miun.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 10) Show all publications
Aydogan, E., Yilmaz, S., Sen, S., Butun, I., Forsström, S. & Gidlund, M. (2019). A Central Intrusion Detection System for RPL-Based Industrial Internet of Things. In: 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS): . Paper presented at 15th IEEE International Workshop on Factory Communication Systems (WFCS'19), Sundsvall, Sweden, May 27-29, 2019.. IEEE, Article ID 8758024.
Open this publication in new window or tab >>A Central Intrusion Detection System for RPL-Based Industrial Internet of Things
Show others...
2019 (English)In: 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS), IEEE, 2019, article id 8758024Conference paper, Published paper (Refereed)
Abstract [en]

Although Internet-of-Things (IoT) is revolutionizing the IT sector, it is not mature yet as several technologies are  still being offered to be candidates for supporting the backbone of this system. IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is one of those promising candidate technologies to be adopted by IoT and Industrial IoT (IIoT). Attacks against RPL have shown to be possible, as the attackers utilize the unauthorized parent selection system of the RLP protocol. In this work, we are proposing a methodology and architecture to detect intrusions against IIoT. Especially, we are targeting to detect attacks against RPL by using genetic programming. Our results indicate that the developed framework can successfully (with high accuracy, along with high true positive and low false positive rates) detect routing attacks in RPL-based Industrial IoT networks.

Place, publisher, year, edition, pages
IEEE, 2019
Keywords
Industrial IoT (IIoT), Security, Intusion Detection, RPL Networks
National Category
Communication Systems Computer Engineering
Identifiers
urn:nbn:se:miun:diva-36736 (URN)10.1109/WFCS.2019.8758024 (DOI)000490866300023 ()2-s2.0-85070092698 (Scopus ID)978-1-7281-1268-8 (ISBN)
Conference
15th IEEE International Workshop on Factory Communication Systems (WFCS'19), Sundsvall, Sweden, May 27-29, 2019.
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)TIMELINESS
Funder
European Regional Development Fund (ERDF)Knowledge Foundation
Available from: 2019-07-15 Created: 2019-07-15 Last updated: 2019-11-13Bibliographically approved
Butun, I. & Österberg, P. (2019). Detecting Intrusions in Cyber-Physical Systems of Smart Cities: Challenges and Directions. In: Riaz Ahmed Shaikh (Ed.), Secure Cyber-Physical Systems for Smart Cities: (pp. 74-102). Hershey, USA: IGI Global
Open this publication in new window or tab >>Detecting Intrusions in Cyber-Physical Systems of Smart Cities: Challenges and Directions
2019 (English)In: Secure Cyber-Physical Systems for Smart Cities / [ed] Riaz Ahmed Shaikh, Hershey, USA: IGI Global, 2019, p. 74-102Chapter in book (Refereed)
Abstract [en]

Interfacing the smart cities with cyber-physical systems (CPSs) improves cyber infrastructures while introducing security vulnerabilities that may lead to severe problems such as system failure, privacy violation, and/or issues related to data integrity if security and privacy are not addressed properly. In order for the CPSs of smart cities to be designed with proactive intelligence against such vulnerabilities, anomaly detection approaches need to be employed. This chapter will provide a brief overview of the security vulnerabilities in CPSs of smart cities. Following a thorough discussion on the applicability of conventional anomaly detection schemes in CPSs of smart cities, possible adoption of distributed anomaly detection systems by CPSs of smart cities will be discussed along with a comprehensive survey of the state of the art. The chapter will discuss challenges in tailoring appropriate anomaly detection schemes for CPSs of smart cities and provide insights into future directions for the researchers working in this field.

Place, publisher, year, edition, pages
Hershey, USA: IGI Global, 2019
Keywords
cyber-physical, security, IDS, smart cities
National Category
Computer Systems Communication Systems Other Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:miun:diva-36056 (URN)10.4018/978-1-5225-7189-6 (DOI)9781522571896 (ISBN)
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2019-04-27 Created: 2019-04-27 Last updated: 2019-09-09Bibliographically approved
Eldefrawy, M., Butun, I., Pereira, N. & Gidlund, M. (2019). Formal security analysis of LoRaWAN. Computer Networks, 148, 328-339
Open this publication in new window or tab >>Formal security analysis of LoRaWAN
2019 (English)In: Computer Networks, ISSN 1389-1286, E-ISSN 1872-7069, Vol. 148, p. 328-339Article in journal (Refereed) Published
Abstract [en]

Recent Low Power Wide Area Networks (LPWAN) protocols are receiving increased attention from industry and academia to offer accessibility for Internet of Things (IoT) connected remote sensors and actuators. In this work, we present a formal study of LoRaWAN security, an increasingly popular technology, which defines the structure and operation of LPWAN networks based on the LoRa physical layer. There are previously known security vulnerabilities in LoRaWAN that lead to the proposal of several improvements, some already incorporated into the latest protocol specification. Our analysis of LoRaWAN security uses Scyther, a formal security analysis tool and focuses on the key exchange portion of versions 1.0 (released in 2015) and 1.1 (the latest, released in 2017). For version 1.0, which is still the most widely deployed version of LoRaWAN, we show that our formal model allowed to uncover weaknesses that can be related to previously reported vulnerabilities. Our model did not find weaknesses in the latest version of the protocol (v1.1), and we discuss what this means in practice for the security of LoRaWAN as well as important aspects of our model and tools employed that should be considered. The Scyther model developed provides realistic models for LoRaWAN v1.0 and v1.1 that can be used and extended to formally analyze, inspect, and explore the security features of the protocols. This, in turn, can clarify the methodology for achieving secrecy, integrity, and authentication for designers and developers interested in these LPWAN standards. We believe that our model and discussion of the protocols security properties are beneficial for both researchers and practitioners. To the best of our knowledge, this is the first work that presents a formal security analysis of LoRaWAN.

Keywords
IoT, LoRaWANS, cyther verification
National Category
Communication Systems
Identifiers
urn:nbn:se:miun:diva-35145 (URN)10.1016/j.comnet.2018.11.017 (DOI)000458345100027 ()2-s2.0-85057039918 (Scopus ID)
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2018-12-10 Created: 2018-12-10 Last updated: 2019-10-16Bibliographically approved
Butun, I. & Gidlund, M. (2019). Location Privacy Assured Internet of Things. In: Paolo Mori, Steven Furnell and Olivier Camp (Ed.), Proceedings of the 5th International Conference on Information Systems Security and Privacy: . Paper presented at 5th International Conference on Information Systems Security and Privacy (ICISSP 2019), Prague, 23-25 February 2019 (pp. 623-630). Setúbal, Portugal: SciTePress, 1
Open this publication in new window or tab >>Location Privacy Assured Internet of Things
2019 (English)In: Proceedings of the 5th International Conference on Information Systems Security and Privacy / [ed] Paolo Mori, Steven Furnell and Olivier Camp, Setúbal, Portugal: SciTePress, 2019, Vol. 1, p. 623-630Conference paper, Published paper (Refereed)
Abstract [en]

Internet of Things (IoT) is in the booming age of its growth, therefore a vast amount of applications, projects, hardware/software solutions, and customized concepts are being developed. The proliferation of IoT will enable location-based services to be available everywhere for everyone, and this will raise a large number of privacy issues related to the collection, usage, retention, and disclosure of the user’s location information. In order to provide a solution to this unique problem of IoT, this paper proposes Location Privacy Assured Internet of Things (LPA-IoT) scheme, which uses the concepts of Mix-Zone, location-obfuscation along with context-awareness. To the authors’ best knowledge, the proposed LPA-IoT scheme is the first location-based privacy-preserving scheme for IoT that provides flexible privacy levels associated with the present context of the user.

Place, publisher, year, edition, pages
Setúbal, Portugal: SciTePress, 2019
Keywords
Security, Mix-Zone, Location Obfuscation, IoT, Preserving, Context-awareness, Vulnerabilities, Trust, End-device.
National Category
Engineering and Technology
Identifiers
urn:nbn:se:miun:diva-35762 (URN)10.5220/0007587906230630 (DOI)2-s2.0-85064644167 (Scopus ID)978-989-758-359-9 (ISBN)
Conference
5th International Conference on Information Systems Security and Privacy (ICISSP 2019), Prague, 23-25 February 2019
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2019-03-08 Created: 2019-03-08 Last updated: 2019-09-19Bibliographically approved
Butun, I., Österberg, P. & Gidlund, M. (2019). Preserving location privacy in cyber-physical systems. In: 2019 IEEE Conference on Communications and Network Security (CNS): . Paper presented at 2019 IEEE Conference on Communications and Network Security (CNS), Washington DC, DC, USA, 10-12 June 2019 (pp. 1-6). IEEE
Open this publication in new window or tab >>Preserving location privacy in cyber-physical systems
2019 (English)In: 2019 IEEE Conference on Communications and Network Security (CNS), IEEE, 2019, p. 1-6Conference paper, Published paper (Refereed)
Abstract [en]

The trending technological research platform is Internet of Things (IoT)and most probably it will stay that way for a while. One of the main application areas of IoT is Cyber-Physical Systems (CPSs), in which IoT devices can be leveraged as actuators and sensors in accordance with the system needs. The public acceptance and adoption of CPS services and applications will create a huge amount of privacy issues related to the processing, storage and disclosure of the user location information. As a remedy, our paper proposes a methodology to provide location privacy for the users of CPSs. Our proposal takes advantage of concepts such as mix-zone, context-awareness, and location-obfuscation. According to our best knowledge, the proposed methodology is the first privacy-preserving location service for CPSs that offers adaptable privacy levels related to the current context of the user.

Place, publisher, year, edition, pages
IEEE, 2019
Keywords
cyber-physical systems, data privacy, Internet of Things, location based services, mobile computing, location privacy, CPSs, IoT devices, actuators, sensors, public acceptance, user location information, location-obfuscation, privacy-preserving location service, mix-zone, context-awareness, public adoption, CPS, IoT, location obfuscation, security, trust, vulnerabilities
National Category
Engineering and Technology
Identifiers
urn:nbn:se:miun:diva-37174 (URN)10.1109/CNS.2019.8802666 (DOI)2-s2.0-85071727543 (Scopus ID)
Conference
2019 IEEE Conference on Communications and Network Security (CNS), Washington DC, DC, USA, 10-12 June 2019
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2019-09-09 Created: 2019-09-09 Last updated: 2019-09-24Bibliographically approved
Butun, I., Sari, A. & Österberg, P. (2019). Security Implications of Fog Computing on the Internet of Things. In: International Conference on Consumer Electronics (ICCE): . Paper presented at ICCE 2019, IEEE 37th International Conference on Consumer Electronics (ICCE), Jan 11- 13, 2019, Las Vegas, NV, USA. IEEE, Article ID 8661909.
Open this publication in new window or tab >>Security Implications of Fog Computing on the Internet of Things
2019 (English)In: International Conference on Consumer Electronics (ICCE), IEEE, 2019, article id 8661909Conference paper, Published paper (Refereed)
Abstract [en]

Recently, the use of IoT devices and sensors has been rapidly increased which also caused data generation (information and logs), bandwidth usage, and related phenomena to be increased. To our best knowledge, a standard definition for the integration of fog computing with IoT is emerging now. This integration will bring many opportunities for the researchers, especially while building cyber-security related solutions. In this study, we surveyed about the integration of fog computing with IoT and its implications. Our goal was to find out and emphasize problems, specifically security related problems that arise with the employment of fog computing by IoT. According to our findings, although this integration seems to be non-trivial and complicated, it has more benefits than the implications. Index Terms—IoT, IIoT, vulnerabilities, trust, end-device, confidentiality, integrity, availability.

Place, publisher, year, edition, pages
IEEE, 2019
Series
IEEE International Symposium on Consumer Electronics
Keywords
IoT, ItoT, vulnerabilities, trust, end-device, confidentiality, integrity, availability
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:miun:diva-34863 (URN)000462912600020 ()2-s2.0-85063790412 (Scopus ID)978-1-5386-7910-4 (ISBN)
Conference
ICCE 2019, IEEE 37th International Conference on Consumer Electronics (ICCE), Jan 11- 13, 2019, Las Vegas, NV, USA
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2018-11-08 Created: 2018-11-08 Last updated: 2019-09-09Bibliographically approved
Butun, I., Pereira, N. & Gidlund, M. (2019). Security Risk Analysis of LoRaWAN and Future Directions. Future Internet, 11(1), Article ID 3.
Open this publication in new window or tab >>Security Risk Analysis of LoRaWAN and Future Directions
2019 (English)In: Future Internet, ISSN 1999-5903, E-ISSN 1999-5903, Vol. 11, no 1, article id 3Article in journal (Refereed) Published
Abstract [en]

LoRa (along with its upper layers definition—LoRaWAN) is one of the most promising Low Power Wide Area Network (LPWAN) technologies for implementing Internet of Things (IoT)-based applications. Although being a popular technology, several works in the literature have revealed vulnerabilities and risks regarding the security of LoRaWAN v1.0 (the official 1st specification draft). The LoRa-Alliance has built upon these findings and introduced several improvements in the security and architecture of LoRa. The result of these efforts resulted in LoRaWAN v1.1, released on 11 October 2017. This work aims at reviewing and clarifying the security aspects of LoRaWAN v1.1. By following ETSI guidelines, we provide a comprehensive Security Risk Analysisof the protocol and discuss several remedies to the security risks described. A threat catalog is presented, along with discussions and analysis in view of the scale, impact, and likelihood of each threat. To the best of the authors’ knowledge, this work is one of the first of its kind, by providing a detailed security risk analysis related to the latest version of LoRaWAN. Our analysis highlights important practical threats, such as end-device physical capture, rogue gateway and self-replay, which require particular attention by developers and organizations implementing LoRa networks.

Keywords
internet of things, sensor node, LPWAN, attacks, threats, vulnerabilities, IoT, analysis, risk, assessment, low power, LoRa, v1.1
National Category
Engineering and Technology
Identifiers
urn:nbn:se:miun:diva-35663 (URN)10.3390/fi11010003 (DOI)000457221400002 ()2-s2.0-85060234829 (Scopus ID)
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2019-02-19 Created: 2019-02-19 Last updated: 2019-09-09Bibliographically approved
Fortuna, P., Pereira, N. & Butun, I. (2018). A framework for web application integrity. In: ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy: . Paper presented at 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, Madeira, Portugal, 22 January 2018 through 24 January 2018 (pp. 487-493). SciTePress
Open this publication in new window or tab >>A framework for web application integrity
2018 (English)In: ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy, SciTePress , 2018, p. 487-493Conference paper, Published paper (Refereed)
Abstract [en]

Due to their universal accessibility, interactivity and scaling ease, Web applications relying on client-side code execution are currently the most common form of delivering applications and it is likely that they will continue to enter into less common realms such as IoT-based applications. We reason that modern Web applications should be able to exhibit advanced security protection mechanisms and review the research literature that points to useful partial solutions. Then, we propose a framework to support such characteristics and the features needed to implement them, providing a roadmap for a comprehensive solution to support Web application integrity. 

Place, publisher, year, edition, pages
SciTePress, 2018
Keywords
Application Security, Data Integrity, Execution Integrity, Obfuscation, Web Application
National Category
Computer Engineering
Identifiers
urn:nbn:se:miun:diva-34570 (URN)2-s2.0-85052017578 (Scopus ID)9789897582820 (ISBN)
Conference
4th International Conference on Information Systems Security and Privacy, ICISSP 2018, Madeira, Portugal, 22 January 2018 through 24 January 2018
Available from: 2018-10-01 Created: 2018-10-01 Last updated: 2018-10-01Bibliographically approved
Butun, I., Pereira, N. & Gidlund, M. (2018). Analysis of LoRaWAN V1.1 Security. In: Proceedings of the 4th ACM MobiHoc Workshop on Experiences with the Design and Implementation of Smart Objects (SMARTOBJECTS '18).: . Paper presented at 4th ACM MobiHoc Workshop on Experiences with the Design and Implementation of Smart Objects (SMARTOBJECTS '18), Los Angeles, USA, June 2018.. ACM Digital Library
Open this publication in new window or tab >>Analysis of LoRaWAN V1.1 Security
2018 (English)In: Proceedings of the 4th ACM MobiHoc Workshop on Experiences with the Design and Implementation of Smart Objects (SMARTOBJECTS '18)., ACM Digital Library, 2018Conference paper, Published paper (Refereed)
Abstract [en]

LoRa and the LoRaWAN specification is a technology for Low Power Wide Area Networks (LPWAN) designed to allow connectivity for connected objects, such as remote sensors. Several previous works revealed various weaknesses regarding the security of LoRaWAN v1.0 (the official 1st draft) and these led to improvements included in LoRaWAN v1.1, released on Oct 11, 2017. In this work, we provide the first look into the security of LoRaWAN v1.1. We present an overview of the protocol and, importantly, present several threats to this new version of the protocol. Besides, we propose our own ramification strategies for the mentioned threats, to be used in developing next version of LoRaWAN. The threats presented were not previously discussed, they are possible even within the security assumptions of the specification and are relevant for practitioners implementing LoRa-based applications as well researchers and the future evolution of the LoRaWAN specification.

Place, publisher, year, edition, pages
ACM Digital Library, 2018
Keywords
IoT, LPWAN, LoRa, security, vulnerability
National Category
Communication Systems Computer Engineering
Identifiers
urn:nbn:se:miun:diva-33675 (URN)10.1145/3213299.3213304 (DOI)978-1-4503-5857-6 (ISBN)
Conference
4th ACM MobiHoc Workshop on Experiences with the Design and Implementation of Smart Objects (SMARTOBJECTS '18), Los Angeles, USA, June 2018.
Projects
DAWNSMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)TIMELINESS
Funder
European Regional Development Fund (ERDF)Knowledge Foundation
Available from: 2018-05-30 Created: 2018-05-30 Last updated: 2019-09-09Bibliographically approved
Forsström, S., Butun, I., Eldefrawy, M., Jennehag, U. & Gidlund, M. (2018). Challenges of Securing the Industrial Internet of Things Value Chain. In: 2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018 - Proceedings: . Paper presented at 2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018, Brescia, Italy, 16 April 2018 through 18 April 2018 (pp. 218-223). IEEE, Article ID 8428344.
Open this publication in new window or tab >>Challenges of Securing the Industrial Internet of Things Value Chain
Show others...
2018 (English)In: 2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018 - Proceedings, IEEE, 2018, p. 218-223, article id 8428344Conference paper, Published paper (Refereed)
Abstract [en]

We see a shift from todays Internet-of-Things (IoT)to include more industrial equipment and metrology systems,forming the Industrial Internet of Things (IIoT). However, thisleads to many concerns related to confidentiality, integrity,availability, privacy and non-repudiation. Hence, there is a needto secure the IIoT in order to cater for a future with smart grids,smart metering, smart factories, smart cities, and smart manufacturing.It is therefore important to research IIoT technologiesand to create order in this chaos, especially when it comes tosecuring communication, resilient wireless networks, protectingindustrial data, and safely storing industrial intellectual propertyin cloud systems. This research therefore presents the challenges,needs, and requirements of industrial applications when it comesto securing IIoT systems.

Place, publisher, year, edition, pages
IEEE, 2018
Keywords
Security, IoT, IIoT, Industry 4.0, vulnerabilities, trust, metering, metrology, application, end-device
National Category
Computer Engineering
Identifiers
urn:nbn:se:miun:diva-33653 (URN)10.1109/METROI4.2018.8428344 (DOI)2-s2.0-85052506472 (Scopus ID)978-1-5386-2497-5 (ISBN)978-1-5386-2498-2 (ISBN)
Conference
2018 Workshop on Metrology for Industry 4.0 and IoT, MetroInd 4.0 and IoT 2018, Brescia, Italy, 16 April 2018 through 18 April 2018
Projects
SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle)
Available from: 2018-05-22 Created: 2018-05-22 Last updated: 2019-09-09Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-1723-5741

Search in DiVA

Show all publications