EditorialSecurity, Privacy, and Trust on Internet of Things

Constantinos Kolias ,1 Weizhi Meng,2 Georgios Kambourakis ,3 and Jiageng Chen4

1Computer Science Department, University of Idaho, USA2Department of Applied Mathematics and Computer Science, Technical University of Denmark, Denmark3Department of Information and Communication Systems Engineering, University of the Aegean, Greece4School of Computer Science, Central China Normal University, China

Correspondence should be addressed to Constantinos Kolias; kolias@uidaho.edu

Received 25 December 2018; Accepted 31 December 2018; Published 3 February 2019

Copyright © 2019 Constantinos Kolias et al. This is an open access article distributed under the Creative Commons AttributionLicense, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properlycited.

1. Introduction

The ability of smart objects to stay connected to the Internetfor purposes of transmitting and receiving data is referredto as the Internet of Things (IoT). As per recent estimates,the number of IoT devices will surpass 50 billion by 2020.Unsurprisingly, this mushrooming of IoT devices has drawnthe attention of attackers who seek to exploit them for theirown benefit, with the Mirai botnet being perhaps the mostprominent example of IoT specific malware [1, 2]. Basically,IoT brings along a plethora of potential security and privacyrisks to the end-users, including the unsanctioned access andabuse of private information, the enabling and strengtheningof assaults against other systems, and the breeding of riskspertaining to personal safeness [3]. Especially, IoT facilitatesthe creation of an assortment of privacy risks to the consumerassociated with the collection of personal and sensitiveinformation, like their preferences, locations, habits, and soon. In the mid- or long-run these pieces of data can be usedto, say, profile or impersonate the user or group of interest.On the other hand, such risks to security, privacy, and trustmay significantly diminish end-user’s confidence in IoT andtherefore impede its full realization.

The feature topic at hand intends to promote the dis-semination of the latest methodologies, solutions, and casestudies pertaining to IoT security, privacy, and trust issues.Its objective is to publish high-quality articles presentingsecurity algorithms, protocols, policies, frameworks, andsolutions for the IoT ecosystem.

The goal of this special issue was to attract high-qualitycontributions from researchers working in the broad area of

security, privacy, and trust for IoT ecosystems, including butnot limited to (a) cloud computing-based security solutionsfor IoT data, (b) mobile service privacy for IoT devices,(c) standardization efforts related to IoT, (d) testbeds andcase studies for IoT, (e) Intrusion detection for IoT, (f) trustmanagement for IoT, and (g) virtualization solutions to IoTsecurity

2. Submissions

This special issue presents high-quality articles describingsecurity and privacy issues, attacks as well as their remediesfor the IoT ecosystems. We received a total of 29 submissionsand, after a rigorous review process, we selected 10 articlescovering the subject from different perspectives, i.e., about30% of all the submitted papers.

In “On the RCCA Security of Hybrid Signcryption forInternet of Things” by H. Dai et al., hybrid signcryptionschemes are lucrative for protecting communications in IoTenvironments. Such schemes achieve multiple cryptographicservices simultaneously but with much lower overhead thanseparate traditional cryptographic schemes. This attributemakes them ideal for resource-constrained environments.Unlike most approaches that verify such security schemesprimarily against Chosen Ciphertext Attacks, this paperproposes verification against Repayable Chosen CiphertextAttacks. Despite being a theoretically weaker security notion,it is “secure enough” for IoT applications and at the same timemuch more efficient.

In “A Hierarchical Matrix Decomposition-Based Sign-cryption without Key-Recovery in Large-Scale WSN” by C.

HindawiWireless Communications and Mobile ComputingVolume 2019, Article ID 6452157, 3 pageshttps://doi.org/10.1155/2019/6452157

2 Wireless Communications and Mobile Computing

Yuan et al., identity-based encryption schemes present a greatpotential for wireless, low resources networks due to theirlower resource requirements. However, such schemes assumethat a central entity, namely, the Private Key Generator(PKG), maintains all private keys; therefore, it can easilyimpersonate any user. The paper proposes a novel signcryp-tion technique based on hierarchical matrix decompositionto generate the keys for cluster head nodes. By limiting thecontrol of central authorities on the private keys it becomespossible to solve the key escrow issue associated with suchschemes.

In “A Blockchain-Based Contractual Routing Protocolfor the Internet of Things Using Smart Contracts” by G.Ramezan and C. Leung, conventional secure routing proto-cols assume a central authority (CA) to facilitate the identi-fication and authentication for each device in the network.Particularly, in the highly heterogeneous IoT environmentsthe lack of a standardized central management system intro-duces the problem of trust. The paper proposes a blockchainbased contractual routing protocol which operates in a fullydistributed manner without requiring any trusted CA. Theintroduced protocolmakes use of the smart contracts conceptto discover a route to a destination or data gateway withinheterogeneous IoT networks.The protocol is proven resistantto both Blackhole and Greyhole attacks.

While in “Shielding IoT against cyber-attacks: An event-based approach using SIEM” by D. D. Lopez et al., dueto the high level of heterogeneity in IoT environmentstraditional security solutions cannot perform ideally. SecurityInformation and Event Management systems seem to be anappealing solution; however, current practices known fromconventional computer networks fail to take into account thepossible correlations between IoT layers and the peculiaritiesof corresponding security events and attack surfaces. Thepaper proposes a custom-tailored security architecture andexplores possible mappings between events, vulnerabilities,and attack surfaces for typical IoT ecosystems.

In “BaDS: Blockchain-Based Architecture for Data Shar-ing with ABS and CP-ABE in IoT” by Y. Zhang et al.,cloud infrastructures are an indispensable component of IoTapplications, yet they may not always be considered as fullytrusted entities. This paper proposes a privacy-preservingand user-controlled data sharing architecture which permitsdetailed access control. The proposed approach is based onthe Blockchain model and smart contracts to ensure thescalability of access control tables.

In “Towards Secure Network Computing Services forLightweight Clients using Blockchain” by Y. Xu et al.,the network-based service sharing paradigm may indi-rectly extend the abilities of the resource-constrained IoTdevices; nevertheless it introduces additional risks sinceuntrusted/unverified code can be loaded from the networkand then be executed even natively. This paper proposes anovel blockchain-based secure service provisioning mech-anism for protecting lightweight IoT devices from mali-cious or insecure services in network computing scenarios.The power of blockchain is primarily leveraged towardsidentifying and verifying the corresponding provider andservice.

In “Security Vulnerabilities and Countermeasures forTime Synchronization in TSCH Networks” by W. Yanget al., numerous IoT applications require that all nodesmust maintain high-precision time synchronization. Suchcommunication systems suffer from time-synchronizationattacks, primarily in single-hop pair-wise synchronizationsituations. The paper examines the security vulnerabilities ofTSCH technology to identify the potential vulnerabilities andattacks. The corresponding security enhancements are alsooutlined and an authentication-based mechanism along witha clock-offset filter is proposed.

In “Towards Smart Healthcare: Patient Data Privacy andSecurity in Sensor-Cloud Infrastructure” by I. Masood et al.,Modern Wireless Body Area Networks (WBANs) systemsextensively rely on cloud computing (CC) technologies toovercome their inherent computational constraints. Suchhybrid infrastructures have been applied in the healthcaredomain with great success, but at the same time, new threatsagainst patient data privacy and security were surfaced. Thispaper surveys the techniques for patient data privacy andsecurity in sensor-based cloud infrastructures.The paper alsoprovides a framework for patient physiological parameters(PPPs) privacy and security particularly appropriate for suchecosystems.

In “Towards Privacy Preserving IoT Environments: ASurvey” byM. Seliem et al., privacy is one pivotal requirementof IoT applications. One of the most essential concerns ofIoT applications is the lack of control over raw personaldata communicated from the sensors to the cloud applicationcounterparts. This paper conducts a thorough survey ofexisting research and proposed solutions regarding privacyin IoT ecosystems, from a multipoint of view to outline thenumerous associated risks and potential mitigations.

In “FAPRP: A Machine Learning Approach to FloodingAttacks Prevention Routing Protocol in Mobile Ad HocNetworks” by N. T. Luong et al., IoT communications maysometimes be deprived of a centralized infrastructure thuscompletely relying on number of self-organizing nodes toform Mobile Ad hoc Networks (MANETs). Such types ofnetworks are prone to request route flooding attack, a dev-astating attack which is trivial to initiate and challenging toremedy.The authors introduce the FloodingAttackDetectionAlgorithm (FADA) which is based on historical networktraces and the k-NN algorithm to detect and isolate themalicious nodes in the network.Then a new routing protocolfor such settings is introduced which incorporates FADAalgorithm as part of its route request phase, minimizing therisk.

Conflicts of Interest

The authors declare that there are no conflicts of interestregarding the publication of this special issue.

Acknowledgments

The guest editors would like to express their gratitude toSPTT editorial board for giving the opportunity to editthis special issue. Also, they wish to thank the authors for

Wireless Communications and Mobile Computing 3

submitting their work as well as the tireless reviewers whohave constructively evaluated the papers within the short-stipulated time. Finally, they sincerely hope the reader willshare their view and find this special issue very useful.

Constantinos KoliasWeizhi Meng

Georgios KambourakisJiageng Chen

References

[1] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS inthe IoT: mirai and other botnets,” IEEE Computer Society, vol.50, no. 7, pp. 80–84, 2017.

[2] M. Antonakakis, T. April, M. Bailey et al., “Understanding themirai botnet,” in Proceedings of the USENIX Security Sympo-sium, pp. 1092–1110, August, 2017.

[3] J. Voas, R. Kuhn, C. Kolias, A. Stavrou, and G. Kambourakis,“Cybertrust in the IoT Age,” The Computer Journal, vol. 51, no.7, pp. 12–15, 2018.

International Journal of

AerospaceEngineeringHindawiwww.hindawi.com Volume 2018

RoboticsJournal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Active and Passive Electronic Components

VLSI Design

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Shock and Vibration

Hindawiwww.hindawi.com Volume 2018

Civil EngineeringAdvances in

Acoustics and VibrationAdvances in

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwww.hindawi.com

Volume 2018

Hindawi Publishing Corporation http://www.hindawi.com Volume 2013Hindawiwww.hindawi.com

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com

Journal ofEngineeringVolume 2018

SensorsJournal of

Hindawiwww.hindawi.com Volume 2018

International Journal of

RotatingMachinery

Hindawiwww.hindawi.com Volume 2018

Modelling &Simulationin EngineeringHindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Chemical EngineeringInternational Journal of Antennas and

Propagation

International Journal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Navigation and Observation

International Journal of

Hindawi

www.hindawi.com Volume 2018

Advances in

Multimedia

Submit your manuscripts atwww.hindawi.com