Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems

Wei, Zhou; Cao, Chen; Huo, Dongdong; Cheng, Kai; Zhang, Lan; Guan, Le; Liu, Tao; Jia, Yan; Zheng, Yaowen; Zhang, Yuqing; Sun, Limin; Wang, Yazhe; Liu, Peng

doi:10.1109/jiot.2021.3059457

Cited by 16 publications

(10 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Blockchain technology has the potential to significantly enhance the value of existing IoT capabilities by incorporating cryptographic techniques and addressing security and trustworthiness issues in large-scale IoT systems [ 13 ]. It is likely that blockchain technology will be utilized to record sensor readings from the internet of things in order to prevent data manipulation and fabrication.…”

Section: Issues With Cloud Based Aiotsmentioning

confidence: 99%

“…Because of the possibility that data supplied by specific Agriculture partners may have been tampered with or altered by attackers or the owner of the data in conventional AIoT networks, such data may not be trustworthy. In the context of AIoT networks, there is widespread consensus that data verification methods should be implemented in different scenarios [ [13] , [14] , [15] ].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Optimizing QoS and security in agriculture IoT deployments: A bioinspired Q-learning model with customized shards

Sonavane,

Prashantha,

Nikam

et al. 2024

Heliyon

View full text Add to dashboard Cite

Section: Issues With Cloud Based Aiotsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Optimizing QoS and security in agriculture IoT deployments: A bioinspired Q-learning model with customized shards

Sonavane,

Prashantha,

Nikam

et al. 2024

Heliyon

View full text Add to dashboard Cite

“…We also assume that some compromised devices in the IoT deployment might be trying to perform lateral movement to weaponize other devices or trying to access exposed services illicitly. We also consider attacks attempting to impersonate legitimate IoT devices through identity spoofing and MiTM attacks exploiting the lack of mutual authentication and certificate validation [2].…”

Section: Threat Modelmentioning

confidence: 99%

“…As a result, the number of IoT-connected low-cost devices is expected to rise over the coming years and reach 30.2 billion by 2027 [1]. Indeed, the harsh time-to-market race, along with the limited technical support, leaves the IoT devices and their Internet-exposed services marred by a wide variety of logical bugs (e.g., weak authentication and unauthorized access), software vulnerabilities, and poor default configuration settings [2]- [6]. As a matter of fact, over 60% of the IoT device Common Vulnerabilities and Exposures (CVE) documented during the last half of 2022 were remotely exploitable [7].…”

Section: Introductionmentioning

confidence: 99%

CMXsafe: A Proxy Layer for Securing Internet-of-Things Communications

de Hoz Diego,

Madi,

Konstantinou

2024

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Security in Internet-of-Things (IoT) environments has become a major concern. This is partly due to a large number of remotely exploitable IoT vulnerabilities in service authentication and access control combined with the lack of timely technical support. To reduce the threat surface of remote vulnerability exploitation, we propose CMXsafe, a secure-bydesign application-agnostic proxy layer that can be updated and managed independently of the IoT device application. CMXsafe places IoT devices behind gateways operating as 4th OSI transport layer relayers to offload security concerns of IoT network communications into the proxy layer. More specifically, the proxy layer produces secure communication paths between IoT applications and platforms while enforcing mutual authentication and access control to proxied services. We evaluate the performance of our architecture on the MQTT protocol used in a standard publisher-broker-subscriber configuration provided by Eclipse Mosquitto. More specifically, we compare the performance penalty on the protocol when securing communications with TLS following a monolithic implementation and with CMXsafe. The experimental results suggest that CMXsafe outperforms integrated security by providing at least a 25% latency reduction and a 22% bandwidth improvement.

show abstract

“…Liang and Kim [2] conducted research on IoT security, discussed applications in edge computing and blockchain scenarios, and pointed out that machine learning may be a better solution. Regarding IoT platforms and systems, Zhou [3] discussed the lessons learned from these bugs. Miloslavskaya and Tolstoy [4] were concerned about the typical attack problems of IoT assets, and they proposed to find possible security vulnerabilities through intelligent security protection of the Internet of things.…”

Section: Introductionmentioning

confidence: 99%

Research on IoT Forensics System Based on Blockchain Technology

Liang

Xin

Wang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

In recent years, mobile edge computing (MEC) has become a research hotspot in academia. The Internet of Things (IoT) is an excellent way to build the infrastructure required for a MEC environment. Its rich digital tracking repository can provide insights into people's daily activities at home and elsewhere. Meanwhile, due to the open connectivity of the Internet of things devices, they can easily become the target of network attacks and be used by criminals as criminal tools. As a result, civil and criminal cases have increased year by year. This article conducts in-depth research on IoT forensics. By comparing its difference with traditional digital forensics (DF), the definition of IoT forensics is given. We have systematically sorted out the research results since the concept of IoT forensics was proposed in 2013 and proposed a generalized IoT forensics model. By studying blockchain technology and introducing it into the IoT forensics framework, a blockchain-based IoT forensics architecture is further proposed. Further, an alliance chain IoT forensics system is proposed. From the perspective of the data provider and the data visitor, the process of evidence storage and forensics of the IoT system is discussed. Finally, taking Unmanned Aerial Vehicle (UAV) forensics as an example, we give an experiment of IoT forensics analysis.

show abstract

Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems

Cited by 16 publications

References 12 publications

Optimizing QoS and security in agriculture IoT deployments: A bioinspired Q-learning model with customized shards

Optimizing QoS and security in agriculture IoT deployments: A bioinspired Q-learning model with customized shards

CMXsafe: A Proxy Layer for Securing Internet-of-Things Communications

Research on IoT Forensics System Based on Blockchain Technology

Contact Info

Product

Resources

About