Cited By
View all- Crowther K(2024)Blending Shared Responsibility and Zero Trust to Secure the Industrial Internet of ThingsIEEE Security and Privacy10.1109/MSEC.2024.343220822:5(96-102)Online publication date: 1-Sep-2024
Introduction to the Special Issue on the Lifecycle of IoT (In)security
Article No.: 33, Pages 1 - 2
The editors of Digital Threats Research and Practice (DTRAP) are excited to bring readers this special issue on Internet of Things (IoT) security. Here, a diverse mixture of cybersecurity academics and industry practitioners have authored articles spanning vulnerabilities in encryption protocols, MAC-layer spoofing protection, shared IoT responsibility models, and industry issues around multimodal deployments.
IoT security can be an alarming problem, as devices are often deeply embedded in our hospitals, vehicles, and infrastructure. IoT security is unique in that device manufacturers typically experience heavy downward cost-per-unit pressures, keeping the cybersecurity functionality in hardware and firmware scaled down as well.
Heterogenous networks, hardware often leased in the cloud, and hyper-connected environments spanning multiple parties make cybersecurity a team sport. Today, shared responsibility models are a hot topic. The cloud industry has evolved well-defined security responsibilities between infrastructure providers, like Amazon, and tenant companies leasing infrastructure to deploy technologies within. Unfortunately, shared responsibility models around IoT ecosystems have been lacking.
It is fitting that our first article, “Emerging Cybersecurity Capability Gaps in the Industrial Internet of Things: Overview and Research Agenda,” tackles the problem of a shared responsibility model in IoT. It presents an assessment of capability gaps based on a series of workshops with 100 expert participants. It presents comprehensive needs against the NIST framework and includes research that models the division of cybersecurity responsibility across the IoT device, network, and cloud resident data, impacting the full lifecycle.
MAC-layer spoofing is a serious problem in wireless systems, and scaled-down IoT devices often lack any prevention and detection capabilities. “Randomized Moving Target Approach for MAC-layer Spoofing Detection and Prevention in IoT Systems” details a novel system combing signal-level device fingerprinting with the principles of Randomized Moving Target Defense (RMTD).
“Novel JIT Security for Large-scale Heterogenous IoT Deployments” is an industry Field Note in this issue exploring multimodal IoT deployment. IoT threat vectors continue to fall into a concise list of categories, many of which can be addressed with classic solution architectures. This article looks at applying advances in contextual architecture to achieve high ROI on IoT deployments while still managing the risks of heterogeneity.
The lack of robust IoT encryption protocols has been recently identified by the Defense Advanced Research Projects Agency (DARPA) and led to the release of significant grant money. Simultaneous Authentication of Equals (SAE) is a password-authenticated key exchange protocol specified for use in popular wireless standards. The Field Note “A Chosen Random Value Attack on WPA3 SAE Authentication Protocol,” closely related to the articles in this issue, explores impersonation attacks that expose vulnerabilities within Wi-Fi Protected Access 3 (WPA3) SAE, then proposes protocol amendments.
Index Terms
- Introduction to the Special Issue on the Lifecycle of IoT (In)security
Index terms have been assigned to the content through auto-classification.
Recommendations
Landscape of IoT security
AbstractThe last two decades have experienced a steady rise in the production and deployment of sensing-and-connectivity-enabled electronic devices, replacing “regular” physical objects. The resulting Internet-of-Things (IoT) will soon become ...
Emerging Security Threats and Countermeasures in IoT
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications SecurityIoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private ...
Comments
Information & Contributors
Information
Published In
December 2022
232 pages
Copyright © 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 February 2023
Published in DTRAP Volume 3, Issue 4
Check for updates
Author Tags
Qualifiers
- Editorial
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 569Total Downloads
- Downloads (Last 12 months)324
- Downloads (Last 6 weeks)44
Reflects downloads up to 27 Dec 2024
Other Metrics
Citations
Cited By
View all- Crowther K(2024)Blending Shared Responsibility and Zero Trust to Secure the Industrial Internet of ThingsIEEE Security and Privacy10.1109/MSEC.2024.343220822:5(96-102)Online publication date: 1-Sep-2024
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in