Conference PaperPDF Available

Cybersecurity Challenges and Opportunities in the New "Edge Computing + IoT" World

Authors:

Abstract

The paradigm shift to the Internet of Things (IoT) and the emergence of the edge computing concept have brought huge potentials for various future IoT application scenes such as smart home, smart transportation, smart health, smart grids, and smart energy. It also brings a series of new Cybersecurity challenges. We envision that many new research and innovation opportunities will emerge in the conjunction of Cybersecurity + edge computing + IoT + AI”. In this article, we will discuss the major new Cybersecurity challenges and the related opportunities in such a vision.
Cybersecurity Challenges and Opportunities in the New “Edge
Computing + IoT” World
Jianli Pan
University of Missouri, St. Louis
Saint Louis, Missouri
pan@umsl.edu
Zhicheng Yang
University of California, Davis
Davis, California
zcyang@ucdavis.edu
ABSTRACT
The paradigm shift to the Internet of Things (IoT) and the emer-
gence of the edge computing concept have brought huge potentials
for various future IoT application scenes such as smart home, smart
transportation, smart health, smart grids, and smart energy. It also
brings a series of new Cybersecurity challenges. We envision that
many new research and innovation opportunities will emerge in
the conjunction of “Cybersecurity + edge computing + IoT + AI”. In
this article, we will discuss the major new Cybersecurity challenges
and the related opportunities in such a vision.
CCS CONCEPTS
Security and privacy Network security
;
Networks
Network architectures;
KEYWORDS
Cybersecurity, Edge computing, Internet of Things, IoT, Blockchain,
Articial Intelligence, Deep Learning
ACM Reference Format:
Jianli Pan and Zhicheng Yang. 2018. Cybersecurity Challenges and Oppor-
tunities in the New “Edge Computing + IoT” World. In SDN-NFV Sec’18:
2018 ACM International Workshop on Security in Software Dened Networks
& Network Function Virtualization, March 2018, Tempe, AZ, USA. ACM, New
York, NY, USA, Article 4, 4 pages. https://doi.org/10.1145/3180465.3180470
1 INTRODUCTION
The data processing and service provisioning in the current Internet
is generally a centralized structure in which most of the data are col-
lected and sent to a small number of remote datacenters with rich
resources in storage, processing, and networking. Such a traditional
cloud computing architecture succeeded in lowering the users’ cost,
creating on-demand pay-as-you-go service, enabling scalable and
Corresponding author Dr. J. Pan is with the Department of Mathematics and Com-
puter Science in University of Missouri-St. Louis, St. Louis, MO 63121, USA. (Email:
pan@umsl.edu)
Mr. Z. Yang is with the Computer Science Department of University of California,
Davis, CA 95616, USA.
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for prot or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than ACM
must be honored. Abstracting with credit is permitted. To copy otherwise, or republish,
to post on servers or to redistribute to lists, requires prior specic permission and/or a
fee. Request permissions from permissions@acm.org.
SDN-NFV Sec’18, March 2018, Tempe, AZ, USA
©2018 Association for Computing Machinery.
ACM ISBN 978-1-4503-5635-0/18/03. . . $15.00
https://doi.org/10.1145/3180465.3180470
elastic services, and facilitating big-data analytics. However, such
a centralized data model is not sustainable when the Internet is
experiencing a signicant paradigm shift to the Internet of Things
(IoT). The IoT trend generally means that massive number of mobile
and wireless devices, which are mostly located at the bottom of the
Internet hierarchy, will be connected and could generate a huge
amount of data in a very high speed. This trend could potentially
turn the Internet data ow upside-down. It is simply impossible
or infeasible to collect all the data to the remote datacenters and
wait for the results to be sent back to the edge after big-data pro-
cessing. Two factors will essentially prohibit it. The rst factor is
the volume and its velocity of accumulation of the generated data
by the IoT devices. Local data storage and processing is inevitable.
The second factor is the low latency or fast response requirement
from many future IoT applications such as Virtual Reality (VR),
Augmented Reality (AR), and autonomous vehicles that involve
Articial Intelligence (AI) function to make faster decisions.
As the result of these trends, it is widely believed that more
computation, storage and networking resources will be situated at
the edge of the networks and be closer to users and the IoT devices
where data are generated. This is also called “edge computing”, fog
computing or mobile edge computing (MEC) in dierent literature.
The integration of edge computing and IoT would signicantly
reduce data trac especially in backbone Internet, provide in-situ
data intelligence, reduce latency and improve the response speed.
Such a paradigm would especially benet various emerging IoT
applications such as smart home, smart transportation, smart health,
smart grids, and smart energy. However, such an emerging “edge
computing + IoT” trend is also bringing Cybersecurity challenges
from dierent aspects.
2 CYBERSECURITY CHALLENGES
In this section, we will identify ve of new challenges that come
with the integration of edge computing and IoT, and briey discuss
their major security implications and impacts.
2.1 Challenge #1: Massive Numbers of
Vulnerable IoT Devices
In the future IoT world, massive number of resource-poor IoT de-
vices could be much more vulnerable to all kinds of malicious
attacks due to their lack of computation, storage, and battery re-
sources in providing better security. Such vulnerabilities could lead
to large-scale security breaches and cause large amount of economic
losses [
2
,
9
]. The IoT devices tend to have limited capability to run
standard encryption, authentication, and access control algorithms.
SDN-NFV Sec’18, March 2018, Tempe, AZ, USA J. Pan et al.
They are also more fragile facing the targeted Denial of Service
(DoS) availability attacks. Some possible examples of the attacks
targeting at the IoT devices include: (1) physically tampering and
stealing data, codes and keys; (2) identity forging that compromises
data integrity; (3) eavesdropping through shared wireless channels;
(4) fake nodes maliciously jamming the links between IoT devices
and the edge nodes. It is possible that the edge computing platform
could play an important role in assisting the IoT devices, coordinat-
ing with the security functions, and even detecting and protecting
against malicious external attacks. However, the edge computing
concept is relatively new and its many security implications are
still not well understood comparing with the traditional centralized
cloud computing.
2.2 Challenge #2: NFV-SDN Integrated Edge
Cloud Platform
Network Function Virtualization (NFV) and Software Dened Net-
working (SDN) are two emerging technologies that can be comple-
mentary with each other to enable a virtualized and shared edge
cloud platform. Using NFV, the edge cloud can dynamically launch
Virtual Machines (VMs) to perform application-specic computing
or to provide security-related such as rewall VMs or intrusion
detection application protections. SDN, with the embedded sepa-
ration of the control and data forwarding, can be adopted to work
with NFV to network, congure, control, and manage the VMs.
Coherent integration of NFV and SDN could potentially enable an
agile edge cloud platform with easy conguration and management
for future IoT applications [
11
]. However, the downside is that both
NFV and SDN are developing and evolving respectively, and many
Cybersecurity challenges are yet to be solved for each of them,
not to mention that additional security risks and problems could
emerge due to the integration of them. For example, it is still an
open issue for SDN to prevent DoS attack, spoong attack, and
malicious injection attack in a virtualized environment [
1
]. Also,
for NFV, security risks broadly exist with the hypervisor in isolating
Virtualized Network Functions (VNF) and managing virtualized
network topology, in VNFs migrating across domain boundaries,
and in preventing DoS attack and malicious insider attack [5].
2.3 Challenge #3: Data Privacy and Security
Much larger number of IoT devices that are connected to the Inter-
net will also generate large amount of data at a very high speed.
Since it is infeasible to store all the data in centralized places for
processing as what happened in the current cloud computing model,
these data will have to be stored and processed at many decentral-
ized edge computing nodes or edge clouds. The data privacy and
security handling will also be dierent. On the one hand, it may
be desirable for the application users (such as medical or health
IoT application users) who want to possess, store, and fully con-
trol their own data instead of putting them on the hands of cloud
providers where they cannot have full control and cannot guaran-
tee the cloud providers will not use their data or use the data in
a both agreed way. On the other hand, however, it is often than
not these decentralized edge clouds are more susceptible to and
hence less well defended against various data breaching attempts,
DoS attacks, and even physical tampering. Much more research is
needed to provide data privacy and security from multiple layers
(including perception layer, transport layer, and application layer)
and from multiple aspects (including physical security, information
security, and management security). How to make data privacy and
security better protected in a much decentralized edge computing
environment is still an open and challenging problem.
2.4 Challenge #4: Oloading and Interaction
Between Edge and IoT Devices
One of the traits of the open edge cloud era [
11
,
12
] is that it will
be very common for the resource-poor IoT devices to ooad tasks
to the resource-rich edge computing platform for fast processing.
The IoT devices could also help each other with dierent tasks
depending on their resource availability and the incentive policy.
Such tasks ooading and collaboration could also bring additional
security concerns. The rst one is about software security. The
task codes need to be written and built in a way that they can be
dynamically scheduled to execute on dierent systems such as the
edge computing and IoT devices. Cross-platform code migration
and dynamic scheduling could also be a challenging task that needs
secure APIs or interfaces. Second, the orchestrator of the edge
cloud is also required to coordinate the interaction between the
mobile/wireless IoT devices and edge cloud entities such as VMs, to
provide sucient resources from the edge cloud side. Appropriate
access control mechanism is needed to protect the moving codes
between the edge cloud and IoT devices from malicious attacks.
In addition, the communication links between the IoT devices and
the edge cloud are mostly wireless and mobile links. All the wire-
less/mobile network related security concerns also exist here. For
example, appropriate encryption is needed for all the communica-
tions over these wireless links. However, because of the IoT devices
are mostly resource-poor, it is important to nd some ecient but
lightweighted methods for authentication, encryption, and access
control. The resource-rich edge cloud can help facilitate these IoT
security functions.
2.5 Challenge #5: Trust and Trustworthiness
Trust is a particularly important issue in the “edge computing +
IoT” world. The IoT devices are generally with limited resources
and unique communication mode (from IoT devices to the edge
cloud), which makes them more vulnerable to malicious attacks.
Moreover, when some of such nodes are compromised and become
malicious, the system need to be able to identify and detect them.
Relying on password mechanisms or encryption algorithm is not
sucient. Trust is usually implemented in digital signature tech-
nology through certication. Currently, the certication is mostly
a human-centered process and any changes to a deployment could
trigger recertication which is very costly and time-consuming.
Automated certication is much desirable but there is a long way to
go yet. Between the edge cloud and the IoT devices, and among the
IoT devices, it is an important security concern of how much trust
they can put on each other when they exchange data and work with
each other. The key to create such trust is somewhat visibility and
transparency, and auditability of the transactions. In a relatively
complex NFV/SDN enabled edge cloud environment with various
hardware and software components, and dealing with various IoT
Cybersecurity Challenges and Opportunities in the New “Edge Computing + IoT” World SDN-NFV Sec’18, March 2018, Tempe, AZ, USA
devices, it is important to create a systematic and eective trust
and trust management system to enable better trustworthiness and
security among involved entities. Recent development in Trusted
Platform Module (TPM) [
7
] made an attempt to enable new levels
of trust to cloud computing.
3 CYBERSECURITY OPPORTUNITIES
Due to the emergence of a series of technologies such as Blockchain,
Articial Intelligence (AI) and Machine Learning (ML), we envision
that some new research and innovation opportunities will emerge
in the conjunction of “Cybersecurity + edge computing + IoT + AI”.
In this section, we will discuss the major challenges and the related
new opportunities in such a vision.
3.1 Opportunity #1: Blockchain and Zero-trust
Security
Blockchain technology recently attracts broad attention from both
industry and academia. It is deemed as a technology that could
potentially change not only how people use currencies (Bitcoin
or other cryptocurrencies) but also how to deal with all kinds of
transactions with people, organizations and entities whom they
do not trust. Blockchain uses a distributed ledger that is shared
among all the users. The ledger records all the transactions that
can be created, shared, and validated by other participants of the
blockchain through a distributed network of computers. The trans-
actions are highly transparent and accessible by all the participating
parties. The structure of Blockchain makes it almost impossible to
maliciously tamper the recorded transactions.
Due to these features, it has been widely believed that blockchain
could have considerable potentials to allow organizations to build
their own Cybersecurity systems for logging transactions, messag-
ing, user authentications, identity and access control management.
A typical example is that DARPA recently tried to call for proposals
to build a blockchain based secure messaging system for battle-
eld usage [
3
]. In the “edge computing + IoT” context,
private
blockchains
could be built to enable smart contracts that allow to
redene the transactions and interaction among entities without
pre-dened trust relationship.
Zero-trust security also becomes possible due to the blockchain’s
feature of enabling a trustless environment. Old security models
often use a perimeter-based security strategy that trusts entities
inside their own networks which is vulnerable to inside attacks. A
zero-trust framework [
10
] usually means that the participants
by
default never trust each other and always verify
the identities
of each other. Such a method would make the attackers that have
compromised an internal endpoint dicult to move laterally toward
the targets with sensitive data or content. Moreover, it would ensure
data access and resource usage secure and auditable. Access control
could also be applied more strictly. Potentially a new zero-trust
framework utilizing blockchain could be very useful to build a more
secure “edge computing + IoT” environment.
3.2 Opportunity #2: AI and Machine Learning
The revival of AI and machine learning (deep learning particularly)
technologies have experienced signicant developments over the
last a couple of years, especially with the success of AlphaGo and
autonomous driving applications. These technologies work best
and produce best predictive results when there are a large size of
data available for model construction and parameters tuning. In the
new “edge computing + IoT” environment, there are also plenty of
scenarios that AI and machine learning technologies could be used
in predicting and making intelligent decisions in order to optimize
many dierent things such as resource usage and access scheduling.
From the Cybersecurity perspective, it is also a tremendous oppor-
tunity to apply AI and machine learning into “edge computing +
IoT” to better analyze dierent cyber behaviors, identify potential
threats and vulnerabilities for repairing or patching, and detect ma-
licious attacks. For example, with sucient collected data and the
deducted pattern, the deep learning technology could be able to tell
or predict whether a specic user’s behavior or action is suspicious
and match a specic type of attack attempts targeting at sensitive
data, or whether the user is actually the person that perform those
operations. Such an additional high-level function could provide
any organization with another level of defense against potential
malicious attacks and identify potential misuses.
Empowered by AI and machine learning technologies, it is also
possible to deploy a dedicated
automatic robot
that silently scan
and check the organization’s environment and activities to see if
there are any potential threats, vulnerabilities, or malicious activi-
ties going on. It will also identify and detect any misuses and send
out reminders. On behalf of the human adminstrators, they could
also potentially take prompt actions to respond to some specic
threats. With sucient past data and construction of a well-trained
model, such robots would be very helpful and useful for Cyberse-
curity.
3.3 Opportunity #3: Lightweight IoT Security
Ubiquitous IoT devices are generally more susceptible to attacks
due to limited resources and less network protection. Thus, we need
a certain degree of protection against potential attacks. In most
cases, we can only look for lightweight methods and algorithms to
nd a balance between security and power consumption on the de-
vices. Such lightweight algorithms can exist for authentication [
6
],
encryption [
14
], access control and key exchanges [
13
]. A typical
example of such a lightweight authentication mechanism is for the
802.11ah or “WiFi HaLow” for low-rate and long-range IoT applica-
tions, in which the base station and the IoT devices work together
with a much simpler and lightweight authentication mechanism.
Since the lightweight solutions are usually not as powerful as the
normal ones, it is necessary to make sure that during real usage they
could meet the specic requirements of the applications. Potentially
a ner granularity categorizing method is needed to dierentiate
various levels of requirements in computing complexity and secu-
rity. By doing this, various lightweight IoT security methods with
dierent levels of complexity could satisfy the specic requirements
better. Much research is still needed in this regard, especially for
the emerging “edge computing + IoT” environment.
3.4 Opportunity #4: Deception Based Cyber
Defense
Most of the traditional cyber defense mechanisms such as encryp-
tion, authentication and access control are passive defense which
SDN-NFV Sec’18, March 2018, Tempe, AZ, USA J. Pan et al.
means that they are not actively seeking attackers but trying to
make it more dicult for the attackers to break in. Deception based
defense is one of the
active cyber defense
techniques that are
used to enhance cyber defense capabilities of a specic organization.
Typical example methods include address hopping, honeypots and
network telescopes. Deception and some continuous unpredictable
changes in network congurations could potentially perplex and
confuse the attackers, or lure them toward some pre-deployed hon-
eypot traps [
4
]. Deception based technique can also generate a large
number of fake credentials on the organization’s network which
makes the cyber attackers dicult to gain access to the systems
as a set of legitimate user identities. If the attackers use these fake
credentials, they will be detected and monitored by security admin-
istrators. Once they are logged and tracked, the attackers’ activity
traces and records would be further analyzed to understand how
they attacked the target system and the general patterns they have
used. These knowledge are very useful in fortifying the defense of
the organization’s networks. The honeypot traps are usually physi-
cal or virtual machines that pretend to be the actual devices while
under close monitoring and logging by the security administrators.
They aim to mislead the attackers to take actions in the defenders’
favor or simply waste time and resource on false targets. However,
this is not a one-ways street in the sense that the attackers some-
times can also try to avoid being detected by using dierent types
of methods ranging from a suspicious one to a seemingly normal
one. It is expected that deception based cyber defense techniques
could play a more important role in keeping the large-scale “edge
computing +IoT” systems more secure.
3.5 Opportunity #5: Isolated IoT Identity and
Naming Systems Other Than IP
Almost all the current Internet devices are based on IP (IPv4 or
IPv6). It brings huge convenience in terms of inter-connectivity
by enabling devices to communicate with each other and to get
contents and services. Such rich inter-connectivity also makes the
administrators’ live much easier through remote conguration or
management. However, the drawback is that it essentially expose
all the systems including those critical industrial control systems
such smart grids to a dangerous position because potential hackers
could also get access to them if stealing some simple credentials
and pretending to be legitimate users. Traditional rewalls can
lter some trac but they mostly use a perimeter-based security
method and the rewall ltering is usually based on arbitrary IP
addresses. It cannot prevent the inside attacks either. To tackle this
security challenge, an isolated new identity and naming system
dierent from IP can be useful to separate the IoT devices from the
outside world. A typical example is the host identiers that were
used in the Host Identity Protocol (HIP) [
8
] can be used for the IoT
devices as a separate identity and naming system other than the
IP addresses. With such an overlay identity and naming system,
the connection to the IoT devices will require to use host identities
instead of IP addresses. Before two entities could talk to each other,
they need to create a binding to share cryptographic keys. This
would prevent the outside world to be able to directly access critical
IoT devices and systems without passing strict security procedures.
Similarly, in the future “edge computing +IoT” world, especially
for those resource-poor IoT devices in critical systems that need
additional protection, an isolated and secure identity and naming
system other than IP would be very useful. We envision that there
will be quite some research opportunities in this regards.
4 CONCLUSIONS
The paradigm shift to the Internet of Things (IoT) and the emer-
gence of edge computing is bringing signicant benets for many
future IoT applications. It also brings signicant Cybersecurity chal-
lenges. In this article, we identied and discussed ve Cybersecurity
challenges and ve emerging Cybersecurity opportunities related
to this vision. Among these opportunities, creating some synergy
between the “edge computing +IoT” platform and the emerging
blockchain and AI technologies could potentially generate many
useful impacts.
ACKNOWLEDGMENTS
The authors would like to thank Dr. Hongxin Hu and other work-
shop organizers of the SDN-NFV Sec’18. The work is supported
by the National Security Agency (NSA) under grant No.: H98230-
17-1-0393 and H98230-17-1-0352, and by a research grant from
University of Missouri System Research Board (UMRB).
REFERENCES
[1]
Adnan Akhunzada, Ejaz Ahmed, Abdullah Gani, Muhammad Khurram Khan,
Muhammad Imran, and Sghaier Guizani. 2015. Securing software dened net-
works: taxonomy, requirements, and open issues. IEEE Communications Magazine
53, 4 (2015), 36–44.
[2]
Sucuri Blog. 2016. Large CCTV Botnet Leveraged in DDoS At-
tacks. (2016). available at: https://blog.sucuri.net/2016/06/
large-cctv- botnet-leveraged- ddos-attacks.html.
[3]
Stan Higgins. 2016. DARPA Seeks Blockchain Messaging System for
Battleeld Use. (2016). available at: https://www.coindesk.com/
darpa-seeks- blockchain-messaging- system-for- battleeld-back- oce-use/.
[4]
Quang Duy La, Tony QS Quek, Jemin Lee, Shi Jin, and Hongbo Zhu. 2016. De-
ceptive attack and defense game in honeypot-enabled networks for the internet
of things. IEEE Internet of Things Journal 3, 6 (2016), 1025–1035.
[5]
Shankar Lal, Tarik Taleb, and Ashutosh Dutta. 2017. NF V: Security threats and
best practices. IEEE Communications Magazine 55, 8 (2017), 211–217.
[6]
Jun-Ya Lee, Wei-Cheng Lin, and Yu-Hung Huang. 2014. A lightweight authenti-
cation protocol for internet of things. In Next-Generation Electronics (ISNE), 2014
International Symposium on. IEEE, 1–2.
[7]
Thomas Morris. 2011. Trusted platform module. In Encyclopedia of cryptography
and security. Springer, 1332–1335.
[8]
Robert Moskowitz, Pekka Nikander, Petri Jokela, and Thomas Henderson. 2008.
Host identity protocol. IETF RFC 5201. available at: https://www.rfc-editor.org/
rfc/rfc5201.txt.
[9]
Motherboard. 2016. How 1.5 Million Connected Cameras Were Hijacked to Make
an Unprecedented Botnet. (2016). available at: https://motherboard.vice.com/
en_us/article/8q8dab/15-million- connected-cameras- ddos-botnet- brian-krebs.
[10]
Palo Alto Networks. 2016. Whitepaper: Getting Started with a Zero
Trust Approach to Network Security. (2016). available at: https:
//www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=
/content/pan/en_US/resources/whitepapers/zero-trust- network-security.
[11]
Jianli Pan, Lin Ma, Ravishankar Ravindran, and Peyman TalebiFard. 2016. Home-
Cloud: An edge cloud framework and testbed for new application delivery. In
Telecommunications (ICT), 2016 23rd International Conference on. IEEE, 1–6.
[12]
Jianli Pan and James McElhannon. 2017. Future edge cloud and edge computing
for internet of things applications. IEEE Internet of Things Journal (2017).
[13]
Shahid Raza, Thiemo Voigt, and Vilhelm Jutvik. 2012. Lightweight IKEv2: a
key management solution for both the compressed IPsec and the IEEE 802.15.
4 security. In Proceedings of the IETF workshop on smart object security, Vol. 23.
Citeseer.
[14]
Xuanxia Yao, Zhi Chen, and Ye Tian. 2015. A lightweight attribute-based encryp-
tion scheme for the Internet of Things. Future Generation Computer Systems 49
(2015), 104–112.
... There are also a host of emerging cyber-security threats. Authors of [28] intend to develop a number of new opportunities for research and innovation along with "Cyber Security + Edge Computing + IoT + AI." In this article, [28] authors have talk about the big new threats to cyber security and the relevant opportunities in this vision. ...
... Authors of [28] intend to develop a number of new opportunities for research and innovation along with "Cyber Security + Edge Computing + IoT + AI." In this article, [28] authors have talk about the big new threats to cyber security and the relevant opportunities in this vision. The aim of, [29] is to define and analyse the technical issues involved and to review recent developments, identify potential solutions and propose new directions for study. ...
Article
Full-text available
AI in Cybersecurity Market scheme helps organizations in observance, detecting, reporting, and countering cyber threats to keep up information confidentiality. The increasing awareness among folks, advancements in info technology, up-gradation of intelligence and police work solutions, and increasing volume of knowledge gathered from numerous sources have demanded the utilization of reliable and improved cybersecurity solutions all told industries. The increase in the incidence and quality of cyber-attacks is driving AI-enabled cyber systems. Increasing incidents of huge cyber-attacks globally have created awareness among organizations for securing their information. The motive behind these cyber-criminals are political competition, competitors move for gain and harming the name of others, international information theft, and radical non-secular cluster interest. Most cyber-attacks are for gain. In this review we have presented some previous studies related to Cybersecurity which involves AI.
... Wacks' piece concludes by highlighting how important home automation is for controlling the electrical demand, and how smart gadgets should be constructed accordingly. This 1991 paper addresses the key principles that led to smart homes and intelligent grids today (Ye et al., 2005;Firouzi et al., 2017;Pan and Yang, 2018;Shahab et al., 2021). ...
Article
Full-text available
The purpose of this research is to provide power grid energy efficiency solutions. In this paper, a comprehensive review and its optimal solution is proposed considering the various challenges of smart grid demand-side management. The main technique is based on a novel idea in the Smart Grid-demand response optimization which enables autonomous energy management on the demand side for a wide variety of customers. The first section of this research examines the smart grid issue and evaluates the state-of-the-art load management techniques in terms of the work's scope. The demand-side load management architecture consists of three primary levels, two of them in line planning and low-cost scheduling, while the third layer, demand response which is a significant expansion of this domain. The implementation of the proposed architecture in MATLAB/Simulink, with test results. demonstrating the significance of the proposed solution
... iv. C35-Prevention mechanisms: represents the adoption of the robot to identify and detect any misuses and send out reminders. (Pan & Yang, 2018). ...
Article
Full-text available
Purpose: Although the decision to adopt Industry 4.0 is commonly strategical, the selection and implementation of technology are the responsibilities of the tactical level management. The tactical level management will also directly experience the impact of adopting the technology towards the organizational performances in their functional areas. The comparative survey study aims to measure the tactical level management’s sense of urgency of the nine pillars in three plants of a single manufacturing organization. Design/methodology/approach: The research methodology starts with a literature review to collect the criteria appertaining to the pillars. Based on the 95 constituting criteria, the second step prepares and conducts a questionnaire survey with 32 participants on three sister plants. Next, rough BWM-CRITIC-TOPSIS ranks these plants at the pillar and criteria levels. The ranking method integrates Best-Worst Method (BWM), Criteria Importance Through Intercriteria Correlation (CRITIC), and technique for order performance by similarity to ideal solution (TOPSIS). The top management discussed and rendered insights into the results. Findings: Results show that the high-mix and labor-intensive plant (Plant 1) has the highest urgency, whereas the largely automated plant (Plant 3) has the lowest urgency to adopt the nine pillars. The findings provide empirical evidence of the effect of the recent Industry 4.0 awareness programs in Plant 1 and advanced infrastructure would lead to organization inertia (Plant 3) to aggressively pursue technological change. The most urgent pillar is cybersecurity, and the least urgent pillar is additive manufacturing (AM), outlining the concern over cyber threats when product information is increasingly integrated into the supply chain and technology immaturity of AM in production. Research limitations/implications: A limitation of this study is that the comparative survey only focused on three plants and the tactical level management of an organization. Originality/value: This study contributes to the knowledge of Industry 4.0 readiness by being the first to show different levels in the sense of urgency of the tactical level managements on the relevant technologies, which potentially affect the direction and the pace of Industry 4.0 adoption.
Chapter
Last few decades, technology has changed the way we communicate, live, work, and do business. Especially, technology helps businesses to become more profitable by enhancing performance and decisions, improving communications among stakeholders, and reducing costs. It also facilitates businesses to expand worldwide and become accessible to everyone everywhere. Moreover, technological attachment affects business culture, efficiency, and relations across industries. Furthermore, technology adaptation makes business faster, easier, and smarter. Importantly, technology may contribute to both—the data security of own businesses, and threats to the data security of others’ businesses. No matter how the size of a company is—technology has had inevitable effects on business operations. Hence, it can be concluded that new business models, technology, and cybersecurity are closely interconnected. Keeping that in view, this chapter explains the interrelations among business models, technology adoption, and cybersecurity. The findings of this chapter will enlighten all stakeholders regarding the prospects and problems of some emerging technologies in businesses and the possible way forward.
Article
Cybersecurity is a broadly defined concept comprising security for many different types of elements. Dealing with cybersecurity is a multidimensional problem, and the damage generated by cyberattacks can be very diverse. Reports about cybersecurity show recurrent problems, or increasing on their frequency of appearance, with no clear approach for solving them. Existing models deal with cybersecurity in several different but general ways, and results are not better. Consequently, managing cybersecurity deserves consideration of a new approach. Our approach is based on the nature of security. Security services are modeled around three basic security concepts, namely isolation, interaction, and representation. With these three concepts, a cybersecurity development starts with security objectives for overcoming the cybersecurity challenges, and also has a security representation to achieve integral and comprehensive security results. We propose an architecture-based security conceptual framework having three components, namely a system representation model kind, a security representation model kind, and a security process model kind, to accomplish the security process for a system. The security process is fully guided and supported with security objectives from the beginning to the end. The framework proposes several models, based on data structures for representing the system, the security, and the process itself. The models are scalable to represent systems of any size, from tiny to huge technology infrastructures, and with support for automation of the security process. The scope of the framework is the security of IT systems and cybersecurity, including information, software, virtual resources, hardware, IT devices, money, people, and other related physical objects being represented digitally. The framework was developed while creating a university cloud infrastructure, and consolidated while supporting the security of several national wide software and infrastructure applications for digital signature in Costa Rica. We aim to provide a new and innovative way for doing cybersecurity, by directly targeting the actual security requirements; with a simple, systemic, structured and potentially automated security process, and for achieving integral and comprehensive security solutions.
Article
Full-text available
Today, our environment and the objects therein are equipped with an increasing number of devices such as cameras, sensors, and actuators, which all together produce a huge amount of data. Furthermore, we observe that citizens generate data via social media applications running on their personal devices. Smart cities and societies are seeking for ways to exploit these vast amounts of data. In this paper, we argue that to take full advantage of these data, it is necessary to set up data governance properly, which includes defining, assigning, and allocating responsibilities. A proper setting up of data governance appears to be a challenging task since the data may be used irresponsibly, thoughtlessly and maliciously, resulting in many (un)wanted side effects such as violation of rules and regulations, human rights, ethical principles as well as privacy and security requirements. We elaborate on the key functionalities that should be included in the governance of a data ecosystem within smart cites, namely provisioning the required data quality and establishing trust, as well as a few organizational aspects that are necessary to support such a data governance. Realizing these data governance functionalities, among others, asks for making trade-offs among contending values. We provide a few solution directions for realizing these data governance functionalities and making trade-offs among them.
Chapter
The essence of blockchain is a decentralized distributed ledger system; the IoT is formed by accessing and interconnecting a large number of heterogeneous terminals and has a natural distributed feature. Therefore, the combination of the two IoT blockchains is widely optimistic. At the same time, due to the heterogeneity of IoT sensing terminals, limited computing storage, and data transmission capabilities, the IoT blockchain is facing greater challenges, among which cryptographic consensus technology has become a key issue. In this chapter, based on the summary of the current blockchain consensus algorithm, applicability to the IoT-blockchain has been analyzed, the application status of several major IoT-blockchain platforms and consensus mechanisms have been introduced, and also the IoT-blockchain research progress on optimization of consensus mechanism has been expounded. Looking forward to the optimization techniques of the IoT blockchain, potential research directions have been summarized.
Article
In response to weaknesses of current network security solutions, the zero-trust model follows the idea that no network – whether internal or external – is trustworthy. The concept of zero-trust is enjoying increasing attention in both research and practice due to its promise to fulfil complex new network security requirements. Despite zero-trust's advantages over traditional solutions, it has not yet succeeded in replacing existing approaches. Uncertainty remains regarding the concept's distinct benefits and drawbacks for organisations and individuals, which hinders a holistic understanding of zero-trust and wide-spread adoption. Research can make valuable contributions to the field by systematically providing new insights into zero-trust. To support researchers in this endeavour, we aim to consolidate the current state of the knowledge about zero-trust and to identify gaps in the literature. Thus, we conduct a multivocal literature review, analysing both academic and practice-oriented publications. We develop a research framework for zero-trust to structure the identified literature and to highlight future research avenues. Our results show that the academic literature has focused mainly on the architecture and performance improvements of zero-trust. In contrast, the practice-oriented literature has focused on organisational advantages of zero-trust and on potential migration strategies. However, economic analyses and user-related studies have been neglected by both academia and practice. Future research may rely on our findings to advance the field in meaningful ways.
Article
Full-text available
The concepts brought by Industry 4.0 have been explored and gradually applied.The cybersecurity impacts on the progress of Industry 4.0 implementations and their interactions with other technologies require constant surveillance, and it is important to forecast cybersecurity-related challenges and trends to prevent and mitigate these impacts. The contributions of this paper are as follows: (1) it presents the results of a systematic review of industry 4.0 regarding attacks, vulnerabilities and defense strategies, (2) it details and classifies the attacks, vulnerabilities and defenses mechanisms, and (3) it presents a discussion of recent challenges and trends regarding cybersecurity-related areas for Industry 4.0. From the systematic review, regarding the attacks, the results show that most attacks are carried out on the network layer, where dos-related and mitm attacks are the most prevalent ones. Regarding vulnerabilities, security flaws in services and source code, and incorrect validations in authentication procedures are highlighted. These are vulnerabilities that can be exploited by dos attacks and buffer overflows in industrial devices and networks. Regarding defense strategies, Blockchain is presented as one of the most relevant technologies under study in terms of defense mechanisms, thanks to its ability to be used in a variety of solutions, from Intrusion Detection Systems to the prevention of Distributed dos attacks, and most defense strategies are presented as an after-attack solution or prevention, in the sense that the defense mechanisms are only placed or thought, only after the harm has been done, and not as a mitigation strategy to prevent the cyberattack. Concerning challenges and trends, the review shows that digital sovereignty, cyber sovereignty, and data sovereignty are recent topics being explored by researchers within the Industry 4.0 scope, and GAIA-X and International Data Spaces are recent initiatives regarding data sovereignty. A discussion of trends is provided, and future challenges are pointed out.
Article
Full-text available
The Internet is evolving rapidly toward the future Internet of Things (IoT) which will potentially connect billions or even trillions of edge devices which could generate huge amount of data at a very high speed and some of the applications may require very low latency. The traditional cloud infrastructure will run into a series of difficulties due to centralized computation, storage, and networking in a small number of datacenters, and due to the relative long distance between the edge devices and the remote datacenters. To tackle this challenge, edge cloud and edge computing seem to be a promising possibility which provides resources closer to the resource-poor edge IoT devices and potentially can nurture a new IoT innovation ecosystem. Such prospect is enabled by a series of emerging technologies including Network Function Virtualization (NFV) and Software Defined Networking (SDN). In this survey paper, we investigate the key rationale, the state-of-the-art efforts, the key enabling technologies and research topics, and typical IoT applications benefiting from edge cloud. We aim to draw an overall picture of both ongoing research efforts and future possible research directions through comprehensive discussions.
Conference Paper
Full-text available
Conventional centralized cloud computing is a success for benefits such as on-demand, elasticity, and high co location of data and computation. However, the paradigm shift towards “Internet of things” (IoT) will pose some unavoidable challenges: (1) massive data volume impossible for centralized data centers to handle; (2) high latency between edge “things” and centralized data centers; (3) monopoly, inhibition of innovations, and non-portable applications due to the proprietary application delivery in centralized cloud. The emergence of edge cloud gives hope to address these challenges. In this paper, we propose a new framework called “HomeCloud” focusing on an open and efficient new application delivery in edge cloud integrating two complementary technologies: Network Function Virtualization (NFV) and Software-Defined Networking (SDN). We also present a preliminary proof-of-concept testbed demonstrating the whole process of delivering a simple multiparty chatting application in the edge cloud. In the future, the HomeCloud framework can be further extended to support other use cases that demand portability, cost-efficiency, scalability, flexibility, and manageability. To the best of our knowledge, this framework is the first effort aiming at facilitating new application delivery in such a new edge cloud context.
Article
Full-text available
In modern days, breakthroughs in information and communications technologies lead to more and more devices of every imaginable type being connected to the Internet. This also strengthens the need for protection against cyber-attacks, as virtually any devices with a wireless connection could be vulnerable to malicious hacking attempts. Meanwhile, honeypot-based deception mechanism has been considered as one of the methods to ensure security for modern networks in the Internet of Things (IoT). In this paper, we address the problem of defending against attacks in honeypot-enabled networks by looking at a game-theoretic model of deception involving an attacker and a defender. The attacker may try to deceive the defender by employing different types of attacks ranging from a suspicious to a seemingly normal activity, while the defender in turn can make use of honeypots as a tool of deception to trap attackers. The problem is modeled as a Bayesian game of incomplete information, where equilibria are identified for both the one-shot game and the repeated game versions. Our results show that there is a threshold for the frequency of active attackers, above which both players will take deceptive actions and below which the defender can mix up his/her strategy while keeping the attacker's success rate low.
Article
Full-text available
The emergence of Software Defined Networks (SDNs) promises to dramatically simplify network management and enable innovation through network programmability. Despite all the hype surrounded by the SDNs, exploiting its full potential is demanding. Security is still being the key concern and is an equally striking challenge that reduces the growth of SDNs. Moreover, the deployment of novel entities and the introduction of several architectural components of SDNs pose new security threats and vulnerabilities. Besides, the landscape of digital threats and cyber-attacks is evolving tremendously while considering SDNs as a potential target to have even more devastating effects than using simple networks. Security is not considered as part of the initial SDN design; therefore, it must be raised on the agenda. The paper discusses the state-of-the-art security solutions proposed to secure SDNs. We classify the security solutions in the literature by presenting a thematic taxonomy based on SDN layers/interfaces, security measures, simulation environments, and security objectives. Moreover, the paper points out the possible attacks and threat vectors targeting different layers/interfaces of the SDNs. The potential requirements and their key enablers for securing SDNs are also identified and presented. Besides, the paper gives great guidance for secure and dependable SDNs. Finally, we discuss open issues and challenges of SDN security that may deem appropriate to be tackled by researchers and professionals in the future.
Article
Network function virtualization (NFV) yields numerous benefits, particularly the possibility of a cost-efficient transition of telco hardware functionalities on the software platform to break the vendor lock-in problem. These benefits come at the price of some security flaws. Indeed, with NFV, virtual mobile networks become vulnerable to a number of security threats. These threats can be leveraged using some available mitigation techniques and also through other emerging solutions. This article presents critical security threats that exist in the NFV infrastructure, proposes best security practices to protect against them.
Conference Paper
The Internet of Things (IoT) refers to uniquely identifiable objects (things) which can interact with other objects through the global infrastructure of wireless/wired Internet. The communication technique among a large number of resource-constrained devices that generate large volumes of data has an impact on the security and privacy of the involved objects. In this paper, we propose an encryption method based on XOR manipulation, instead of complex encryption such as using the hash function, for anti-counterfeiting and privacy protection. The enhancement of the security is described and hardware design methodology is also demonstrated.
Article
Internet of Things (IoT) is an emerging network paradigm, which realizes the interconnections among the ubiquitous things and is the foundation of smart society. Since IoT are always related to user’s daily life or work, the privacy and security are of great importance. The pervasive, complex and heterogeneous properties of IoT make its security issues very challenging. In addition, the large number of resources-constraint nodes makes a rigid lightweight requirement for IoT security mechanisms. Presently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission, storage and sharing in the distributed environment such as IoT. However, the existing ABE schemes are based on expensive bilinear pairing, which make them not suitable for the resources-constraint IoT applications. In this paper, a lightweight no-pairing ABE scheme based on elliptic curve cryptography (ECC) is proposed to address the security and privacy issues in IoT. The security of the proposed scheme is based on the ECDDH assumption instead of bilinear Diffie-Hellman assumption, and is proved in the attribute based selective-set model. By uniformly determining the criteria and defining the metrics for measuring the communication overhead and computational overhead, the comparison analyses with the existing ABE schemes are made in detail. The results show that the proposed scheme has improved execution efficiency and low communication costs. In addition, the limitations and the improving directions of it are also discussed in detail.