SERIOT Project Publications

  1. Domanska, J., Gelenbe, E., Czachorski, T., Drosou, A., & Tzovaras, D. (2018). Research and Innovation Action for the Security of the Internet of Things: The SerIoT Project. In Communications in Computer and Information Science (pp. 101–118). Springer International Publishing.

    Workshop

    The International Symposium on Computer and Information Sciences (ISCIS 2018) Security Workshop, Imperial College, London, UK, 26-27 February 2018.

    Gelenbe, E., Campegiani, P., Czachorski, T., Katsikas, S., Komnios, I., Romano, L., Tzovaras, D. (eds.) Recent Cybersecurity Research in Europe: Proceedings of the 2018 ISCIS Security Workshop, Imperial College London. Lecture Notes CCIS No. 821, Springer Verlag (2018)

    Authors

    Domanska, J., Gelenbe, E., Czachorski, T., Drosou, A., Tzovaras, D.

    Abstract

    The Internet of Things (IoT) was born in the mid 2010’s, when the threshold of connecting more objects than people to the Internet, was crossed. Thus, attacks and threats on the content and quality of service of the IoT platforms can have economic, energetic and physical security consequences that go way beyond the traditional Internet’s lack of security, and way beyond the threats posed by attacks to mobile telephony. Thus, this paper describes the H2020 project “Secure and Safe Internet of Things” (SerIoT) which will optimize the information security in IoT platforms and networks in a holistic, cross-layered manner (i.e. IoT platforms and devices, honeypots, SDN routers and operator’s controller) in order to offer a secure SerIoT platform that can be used to implement secure IoT platforms and networks anywhere and everywhere.

    DOI: http://doi.org/10.1007/978-3-319-95189-8_10 (Springer Link)

    Zenodo: https://zenodo.org/record/448616


    Download

  2. Security in Computer and Information Sciences. (2018). In E. Gelenbe, P. Campegiani, T. Czachórski, S. K. Katsikas, I. Komnios, L. Romano, & D. Tzovaras (Eds.), Communications in Computer and Information Science. Springer International Publishing.

    Book

    Communications in Computer and Information Science book series (CCIS, volume 821)

    Related Conference

    First International ISCIS Security Workshop 2018, Euro-CYBERSEC 2018, London, UK, 26-27 February 2018, Revised Selected Papers

    Editors

    E.Gelenbe, P.Campegiani, T.Czachórski, S.K.Katsikas, I.Komnios, L.Romano, D.Tzovaras

    Abstract

    The CCIS series is devoted to the publication of proceedings of computer science conferences. Its aim is to efficiently disseminate original research results in informatics in printed and electronic form. While the focus is on publication of peer-reviewed full papers presenting mature work, inclusion of reviewed short papers reporting on work in progress is welcome, too. Besides globally relevant meetings with internationally representative program committees guaranteeing a strict peer-reviewing and paper selection process, conferences run by societies or of high regional or national relevance are also considered for publication. The topical scope of CCIS spans the entire spectrum of informatics ranging from foundational topics in the theory of computing to information and communications science and technology and a broad variety of interdisciplinary application fields.

    DOI: http://doi.org/10.1007/978-3-319-95189-8 (Springer Link)

    Download Link

  3. Baldini, G., Giuliani, R., Gentile, C., & Steri, G. (2018, February). Measures to Address the Lack of Portability of the RF Fingerprints for Radiometric Identification. 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS). 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

    Conference

    The 2018 9th IFIP Conference on New Technologies, Mobility and Security (NTMS), Paris, France, 26-28 February 2018

    Authors

    G. Baldini, R. Giuliani, C. Gentile and G. Steri

    Abstract

    Radio Frequency (RF) wireless devices can be identified by the RF emissions they produce when transmitting. The reason is that such emissions contain intrinsic features originating from the physical structure and the materials used to build the wireless device itself. These features are usually called RF fingerprints in the literature, and they can be used to uniquely identify a wireless device through a process called radiometric identification. RF fingerprinting can support multifactor authentication of wireless devices in security applications. One of the main unresolved issues in radiometric identification is the lack of portability of the RF fingerprints. The RF emissions are collected by a RF receiver converting them into digital format, from which the fingerprints are extracted. The lack of portability issue is due to the fact that each RF receiver introduces a bias, which degrades the RF fingerprints of the emitting device. As a consequence, RF emissions of the same wireless device collected by different RF receivers will generate different fingerprints for the same wireless device. This issue strongly limits the applicability of RF fingerprinting for security purposes, since we are not afforded to use different RF receivers to perform identification, and the fingerprints are not portable from one receiver to another. In this paper, we propose a novel approach that helps mitigating this portability issue. Our approach is based on the removal of the bias introduced by RF receivers in the frequency domain through the use of one golden reference. The golden reference is used to generate a calibration function, which is then applied to the RF emissions collected by different RF receivers from any other wireless device. The specific approach is empirically validated against a set of ten Internet of Things (IoT) wireless devices (plus the golden reference), and three RF receivers. Our experimental evidence demonstrates that our method is able to alleviate the portability issue at the cost of a minor degradation in identification accuracy.

    DOI: http://doi.org/10.1109/NTMS.2018.8328703 (IEEE Xplore Digital Library)


    Download

  4. Geneiatakis, D., Baldini, G., Fovino, I. N., & Vakalis, I. (2018). Towards a Mobile Malware Detection Framework with the Support of Machine Learning. In Communications in Computer and Information Science (pp. 119–129). Springer International Publishing.

    Workshop

    ISCIS Cybersecurity Workshop 2018, London, UK, 26-27 February 2018

    Authors

    D.Geneiatakis, G.Baldini, I.N.Fovino and I.Vakalis

    Abstract

    Several policies initiatives around the digital economy stress on one side the centrality of smartphones and mobile applications, and on the other call for attention on the threats to which this ecosystem is exposed to. Lately, a plethora of related works rely on machine learning algorithms to classify whether an application is malware or not, using data that can be extracted from the application itself with high accuracy. However, different parameters can influence machine learning effectiveness. Thus, in this paper we focus on validating the efficiency of such approaches in detecting malware for Android platform, and identifying the optimal characteristics that should be consolidated in any similar approach. To do so, we built a machine learning solution based on features that can be extracted by static analysis of any Android application, such as activities, services, broadcasts, receivers, intent categories, APIs, and permissions. The extracted features are analyzed using statistical analysis and machine learning algorithms. The performance of different sets of features are investigated and compared. The analysis shows that under an optimal configuration an accuracy up to 97% can be obtained.

    DOI: https://doi.org/10.1007/978-3-319-95189-8_11 (Springer Link)

    Download

  5. Gelenbe, E., Domanska, J., Czachorski, T., Drosou, A., & Tzovaras, D. (2018, June). Security for Internet of Things: The SerIoT Project. 2018 International Symposium on Networks, Computers and Communications (ISNCC). 2018 International Symposium on Networks, Computers and Communications (ISNCC).

    Conference

    IEEE International Symposium on Networks, Computers and Communications (ISNCC 2018), Rome, Italy, 19-21 June 2018

    Authors

    E.Gelenbe, J.Domanska, T.Czachorski, A.Drosou and D.Tzovaras

     

    Abstract

    Attacks on the content and quality of service of IoT platforms have economic and physical consequences well beyond the Internet’s lack of security. This paper describes a new research project on “Secure and Safe Internet of Things” (SerIoT) to improve both the information and physical security of IoT applications platforms in a holistic and cross-layered manner. The purpose is to be able to create secure operational IoT platforms for diverse applications.

    DOI: http://doi.org/10.1109/ISNCC.2018.8531004 (IEEE Xplore Digital Library)


    Download
     (pre-print)

  6. Baldini, G., Steri, G., & Giuliani, R. (2018, July). Synchrosqueezing Transform Based Methodology for Radiometric Identification. 2018 41st International Conference on Telecommunications and Signal Processing (TSP). 2018 41st International Conference on Telecommunications and Signal Processing (TSP).

    Conference

    41st International Conference on Telecommunications and Signal Processing (TSP 2018), Athens, Greece, July 2018

    Authors

    Gianmarco Baldini, Gary Steri, Raimondo Giuliani

    Abstract

    This paper describes the application of the SynchroSqueezing Transform (SST) to the problem of radiometric identification, which means that wireless devices can be identified and authenticated through their radio frequency emissions. Radiometric identification has been applied to enhance the security of wireless networks based on WiFi or cellular communication standards. In literature, radiometric identification has been performed by feature extraction in the 1D time domain, 1D frequency domain or also in the 2D time-frequency domain. This paper describes the novel application of the 2D SST to the problem of radiometric identification. An experimental data set of Radio Frequency (RF) emissions from 12 wireless devices is used to evaluate the performance of the SST transform in terms of identification accuracy. This paper shows that the identification accuracy obtained using 2D SST is superior to conventional techniques based in the 1D time domain or 1D frequency domain especially in presence of gaussian noise.

    DOI: http://doi.org/10.1109/TSP.2018.8441378 (IEEE Xplore Digital Library)

  7. Gonzalez, L., Vaca, M., Lattarulo, R., Calvo, I., Perez, J. & Ruiz A. (2018, 6-7 September) Cybersecurity Risk Analysis in Automated Vehicle Architecture. 2018 Jornadas de Automática (Automation Days), Badajoz, Spain

    Conference

    2018 Jornadas de Automática (Automation Days), Badajoz, Spain, 6-7 September 2018

    Authors

    L.Gonzalez, M.Vaca, R.Lattarulo, I.Calvo, J.Perez, A.Ruiz

    Abstract

    Connected and automated vehicles have been recently categorized as cyber-physical entities, tightly related with a part of the Internet of Things (IoT) network. As a consequence the attack surface of a modern vehicle is increased, which added to the automation trend, makes cybersecurity risks a higher threat in the road. In this work a framework for automated vehicles is described, with the objective of validating security strategies when performing cooperative maneuvers. A review of the state of the art in automotive cybersecurity is presented, along its effect in automated vehicles, making special emphasis in inter-vehicle (V2V) communication and to the infrastructure (V2I). Moreover, two maneuvers are studied and a series of safety factors, taking into consideration the possible intervention of external malicious agents.


    Download
     (Paper in Spanish)

  8. Hidalgo, C., Marcano, M., Fernández, G., Perez, J. & Vaca, M. (2018, 6-7 September) Maniobra Cooperativa STOP & GO para Vehículos Automatizados Basada en Entorno Virtual y Real. 2018 Jornadas de Automática (Automation Days), Badajoz, Spain

    Conference

    2018 Jornadas de Automática (Automation Days), Badajoz, Spain, 6-7 September 2018

    Authors

    C.Hidalgo, M.Marcano, G.Fernández, J.Perez, M.Vaca

    Abstract (in Spanish)

    La implementacion de maniobras cooperativas entre vehiculos automatizados es una necesidad dentro del progreso de los Sistemas Avanzado de Asistencia al Conductor (ADAS). Sin embargo, el desarrollo de estas estrategias en vehiculos reales depende de la disponibilidad de un minimo de plataformas experimentales, que involucran elevados costos y tiempos de pruebas. En este sentido, el presente trabajo presenta una herramienta para el diseno de la maniobra cooperativa Stop & Go, haciendo uso de un entorno virtual para la simulaci n de un vehiculo lider, junto con un vehiculo electrico automatizado que realiza el seguimiento dentro de un circuito cerrado. Para el diseno dela maniobra se establecera comunicacion V2V entre ambas plataformas, las cuales ejecutan una arquitectura general de conduccion automatizada. El algoritmo de seguimiento esta basado en un controlador de logica difusa dependiente de la velocidad del vehiculo lider y la distancia entre ambos coches. Los resultados demuestran la utilidad de combinar ambos entornos de prueba para la validacion de maniobras cooperativas reduciendo el costo y el tiempo en comparacion con pruebas reales.


    Download
     (Paper in Spanish)

  9. Domańska, J., Nowak, M., Nowak, S., & Czachórski, T. (2018). European Cybersecurity Research and the SerIoT Project. In Communications in Computer and Information Science (pp. 166–173). Springer International Publishing

    Conference

    32nd International Symposium, ISCIS 2018, Held at the 24th IFIP World Computer Congress (WCC 2018), Poznan, Poland, 20-21 September 2018, Proceedings pp. 166-173, Springer-Verlag, 2018.

    Authors

    J.Domańska, M.Nowak, S.Nowak and T.Czachórski

     

    Abstract

    This paper briefly reviews some recent research in Cybersecurity in Europe funded by the European Commission in areas such as mobile telephony, networked health systems, the Internet of Things. We then outline the objectives of the SerIoT Project which started in 2018 to address the security needs of fields such as Smart Cities, Smart Transportation Systems, Supply Chains and Industrial Informatics.

    DOI: https://doi.org/10.1007/978-3-030-00840-6_19 (Springer Link)

    Zenodo: https://zenodo.org/record/4486191#.YBfqBSeQxhE


    Download

  10. Vermesan, O., & Bacquet, J. (2018). Next Generation Internet of Things. In Next Generation Internet of Things (pp. 1–352). River Publisher. https://doi.org/10.13052/rp-9788770220071

    Book Chapter

    In: O.Vermesan, J.Bacquet (eds.,) Next Generation Internet of Things. Distributed Intelligence at the Edge and Human Machine-to-Machine Cooperation, River Publishers, November 2018.

    Editors

    Enrico Ferrera, Claudio Pastrone, Paul-Emmanuel Brun, Remi De Besombes , Konstantinos Loupos , Gerasimos Kouloumpis, Patrick O’ Sullivan, Alexandros Papageorgiou, Panayiotis Katsoulakos, Bill Karakostas, Antonis Mygiakis, Christina Stratigaki, Bora Caglayan, Basile Starynkevitch, Christos Skoufis, Stelios Christofi, Nicolas Ferry, Hui Song, Arnor Solberg, Peter Matthews, Antonio F. Skarmeta, José Santa, Michail J. Beliatis, Mirko A. Presser, Josiane X. Parreira, Juan A. Martínez, Payam Barnaghi, Shirin Enshaeifar, Thorben Iggena, Marten Fischer, Ralf Tönjes, Martin Strohbach, Alessandro Sforzin, Hien Truong, John Soldatos, Sofoklis Efremidis, Georgios Koutalieris, Panagiotis Gouvas, Juergen Neises, George Hatzivasilis, Ioannis Askoxylakis, Vivek Kulkarni, Arne Broering, Dariusz Dober, Kostas Ramantas, Christos Verikoukis, Joachim Posegga, Domenico Presenza, George Spanoudakis, Danilo Pau, Erol Gelenbe, Sławomir Nowak, Mateusz Nowak, Tadeusz Czachórski, Joanna Domańska, Anastasis Drosou, Dimitrios Tzovaras, Tommi Elo, Santeri Paavolainen, Dmitrij Lagutin, Helen C. Leligou, Panagiotis Trakadas and George C. Polyzos

    Abstract

    The chapter presents an overview of the eight that are part of the European IoT Security and Privacy Projects initiative (IoT-ESP) addressing advanced concepts for end-to-end security in highly distributed, heterogeneous and dynamic IoT environments. The approaches presented are holistic and include identification and authentication, data protection and prevention against cyber-attacks at the device and system levels. The projects present architectures, concepts, methods and tools for open IoT platforms integrating evolving sensing, actuating, energy harvesting, networking and interface technologies. Platforms should provide connectivity and intelligence, actuation and control features, linkage to modular and ad-hoc cloud services, The IoT platforms used are compatible with existing international developments addressing object identity management, discovery services, virtualisation of objects, devices and infrastructures and trusted IoT approaches.

    DOI: https://doi.org/10.13052/rp-9788770220071 (River Publishers)

    Download Link

  11. Baldini, G., Giuliani, R., & Steri, G. (2018). Physical Layer Authentication and Identification of Wireless Devices Using the Synchrosqueezing Transform. Applied Sciences, 8(11), 2167.

    Journal

    Applied Sciences 8(11):2167, MDPI AG, Basel, Switzerland, November 2018

    Authors

    Gianmarco Baldini, Raimondo Giuliani and Gary Steri

    Abstract

    This paper addresses the problem of authentication and identification of wireless devices using their physical properties derived from their Radio Frequency (RF) emissions. This technique is based on the concept that small differences in the physical implementation of wireless devices are significant enough and they are carried over to the RF emissions to distinguish wireless devices with high accuracy. The technique can be used both to authenticate the claimed identity of a wireless device or to identify one wireless device among others. In the literature, this technique has been implemented by feature extraction in the 1D time domain, 1D frequency domain or also in the 2D time frequency domain. This paper describes the novel application of the synchrosqueezing transform to the problem of physical layer authentication. The idea is to exploit the capability of the synchrosqueezing transform to enhance the identification and authentication accuracy of RF devices from their actual wireless emissions. An experimental dataset of 12 cellular communication devices is used to validate the approach and to perform a comparison of the different techniques. The results described in this paper show that the accuracy obtained using 2D Synchrosqueezing Transform (SST) is superior to conventional techniques from the literature based in the 1D time domain, 1D frequency domain or 2D time frequency domain. 

    DOI: https://doi.org/10.3390/app8112167 (MDPI Open Access Journals)


    Download

  12. Shaik, A., Borgaonkar, R., Park, S., & Seifert, J.-P. (2019, May 15). New vulnerabilities in 4G and 5G cellular access network protocols. Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. WiSec ’19: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks.

    Conference

    The 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), Miami, Florida, 15-17 May 2019

    Authors

    Altaf Shaik, Ravishankar Borgaonkar, Shinjo Park, Jean-Pierre Seifert

     

    Abstract

    Cellular devices support various technical features and services for 2G, 3G, 4G and upcoming 5G networks. For example, these technical features contain physical layer throughput categories, radio protocol information, security algorithm, carrier aggregation bands and type of services such as GSM-R, Voice over LTE etc. In the cellular security standardization context, these technical features and network services termed as device capabilities and exchanged with the network during the device registration phase. In this paper, we study device capabilities information specified for 4G and 5G devices and their role in establishing security association between the device and network. Our research results reveal that device capabilities are exchanged with the network before the authentication stage without any protection and not verified by the network. Consequently, we present three novel classes of attacks exploiting unprotected device capabilities information in 4G and upcoming 5G networks – identification attacks, bidding down attacks, and battery drain attacks against cellular devices. We implement proof-of-concept attacks using low-cost hardware and software setup to evaluate their impact against commercially available 4G devices and networks. We reported identified vulnerabilities to the relevant standardization bodies and provide countermeasure to mitigate device capabilities attacks in 4G and upcoming 5G networks.

    DOI: http://doi.org/10.1145/3317549.3319728 (ACM Digital Library)

    Download Link

  13. Du, J., Gelenbe, E., Jiang, C., Zhang, H., Ren, Y., & Poor, H. V. (2019). Peer Prediction-Based Trustworthiness Evaluation and Trustworthy Service Rating in Social Networks. IEEE Transactions on Information Forensics and Security, 14(6), 1582–1594.

    Journal

    IEEE Transactions on Information Forensics and Security, vol. 14, no. 6, pp. 1582-1594, June 2019

    Authors

    J. Du, E. Gelenbe, C. Jiang, H. Zhang, Y. Ren and H. V. Poor

    Abstract

    With the development of online applications based on social networks, many different approaches have emerged to evaluate the service that these applications provide. Reports made by end users regarding the consumer’s experience or opinion are commonly used to rate the quality of different online services. Therefore, ensuring the authenticity of the users’ reports, and the detection of malicious users’ dishonest reports, have both become important issues to achieve accuracy in the rating of such services. In this paper, we propose and evaluate a private-prior peer prediction-based trustworthy service rating system, which requires users to report their prior and posterior beliefs regarding whether their peers will report a high-quality opinion of the service. The reports are made to a data processing center which evaluates the users’ trustworthiness by applying a strictly proper scoring rule, and removes reports received from users whose trustworthiness rating is low. This peer prediction method is compatible with incentives to motivate users to report honestly. In addition, an unreliability index is proposed to identify malicious users, and malfunctioning or unreliable users who have a high error rate in making judgments about quality. Thus, reports with high unreliability values will also be excluded from the service rating system. By combining trustworthiness and unreliability, malicious users face the dilemma that they cannot receive both a high trustworthiness and low unreliability rating simultaneously when their reports are false. Simulation results indicate that the proposed peer prediction-based trustworthy service rating can identify malicious and unreliable behaviors effectively and motivate users to report truthfully, and that a relatively high service rating accuracy is achieved by the proposed system.

    DOI: http://doi.org/10.1109/TIFS.2018.2883000 (IEEE Xplore Digital Library)

    Zenodo: https://zenodo.org/record/4478863#.YBfrESeQxhE

    Download Link

  14. Pérez, S., Garcia-Carrillo, D., Marín-López, R., Hernández-Ramos, J. L., Marín-Pérez, R., & Skarmeta, A. F. (2019). Architecture of security association establishment based on bootstrapping technologies for enabling secure IoT infrastructures. Future Generation Computer Systems, 95, 570–585.

    Journal

    Future Generation Computer Systems,Volume 95, Pages 570-585, June 2019

    Authors

    Pérez, S., Garcia-Carrillo, D., Marín-López, R., Hernández-Ramos, J. L., Marín-Pérez, R. and Skarmeta, A. F.

    Abstract

    The next generation of IoT scenarios must consider security aspects as a first class component. As a core aspect, key management is crucial for the establishment of security associations between endpoints. According to it, in this work we propose a novel architecture of security association establishment based on bootstrapping technologies in order to manage the life-cycle of cryptographic keys in IoT. Based on our previous work, we propose a key derivation process by using a lightweight bootstrapping mechanism specifically designed for IoT. Then, the derived cryptographic material is used as an authentication credential of the EDHOC protocol, which represents a standardization effort for key agreement in IoT. EDHOC is an application layer alternative to the DTLS handshake, in order to provide end-to-end security properties even in the presence of intermediate entities, such as proxies. Evaluation results prove the feasibility of our approach, which represents one of the first efforts to consider application layer security approaches for the IoT.

    DOI: https://doi.org/10.1016/j.future.2019.01.038 (ScienceDirect Journals & Books)

  15. Baldini, G., & Giuliani, R. (2019, June). An assessment of the impact of wireless interferences on IoT emitter identification using Time Frequency representations and CNN. 2019 Global IoT Summit (GIoTS). 2019 Global IoT Summit (GIoTS).

    Conference

    IEEE Global IoT Summit (GIoTS 2019), Aarhus, Denmark, 17-21 June 2019

    Authors

    Gianmarco Baldini, Raimondo Giuliani

     

    Abstract

    In this paper, we investigate the impact of wireless interferences on the physical Layer Authentication of wireless devices. The concept of physical layer authentication is to identify wireless devices from their RF emissions, which contain specific features (also called RF fingerprints) of the transmitter chain in the wireless device. This concept is also called Special
    Emitter Identification (SEI) or Radio Frequency-DNA (RF-DNA) and it has been researched in recent years using different techniques and machine learning algorithms. In ideal conditions, the classification accuracy presented in research literature can be often higher than 95% but it can degrade significantly in presence of non Line of Sight conditions or disturbances. The research community has investigated the impact of low Signal to Noise (SNR) ratios or fading effects on the classification performance, but the disturbances introduced by the presence of wireless interference has received little attention, even if this can be a common problem in unlicensed bands, where many different wireless standards could coexist. To address this gap, this paper presents an evaluation of emitter identification of IoT devices transmitting in unlicensed Industrial, Scientific and Medical (ISM) bands and in presence of wireless interference. We perform the classification using a Deep Learning approach based on stacked CNNs with different representations of the signal in the time, frequency and time-frequency domains. The result shows that the choice of the representation is quite significant to obtain a superior classification performance and that the best results are obtained using a representation based on the Continuous Wavelet Transform (CWT).

    DOI:  http://doi.org/10.1109/GIOTS.2019.8766385 (IEEE Xplore Digital Library)

    Download Link

  16. Baldini, G., Giuliani, R., & Gentile, C. (2019, June). An assessment of the impact of IQ imbalances on the physical layer authentication of IoT wireless devices. 2019 Global IoT Summit (GIoTS). 2019 Global IoT Summit (GIoTS).

    Conference

    IEEE Global IoT Summit (GIoTS 2019), Aarhus, Denmark, 17-21 June 2019

    Authors

    Gianmarco Baldini, Raimondo Giuliani, Claudio Gentile

     

    Abstract

    Physical Layer Authentication of wireless devices using their intrinsic physical features has been investigated in recent years by the research community. The concept is that small differences in the material and the composition of the electronic circuits of the wireless devices produce specific features in the Radio Frequency (RF) signal transmitted over the air. While these differences are usually not relevant to obstacle the correct functioning of wireless services, they are significant enough to uniquely identify the model or the electronic device itself once they are collected and processed by a RF receiver. Researchers have applied a variety of techniques to extract the features from the signal in space including statistical analysis and machine learning algorithms. In ideal conditions, the classification accuracy presented in the research literature is often higher than 95% but it can degrade significantly in the presence of non Line of Sight conditions. The research community has investigated the impact of low Signal to Noise (SNR) ratios or fading effects on the classification performance, but the disturbances introduced by the RF receiver itself have received little attention. In this paper, we investigate the impact of IQ imbalances of the RF receiver on the classification performance, which has not been attempted in the literature, yet. This impact is evaluated by means of the signals collected from 11 IoT wireless devices, using different representations of the signal for different values of the IQ imbalances.

    DOI: http://doi.org/10.1109/GIOTS.2019.8766387 (IEEE Xplore Digital Library)

    Download Link

  17. Baldini, G., Hernandez-Ramos, J. L., Steri, G., & Matheu, S. N. (2019, June). Zone Keys Trust Management in Vehicular Networks based on Blockchain. 2019 Global IoT Summit (GIoTS). 2019 Global IoT Summit (GIoTS).

    Conference

    IEEE Global IoT Summit (GIoTS 2019), Aarhus, Denmark, 17-21 June 2019

    Authors

    Gianmarco Baldini, Jose L. Hernandez-Ramos, Gary Steri, Sara N. Matheu

     

    Abstract

    The future deployment of vehicular networks for road transportation (the so called Cooperative Intelligent Transport System (C-ITS) in Europe or Connected Vehicles program in USA) should be based on the secure exchange of messages among the vehicles and the infrastructure communication nodes. Deployment projects in various parts of the world are setting up Public Key Infrastructures (PKI) to support the security and privacy aspects on vehicular communications. While the use of PKI is a known technology to build a security framework for C-ITS and Connected Vehicles deployments and it will provide the basic needed services for integrity and authentication, research communities around the world are exploring extensions of these frameworks to implement specific functions like misbehavior detection and revocation. In addition, new techniques to mitigate privacy risks in vehicular networks are explored. In this paper, we address these aspects by proposing the use of blockchain in combination with a zone keys concept where the authorization certificates produced by the PKI are provided to the vehicles only if specific conditions stored in the blockchain are valid. We show how the concepts described in this paper can enhance the PKI-based frameworks through an efficient revocation mechanism, and mitigating privacy risks as well.

    DOI: http://doi.org/10.1109/GIOTS.2019.8766375 (IEEE Xplore Digital Library)

    Download Link

  18. Hernandez-Ramos, J. L., Baldini, G., Neisse, R., Al-Naday, M., & Reed, M. J. (2019, June). A Policy-based Framework in Fog enabled Internet of Things for Cooperative ITS. 2019 Global IoT Summit (GIoTS). 2019 Global IoT Summit (GIoTS).

    Conference

    IEEE Global IoT Summit (GIoTS 2019), Aarhus, Denmark, 17-21 June 2019

    Authors

    Jose L. Hernandez-Ramos, Gianmarco Baldini, Ricardo Neisse, Mays Al-Naday, Martin J. Reed

     

    Abstract

    In recent years, Fog computing has been proposed to complement well-known Cloud components, in order to realize delay-sensitive and location-aware services. In a future digital landscape with billions of IoT devices interconnected, this emerging paradigm will enable a more decentralized and flexible management by bringing data processing and distribution closer to end devices. One of the main challenges in fog scenarios is the need for automating the orchestration of end devices and components through scalable approaches. In this direction, this work represents an ongoing effort related to the potential application of policy-based approaches to mitigate the issues associated to fog orchestration. In particular, we propose the use of Seckit as a model-based and technology-independent toolkit to ease the management of IoT devices through the use of policy specification. Additionally, we considered a Cooperative Intelligent Transport Systems (C-ITS) use case to give some insights about the advantages of using the proposed approach.

    DOI: http://doi.org/10.1109/GIOTS.2019.8766360 (IEEE Xplore Digital Library)

    Download Link

  19. Papachristou, K., Theodorou, T., Papadopoulos, S., Protogerou, A., Drosou, A., & Tzovaras, D. (2019, June). Runtime and Routing Security Policy Verification for Enhanced Quality of Service of IoT Networks. 2019 Global IoT Summit (GIoTS). 2019 Global IoT Summit (GIoTS).

    Conference

    IEEE Global IoT Summit (GIoTS 2019), Aarhus, Denmark, 17-21 June 2019

    Authors

    Papachristou, T. Theodorou, S. Papadopoulos, A. Protogerou, A. Drosou, D. Tzovaras

     

    Abstract

    The Internet of Things (IoT) is growing rapidly controlling and connecting thousands of devices every day. The increased number of interconnected devices increase the network traffic leading to energy and Quality of Service efficiency problems of the IoT network. Therefore, IoT platforms and networks are susceptible to failures and attacks that have significant economic and security consequences. In this regard, implementing effective secure IoT platforms and networks are valuable for both the industry and society. In this paper, we propose two frameworks that aim to verify a number of security policies related to runtime information of the network and dynamic flow routing paths, respectively. The underlying rationale is to allow the operator of an IoT network in order to have an overall control of the network and to define different policies based on the demands of the network and the use cases (e.g., achieving more secure or faster network).

    DOI: http://doi.org/10.1109/GIOTS.2019.8766404 (IEEE Xplore Digital Library)

    Zenodo: https://zenodo.org/record/4506325#.YCD5U-gzaUl

    Download Link

  20. Nowak, M., Nowak, S., Domanska, J., & Czachorski, T. (2019, June). Cognitive Packet Networks for the Secure Internet of Things. 2019 Global IoT Summit (GIoTS). 2019 Global IoT Summit (GIoTS).

    Conference

    IEEE Global IoT Summit (GIoTS 2019), Aarhus, Denmark, 17-21 June 2019

    Authors

    Sławomir Nowak, Mateusz Nowak, Joanna Domanska and Tadek Czachorski

     

    Abstract

    The concept of Security Aware Routing is not widely adopted in current networks. However, the new IoT-centric core networks give possibilities to re-open that field of research. We consider routing to be an addition to existing network security methods, especially in IoT domain. Security-aware routing incorporates the security and safety metrics to the traditional set of metrics (bandwidth, network delay, hop count, path cost, load etc.). The paper shows a new approach in which, based on the Software Defined Networks (SDN) we estimate trust relationships between nodes and flows and use them to create SDN paths, based on the Cognitive Packet Network (CPN) principle. The Random Neural Networks (RNN) supported with cognitive packets are used for making routing decisions. The proposed solution was designed and is being implemented within the SerIoT project to demonstrate secure networks for the Internet of Things (IoT).

    DOI: http://doi.org/10.1109/GIOTS.2019.8766380 (IEEE Xplore Digital Library)

    Zenodo: https://zenodo.org/record/4478883#.YBfrQSeQxhE

    Download Link

  21. Baldini, G., Amerini, I., & Gentile, C. (2019). Microphone Identification Using Convolutional Neural Networks. IEEE Sensors Letters, 3(7), 1–4.

    Journal

    IEEE Sensors Letters, Volume 3, Issue 7, July 2019, Published on 18 June 2019

    Authors

    Gianmarco Baldini, Irene Amerini, Claudio Gentile

     

    Abstract

    The ability to identify mobile phones through their built-in components has been demonstrated in the literature for various types of sensors including charge coupled devices (CCD)/complementary metal-oxide semiconductors (CMOS), accelerometers, magnetometers, and microphones. The identification is performed by exploiting small but significant differences in the electronic circuits generated during the manufacturing process. Thus, these distinctive traces become an intrinsic property of the electronic components, which can be detected and exploited as a unique fingerprints associated with the mobile phone. Such fingerprints can be used in various scenarios, especially in security and forensics related applications. In this article, the identification of mobile phones through their built-in microphone by means of convolutional neural networks (CNNs) is investigated. In this specific context, CNNs have received very limited attention by the research community so far. An experimental dataset is created by collecting microphone responses from 34 different mobile phones. These responses are then used to perform classification through CNNs. On different experiments, the proposed CNN is able to provide encouraging results; in particular, the achieved identification accuracy of CNNs is superior to the one obtained with more conventional machine learning algorithms like the K-nearest neighbor and support vector machine, also in the presence of additive white Gaussian noise.

    DOI: http://doi.org/10.1109/LSENS.2019.2923590 (IEEE Xplore Digital Library)

    Download Link

  22. Nowak, M., Nowak, S., & Domanska, J. (2019, June). Cognitive Routing for Improvement of IoT Security. 2019 IEEE International Conference on Fog Computing (ICFC). 2019 IEEE International Conference on Fog Computing (ICFC).

    Conference

    CfP IEEE International Conference on Fog Computing (ICFC 2019), Prague, Czech Republic, 24-26 June 2019

    Authors

    Mateusz Nowak, Joanna Domanska, Sławomir Nowak

     

    Abstract

    Internet of Things is nowadays growing faster than ever before. Operators are planning or already creating dedicated networks for this type of devices. There is a need to create dedicated solutions for this type of network, especially solutions related to information security. In this article we present a mechanism of security-aware routing, which takes into account the evaluation of trust in devices and packet flows. We use trust relationships between flows and network nodes to create secure SDN paths, not ignoring also QoS and energy criteria. The system uses SDN infrastructure, enriched with Cognitive Packet Networks (CPN) mechanisms. Routing decisions are made by Random Neural Networks, trained with data fetched with Cognitive Packets. The proposed network architecture, implementing the security-by-design concept, was designed and is being implemented within the SerIoT project to demonstrate secure networks for the Internet of Things (IoT).

    DOI: http://doi.org/10.1109/ICFC.2019.00014 (IEEE Xplore Digital Library)

    Zenodo: https://zenodo.org/record/4478944#.YBfrsieQxhE

    Download Link

  23. K. Papachristou, T.-I. Theodorou, S. Papadopoulos, A. Protogerou, A. Drosou, and D. Tzovaras (2019) “Routing policy verification for enhanced energy quality of service and security monitoring in IoT networks,” presented at the PCI ’19: 23rd Pan-Hellenic Conference on Informatics, Nov. 2019,

    Published in:

    PCI ’19: Proceedings of the 23rd Pan-Hellenic Conference on Informatics

     Authors

    K. Papachristou, T.-I. Theodorou, S. Papadopoulos, A. Protogerou, A. Drosou, and D. Tzovaras

    Abstract

    The Internet of Things (IoT) is growing rapidly controlling and connecting thousands of devices every day. Software Defined Networking (SDN) simplifies network management tasks by separating the control plane. However, the increased network traffic results in energy and Quality of Service (QoS) efficiency issues, whereas IoT devices are susceptible to failures and attacks that have serious security consequences. In this regard, providing a guarantee that SDN routing satisfies energy, QoS and security related policies is crucial for the network management. In this paper, we propose a policy-based framework aiming to verify that SDN routing decisions are optimal regarding energy, QoS and security properties. The proposed framework will enable the IoT network operator to adjust the policy constraints according to the demands of each use case (e.g., aiming at more secure or faster network). Finally, our framework is illustrated using a representative evaluation scenario.

     

    DOI: https://doi.org/10.1145/3368640.3368690

    Zenodo: https://zenodo.org/record/4506339#.YCD5U-gzaUl

  24. Kuaban, G. S., Czekalski, P., Molua, E. L., & Grochla, K. (2019). An Architectural Framework Proposal for IoT Driven Agriculture. In Computer Networks (pp. 18–33). Springer International Publishing.

    Conference

    26th International Conference on Computer Networks, Kamień Śląski, Poland, 25–27 June 2019

    Authors

    Godlove Suila Kuaban, Piotr Czekalski, Ernest L. Molua, Krzysztof Grochla

     

    Abstract

    The Internet of Things is paving the way for the transition into the fourth industrial revolution with the mad rush of connecting physical devices and systems to the internet. IoT is a promising technology to drive the agricultural industry, which is the backbone for sustainable development especially in developing countries like those in Africa that are experiencing rapid population growth, stressed natural resources, reduced agricultural productivity due to climate change, and massive food wastage. In this paper, we assessed challenges in the adoption of IoT in developing countries in agriculture. We propose a cost effective, energy efficient, secure, reliable and heterogeneous (independent of the IoT protocol) three layer architecture for IoT driven agriculture. The first layer consists of IoT devices and it is made up of IoT driven agriculture systems such as smart poultry, smart irrigation, theft detection, pest detection, crop monitoring, food preservation, and food supply chain systems. The IoT devices are connected to the gateways by low power LoRaWAN network. The gateways and local processing servers co-located with the gateways create the second layer. The cloud layer is the third layer, which exploits the open source FIWARE platform to provide a set of public and free-to-use API specifications that come along with open source reference implementations.

    DOI: https://doi.org/10.1007/978-3-030-21952-9_2 (Springer Link)

    Zenodo: https://zenodo.org/record/4479163#.YBfr0ieQxhE

    Download Link

  25. Gonzalez-Granadillo, G., Diaz, R., Medeiros, I., Gonzalez-Zarzosa, S., & Machnicki, D. (2019). LADS: A Live Anomaly Detection System based on Machine Learning Methods. Proceedings of the 16th International Joint Conference on E-Business and Telecommunications. 16th International Conference on Security and Cryptography.

    Conference

    16th International Conference on Security and Cryptography (SECRYPT 2019), Prague, Czech Republic, 26-28 July 2019

    Authors

    Gonzalez-Granadillo, R. Diaz, I. Medeiros, S. Gonzalez-Zarzosa, D. Machnicki

     

    Abstract

    Network anomaly detection using NetFlow has been widely studied during the last decade. NetFlow provides the ability to collect network traffic attributes (e.g., IP source, IP destination, source port, destination port, protocol) and allows the use of association rule mining to extract the flows that have caused a malicious event. Despite of all the developments in network anomaly detection, the most popular procedure to detect nonconformity patterns in network traffic is still manual inspection during the period under analysis (e.g., visual analysis of plots, identification of variations in the number of bytes, packets, flows). This paper presents a Live Anomaly Detection System (LADS) based on One class Support Vector Machine (One-class SVM) to detect traffic anomalies. Experiments have been conducted using a valid data-set containing over 1.4 million packets (captured using NetFlow v5 and v9) that build models with one and several features in order to identify the approach that most accurately detects traffic anomalies in our system. A multi-featured approach that restricts the analysis to one IP address and extends it in terms of samples (valid and invalid ones) is considered as a promising approach in terms of accuracy of the detected malicious instances.

    DOI: http://doi.org/10.5220/0007948904640469 (SciTePress Digital Library)

    Download Link

  26. Amangele, P., Reed, M. J., Al-Naday, M., Thomos, N., & Nowak, M. (2019, September). Hierarchical Machine Learning for IoT Anomaly Detection in SDN. 2019 International Conference on Information Technologies (InfoTech). 2019 International Conference on Information Technologies (InfoTech).

    Conference

    2019 International Conference on Information Technologies (InfoTech 2019), St. St. Constantine and Elena Resort (near the city of Varna), Bulgaria, 19-20 September 2019

    Authors

    P. Amangele, M.J. Reed, M. Al-Naday, N. Thomos, M. Nowak

     

    Abstract

    The Internet of Things is a fast-emerging technology, however, there have been a significant number of security challenges that have hindered its adoption. This work explores the use of machine learning methods for anomaly detection in network traffic of an IoT network that is connected through a Software Defined Network (SDN). The use of SDN allows a hierarchical approach to machine learning with the aim of reducing the packet level processing of anomaly detection at the edge through applying additional, centralized, machine learning in the SDN controller. For the sake of evaluation, we compare several supervised classification algorithms using a publicly available dataset. The results support a decision-tree based approach and show that the proposed solution promises a considerable reduction in the per-packet processing at the network edge compared to a single stage classifier.

    DOI: http://doi.org/10.1109/InfoTech.2019.8860878 (IEEE Xplore Digital Library)

    Zenodo: https://zenodo.org/record/4486299#.YBfunyeQxhE

  27. Matheu, S. N., Hernandez-Ramos, J. L., Perez, S., & Skarmeta, A. F. (2019). Extending MUD Profiles Through an Automated IoT Security Testing Methodology. IEEE Access, 7, 149444–149463.

    Journal

    IEEE Access, Volume 7, p. 149444 – 149463, October 2019

    Authors

    Sara Nieves Matheu, José-Luis Hernández-Ramos, Salvador Pérez, Antonio F. Skarmeta

    Abstract

    Defining the intended behaviour of IoT devices is considered as a key aspect to detect and mitigate potential security attacks. In this direction, the Manufacturer Usage Description (MUD) has been recently standardised to reduce the attack surface of a certain device through the definition of access control policies. However, the semantic model is only intended to provide network level restrictions for the communication of such device. In order to increase the expressiveness of this approach, we propose the use of an automated IoT security testing methodology, so that testing results are used to generate augmented MUD profiles, in which additional security aspects are considered. For the enforcement of these profiles, we propose the use of different access control technologies addressing application layer security concerns. Furthermore, the methodology is based on the use of Model-Based Testing (MBT) techniques to automate the generation, design and implementation of security tests. Then, we describe the application of the resulting approach to the Elliptic Curve Diffie-Hellman over COSE (EDHOC) protocol, which represents a standardisation effort to build a lightweight authenticated key exchange protocol for IoT constrained scenarios.

    DOI: http://doi.org/10.1109/ACCESS.2019.2947157 (IEEE Xplore Digital Library)

    Download

  28. Bernal Bernabe, J., Canovas, J. L., Hernandez-Ramos, J. L., Torres Moreno, R., & Skarmeta, A. (2019). Privacy-Preserving Solutions for Blockchain: Review and Challenges. IEEE Access, 7, 164908–164940. https://doi.org/10.1109/access.2019.2950872

    Journal

    IEEE Access, Volume 7, p. 164908 – 164940, October 2019

    Authors

    Jorge Bernal Bernabe, Jose-Luis Canovas, Jose-Luis Hernandez-Ramos, Rafael Torres Moreno, Antonio Skarmeta

    Abstract

    Blockchains offer a decentralized, immutable and verifiable ledger that can record transactions of digital assets, provoking a radical change in several innovative scenarios, such as smart cities, eHealth or eGovernment. However, blockchains are subject to different scalability, security and potential privacy issues, such as transaction linkability, crypto-keys management (e.g. recovery), on-chain data privacy, or compliance with privacy regulations (e.g. GDPR). To deal with these challenges, novel privacy-preserving solutions for blockchain based on crypto-privacy techniques are emerging to empower users with mechanisms to become anonymous and take control of their personal data during their digital transactions of any kind in the ledger, following a Self-Sovereign Identity (SSI) model. In this sense, this paper performs a systematic review of the current state of the art on privacy-preserving research solutions and mechanisms in blockchain, as well as the main associated privacy challenges in this promising and disrupting technology. The survey covers privacy techniques in public and permissionless blockchains, e.g. Bitcoin and Ethereum, as well as privacy-preserving research proposals and solutions in permissioned and private blockchains.

    DOI: http://doi.org/10.1109/ACCESS.2019.2950872 (IEEE Xplore Digital Library)

    Download

  29. Neisse, R., Hernandez-Ramos, J. L., Matheu, S. N., Baldini, G., & Skarmeta, A. (2019, October). Toward a Blockchain-based Platform to Manage Cybersecurity Certification of IoT devices. 2019 IEEE Conference on Standards for Communications and Networking (CSCN). 2019 IEEE Conference on Standards for Communications and Networking (CSCN).

    Conference

    IEEE Conference on Standards for Communications and Networking (CSCN 2019), Granada, Spain, 28-30 October 2019

    Authors

    Ricardo Neisse, José-Luis Hernández-Ramos,  Sara Matheu,  Gianmarco Baldini, Antonio Skarmeta

    Abstract

    The goal of this paper is to propose a blockchain-based platform to enhance transparency and traceability of cybersecurity certification information motivated by the recently adopted EU Cybersecurity Act. The proposed platform is generic and intended to support the trusted exchange of cybersecurity certification information for any electronic product, service, or process. However, for the purposes of this paper, we focus on the case study of the cybersecurity certification of IoT devices, which are explicitly referenced in the recently adopted Cybersecurity Act as one of the main domains where it is highlighted the need for an increased level of trust.

    DOI: http://doi.org/10.1109/CSCN.2019.8931384 (IEEE Xplore Digital Library)

  30. García, S. N. M., Molina Zarca, A., Hernández-Ramos, J. L., Bernabé, J. B., & Gómez, A. S. (2019). Enforcing Behavioral Profiles through Software-Defined Networks in the Industrial Internet of Things. Applied Sciences, 9(21), 4576.

    Journal

    Applied Sciences 9(21):4576, MDPI AG, Basel, Switzerland, October 2019

    Authors

    Sara Nieves Matheu García, Alejandro Molina Zarca, José-Luis Hernández-Ramos, Jorge Bernal Bernabé, Antonio Skarmeta Gómez

    Abstract

    The fourth industrial revolution is being mainly driven by the integration of Internet of Things (IoT) technologies to support the development lifecycle of systems and products. Despite the well-known advantages for the industry, an increasingly pervasive industrial ecosystem could make such devices an attractive target for potential attackers. Recently, the Manufacturer Usage Description (MUD) standard enables manufacturers to specify the intended use of their devices, thereby restricting the attack surface of a certain system. In this direction, we propose a mechanism to manage securely the obtaining and enforcement of MUD policies through the use of a Software-Defined Network (SDN) architecture. We analyze the applicability and advantages of the use of MUD in industrial environments based on our proposed solution, and provide an exhaustive performance evaluation of the required processes.

    DOI: https://doi.org/10.3390/app9214576 (MDPI Open Access Journals)

    Download

  31. Hidalgo, C. E., Marcano, M., Fernández, G., & Pérez, J. M. (2020). Maniobras cooperativas aplicadas a vehículos automatizados en entornos virtuales y reales. Revista Iberoamericana de Automática e Informática Industrial, 17(1), 56.

    Journal

    Revista Iberoamericana de Automatica e Informatica Industrial (Iberoamerican Journal of Industrial Automatics and Informatics), Vol. 16, Num. 4 (2019), p. 1–10

    Authors

    Carlos Hidalgo, Mauricio Marcano, Gerardo Fernandez, Joshue Perez

     

    Abstract

    In recent years, Intelligent Transportation Systems (ITS) have become a reality within society, by providing benefits and solutions to the conduction. With the aim of contributing with the development of the ITS, the present work describes a hybrid cooperative framework for the validation of maneuvers between multiple vehicles (virtual and real), in order to reduce cost, time and risks associated with the controllers adjustment. For its validation three case of studies are presented. The first one consists of using two virtual vehicles to perform an Adaptive Cruise Control (ACC) with trajectory tracker. The second one, in using a real car as the follower and a virtual vehicle as the lider to perform a Stop & Go. And finally, two real cars are used to carry out an ACC. The tracker algorithms employed for the cooperative maneuvers are based in fuzzy logic controllers. The results show the versatility of the proposed framework, which was able to correctly execute the maneuvers in each of the test environments.

    DOI: https://doi.org/10.4995/riai.2019.11155 (PoliPapers)

  32. Frotscher, A., Monschiebl, B., Drosou, A., Gelenbe, E., Reed, M. J., & Al-Naday, M. (2019, November). Improve cybersecurity of C-ITS Road Side Infrastructure Installations: the SerIoT – Secure and Safe IoT approach. 2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE). 2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE).

    Conference

    IEEE International Conference on Connected Vehicles and Expo (ICCVE 2019), 4-8 November 2019

    Authors

    Alexander Frötscher, Bernhard Monschiebl, Anastasios Drosou, Erol Gelenbe, Martin J.Reed, Mays Al-Naday

    Abstract

    Cooperative Intelligent Transport Systems (C- ITS) need to be secured as it is deployed on roads in Europe. While some aspects of the communication security are secured others could still need improvement. SerIoT as a security project for the internet of things and offers various security mechanisms from the IoT domain which could be beneficial for C-ITS. Such security mechanisms contain a software defined network, the usage of honeypots and several mechanisms to analyze, monitor and mitigate threats on the system. Therefore C-ITS will benefit tremendously of the functionalities from these security mechanisms designed to cope with large attack surfaces and high network traffic found in IoT environments. To enable these technologies, modules developed within SerIoT are planned to be integrated into the Road Side ITS station. The station will also be connected to SerIoT SDN routers providing security for the station from malicious vehicles and the network.

    DOI: http://doi.org/10.1109/ICCVE45908.2019.8965056 (IEEE Xplore Digital Library)

    Zenodo: https://zenodo.org/record/4478699#.YBfu0yeQxhE

    Download

  33. M. Mitev, A. Chorti and M. Reed, "Subcarrier Scheduling for Joint Data Transfer and Key Generation Schemes in Multicarrier Systems", 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, USA, 9-13 December, 2019

    Published in:

    2019 IEEE Global Communications Conference (GLOBECOM)

    Authors

    M. Mitev, A. Chorti and M. Reed

    Abstract

    In computational complexity and latency con- strained emerging 5G applications, e.g., autonomous vehicles, haptic communications and enhanced reality, secret key generation (SKG) at the physical layer could be considered as an alternative to currently used key agreement schemes. In this framework, we study the optimal subcarrier scheduling in multicarrier systems when a subset of the subcarriers are used for SKG and the rest for data transmission, under both security and power constraints. The amount of data that can be transmitted with a single key is determined by the cryptographic suites used, so that realistic key rate constraints can be identified. This allows us to formulate the subcarrier allocation as a subset-sum 0-1 knapsack optimization problem that we solve using i) the standard dynamic programming approach and ii) a greedy heuristic approach of linear complexity. We show that the proposed heuristic induces virtually no loss in performance. Furthermore, a comparison with a baseline scheme in which SKG and data transfer are performed sequentially, shows that the proposed parallel approach offers gains in terms of efficiency.

    DOI: http://doi.org/10.1109/GLOBECOM38437.2019.9013809

  34. M. Mitev, A. Chorti, E. V. Belmega and M. Reed, "Man-in-the-Middle and Denial of Service Attacks in Wireless Secret Key Generation", 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, USA, 9-13 December, 2019, pp. 1-6

    Published in:

    2019 IEEE Global Communications Conference (GLOBECOM)

    Authors

    M. Mitev, A. Chorti, E. V. Belmega and M. Reed

    Abstract

    Wireless secret key generation (W-SKG) from shared randomness (e.g., from the wireless channel fading realizations), is a well established scheme that can be used for session key agreement. W-SKG approaches can be of particular interest in delay constrained wireless networks and notably in the context of ultra reliable low latency communications (URLLC) in beyond fifth generation (B5G) systems. However W- SKG schemes are known to be malleable over the so called “advantage distillation” phase, during which observations of the shared randomness are obtained at the legitimate parties. As an example, an active attacker can act as a man-in- the-middle (MiM) by injecting pilot signals and/or can mount denial of service attacks (DoS) in the form of jamming. This paper investigates the impact of injection and reactive jamming attacks in W-SKG. First, it is demonstrated that injection attacks can be reduced to – potentially less harmful – jamming attacks by pilot randomization; a novel system design with randomized QPSK pilots is presented. Subsequently, the optimal jamming strategy is identified in a block fading additive white Gaussian noise (BF-AWGN) channel in the presence of a reactive jammer, using a game theoretic formulation. It is shown that the impact of a reactive jammer is far more severe than that of a simple proactive jammer.

    DOI: http://doi.org/10.1109/GLOBECOM38437.2019.9013816

  35. Gelenbe, E., Frohlich, P., Nowak, M., Papadopoulos, S., Protogerou, A., Drosou, A., & Tzovaras, D. (2020, June). IoT Network Attack Detection and Mitigation. 2020 9th Mediterranean Conference on Embedded Computing (MECO). 2020 9th Mediterranean Conference on Embedded Computing (MECO).

    Conference

    Accepted for publication at The 9th Mediterranean Conference on Embedded Computing (MECO2020), Budva, Montenegro, 8-11 June 2020

    Authors

    Erol Gelenbe, Piotr Frohlich, Mateusz Nowak, Stavros Papadopoulos, Aikaterini Protogerou, Anastasis Drosou and Dimitrios Tzovaras,

    Abstract

    Cyberattacks on the Internet of Things (IoT) can cause major economic and physical damage, and disrupt production lines, manufacturing processes, supply chains, impact the physical safety of vehicles, and damage the health of human beings. Thus we describe and evaluate a distributed and robust attack detection and mitigation system for network environments

    where communicating decision agents use Graph Neural Networks to provide attack alerts. We also present an attack mitigation system that uses a Reinforcement Learning driven Software Defined Network to process the alerts generated by the attack detection system, together with Quality of Service measurements, so as to re-route sensitive traffic away from compromised network paths using. Experimental results illustrate both the detection and re-routing scheme.

    DOI: https://doi.org/10.1109/MECO49872.2020.9134241 

    Zenodo: https://zenodo.org/record/4479217#.YBfvAyeQxhE

     


    IoT Network Attack Detection and Mitigation

  36. C. E. Hidalgo, M. Marcano, G. Fernández, and J. M. Pérez (2020). Maniobras cooperativas aplicadas a vehículos automatizados en entornos virtuales y reales, (Cooperative maneuvers applied to automated vehicles in virtual and real environments) Rev. iberoam. autom. inform. ind., vol. 17, no. 1, p. 56.

    Conference:

    Revista Iberoamericana de Automática e Informática industrial

     Authors

    C. E. Hidalgo, M. Marcano, G. Fernández, J. M. Pérez

    Abstract

    En los últimos años los Sistemas Inteligentes de Transporte, ITS (del inglés, Intelligent Transportation System) se han convertido en una realidad dentro de la sociedad, aportando soluciones y beneficios a la conducción. Con el fin de contribuir a su desarrollo, el presente trabajo describe un marco cooperativo híbrido capaz de validar maniobras entre múltiples vehículos (virtuales y reales), con el fin de disminuir los costos, tiempos y riesgos asociados al ajuste de los controladores. Para su validación se presentan 3 casos de estudios. El primero consiste en utilizar dos vehículos virtuales para realizar un Control de Crucero Adaptativo, ACC (del inglés, Adaptive Cruise Control) con seguidor de trayectoria. El segundo, emplea un coche real como seguidor y un coche virtual como líder para la maniobra de Stop & Go. Finalmente, se utilizan dos vehículos reales para el ACC. Los algoritmos de seguimiento empleados para las maniobras cooperativas están basados en controladores de lógica borrosa. Los resultados demuestran la versatilidad del marco propuesto, al poder ejecutar las maniobras correctamente en cada uno de los entornos.

    DOI:https://doi.org/10.4995/riai.2019.11155

  37. Hu, J., Reed, M., Al-Naday, M., & Thomos, N. (2020, June). Blockchain-Aided Flow Insertion and Verification in Software Defined Networks. 2020 Global Internet of Things Summit (GIoTS). 2020 Global Internet of Things Summit (GIoTS).

    Conference:

     2020 Global Internet of Things Summit (GIoTS), 3rd June 2020, Dublin, Ireland, Ireland

     Authors

     Jiejun Hu, Martin Reed, Mays Al-Naday and Nikolaos Thomos
     

    Abstract

    The Internet of Things (IoT) connected by Software Defined Networking (SDN) promises to bring great benefits to cyber-physical systems. However, the increased attack surface offered by the growing number of connected vulnerable devices and complex nature of SDN control plane applications could overturn the huge benefits of such a system. This paper addresses the vulnerability of some unspecified security flaw in the SDN control plane application (such as a zero-day software vulnerability) which can be exploited to insert malicious flow rules in the switch that do not match network policies. Specifically, we propose a blockchain-as-a-service (BaaS) based framework that supports switch flow verification and insertion; and additionally provides straightforward deployment of blockchain technology within an existing SDN infrastructure. While use of an external BaaS brings straightforward deployment, it obscures knowledge of the blockchain agents who are responsible for flow conformance testing through a smart blockchain contract, leading to potential exploitation. Thus, we design a strategy to prevent the blockchain agents from acting arbitrarily, as this would result in what is termed a “moral hazard”. We achieve this by developing a novel mathematical model of the fair reward scheme based on game theory. To understand the performance of our system, we evaluate our model using a Matlab based simulation framework. The simulation results demonstrate that the proposed algorithm balances the needs of the blockchain agents to maximise the overall social welfare, i.e. the sum of profits across all parties.

    DOI: https://doi.org/10.1109/GIOTS49054.2020.9119638

     

  38. Gelenbe, E., Domanska, J., Frohlich, P., Nowak, M. P., & Nowak, S. (2020). Self-Aware Networks That Optimize Security, QoS, and Energy. Proceedings of the IEEE, 108(7), 1150–1167.

    Journal:

    Proceedings of the IEEE ( Volume: 108 , Issue: 7 , July 2020 )

     Authors

    Gelenbe, E., J. Domańska, P. Fröhlich, M. Nowak, and S. Nowak
     

    Abstract

    The need to adaptively manage computer systems and networks so as to offer good Quality of Service (QoS) and Quality of Experience (QoE) with secure operation at relatively low levels of energy consumption is challenged by their sheer complexity and the wide variability of the workloads. A possible way forward is through self-awareness, whereby self-measurement and self-observation, together with on-line control mechanisms, operate adaptively to attain the required performance and QoE. We survey the premises for these ideas arising from cognitive science and active networks and review recent work on self-aware computer systems and networks, including those that propose the use of software-defined networks as a means to implement these concepts. Then we provide some examples from the literature on self-aware systems to illustrate the performance gains that they can provide. Finally, we detail an example system and its working algorithms to allow the reader to understand how such a system may be implemented. Measurements showing how it can react rapidly to changing network conditions regarding QoS and security are presented. Some conclusions and suggestions for further work are listed.

    DOI: https://doi.org/10.1109/JPROC.2020.2992559

    Zenodo: https://zenodo.org/record/4479414

  39. Hu, J., Reed, M., Thomos, N., AI-Naday, M. F., & Yang, K. (2020). Securing SDN controlled IoT Networks Through Edge-Blockchain. IEEE Internet of Things Journal, 1–1.

    Journal:

    IEEE Internet of Things Journal (IF 11.750)

     Authors

     Jiejun Hu ; Martin Reed ; Nikolaos Thomos ; Mays F. AI-Naday ; Kun Yang
     

    Abstract

    The Internet of Things (IoT) connected by Software Defined Networking (SDN) promises to bring great benefits to cyber-physical systems. However, the increased attack surface offered by the growing number of connected vulnerable devices and separation of SDN control and data planes could overturn the huge benefits of such a system. This paper addresses the vulnerability of the trust relationship between the control and data planes. To meet this aim, we propose an edge computing based blockchain-as-a-service (BaaS), enabled by an external BaaS provider. The proposed solution provides verification of inserted flows through an efficient, edge-distributed, blockchain solution. We study two scenarios for the blockchain reward purpose: (a) information symmetry, in which the SDN operator has direct knowledge of the real effort spent by the BaaS provider; and (b) information asymmetry, in which the BaaS provider controls the exposure of information regarding spent effort. The latter yields the so called “moral hazard”, where the BaaS may claim higher than actual effort. We develop a novel mathematical model of the edge BaaS solution; and propose an innovative algorithm of a fair reward scheme based on game theory that takes into account moral hazard. We evaluate the viability of our solution through analytical simulations. The results demonstrate the ability of the proposed algorithm to maximize the joint profits of the BaaS and the SDN operator, i.e. maximizing the social welfare.

    DOI: 10.1109/JIOT.2020.3017354

  40. Piotr Fröhlich, Erol Gelenbe, Mateusz P. Nowak (2020,June). Smart SDN Management of Fog Services. GIoTS 2020, 2020 Global Internet of Things Summit, pp. 1-6, IEEEXpress

    Conference:

    Global Internet of Things Summit 2020 

     Authors

    Piotr Fröhlich, Erol Gelenbe, Mateusz P. Nowak

    Abstract

    We present a smart Service Manager whose role is to direct user requests (such as those coming from IoT devices) at the edge towards appropriate servers where the services they request can be satisfied, when services can be housed at different Fog locations, and the system is subject to variations in workload.  The approach we propose is based on using an SDN controller as a decision element, and to incorporate measurement data based machine learning that uses Reinforcement Learning to make the best choices. The system we have developed is illustrated with experimental results on a test-bed in the presence of time-varying loads at the servers. The experiments confirm the ability of the system to adapt to significant changes in system load so as to  preserve the QoS perceived by end users.

    DOI: https://doi.org/10.36227/techrxiv.11640162

    Zenodo: https://zenodo.org/record/4478912#.YBfvfieQxhE 

  41. Spilios Evmorfos, George Vlachodimitropoulos, Nikolaos Bakalos, Erol Gelenbe, ( 2020, June) Neural network architectures for the detection of SYN flood attacks in IoT systems, PETRA 2020: The 13th International Conference on PErvasive Technologies Related to Assistive Technologies, pp. 69:1-69:4, ACM

    Conference:

    PETRA ’20: Proceedings of the 13th ACM International Conference on PErvasive Technologies Related to Assistive Environments

     Authors

    Spilios Evmorfos, George Vlachodimitropoulos, Nikolaos Bakalos, Erol Gelenbe

    Abstract

    We investigate light-weight techniques for detecting common SYN attacks on devices that are attached to the Internet, such as IoT devices and gateways, Fog servers or edge devices which may have low processing capacity. In particular, we examine the Random Neural Network with Deep Learning, trained with “normal” non-attack traffic, and a Long-Short-Term-Memory (LSTM) neural network. Using the same traffic traces for attack traffic, our experiments show that the Random Neural Network provides substantially better attack detection and significantly lower false alarm rates as compared to the LSTM network.

    DOI: https://doi.org/10.1145/3389189.3398000

    Zenodo: https://zenodo.org/record/4486364

  42. Tadeusz Czachórski, Erol Gelenbe, Godlove Suila Kuaban (2020, July ), Dariusz Marek: Transient Behaviour of a Network Router. TSP 2020, The 43rd International Conference on Telecommunications and Signal Processing,, pp. 246-251, IEEE Conference Record No. 49548, Milano

    Conference:

    The 43rd International Conference on Telecommunications and Signal Processing

     Authors

    Tadeusz Czachórski, Erol Gelenbe, Godlove Suila Kuaban

    Abstract

    The broader use of Software Defined Network (SDN) controllers creates periodic changes in topology and traffic rates at routers that adapt the network to changes in network conditions. Thus the transient behaviour of network components, and in particular routers, is becoming of great interest. Since standard queueing models are difficult to analyze under time-varying conditions, we propose a tractable diffusion approximation for both the transient and steady-state behaviour of a network router. In particular, the analysis provides the steady-state and transient delay and packet loss probability as a function of traffic load and other characteristics. Using these results, we show that when SDN routers change the paths of flows frequently, the network’s behaviour may often be far from its steady-state behaviour. Therefore any network optimization conducted with the help of SDN should not be based on steady-state behaviour, but rather on some metrics related to the time-dependent network behaviour.

    DOI: https://doi.org/10.1109/tsp49548.2020.9163477

    Zenodo: https://zenodo.org/record/4479728

     

  43. J. L. Hernández-Ramos, G. Baldini, S. N. Matheu and A. Skarmeta (2020, June) , Updating IoT devices: challenges and potential approaches, 2020 Global Internet of Things Summit (GIoTS), Dublin, Ireland, pp. 1-5

    Conference:

    Global Internet of Things Summit (GIoTS) 2020 

     Authors

    L. Hernández-Ramos, G. Baldini, S. N. Matheu and A. Skarmeta

    Abstract

    The deployment of IoT devices is fostering the realization of an increasingly digital society. However, the features of such devices make them attractive targets for potential attackers. Indeed, each device will have to deal with new vulnerabilities and attacks during its lifecycle. Therefore, defining a secure mechanism for software/firmware updates is essential to guarantee the security of IoT devices. Although different approaches have been proposed in recent years, currently there is a lack of comprehensive approaches to address different requirements, such as scalability, efficiency, or management of versions and dependencies. In this work, we describe a set of challenges and analyze the current landscape of solutions for software/firmware updates in IoT devices. In particular, we focus our analysis on the IETF SUIT working group, as well as blockchain-based solutions, which have attracted a significant interest recently.

    DOI:https://doi.org/10.1109/GIOTS49054.2020.9119514

  44. P.Fröhlich, , and E. Gelenbe (2020, October) Optimal fog services placement in SDN IoT network using Random Neural Networks and Cognitive Network Map The 19th International Conference on Artificial Intelligence and Soft Computing, Zakopane October 12-14, 2020, Springer, 06/2020

    Conference:

    19th International Conference, ICAISC 2020, Zakopane, Poland, October 12-14, 2020

     Authors

     P.Fröhlich, , and E. Gelenbe 

     Abstract

    Due to a massive increase in the number of IoT devices and the number of cloud-based services a crucial task arises of optimally placing (both topologically and resource-wise) services in the network so that no of the clients will be victimized and all of them will receive the best possible time of response. Also – there must be a balance not to instantiate a service on every possible machine – which would take too many resources. The task which must be solved is an optimization of parameters such as QoS between service and client, equality of clients and usage of resources. Using the SDN – which is designed to answer some of the problems posed in this section such as QoS and knowledge about the topology of the whole network and newly connected clients – is a gateway to better-adapted service management. Machine learning provides less stiff rules to follow and more intelligent behavior of the manager.

    DOI:  Pending

    Zenodo: https://zenodo.org/record/4479736

     

  45. T. Czachórski, E. Gelenbe, and D. Marek, "Software Defined Network Dynamics via Diffusions" (2020, November) in Calzarossa, M.C., Gelenbe, E., Grochla, K., Lent, R., Czachórski, T. (Eds.), Modelling, Analysis, and Simulation of Computer and Telecommunication Systems, 28th International Symposium, MASCOTS 2020, Nice, France, November 17–19, 2020, Revised Selected Papers, LNCS, vol. 12527, on-line, Springer International Publishing, 12/2020.

    Conference:

    Modelling, Analysis, and Simulation of Computer and Telecommunication Systems, 28th International Symposium, MASCOTS 2020, Nice, France, November 17–19, 2020

     Authors

     T. Czachórski, E. Gelenbe, and D. Marek

     Abstract

    Software-Defined Networks (SDN) dynamically modify the paths of Internet flows in response to the quality of service or security needs, and hence frequently modify traffic levels at network routers. Thus network routers often operate in the transient regime, rather than at steady-state, with significant impact on packet loss probabilities and delay. We, therefore, investigate the time-dependent performance of a small network of routers, modelled as G/G/1/N queueing stations. A diffusion approximation is developed to predict the quality of service of the routers in the transient regime. Numerical examples show that the results in the transient regime can differ very significantly from the steady-state results, and therefore that the transient analysis must be taken into account in evaluating the performance of routers in a SDN network.

    DOI: 10.1007/9783030681104

    Zenodo: https://zenodo.org/record/4479743

  46. N Matheu, S.Pérez, J.L.H. Ramos, A. Skarmeta (2020) On the Automation of Security Testing for IoT Constrained Scenarios. In: You I. (eds) Information Security Applications. WISA 2019. Lecture Notes in Computer Science, vol 11897. Springer, Cham.

    Workshop:

    International Workshop on Information Security Applications 2019

     Authors

     S.N Matheu, S.Pérez, J.L.H. Ramos, A. Skarmeta

     Abstract

    Due to the high increase of IoT technologies and devices, analyzing their security is crucial for their acceptance. Towards this end, an automated security testing approach should be considered as a cornerstone to cope with the business interests and the high fragmentation of new approaches. In particular, this work analyses the use of the Model-Based Testing (MBT) approach and specific technologies and tools to automate the generation of security tests. Then, we provide a detailed description of its application to the Elliptic Curve Diffie-Hellman over COSE (EDHOC) protocol, which is being defined within the scope of the Internet Engineering Task Force (IETF).

    DOI:    https://doi.org/10.1007/978-3-030-39303-8_22

  47. J. L. Hernandez-Ramos et al., (2020, August) Security and Privacy in Internet of Things-Enabled Smart Cities: Challenges and Future Directions, in IEEE Security & Privacy

    Published in:

    IEEE Security & Privacy

     Authors

     José L. Hernández-Ramos , Juan A. Martínez, Vincenzo Savarino, Marco Angelini, Vincenzo Napolitano, Antonio F. Skarmeta,Gianmarco Baldini 

    Abstract

    The digitalization of current urban spaces is realizing the vision of so-called smart cities, where security and privacy concerns could affect citizens’ safety. This work discusses potential solutions derived from
    European Union research efforts to be considered in the coming years. 

    DOI: https://doi.org/10.1109/MSEC.2020.3012353

  48. S. N. Matheu, A. Robles Enciso, A. Molina Zarca, D. Garcia-Carrillo, J. L. Hernández-Ramos, J. Bernal Bernabe, and A. F. Skarmeta (2020, March) Security Architecture for Defining and Enforcing Security Profiles in DLT/SDN-Based IoT Systems, Sensors, vol. 20, no. 7, p. 1882

    Published in:

    Sensors, vol. 20, no. 7, p. 1882, Mar. 2020

     Authors

    S. N. Matheu, A. Robles Enciso, A. Molina Zarca, D. Garcia-Carrillo, J. L. Hernández-Ramos, J. Bernal Bernabe, and A. F. Skarmeta

     Abstract

    Despite the advantages that the Internet of Things (IoT) will bring to our daily life, the increasing interconnectivity, as well as the amount and sensitivity of data, make IoT devices an attractive target for attackers. To address this issue, the recent Manufacturer Usage Description (MUD) standard has been proposed to describe network access control policies in the manufacturing phase to protect the device during its operation by restricting its communications. In this paper, we define an architecture and process to obtain and enforce the MUD restrictions during the bootstrapping of a device. Furthermore, we extend the MUD model with a flexible policy language to express additional aspects, such as data privacy, channel protection, and resource authorization. For the enforcement of such enriched behavioral profiles, we make use of Software Defined Networking (SDN) techniques, as well as an attribute-based access control approach by using authorization credentials and encryption techniques. These techniques are used to protect devices’ data, which are shared through a blockchain platform. The resulting approach was implemented and evaluated in a real scenario, and is intended to reduce the attack surface of IoT deployments by restricting devices’ communication before they join a certain network.

    DOI:http://dx.doi.org/10.3390/s20071882

  49. Papadopoulos, A. Drosou, and D. Tzovaras (2020) IoT Network Risk Assessment and Mitigation: The SerIoT Approach , Security Risk Management for the Internet of Things: Technologies and Techniques for IoT Security, Privacy and Data Protection, John Soldatos: Now Publishers, pp. 88–104, 2020

    Published in:

    Security Risk Management for the Internet of Things: Technologies and Techniques for IoT Security, Privacy and Data Protection, John Soldatos: Now Publishers, pp. 88–104, 2020

     Authors

     Baldini, G., P. Fröhlich, E. Gelenbe, J. Luis Hernandez-Ramos, M. Nowak, S. Nowak, S. Papadopoulos, A. Drosou, and D. Tzovaras

    Abstract

    Cyberattacks on the Internet of Things (IoT) can be the source of major economic damage. They can disrupt production lines, manufacturing processes, and supply chains. They can adversely impact the physical safety of vehicles and transportation systems, and damage the health of living beings both through supply chains for food, medicines, and other vital items, as well as through direct attacks on sensors and actuators that may be connected to vital functions. Thus, securing the IoT is of primary importance to our societies. This paper describes the technical approach that we adopt for IoT security in the SerIoT Research and Innovation Project that is funded by the European Commission. We first discuss the risk scenario for the IoT and briefly review approaches that have been developed to mitigate such risks.
    Then, we discuss a policy-based lightweight approach that mitigates risks at the level of the attachment of IoT devices to a network. We follow this with a detailed proposal based on using a distributed Machine Learning approach to risk and attack detection in real time, as well as suggestions for future work.

    DOI: http://10.1561/9781680836837.ch5

     

  50. P. Foremski, S. Nowak, P. Fröhlich, J. Hernández-Ramos, and G. Baldini (2020, July) Autopolicy: Automated Traffic Policing for Improved IoT Network Security, Sensors, vol. 20, no. 15, p. 4265, Jul. 2020

    Published in:

    Sensors, vol. 20, no. 15, p. 4265, Jul. 2020

     Authors

     P. Foremski, S. Nowak, P. Fröhlich, J. Hernández-Ramos, and G. Baldini

     Abstract

    A 2.3Tbps DDoS attack was recently mitigated by Amazon, which is a new record after the 2018 GitHub attack, or the famous 2016 Dyn DNS attack launched from hundreds of thousands of hijacked Internet of Things (IoT) devices. These attacks may disrupt the lives of billions of people worldwide, as we increasingly rely on the Internet. In this paper, we tackle the problem that hijacked IoT devices are often the origin of these attacks. With the goal of protecting the Internet and local networks, we propose Autopolicy: a system that automatically limits the IP traffic bandwidth—and other network resources—available to IoT devices in a particular network. We make use of the fact that devices, such as sensors, cameras, and smart home appliances, rarely need their high-speed network interfaces for normal operation. We present a simple yet flexible architecture for Autopolicy, specifying its functional blocks, message sequences, and general operation in a Software Defined Network. We present the experimental validation results, and release a prototype open source implementation. 

     

    DOI: http://doi.org/10.3390/s20154265

    Zenodo: https://zenodo.org/record/4479760

  51. J. Hu, K. Yang, K. Wang and K. Zhang (2020, February) A Blockchain-Based Reward Mechanism for Mobile Crowdsensing, in IEEE Transactions on Computational Social Systems, vol. 7, no. 1, pp. 178-191, Feb. 2020, DOIi: https://doi.org/10.1109/TCSS.2019.2956629

    Published in:

    IEEE Transactions on Computational Social Systems, vol. 7, no. 1, pp. 178-191, Feb. 2020

     Authors

    J. Hu, K. Yang, K. Wang and K. Zhang

     Abstract

    Mobile crowdsensing (MCS) is a novel sensing scenario of cyber-physical-social systems. MCS has been widely adopted in smart cities, personal health care, and environment monitor areas. MCS applications recruit participants to obtain sensory data from the target area by allocating reward to them. Reward mechanisms are crucial in stimulating participants to join and provide sensory data. However, while the MCS applications execute the reward mechanisms, sensory data and personal private information can be in great danger because of malicious task initiators/participants and hackers. This article proposes a novel blockchain-based MCS framework that preserves privacy and secures both the sensing process and the incentive mechanism by leveraging the emergent blockchain technology. Moreover, to provide a fair incentive mechanism, this article has considered an MCS scenario as a sensory data market, where the market separates the participants into two categories: monthly-pay participants and instant-pay participants. By analyzing two different kinds of participants and the task initiator, this article proposes an incentive mechanism aided by a three-stage Stackelberg game. Through theoretical analysis and simulation, the evaluation addresses two aspects: the reward mechanism and the performance of the blockchain-based MCS. The proposed reward mechanism achieves up to a 10% improvement of the task initiator’s utility compared with a traditional Stackelberg game. It can also maintain the required market share for monthly-pay participants while achieving sustainable sensory data provision. The evaluation of the blockchain-based MCS shows that the latency increases in a tolerable manner as the number of participants grows. Finally, this article discusses the future challenges of blockchain-based MCS.

    DOI: https://doi.org/10.1109/TCSS.2019.2956629

  52. M. Mitev, A. Chorti, M. Reed, and L. Musavian (2020, June) Authenticated secret key generation in delay-constrained wireless systems, J Wireless Com Network, vol. 2020, no. 1, Jun. 2020

    Published in:

    J Wireless Com Network, vol. 2020, no. 1, Jun. 2020

     Authors

    M. Mitev, A. Chorti, M. Reed, and L. Musavian

     Abstract

    With the emergence of 5G low-latency applications, such as haptics and V2X, low-complexity and low-latency security mechanisms are needed. Promising lightweight mechanisms include physical unclonable functions (PUF) and secret key generation (SKG) at the physical layer, as considered in this paper. In this framework, we propose (i) a zero round trip time (0-RTT) resumption authentication protocol combining PUF and SKG processes, (ii) a novel authenticated encryption (AE) using SKG, and (iii) pipelining of the AE SKG and the encrypted data transfer in order to reduce latency. Implementing the pipelining at PHY, we investigate a parallel SKG approach for multi-carrier systems, where a subset of the subcarriers are used for SKG and the rest for data transmission. The optimal solution to this PHY resource allocation problem is identified under security, power, and delay constraints, by formulating the subcarrier scheduling as a subset-sum 0−1 knapsack optimization. A heuristic algorithm of linear complexity is proposed and shown to incur negligible loss with respect to the optimal dynamic programming solution. All of the proposed mechanisms have the potential to pave the way for a new breed of latency aware security protocols.

    DOI: https://doi.org/10.1186/s13638-020-01742-0

  53. A. Protogerou, S. Papadopoulos, A. Drosou, D. Tzovaras, and I. Refanidis (2020, June) A graph neural network method for distributed anomaly detection in IoT. Evolving Systems, Jun. 2020

    Published in:

    Evolving Systems, Jun. 2020

    Authors

     A. Protogerou, S. Papadopoulos, A. Drosou, D. Tzovaras, and I. Refanidis

     Abstract

    Recent IoT proliferation has undeniably affected the way organizational activities and business procedures take place within several IoT domains such as smart manufacturing, food supply chain, intelligent transportation systems, medical care infrastructures etc. The number of the interconnected edge devices has dramatically increased, creating a huge volume of transferred data susceptible to leakage, modification or disruption, ultimately affecting the security level, robustness and QoS of the attacked IoT ecosystem. In an attempt to prevent or mitigate network abnormalities while accommodating the cohesiveness among the involved entities, modeling their interrelations and incorporating their structural, content and temporal attributes, graph-based anomaly detection solutions have been repeatedly adopted. In this article we propose, a multi-agent system, with each agent implementing a Graph Neural Network, in order to exploit the collaborative and cooperative nature of intelligent agents for anomaly detection. To this end, against the propagating nature of cyber-attacks such as the Distributed Denial-of-Service (DDoS), we propose a distributed detection scheme, which aims to monitor efficiently the entire network infrastructure. To fulfill this task, we consider employing monitors on active network nodes such as IoT devices, SDN forwarders, Fog Nodes, achieving localization of anomaly detection, distribution of allocated resources such as the bandwidth and power consumption and higher accuracy results. In order to facilitate the training, testing and evaluation activities of the Graph Neural Network algorithm, we create simulated datasets of network flows of various normal and abnormal distributions, out of which we extract essential structural and content features to be passed to neighbouring agents.

    DOI: http://doi.org/10.1007/s12530-020-09347-0

    Zenodo: https://zenodo.org/record/4506372#.YCD5VegzaUl

  54. G. Baldini, J. L. Hernandez-Ramos, S. Nowak, R. Neisse, and M. Nowak (2020, September) Mitigation of Privacy Threats due to Encrypted Traffic Analysis through a Policy-Based Framework and MUD Profiles, Symmetry, vol. 12, no. 9, p. 1576, Sep. 2020,

    Published in:

    Symmetry, vol. 12, no. 9, p. 1576, Sep. 2020

     Authors

     G. Baldini, J. L. Hernandez-Ramos, S. Nowak, R. Neisse, and M. Nowak

     Abstract

    It has been proven in research literature that the analysis of encrypted traffic with statistical analysis and machine learning can reveal the type of activities performed by a user accessing the network, thus leading to privacy risks. In particular, different types of traffic (e.g., skype, web access) can be identified by extracting time based features and using them in a classifier. Such privacy attacks are asymmetric because a limited amount of resources (e.g., machine learning algorithms) can extract information from encrypted traffic generated by cryptographic systems implemented with a significant amount of resources. To mitigate privacy risks, studies in research literature have proposed a number of techniques, but in most cases only a single technique is applied, which can lead to limited effectiveness. This paper proposes a mitigation approach for privacy risks related to the analysis of encrypted traffic which is based on the integration of three main components: (1) A machine learning component which proactively analyzes the encrypted traffic in the network to identify potential privacy threats and evaluate the effectiveness of various mitigation techniques (e.g., obfuscation), (2) a policy based component where policies are used to enforce privacy mitigation solutions in the network and (3) a network node profile component based on the Manufacturer Usage Description (MUD) standard to enable changes in the network nodes in the cases where the first two components are not effective in mitigating the privacy risks. This paper describes the different components and how they interact in a potential deployment scenario. The approach is evaluated on the public dataset ISCXVPN2016 and the results show that the privacy threat can be mitigated significantly by removing completely the identification of specific types of traffic or by decreasing the probability of their identification as in the case of VOIP by 50%, Chat by 40% and Browsing by 33%, thus reducing significantly the privacy risk.

    DOI: https://doi.org/10.3390/sym12091576

    Zenodo: https://zenodo.org/record/4479789

  55. T. Czachórski, E. Gelenbe, G. Kuaban, and D. Marek (2020, December)Time Dependent Diffusion Model for Security Driven Software Defined Networks, Proceedings of the Second International Workshop on Stochastic Modeling and Applied Research of Technology (SMARTY 2020), Petrozavodsk, Russia, August 16-20,2020, Edited by: Evsey V. Morozov, Alexander S. Rumyantsev, Oleg V. Lukashenko, CEUR Workshop Proceedings, vol. 2792, pp. 38-56, 12/2020

    Published in:

    Proceedings of the Second International Workshop on Stochastic Modeling and Applied Research of Technology (SMARTY 2020), Petrozavodsk, Russia, August 16-20,2020, Edited by: Evsey V. Morozov, Alexander S. Rumyantsev, Oleg V. Lukashenko, CEUR Workshop Proceedings, vol. 2792, pp. 38-56, 12/2020

     Authors

     T. Czachórski, E. Gelenbe, G. Kuaban, and D. Marek

     Abstract

    We present a model of a Software Defined Network (SDN) where frequent changes in routing and traffic rates at routers are needed to respond to the security, quality of service (QoS), and energy savings requirements of applications such as the Internet of Things. Such frequent path and traffic changes introduce time-dependent network behaviours, and standard queueing models are not well adapted to analyse the transient regime, we propose a tractable diffusion approximation for both the transient and steady-state behaviour. Our model can represent any network topology transmitting time-dependent flows with routing changes, and computes queue length and delay distributions at each network node and along complete paths between senders and receivers. Using realistic router parameters, we show that transients occupy a significant fraction of system time, so that the optimisation conducted with SDN controllers needs to include the effect of time-dependent behaviours.

    URL: http://ceur-ws.org/Vol-2792/

    Zenodo: https://zenodo.org/record/4479830

     

  56. Sara N. Matheu, Alberto Robles Enciso, Alejandro Molina Zarca,Dan Garcia-Carrillo, José Luis Hernández-Ramos, Jorge Bernal Bernabe, Antonio F. Skarmeta (2020) Security Architecture for Defining and Enforcing Security Profiles in DLT/SDN-Based IoT Systems. MDPI Sensors, 20 (7), 1882. 2020

    Published in:

    MDPI Sensors, 20 (7), 1882. 2020

     Authors

     Sara N. Matheu, Alberto Robles Enciso, Alejandro Molina Zarca,Dan Garcia-Carrillo, José Luis Hernández-Ramos, Jorge Bernal Bernabe, Antonio F. Skarmeta

     Abstract

    Despite the advantages that the Internet of Things (IoT) will bring to our daily life, the increasing interconnectivity, as well as the amount and sensitivity of data, make IoT devices an attractive target for attackers. To address this issue, the recent Manufacturer Usage Description (MUD) standard has been proposed to describe network access control policies in the manufacturing phase to protect the device during its operation by restricting its communications. In this paper, we define an architecture and process to obtain and enforce the MUD restrictions during the bootstrapping of a device. Furthermore, we extend the MUD model with a flexible policy language to express additional aspects, such as data privacy, channel protection, and resource authorization. For the enforcement of such enriched behavioral profiles, we make use of Software Defined Networking (SDN) techniques, as well as an attribute-based access control approach by using authorization credentials and encryption techniques. These techniques are used to protect devices’ data, which are shared through a blockchain platform. The resulting approach was implemented and evaluated in a real scenario, and is intended to reduce the attack surface of IoT deployments by restricting devices’ communication before they join a certain network

     

    DOI: https://doi.org/10.3390/s20071882

  57. Gianmarco Baldini, José L. Hernández-Ramos, Gary Steri, Ricardo Neisse, Igor Nai Fovino.(2020) A Review on the Application of Distributed Ledgers in the Evolution of Road Transport. IEEE Internet Computing, 24(6), 27-36. 2020

    Published in:

    IEEE Internet Computing, 24(6), 27-36. 2020.

     Authors

     Gianmarco Baldini, José L. Hernández-Ramos, Gary Steri, Ricardo Neisse, Igor Nai Fovino

    Abstract

    In recent years, distributed ledger technologies (DLTs) and blockchain have become disruptive technologies to support distributed and trusted sharing ecosystems in various domains. Among the potential scenarios that can leverage their benefits, cooperative intelligent transport systems (C-ITS) and autonomous vehicles (AV) represent a key trend of the next digital era to build a safer society. However, different aspects such as performance and practical issues, as well as conformance with current standards and legislation, may hinder the adoption of DLT in such scenarios. This article analyses the potential applications that could leverage DLTs features and the challenges to be overcome in the coming years to foster the adoption of DLTs in C-ITS and AV. Through this analysis, we additionally provide a set of potential research directions and ways forward to exploit the advantages of DLTs in C-ITS and AV in terms of decentralized trust and transparency.

    DOI: https://doi.org/10.1109/MIC.2020.3023295

  58. Jesus Sanchez-Gomez, Dan Garcia-Carrillo, Ramon Sanchez-Iborra, Jose L. Hernandez-Ramos, Jorge Granjal, Rafael Marin-Perez, and Miguel A. Zamora-Izquierdo (2020) Integrating LPWAN technologies in the 5G ecosystem: A survey on security challenges and solutions. IEEE Access. 2020

    Published in:

    IEEE Access. 2020

     Authors

    Jesus Sanchez-Gomez, Dan Garcia-Carrillo, Ramon Sanchez-Iborra, Jose L. Hernandez-Ramos, Jorge Granjal, Rafael Marin-Perez, and Miguel A. Zamora-Izquierdo

     Abstract

    The convergence of the Internet of Things (IoT) and 5G will open a range of opportunities for the deployment of enhanced sensing, actuating and interactive systems as well as the development of novel services and applications in a plethora of fields. Given the processing and communication limitations of both IoT devices and the most novel IoT transmission technologies, namely, Low Power Wide Area Network (LPWAN), there are notable concerns regarding certain security issues to be overcome in order to achieve a successful integration of LPWAN systems within 5G architectures. In this survey work, we analyze the main security characteristics of LPWANs, specially focusing on network access, and contrast them with 5G security requirements and procedures. Besides, we present a comprehensive review and analysis of research works proposing security solutions for the 5G-LPWAN integration. Finally, we explore open issues and challenges in the field and draw future research directions. From our analysis, it is evident that many efforts are being devoted from the academia, industry and Standards Developing Organizations (SDOs) for achieving the desired confluence of IoT and 5G worlds. We envision a successful integration of both ecosystems by exploiting novel lightweight security schemes addressing the stringent security requirements of 5G while being assumable by constrained IoT devices.

    DOI: https://doi.org/10.1109/ACCESS.2020.3041057

  59. Sara N. Matheu, José L. Hernández Ramos, Antonio Skarmeta, Gianmarco Baldini.(2020) A Survey of Cybersecurity Certification for the Internet of Things. ACM Computing Surveys. 53 (6) 1-36. 2020

    Published in:

    ACM Computing Surveys. 53 (6) 1-36. 2020

     Authors

     Sara N. Matheu, José L. Hernández Ramos, Antonio Skarmeta, Gianmarco Baldini

    Abstract

    In recent years, cybersecurity certification is gaining momentum as the baseline to build a structured approach to mitigate cybersecurity risks in the Internet of Things (IoT). This initiative is driven by industry, governmental institutions, and research communities, which have the goal to make IoT more secure for the end-users. In this survey, we analyze the current cybersecurity certification schemes, as well as the potential challenges to make them applicable for the IoT ecosystem. We also examine current efforts related to risk assessment and testing processes, which are widely recognized as the processes to build a cybersecurity certification framework. Our work provides a multidisciplinary perspective of a possible IoT cybersecurity certification framework by integrating research and technical tools and processes with policies and governance structures, which are analyzed against a set of identified challenges. This survey is intended to give a comprehensive overview of cybersecurity certification to facilitate the definition of a framework that fits in emerging scenarios, such as the IoT paradigm.

    DOI: https://doi.org/10.1145/3410160

  60. J. Hu, M. J. Reed, M. Al-Naday, and N. Thomos (2020,January) Hybrid Blockchain for IoT—Energy Analysis and Reward Plan, Sensors, vol. 21, no. 1, p. 305, Jan. 2021

    Published in:

    Sensors, vol. 21, no. 1, p. 305, Jan. 2021

     Authors

     J. Hu, M. J. Reed, M. Al-Naday, and N. Thomos

    Abstract

    Blockchain technology has brought significant advantages for security and trustworthiness, in particular for Internet of Things (IoT) applications where there are multiple organisations that need to verify data and ensure security of shared smart contracts. Blockchain technology offers security features by means of consensus mechanisms; two key consensus mechanisms are, Proof of Work (PoW) and Practical Byzantine Fault Tolerance (PBFT). While the PoW based mechanism is computationally intensive, due to the puzzle solving, the PBFT consensus mechanism is communication intensive due to the all-to-all messages; thereby, both may result in high energy consumption and, hence, there is a trade-off between the computation and the communication energy costs. In this paper, we propose a hybrid-blockchain (H-chain) framework appropriate for scenarios where multiple organizations exist and where the framework enables private transaction verification and public transaction sharing and audit, according to application needs. In particular, we study the energy consumption of the hybrid consensus mechanisms in H-chain. Moreover, this paper proposes a reward plan to incentivize the blockchain agents so that they make contributions to the H-chain while also considering the energy consumption. While the work is generally applicable to IoT applications, the paper illustrates the framework in a scenario which secures an IoT application connected using a software defined network (SDN). The evaluation results first provide a method to balance the public and private parts of the H-chain deployment according to network conditions, computation capability, verification complexity, among other parameters. The simulation results demonstrate that the reward plan can incentivize the blockchain agents to contribute to the H-chain considering the energy consumption of the hybrid consensus mechanism, this enables the proposed H-chain to achieve optimal social welfare.

    DOI: https://doi.org/10.3390/s21010305

  61. José L. Hernández-Ramos, Juan A. Martinez, Vincenzo Savarino, Marco Angelini, Vincenzo Napolitano, Antonio Skarmeta, Gianmarco Baldini (2020) Security and Privacy in IoT-enabled Smart Cities: challenges and future directions. IEEE Security & Privacy, 19 (1). 2021

    Published in:

    IEEE Security & Privacy, 19 (1). 2021

     Authors

    José L. Hernández-Ramos, Juan A. Martinez, Vincenzo Savarino, Marco Angelini, Vincenzo Napolitano, Antonio Skarmeta, Gianmarco Baldini

    Abstract

    The digitalization of current urban spaces is realizing the vision of so-called smart cities, where security and privacy concerns could affect citizens’ safety. This work discusses potential solutions derived from European Union research efforts to be considered in the coming years.

    DOI: https://doi.org/10.1109/MSEC.2020.3012353

     

  62. Asterios Mpatziakas, Stavros Papadopoulos, Anastasios Drosou, Dimitrios Tzovaras (2021) A Hypothesis Testing tool for the comparison of different Cyber-Security Mitigation Strategies in IoT. IEMTRONICS 2021 Conference Proceedings . International IOT, Electronics and Mechatronics Conference. Vancouver, Canada 2021

    Published in:

    IEMTRONICS 2021   Conference Proceedings . International IOT, Electronics and Mechatronics Conference.  Vancouver, Canada

    Authors

    Asterios Mpatziakas, Stavros Papadopoulos, Anastasios Drosou, Dimitrios Tzovaras

    Abstract

    Internet of Things (IoT) is a field with tremendous growth that already shows great impact in numerous domains. Simultaneous with this development is the need for better Cyber-security: IoT systems are attacked by various adversaries
    targeting IoT services, platforms and networks, which can have disruptive consequences. These attacks can be countered using multiple strategies with different effects to the system. The following paper, proposes a novel approach based on Machine Learning and Statistical Hypothesis Testing, which allows the security operator to investigate how using different strategies affects various KPI related to the security of the IoT network and if the KPI resulting from modifications to a mitigation strategy are statistically different when compared to those occurring from a starting mitigation action set.

    DOI: 10.5281/zenodo.4610920

    Zenodo: https://zenodo.org/record/4610920

  63. N. Li, X. Hu, E. Ngai and E. Gelenbe, "Cooperative Wireless Edges with Composite Resource Allocation in Hierarchical Networks," 2020 IEEE International Conference on E-health Networking, Application & Services (HEALTHCOM), 2021, pp. 1-6

    Published in:

     IEEE International Conference on E-health Networking, Application & Services (HEALTHCOM), 2021, pp. 1-6

    Authors

    N. Li, X. Hu, E. Ngai and E. Gelenbe

    Abstract

    With the expansion of the IoT, it is important to optimize available bandwidth to reliably support edge to device communications. Thus we propose a wireless network where each edge server communicates with its end devices using its wireless band as a primary channel, assisted by a secondary edge server that can relay communications via its own wireless band as a secondary channel. The network can optimize capacity by balancing load between primary and secondary wireless
    bands, and we analyze the geometry of achievable rate regions, depending on the state of bands modeled as Rayleigh fading channels. The allocation of a connection to the primary or  secondary band is formulated as an optimization problem which is then solved, and illustrated with numerical examples

    DOI:  https://doi.org/10.1109/HEALTHCOM49281.2021.9398997

     

     

  64. Piotr Fröhlich, Erol Gelenbe, Jerzy Fiołka, Jacek Checinski, Mateusz Nowak and Zdzisław Filus, "Smart SDN Management of Fog Services to Optimize QoS and Energy " Sensors 2021, 21(9), 3105; – 29 Apr 2021

    Published in:

     Sensors 2021, 21(9), 3105;

    Authors

    Piotr Fröhlich, Erol Gelenbe, Jerzy Fiołka, Jacek Checinski, Mateusz Nowak and Zdzisław Filus

    Abstract

     The short latency required by IoT devices that need to access specific services have led to the development of Fog architectures that can serve as a useful intermediary between IoT systems and the Cloud. However, the massive numbers of IoT devices that are being deployed raise concerns about the power consumption of such systems as the number of IoT devices and Fog servers increase. Thus, in this paper, we describe a software-defined network (SDN)-based control scheme for client–server interaction that constantly measures ongoing client–server response times and estimates network power consumption, in order to select connection paths that minimize a composite goal function, including both QoS and power consumption. The approach using reinforcement learning with neural networks has been implemented in a test-bed and is detailed in this paper. Experiments are presented that show the effectiveness of our proposed system in the presence of a time-varying workload of client-to-service requests, resulting in a reduction of power consumption of approximately 15% for an average response time increase of under 2%

    DOI: https://doi.org/10.3390/s21093105

LATEST NEWS

LATEST TWEETS

📣We are glad to announce the @cyberwatchingeu #ProjectOfTheWeek is @SERIOT_Project.

The project optimising the information #security in #IoT platforms & networks in a holistic, cross-layered manner for detecting & mitigating attacks on IoT devices.
▶️https://t.co/WcqLhFRx4q

IoT Global Market for Surveilance applications is expected to reach €35 Billion by 2024, it is one of the most fast-growing segments of the IoT market. In our recent use case video, we present how SerIoT is applied to this #IoT segment. See more: https://t.co/mZoQ8Zv9Pt

SerIoT deliverable D9.5 analyses the current landscape of IoT security and privacy standardization activities, including aspects about Fog/SDN and blockchain. Learn more here: https://t.co/49OtCQuPKJ

Join us on #IoTDay, 9 April 2021 at 12.00-13.30 (CET) for a roundtable discussion on the latest developments with the #H2020 projects EU-IoT, IoTAC_H2020, SecureIoT Project, H2020 SERIOT.
Register now: https://t.co/03Mby4gH4T
#IoT #InternetOfThings

Load More...