Security and Privacy in the Internet of Things E-Book

Table of Contents

Cover

Title Page

Copyright

About the Editors

List of Contributors

Preface

1 Advanced Attacks and Protection Mechanisms in IoT Devices and Networks

1.1 Introduction

1.2 Physical Security in IoT Devices

1.3 Remote Attestation in IoT Devices

1.4 Intrusion Detection in IoT Networks

References

Note

2 Human Aspects of IoT Security and Privacy

2.1 Introduction

2.2 An Overview of the Domestic IoT Environment

2.3 Security Issues and the IoT Landscape

2.4 Human Factors Challenges in IoT Security and Privacy

2.5 Toward Improved User-facing Security in the IoT

2.6 Conclusion

Acknowledgments

References

3 Applying Zero Trust Security Principles to Defence Mechanisms Against Data Exfiltration Attacks

3.1 Introduction

3.2 Data Exfiltration Types, Attack Mechanisms, and Defence Techniques

3.3 A Defence Mechanism for Physical Data Exfiltration Mitigation

3.4 Implementation and Analysis

3.5 Evaluation

3.6 Conclusion

References

4 eSIM-Based Authentication Protocol for UAV Remote Identification

4.1 Introduction

4.2 Drone Security

4.3 Drone Safety

4.4 UAV Remote Identification

4.5 Authentication Protocol for Remote Identification

4.6 Conclusion

References

5 Collaborative Intrusion Detection in the Era of IoT: Recent Advances and Challenges

5.1 Introduction

5.2 Background

5.3 Recent Development of Collaborative Intrusion Detection

5.4 Open Challenges and Future Trend

5.5 Conclusion

References

6 Cyber-Securing IoT Infrastructure by Modeling Network Traffic

6.1 Introduction

6.2 Cyber-Attacks on IoT Infrastructure

6.3 Network Behavioral Model of IoTs

6.4 Conclusion

References

7 Integrity of IoT Network Flow Records in Encrypted Traffic Analytics

7.1 Introduction

7.2 Background

7.3 Flow Based Telemetry

7.4 Hashing-Based MAC for Telemetry Data

7.5 Experimental Analysis

7.6 Conclusion

List of Abbreviations

Acknowledgment

References

Note

8 Securing Contemporary eHealth Architectures: Techniques and Methods

8.1 Introduction

8.2 eHealth

8.3 eHealth Threat Landscape

8.4 Countermeasures

8.5 Conclusion

References

9 Security and Privacy of Smart Homes: Issues and Solutions

9.1 Introduction

9.2 State-of-the-Art in Smart Homes' Security and Privacy

9.3 Privacy Techniques and Mechanisms

9.4 Toward Future Solutions

9.5 Conclusion

References

10 IoT Hardware-Based Security: A Generalized Review of Threats and Countermeasures

10.1 Introduction

10.2 Hardware Attacks

10.3 Physical Security Attacks Countermeasures

10.4 Conclusion

Acknowledgment

References

Index

End User License Agreement

List of Tables

Chapter 3

Table 3.1 Examples of large-scale data breaches

Table 3.2 A summary of the scenarios used in the proposed mechanize evaluation

Chapter 4

Table 4.1 Comparison of advantages and disadvantages of different drone detecti...

Table 4.2 Summary of the notations employed in the developed protocol.

Table 4.3 Threats and countermeasures.

Table 4.4 User-defined types and declared terms.

Chapter 5

Table 5.1 Development summary of collaborative intrusion detection.

Chapter 7

Table 7.1 Attributes of flow record.

Chapter 8

Table 8.1 Various benefits with the use of IoT in eHealth.

Table 8.2 Cyber attack classification in eHealth system

Chapter 10

Table 10.1 Summary of node attacks.

Table 10.2 Summary of RFID threats.

Table 10.3 Summary of hardware design threats.

Table 10.4 Summary of side-channel threats.

Table 10.5 Types of IoT physical security threats.

Table 10.6 Costs related to counter measure.

List of Illustrations

Chapter 1

Figure 1.1 Attacks and protection mechanisms covered in this chapter.

Figure 1.2 Side-channel and fault analysis attacks considered in this chapte...

Figure 1.3 Machine learning-based evaluation methodology.

Figure 1.4 Typical example of classical remote attestation.

Figure 1.5 Typical example of classical swarm attestation scheme.

Figure 1.6 Overview of the FL-based IoT intrusion detection system.

Chapter 2

Figure 2.1 Domestic, smart Internet of Things devices which can be found in ...

Figure 2.2 Examples of human-to-device and device-to-device interactions sho...

Figure 2.3 Examples of human-to-device and device-to-device interactions sho...

Chapter 3

Figure 3.1 A component diagram of the proposed physical data exfiltration mi...

Figure 3.2 Confidential data identification flow.

Figure 3.3 An illustration of endpoint rule list to mitigate unauthorized ac...

Figure 3.4 Endpoint rules and application-based measures.

Figure 3.5 Work flow for confidential data list and firewall deployment.

Figure 3.6 Simulated network layout and components.

Figure 3.7 An illustration of the studied threat scenario.

Figure 3.8 Illustration of action request creation by the management server....

Figure 3.9 Endpoint rule search and action response creation.

Figure 3.10 Assumed scenario network topology and studied network components...

Chapter 4

Figure 4.1 User interface to a web application that provides update-to-date ...

Figure 4.2 Illustration of some UTM systems and their operations as well as ...

Figure 4.3 Illustration of possible attacks on the drones. (a) Physical atta...

Figure 4.4 Illustration of possible attacks from drones. (a) Sample of priva...

Figure 4.5 Drone pilots have three ways to meet the FAA's Remote ID rule ...

Figure 4.6 A UAV with embedded SIM (eSIM) and operator smartphone.

Figure 4.7 In Step (1), the user must scan the Quick Response code which all...

Figure 4.8 Registration Phase 1: obtaining the PIN and the activation code f...

Figure 4.9 Registration Phase 2: flashing the PIN and the activation code to...

Figure 4.10 The proposed protocol for secure communication between the opera...

Figure 4.11 Secure broadcasting of the remote identification message.

Figure 4.12 Eight events for testing mutual authentication in the proposed p...

Chapter 5

Figure 5.1 Core workflow of an IDS.

Figure 5.2 CIDN framework with major components.

Chapter 6

Figure 6.1 Taxonomy of IoT network attacks.

Figure 6.2 System architecture of enforcing and monitoring MUD behavior.

Figure 6.3 Flow rules of Canary camera.

Figure 6.4 Protection of IoT devices (with MUD enforcement) against cyber-at...

Chapter 7

Figure 7.1 Three-layered IoT architecture.

Figure 7.2 Test bed architecture of different IoT and non-IoT devices teleme...

Figure 7.3 IoT-based telemetry.

Figure 7.6 Flow record authentication using end-to-end hashing with asymmetr...

Figure 7.4 Flow record authentication using end-to-end hashing.

Figure 7.5 Flow record authentication using end-to-end hashing with symmetri...

Figure 7.7 Client server establishment to transfer flow records.

Figure 7.8 Server connected to clients using hash only approach.

Figure 7.10 MITM attack failed at the server side.

Figure 7.9 Server side hash computation of IoT flow records.

Figure 7.11 MITM attack response to the client.

Figure 7.13 Server connected to the client.

Figure 7.14 Server validating the client using AES with Hash.

Figure 7.15 MITM attack failed at the server side.

Figure 7.12 Client server establishment using symmetric hash.

Figure 7.16 MITM attack responded back to the client.

Figure 7.17 Client server establishment using RSA with hash-server side.

Figure 7.18 Server responding to the client.

Figure 7.19 Hash authenticated at the server side.

Figure 7.20 Hash authenticated responded to the server.

Figure 7.21 MITM attack failed at the server side.

Figure 7.22 MITM attack failed – client notification.

Chapter 8

Figure 8.1 Various services provided in a patient-centered eHealth ecosystem...

Figure 8.2 A Typical eHealth Architecture.

Figure 8.3 A typical eHealth architecture showing some of the prominent asse...

Figure 8.4 Security objectives in various layers of the eHealth architecture...

Figure 8.5 Adaptive security steps in protecting eHealth systems.

Chapter 9

Figure 9.1 A user-centric privacy model to capture privacy concerns in relat...

Figure 9.2 An overview of available solutions with respect to the user-centr...

Chapter 10

Figure 10.1 Taxonomy of IoT hardware attacks.

Figure 10.2 The Pyramid of Pain, illustrating the layers which have the grea...

Figure 10.3 (a) A simple combinational circuit. (b) Trojan with trigger and ...

Figure 10.4 The different stages of the creation of an integrated circuit.

Figure 10.5 DPA (Differential power analysis) attack.

Figure 10.6 Dummy cycles countermeasure scheme [40].

Figure 10.7 Illustration of the data processing module against DPA.

Figure 10.8 Masking method of defending differential power analysis attack i...

Figure 10.9 Security improvement of FPGA design against timing.side-channel ...

Figure 10.10 Acoustic measurement frequency spectra of the second modular ex...

Figure 10.11 Relay scenario in a queue. Source: Thevenon and Savry [56].

Guide

Cover Page

Title Page

Copyright

About the Editors

List of Contributors

Preface

Table of Contents

Begin Reading

Index

WILEY END USER LICENSE AGREEMENT

Pages

ii

iii

iv

xiii

xiv

xv

xvi

xvii

xviii

xix

xx

xxi

xxii

xxiii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

IEEE Press

445 Hoes Lane

Piscataway, NJ 08854

IEEE Press Editorial Board

Ekram Hossain, Editor in Chief

Jón Atli Benediktsson

Anjan Bose

David Alan Grier

Elya B. Joffe

Xiaoou Li

Lian Yong

Andreas Molisch

Saeid Nahavandi

Jeffrey Reed

Diomidis Spinellis

Sarah Spurgeon

Ahmet Murat Tekalp

Security and Privacy in the Internet of Things

Architectures, Techniques, and Applications

Edited by

Ali Ismail Awad

Luleå University of Technology, Luleå, Sweden

United Arab Emirates University, Al Ain, United Arab Emirates

Al-Azhar University, Qena, Egypt

Jemal Abawajy

Deakin University, Australia

Copyright © 2022 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data

Names: Awad, Ali Ismail, editor. | Abawajy, Jemal H., 1982- editor.

Title: Security and privacy in the Internet of things : architectures, techniques, and applications / edited by Ali Ismail Awad, Jemal Abawajy.

Other titles: Security and privacy in the Internet of things (Wiley-IEEE Press)

Description: Hoboken, NJ : Wiley-IEEE Press, [2022] | Includes bibliographical references and index.

Identifiers: LCCN 2021051556 (print) | LCCN 2021051557 (ebook) | ISBN 9781119607748 (hardback) | ISBN 9781119607762 (adobe pdf) | ISBN 9781119607779 (epub)

Subjects: LCSH: Internet of things–Security measures. | Data protection.

Classification: LCC TK5105.8857 .S444 2022 (print) | LCC TK5105.8857 (ebook) | DDC 005.8–dc23/eng/20211123

LC record available at https://lccn.loc.gov/2021051556

LC ebook record available at https://lccn.loc.gov/2021051557

Cover Design: Wiley

Cover Image: © Tuomas A. Lehtinen/Getty Images

About the Editors

Ali Ismail Awad, PhD, is currently an Associate Professor with the College of Information Technology (CIT), United Arab Emirates University (UAEU), Al Ain, United Arab Emirates. He is also an Associate Professor (Docent) with the Department of Computer Science, Electrical and Space Engineering, Luleå University of Technology, Luleå, Sweden, where he also served as a coordinator of the Master Program in Information Security. He is an Associate Professor with the Electrical Engineering Department, Faculty of Engineering, Al-Azhar University at Qena, Qena, Egypt. He is also a Visiting Researcher with the University of Plymouth, United Kingdom. His research interests include Cybersecurity, the Internet of Things security, network security, image analysis with applications in biometrics, and medical imaging. He has edited or coedited seven books and authored or co-authored several journal articles and conference papers in these areas. He is an Editorial Board Member of the Future Generation Computer Systems Journal, Computers & Security Journal, the Internet of Things, Engineering Cyber Physical Human Systems Journal, Health Information Science and Systems Journal, and IET Image Processing Journal. Dr. Awad is currently an IEEE senior member.

Prof. Jemal Abawajy is on the executive team of the Centre for Cyber Security Research and Innovation (CSRI) leadership Team at Deakin University where he leads the Cyber Security and Technologies Division composed of three divisions (IoT/CPS and Critical Infrastructure Security, Digital Forensics and Incident Management, and Cyber Analytics and AI). Professor Abawajy's research is focused on both pure and applied research in the areas of distributed systems and network security (i.e. cloud security, fog security, Internet of Things security, blockchain, and big data security). He has published close to 400 refereed papers in these areas in top venues and his research is funded both by competitive grant and industry. He holds visiting Professorship in many universities. He has supervised over 40 PhD students and 20 Master's degree students to a successful completion. Currently he is supervising 10 PhD student and 1 Master student. He has also supervised over 15 postdoctoral candidates in the past five years. He is regularly invited to assess competitive grants for granting agencies in Europe (e.g. Swiss National Science Foundation), Asia (e.g. Agency for Science, Technology and Research), the Americas (e.g. Natural Sciences and Engineering Research Council of Canada), Australia (e.g. Australian Research Council), and Africa (e.g. South Africa's National Research Foundation). He is also regularly asked to assess degree programs for accreditations at many universities (e.g. Auckland University of Technology, Auckland, New Zealand, and University Putra Malaya), appointed on the Advisory Committee (e.g. Box Hill Institute and Imam Abdulrahman Bin Faisal University), and Academic Advisor (e.g. Universiti Kebangsaan Malaysia). Prof. Abawajy has served/serving on the editorial board of numerous international journals (e.g. IEEE Transaction on Cloud Computing and IEEE ACCESS) and more than 400 international academic conferences in various capacities including Chair (e.g. IEEE SmartCity-2020) and Program Chair (e.g. IEEE International Conference on Parallel and Distributed Systems). He has received numerous awards including Excellence in Research Award (e.g. Deakin University Vice-Chancellor's Award for Outstanding Contribution to Research), Best Paper Award (e.g. IEEE International Conference on Cloud Computing Technology and Science, Taiwan), and several service awards. Prof. Abawajy has given over 70 invited keynote speeches, and numerous invited seminars all over the world.

List of Contributors

Bamidele Adebisi

Department of Engineering

Manchester Metropolitan University

Manchester, UK

Adnan Anwar

School of Information Technology

Deakin University

Geelong

Australia

Zubair Baig

School of Information Technology

Deakin University

Geelong

Australia

Lejla Batina

Digital Security Group

iCIS, Radboud University

Nijmegen

The Netherlands

Aswani Kumar Cherukuri

School of Information Technology and Engineering

Vellore Institute of Technology

Vellore

Tamil Nadu

India

Vinamra Das

School of Information Technology and Engineering

Vellore Institute of Technology

Vellore

Tamil Nadu

India

Hugo Egerton

Department of Computing and Mathematics

Manchester Metropolitan University

Manchester

UK

Steven Furnell

School of Computer Science

University of Nottingham

Nottingham

United Kingdom

and

Centre for Research in Information and Cyber Security

Nelson Mandela University

Port Elizabeth

South Africa

Hassan Habibi Gharakheili

School of Electrical Engineering and Telecommunications

University of New South Wales

Sydney

Australia

Saqib Hakak

Department of Computer Science

Faculty of Computer Science

University of New Brunswick

Information Technology Centre

NB E3B 5A3

Canada

Mohammad Hammoudeh

Department of Computing and Mathematics

Manchester Metropolitan University

Manchester

UK

Ayyoob Hamza

School of Electrical Engineering and Telecommunications

University of New South Wales

Sydney

Australia

Catherine Higgins

Department of Computer Science

Faculty of Computer Science

University of New Brunswick

Information Technology Centre

NB E3B 5A3

Canada

Muhammad Ijaz Ul Haq

Department of Computer Science

Faculty of Computer Science

University of New Brunswick

Information Technology Centre

NB E3B 5A3

Canada

Wenjuan Li

Department of Electronic and Information Engineering

The Hong Kong Polytechnic University

Hong Kong

China

Gang Li

School of Information Technology

Deakin University

Geelong

Melbourne

Australia

Xiao Liu

School of Information Technology

Deakin University

Geelong

Melbourne

Australia

Martin Lundgren

Department of Computer Science

Electrical and Space Engineering

Luleå University of Technology

Luleå

Sweden

Lucas McDonald

Department of Computer Science

Faculty of Computer Science

University of New Brunswick

Information Technology Centre

NB E3B 5A3

Canada

Weizhi Meng

DTU Compute

Technical University of Denmark

Kgs. Lyngby

2800

Denmark

Nele Mentens

LIACS

Leiden University

Leiden

The Netherlands

and

imec-COSIC and ES&S

ESAT, KU Leuven

Leuven

Belgium

Markus Miettinen

System Security Lab

TU Darmstadt

Darmstadt

Germany

Naila Mukhtar

School of Engineering

Macquarie University

Sydney

Australia

Thien Duc Nguyen

System Security Lab

TU Darmstadt

Darmstadt

Germany

Ali Padyab

School of Informatics

University of Skövde

Skövde

Sweden

Md Masoom Rabbani

imec-COSIC and ES&S

ESAT, KU Leuven

Leuven

Belgium

Aditya Raj

School of Information Technology and Engineering

Vellore Institute of Technology

Vellore

Tamil Nadu

India

Phillip Rieger

System Security Lab

TU Darmstadt

Darmstadt

Germany

Ahmad-Reza Sadeghi

System Security Lab

TU Darmstadt

Darmstadt

Germany

Abdulhadi Shoufan

Center for Cyber-Physical Systems

Khalifa University

Abu Dhabi

United Arab Emirates

Vijay Sivaraman

School of Electrical Engineering and Telecommunications

University of New South Wales

Sydney

Australia

Sune Von Solms

Faculty of Engineering and the Built Environment

University of Johannesburg

Johannesburg

South Africa

Naeem F. Syed

School of Science

Edith Cowan University

Perth

Australia

Bilal Taha

Department of Electrical and Computer Engineering

University of Toronto

Toronto, ON

Canada

Ikram Sumaiya Thaseen

School of Information Technology and Engineering

Vellore Institute of Technology

Vellore

Tamil Nadu

India

Devrim Unal

KINDI Center for Computing Research

College of Engineering

Qatar University

Doha

Qatar

Chan Yeob Yeun

Center for Cyber-Physical Systems

Khalifa University

Abu Dhabi

United Arab Emirates

Preface

The Internet-of-Things (IoT) is an emerging paradigm due to extensive developments in information and communication technology (ICT). The purpose of IoT is to expand the functions of the first version of the Internet by increasing the ability to connect numerous objects. The IoT model has expanded to span different applications such as manufacturing and Industry 4.0, eHealth, smart cities and homes, robotics and drones, transportation, and critical infrastructures. The wide facilities offered by IoT and other sensing facilities have led to a huge amount of data generated from versatile domains; thus, security and privacy have become inevitable requirements not only for the sake of personal safety but also for assuring the sustainability of the IoT paradigm itself. Moreover, the nature and significance of the IoT systems themselves can increase their desirability as targets of attack. To get the full benefits of the IoT systems, the highest possible levels of security and privacy must be accomplished. However, as with the wide diversity of IoT applications and environments, several security and privacy issues remain unaddressed.

This book fills in the gaps in IoT security and privacy by providing the readers with cutting-edge research findings in the IoT security domain. This book outlines key emerging trends in IoT security and privacy considering the entire IoT architecture (perception, network, and applications) layers, with a focus on different critical IoT applications. The up-to-date body of knowledge presented in this book is a need for researchers, practitioners, and postgraduate students who work in the IoT development and deployment domains. This volume introduces a collection of 10 chapters written by experts in the field that cover both security and privacy aspects implied on IoT. Furthermore, the material has been prepared in a way that makes each chapter independently readable from the others, while still contributing a collective overall insight into the topic area. The book comprises 10 chapters structured as follows:

The book begins with the chapter Advanced Attacks and Protection Mechanisms in IoT Devices and Networks, authored by Batina et al., which introduces a full picture of the possible attacks and the countermeasures spanning IoT perception and network layers. The chapter covers a wide spectrum of security attacks and countermeasures in the IoT paradigm and prepares the stage for a better understanding of security vulnerabilities and protection mechanisms. Physical attacks, profiling attacks, and IoT malware at the network level are covered and augmented by some real-world examples. Countermeasures like remote attestation, machine learning-based solutions, and the applications of deep learning and federated self-learning in anomaly detection are also covered. The chapter identifies some future research directions like employing Blockchain for solving IoT security challenges.

Humans form the weakest circle in the cybersecurity chain. Therefore, human-related and social security aspects should be taken into consideration in addition to the technical security solution. Chapter 2 titled Human Aspects of IoT Security and Privacy, written by Solms and Furnell considers the human aspects of security and privacy issues with particular focus upon the use of IoT in the domestic context, where the users are potentially the least prepared in terms of background knowledge and available support. The chapter examines the challenges that may be presented from the perspective of using and managing the range of IoT devices that are now to be found in smart home environments, and the related data storage and sharing that may be inherent in their use. The chapter demonstrates the need for user-facing security and privacy to receive comparable attention to that directed toward other elements of core functionality.

Back to the technical cybersecurity aspects, Chapter 3 named Applying Zero Trust Security Principles to Defence Mechanisms Against Data Exfiltration Attacks, authored by Egerton et al. describes data exfiltration threats that can emerge from within a company and external threats that seek to gain unauthorized access to sensitive information that could be used for personal gain or malicious purposes. Furthermore, the chapter presents a network-based mechanism that can mitigate the common physical attack methods that are used by malicious insiders. The chapter demonstrates that the network-based mechanism can defend against some network-level threats while also complementing existing security deployments.

Drones are becoming a key element in different applications and an integral part to facilitate people's lives. Yet, opening the airspace to drones will significantly increase the number of malicious users as well as cyber-physical attacks. Chapter 4 called eSIM-based Authentication Protocol for UAV Remote Identification, written by Shoufan, Yeun, and Taha proposes an authentic communication of drones' remote identification that is particularly relevant to the controlled operations of commercial and civil drones. The proposed authentication protocol ensures a secure communication of drone remote identification by employing an embedded Subscriber Identification Module (eSIM) where any user can verify the authenticity of a remote ID by using digital signatures. A security analysis of the proposed authentication protocol is presented along with formal verification using ProVerif.

In connection to security attacks and countermeasures, deep insights on the collaborative intrusion detection mechanism are given in Chapter 5 titled Collaborative Intrusion Detection in the Era of IoT: Recent Advances and Challenges, written by Li and Meng. The chapter starts by giving an overview of collaborative intrusion detection and then reports the cutting-edge research achievements in this direction. To build a complete picture, the authors highlight open challenges and limitations that can be considered for any future work related to the collaborative intrusion detection topic.

Network traffic is a rich source of information utilized by malware analysis and intrusion detection systems. IoT network traffic analysis has not received considerable attention yet. Chapter 6 authored by Gharakheili, Hamza, and Siavaraman and titled Cyber-Securing IoT Infrastructure by Modeling Network Traffic explores the privacy and security risks of IoT devices that can be systematically evaluated, demonstrating real-life threats to typical users posed by cyber attackers. Furthermore, the chapter presents a behavioral analysis of IoT network traffic that leads to the development of machine learning-based models for inferencing from flow-level network behavior of IoT devices. Lastly, flow-level inferencing models are trained for detecting anomalous patterns in network traffic of individual connected devices.

Encrypted network traffic analysis is an essential process to understand traffic characteristics and to identify normal and abnormal behaviors. Chapter 7 named Integrity of IoT Network Flow Records in Encrypted Traffic Analytics, written by Cherukuri et al. tackles the analysis of encrypted IoT traffic. The chapter proposes novel solutions for ensuring the integrity of the IoT traffic flow records. It proposes hashing and encryption-based mechanisms to address the integrity of flow records in encrypted traffic as a flow record authentication problem. Furthermore, the chapter demonstrates the proposed solutions in a simulated environment.

eHealth architectures are complex compositions of IoT devices. With the sophistication of a contemporary eHealth infrastructure, the benefits of technological advances can be reaped to render effective and efficient patient services. However, such a benefit is accompanied by an increasing cyber threat plan that has emerged owing to increasing connectivity between the eHealth devices, and the lack of proper mechanisms for ensuring the security of IoT devices of the eHealth system. Chapter 8 titled Securing Contemporary eHealth Architectures: Techniques and Methods, written by Syed, Baig, and Anwar presents a detailed overview of the security threats posed to eHealth systems, and the countermeasures thereof, with emphasis on IoT-enabled eHealth architectures.

Smart home devices have been adopted widely by household owners to fulfill a wide array of functions and needs. Investigating security and privacy issues from an end-user perspective, the deployment environment is often uncertain and basic security controls are lacking. Chapter 9 written by Lundgren and Padyab and titled Security and Privacy of Smart Homes: Issues and Solutions, proposes a user-centric model that furthers the research stream by extending the traditional CIA-triad from an enterprise-centric perspective to a user-centric privacy concerns perspective. The proposed model can help security professionals and developers to analyze smart home technology in terms of privacy violation consequences and concerns as perceived by end users.

Plenty of research endeavors to address several security challenges in IoT ecosystems have been conducted, but very little attention has been paid to the hardware-related security aspects of IoT devices. The final chapter of the book titled IoT Hardware-Based Security: A Generalized Review of Threats and Countermeasures written by Hakak et al. presents the status and concerns of hardware-based attacks on IoT devices. The chapter presents a general overview of IoT-based hardware attacks and discusses countermeasures that could be employed to mitigate or prevent those attacks and provides a forward-looking context of the IoT hardware security area.

The book, as a whole, documents the state-of-the-art, current challenges, cutting-edge research findings concerning IoT security and privacy areas with applications in different domains. The book is considered clear evidence of the research progress achieved in IoT security and privacy. Due to the rapid growth in the IoT paradigm, further contributions and findings are anticipated in this research domain. The presented contributions in this book will nonetheless highlight ideas and directions that can help in various circumstances, as well as supporting the holistic understanding of IoT security and privacy. As such, we hope that readers will find the book interesting and relevant as a contribution to the body of literature in this important area.

1Advanced Attacks and Protection Mechanisms in IoT Devices and Networks

Lejla Batina1, Nele Mentens2,3, Markus Miettinen4, Naila Mukhtar5, Thien Duc Nguyen4, Md Masoom Rabbani3, Phillip Rieger4, and Ahmad-Reza Sadeghi4

1Digital Security Group, iCIS, Radboud University, Nijmegen, The Netherlands

2LIACS, Leiden University, Leiden, The Netherlands

3imec-COSIC and ES&S, ESAT, KU Leuven, Leuven, Belgium

4System Security Lab, TU Darmstadt, Darmstadt, Germany

5School of Engineering, Macquarie University, Sydney, Australia

Acronyms

CNN

Convolutional neural network

DDoS

Distributed denial of service

DoS

Denial of service

EM

Electromagnetic

FL

Federated learning

FN

False negative

FP

False positive

FPR

False positive rate

GRU

Gated recurrent unit

LSTM

Long short-term memory

ML

Machine learning

MLP

Multilayer perceptron

PDoS

Permanent denial of service

POI

Point of interest

ROC

Receiver operating characteristic

RNN

Recurrent neural network

SCA

Side-channel analysis

SOHO

Small office/home office

TA

Template attack

TN

True negative

TP

True positive

TPR

True positive rate

WDDL

Wave dynamic differential logic

XOR

Exclusive OR

1.1 Introduction

In the past decade, the Internet of Things (IoT) has emerged as a wonder-pill to our problems. The low-cost, easy to use, and easy to deploy motto contributed to the explosion of IoT devices that permeate our surroundings. Today, the use cases of IoT systems are spread across different industries, notably, in oil and gas exploration, smart factories, smart homes, medical applications, military applications, etc. However, the tendency of “rushing” to the market often disregards proper testing and security features. These major flaws make IoT devices an easy prey to different cyberattacks. Since attackers exist with different capabilities, this chapter consists of three sections in which different threat models are assumed, as visualized in Figure 1.1:

Physical adversary

.

Section 1.2

assumes that the attacker has physical access to the IoT device. It gives an overview of physical security threats and protection mechanisms of low-end IoT devices, focusing on

side-channel analysis

(

SCA

) and fault analysis attacks.

Remote software adversary

.

Sections 1.3

and

1.4

assume that the attacker can remotely alter the software.

Section 1.3

concentrates on

remote attestation

(

RA

) techniques, that aim at detecting malicious changes in the device's firmware by requesting a proof to verify the sanity of the device.

Section 1.4

focuses on techniques to detect attacks by analyzing the data traffic in the IoT network.

Figure 1.1 Attacks and protection mechanisms covered in this chapter.

1.2 Physical Security in IoT Devices

In this section, we first give an introduction to physical attacks, namely SCA and fault analysis attacks. Next, we discuss side-channel attacks that are based on profiling and on machine learning (ML) specifically. We continue the section by giving an overview of attacks on real-world devices. We conclude with discussing countermeasures against physical attacks.

The focus of this section is on low-end IoT devices. Microcontrollers and microprocessors including ARM, AVR, and MSP430, are commonly used platforms in this category. Identification of side-channel leakages from security algorithm implementations on any of these processor chips will potentially introduce vulnerabilities to all the IoT devices mounted with these chips.

1.2.1 Physical Attacks

One of the strongest attacker assumptions is that an adversary has physical access to an IoT device. The attacks that can be mounted in that case are called physical attacks. The first type of physical attacks, that we discuss in Section 1.2.1.1, are SCA attacks. The second type of physical attacks, i.e. fault analysis attacks, are discussed in Section 1.2.1.2. Note that this chapter does not cover side-channel attacks that exploit vulnerabilities in the micro-architecture of a processor. We concentrate on attacks based on weaknesses of the software or hardware implementation of cryptographic algorithms.

1.2.1.1 Side-channel Analysis Attacks

SCA attacks analyze the information of an electronic system available through side-channels, such as the power consumption, the electromagnetic (EM) emanation, or the timing behavior of the system, as shown on the right side of Figure 1.2. Whereas the main input/output channel should not leak secret information if the cryptographic algorithm is designed properly, the secret message or the secret key can be derived from side-channels if the algorithm is naively implemented. The first side-channel attack proposed in the academic community was a timing attack on public-key algorithms in 1996 by Paul Kocher [1]. The attack derives the secret exponent in a modular exponentiation, executed through repetitive square and multiply operations, by measuring the time it takes to perform (parts of) the exponentiation. A few years later, attacks that monitor the power consumption of an electronic system were proposed by Kocher et al. [2]. These attacks exploit the fact that the power consumption of a logic gate in a digital chip depends on the processed data. Most attacks are based on extracting information from the dynamic power consumption of the chip because that depends on the switching of the logic values internally in the chip. Indirectly measuring the same effect, attacks based on the EM emanation of electronic chips were introduced in 2001 by Gandolfi et al. [3] and Quisquater and Samyde [4].

1.2.1.2 Fault Analysis Attacks

Fault analysis attacks are based on deliberately inserted faults targeting the erroneous behavior of a hardware or software implementation. Boneh et al. were the first to show that cryptographic secrets can be leaked through the insertion of a fault [5]. On the one hand, researchers continued to find flaws in cryptographic algorithms in the form of leaked secret information in the presence of a fault. On the other hand, research is conducted into the physical insertion of faults. The examples given in this section and in Figure 1.2 are fault attacks based on laser injection, power glitches, and clock glitches. In 2002, Skorobogatov and Anderson showed that the value of a bit in a microcontroller can be changed using a camera flash and a laser pointer [6]. In the same year, Aumüller et al. demonstrated that underpowering a smart card for a short while can induce an exploitable fault [7]. Fukunaga and Takahashi show the effectiveness of introducing a glitch in the clock signal, i.e. shortening one period of the clock, to conduct a fault attack [8].

1.2.2 Profiling Attacks

Profiling attacks are regarded as one of the strongest side-channel attacks. In profiling attacks, the adversary has access to the cloned open copy of the device under target, also called the profiling device. Profiling attacks consist of two phases: the profiling (characterization or training) and attack (classification or matching) phase. In profiling phase, the attacker can program the profiling device to estimate a profile leakage model which is then utilized to recover the unknown secret key in the classification. Template attacks [9] and attacks based on stochastic models [10] are examples of profiling attacks.

Figure 1.2 Side-channel and fault analysis attacks considered in this chapter.

Suppose an adversary has a cloned copy of the IoT device and is capable of capturing a number of leakage traces , while the encryption is performed on the device with the key . Let (with ) represent the fixed cryptographic key and (with ) represent the plaintext or ciphertext of the cryptographic algorithm. Then, can be represented as the mapping of the plaintext or ciphertext and key to a value that is assumed to be related to the deterministic part of the measure leakage , according to the model being used. Based on this, the measured leakage can be represented (Eq. (1.1)) as a function of independent additive noise and a device-specific function . This multivariate leakage (where represents the total number of leakage traces) is exploited in profiling attacks. So, in the profiling phase, the attacker has leakage traces (), collected by computing encryptions using different plaintexts () and the same secret key . In the attack phase, traces () are collected by using different plaintexts and a different key. The traces in the attack phase are different from the traces in profiling phase.

A template attack (TA) is theoretically the most powerful and commonly used side-channel attack. It relies on Bayes theorem and on the assumption that the leakage estimation function has a multivariate Gaussian distribution that is parameterized by its mean () and covariance (, for each template . TA uses the generative model strategy which is used for classification in ML as well.

1.2.3 Machine Learning and SCA

ML-based systems have excelled in various domains by significantly improving the performance of applications. Over the past few years, the applicability of ML has been analyzed to efficiently recover secret information by exploiting side-channel leakage in various cryptographic algorithms including AES, ECC, RSA, 3DES, and lightweight cryptographic algorithms [11–14]. With the improved efficiency, ML-based SCA seems to surpass traditional SCA methods.

ML-SCA is an extension of profiling TAs in which the adversary first trains a model (profiling phase) and then launches the attack on the actual unknown test traces to recover the secret key (classification phase). ML can be used in supervised, unsupervised, or semi-supervised modes. In supervised, unsupervised, and semi-supervised learning modes, the model learns from datasets that consists of labeled leakage traces, unlabeled leakage traces, and a combination of leakage traces with and without labels, respectively. ML-based SCA concentrating on power consumption leakage was first introduced by Hospodar et al. [15], followed by a comparative study by Lerman et al. [16].

ML-based SCA can be further divided into a six-step methodology as explained in [17] and shown in Figure 1.3. Leakage traces are collected from the target IoT profiling device and are preprocessed to handle misalignment using filtering and windowing techniques. The traces are labeled according to the attack methodology. Each sample point in the leakage dataset represents a feature () and the label () represents the target key class. Each data trace is also referenced as a data instance in ML. The dataset consisting of aligned traces is then divided into three datasets: training, validation, and testing. The training dataset is a subset of the leakage traces dataset , which are used to train the model. The validation and testing datasets consist of leakage traces which are used for validating the model during training and testing the model after training, respectively. The testing dataset is never shown to the model during training for an accurate efficient fitted model to avoid over-fitting. Over-fitting is a modeling error that occurs when the model closely fits on confined data instances, and fails to generalize on an unseen dataset. The redundant, insignificant features in the dataset might lower the model performance. Feature engineering techniques can be applied in case of simple ML analysis and are not required for deep learning analysis. The last step of the ML-based SCA methodology is the actual attack phase. The unseen traces are used to test the performance of the model. The best performing model is then used to predict the keys from unseen data traces.

Figure 1.3 Machine learning-based evaluation methodology.

Source: Adapted from Mukhtar et al. [17].

Important factors for successful traditional side-channel attacks are alignment and significant feature or point of interest (POI) selection. In deep learning-based SCA, there is no need for preprocessing and alignment. Deep learning is a subset of ML and is popular thanks to its capability of self-learning from the data patterns using artificial neural networks without the requirement of preprocessing or feature engineering. This makes it practical from an attacker's perspective. In deep learning-based SCA, computational models are built which consist of multiple processing layers including an input layer, a series of hidden layers and an output layer [18]. The lucrative effortless secret key recovery analysis using deep learning neural networks opened up a new avenue of SCA research. Maghrebi et al. have presented results to recover secret information with neural networks [13]. Cagli et al. have demonstrated that ML-based SCA using convolutional neural networks (CNN) can help in neutralizing jitter-based hiding countermeasures without requiring any pre-processing, alignment or feature engineering [19]. Kim et al. proposed a method to add noise to the traces for a robust deep learning based SCA [20]. The visualization of the features and the hyperparameters can help in building an efficient neural network model [21].

IoT devices, processing sensitive information, have the potential risk of being exposed to physical threats. They can be physically captured, disassembled, and analyzed forensically to recover the secret information using side-channel leakage. The threats and damages are aggravated with the help of the ML paradigm. ML can be utilized to exploit side-channel leakages to investigate the internal software activities in IoT devices. This can introduce security vulnerabilities as well as can help in malicious activity or anomaly detection, proactively. Wang et al. presented results for the anomaly and software activity detection based on changes in EM leakages from IoT devices, and evaluated them using multilayer perceptrons (MLP), long short-term memory (LSTM) and autoencoders [22]. Sayakkara et al. presented a case of using ML-based SCA for forensic analysis to detect a wide variety of changes to the target IoT device to exploit secret information [23].

1.2.4 Real-world Attacks

Physical attacks exploiting weaknesses in implementations are a real threat for various kinds of IoT applications and devices including voice assistants, medical devices, self-driving cars, etc. Moreover, thanks to computing power becoming ever cheaper nowadays, modern adversaries have started using state-of-the-art ML algorithms for attacks.

The first side-channel attack in a real-world use case was performed on the implementations of the Keeloq algorithm, which was deployed in numerous car immobilizers and garage remote devices [24]. Other attacks followed, such as those on DESFire [25] and MIFARE classic implementations and even on ATMEL secure microcontrollers [26].

Considering attacks on largely deployed devices such as light bulbs, Ronen et al. showed how the key that Philips uses to encrypt and authenticate new firmware can be extracted using SCA, leading to a massive distributed denial of service (DDoS) attack [27]. Another real-world threat to a large class of IoT devices was demonstrated recently by a team of academics. In particular, their research showed that by shining a laser at microphones inside smart speakers, tablets, or phones, a far-away attacker can remotely send inaudible and potentially invisible commands into voice assistants, such as Google assistant, Amazon Alexa, and Apple Siri using light [28]. The attack was demonstrated at a distance of more than 50 m through the window. To prevent disasters, it is necessary to disable unauthorized access to all IoT devices and especially to medical ones. Gnad et al. performed a leakage assessment on three individual microcontrollers from two different vendors that are often used as IoT implementation platforms [29], and the work of Meulenaer and Standaert unveiled the threats of power analysis attacks to wireless sensor nodes [30].

1.2.5 Countermeasures

As mentioned above, the majority of real-world attacks on security implementations running on IoT devices today use SCA or fault injection to infer (secret) data or otherwise interfere with the devices' regular processing. Preventing this kind of attacks in general remains a great challenge, as effective mitigation measures are often prohibitively expensive in terms of power and energy resources.

Attacking implementations of security by using unintentionally leaked information has been revealed decades ago and ever since many countermeasures were proposed [31]. The most common approach for countermeasures aims at breaking the link between the information leaked through the side channel and the actual data that are being processed. One way to achieve it is to replace the real data by some other data (on which the computation is actually performed). To this principle, the literature usually refers to as masking or secret sharing [32] and it is the core idea behind threshold implementations (TI) where a bit is represented as a combination of several bits (e.g. using an exclusive OR operation or XOR) [33]. Another approach aims at breaking the link between the data manipulated by the device (in general) and the power consumed by the computations. This approach is called hiding, and one way to achieve it is by flattening the power consumption of a device by for example, using special logic styles that are more robust against SCA attacks. An example is Wave Dynamic Differential Logic (WDDL) [34]. Note that this approach is specific for certain side channels, such as power consumption and EM emanations.

Fault injection, on the other hand should be countered by adding some form of redundancy, which will send a signal that a fault occurred before letting the adversary taking advantage of it. The approaches for this are often algorithm-specific resulting in recent research directions in designing fault resistant algorithms, moving the defenses consideration to the design phase [35].

1.3 Remote Attestation in IoT Devices

RA is a security protocol that runs between a trusted party called Verifier () and “potentially” untrusted party called Prover ().

A brief overview of the typical working procedure of RA is shown in Figure 1.4. During the bootstrapping phase, the  and  are initialized with the key K. In Step 1, the  sends a challenge to the , where typically contains a Nonce to guarantee the freshness of the result. In Step 2, the  performs the attestation, i.e. a hashing operation of its underlying software, upon receiving the challenge. After that, the  computes the message authentication code (MAC) over the received and the software digest and sends the response to the . In Step 3, the  computes using the stored golden value of the hash digest. In Step 4, upon receiving , the  compares with . If both values match, the  assumes that the  is in a “healthy” state, else the  is compromised.

Figure 1.4 Typical example of classical remote attestation.

The type of adversary that RA intends to protect against, is a remote software adversary, as explained in Section 1.1. We distinguish two categories of remote software adversaries:

Static software adversary

. The main goal of a static software adversary is to introduce or run malicious code on a device at a specific location in the program memory. This type of adversary is described in 

[36]

.

Mobile software adversary

. This adversary is capable of infecting a device and changing its location within the IoT firmware to evade detection.

In what follows, we discuss different types of RA, from the device perspective (Section 1.3.1), and from the network perspective (Section 1.3.2). We conclude the section with an outlook to future directions (Section 1.3.3).

1.3.1 Types of Remote Attestation

Primarily, RA techniques can be subdivided into three main categories: (i) Software-based RA; (ii) Hardware-based RA, and (iii) Hybrid architecture-based RA. We described each of these techniques below.

1.3.1.1 Software-based Remote Attestation

As the name indicates, software-based Remote Attestation () is based on software-based techniques and does not rely upon sophisticated hardware modules for the secure root of trust.

In general,  schemes rely on a strict time-bound reply from the prover. As discussed in SWATT [37], a  sends an attestation challenge to a . The  assumes that a compromised  can only reply with the correct attestation response if it redirects the attestation challenge to another proxy device that holds the correct firmware in order to compute the attestation challenge. SWATT assumes that the timing overhead incurred by the redirection should be detected during protocol execution. SWATT is dependent on tight time constraints and is thus unsuitable for deployment over a real network in which network delays or packet loss scenarios occur.

Researchers also proposed other  techniques that involve part of memory verification to address extend inactivity of a  during attestation. For example, Spinellis [38] proposed a  mechanism, that performs commutation of hashes of two randomly colluding memory areas. This technique involves sequential memory read-out and it does not perform simultaneous hashing of the memories. An intelligent adversary might exploit this major flaw by relocating itself in the memory regions.

Choi et al. proposed the “Proactive Code Verification Protocol in Wireless Sensor Network” in [39]. Here, a prover's empty memory is filled with pseudo randomness using a pseudo random function (PRF). During attestation, the  sends a nonce to the  and the nonce acts as a seed for the PRF to generate pseudo randomness. The main idea is to fill the empty memory region with pseudo randomness to prevent an adversary to evade detection by relocating itself. The  then computes the hash of the entire memory and sends the attestation result to the . The  can also compute the hash and validate the received attestation result with the computed one.

Indeed,  schemes are an interesting and low-cost solution. Thanks to their “hardware-less” approach, these schemes are easily employable. However, the unrealistic assumptions of strict time constraints and the lack of secure hardware support for cryptographic operations make them unsuitable for real network implementations.

1.3.1.2 Hardware-based Remote Attestation

Hardware-based Remote Attestation () methods depend primarily on the usage of specialized hardware modules that act as a tamper-resistant secure root of trust. Over the past decades, researchers have proposed different techniques that rely upon sophisticated hardware modules. Below, we discuss a few of the  schemes along with the pros and cons.

To verify the trustworthiness of a potentially untrusted , Sailer et al. proposed to extend the functionality of the trusted platform module in [40]. The main goal of the proposed scheme is to maintain a sequence of trust which covers the application layer and the system configuration of the . Before execution, all executables are measured and the measurement is protected by the trusted platform module (TPM). Moreover, the proposed  can detect “unauthorized” code invocation.

Kil et al. proposed ReDAS (Remote Dynamic Attestation System) in [41]. The main essence of this idea is to extract the properties from an application source code. During code execution, all the activities (including unauthorized or malicious activities) are recorded and stored securely in the TPM of the . At the time of attestation, the  sends the protected recorded values to the . Undoubtedly, this technique can identify malicious activities during code execution. However, ReDAS does not consider all the dynamic properties. Thus, an adversary can still evade detection.

More recently, Vliegen et al. propsed SACHa in [42]. SACHa is an field programmable gate array (FPGA) based self-attestation mechanism for embedded platforms. As FPGAs are reconfigurable after deployment, this feature makes them inherently susceptible to attacks. Thus, it is indeed crucial to perform attestation of not only the software but also the hardware of an FPGA based system. By performing partial reconfigurability of an FPGA, SACHa performs a self-attestation of the FPGA system. By using SACHa, an FPGA can be used as a trusted platform module in the absence of a dedicated trusted hardware platform.

In summary, a  scheme provides better security in terms of protecting the cryptographic details from adversaries and unauthorized code access. However, a trusted platform module is a costly hardware tool and often disregarded in IoT systems due to the cost and the IoT platform's inability to accommodate the platform.

1.3.1.3 Hybrid Architecture-based Remote Attestation

To cope with the demand of the IoT realm, researchers proposed software/hardware-based hybrid architectures that are low-cost and suitable for IoT deployment. In this type of system, the hybrid architecture acts as a secure root of trust for attestation.

El Defrawy et al. propose SMART in [43], a software/hardware co-design for low-end embedded devices that guarantees a dynamic root of trust for RA. The main idea of this architecture is to facilitate a secure memory location for attestation related details, for example, attestation code and an attestation key. The modified processor, to which minimal changes in the form of these secure memory locations have been applied, protects the secure memory locations from unauthorized “non-SMART” codes. That guarantees uninterrupted and secure attestation operation.

Other hybrid architecture based attestation schemes, such as TrustLite [44] and TyTan [45], also proposed similar approaches. Both TrustLite and Tytan are based on an Execution Aware Memory Protection Unit (EA-MPU). An EA-MPU enforces code-specific memory access and prevents unauthorized code access along with secure inter-process communication.

1.3.2 Remote Attestation for Large IoT Networks

So far, we discussed attestation schemes that are based on one-to-one device settings, where a  can perform attestation over a single  at a time. However, these techniques do not scale. Hence, they are unsuitable for a large network. To address these issues, researchers have proposed “swarm-attestation” techniques, that can perform attestation over a considerably large IoT network in an acceptable time limit.

1.3.2.1 Classical Swarm Attestation Techniques

Swarm attestation techniques aim to address the scalability challenge of a classical RA technique. Typically, a swarm attestation scheme relies upon a hybrid architecture for a secure root of trust. Broadly speaking, swarm attestation techniques are classified into two main categories; (i) swarm attestation in static networks and (ii) swarm attestation in a dynamic networks.

Figure 1.5 Typical example of classical swarm attestation scheme.

Swarm Attestation in Static Networks [46], SANA [47], and LISA [48] assume that the entire network is interconnected and static during the entire attestation duration. The network forms an overlay of a spanning tree rooted at the . The attestation process is distributed and parent nodes perform the attestation of the children nodes, as shown in Figure 1.5. Upon receiving the attestation results of their children, the parent nodes aggregate their own result and send it to their respective parent nodes. This mechanism is efficient in terms of runtime; however, the strong assumption of network connectivity for the entire attestation period makes it unsuitable for dynamic and intermittent networks.

Swarm Attestation in Dynamic Networks