Search Results (2,250)

Recent advances in signal processing and AI-based inference enable the exploitation of wireless communication signals to collect information on devices, people, actions, and the environment in general, i.e., to perform Integrated Sensing And Communication (ISAC). This possibility offers exciting opportunities for Internet of Things (IoT) systems, but it also introduces unprecedented threats to the security and privacy of data, devices, and systems. In fact, ISAC operates in the wireless PHY and Medium Access Control (MAC) layers, where it is impossible to protect information with standard encryption techniques or with any other purely digital methodologies. The goals of this paper are threefold. First, it analyzes the threats to security and privacy posed by ISAC and how they intertwine in the wireless PHY layer within the framework of IoT and distributed pervasive communication systems in general. Secondly, it presents and discusses possible countermeasures to protect users’ security and privacy. Thirdly, it introduces an architectural proposal, discussing the available choices and tradeoffs to implement such countermeasures, as well as solutions and protocols to preserve the potential benefits of ISAC while ensuring data protection and users’ privacy. The outcome and contribution of the paper is a systematic argumentation on wireless PHY-layer privacy and security threats and their relation with ISAC, framing the boundaries that research and innovation in this area should respect to avoid jeopardizing people’s rights. Full article

The Internet of Things (IoT) transforms traditional technology by introducing smart devices into almost every field, enabling real-time monitoring and automation. Despite the obvious benefits, the rapid deployment of IoT presents numerous security challenges, including vulnerabilities in network attacks and communication protocol weaknesses. While several surveys have addressed these aspects, there remains a lack of understanding of integrating all potential defense mechanisms, such as intrusion detection systems (IDSs), anomaly detection frameworks, and authentication protocols, into a comprehensive security framework. To overcome this, the following survey aims to critically review existing security mechanisms in IoT environments and significantly fill these gaps. In particular, this paper reviews state-of-the-art approaches for intrusion detection, key agreement protocols, and anomaly detection systems, pointing out their advantages and disadvantages and identifying the gaps in each field requiring more research. We identify innovative strategies by systematically analysing existing approaches and propose a roadmap for enhancing IoT security. This work contributes to the field by offering a fresh perspective on defense mechanisms and delivering actionable insights for researchers and practitioners securing IoT ecosystems. Full article

Neural networks have become pivotal in advancing applications across various domains, including healthcare, finance, surveillance, and autonomous systems. To achieve low latency and high efficiency, field-programmable gate arrays (FPGAs) are increasingly being employed as accelerators for neural network inference in cloud and edge devices. However, the rising costs and complexity of neural network training have led to the widespread use of outsourcing of training, pre-trained models, and machine learning services, raising significant concerns about security and trust. Specifically, malicious actors may embed neural Trojans within NNs, exploiting them to leak sensitive data through side-channel analysis. This paper builds upon our prior work, where we demonstrated the feasibility of embedding Trojan side-channels in neural network weights, enabling the extraction of classification results via remote power side-channel attacks. In this expanded study, we introduced a broader range of experiments to evaluate the robustness and effectiveness of this attack vector. We detail a novel training methodology that enhanced the correlation between power consumption and network output, achieving up to a 33% improvement in reconstruction accuracy over benign models. Our approach eliminates the need for additional hardware, making it stealthier and more resistant to conventional hardware Trojan detection methods. We provide comprehensive analyses of attack scenarios in both controlled and variable environmental conditions, demonstrating the scalability and adaptability of our technique across diverse neural network architectures, such as MLPs and CNNs. Additionally, we explore countermeasures and discuss their implications for the design of secure neural network accelerators. To the best of our knowledge, this work is the first to present a passive output recovery attack on neural network accelerators, without explicit trigger mechanisms. The findings emphasize the urgent need to integrate hardware-aware security protocols in the development and deployment of neural network accelerators. Full article

This paper introduces a novel energy-efficient lightweight, void hole avoidance, localization, and trust-based scheme, termed as Energy-Efficient and Trust-based Autonomous Underwater Vehicle (EETAUV) protocol designed for 6G-enabled underwater acoustic sensor networks (UASNs). The proposed scheme addresses key challenges in UASNs, such as energy consumption, network stability, and data security. It integrates a trust management framework that enhances communication security through node identification and verification mechanisms utilizing normal and phantom nodes. Furthermore, a 6G communication module is deployed to reduce network delay and enhance packet delivery, contributing to more efficient data transmission. Leveraging Autonomous Underwater Vehicles (AUVs), the EETAUV protocol offers a lightweight approach for node discovery, identification, and verification while ensuring a high data transmission rate through a risk-aware strategy including at low computational cost. The protocol’s performance is evaluated through extensive simulations and compared against state-of-the-art methods across various metrics, including network lifetime, throughput, residual energy, packet delivery ratio, mean square error, routing overhead, path loss, network delay, trust, distance, velocity, Computational Cost of Routing, and data security. The results demonstrate the superior cumulative performance of the proposed EETAUV scheme, making it a robust solution for secure, efficient, and reliable communication in UASNs. Full article

With the increasing connectivity and automation on the Internet of Vehicles, safety, security, and privacy have become stringent challenges. In the last decade, several cryptography-based protocols have been proposed as intuitive solutions to protect vehicles from information leakage and intrusions. Before generating the encryption keys, a random number generator (RNG) plays an important component in cybersecurity. Several deep learning-based RNGs have been deployed to train the initial value and generate pseudo-random numbers. However, interference from actual unpredictable driving environments renders the system unreliable for its low-randomness outputs. Furthermore, dynamics in the training process make these methods subject to training instability and pattern collapse by overfitting. In this paper, we propose an Effective Pseudo-Random Number Generator (EPRNG) which exploits a deep convolution generative adversarial network (DCGAN)-based approach using our processed vehicle datasets and entropy-driven stopping method-based training processes for the generation of pseudo-random numbers. Our model starts from the vehicle data source to stitch images and add noise to enhance the entropy of the images and then inputs them into our network. In addition, we design an entropy-driven stopping method that enables our model training to stop at the optimal epoch so as to prevent overfitting. The results of the evaluation indicate that our entropy-driven stopping method can effectively generate pseudo-random numbers in a DCGAN. Our numerical experiments on famous test suites (NIST, ENT) demonstrate the effectiveness of the developed approach in high-quality random number generation for the IoV. Furthermore, the PRNGs are successfully applied to image encryption, and the performance metrics of the encryption are close to ideal values. Full article

As the telecommunications landscape braces for the post-5G era, this paper embarks on delineating the foundational pillars and pioneering visions that define the trajectory toward 6G wireless communication systems. Recognizing the insatiable demand for higher data rates, enhanced connectivity, and broader network coverage, we unravel the evolution from the existing 5G infrastructure to the nascent 6G framework, setting the stage for transformative advancements anticipated in the 2030s. Our discourse navigates through the intricate architecture of 6G, highlighting the paradigm shifts toward superconvergence, non-IP-based networking protocols, and information-centric networks, all underpinned by a robust 360-degree cybersecurity and privacy-by-engineering design. Delving into the core of 6G, we articulate a systematic exploration of the key technologies earmarked to revolutionize wireless communication including terahertz (THz) waves, optical wireless technology, and dynamic spectrum management while elucidating the intricate trade-offs necessitated by the integration of such innovations. This paper not only lays out a comprehensive 6G vision accentuated by high security, affordability, and intelligence but also charts the course for addressing the pivotal challenges of spectrum efficiency, energy consumption, and the seamless integration of emerging technologies. In this study, our goal is to enrich the existing discussions and research efforts by providing comprehensive insights into the development of 6G technology, ultimately supporting the creation of a thoroughly connected future world that meets evolving demands. Full article

The proliferation of the Internet of Things (IoT) has worsened the challenge of maintaining data and user privacy. IoT end devices, often deployed in unsupervised environments and connected to open networks, are susceptible to physical tampering and various other security attacks. Thus, robust, efficient authentication and key agreement (AKA) protocols are essential to protect data privacy during exchanges between end devices and servers. The previous work in “Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT” proposed a novel AKA scheme for secure IoT environments. They claimed their protocol offers comprehensive security features, guarding against numerous potential flaws while achieving session key security. However, this paper demonstrates through logical and mathematical analyses that the previous work is vulnerable to various attacks. We conducted a security analysis using the extended Canetti and Krawczyk (eCK) model, which is widely employed in security evaluations. This model considers scenarios where an attacker has complete control over the network, including the ability to intercept, modify, and delete messages, while also accounting for the potential exposure of ephemeral private keys. Furthermore, we show that their scheme fails to meet critical security requirements and relies on flawed security assumptions. We prove our findings using the automated validation of internet security protocols and applications, a widely recognized formal verification tool. To strengthen attack resilience, we propose several recommendations for the advancement of more robust and efficient AKA protocols specifically designed for IoT environments. Full article

Although the U.S. makes up only 5% of the global population, it accounts for approximately 31% of public mass shootings. Gun violence and mass shootings not only result in loss of life and injury but also inflict lasting psychological trauma, cause property damage, and lead to significant economic losses. We recently developed and published an embedded system prototype for detecting gunshots in an indoor environment. The proposed device can be attached to the walls or ceilings of schools, offices, clubs, places of worship, etc., similar to smoke detectors or night lights, and they can notify the first responders as soon as a gunshot is fired. The proposed system will help to stop the shooter early and the injured people can be taken to the hospital quickly, thus more lives can be saved. In this project, a new custom dataset of blank gunshot sounds is recorded, and a deep learning model using both time and frequency domain features is trained to classify gunshot and non-gunshot sounds with 99% accuracy. The previously developed system suffered from several security and privacy vulnerabilities. In this research, those vulnerabilities are addressed by implementing secure Message Queuing Telemetry Transport (MQTT) communication protocols for IoT systems, better authentication methods, Wi-Fi provisioning without Bluetooth, and over-the-air (OTA) firmware update features. The prototype is implemented in a Raspberry Pi Zero 2W embedded system platform and successfully tested with blank gunshots and possible false alarms. Full article

The Internet of Vehicles (IoV), a key component of smart transportation systems, leverages 5G communication for low-latency data transmission, facilitating real-time interactions between vehicles, roadside units (RSUs), and sensor networks. However, the open nature of 5G communication channels exposes IoV systems to significant security threats, such as eavesdropping, replay attacks, and message tampering. To address these challenges, this paper proposes the Efficient Cluster-based Mutual Authentication and Key Update Protocol (ECAUP) designed to secure IoV systems within 5G-enabled sensor networks. The ECAUP meets the unique mobility and security demands of IoV by enabling fine-grained access control and dynamic key updates for RSUs through a factorial tree structure, ensuring both forward and backward secrecy. Additionally, physical unclonable functions (PUFs) are utilized to provide end-to-end authentication and physical layer security, further enhancing the system’s resilience against sophisticated cyber-attacks. The security of the ECAUP is formally verified using BAN Logic and ProVerif, and a comparative analysis demonstrates its superiority in terms of overhead efficiency (more than 50%) and security features over existing protocols. This work contributes to the development of secure, resilient, and efficient intelligent transportation systems, ensuring robust communication and protection in sensor-based IoV environments. Full article

The Internet of Things (IoT) is expanding rapidly, but the security of IoT devices remains a noteworthy concern due to resource limitations and existing security conventions. This research investigates and proposes the use of a Light certificate with the Constrained Application Protocol (CoAP) instead of the X509 certificate based on traditional PKI/CA. We start by analyzing the impediments of current CoAP security over DTLS with the certificate mode based on CA root in the constrained IoT device and suggest the implementation of LightCert4IoT for CoAP over DTLS. The paper also describes a new modified handshake protocol in DTLS applied for IoT devices and Application server certificate authentication verification by relying on a blockchain without the complication of the signed certificate and certificate chain. This approach streamlines the DTLS handshake process and reduces cryptographic overhead, making it particularly suitable for resource-constrained environments. Our proposed solution leverages blockchain to reinforce IoT gadget security through immutable device characters, secure device registration, and data integrity. The LightCert4IoT is smaller in size and requires less power consumption. Continuous research and advancement are pivotal to balancing security and effectiveness. This paper examines security challenges and demonstrates the effectiveness of giving potential solutions, guaranteeing the security of IoT networks by applying LightCert4IoT and using the CoAP over DTLS with a new security mode based on blockchain. Full article

Symbiotic radio (SR), which has recently been introduced as an effective solution for 5G wireless networks, stands out with system models that include hybrid devices that share the frequency spectrum and transmit information to the same receiver. However, the low bit rate and the small amount of energy harvested in SR, where backscatter communication systems are integrated, make the system vulnerable to eavesdropping. To ensure security, the secrecy rate is defined as the difference between the number of bits transmitted to the receiver over the information channel and the number of bits reaching the eavesdropper (ED) over the wiretap channel. This paper is the first work that aims to maximize the secrecy rate for friendly jammer-aided SR networks with EDs over time allocation and power reflection coefficient in the presence of sensing errors. The proposed model consists of a base station (BS), a hybrid transmitter (HT) in symbiotic relationship with the BS, a WiFi access point used by the HT for energy harvesting, a jammer cooperating with the HT and BS, an information receiver, and EDs trying to access the information of the HT and BS. The simulation results provide valuable insights into the impact of system parameters on secrecy rate performance. Although taking the sensing error into account degrades the system performance, the real-world applicability of the system with sensing error is more realistic. It is also observed that the proposed system has higher performance compared to the wireless powered communication networks in the literature, which only use the energy harvest-then-transmit protocol and the power reflection coefficient is assumed to be zero. Full article

The continuous evolvement of IoT networks has introduced significant optimization challenges, particularly in resource management, energy efficiency, and performance enhancement. Most state-of-the-art solutions lack adequate adaptability and runtime cost-efficiency in dynamic 6G-enabled IoT environments. Accordingly, this paper proposes the Trust-centric Economically Optimized 6G-IoT (TEO-IoT) framework, which incorporates an adaptive trust management system based on historical behavior, data integrity, and compliance with security protocols. Additionally, dynamic pricing models, incentive mechanisms, and adaptive routing protocols are integrated into the framework to optimize resource usage in diverse IoT scenarios. TEO-IoT presents an end-to-end solution for security management and network traffic optimization, utilizing advanced algorithms for trust score estimation and anomaly detection. The proposed solution is emulated using the NS-3 network simulator across three datasets: Edge-IIoTset, N-BaIoT, and IoT-23. Results demonstrate that TEO-IoT achieves an optimal resource usage of 92.5% in Edge-IIoTset and reduces power consumption by 15.2% in IoT-23, outperforming state-of-the-art models like IDSOFT and RAT6G. Full article

Physically unclonable functions (PUFs) represent emerging cryptographic primitives that exploit the uncertainty of the CMOS manufacturing process as an entropy source for generating unique, random and stable keys. These devices can be potentially used in a wide variety of applications ranging from secret key generation, anti-counterfeiting, and low-cost authentications to advanced protocols such as oblivious transfer and key exchange. Unfortunately, guaranteeing adequate PUF stability is still challenging, thus often requiring post-silicon stability enhancement techniques. The latter help to contrast the raw sensitivity to on-chip noise and variations in the environmental conditions (i.e., voltage and temperature variations), but their area and energy costs are not always feasible for IoT devices that operate with constrained budgets. This pushes the demand for ever more stable, area- and energy-efficient solutions at design time. This review aims to provide an overview of several weak PUF solutions implemented in CMOS technology, discussing their performance and suitability for being employed in security applications. Full article

Secure secret-sharing Single-Source Shortest Distance (SSSD) protocols, based on secure multiparty computation (SMC), offer a promising solution for securely distributing and managing sensitive information among multiple parties. However, formal security proofs for these protocols have largely been unexplored. This paper addresses this gap by providing the first security proof for the SSSD protocols using the privacy-preserving Bellman–Ford protocols. These new protocols offer significant enhancements in efficiency, particularly in handling large-scale graphs due to parallel computation. In our previous work, published in MDPI Cryptography, we introduced these protocols and presented extensive experiments on the Sharemind system that demonstrated their efficiency. However, that work did not include security proofs. Building on this foundation, the current paper rigorously proves the security of these protocols, offering valuable insights into their robustness and reliability. Furthermore, we discuss the adversarial model, security definitions, cryptographic assumptions, and sophisticated reduction techniques employed in the proof. This paper not only validates the security of the proposed protocols but also provides a detailed comparison of their performance with existing methods, highlighting their strengths and potential for future research in the field. Full article

IoT (Internet of Things) networks are vulnerable to network viruses and botnets, while facing serious network security issues. The prediction of payload states in IoT networks can detect network attacks and achieve early warning and rapid response to prevent potential threats. Due to the instability and packet loss of communications between victim network nodes, the constructed protocol state machines of existing state prediction schemes are inaccurate. In this paper, we propose a network payload predictor called IoTGuard, which can predict the payload states in IoT networks based on real-time IoT network traffic. The steps of IoTGuard are briefly as follows: Firstly, the application-layer payloads between different nodes are extracted through a module of network payload separation. Secondly, the classification of payload state within network flows is obtained via a payload extraction module. Finally, the predictor of payload state in a network is trained on a payload set, and these payloads have state labels. Experimental results on the Mozi botnet dataset show that IoTGuard can predict the state of payloads in IoT networks more accurately while ensuring execution efficiency. IoTGuard achieves an accuracy of 86% in network payload prediction, which is 8% higher than the state-of-the-art method NetZob, and the training time is reduced by 52.8%. Full article