FIGURE 5 - available via license: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Content may be subject to copyright.
Source publication
The twenty first century has witnessed an enormous rise in data produced per person and it has also witnessed newer and advanced forms of digital attacks and instinctively, witnessed a rise in the need for data protection. However, the essential assets are still physical and needs to be protected. Usually vaults, lockers, safes and so on and used f...
Context in source publication
Citations
... Physical security measures may include secure enclosures, tamper-evident seals, or physical locks to prevent unauthorized physical access to devices. By safeguarding the physical integrity of devices, the system can maintain the confidentiality and availability of data and prevent malicious manipulation or extraction of sensitive information [35], [36]. • Firmware and software vulnerabilities: IoT devices often rely on firmware and software to function properly and execute their intended tasks. ...
The Internet of Things (IoT) has revolutionized various domains, enabling interconnected devices to communicate and exchange data. The integration of Artificial Intelligence (AI) in IoT systems further enhances their capabilities and potential benefits. Unfortunately, in the era of AI, ensuring the privacy and security of the IoT faces novel and specific challenges. IoT security is imperative, necessitating comprehensive strategies, including comprehension of IoT security challenges, implementation of AI methodologies, adoption of resilient security frameworks, and handling of privacy and ethical concerns to construct dependable and secure IoT systems. It is vital to note that the term ’security’ encompasses a more comprehensive view than cyberattacks alone. Therefore, with an emphasis on securing against cyberattacks, this comprehensive survey also includes physical security threats on the IoT. It investigates the complexities and solutions for IoT systems, placing particular emphasis on AI-based security techniques. The paper undertakes a categorization of the challenges associated with ensuring IoT security, investigates the utilization of AI in IoT security, presents security frameworks and strategies, underscores privacy and ethical considerations, and provides insights derived from practical case studies. Furthermore, the survey sheds light on emerging trends concerning IoT security in the AI era. This survey provides significant contributions to the understanding of establishing dependable and secure IoT systems through an exhaustive examination of the present condition of IoT security and the ramifications of AI on it.
... For security reasons, the information from the physical authenticator is kept in the cloud and is only accessed when an unlock is required. (9) . The user's access is discovered and verified by the RFID card reader. ...
... Major Original Equipment Manufacturers (OEMs) have been providing native support to FIDO specifications. In earlier other research, FIDO specifications have been adopted for secure user-authentication on metaverse based environments [14] and for hardware assets including in cyber-physical systems [15]. Most of the enterprises are implementing FIDO to reduce the attack surface and common human factors [16]. ...
Passwordless authentication was first tested for seamless and secure merchant payments without the use of passwords or pins. It opened a whole new world of authentications giving up the former reliance on traditional passwords. It relied on the W3C Web Authentication (WebAuthn) and Client to Authenticator Protocol (CTAP) standards to use the public key cryptosystem to uniquely attest a user's device and then their identity. These standards comprise of the FIDO authentication standard. As the popularity of passwordless is increasing, more and more users and service providers are adopting to it. However, the concept of device attestation makes it device-specific for a user. It makes it difficult for a user to switch devices. FIDO Passkeys were aimed at solving the same, synchronizing the private cryptographic keys across multiple devices so that the user can perform passwordless authentication even from devices not explicitly enrolled with the service provider. However, passkeys have certain drawbacks including that it uses proprietary end to end encryption algorithms, all keys pass through proprietary cloud provider, and it is usually not very seamless when dealing with cross-platform key synchronization. To deal with the problems and drawbacks of FIDO Passkeys, the paper proposes a novel private key management system for passwordless authentication called Transferable User Secret on Hardware Key (TUSH-Key). TUSH-Key allows cross-platform synchronization of devices for seamless passwordless logins with FIDO2 specifications.
To help prevent, detect, and resolve security-related problems within a company, AI must be deployed. Industry 4.0 hopes to significantly improve information security by bringing forth comprehensive control on security breaches using the Internet of Things (IoT), machine learning, artificial intelligence, and big data analytics. When AI is integrated with information security management (ISM), it will help organizations verify and predict potential vulnerabilities as well as automate the process of dealing with them. As a result, there is less chance that employees will be unqualified. Any time a new service is offered, AI should be a top priority for improving security measures. Information Technology Infrastructure Library (ITIL) is a set of best practices for managing IT infrastructure that may help any business generate value. The common perception of IT Infrastructure Library (ITIL) as a bureaucratic and inflexible framework is challenged by the realization that it may be adapted to incorporate cutting-edge methodologies like AI, ML, Agile, DevOps, etc. When it comes to managing risks, ISM is an essential component of any company or organization. The introduction of AI into IT service management (ITSM), and more specifically security management, will address the means by which to lessen the impact of threats like these. We need to give AI the ability to intelligently and automatically recover from possible risk, not just detect it. In this chapter, we will look at how artificial intelligence (AI) can be used to improve IT security by preventing, detecting, and learning from incidents.
