Device/IoT-Centric Security Research Actions

We provide a discussion on relevant research actions that need to be taken to mitigate the threats, gaps, and challenges previously identified and reported in Appendix A.1 of document D4.3.

  • RA1 – ML/DL-based solutions. Machine Learning (ML) and Deep Learning (DL) techniques can be used for tackling security issues in IoT devices by providing embedded intelligence. The reason behind this lies in the fact that IoT networks generate vast amounts of real-time data that can be utilized by ML and DL techniques to offer insights and aid in decision-making. Among many other uses, ML and DL have the potential of leveraging privacy and access control issues, as well as reinforcing capabilities of attack detection, intrusion detection, malicious code identification, and malware analysis capabilities in IoT environments. There has been already significant work research done in all of the aforementioned areas, with significant caveats remaining to be solved. For attack detection, Rathore and Park [1] proposed a semi-supervised scheme based on Extreme Learning Machine (ELM) that relies on Fuzzy C-Means (FCM), while DL-based attack detection systems based on fog architecture were promoted in the works of Diro and Chilamkurti [2] and Abeshu and Chilamkurti [3]. SVM showed to be the best performing ML algorithm in detecting DoS attacks, as shown in the number of research endeavors [4][5][6]. ML and DL neural network algorithms such as ANN [7], RNN [8][9], and Random Neural Networks (RaNN) [10] have been commonly experimented on for intrusion detection. Lastly, algorithms including SVM, PCA, RNN, as well as some novel algorithms, such as Learning-based Deep Q Network (LDQN) [11] have been used in an attempt to identify malicious activities affecting IoT. However, ML and DL come with significant bottlenecks that still need to be addressed. Choosing the most suitable model and labeling the training data remain cumbersome tasks to accomplish, while performance overhead remains an issue due to the resource-constrained nature of the IoT devices. Moreover, anomalies created by various ML and DL algorithms pose an issue for critical infrastructure and real-time applications. When it comes to large IoT ecosystems, consisting of a multitude of different devices, more advanced ML capabilities that could grant stronger security features are necessary. Other challenges that require significant effort include scarcity of training datasets publicly available, imbalanced data in the time that attacks take place, merging available public datasets, and legislative challenges related to validation and certification of different IoT components and varying GDPR regulations. To solve the existing issues of ML approaches for securing IoT, more research endeavor is required on strengthening DL and Deep Reinforcement Learning (DRL) definitions to bolster their performances in terms of computational complexity, efficiency, and parameter tuning. Besides that, more novel hybrid learning techniques and data visualization techniques are still required for better data interpretation [12].
    Threats: T1.1.3 – Inadequate design and planning or incorrect adaptation in the critical scenario – COVID19, T1.2.1 – Interception of information, T1.2.2 – Unauthorized acquisition of information (data breach), T1.3.1 Device modification, T1.3.2 – Extraction of private information, T1.3.3 Lack of control on safety implications – COVID19, T1.4.1 – Identity fraud, T1.4.2 Denial of service, T1.4.3 Malicious code/software/activity, T1.4.4 – Misuse of assurance tools, T1.4.5 Failures of business process, T1.4.6 – Code execution and injection (unsecured APIs)
    Gaps: G1.4 – Gaps on diagnosis and response capabilities, G1.9 – Product lifecycle management leakages, G1.11 – Gaps in handling critical scenarios, G1.13 – Gaps on device management and the use of outdated components
  • RA2 – Blockchain-based solutions. Currently, IoT devices experience an ununiform and inconsistent data flow as a result of both conflicting protocols and unstandardized designs. Updates to IoT devices are also non-compliant, making IoT devices entail constant maintenance. This is since the majority of the IoT vendors do not follow any access control or configurations standards, but rather create their proprietary ecosystems. Moreover, IoT infrastructure is centralized and utilizes a client/server model, rendering connected devices to be vulnerable to a wide array of potential attacks. Even though centralized infrastructure works considerably well in small-scale ecosystems, it is not suitable for large-scale projects. Hence, there is an increasing need to conduct research on the ways how to incorporate decentralized solutions, particularly blockchain technology in the IoT environment. The benefits of the blockchain, including its immutability, verifiability, and efficiency could help in overcoming current IoT issues. In the other words, blockchain-based solutions could keep an immutable record of IoT devices and improve their security properties through the use of smart contracts. So far, blockchain-based solutions for IoT security have been considered in several works, but there is still room for improvement. One of the first such endeavors has been carried out by the H2020 project “Secure and Safe Internet of Things” (SerIoT) to optimize the IoT platforms’ and networks’ security through the combination of blockchain technology, fog computing, honeypots, and SDN routers [13]. It considers a holistic approach to defining an end-to-end IoT network ecosystem with a multi-layered schema for different IoT layers. Their ultimate plan is to deploy their technology into IoT applications to accomplish horizontal IoT and end-to-end security in IoT platforms throughout Europe. To achieve secure mutual authentication and grant auditability and confidentiality, Lin et al. [14] proposed a blockchain-based system for enforcing fine-grained access policies. The authors combined blockchain with other technologies including MAC, ABS, and CL-MRE to achieve high resilience against DoS, replay, MiTM, impersonation, and modification attacks. However, the proposed model remains a concept and requires further optimization and implementation in the real-world setting. More recently, in 2020, Mohanty et al. [15] proposed a Lightweight integrated Blockchain (ELIB) model and deployed it in a smart home environment. Their model consists of three optimizations, namely lightweight consensus algorithm, certificateless cryptography, and Distributed Throughput Management (DTM) scheme. This model also still has to be optimized from the energy consumption standpoint and yet has to be deployed on a wider scale. On the other hand, Singh et al. [16] proposed a Blockchain-enabled Intelligent IoT Architecture with Artificial Intelligence (BlockIoTIntelligence) system for IoT applications and techniques to support big data analysis. Despite achieving CIA, non-repudiation, and secrecy to a certain extent, the authors did not manage to accomplish optimal performance in the terms of latency.
    Threats: T1.1.1 Information leakage/sharing due to human errors, T1.3.1 Device modification, T1.3.3 Lack of control on safety implications – COVID19, T1.4.2 – Denial of service, T1.4.3 Malicious code/software/activity, T1.5.1 – Violation of laws or regulations, T1.4.5 Failures of business process, T1.6.1 Skill shortage, T1.6.2 Lack of strong cyber hygiene practices – COVID19
    Gaps: G1.1 – Gaps on design, G1.2 – Gaps on protection mechanisms adoption and hardening, G1.5 – Lack of awareness and knowledge (skill shortage), G1.6 – Lack of interoperability, G1.8 – Fragmentation in security approaches and regulations, G1.10 – Gaps in cyber hygiene practices
  • RA3 – Novel authentication schemes.  As suggested by El-hajj et al. [17], IoT authentication factors can be classified based on the following factors: i) authentication factor (based on the identity and the context of usage), ii) use of tokens (token-based and non-token based authentication schemes), iii) authentication procedure (one-way, two-way, and three-way authentication schemes), iv) authentication architecture (distributed and centralized authentication schemes), v) IoT layer (perception, network, and application layer authentication schemes), vi) hardware (implicit hardware-based and explicit hardware-based authentication schemes). When it comes to smart grids, the current trend seems to be leaning toward schemes based on Hash-based Message Authentication Code (HMAC), as it can be perceived from the several research efforts [18][19][20][21], whereas novel schemes based on Physical Unclonable Function (PUF) are prevalent in smart RFID [22][23][24], smart homes [25][26][27] and generic IoT applications [28][29][30]. Future research endeavours in those fields should try to combine both hardware and software solutions to further bolster security. Moreover, IoT applications for smart grids and VANETs, location, and privacy should be considered. Research on wireless sensor networks recently focused on accomplishing mutual authentication [31][32][33][34] through lightweight authentication schemes, such as Hash operations and ECC. The effectiveness of the existing protocols and schemes should be further analyzed against malicious activities and especially omnipresent DoS attacks. Moreover, future authentication schemes and protocols should be designed with low communication overhead and computation costs in mind, especially for resource-constrained IoT environments. At the same time, novel authentication schemes should be able to operate with the ever-growing number of nodes without having to be modified. Finally, as a general rule, authentication schemes should cater to all three IoT architecture layers, namely application, network, and perception layer.
    Threats: T1.1.1 Information leakage/sharing due to human errors, T1.1.2 Inadequate design and planning or incorrect adaptation, T1.1.3 – Inadequate design and planning or incorrect adaptation in the critical scenario – COVID19, T1.2.1 – Interception of information, T1.2.2 – Unauthorized acquisition of information (data breach), T1.4.1 – Identity fraud, T1.4.2 Denial of service, T1.4.4 – Misuse of assurance tools, T1.4.7 – Device hijacking, T1.4.8 – Social engineering
    Gaps: G1.1 – Gaps on design, G1.2 – Gaps on protection mechanisms adoption and hardening, G1.3 – Gaps on authorization and authentication, G1.7 – Lack of security-dedicated budget, G1.12 – Gaps on insufficient data protection (communication and storage)

Highlights on Identified Research Actions

There are three main areas in which future IoT cybersecurity research actions should be focused, namely ML/DL-based solutions, blockchain-based solutions, and development of the novel authentication schemes. ML and DL have the potential of mitigating privacy and access control issues and boosting capabilities of attack detection, intrusion detection, malicious code identification, and malware analysis in the IoT environments. Even though algorithms such as SVM, PCA, RNN, and ANN have already shown a certain degree of success in intrusion detection and identifying malicious activities, this area of research still requires significant effort to reach its full potential. Furthermore, more research on solving issues related to choosing appropriate training data, as well as parameter tuning, performance overhead, anomalies, and data validation and certification has to be conducted.  The main properties of blockchain, including immutability, verifiability, and efficiency can aid in thwarting a large number of attacks targeting IoT systems. Besides that, blockchain solutions can help vendors to define configuration standards and access control for IoT. Future research endeavours must focus on further improving existing solutions in terms of performance, latency, and energy consumption.  When it comes to the authentication schemes, current research trends lean towards lightweight authentication schemes, such as HMAC, PUF, ECC, and hash-based schemes. Future research should continue its focus on designing authentication schemes and protocols with low communication overhead and low computational costs that can operate with the growing number of nodes without having to be modified.

[1] S. Rathore and J. H. Park, “Semi-supervised learning based distributed attack detection framework for IoT,” Applied Soft Computing, vol. 72, pp. 79-89, 2018.

[2] A. A. Diro and N. Chilamkurti, “Distributed attack detection scheme using deep learning approach for Internet of Things,” Future Generation Computer Systems, vol. 82, pp. 761-768, 2018.

[3] A. Abeshu and N. Chilamkurti, “Deep learning: The frontier for distributed attack detection in fog-to-things computing,” IEEE Communications Magazine, vol. 56, no. 2, pp. 169-175, 2018.

[4] J. Ye, X. Cheng, J. Zhu, L. Feng and L. Song, “A DDoS attack detection method based on SVM in software defined network,” Security and Communication Networks, vol. 2018, 2018.

[5] Tomovic, K. Yoshigoe, I. Maljevic and I. Radusinovic, “Software-defined fog network architecture for IoT,” Wireless Personal Communications, vol. 92, no. 1, pp. 181-196, 2017.

[6] R. Kokila, S. T. Selvi and K. Govindarajan, “DDoS detection and analysis in SDN-based environment using support vector machine classifier,” 2014 Sixth International Conference on Advanced Computing (ICoAC), pp. 205-210, 2014.

[7] J. Canedo and A. Skjellum, “Using machine learning to secure IoT systems,” 2016 14th annual conference on privacy, security and trust (PST), pp. 219-222, 2016.

[8] N. Nesa, T. Ghosh and I. Banerjee, “Non-parametric sequence-based learning approach for outlier detection in IoT,” Future Generation Computer Systems, vol. 82, pp. 412-421, 2018.

[9] J. Kim, J. Kim, H. L. T. Thu and H. Kim, “Long short term memory recurrent neural network classifier for intrusion detection,” in 2016 International Conference on Platform Technology and Service (PlatCon), IEEE, 2016, pp. 1-5.

[10] A. Saeed, A. Ahmadinia, A. Javed and H. Larijani, “Intelligent intrusion detection in low-power IoTs,” ACM Transactions on Internet Technology (TOIT), vol. 16, no. 4, pp. 1-25, 2016.

[11] P. M. Shakeel, S. Baskar, V. S. Dhulipala, S. Mishra and M. M. Jaber, “Maintaining security and privacy in health care system using learning based deep-Q-networks,” Journal of medical systems, vol. 42, no. 10, pp. 1-10, 2018.

[12] F. Hussain, R. Hussain, S. A. Hassan and E. Hossain, “Machine Learning in IoT Security: Current Solutions and Future Challenges,” IEEE Communications Surveys Tutorials, vol. 22, no. 3, pp. 1686-1721, 2020.

[13] J. Domanska, E. Gelenbe, T. Czachorski, A. Drosou and D. Tzovaras, “Research and innovation action for the security of the internet of things: The seriot project,” International ISCIS Security Workshop, pp. 101-118, 2018.

[14] C. Lin, D. He, X. Huang, K.-K. R. Choo and A. V. Vasilakos, “BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0,” ournal of Network and Computer Applications, vol. 116, pp. 42-52, 2018.

[15] S. N. Mohanty, K. Ramya, S. S. Rani, D. Gupta, K. Shankar, S. Lakshmanaprabu and A. Khanna, “An efficient Lightweight integrated Blockchain (ELIB) model for IoT security and privacy,” Future Generation Computer Systems, vol. 102, pp. 1027-1037, 2020.

[16] S. K. Singh, S. Rathore and J. H. Park, “Blockiotintelligence: A blockchain-enabled intelligent IoT architecture with artificial intelligence,” Future Generation Computer Systems, vol. 110, pp. 721-743, 2020.

[17] M. El-Hajj, A. Fadlallah, M. Chamoun and A. Serhrouchni, “A survey of internet of things (IoT) authentication schemes,” Sensors, vol. 19, no. 5, p. 1141, 2019.

[18] T. W. Chim, S.-M. Yiu, L. C. Hui and V. O. Li, “PASS: Privacy-preserving authentication scheme for smart grid network,” 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm), pp. 196-201, 2011.

[19] M. M. Fouda, Z. M. Fadlullah, N. Kato, R. Lu and X. Shen, “Towards a light-weight message authentication mechanism tailored for smart grid communications,” 2011 IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp. 1018-1023, 2011.

[20] H. Nicanfar, P. Jokar, K. Beznosov and V. C. Leung, “Efficient authentication and key management mechanisms for smart grid communications,” IEEE systems journal, vol. 8, no. 2, pp. 629-640, 2013.

[21] C. Ji, J. Kim, J.-Y. Lee and M. Hong, “Review of one-time signatures for multicast authentication in smart grid,” in 2015 12th International Conference \& Expo on Emerging Technologies for a Smarter World (CEWIT), IEEE, 2015, pp. 1-4.

[22] H. Xu, J. Ding, P. Li, F. Zhu and R. Wang, “A lightweight RFID mutual authentication protocol based on physical unclonable function,” Sensors, vol. 18, no. 3, p. 760, 2018.

[23] P. Tuyls and L. Batina, “RFID-tags for anti-counterfeiting,” in Cryptographers’ track at the RSA conference, Springer, 2006, pp. 115-131.

[24] P. Gope, J. Lee and T. Q. Quek, “Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 11, pp. 2831-2843, 2018.

[25] C. Huth, J. Zibuschka, P. Duplys and T. Guneysu, “Securing systems on the Internet of Things via physical properties of devices and communications,” in 2015 Annual IEEE Systems Conference (SysCon) Proceedings, IEEE, 2015, pp. 8-13.

[26] M. Zhao, X. Yao, H. Liu and H. Ning, “Physical unclonable function based authentication protocol for unit IoT and ubiquitous IoT,” in 2016 International Conference on Identification, Information and Knowledge in the Internet of Things (IIKI), IEEE, 2016, pp. 179-184.

[27] M. A. Muhal, X. Luo, Z. Mahmood and A. Ullah, “Physical unclonable function based authentication scheme for smart devices in Internet of Things,” in 2018 IEEE International Conference on Smart Internet of Things (SmartIoT), IEEE, 2018, pp. 160-165.

[28] D. Mukhopadhyay, “PUFs as promising tools for security in Internet of Things,” IEEE Design & Test, vol. 33, no. 3, pp. 103-115, 2016.

[29] J. R. Wallrabenstein, “Practical and secure IoT device authentication using physical unclonable functions,” in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), IEEE, 2016, pp. 99-106.

[30] M. Barbareschi, P. Bagnasco and A. Mazzeo, “Authenticating IoT devices with physically unclonable functions models,” in 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC, IEEE, 2015, pp. 563-567.

[31] C. Schmitt, M. Noack and B. Stiller, “TinyTO: Two-way authentication for constrained devices in the Internet of Things,” in Internet of Things, Elsevier, 2016, pp. 239-258.

[32] P. Porambage, C. Schmitt, P. Kumar, A. Gurtov and M. Ylianttila, “Two-phase authentication protocol for wireless sensor networks in distributed IoT applications,” in 2014 IEEE Wireless Communications and Networking Conference (WCNC), IEEE, 2014, pp. 2728-2733.

[33] M. Turkanovi}, B. Brumen and M. Holbl, “A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion,” Ad Hoc Networks, vol. 20, pp. 96-112, 2014.

[34] M. Alotaibi, “An enhanced symmetric cryptosystem and biometric-based anonymous user authentication and session key establishment scheme for WSN,” IEEE Access, vol. 6, pp. 70072-70087, 2018.