Fig 5 - uploaded by Sridhar Adepu
Content may be subject to copyright.
Source publication
Billions of Internet of Things (IoT) devices are being adopted in our daily life as personal wearables, home automation agents, medical appliances etc. Many domains of their use nowadays rely on the privacy and security of these devices -critical infrastructure, healthcare, logistics, manufacturing. In this paper, we aim to establish a standardized...
Context in source publication
Context 1
... analysis: Amazon Echo Dot architecture involves a companion app. We have scanned the Android version of Amazon Alexa companion app available online with our prototype semantic capability profiler. Semantic profiling based on our default wordlist reveals usage of microphone access and recording capabilities and Bluetooth 3.0 communication. Fig. 5 shows the output obtained using the relevant software module of our prototype. Resulting device capability ...
Similar publications
In recent days, widespread acceptance of cloud data storage applications increases various privacy problems and security problems. Outsourced data security is considered the main confrontation for cloud clients because of data control loss. This review presents a detailed survey of 50 research papers presenting privacy preservation approaches, name...
Citations
... In CS studies, researchers predominantly propose solutions for more efficient VA solutions that users would want to bring into their homes (Seymour, 2018;Parkin et al., 2019;Vishwakarma et al., 2019). These should be equipped with standardized frameworks for data collection and processing (Bytes et al., 2019), or with technological countermeasures and detection features to establish IoT security and privacy protection (Stadler et al., 2012;Sudharsan et al., 2019;Javed and Rajabi, 2020). Complementary, SS researchers investigate measures for protecting the privacy of VA users beyond technical approaches, such as legislation ensuring privacy protection (Pfeifle, 2018; Dunin-Underwood, 2020). ...
... more complex VA solutions will need to convince users that the perceived privacy risks are solved (Kowalczuk, 2018;Lackes et al., 2019). To this end, all three research domains will need to contribute: CS is required to come up with defining comprehensible frameworks for data collection and processing (Bytes et al., 2019), and solutions to ensure data safety (Mirzamohammadi et al., 2017;Sudharsan et al., 2019;Javed and Rajabi, 2020). Complementary, SS should identify the social and legal conditions which users perceive as safe environments for VA use in private households (Pfeifle, 2018;Dunin-Underwood, 2020). ...
The present study identifies, organizes, and structures the available scientific knowledge on the recent use and the prospects of Voice Assistants (VA) in private households. The systematic review of the 207 articles from the Computer, Social, and Business and Management research domains combines bibliometric with qualitative content analysis. The study contributes to earlier research by consolidating the as yet dispersed insights from scholarly research, and by conceptualizing linkages between research domains around common themes. We find that, despite advances in the technological development of VA, research largely lacks cross-fertilization between findings from the Social and Business and Management Sciences. This is needed for developing and monetizing meaningful VA use cases and solutions that match the needs of private households. Few articles show that future research is well-advised to make interdisciplinary efforts to create a common understanding from complementary findings—e.g., what necessary social, legal, functional, and technological extensions could integrate social, behavioral, and business aspects with technological development. We identify future VA-based business opportunities and propose integrated future research avenues for aligning the different disciplines’ scholarly efforts.
... SWoT-enabled security solutions identify the technical information of IoT devices without needing to access them physically, simply by analyzing their discovered information semantically, and can profile the existing as well as future IoT products' functionality that is sensitive to security and privacy. This can help in discovering, categorizing, and comparing the SWoT devices' security-sensitive capabilities at low cost and at early stages (Bytes, Adepu, & Zhou, 2019). ...
... Unseen device detection methods help discover the new devices connected to the organization's network that were not included in the training data. In [26], the authors suggested an automated proiling method focused on a semantic interpretation of technical information that does not require physical access to the device. It also preserves the privacy-sensitive features of current and future IoT devices. ...
... References Device Type [25], [95], [91], [16], [124], [141], [49], [123], [131], [113] Device Instance [49], [123] Unseen Device [49], [26], [131] Anomaly [141], [113], [120], [118], [58] ...
... 's voice assistant gadget might be silently hijacked for surveillance (Chinese researchers). August 2016, a vulnerability with August's Guest Access allowed guests to hack August's software and "enroll a new key".26: CVE-2017-13078: Re-installation of group key in 4-way handshake. ...
The proliferation of heterogeneous Internet of things (IoT) devices connected to the Internet produces several operational and security challenges, such as monitoring, detecting, and recognizing millions of interconnected IoT devices. Network and system administrators must correctly identify which devices are functional, need security updates, or are vulnerable to specific attacks. IoT profiling is an emerging technique to identify and validate the connected devices’ specific behaviour and isolate the suspected and vulnerable devices within the network for further monitoring. This paper provides a comprehensive review of various IoT device profiling methods and provides a clear taxonomy for IoT profiling techniques based on different security perspectives. We first investigate several current IoT device profiling techniques and their applications. Next, we analyzed various IoT device vulnerabilities, outlined multiple features, and provided detailed information to implement profiling algorithms’ risk assessment/mitigation stage. By reviewing approaches for profiling IoT devices, we identify various state-of-the-art methods that organizations of different domains can implement to satisfy profiling needs. Furthermore, this paper also discusses several machine learning and deep learning algorithms utilized for IoT device profiling. Finally, we discuss challenges and future research possibilities in this domain.
... Semantic Analysis of IoT Sensor Data: The increasing amount of sensory data arises from making data and applications readily accessible and understandable to future users [87,88]. The semantic enhancements structure and organize the data. ...
In the recent era of the Internet of Things, the dominant role of sensors and the Internet provides a solution to a wide variety of real-life problems. Such applications include smart city, smart healthcare systems, smart building, smart transport and smart environment. However, the real-time IoT sensor data include several challenges, such as a deluge of unclean sensor data and a high resource-consumption cost. As such, this paper addresses how to process IoT sensor data, fusion with other data sources, and analyses to produce knowledgeable insight into hidden data patterns for rapid decision-making. This paper addresses the data processing techniques such as data denoising, data outlier detection, missing data imputation and data aggregation. Further, it elaborates on the necessity of data fusion and various data fusion methods such as direct fusion, associated feature extraction, and identity declaration data fusion. This paper also aims to address data analysis integration with emerging technologies, such as cloud computing, fog computing and edge computing, towards various challenges in IoT sensor network and sensor data analysis. In summary, this paper is the first of its kind to present a complete overview of IoT sensor data processing, fusion and analysis techniques.
Purpose
In the existing era, the Internet of Things (IoT) can be considered entirely as a system of embedding intelligence. The transverse character of IoT systems and various components associated with the arrangement of IoT systems have confronted impediments in the form of security and trust. There is a requirement to efficiently secure the IoT environment. The present study recommends a framework for impediments to secure and trustworthy IoT environments.
Design/methodology/approach
The present study identifies thirteen potential impediments to secure and trustworthy IoT environment. Further, a framework is developed employing Total Interpretive Structural Model (TISM) and Cross-Impact Matrix Multiplication Applied to Classification (MICMAC) approach. The integrated approach is employed as TISM organizes inter-relations among the identified impediments, while MICMAC analysis organizes interpretations related to the driving and dependence power of the impediments.
Findings
The results from the study represents that security of IoT from arbitrary attacks is the impediment that has attained the highest driving power. The impediments such as “security of IoT from arbitrary attacks”, “profiling” and “trust and prominence structure” are identified at the top level in the analysis.
Research limitations/implications
The previous studies highlight the facilitating contribution of IoT on various devices but neglect the impediments that can contribute towards a safe and trustworthy IoT environment. Also, the present study has its limitations as it depends upon the experts’ recommendations and suggestions.
Originality/value
The existing framework could be beneficial in constructing policies and suggestions to efficiently cater the impediments to a secure and trustworthy IoT environment.
The Internet of Things (IoT) enables sophisticated smart technologies by analyzing various sensor data. Complexity of IoT devices is increasing rapidly as it getting intertwined in our daily lives with the usage of smart sensors, actuators, and other smart devices. This interconnected of smart devices often produces very complex datasets which enable multimodal services. Multimodality enables applications to combine and analyze the data of multiple literacies within one medium. Enabling an effective multimodal IoT network demands efficient data representation of various sensing and actuating devices. This work is focused on profiling the smart devices, i.e., resource description. It provides the device description, categorization of its properties, capabilities, and functionalities so that a suitable resource can be discovered effectively. A formal model of IoT has been presented to describe the resources with the support of multimodality. The model is described through the Event-B language, and the Rodin platform is used to find the correctness of the model.
The rising appearance of system security threats against real-world Critical Infrastructure (CI) sites over the past years brought significant research attention into the security of Industrial Control Systems (ICS). Academic institutions and major industrial appliance vendors have since increased efforts on effective vulnerability discovery in these systems. However, from the investigation of the major recent ICS incidents, it is evident that a targeted post-exploitation chain plays a crucial role for an attack to succeed. After the initial access to the system is gained, typically through a previously unknown (zero-day) or unpatched vulnerability, weak credentials or insider assistance, a specific knowledge on the system architecture is applied to achieve stealthy and persistent presence in the system before the physical process is disrupted. In this work, we propose a set of post-exploitation and persistence techniques against WAGO PFC200 Series Programmable Logic Controller (PLC). It will help to raise the awareness of stealthy and persistent threats to PLCs built on top of the variations of CODESYS runtime.
Many IoT devices are vulnerable to compromise. With current IoT architectures, once a single device in a network is compromised, it can be used to disrupt the behavior of other devices on the same network. Even though system administrators can secure critical devices in the network using best practices and state-of-the-art technology, a single vulnerable device can undermine the security of the entire network. The goal of this work is to limit the ability of an attacker to exploit a vulnerable device on an IoT network and fabricate deceitful messages to co-opt other devices. The approach is to limit attackers by using device proxies that are used to retransmit and control network communications. We present an architecture that prevents deceitful messages generated by compromised devices from affecting the rest of the network. The design assumes a centralized and trustworthy machine that can observe the behavior of all devices on the network. The central machine collects application layer data, as opposed to low-level network traffic, from each IoT device. The collected data is used to train models that capture the normal behavior of each individual IoT device. The normal behavioral data is then used to monitor the IoT devices and detect anomalous behavior. This paper reports on our experiments using both a binary classifier and a density- based clustering algorithm to model benign IoT device behavior with a realistic test-bed, designed to capture normal behavior in an IoT-monitored environment. Results from the IoT testbed show that both the classifier and the clustering algorithms are promising and encourage the use of application-level data for detecting compromised IoT devices.
