Multi-service threats: Attacking and protecting network printers and VoIP phones alike
تهدیدات سرویس های چندگانه: حمله و محافظت از چاپگرهای شبکه و تلفن های VoIP به طور یکسان-2022
Printing over a network and calling over VoIP technology are routine at present. This article investigates to what extent these services can be attacked using freeware in the real world if they are not configured securely. In finding out that attacks of high impact, termed the Printjack and Phonejack families, could be mounted at least from insiders, the article also observes that secure configurations do not appear to be widely adopted. Users with the necessary skills may put existing security measures in place with printers, but would need novel measures, which the article prototypes, with phones in order for a pair of peers to call each other securely and without trusting anyone else, including sysadmins.
Keywords: Denial of service | Data breach | Security | Privacy | Trust | Insider threat
Proposal of anonymization dictionary using disclosed statements by business operators
پیشنهاد فرهنگ لغت ناشناس با استفاده از اظهارات افشا شده توسط اپراتورهای تجاری-2022
Increasing the number of business operators using anonymously processed information is a critical privacy topic in Japan. To promote the use of the information, an ‘‘anonymization dictionary’’ is proposed and implemented. The dictionary is the system that shares usecases regarding the manner by which business operators produce and provide anonymously processed information. To develop this system, two technical difficulties are resolved: the lack of (i) a method to acquire the use-cases and (ii) a data structure to store the use-cases. In terms of (i), disclosed statements that specify the production and provisioning processes for anonymously processed information is focused. To recognize the statements described in the business operators’ webpages as the use-cases, a web crawler that acquires the statements is developed. The crawler acquires 331 use-cases (statements) in a short duration. In terms of (ii), to define a concrete data structure to store anonymously processed information use-cases, the structure of the use-cases acquired is analyzed. The use-cases are stored into the structure and then in the DB of the dictionary application. This enables a search function to be provided for identifying the necessary use-cases and organizing use-cases in a readable form to the business operators.
keywords: اطلاعات پردازش شده به صورت ناشناس | ناشناس سازی | اظهارات افشا شده | خزنده | حفظ حریم خصوصی | Anonymously processed information | Anonymization | Disclosed statements | Crawler | Privacy preservation
Secure firmware Over-The-Air updates for IoT: Survey, challenges, and discussions
به روز رسانی ایمن میان افزار خارج از هوا برای اینترنت اشیا: بررسی، چالش ها و بحث ها-2022
The Internet of Things (IoT) market has shown strong growth in recent years, where many manufacturers of IoT devices and IoT-related service providers are competing. Time to market has become essential to be competitive. The faster a competitor develops and integrates his product, the more likely he is to dominate the market. This competition could lead to critical security issues due to the lack of testing or the short development time. Moreover, lots of IoT devices present some vulnerabilities that can be exploited by attackers. They are also constantly subject to Zero-days, which require quick intervention to maintain the security of the environments in which they are deployed in. For these purposes, the quick update of the firmware image of these IoT devices is an effective way to counter most of these attacks. This document starts by defining the firmware update mechanisms for IoT, and in particular the ones done Over-The-Air. Then presents a state-of-the-art of the currently proposed solutions, with the particularity of surveying from the literature, the standardization bodies and from some well known industrial solutions. It also proposes a new classification of the different types of System on Chip (SoC) present in the marketed IoT devices together with an analysis of the different challenges and threats related to the OTA update. The objective is to open up the horizon for future research directions.
keywords: دستگاه های اینترنت اشیا | نرم افزار | به روز رسانی | خارج از هوا | امنیت | حریم خصوصی | بررسی | مرور | چالش ها | تهدیدات | زنجیره اعتماد | IoT devices | Firmware | Updates | Over-The-Air | Security | Privacy | State of the art | Survey | Challenges | Threats | Trust chain
Trust-aware and incentive-based offloading scheme for secure multi-party computation in Internet of Things
طرح تخلیه مبتنی بر انگیزه و اعتماد آگاه برای محاسبات امن چند جانبه در اینترنت اشیا-2022
Adoption of multi-party computation in IoT provides the required processing power needed by the IoT devices to provide smart services in the shortest time. However, this requires a secure offloading scheme that is capable of fairly offloading the computations of source nodes to a different set of workers, guarantees the privacy of the source nodes, and verifies the correctness of results without a third party at a low overhead.
In this paper, we formulate a secure privacy-preserving offloading scheme based on modified secret sharing to offload computations and data to a different set of workers. We also develop incentive and trust models to encourage honesty and willingness and discourage delay among workers during multi-party computation. Last, we develop a low overhead morphism-based verification technique for the self-verification of the correctness of results. We finally present the security analysis of the scheme which shows that the schemes meet up with the necessary security requirements, and the experimental results show the capability of the scheme in terms of its security functionalities, low computation cost, effective verification of results, and generation of incentives and trust values for workers during multi-party computation.
keywords: Multi-party computation | Offloading | Cooperative computation | IoT Self-verification | Security | محاسبات چند طرفه | بارگذاری آفلاین | محاسبات مشارکتی | خود تأییدی اینترنت اشیا | امنیت
TUI Model for data privacy assessment in IoT networks
مدل TUI برای ارزیابی حریم خصوصی داده ها در شبکه های اینترنت اشیا-2022
The development of the Internet of Things (IoT) has been at the forefront of progressing societal functionality. However, the addition of IoT devices in conventional information technology (IT) infrastructure has raised and prioritized the concern of information security and data privacy. The Common Vulnerability Scoring System (CVSS) is a framework for providing information to the public about the impact of vulnerabilities and exploits executed on a multitude of devices. While the CVSS addresses a plethora of conditions for vulnerabilities, it does not adequately make end- users aware of the impact data privacy can have on their devices. The primary objective of this research work is to extend the existing CVSS and propose a new model that acknowledges Transparency, Unlinkability, and Intervenability (TUI) to address the data privacy issues of IoT devices when scoring impacts of vulnerabilities. Our research has developed this model to provide a new sufficient score for analyzing the true impact of compromised data privacy. After the development of the new scoring for TUI, our research highlights case studies to emphasize the impact our TUI model will have on the CVSS. We strongly believe that our proposed model benefit both the individual users (consumers of IoT devices) and the industry to portray the possible vulnerabilities from a user standpoint as well as a manufacturer standpoint.
keywords: حریم خصوصی داده ها | امنیت اینترنت اشیا | مدل سیا | امتیازدهی آسیب پذیری | امنیت دستگاه | ارزیابی امنیتی | Data privacy | IoT security | CIA model | Vulnerability scoring | Device security | Security assessment
A comprehensive pseudonym changing scheme for improving location privacy in vehicular networks
یک طرح جامع تغییر نام مستعار برای بهبود حریم خصوصی مکان در شبکه های وسایل نقلیه-2022
Keywords: Location privacy | Pseudonym changing scheme | VANET | V2V communication | Context-aware
A conceptual IoT-based early-warning architecture for remote monitoring of COVID-19 patients in wards and at home
یک معماری مفهومی هشدار اولیه مبتنی بر اینترنت اشیا برای نظارت از راه دور بیماران COVID-19 در بخش ها و در خانه-2022
Due to the COVID-19 pandemic, health services around the globe are struggling. An effective system for monitoring patients can improve healthcare delivery by avoiding in-person contacts, enabling early-detection of severe cases, and remotely assessing patients’ status. Internet of Things (IoT) technologies have been used for monitoring patients’ health with wireless wearable sensors in different scenarios and medical conditions, such as noncommunicable and infectious diseases. Combining IoT-related technologies with early-warning scores (EWS) commonly utilized in infirmaries has the potential to enhance health services delivery significantly. Specifically, the NEWS-2 has been showing remarkable results in detecting the health deterioration of COVID-19 patients. Although the literature presents several approaches for remote monitoring, none of these studies proposes a customized, complete, and integrated architecture that uses an effective early-detection mechanism for COVID-19 and that is flexible enough to be used in hospital wards and at home. Therefore, this article’s objective is to present a comprehensive IoT-based conceptual architecture that addresses the key requirements of scalability, interoperability, network dynamics, context discovery, reliability, and privacy in the context of remote health monitoring of COVID-19 patients in hospitals and at home. Since remote monitoring of patients at home (essential during a pandemic) can engender trust issues regarding secure and ethical data collection, a consent management module was incorporated into our architecture to provide transparency and ensure data privacy. Further, the article details mechanisms for supporting a configurable and adaptable scoring system embedded in wearable devices to increase usefulness and flexibility for health care professions working with EWS.
keywords: نظارت از راه دور | کووید-۱۹ | اخبار-2 | معماری | رضایت | اینترنت اشیا | Remote monitoring | COVID-19 | NEWS-2 | Architecture | Consent | IoT
A survey of blockchain-based IoT eHealthcare: Applications, research issues, and challenges
بررسی مراقبت های بهداشتی الکترونیک اینترنت اشیاء مبتنی بر بلاک چین: برنامه های کاربردی، مسائل تحقیقاتی و چالش ها-2022
Blockchain (BC) technology has recently emerged as an essential component for different applications, including healthcare and IoT, because of its decentralized ledger, source provenance, and tamper-proof nature. The Internet of Things (IoT) and BC have enabled health systems to expand their scalability and maintain consistency on a decentralized platform. As a result, many researchers have developed BC-enabled IoT eHealth systems and explored the application of BC technology in diverse fields of eHealthcare. This paper conducts a comprehensive survey on the emerging applications of BC technology in healthcare. We summarize applications, research issues, security threats, research challenges, opportunities, and the future scope of BC technologies in the IoT-enabled healthcare system when BC is adopted to handle the privacy and storage of current and future medical records. Furthermore, we analyze the state-of-the-art BC works in the medical area, assessing their benefits-drawbacks, and guiding future researchers to overcome the limitations of the existing articles.
Keywords: Blockchain | IoT | Healthcare | EHR challenge | Medical area
A survey on blockchain, SDN and NFV for the smart-home security
مروری بر بلاک چین، SDN و NFV برای امنیت خانه های هوشمند-2022
Due to millions of loosely coupled devices, the smart-home security is gaining the attention of industry professionals, attackers, and academic researchers. The smart home is a typical home where many sensors, actuators, and IoT devices are used to automate home users’ daily activities. Although a smart home provides comfort, safety, and satisfaction to users, it opens up multiple challenging security issues when automating and offering intelligent services. Recent studies have investigated not only blockchain but SDN and NFV to address these challenges. We present a comprehensive survey on blockchain, SDN, and NFV for smart-home security. The paper also proposes a new architecture of the smart-home security. First, we describe the features of the smart home and its current security issues. Next, we outline the characteristics of blockchain, SDN, and NFV, including their contribution to improving the smart-home security. While SDN enhances the management and access control of the home network by providing a programmable controller to home nodes, NFV implements the functions of network appliances (e.g., network monitoring, firewall) as virtual machines and ensures the high availability of the network. Blockchain reinforces IoT data’s privacy, integrity, and security and improves the trust in transactions among untrusted IoT devices. Finally, we discuss open issues and challenges in the field and propose recommendations towards high-level security for the smart home.
Keywords: Smart homes | IoT | Privacy | Security | Trust | Blockchain | SDN | NFV
A survey on security in internet of things with a focus on the impact of emerging technologies
بررسی امنیت در اینترنت اشیا با تمرکز بر تاثیر فناوری های نوظهور-2022
Internet of Things (IoT) have opened the door to a world of unlimited possibilities for imple- mentations in varied sectors in society, but it also has many challenges. One of those challenges is security and privacy. IoT devices are more susceptible to security threats and attacks. Due to constraints of the IoT devices such as area, power, memory, etc., there is a lack of security so- lutions that are compatible with IoT devices and applications, which is leading this world of securely connected things to the “internet of insecure things.” A promising solution to this problem is going beyond the standard or classical techniques to implementing the security so- lutions in the hardware of the IoT device. The integration of emerging technologies in IoT net- works, such as machine learning, blockchain, fog/edge/cloud computing, and quantum computing have added more vulnerable points in the network. This paper introduces a comprehensive study on IoT security threats and solutions. Additionally, this survey outlines how emerging technologies such as machine learning and blockchain are integrated in IoT, challenges resulted from this integration, and potential solutions to these challenges. The paper utilizes the 4-layer IoT architecture as a reference to identify security issues with corresponding solutions.
keywords: اینترنت اشیا | امنیت | فراگیری ماشین | بلاک چین | تهدیدها | راه حل های امنیتی | IoT | Security | Machine learning | Blockchain | Threats | Security solutions