Zaigham Mahmood Editor Security, Privacy and Trust in the IoT Environment Security, Privacy and Trust in the IoT Environment Zaigham Mahmood Editor Security, Privacy and Trust in the IoT Environment 123 Editor ZaighamMahmood NorthamptonUniversity Northampton, UK ShijiazhuangTiedao University Hebei,China ISBN978-3-030-18074-4 ISBN978-3-030-18075-1 (eBook) https://doi.org/10.1007/978-3-030-18075-1 ©SpringerNatureSwitzerlandAG2019 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpart of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission orinformationstorageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilar methodologynowknownorhereafterdeveloped. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfrom therelevantprotectivelawsandregulationsandthereforefreeforgeneraluse. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained hereinorforanyerrorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregard tojurisdictionalclaimsinpublishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland To: Rehana Zaigham Mahmood For her Love and Support Preface Overview TheInternetofThings(IoT)isanetworkofself-configuringsensor-enabledobjects connected through wireless and wired connections. It is a vision of pervasive computing where smart devices connect to each other in a seamless manner, to establish a unified physical–virtual world. With the broadband Internet becoming widely available and the cost of connectivity of devices exponentially decreasing, the IoT is becoming a highly promising paradigm for organizations as well as individualsinthesociety.Anunspokenruleforthefuturedigitizedworldseemsto suggest that anything that can be connected, will be connected—from industrial machines to wearable devices to driverless vehicles. Gartner, Inc. estimates that there will be over 26 billion interconnected devices through networks such as the IoT,bytheyear2020.AccordingtoBBNTimesasreportedinDecember2018,the IoTmarketispredictedtogenerateanadditional$344billioninrevenuesaswellas todrive$177billionincostreductions,by2020.Onabroaderscale,theIoTvision ispavingthewayfordevelopingintelligentcities,autonomicself-drivingvehicles, industrial IoT, smarter health care and, in general, smarter environments in a connectedworld.Withthepassingoftime,astheeverydayobjectsanddevicesare getting smarter, and the number and variety of such devices are growing, users’ expectations in terms of adaptive and self-governing environments are also increasing. The opportunities are limitless as the IoT vision is proving to be hugely attractiveandprofitable. However,therearealso numerouschallenges for network specialists, software developers and hardware/devices engineers. Other associated challengesrelate tothevariety ofconnectedobjects, storage andmovementofBig Data, complexity of Data Analytics, insufficiency of Internet bandwidth and the unreliable nature of the present-day Internet. The most significant of these, which requireurgentattention,refertotheprivacyandsecurityofdataandapplicationsat all access levels, safety of users of the IoT things especially when a smart device malfunctions, connectivity and communication protocols, and the trust and vii viii Preface authentication mechanisms within the network. Security and trust issues are probably the greatest obstacles to further growth of the IoT paradigm. Some of the challenges from a different perspective include gaps in technology sophistication; absence or immaturity of available standards; and also, the industry-specific security- and trust-related limitations. Although safety aspects of the networks are getting better, communication protocols are resulting in more secure connectivity, and data protection mechanisms are becoming more sophisti- cated, there is still a further requirement for novel network architectures and middleware platforms deploying new emerging communication technologies; as wellasadoptionofnovelcontext-awaremanagementapproachesanddevelopment of more efficient tools and devices. Itisintheabovecontextthatthisbookisset.Thefocusofthevolumeisonthe security, privacy and trust essentials of the IoT environment, in particular the relevant principles, frameworks, architectures and technologies, as well as the practical suggestions and solutions to the inherent limitations and challenges. The majority of contributions in the book focus on device connectivity, pervasive computing, data transfer, security, interoperability, trust and adaptability. Twenty-seven researchers and practitioners of international repute have presented thelatestresearch,currenttrendsandcasestudies,aswellassuggestionsforfurther understanding, development and enhancement of the much attractive IoT vision. Objectives The aim of this volume is to present and discuss the IoT in relation to inherent security, privacy and trust within the environment. The objectives include: (cid:129) Capturing the latest research and practice with respect to the challenges of security as well as issues of privacy and trust in the IoT environment. (cid:129) Presenting innovative ideas, practical solutions and workable frameworks to combat such challenges to ensure better security, privacy and trust. (cid:129) Developing a complete reference for students, researchers and practitioners of pervasive computing and smart digital environments. (cid:129) Identifying further research directions and technologies with respect to the connectivity, security, privacy and trust in the IoT infrastructure. Preface ix Organization There are 12 chapters in this book: Security, Privacy and Trust in the IoT Environment. These are organized in two parts, as follows: Part I: Security and Privacy in IoT: Technologies and Frameworks This part has a focus on concepts, principles, underlying technologies and methodologies. There are seven chapters. (cid:129) Chapter1reviewsthecyber-securityrisksofcriticalinfrastructuresandprovides security management strategies for infrastructures such as SCADA. A control frameworkfordefiningacomprehensivesetofsecurityobjectiveswithpolicies, standards and guidelines is also suggested. (cid:129) Chapter 2 explores the use of virtual private networks to adopt authentication protocols to enhance the security and privacy of networks. The proposed framework uses Geographical Positioning System (GPS) for mutual two-way authentication. The proposed approach also helps to detect and reduce the wormhole attacks. (cid:129) Chapter3addressesmajorthreatsrelatedtoRFIDtechnologiesandreviewsthe existingpublickey-basedcryptographicsolutionstocounteractthesecurityand privacy issues. It is suggested that solutions that employ delegation of group exponentiationtechniquessatisfymuchbetter,thecorerequirementsofprivacy and security. (cid:129) Chapter 4 focuses on Cyber Threat Intelligence (CTI) concentrations such as OSINT, HUMINT, MASINT, SIGINT, GEOINT and TECHINT to develop a proactiveCyber Intelligence aggregation approach model. The proposed model depends on practical tools and methods that help to provide proactive defences and analysis strategies. (cid:129) Chapter 5 investigates a next-generation Firewall-as-a-Service (FaaS), called Seddulbahir, and discusses its effectiveness to counter the IoT-powered volu- metriccyberattacks.VariousfeaturesofFaaS,suchasdetection,mitigationand other related aspects are elaborated upon. Critical analysis of similar exiting mechanisms is also presented. (cid:129) Chapter6aimsatprovidingthecurrentresearchanddevelopmentontheuseof blockchain technology for securing Internet ofThings (IoT) environments. The conceptual blockchain-based IoT architectures for seven different use case sit- uations, including supply chain, manufacturing, smart cities and homes, and health care, are also presented. (cid:129) Chapter7proposesanimageencryptionandauthenticationalgorithmtohandle bulky medical images. The suggested quantum cyber-physical system incor- porates key generation, permutation, Deoxyribonucleic Acid operation and diffusion. It is suggested that the system is well suited for a versatile hospital management system. x Preface Part II: Privacy and Trust in IoT: Healthcare Applications and IoV This part of the book comprises five chapters that focus on privacy and trust as related to healthcare applications and Internet of Vehicles (IoV) scenarios. (cid:129) Chapter 8 presents an overview of security and privacy issues related to healthcare applications that often operate on cloud or fog computing architec- tures. Thirty recently published research papers are studied to establish the extent of the problem; results are presented and discussed for the benefit of healthcare professionals. (cid:129) Chapter9extendsthestudypresentedinthepreviouscontributiontoanalysethe IoT-based telemedicine systems focusing on data security and privacy. Thirty researchpapers publishedin 2018are analysed toidentify therelated issues,to provide solutions based on ciphertext-policy attributes encryption and secure better portable graphics architectures. (cid:129) Chapter 10 provides an in-depth investigation into a diverse range of security attacks challenging the realization of Vehicular Ad hoc Networks (VANET). It suggests the need for trust management for securing networks. The study also illustrateshowareconfigurableandagileinfrastructurecanhelpinguaranteeing a more secure VANET platform. (cid:129) Chapter11presentsprivacypreservingstrategiesandproposesanovelsolution that allows users to benefit from Cloud-Enabled-IoV (CE-IoV) location-based services and safety applications—anonymously and safely. A simulation of the proposed solution is also presented, with encouraging results. (cid:129) Thelastchapterinthispart,andthefinalinthebook,alsofocusesonMobileAd hoc Network (MANET). It discusses the use of least squares time series fore- casting method, with interval-based fuzzy mathematics, to forecast the future positions of MANET nodes; with a view to predicting secure shortest paths between the nodes in motion at any given times. Target Audiences The current volume is a reference text aimed at supporting a number of potential audiences, including the following: (cid:129) Network Specialists, Hardware Engineers and Security Experts who wish to adopt the newer approaches to resolving the issues of network security, data privacy and human trust in the IoT paradigm. (cid:129) Students and Academics who have an interest in further enhancing the knowl- edgeoftechnologies,mechanismsandpracticesrelevanttosecurity,privacyand trust from a distributed computing perspective. Preface xi (cid:129) Researchers and Practitioners in this field who require up to date knowledge ofthecurrentmethodologies,technologiesandpracticesrelevanttothesecurity, privacy and trust-related weaknesses and proposed solutions. Derby, UK Zaigham Mahmood