Open Access
submit Opinions CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Indexed in Scopus

Journal of Cyber Security and Mobility

Ashutosh Dutta, Johns Hopkins University, USA
Ruby Lee, Princeton University, USA
Neeli R. Prasad, International Technological University, San Jose, USA
Wojciech Mazurczyk, Warsaw University of Technology, Poland

Associate Editor:
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur, India

ISSN: 2245-1439 (Print Version),

ISSN: 2245-4578 (Online Version)
Vol: 4   Issue: 1

Published In:   January 2015

Publication Frequency: Quarterly

Search Available Volume and Issue for Journal of Cyber Security and Mobility

Journal Description        Editorial Foreword        Read Full Articles        Editorial Board        Subscription        Indexed       Opinions

Special Issue on Resilient and Trustworthy IoT Systems

The internet of things (IoT) is by now nothing new, but widespread adoption and increasing dependence on IoT services mean that we must ensure that the IoT systems we design, develop, and deploy are resilient and trustworthy. Almost universal availability is expected, yet individual devices will routinely fail and/or be compromised. Despite this, the services should be resilient and trustworthy. The environments where the devices will be deployed will range from protected and controlled environments to potentially very hostile environments where the exposure is extreme.

The cyber security landscape has changed drastically over the last decade. We have adversaries engaging in cyber warfare, organized crime, industrial espionage, petty/opportunistic theft, and privacy invasions. Privacy has become more important, which is by many seen as a prerequisite for human trust in IoT systems. For the IoT systems to remain trustworthy, they need to have credible defenses and be able to detect and respond to incidents. We have four contributions to this special issue. The first contribution, "Torrent-based Dissemination in Infrastructure-less Wireless Networks" by Kyriakos Manousakis et al, has its roots in peer-to-peer mobile ad hoc networks. This contribution highlights robustness in content dissemination in peer-to-peer mobile ad hoc networks. These networks are subject to disruptions due to erratic link performance and intermittent connectivity. The approach used, called SISTO, is a fully distributed and torrent-based solution. The authors highlight four main features: 1) freedom from reliance on infrastructure; 2) network and topology aware selection of information sources; 3) robust multiple-path routing of content via a proactive peer selection technique; and 4) an integrated distributed content discovery capability. There exist a wide set of network scenarios where these capabilities are useful, such as first responder and disaster recovery situations, and military and tactical operations, which require applications and protocols to function in a purely ad hoc peer-to-peer fashion. SISTO allows IoT devices to provide content in a robust and reliable manner.

The second contribution, titled "Cyber Security for Intelligent World with Internet of Things and Machine to Machine Communication" byVandana Rohokale and Ramjee Prasad, addresses security for IoT and machine-tomachine (m2m) directly. The paper highlights the diverse and heterogeneous reality of IoT and m2m. The devices can be wired or wireless, they can range from simple RFID tags to relatively powerful 32-bit devices, and they are deployed in a multitude of different locations. Some will be very exposed to hacking, while others will enjoy a relatively safe and secure environment. The devices are subject to both local attacks, possibly with physical intrusion, and global attacks over the networks. The authors investigate state of the art in security provisions for IoT and m2m communications. The authors emphasize security solutions that can grow together with the systems, and they recognize that this is going to be a continuous process. They see role-based access control (RBAC) mechanisms as playing a vital role in the robustness of the cyber security solution development for these services. They also have high hopes for trust-level-based authentication mechanisms and speculate that it may be utilized to provide robust and secure communication.

The third contribution is an effort in improving privacy for an IoT context. The paper, “How to use garbling for privacy preserving electronic surveillance services” by Tommi Meskanen, Valtteri Niemiand Noora Nieminen, provides fascinating insights in the use of advanced cryptography to provide privacy for a surveillance system. The apparent paradox is solved by an innovative way of using garbling, a powerful cryptographic primitive for secure multiparty computation, to achieve privacy-preserving electronic surveillance. The case is assisted living and the client is an elderly person living alone. A security company bases its service on an electronic surveillance system consisting of closed-circuit televisions (CCTV), motion detectors, and/or sensors measuring the activity of the client. The company collects data and analyses the data using data mining, pattern recognition and machine learning tools. The security company has outsourced its data center services into a cloud managed by a third-party company. The data from the surveillance system is stored and analyzed entirely in the cloud environment. Still, our elderly client wants to have his/her privacy and this seemingly impossible goal is what the authors tackle. The garbling techniques themselves are based on secure multiparty computation. The scheme proposed is cutting edge and more research is needed before it becomes practical, but it is refreshing and promising to see these problems being tackled.

The fourth paper, “Cyber security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks” by Mohamed Abomhara and Geir M. Køien, is an overview paper. It investigates vulnerabilities in an IoT world, and it looks at various threats and threat types. Both vulnerabilities and threats relate to assets, but what are the assets in an IoT context? Threats do not have to become attacks, but if they do there must be a perpetrator. In security modeling parlance, we often call this entity the intruder. Other questions that need to answered are as follows: What are the attacks? What security goals where there in the first place? Who is the intruder(s)? The old adage Know Thy Enemy basically says that you cannot really win the war unless you understand your enemy.

"It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle."

Sun Tzu, The Art of War

In a connected world with remote access, you cannot know your enemy by sight, and so the paper discusses these aspects in a generic way, based on observed capabilities and behavior.

Together, these four papers outline different aspects of robustness and resilience for the brave new all-digital world in which IoT/m2m will play significant roles. There is still much research needed, but we hope these contributions will help in the quest to build a safe and secure digital future for us all.

Geir M. Køien,
University of Agder,

River Publishers: Journal of Cyber Security and Mobility