See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/333619623

Internet of Things: A security overview

Technical Report · March 2019

DOI: 10.13140/RG.2.2.29288.72963

CITATIONS

2READS

63

4 authors, including:

Some of the authors of this publication are also working on these related projects:

Cyber Security View project

Machine Learning View project

Bedilbek Khamidov

Inha University in Tashkent

2 PUBLICATIONS   2 CITATIONS   

SEE PROFILE

Shakhobiddin Urmanov

Inha University in Tashkent

2 PUBLICATIONS   2 CITATIONS   

SEE PROFILE

Eldor Abdukhamidov

Inha University in Tashkent

1 PUBLICATION   2 CITATIONS   

SEE PROFILE

All content following this page was uploaded by Bedilbek Khamidov on 05 June 2019.

The user has requested enhancement of the downloaded file.

Internet of Things: A security overview

Bedilbek Khamidov Shakhobiddin Urmanov Eldor Abdukhamidov Jakhongir Bakhodirov

bedilbek@gmail.com urmanovshaxobiddin@gmail.com

mr.eldorabdukhamidov@gmail.com

bakhodirovjakhongir@gmail.com

Department of Computer and Information Engineering

Inha University in Tashkent

Supervised by: Dr. Tamer Abuhmed

Computer Engineering Department INHA university

tamer@inha.ac.kr

Abstract The goal of today’s ubiquitous computing is embedding a computational and wireless

communication unit into every physical object that people need to interact starting from refrigerators to a regular chair. This model of ubiquitous connectivity also known as Internet of Things, leads to the evolution of new generation of Internet. IoT ecosystem has made one step further movement in the direction of ubiquitous connectivity. Its implementation in industry and society has changed the entire view on monitoring and foreseeing different processes and phenomena. Even though this continuous evolution of IoT utilities is highly valuable, the envisioning of its security issues is equally important especially in the situation of ubiquitous accessibility of internet. This paper reveals the security concerns of IoT in commonly accepted architectural layers by proposing and guiding into theoretically and sometimes practically available solutions to these security concerns.

Table of Contents Abstract 2

Table of Contents 3 List of Figures 5 1 Introduction 6

Motivation 6 2 IOT architecture 6

2.1 Perception Layer 7 2.2 Network Layer 7 2.3 Middleware Layer 8 2.4 Application Layer 8

3 Principles of IOT security 8 3.1 Data Confidentiality 9 3.2 Data Integrity 9 3.3 Data Availability 10

4 Security challenges in IoT architecture 10 4.1 Perception Layer 10

4.1.1 Unauthorized tag disabling 11 4.1.2 RFID Jamming 11

4.2 Network Layer 11 4.2.1 Sybil Attack 11 4.2.2 Sinkhole Attack 12 4.2.3 Sleep Deprivation Attack 12 4.2.4 Malicious code injection 13

4.3 Middleware Layer 14 4.3.1 Unauthorized access 14 4.3.2 Malicious Insider 14

4.4 Application Layer 14 4.4.1 Spear-Phishing Attack 14 4.4.2 Sniffing Attack 14

5 Security Countermeasures on IoT architecture 14 5.1 Perception Layer 15

5.1.1 RFID Capability Utilization 15 5.1.2 Anti RFID Cloning 15 5.1.3 Risk Assessment 15

5.2 Network Layer 15 5.2.1 Routing Security 16

5.2.2 Peer to peer encryption 16 5.2.3 Anomaly detection 16

5.3 Middleware Layer 17 5.3.1 Authentication 17 5.3.2 Intrusion detection 17

5.4 Application Layer 17 5.4.1 Authorization 17

6 Conclusion 18 7 References 19

List of Figures 1. IoT architecture by layers 1 2. The CIA triad 2 3. Sinkhole attack example 3 4. Sleep deprivation attack 4 5. Malicious code injection attack 5

1 Introduction Internet of Things, as a system of interconnected devices was introduced by Kevin

Ashton almost two decades ago [1]. Since then, powered with a great number of enabling device technologies such as RFID tags and readers, near field communication (NFC) devices and embedded sensor nodes, the IoT has gone out of its infancy period and is the next technological wave changing the PC-based Internet into the fully ubiquitous Future Internet [2].

Even though the IoT gives a great promise about the future, it is not without potential security flaws. The easiness of access to the devices gives an open possibility of exploits by hackers [3]. The devices are so rooted into the personal lives of people, so that they have a direct influence on them, which means that availability of security infrastructure must be taken into consideration.

It is important to outline the overall structure of the report which has the following structure.

In Section 2 of the report, an overall architectural view of IoT infrastructure is introduced. By dividing the IoT infrastructure into separate and logically organized structure, a comprehensive overview is given to IoT.

After the overall architecture of IoT is explained, Section 3 emphasizes on the principles of IoT security by discussing its security from the view of data confidentiality, integrity and availability, i.e., the CIA triad.

Sections 2 and 3 give a separate definition to concepts of IoT and security principles, therefore, by combining two previous sections, Section 4 highlights the potential security issues of IoT architecture by inspecting it with the proposed security principles and addresses the major security flaws in each layer of IoT architecture. Section 5 is the most highlighted part of the paper which introduces and discusses comparably noticeable and promising solutions to problems pointed out in the previous section.

Motivation Even though no international de-jure standards have been uniformly adopted for IoT

architecture and its security yet, there is certainly some shared vision about IoT architecture proposed in numerous of research papers. This paper gives general overview to a particular common vision of IoT architecture from the critical viewpoint of security principles by inspecting and revealing the potential security flaws of the architecture. Furthemore, state-of-the-art solutions to these security flaws were proposed by considering them both in separate and holistic view.

2 IOT architecture In the IoT architecture, layers are defined by their interaction methods according to

appropriate parties. There are different views about the number of layers in IoT. According to

“Critical Analysis on Security Concerns of IoT” research paper, it is recommended to divide the IoT architecture into four layers as shown in the figure below [3].

Figure 1. IoT Architecture by layers

It is considered that the Internet of Things is the third wave of the World Wide Web. The

Internet of Things, a worldwide network, associates distinctive objects everywhere with the help of web convention, called “Internet Protocol”.

2.1 Perception Layer The perception layer, also known as the recognition layer is the lowest layer of the

conventional architecture of Internet of Things including divergent data sensors including radio-frequency identification, barcode readers, bluetooth, near-field communication, low-power personal area network and others [4]. The main goal of the layer is that it should define distinctive objects and process the resultant data which is collected from the outside world using sensors.

2.2 Network Layer Network layer is a middle layer. It constitutes an object abstraction layer. The main goal

of the layer is to transfer information collected from the perception layer, to the middleware layer through available communication networks such as internet, mobile network and others. The layer acts as mediating layer between service management and the perception layer and RFID, 3G, WIFI and other networking technologies are used in it. Also it is good to acknowledge that for wireless communications, wireless sensor network plays an important role. It consists of thousands of sensor nodes connected using wireless technologies. It should be said that most of the communication in WSN is based on the IEEE 802.15.4 [5].

2.3 Middleware Layer The layer which is a set of sub-layers interposed between technological and application

layers is based on SOA (Service-Oriented Architecture), and it provides necessary infrastructure of services. Most of the available IoT middleware extend over different domains, including industry, environment, and society [6]. It includes systems which process information and take automated actions according to the result of data, and it also connects the system with a database that supports capability of storage for the resultant data.

2.4 Application Layer It is the top highest layer in the IoT architecture. On the basis of needs of the user, it

supports specific services [4]. The layer is basically responsible to link the gap between the user and devices. It attains the high-level intelligent applications such as disaster monitoring, health monitoring, transposition, ecological and medical environment, and others.

3 Principles of IOT security The challenges that IoT security face today can be divided into two main parts like

Technological and Security challenges [7]. The Technological challenges comes from heterogeneous and ubiquitous nature of IoT that are connected to wireless technologies, energy, scalability, and distributed nature of devices, while Security challenges connected to the principles and functionalities that should impose secure network by authentication, confidentiality, end-to-end security and integrity.

Security should be provided to all IoT devices throughout their development and operational lifecycle [8]. There are different mechanisms to provide security and one of main is CIA triad that ensure security with its three areas, which are data confidentiality, integrity and availability. A fail in any of these areas can cause a serious threat to the system. Therefore, each of them must be considered.

It is also important to consider the fact that implementing all 3 security factors can be really hard, as it affects to productivity and efficiency of the system. Thus, according to the business rules of the IoT services, proper strategies should be taken, and principles should be integrated accordingly. This will lead to trade-offs, but in long run, the system will stay efficient and safe.

Figure 2. The CIA Triad

3.1 Data Confidentiality Data confidentiality prevents disclosure of data from the unauthorized party, in other

words it provides confidence to users with the privacy of their data by using different mechanisms. There are variety of security mechanisms to provide confidentiality of data and one of them is data encryption, where data is encrypted to ciphertext and without proper authorization, it is very difficult to access the original data that is available only to the authorized users. Another mechanism is two-step verification, where data can be accessed only if both the components pass the authentication test with their dependency that was provided by the mechanism. The most common mechanism for data confidentiality is Biometric Verification, where every user is uniquely identifiable.

In the IoT based devices, it provides secure sensor networks that do not convey the data to the unpermitted user [9]. One more confidentiality problem that must be considered is how the data will be controlled. It is important for the users of IoT that can be human, machines and services, internal and external objects, to know management mechanisms that will be used and ensure that the information is secured during the whole process [10].

3.2 Data Integrity The IoT is based on exchanging data between variety of devices, that is hereby crucial

to assure the precision of the data. During the transmission and reception of data, information can be changed by the cybercriminals or even more crash of server or an electromagnetic disturbance that cannot be controlled by human factor can cause big problem. In these kind of situations, data integrity can be very useful to protect information from the cybercriminals or

other common tracking methods during the IoT communication by maintaining end-to-end security, so that the data cannot be changed or deleted [11].

There are different kind of mechanisms to ensure integrity of data. Well known candidate mechanisms are Checksum and Cyclic Redundancy Check that provide the accuracy and originality of information. It is also good to acknowledge that utilization of firewalls and protocols to manage the data traffic do not always ensure the security at endpoints of the IoT nodes, because there is a pure computational power. For that purpose, constant synchronization of the data is implemented on IoT which helps to keep redundant records of a file, so that in case of deletion of data, it can be restored. In addition to it, it is very useful for the IoT based devices to keep original form of the data, when it was attacked by the unauthorized users [12].

3.3 Data Availability One of the main objective of IoT security is data availability that provides the immediate

access of authorized party to the information resources, whenever it is needed. However, data is not the only component that is used in the IoT, smart devices and services must also be reachable in a timely manner to reach expectations of IoT and connect as many smart devices as possible [11]. A lot of companies dependending on this factor are threatened from attacks like DOS (Denial of service), which can undermine the service access to everyone. Thus, prevention services like firewalls were created to counteract that kind of dangers and threats. Moreover, data availability prevents flow of information to the third party [3].

4 Security challenges in IoT architecture It is appropriate to admit that security issues arise when CIA triad is not fully achieved in

the implementation of system which can be software or hardware. Looking deeper in the development life cycle of a system, one can see different layers where each layer does its own job and also acts as a supporting component for the next layer. If security principles are violated in any of these layers, then whole system is under the risk, thus found security violation can be a security breach on the hands of unfavourable individuals.

IoT is also not an exception. As mentioned above, 4 layer architecture plays an important role in the development of IoT based devices. This architecture has some security challenges and issues which will be discussed in the following subsections in more details.

4.1 Perception Layer As described in the previous sections, perception layer is responsible for direct physical

communication with the outer environment, which means that it is most prone layer to vulnerabilities. Most of the time perception layer implies the usage of RFID technology. Below there will be discussed main RFID security threats:

4.1.1 Unauthorized tag disabling RFID Tag disabling can be considered as a Denial-of-Service(DoS) attack where

evil-minded person can make the tag isolated from the outer environment or just cause the tag to function improperly.

Such kind of attack upon success may lead to the serious danger to the integrity of the IoT system. Let’s consider the example of usage of RFID tags to anti-theft system, where an attacker can disable the RFID tag attached to some valuable item and can freely steal it [13].

4.1.2 RFID Jamming It is worth mentioning that the RFID technology is all about radio waves frequency and

has a fifty years old historical evolution. This fact implies that a numerous of security flaws that had been discovered to hack the radio waves since the beginning of discovery of them, can also be applied to the RFID technology. And radio frequency jamming is one of the oldest destructive methods, that can also be applied to interfere the communication between RFID tag and reader. RFID tag and reader are prone to vulnerability in a way that RF jamming disrupts all the communication between tag and reader by adding noise signals [14].

4.2 Network Layer It is clear from the above discussions that on the network layer IOT mainly operates with

Wireless Sensor Network (WSN) component. But this component has some security problems which should be addressed [3]:

4.2.1 Sybil Attack In Massive peer-to-peer systems, establishing threat prevention from data integrity or

data availability, requires creation of redundant remote nodes that can work independently interacting with each other. This implies implementing distributed network where the result of computing or information retrieval are not dependent on a single node, thereby the result is a superposition of all distinct remote computing elements. However, if one adverse remote node announces itself as redundant many nodes and manages to interact with other node, other party can be duped and adversary can have control over the system. This attack is called “Sybil attack” [15].

Sybil attack scenario in the case of IoT can lead to potential risks of an autonomous system where independent IoT devices are connected and cooperating with each other. As an illustration, warehouse fulfilment project of Amazon where IoT based robots, managing and moving column of parcels from one line to another line, are part of supply chain where if new pseudonymous robot identities connects to their network, the whole delivery process can be damaged [16].

4.2.2 Sinkhole Attack This attack is based on intrusion in the guise of a router. Specifically, one vicious router

connects to the network and starts advertising itself to other nodes as a high speed and high quality router. After successful connection made to adversary router, all data flow will move through defected router which can compromise or drop them all [17].

Figure 3. Sinkhole Attack example

As depicted in the figure above the malicious node-3 may advertise to all the routers

and take their attention which leads to the situation where all the routers will send data through the malicious node.

Similarly for the circumstance where it is applied to IoT autonomous system, it eventually leads to data leakage or data loss by deputing all sensors connected to the same network. Also this is not the only danger. IoT based devices are considered as low power consuming and more susceptible to network traffic, thereby Sinkhole attack even can cause another problem of DDOS attack by excessive advertising [18].

4.2.3 Sleep Deprivation Attack Many low energy consuming devices have sleep cycles in order to stay alive they go into battery recovery mode. Sleep cycles help to alleviate the power consumption, thus theoretically providing device with circumstance to sleep until some predefined scheduled job substitutes it. The following attack takes benefits from this scenario to exhaust the power of the battery by sending redundant control traffic packets, where each packet have to be received by the device and responded accordingly. By the time the device is receiving faulty packets it undermines its sleep cycle period and exhausts its battery life [19]. The figure below portrays the situation

where some malicious node sends excessively many packets which results in an inconsistent sleep cycle of a healthy node.

Figure 4. Sleep deprivation attack

4.2.4 Malicious code injection In today's world, not all the attacks are proceeded from a distance. There is other type of

attack, Physical attack, where the adversary physically interacts with the target and inserts some malicious code into it. Process can vary for different occasions, sometimes by connecting malicious device to the target and sometimes reprogramming the target system. This is also referred as “Malicious code injection”. Successful attack can give full control over the target system to the adversary [20].

Figure 5. Malicious code injection attack

4.3 Middleware Layer This layer introduces security issues related to cloud data or any other data storage

technologies that are base foundation for IoT data collection. Some of the known vulnerabilities of this layer are described below:

4.3.1 Unauthorized access Basically middleware layer is a server, introduced in above sections, that accepts data

from IoT based devices through implemented API. Thus, this layer becomes vulnerable to attacks from the outer world where not only IoT based devices tries to connect, but also other parties try to exploit the interfaces of the server. It leads to the conclusion that any party successfully connected to the server could have full power over all devices connected to it [21].

4.3.2 Malicious Insider This type of attack is worth mentioning, because some people may argue, it is the least

important factor for attackers. However, in some circumstances it creates the most vulnerable attack. Basically the attack based on accessing and compromising the server from inside, thereby even authorized and trusted person tries take advantage of server data for his own interests or for the interests of some third party.

4.4 Application Layer The top high layer of IoT architecture is also not free from security issues. Some related

security issues of Application layer are depicted below:

4.4.1 Spear-Phishing Attack When the victim person, the high privileged user of IoT application, receives guise of

legitimate mail and reads it, adversary gains important credentials of the victim, thereby he uses this information to retrieve sensitive data from IoT application.

4.4.2 Sniffing Attack This type of attack is introduced if attacker could bring sniffer into IoT application which

could collect all the data flow from all the layers, thus enabling the attacker to use all collected data to exploit the system [22].

5 Security Countermeasures on IoT architecture Different attacks on layers IoT architecture can bring to acute security vulnerabilities if

proper actions are not taken for each distinct circumstances. In order to mitigate this scenarios, well-defined security principles should be proposed. In the following section various solutions on adversary against protection for each layer will be discussed.

5.1 Perception Layer This layer mainly works closely with the outer environment by sensing and collecting

data where proximity to outer environment creates many issues based on the fact that environment can be chaotic. Problems basically occur, when the node at perception layer starts transmitting the collected data to the higher layer. Node should be aware of the authentication of the higher layer. Thus, several authentication mechanisms will be described below.

5.1.1 RFID Capability Utilization Most RFID devices lacks computational capability and usage of cryptographic

algorithms becomes problematic for ensuring secureness of the component. However, there exists light weight authentication designs to secure RFID devices. The design convention guarantees shared verification between RFID perusers and labeled things without creating extra expenses on device capabilities. Proposed authentication algorithm is based on XOR dependent encryption system, rather than complex encryption, utilizing hashing function[23].

5.1.2 Anti RFID Cloning RFID tags are prone to be cloned unauthorizedly by adversaries. If attackers get enough

information about a tag, they can obtain an access to this tag physically and use it. Also, there is no supplementary identifier of a tag which identifies which tag is original and which one is a copy. In order to diminish this incident, PUF technique is proposed. PUF (Physical Unclonable Function) is a “biometric” verification technique integrated into chips. PUF acquires the distinct confidential information from each chip. This information mainly can be used for identifying whether chip is safe and belong to the real owner of the device. In general, PUF techniques can improve anti-clone functionality of RFID devices[24].

5.1.3 Risk Assessment As it is said above, layer which is close to outer environment should be encapsulated

with more comprehensive security. Thus, the system that discovers the new threats and prevents intrusions from those threats is required for better protection. One example of this system is Dynamical Risk Assessment Method for IoT inspired by AIS (DRAMIA). Design principle of the method is capturing the network packets in the perception layer and checking whether they contain signs of attacks. Thus, DRAMIA is concerned about evaluating danger factor when attacks are captured with threat detection system.[25]

5.2 Network Layer The network layer works with means of wireless or wired modes. Thus, it creates

possibility for attacks. Here several methods are explained in order to reduce threats in network packet capturing.

5.2.1 Routing Security As it is shown in the challenges section related to Network layer threats, some of them

may even lead to shutting down of the system. Basically solving the problem starts from hop-to-hop architecture when one node does not know about other nodes and have only information about the next node it is sending the information. This type of architecture can be breached with the Sinkhole attack described in above section, and one type of solution is Dymo (Dynamic MANET) Routing[26] which is based on MANET or VANET structures where type of device and its characteristics are compared to create device oriented network[27]. The main concept behind Dymo protocol is to concentrate on traffic and communication cases to better evaluate the situation. Thus, it will be difficult for malware node to inject into target network without learning the communication circumstances of each node in the network. Also when it is difficult to keep track of the packet traffic in the network, protection can be relied on the strength of each node where DECA (Density-based Energy-efficient Clustering) method can be used[28]. This method analyzes the density or energy consumption of each node and by this information, decides the communicating signal strength with each node separately. This solution also provides better node identification when not authorized node wants to enter the network.

5.2.2 Peer to peer encryption It is clear that when one node sends a packet, this packet will go through about 10 or

more different networks and routers till it reaches the other end who will receive it. This communication medium for packet delivery is vulnerable as most part of the network is open for most of the people and many of this packets may lead to information leak. In order to prevent it, using symmetric encryption technologies are considered to be the better solutions for many IOT applications and devices [29]. It provides fast and less energy consuming capability compared to asymmetric encryption. One possible example for symmetric encryption is given as AES with better performance in both software and hardware implementation. AES is taken as an example, because of its application in wide variety of IOT applications and its compatibility.

5.2.3 Anomaly detection Anomaly identification in network layer is one of the most crucial requirements when

D2D communications create a big connection area among devices. Every connection in the network can influence positively or negatively to the quality of the connection. Thus, any member inside the that area is considered as active member of the network. To provide managed packet exchange though each connection, using an Artificial Neural Network (ANN) is proposed[30]. A MLP is a supervised ANN type for classification of threat protective strategies on an IoT network. This proposed method successfully can mitigate traces of different DDoS/DoS attacks.

5.3 Middleware Layer As described in the previous chapters the middleware layer is characterized by two main

security challenges, those are: unauthorized access and malicious insider. The general conceptual solutions to propose would be authentication for unauthorized access and intrusion detection for the other problem. The details of authentication and intrusion detection for IoT middleware layer are described below.

5.3.1 Authentication To prevent the IoT system middleware from unauthorized access of adversary, the

integrated identity identification service stacked in the cloud can be used. The authentication process is handled in multiple layers of IoT architecture, the difference between middleware-layer authentication and the authentication in other layers is that it can cooperate with other authentication services which implies that devices can even decide which associated information is accessible to the services used. Even though it provides some level of authentication and access control, this approach is not without potential threats such as insider attack as the responsibility shift to the third-party.

5.3.2 Intrusion detection For preventing malicious insiders and intrusions, there are several solutions that have

been proposed till these days. Most of them are very promising but currently can not be deployed in the given IoT computational resource constraints or due to a lack of precise placement strategy. One of the unordinary and most promising intrusion detection systems is signature-based IDS that uses Artificial Immune System mechanisms. In this approach, there are specially modeled intelligent detectors with attack signatures that are very similar to immune cells that are able to classify packets into malicious or normal packets[31].

Another solution was proposed in 2013, where a whole architecture for wireless intrusion detection system was described. In the architecture proposed, the network device with normal activity profiles are constructed by using computational intelligence techniques[32].

5.4 Application Layer It may be illusive for majority that on the application layer chances for threat vulnerability

decreases dramatically by considering the fact that, the higher the layer, the more difficult to get to the source. However, most dangerous threats or issues can occur exactly on this layer. Here strategies that will prevent mainly from phishing, unauthorized access will be discussed.

5.4.1 Authorization Not all services implement robust authorization system for their different applications.

Thus, some well-defined protocols were created to control the sequence of authorization and authentication. One mostly known protocol is OAuth based Authorization Service implementation for IoT applications[33]. One of its advantages is in providing different roles for

different circumstances with exact session durations. This guarantees the full security with access control in timely manner. In addition to OAS, it is possible to increase the level of security once more with Multiple Factor Authentication[34]. In this way, person has to authorize at least 2 times, to prove himself that he is really him and making impossible for phishing, man-in-the-middle and other deceitful attacks.

6 Conclusion This paper mainly discussed about the IoT security issues and different proposed

solutions. By giving the architectural overview of IoT infrastructure and then by introducing the key principles of security, potential security challenges of IoT was described in architecturally structurized view.

It is wise to accept that nowadays the IoT is already reaping its rewards in terms of practical applications by being deployed in real-life use cases. In addition to this, a numerous of researches are being carried out to enhance the development of IoT technology. In spite of this fact, it can be observed that the key issues of IoT security still need a revision or even are neglected to an extent that such kind of recklessness or indifference can lead to a disaster at significant scale. Besides this, the observations force to imply that the Internet of Things has a lot more than just a technical issues, there is apparently more policies, laws and conventions supposed to be introduced as a standard security management for IoT system.

7 References [1] Ashton K. That ‘internet of things’ thing. RFID journal. 2009 Jul 22;22(7):97-114. [2] Gubbi J, Buyya R, Marusic S, Palaniswami M. Internet of Things (IoT): A vision,

architectural elements, and future directions. Future generation computer systems. 2013 Sep 1;29(7):1645-60.

[3] Farooq MU, Waseem M, Khairi A, Mazhar S. A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications. 2015 Jan 1;111(7).

[4] Suo H, Wan J, Zou C, Liu J. Security in the internet of things: a review. In: Computer Science and Electronics Engineering (ICCSEE), 2012 international conference on 2012 Mar 23 (Vol. 3, pp. 648-651). IEEE.

[5] Journal of Electrical and Computer Engineering Volume 2017, Article ID 9324035, 25 pages

[6] Tiburski RT, Amaral LA, De Matos E, Hessel F. The importance of a standard security architecture for SOA-based iot middleware. IEEE Communications Magazine. 2015 Dec;53(12):20-6.

[7] P. N. Mahalle, B. Anggorojati, N. R. Prasad, and R. Prasad, "Identity authentication and capability based access control (iacac) for the internet of things," J. of Cyber Security and Mobility, vol. 1, 309-348, 2013.

[8] M. Leo, F. Battisti, M. Carli, and A. Neri, "A federated architecture approach for Internet of Things security," in Euro Med Telco Conference (EMTC), 1-5, 2014.

[9] Daniele Miorandi, Sabrina Sicari, Francesco De Pellegrini and Imrich Chlamtac, ”Internet of Things: Vision, applications and research challenges,” In: Ad Hoc Networks, 2012, pp.1497-1516

[10] R. Roman, P. Najera, and J. Lopez, "Securing the internet of things," Computer, vol. 44, 51-58, 2011.

[11] Luigi Atzori, Antonio Iera, Giacomo Morabito, ”The Internet of Things: A Survey,” in Computer Networks, pp. 2787-2805

[12] Mahmoud R. et al. Internet of things (IoT) security: Current status, challenges and prospective measures //Internet Technology and Secured Transactions (ICITST), 2015 10th International Conference for. – IEEE, 2015. – С. 336-341.

[13] Burmester M, De Medeiros B. RFID security: attacks, countermeasures and challenges. In: The 5th RFID Academic Convocation, The RFID Journal Conference 2007 Apr.

[14] Li L. Study on security architecture in the Internet of Things. In: Measurement, Information and Control (MIC), 2012 International Conference on 2012 May 18 (Vol. 1, pp. 374-377). IEEE.

[15] Douceur JR. The sybil attack. In: International workshop on peer-to-peer systems 2002 Mar 7 (pp. 251-260). Springer, Berlin, Heidelberg.

[16] Li B, Li Y. Internet of things drives supply chain innovation: A research framework. International Journal of Organizational Innovation. 2017 Jan 1;9(3):71-92.

[17] Ahmed N, Kanhere SS, Jha S. The holes problem in wireless sensor networks: a survey. ACM SIGMOBILE Mobile Computing and Communications Review. 2005 Apr 1;9(2):4-18.

[18] Kolias C, Kambourakis G, Stavrou A, Voas J. DDoS in the IoT: Mirai and other botnets. Computer. 2017;50(7):80-4.

[19] Bhattasali T, Chaki R, Sanyal S. Sleep deprivation attack detection in wireless sensor network. arXiv preprint arXiv:1203.0231. 2012 Mar 1.

[20] Andrea I, Chrysostomou C, Hadjichristofi G. Internet of Things: Security vulnerabilities and challenges. In: Computers and Communication (ISCC), 2015 IEEE Symposium on 2015 Jul 6 (pp. 180-187). IEEE.

[21] Seo J, Kim HS, Cho S, Cha S. Web server attack categorization based on root causes and their locations. In: Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on 2004 Apr 5 (Vol. 1, pp. 90-96). IEEE.

[22] Thakur BS, Chaudhary S. Content sniffing attack detection in client and server side: A survey. International Journal of Advanced Computer Research. 2013 Jun 1;3(2):7.

[23] J.-Y. Lee, W.-C. Lin, and Y.-H. Huang, "A lightweight authentication protocol for internet of things," in Int'l Symposium on Next-Generation Electronics (ISNE), 1-2, 2014

[24] Xu H, Ding J, Li P, Zhu F, Wang R. A Lightweight RFID mutual authentication protocol based on physical unclonable function. Sensors. 2018;18(3):760.

[25]. Liu C, Zhang Y, Zeng J, Peng L, Chen R. Research on Dynamical Security Risk Assessment for the Internet of Things inspired by immunology. In2012 8th International Conference on Natural Computation 2012 May 29 (pp. 874-878). IEEE.

[26]. Sommer C, Dressler F. The DYMO routing protocol in VANET scenarios. In2007 IEEE 66th Vehicular Technology Conference 2007 Sep 30 (pp. 16-20). IEEE.

[27]. Saha S, Roy DU, Sinha DD. VANET simulation in different Indian city scenario. Advance in Electronic and Electric Engineering, ISSN. 2013 Sep:2231-1297.

[28]. Xu Z, Yin Y, Wang J. A density-based energy-efficient clustering algorithm for wireless sensor networks. International Journal of Future Generation Communication and Networking. 2013 Feb 1;6(1):75-86.

[29] Stergiou C, Psannis KE, Kim BG, Gupta B. Secure integration of IoT and cloud computing. Future Generation Computer Systems. 2018 Jan 1;78:964-75.

[30] Hodo E, Bellekens X, Hamilton A, Dubouilh PL, Iorkyase E, Tachtatzis C, Atkinson R. Threat analysis of IoT networks using artificial neural network intrusion detection system. In2016 International Symposium on Networks, Computers and Communications (ISNCC) 2016 May 11 (pp. 1-6). IEEE.

[31] Liu C, Yang J, Chen R, Zhang Y, Zeng J. Research on immunity-based intrusion detection technology for the internet of things. In2011 Seventh International Conference on Natural Computation 2011 Jul 26 (Vol. 1, pp. 212-216). IEEE.

[32] Gupta A, Pandey OJ, Shukla M, Dadhich A, Mathur S, Ingle A. Computational intelligence based intrusion detection systems for wireless communication and pervasive computing networks. In2013 IEEE International Conference on Computational Intelligence and Computing Research 2013 Dec 26 (pp. 1-7). IEEE.

[33] Cirani S, Picone M, Gonizzi P, Veltri L, Ferrari G. Iot-oas: An oauth-based authorization service architecture for secure services in iot scenarios. IEEE sensors journal. 2015 Feb;15(2):1224-34.

[34] Dhillon PK, Kalra S. Secure multi-factor remote user authentication scheme for Internet of Things environments. International Journal of Communication Systems. 2017 Nov 10;30(16):e3323.

View publication statsView publication stats