online; (accessed 24.10.17). ical systems, in: Securing Cyber-Physical Systems, CRC Press, Boca Raton,
[19] C. D’Orazio, K.-K.R. Choo, L.T. Yang, Data exfiltration from internet of things 2015, pp. 163–196.
devices: ios devices as case studies, IEEE Internet Things J. 4 (1) (2017) 524– [48] J. Lin, W. Yu, N. Zhang, X. Yang, L. Ge, On data integrity attacks against route
535. guidance in transportation-based cyber-physical systems, in: Proceedings of
[20] C. D’Orazio, K.-K.R. Choo, A technique to circumvent ssl/tls validations on ios the 14th IEEE Annual Confernece in Consumer Communications and Net-
devices, Future Gener. Comput. Syst. 74 (2017) 366–374. working Conference (CCNC 2017), 2017.
[21] C.J. D’Orazio, R. Lu, K.-K.R. Choo, A.V. Vasilakos, A Markov adversary model [49] Y. Sun, et al., constructing the web of events from raw data in the web of
to detect vulnerable ios devices and vulnerabilities in ios apps, Appl. Math. things, Mobile Inf. Syst. 10 (1) (2014) 105–125.
Comput. 293 (2017) 523–544. [50] Y. Sun, A. Jara, An extensible and active semantic model of information
[22] C. D’Orazio, K.-K.R. Choo, Circumventing ios security mechanisms for apt organizing for the internet of things, Pers. Ubiquitous Comput. 18 (8) (2014)
forensic investigations: A security taxonomy for cloud apps, Future Gener. 1821–1833.
Comput. Syst. 79 (2018) 247–261. [51] F. Bonomi, et al., Fog computing: A platform for internet of things and analyt-
[23] Q. Do, B. Martini, K.-K.R. Choo, Is the data on your wearable device secure? ics, in: Big Data and Internet of Things: A Roadmap for Smart Environments,
An Android Wear smartwatch case study, Softw. Pract. Exper. 47 (3) (2017) Springer International Publishing, 2014, pp. 169–186.
391–403. [52] K. Sha, W. Wei, A. Yang, W. Shi, Security in internet of things: Opportunities
[24] Q. Do, B. Martini, K.-K.R. Choo, A data exfiltration and remote exploitation and challenges, in: Proceedings of International Conference on Identification,
attack on consumer 3d printers, IEEE Trans. Inf. Forensics Secur. 11 (10) Information & Knowledge in the Internet of Things (IIKI 2016), 2016.
(2016) 2174–2186. [53] S. Boyer, SCADA: Supervisory Control and Data Acquisition, International
[25] Q. Do, B. Martini, K.-K.R. Choo, Exfiltrating data from android devices, Society of Automation, 2009.
Comput. Secur. 48 (2015) 74–91. [54] C. Lin, G. Wu, Enhancing the attacking efficiency of the node capture attack
[26] R. Errabelly, K. Sha, W. Wei, T.A. Yang, Z. Wang, Edgesec: Design of an edge in wsn: a matrix approach, J. Supercomput. 66 (2) (2013) 989–1007.
layer security service to enhance internet of things security, in: Proceedings [55] M. Alramadhan, K. Sha, An overview of access control mechanisms for in-
of the first IEEE international conference on fog and edge computing (ICFEC ternet of things, in: Proceedings of the 26th International Conference on
2017). Computer Communications and Networks (ICCCN 2017), 2017.
[27] W. Shi, J. Cao, Q. Zhang, Y. Li, L. Xu, Edge computing: Vision and challenges, [56] B. Morrow, Byod security challenges: control and protect your most sensitive
IEEE Internet Things J. 3 (5) (2016) 637–646. data, Netw. Secur. 2012 (12) (2012) 5–8.
[28] D.X. Li, W. He, S. Li, Internet of things in industries: A survey, IEEE Trans. Ind. [57] I-210+c smart grid enables consumer friendly metering. URL http://www.
Inf. 10 (4) (2014) 2233–2243. gegridsolutions.com/smartmetering/catalog/i210plusc.htm#i210c2.
[29] A. Jacobsson, P. Davidsson, Towards a model of privacy and security for smart [58] R. Wang, The magic of RFID, ACM Queue 2 (7) (2004) 41–48.
homes, in: Proceedings of the IEEE 2nd World Forum on Internet of Things [59] K. Sha, N. Alatrash, Z. Wang, A secure and efficient framework to read isolated
(WF-IoT 2015), 2015. smart grid devices, IEEE Trans. Smart Grid 8 (6) (2017) 2519–2531.
[30] Gartner, Gartner says a typical family home could contain more than 500 [60] L. Sweeney, k-anonymity: a model for protecting privacy, Int. J. Uncertain.
smart devices by 2022, [http://www.gartner.com/newsroom/id/2839717], Fuzziness Knowl.-Based Syst. 10 (5) (2002) 557–570.
online; (accessed 13.09.16). [61] J. Qi, et al., Security of the internet of things: Perspectives and challenges,
[31] I. Rouf, et al., Neighborhood watch: security and privacy analysis of automatic Wirel. Netw. 20 (8) (2014) 2481–2501.
meter reading systems, in: Proceedings of the 2012 ACM Conference on [62] Z. Wan, et al., Skm: Scalable key management for advanced metering infras-
Computer and Communications Security, 2012. tructure in smart grids, IEEE Trans. Ind. Electron. 61 (12) (2014) 7055–7066.
[32] X. Pan, Z. Ling, A. Pingley, W. Yu, K. Ren, N. Zhang, X. Fu, How privacy leaks [63] T. Yu, V. Sekar, S. Seshan, Y. Agarwal, C. Xu, Handling a trillion (unfixable)
from bluetooth mouse? IEEE Trans. Dependable Secure Comput. (TDSC) 13 (4) flaws on a billion devices: Rethinking network security for the internet-of-
(2016) 461–473. things, in: Proceedings of the 14th ACM Workshop on Hot Topics in Networks,
[33] X. Fang, S. Misra, G. Xue, D. Yang, Smart grid - the new and improved power 2015.
grid: A survey, IEEE Commun. Surv. Tutor. 14 (2012). [64] Z. Yan, P. Zhang, A.V. Vasilakos, A survey on trust management for internet of
[34] S. Depuru, L. Wang, V. Devabhaktuni, Smart meters for power grid: Chal- things, J. Netw. Comput. Appl. 42 (4) (2015) 120–134.
lenges, issues, advantages and status, Renewable Sustainable Energy Rev. [65] Q. Han, H. Wen, G. Feng, B. Wu, M. Ren, Self-nominating trust model based
15 (6) (2011) 2736–2742. on hierarchical fuzzy systems for peer-to-peer networks, Peer-to-Peer Netw.
[35] S. Karnouskos, O. Terzidis, P. Karnouskos, An advanced metering infrastruc- Appl. 9 (6) (2016) 1020–1030.
ture for future energy networks, in: Proceedings of NTMS 2007 Conference, [66] S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini, Security, privacy and trust
2007. in internet of things: The road ahead, Comput. Netw. 76 (1) (2015) 146–164.
[36] M. Faisal, Z. Aung, J. Williams, A. Sanchez, Data-stream-based intrusion detec- [67] Why iot security will be a nightmare for everyone. URL http://oemhub.
tion system for advanced metering infrastructure in smart grid: A feasibility bitdefender.com/why-iot-security-will-be-a-nightmare-for-everyone.
study, IEEE Syst. J. 9 (1) (2015) 31–44. [68] C. Kruger, G. Hancke, Implementing the internet of things vision in industrial
[37] A. Molina-Markham, et al., Private memoirs of a smart meter, in: Proceedings wireless sensor networks, in: Proceedings of the 12th IEEE International
of the Second ACM Workshop on Embedded Sensing Systems for Energy- Conference on Industrial Informatics (INDIN 2014), 2014.
Efficiency in Buildings, 2010. [69] Z. Song, M.T. Lazarescu, R. Tomasi, L. Lavagno, M.A. Spirito, High-level in-
[38] Q. Yang, D. An, R. Min, W. Yu, X. Yang, W. Zhao, On optimal pmu placement- ternet of things applications development using wireless sensor networks,
based defense against data integrity attacks in smart grid, IEEE Trans. Inf. in: Internet of Things, Springer, 2014, pp. 75–109.
Forensics Secur. 12 (7) (2017) 1735–1750. [70] A. Perrig, J. Stankovic, D. Wagner, Security in wireless sensor networks,
[39] X. Zhang, X. Yang, J. Lin, G. Xu, W. Yu, On data integrity attacks against real- Commun. ACM 47 (6) (2004) 53–57.
time pricing in energy-based cyber-physical systems, IEEE Trans. Parallel [71] G.A.Y. Wang, B. Ramamurthy, A survey of security issues in wireless sensor
Distrib. Syst. (TPDS) 28 (1) (2017) 170–187. networks, IEEE Commun. Surv. Tutor. 8 (2) (2006) 2–23.
[40] J. Lin, W. Yu, X. Yang, On false data injection attack against multistep electric- [72] L. Larkey, L. Bettencourt, A. Hagberg, In-situ data quality assurance for en-
ity price in electricity market in smart grid, IEEE Trans. Parallel Distrib. Syst. vironmental applications of wireless sensor networks, Tech. Rep. Report LA-
(TPDS) 27 (1) (2016) 286–302. UR-06-1117, Los Alamos National Laboratory, (Oct. 2006).
[41] Q. Yang, J. Yang, W. Yu, D. An, N. Zhang, W. Zhao, On false data-injection [73] T. Bokareva, et al., Wireless sensor networks for battlefield surveillance, in:
attacks against power system state estimation: Modeling and countermea- Proceedings of Land Warfare Conference 2006, 2006.
sures, IEEE Trans. Parallel Distrib. Syst. (TPDS) 25 (3) (2014) 717–729. [74] K. Sha, J. Gehlot, R. Greve, Multipath routing techniques in wireless sensor
[42] X. Yang, J. Lin, W. Yu, P. Moulema, X. Fu, W. Zhao, A novel en-route filtering networks: A survey, Wirel. Pers. Commun. 70 (2) (2013) 807–829.
scheme against false data injection attacks in cyber-physical networked [75] H. Chan, A. Perrig, D. Song, Random key predistribution schemes for sensor
systems, IEEE Trans. Comput. (TC) 64 (1) (2015) 4–18. networks, in: Proceedings of ACM CCS’03, 2003.
336 K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337

[76] W. Du, J. Deng, Y. Han, P. Varshney, A pairwise key pre-distribution scheme [105] R. Roman, J. Zhou, J. Lopez, On the features and challenges of security and
for wireless sensor networks, in: Proceedings of ACM CCS’03, 2003. privacy in distributed internet of things, Comput. Netw. 57 (10) (2013) 2266–
[77] K. Sha, Y. Xi, W. Shi, L. Schwiebert, T. Zhang, Adaptive privacy-preserving 2279.
authentication in vehicular networks, in: Proceedings of the International [106] Q. Jing, et al., Security of the internet of things: Perspectives and challenges,
Workshop on Vehicle Communication and Appliations, 2006. Wirel. Netw. 20 (8) (2014) 2481–2501.
[78] Y. Xi, K. Sha, W. Shi, L. Schwiebert, T. Zhang, Enforcing privacy using sym- [107] H. Suo, et al., Security in the internet of things: a review, in: Proceedings
metric key-set in vehicular networks, in: Proceedings of the 8th International of the IEEE International Conference on Computer Science and Electronics
Symposium on Autonoumous Decentralized Systesms, 2007. Engineering, 2012.
[79] M. Anita, R. Geetha, E. Kannan, A novel hybrid key management scheme for [108] M. Abomhara, G. Koien, Security and privacy in the internet of things: Current
establishing secure communication in wireless sensor networks, Wirel. Pers. status and open issues, in: Proceedings of the IEEE International Conference
Commun. 82 (3) (2015) 1419–1433. on Privacy and Security in Mobile Systems, 2012.
[80] D. Liu, P. Ning, R. Li, Establishing pairwise keys in distributed sensor networks, [109] X. Xu, Study on security problems and key technologies of the internet of
ACM Trans. Inf. Syst. Secur. (TISSEC) 8 (1) (2005) 41–77. things, in: Proceedings of the 5th International Conference on Computational
[81] T. Heer, et al., Security challenges in the ip-based internet of things, Wirel. and Information Sciences, 2013.
Pers. Commun. 61 (3) (2011) 527–542. [110] M. Hossain, M. Fotouhi, R. Hasan, Towards an analysis of security issues,
[82] C. Huitema, IPv6: The New Internet Protocol, Prentice Hall PTR Upper Saddle challenges, and open problems in the internet of things, in: Proceedings of
River, NJ, USA, 1996. the 2015 IEEE World Congress on Services, 2015.
[83] Z. Shelby, C. Bormann, 6LoWPAN: The Eireless Eembedded Internet, Vol. 43, [111] K. Sha, W. Wei, A.T. Yang, W. Shi, Security in internet of things: Opportunities
John Wiley & Sons, 2011. and challenges, in: Proceedings of 2016 International Conference on Identifi-
[84] R. Roman, P. Najera, J. Lopez, Securing the internet of things, Computer 44 (9) cation, Information, and Knowledge in the Internet of Things (IIKI’16), 2016.
(2011) 51–58. [112] R. Weber, Internet of things-new security and privacy challenges, Comput.
[85] J. Cui, W. Xu, K. Sha, H. Zhong, An efficient identity-based privacy-preserving Law Secur. Rev. 26 (1) (2010) 23–30.
authentication scheme for vanets, in: Proceedings of 13th EAI Interna- [113] M. Covington, R. Carskadden, Threat implications of the internet of things,
tional Conference on Collaborative Computing: Networking, Applications in: Proceedings of the 5th IEEE International Conference on Cyber Conflict
and Worksharing (CollaborateCom 2017), 2017. (CyCon), 2013.
[86] C. Herder, M.-D. Yu, F. Koushanfar, S. Devadas, Physical unclonable functions [114] Z. Zhang, M. Cho, S. Shieh, Emerging security threats and countermeasures in
and applications: A tutorial, Proc. IEEE 102 (8) (2014) 1126–1141. IoT, in: Proceedings of 10th ACM Symposium on Information, Computer and
[87] M. Rostami, M. Majzoobi, F. Koushanfar, D.S. Wallach, S. Devadas, Robust Communications Security, 2015.
and reverse-engineering resilient puf authentication and key-exchange by [115] P. Panciatici, G. Bareux, L. Wehenkel, Operating in the fog: Security manage-
substring matching, IEEE Trans. Emerging Top. Comput. 2 (1) (2014) 37–49. ment under uncertainty, IEEE Power Energ. Mag. 10 (5) (2012) 40–49.
[88] A. Aysu, E. Gulcan, D. Moriyama, P. Schaumont, M. Yung, End-to-end design of [116] Y. Shi, S. Abhilash, K. Hwang, Cloudlet mesh for securing mobile clouds from
a puf-based privacy preserving authentication protocol, in: Proceedings of In- intrusions and network attacks, in: Proceedings of the 3rd IEEE International
ternational Workshop on Cryptographic Hardware and Embedded Systems, Conference on Mobile Cloud Computing, Services, and Engineering, 2015.
2015. [117] K. Zhang, et al., Sybil attacks and their defenses in the internet of things, IEEE
[89] L. Bolotnyy, G. Robins, Physically unclonable function-based security and pri- Internet Things J. 1 (5) (2014) 372–383.
vacy in rfid systems, in: Proceedings of Fifth Annual IEEE International Con-
ference on Pervasive Computing and Communications (PerCom’07), 2017.
[90] J. Delvaux, I. Verbauwhede, Side channel modeling attacks on 65nm arbiter
pufs exploiting cmos device noise, in: Proceedings of 2013 IEEE International Kewei Sha is an Associate Director of Cyber Security In-
Symposium on Hardware-Oriented Security and Trust (HOST), 2013. stitute and Assistant Professor of Computer Science at
[91] X. Xu, W. Burleson, Hybrid side-channel/machine-learning attacks on pufs: University of Houston — Clear Lake (UHCL). Before he
a new threat? in: Proceedings of the Conference on Design, Automation and moved to UHCL, he was the Department Chair and Asso-
Test in Europe, 2014. ciate Professor in the Department of Software Engineering
[92] R. Hummen, et al., Tailoring end-to-end ip security protocols to the internet of at Oklahoma City University (OCU). He received Ph.D. in
things, in: Proceedings of the 21st IEEE International Conference on Network Computer Science from Wayne State University in 2008.
Protocols (ICNP), 2013. His research interests include Internet of Things, Cyber–
[93] T. Kothmary, et al., A dtls based end-to-end security architecture for the Physical Systems, Edge Computing, Network Security and
internet of things with two-way authentication, in: Proceedings of the IEEE Privacy, and Data Management and Analytics. His research
37th Conference on Local Computer Networks Workshops (LCN Workshops), has been supported by NSF, NSFC, UHCL and OCU. He
2012. received 2018 Albert Nelson Marquis Lifetime Achievement Award and IEEE Out-
[94] C. Hennebert, J.D. Santos, Security protocols and privacy issues into 6lowpan standing Leadership Award in 2015. He is a Senior member of both ACM and IEEE.
stack: a synthesis, IEEE Internet Things J. 1 (5) (2014) 384–398.
[95] K. Krentz, H. Rafiee, C. Meinel, 6lowpan security: adding compromise re-
silience to the 802.15. 4 security sublayer, in: Proceedings of the International
Workshop on Adaptive Security, 2013. Wei Wei is an Assistant Professor in Computer Infor-
[96] I. S. Association, et al., ieee std 802.15. 4-2011, ieee standard for local and mation Systems at the University of Houston-Clear Lake
metropolitan area networks-part 15.4: Low-rate wireless personal area net- (UHCL). She received her Ph.D. in Management Infor-
works (lr-wpans), (Sep 2011). mation Systems from the University of Arizona, Tucson,
[97] G. Patti, G. Alderisi, L. Bello, Introducing multi-level communication in the United States (2010). She also works at the Cyber Security
ieee 802.15. 4e protocol: the multichannel-lldn, in: Proceedings of the 2014 Institute at UHCL. Her research interests include network
ieee Emerging Technology and Factory Automation (ETFA), 2014. security, cybersecurity education, and big data analytics
[98] S. Raza, et al., Securing communication in 6lowpan with compressed ipsec, in: for various purposes such as security intelligence and pub-
Proceedings of the 2011 International Conference on Distributed Computing lic relation management.
in Sensor Systems (DCOSS’11), 2011.
[99] S. Chatterjee, A.K. Das, An effective ecc-based user access control scheme with
attribute-based encryption for wireless sensor networks, Secur. Commun.
Netw. 8 (9) (2015) 1752–1771.
[100] V.G. Cerf, P.S. Ryan, M. Senges, R.S. Whitt, Iot safety and security as shared T. Andrew Yang earned his Ph.D. in Information Science
responsibility, J. Bus. Inf. 35 (1) (2016) 7–19. from the University of Minnesota, and is currently with
[101] K. Sha, C. Xu, Z. Wang, One-time symmetric key based cloud supported secure the faculty of the Computing Science Department in the
smart meter reading, in: Proceedings of the 23rd International Conference on University of Houston-Clear Lake. His research interests
Computer Communications and Networks (ICCCN 2014), 2014. include computer security, network security, wireless and
[102] S. Raza, L. Wallgren, T. Voigt, Svelte : Real-time intrusion detection in the ad hoc networks, information system education, and cy-
internet of things, Ad Hoc Networks 11 (8) (2013) 2661–2674. bersecurity curricular design. His research and develop-
[103] J. Singh, T. Pasquier, J. Bacon, H. Ko, D. Eyers, Twenty security considerations ment work have been sponsored by various federal, state,
for cloud-supported Internet of Things, IEEE Internet Things J. 3 (3) (2016) and local agencies.
269–284.
[104] J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, W. Zhao, A survey on internet
of things: Architecture, enabling technologies, security and privacy, and
applications, IIEEE Int.-of-Things (IoT) J. pp (99) (2017) 1–1.
K. Sha et al. / Future Generation Computer Systems 83 (2018) 326–337 337

Zhiwei Wang is an associate professor of the School of Weisong Shi is a Charles H. Gershenson Distinguished
Computer at Nanjing University of Posts and Telecom- Faculty Fellow and a professor of Computer Science at
munications from 2009 to now. His research interests in- Wayne State University. His research interests include
clude applied cryptography, security and privacy in mobile Edge Computing, Computer Systems, energy-efficiency,
and wireless systems, clouding computing and fog/edge and wireless health. He received his BS from Xidian Uni-
computing. He has published over 40 journal articles and versity in 1995, and Ph.D. from the Chinese Academy of
referred conference papers. Sciences in 2000, both in Computer Engineering. He is a
recipient of the National Outstanding Ph.D. dissertation
award of China and the NSF CAREER award. He is an IEEE
Fellow and ACM Distinguished Scientist.

You might also like