2019
Autores
Sousa, PR; Resende, JS; Martins, R; Antunes, L;
Publicação
AD-HOC, MOBILE, AND WIRELESS NETWORKS (ADHOC-NOW 2019)
Abstract
The growth of the Internet of Things (IoT) is raising significant impact in several contexts, e.g., in cities, at home, and even attached to the human body. This digital transformation is happening at a high pace and causing a great impact in our daily lives, namely in our attempt to make cities smarter in an attempt to increase their efficiency while reducing costs and increasing safety. However, this effort is being supported by the massive deployment of sensors throughout cities worldwide, leading to increase concerns regarding security and privacy. While some of these issues have already been tackled, device authentication remains without a viable solution, specially when considering a resilient decentralized approach that is the most suitable for this scenario, as it avoids some issues related to centralization, e.g., censorship and data leakage or profit from corporations. The provisioning is usually an arduous task that encompasses device configuration, including identity and key provisioning. Given the potential large number of devices, this process must be scalable and semi-autonomous, at least. This work presents a novel approach for provisioning IoT devices that adopts an architecture where other device acts as a manager that represents a CA, allowing it to be switched on/off during the provisioning phase to reduce single point of failure (SPOF) problems. Our solution combines One Time Password (OTP) on a secure token and cryptographic algorithms on a hybrid authentication system.
2020
Autores
Sousa, PR; Martins, R; Antunes, L;
Publicação
TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS, TRUSTBUS 2020
Abstract
The ever-increasing number of interconnected devices in smart environments, i.e., homes and cities, is bolstering the amount of data generated and exchanged. These devices can range from small embedded platforms, such as those included in home appliances, to critical operational systems, such as traffic lights. However, this increasing adoption is raising significant security and privacy concerns. Although some researchers have already solved some of these issues, data privacy still lacks a viable solution, especially when considering a flexible, decentralized approach to avoid a central overseer. One of the biggest challenges regarding privacy is the lack of transparency about how data flows are mediated and regulated as, often, these resources share data with external entities without the users' knowledge. We argue that a novel data-sharing control mechanism is required to properly control users' privacy and their respective Internet of Things (IoT) devices. This work focuses on a middleware layer solution for the IoT devices, which allows the control of the data generated by the device by its owner. The platform places the user as an active participant in the data market, behaving as its own data intermediary for potential consumers by monitoring, controlling, and negotiating the usage of their data.
2021
Autores
Sousa, P; Magalhaes, L; Resende, J; Martins, R; Antunes, L;
Publicação
SENSORS
Abstract
The increasing pervasiveness of the Internet of Things is resulting in a steady increase of cyberattacks in all of its facets. One of the most predominant attack vectors is related to its identity management, as it grants the ability to impersonate and circumvent current trust mechanisms. Given that identity is paramount to every security mechanism, such as authentication and access control, any vulnerable identity management mechanism undermines any attempt to build secure systems. While digital certificates are one of the most prevalent ways to establish identity and perform authentication, their provision at scale remains open. This provisioning process is usually an arduous task that encompasses device configuration, including identity and key provisioning. Human configuration errors are often the source of many security and privacy issues, so this task should be semi-autonomous to minimize erroneous configurations during this process. In this paper, we propose an identity management (IdM) and authentication method called YubiAuthIoT. The overall provisioning has an average runtime of 1137.8 ms +/- 65.11+delta. We integrate this method with the FIWARE platform, as a way to provision and authenticate IoT devices.
2022
Autores
Cirne, A; Sousa, PR; Resende, JS; Antunes, L;
Publicação
COMPUTERS & SECURITY
Abstract
The Internet of Things (IoT) has changed how we interact with the world around us. Many devices are moving from offline to online mode, connecting between them and the Internet, offering more functionality to users. Despite the increase in the quality of life for users provided by IoT devices, it is also necessary to establish trust in the privacy and security of end-users. With this level of connectivity, the amount of data exchanged between devices also increases, inducing malicious activities. One of the main problems is the lack of regulation in the IoT industry, especially between different manufacturers. There are no formal security rules, and manufacturers may not choose to install security mechanisms. Therefore, it is necessary to promote the adoption of security measures. One way to do this is by using IoT devices and systems certification. In recent years, IoT certifications have emerged. Meanwhile, the European Union has passed the Cyber Security Act to unify and regulate security certifications in member states. Our work collects the requirements that different IoT environments and application scenarios impose on certifications and discusses the current certifications' status according to those requirements. In addition, we also explored how EU measures apply to IoT and, where applicable, how certifications implement them, highlighting future research challenges.
2022
Autores
Martins, I; Resende, JS; Sousa, PR; Silva, S; Antunes, L; Gama, J;
Publicação
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE
Abstract
The Internet of Things (IoT) envisions a smart environment powered by connectivity and heterogeneity where ensuring reliable services and communications across multiple industries, from financial fields to healthcare and fault detection systems, is a top priority. In such fields, data is being collected and broadcast at high speed on a continuous and real-time scale, including IoT in the streaming processing paradigm. Intrusion Detection Systems (IDS) rely on manually defined security policies and signatures that fail to design a real-time solution or prevent zero-day attacks. Therefore, anomaly detection appears as a prominent solution capable of recognizing patterns, learning from experience, and detecting abnormal behavior. However, most approaches do not fit the urged requirements, often evaluated on deprecated datasets not representative of the working environment. As a result, our contributions address an overview of cybersecurity threats in IoT, important recommendations for a real-time IDS, and a real-time dataset setting to evaluate a security system covering multiple cyber threats. The dataset used to evaluate current host-based IDS approaches is publicly available and can be used as a benchmark by the community.
2022
Autores
Silva, S; Sousa, PR; Resende, JS; Coelho Antunes, LF;
Publicação
Trust, Privacy and Security in Digital Business - 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings
Abstract
A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots complex. One of the current literature challenges is the need for a honeypot not to be detected by attackers, namely due to the delays that are required to make requests to external and remote servers. This work focuses on deploying honeypots virtually on IOT devices. With this technology, we can use endpoints to send specific honeypots on recent known vulnerabilities on IOT devices to find and notify attacks within the network, as much of this information is verified and made freely available by government entities. Unlike other approaches, the idea is not to have a fixed honeypot but a set of devices that can be used at any time as a honeypot (adapted to the latest threat) to test the network for a possible problem and then report to Threat Sharing Platform (TSP). © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.