IoT Security

This area focusses on security provisioning for the various upcoming IoT Networks.

Team Members

  • Vinay Chamola (Senior Member, IEEE)
  • Tejasvi Alladi
  • Gaurang Bansal
  • Naren
  • Anubhav Elhence

Collaborators

  • Mohsen Guizani, Qatar University (Fellow, IEEE) 
  • Dusit Niyato, Nanyang Technological University, Singapore (Fellow, IEEE)
  • Sherali Zeadally, Univ. of Kentucky, USA
  • K.K. Raymond Choo, UTSA, USA

Our Publications in IoT Security

Edit

Electric vehicles (EVs) have been slowly replacing conventional fuel based vehicles since the last decade. EVs are not only environment-friendly but when used in conjunction with a smart grid, also open up new possibilities and a Vehicle-Smart Grid ecosystem, commonly called V2G can be achieved. This would not only encourage people to switch to environment-friendly EVs or Plug-in Hybrid Electric Vehicles (PHEVs), but also positively aid in load management on the power grid, and present new economic benefits to all the entities involved in such an ecosystem. Nonetheless, privacy and security remains a serious concern of smart grids. The devices used in V2G are tiny, inexpensive, and resource constrained, which renders them susceptible to multiple attacks. Any protocol designed for V2G systems must be secure, lightweight, and must protect the privacy of the vehicle owner. Since EVs and charging stations are generally not guarded by people, physical security is also a must. To tackle these issues, we propose Physical Unclonable Functions (PUF) based Secure User Key-Exchange Authentication (SUKA) protocol for V2G systems. The proposed protocol uses PUFs to achieve a two-step mutual authentication between an EV and the Grid Server. It is lightweight, secure, and privacy preserving. Simulations show that the proposed protocol performs better and provides more security features than state-of-the-art V2G authentication protocols. The security of the proposed protocol is shown using a formal security model and analysis.

Edit
As consumer Internet of Things (IoT) devices become increasingly pervasive in our society, there is a need to understand the underpinning security risks. Therefore, in this paper, we describe the common attacks faced by consumer IoT devices and suggest potential mitigation strategies. We hope that the findings presented in this paper will inform the future design of IoT devices.
Edit
Internet of things (IoT) is the next era of communication. Using IoT, physical objects can be empowered to create, receive and exchange data in a seamless manner. Various IoT applications focus on automating different tasks and are trying to empower the inanimate physical objects to act without any human intervention. The existing and upcoming IoT applications are highly promising to increase the level of comfort, efficiency, and automation for the users. To be able to implement such a world in an ever growing fashion requires high security, privacy, authentication, and recovery from attacks. In this regard, it is imperative to make the required changes in the architecture of IoT applications for achieving end-to-end secure IoT environments. In this paper, a detailed review of the security-related challenges and sources of threat in IoT applications is presented. After discussing the security issues, various emerging and existing technologies focused on achieving a high degree of trust in IoT applications are discussed. Four different technologies: Blockchain, fog computing, edge computing, and machine learning to increase the level of security in IoT are discussed.
Edit

The notion of aggregation of data in Industrial Internet of Things (IIoT) environment is a common practice. It shortens the data and associated signatures to reduce the bandwidth requirement. The compact aggregate signature (CAS) scheme creates a constant length aggregate signature (AS). Thus, the length of the CAS is independent of the number of messages or signatures to be aggregated. This article presents the first pairing-free CAS scheme in certificate-based settings. Due to the certificate-based approach, the proposed scheme is free from key escrow and key distribution problems inherited in identity-based cryptography (IDC) and certificate-less cryptography (CLC), respectively. Being compact and pairing free, it is the least bandwidth-consuming and the most efficient provably secure aggregation method. The length and computational cost analysis show that the scheme is the most appealing to use in the IIoT environment.

Previous
Next
Edit
With the recent use of IoT in the field of healthcare, a lot of patient data is being transmitted and made available online. This necessitates sufficient security measures to be put in place to prevent the possibilities of cyberattacks. In this regard, several authentication techniques have been designed in recent times to mitigate these challenges, but the physical security of the healthcare IoT devices against node tampering and node replacement attacks in particular is not addressed sufficiently in the literature. To address these challenges, a two-way two-stage authentication protocol using hardware security primitives called Physical Unclonable Functions (PUFs) is presented in this paper. Considering the memory and energy constraints of healthcare IoT devices, this protocol is made very lightweight. A formal security evaluation of this protocol is done to prove its validity. We also compare it with relevant protocols in the healthcare IoT scenario in terms of computation time and security to show its suitability and robustness.
Edit
It is generally understood that an attacker with limited resources would not be able to carry out targeted attacks on Industrial Control Systems. Breaking this general notion, we present case studies of major attacks on Industrial Control Systems (ICSs) in the last 20 years. The attacks chosen are the most prominent ones in terms of the economic loss inflicted, the potential to damage physical equipment and to cause human casualties. For each of these attacks, we describe the attack methodology used and suggest possible solutions to prevent such attacks. We analyze each case study to provide a better insight into the development of future cybersecurity techniques for ICSs. Finally, we suggest some recommendations on the best practices for protecting ICSs.
Edit
The daily fluctuations in the power requirements and the regulation of voltage and frequency cause substantial energy dissipation. These lead to a reduction in the operational efficiency of the power grid. V2G (Vehicle 2 Grid) enabled electric vehicles (EVs) can act as a reactive power resource and can provide active power regulation, load matching, and current harmonic filtering. We propose a smart framework based on Internet of Things (IoT) and Edge computing to manage the V2G operations efficiently. The proposed framework can handle distributed energy sources, and can help in grid stabilization, increasing its reliability, and improving the power efficiency. V2G energy transfers can affect the EV’s battery lifetime, however if carefully managed, they can be economical both for the grid operators, as well as the EV owners. The proposed framework creates an optimum charging schedule for each EV to maximize the profit of the EV owners, keeping the preferences set by the vehicle owner and the grid requirement in consideration.
Edit

This article presents performance enhancement of Si3N4-gate ion-sensitive field-effect transistor based pH sensor using machine learning (ML) techniques. A robust SPICE macromodel is developed using experimental data, which incorporates intrinsic temperature and temporal characteristics of the device, which is further used in sensor readout circuit (ROIC), which shows a nonideal temperature and time dependence in the voltage output. To make the device robust to the critical drifts, we exploit six state-of-the-art ML models, which are trained using the data generated from ROIC for a wide range of pH, temperature, and temporal conditions. Thorough comparison between ML models shows random forest outperforms other models for drift compensation task. This work also shows a preliminary time series classification task. The ML models are implemented on a Xilinx PYNQ-Z1 field-programmable gate array (FPGA) board to validate the performance in power and memory-restricted environment, crucial for IoT applications. A parameter, implementation factor is defined to evaluate best ML model for IoT deployment using FPGA/MCU hardware implementation. The significantly lower power consumption of FPGA board as compared to CPU with no noticeable performance drop is a pointer to the future of robust pH sensors used in industrial and remote IoT applications.

Previous
Next
Edit

Forecasting precise water usage corresponding to various beneficial usages is important for optimal and sustainable planning and management of water resources. Due to rapid population growth, there is an urgent need for devising water saving solutions. In this paper, we propose a blockchain based incentivized edge computing framework for water saving using soft computing methodologies. The framework facilitates decision makers in creating awareness among people about water savings in a easily understandable scientific way. Our incentivized blockchain based model uses edge computing at the house nodes of the network to predict the actual usage of a particular household in the locality based on several factors such as number of people, average income of family, profession of the members and previous water demands. By using Feed Forward Networks and Mixture Density Networks, we predict the water usage in terms of input factors and historical usage respectively, thus incorporating machine computing into the framework. With the two values from these methods, a comparison is made with the actual amount of water used by the householders. This research proposes deployment of the smart contract on the blockchain network for efficient and accurate reward distribution. Incentives and rewards are given in the blockchain network to houses with lesser consumption and penalties are imposed when usage crosses predicted and historic usage. The model ensures that accurate incentives are provided to the people in order to motivate them to avoid wastage of water. Results show that the methods used in our work perform better than other relevant networks on a self-synthesized dataset. The proposed methods converge well and show higher spatio-temporal accuracy.

Previous
Next