Study of the Different Security Threats on the Internet of Things and their Applications

Sahmi, Imane; Mazri, Tomader; Hmina, Nabil

doi:10.1145/3320326.3320402

Cited by 3 publications

(16 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposition validates important points of security for IoT using the MQTT protocol. The proposed solution is secure against: c. Man in the middle attack: The attacker interfere between two nodes by monitoring, eavesdropping, and controlling the communication between the two sensor nodes to access the restricted data [27], d. The replay attack and the offline password guessing attack: even if the attacker can guess a password, the parameter K in the (4) of the AugPAKE Algorithm is derived independently from the guessed password. We make this Table 3 which summarize some advantages of our proposed solution compared with some previous works, some of these advantages: User anonymity, mutual authentication, data confidentiality data privacy, data integrity, and robustness against some attacks like Man in the middle, the offline password guessing attack, the replay attack.…”

Section: Security Discussionmentioning

confidence: 99%

MQTT-PRESENT: Approach to secure internet of things applications using MQTT protocol

Sahmi

Abdellaoui

Mazri

et al. 2021

IJECE

Self Cite

View full text Add to dashboard Cite

The big challenge to raise for deploying the application's domain of the Internet of Things is security. As one of the popular messaging protocols in the IoT world, the message queue telemetry transport (MQTT) is designed for constrained devices and machine-to-machine communications, based on the publish-subscribe model, it offers a basic authentication using username and password. However, this authentication method might have a problem in terms of security and scalability. In this paper, we provide an analysis of the current research in the literature related to the security for the MQTT protocol, before we give a brief description of each algorithm used on our approach, to finally propose a new approach to secure this protocol based on AugPAKE algorithm and PRESENT encryption. This solution provides mutual authentication between the broker and their clients (publishers and subscribers), the confidentiality of the published message is protected twice, the integrity and non-repudiation of MQTT messages which is protected during the process of transmission.

show abstract

Section: Security Discussionmentioning

confidence: 99%

MQTT-PRESENT: Approach to secure internet of things applications using MQTT protocol

Sahmi

Abdellaoui

Mazri

et al. 2021

IJECE

Self Cite

View full text Add to dashboard Cite

show abstract

“…As the system is implemented locally, with no internet access, possible attacks include: Physical attacks: hardware devices can become damaged or intentionally removed from the plug, thereby hindering the system’s functionality. Insecure device configuration: vulnerabilities in device settings can be exploited to gain unauthorized access or disrupt network operations [ 57 ]. Device-to-device interception: even without internet access, an attacker could position between two devices within the LAN and intercept the traffic exchanged between them.…”

Section: Design and Implementation Of The Proposed Sedar Systemmentioning

confidence: 99%

“… Data manipulation: an attacker positioned between two devices can modify the data being exchanged between them. While the modification might not have the same impact as altering internet traffic, it could still lead to unintended consequences within the local network [ 57 ]. Credential harvesting: An attacker might trick users within the local network into revealing sensitive information, such as login credentials, through techniques like phishing or social engineering [ 57 ].…”

Section: Design and Implementation Of The Proposed Sedar Systemmentioning

confidence: 99%

“…While the modification might not have the same impact as altering internet traffic, it could still lead to unintended consequences within the local network [ 57 ]. Credential harvesting: An attacker might trick users within the local network into revealing sensitive information, such as login credentials, through techniques like phishing or social engineering [ 57 ]. Address resolution protocol (ARP) poisoning: ARP spoofing can still occur within a local network.…”

Section: Design and Implementation Of The Proposed Sedar Systemmentioning

confidence: 99%

“…• Insecure device configuration: vulnerabilities in device settings can be exploited to gain unauthorized access or disrupt network operations[57].• Device-to-device interception: even without internet access, an attacker could position between two devices within the LAN and intercept the traffic exchanged between them. This could involve capturing unencrypted communication or attempting to decrypt encrypted traffic if the encryption keys are compromised[57,58]. • Data manipulation: an attacker positioned between two devices can modify the data being exchanged between them.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Enabling Remote Elderly Care: Design and Implementation of a Smart Energy Data System with Activity Recognition

Franco,

Condon,

Martínez

et al. 2023

Sensors

View full text Add to dashboard Cite

Seniors face many challenges as they age, such as dementia, cognitive and memory disorders, vision and hearing impairment, among others. Although most of them would like to stay in their own homes, as they feel comfortable and safe, in some cases, older people are taken to special institutions, such as nursing homes. In order to provide serious and quality care to elderly people at home, continuous remote monitoring is perceived as a solution to keep them connected to healthcare service providers. The new trend in medical health services, in general, is to move from ’hospital-centric’ services to ’home-centric’ services with the aim of reducing the costs of medical treatments and improving the recovery experience of patients, among other benefits for both patients and medical centers. Smart energy data captured from electrical home appliance sensors open a new opportunity for remote healthcare monitoring, linking the patient’s health-state/health-condition with routine behaviors and activities over time. It is known that deviation from the normal routine can indicate abnormal conditions such as sleep disturbance, confusion, or memory problems. This work proposes the development and deployment of a smart energy data with activity recognition (SEDAR) system that uses machine learning (ML) techniques to identify appliance usage and behavior patterns oriented to older people living alone. The proposed system opens the door to a range of applications that go beyond healthcare, such as energy management strategies, load balancing techniques, and appliance-specific optimizations. This solution impacts on the massive adoption of telehealth in third-world economies where access to smart meters is still limited.

show abstract

Using Experimentation to Evaluate Security Requirements in IoT Software Systems

de Souza,

de Paiva,

Travassos

2023

2023 Symposium on Internet of Things (SIoT)

View full text Add to dashboard Cite

Study of the Different Security Threats on the Internet of Things and their Applications

Cited by 3 publications

References 21 publications

MQTT-PRESENT: Approach to secure internet of things applications using MQTT protocol

MQTT-PRESENT: Approach to secure internet of things applications using MQTT protocol

Enabling Remote Elderly Care: Design and Implementation of a Smart Energy Data System with Activity Recognition

Using Experimentation to Evaluate Security Requirements in IoT Software Systems

Contact Info

Product

Resources

About