International Journal of Internet of Things and Cyber-Assurance (8 papers in press)
Semantically Enabling IoT Trust to Ensure and Secure Deployment of IoT Entities
by Konstantinos Kotis, Iraklis Athanasakis, George A. Vouros
Abstract: Semantics for the IoT domain have been already introduced for the (semi-)automated deployment of heterogeneous entities. Depending on the level of interoperability and the ability of dynamic expansion of the IoT environment, an application may have to decide (and then select) which devices in that environment are trustworthy for ensuring and securing effective deployment. In the open and distributed IoT, where a large number of heterogeneous entities will be registered, the need to ensure and secure their selection and deployment tasks is highly important. In this paper an effective modeling approach towards supporting the selection and deployment of IoT entities is presented, based on the notion of trust semantics. Using fuzzy ontologies as an enabler of trust semantics in IoT, this work demonstrates that such semantics, when seamlessly integrated in IoT ontologies, serve as a secure selection key to an IoT application (or service) for selecting, among the available entities, the one(s) that the application should trust for its effective deployment in the specific environment/context.
Keywords: IoT trust; semantic interoperability; trust semantics; fuzzy semantics; IoT entities deployment.
Main factors and good practices for managing BYOD and IoT risks in a K-12 environment
by Oluwaseun Akeju, Sergey Butakov, Shaun Aghili
Abstract: Presented research looks into information security and privacy risk related to using mobile and embedded devices for learning in K-12 system. Bring Your Own Device (BYOD) program and Internet of Things (IoT) for learning are the two focus areas discussed in this paper. NIST privacy risk management framework (NIST-8062) template was used to illustrate the privacy impact factors K-12 participants should consider while developing BYOD/IoT programs. The key factors involved in the decisions include reputational costs, direct business costs and noncompliance costs. This research looked into existing relevant literature on the privacy risks and information security issues related to internet connected devices in K-12 environment. Key security issues and risks such as network access, server and end-user device malware, application risks and privacy risks were identified. The analysis of the risks suggested to recommend some good practices derived from various documents suggested by ISACA, IIA, SANS, and NIST. The proposed good practices were subsequently incorporated into BYOD guide for K-12 system in an attempt to increase its effectiveness in terms of addressing relevant risks. The good practices compiled in this research were proposed to be incorporated into BYOD guides for K-12 system of one of the Canadian provinces but the same process might be applicable to the similar K-12 environments.
Keywords: Bring Your Own Device (BYOD); Internet of Things (IoT); information security; risk assessment; information privacy; K-12; good practices.
Internet of Things: A Survey of Challenges and Issues
by Qusay Sarhan
Abstract: Internet of Things (IoT) is the promising and future Internet. The IoT is a network of connected sensors, actuators, and everyday objects that are used in various domains, such as healthcare, airports, and military. As it connects everything around us to the Internet, the IoT poses a number of severe challenges and issues as compared to the conventional Internet. Currently, there are massive studies on the IoT, these studies mostly cover IoT vision, enabling technologies, applications, or services. So far a limited number of surveys point out comprehensively the challenges and issues of the IoT which considered unique to this future Internet and which must be faced and tackled by different research communities. In this paper, well-known IoT challenges and issues (e.g. reliable cooperation, standards, protocols, operational, data, and software) have been surveyed alongside many directions. Furthermore, the paper also raises awareness of work being achieved across a number of research communities to help whoever decided to approach this hot discipline in order to contribute to its development.
Keywords: Internet of Things (IoT); Wireless sensor and actuator networks; Smart objects; Smart environments; IoT applications and services; Research challenges; Survey.
Towards Trusted Mobile Payment Services: A Security Analysis on Apple Pay
by Ashay Jawale, Joon Park
Abstract: Today, many stores and users adopt mobile payment services due to the various benefits that the technology can provide. Users can make transactions with their mobile devices such as smart phones instead of physically handing over cash or swiping credit cards. Stores can implement the payment service in a relatively simple and inexpensive way. For both users and stores, the technology increases speed of the check-out process thus reducing the waiting time. The time savings may give more profits to stores. Although the new mobile payment service can provide users and stores with various benefits, it also introduces new security concerns and vulnerabilities. In this paper we analyze the security features in Apple Pay and discuss possible ways to make it more reliable. Furthermore, once we delve into security vulnerabilities in Apple Pay, we propose the possible solutions along with their implementation to overcome the security concerns in the service.
Keywords: Apple Pay; Mobile Payment; Secure Transaction.
A Study of Security and Privacy Issues Associated with the Amazon Echo
by Catherine Jackson, Angela Orebaugh
Abstract: More than eleven million American consumers have the Amazon Echo installed in their homes (Gonzales, 2017). While many consumers view the Amazon Echo as a useful helper in the home to provide information, play music, and order items online, consumers underestimate the devices security and privacy impacts. The Amazon Echo smart speaker with integrated intelligent personal assistant, Alexa, employs voice activated commands requiring the device to listen to its surroundings constantly for the wake word. Additionally, the Amazon cloud stores a vast amount of Amazon Echo consumer data including purchases, requests, and questions to Alexa, creating remarkable insight into a users everyday life.
This paper presents security and privacy issues with the Amazon Echo. Additionally, law enforcement officials are beginning to see how consumer Internet of Things (IoT) devices can provide crucial evidence in cases. This paper presents recent cases in which law enforcement officials have employed the Amazon Echo and other IoT devices in an investigation, including the Arkansas v. Bates case in which Alexa was actually called to the witness stand. Due to the Amazon Echos privacy issues and potential uses in court, this paper analyzes the Fourth Amendment in regards to the Amazon Echo. This paper concludes with suggested recommendations that Amazon Echo owners should employ for greater security and privacy.
Keywords: smart speaker; intelligent personal assistant; virtual assistant; Amazon Echo; Alexa; information security; privacy; law enforcement; internet of things.
Special Issue on: Machine Learning and the Internet of Things
Employing an Efficient Tamper Detection Mechanism for IoT-based Healthcare Systems
by Ahmed Elngar
Abstract: Security of large scale networks of Internet of Things (IoT) is the most significant
challenge that needs a smarter security mechanism. Therefore, a tamper detection (TD) is an efficient security mechanism for IoT-based healthcare system, which used to deal with security violations. Since there are many security threats affect the originality of medical information. In this paper, a new tamper detection mechanism for IoT-based Healthcare Systems called (IOT-TD) model has been proposed. This paper effectively proposed (ANN-GA) tamper detection mechanism. Where, Genetic Algorithm(GA) is used to optimize weight and bias values of Artificial Neural Networks (ANN), which lead to maximize the detection accuracy, minimize the timing detection speed and the efficiency energy saving of IoT-network modules. The experimental results showed that the tamper detection performance of (ANN-GA) is 98.51%. In addition, the proposed model showed that the (ANN-GA) enhances the timing detection to 0.03 sec which is important for real time (IOT-TD) model healthcare system and the efficiency energy saving transmission is 1980 times better than full transmission. Also, the proposed model relies on the certificate-based Datagram Transport Layer Security (DT LS) handshake protocol as it is the main security for (IoT - TD) model.
Keywords: Internet of Things; Tamper Detection; Healthcare systems; Artificial Neural Network; Genetic Algorithm.
Dictionary based intra prediction framework for image compression via sparse representation
by Arabinda Sahoo, Pranati Das
Abstract: Nowadays, image compression is very important for efficient data storage and transmission. This paper presents a dictionary based intra prediction framework for image compression using sparse representation, with the construction of trained over-complete dictionaries. The intra-prediction residuals selected from different images and K-SVD algorithm are used to train over-complete dictionaries. The trained dictionaries are integrated into the intra-prediction framework for efficient image compression. In this proposed method, first intra-prediction is applied over an image and then prediction residuals of the image are encoded using sparse representation. Sparse approximation algorithm and trained dictionaries are employed for encoding of prediction residuals of the image. The coefficients obtained from sparse representation are used for encoding. For efficient sparse representation with fewer dictionary coefficients, an adaptive sparse image partitioning method is introduced. Simulation result demonstrates that the proposed image compression method yields improved encoding efficiency as compared to existing schemes.
Keywords: Image compression; Intra prediction; Dictionary learning; Sparse representation; K-SVD.
Design and Study of Dual Band Slotted Patch Radiator Using Bio-Inspired Optimization Approach for Wireless Communication
by Swarnaprava Sahoo, Mihir Narayan Mohanty
Abstract: A new dual band slotted patch radiator is proposed for Wi- MAX and satellite applications purpose. The two wide appropriate rectangular slots in opposite faces of the non- radiating edge of the patch and an I- shaped slot in between the two wide slots are embedded in the radiating element for good impedance matching. Particle Swarm Optimization (PSO) and Firefly Algorithm (FA) are used for optimum dual band performance. The optimization achieves dual band at 3.5 GHz and 4.3 GHz respectively ranging from 3.4371 to 3.5780 GHz of bandwidth 140.9 MHz and from 4.2311 to 4.3622 GHz of bandwidth 132.1 MHz along with VSWR < 2. The proposed antenna is capable of covering Wi-MAX and C-band, S-band satellite applications. The optimized proposed radiator is demonstrated, fabricated and experimentally verified. The simulated and experimental results give good agreement. The maximum gain of 2.4 dBi has also been observed.
Keywords: Dual band; particle swarm optimization; firefly algorithm optimization; slotted patch; Wi-MAX.