ArticlePDF Available

Security and Privacy in Smart Cities: Challenges and Opportunities


Abstract and Figures

Smart cities are expected to improve the quality of daily life, promote sustainable development and improve the functionality of urban systems. Now that many smart systems have been implemented, security and privacy issues have become a major challenge that requires effective countermeasures. However, traditional cybersecurity protection strategies cannot be applied directly to these intelligent applications because of the heterogeneity, scalability, and dynamic characteristics of smart cities. Furthermore, it is necessary to be aware of security and privacy threats when designing and implementing new mechanisms or systems. Motivated by these factors, we survey the current situations of smart cities with respect to security and privacy to provide an overview of both the academic and industrial fields and to pave the way for further exploration. Specifically, this survey begins with an overview of smart cities to provide an integrated context for readers. Then, we discuss the privacy and security issues in current smart applications along with the corresponding requirements for building a stable and secure smart city. In the next step, we summarize the existing protection technologies. Finally, we present open research challenges and identify some future research directions.
Content may be subject to copyright.
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Digital Object Identifier 10.1109/ACCESS.2017.DOI
Security and Privacy in Smart Cities:
Challenges and Opportunities
LEI CUI1, 2, (Student Member, IEEE), GANG XIE3, 1, YOUYANG QU2, (Student Member, IEEE),
1College of Electrical and Power Engineering, Taiyuan University of Technology, Taiyuan, China
2School of Information Technology, Deakin University, VIC 3125, Australia
3School of Electronic Information Engineering, Taiyuan University of Science and Technology, Taiyuan, China
This work is partially supported by the Natural Science Foundation of China under project number 61728201.
ABSTRACT Smart cities are expected to improve the quality of daily life, promote sustainable develop-
ment and improve the functionality of urban systems. Now that many smart systems have been implemented,
security and privacy issues have become a major challenge that requires effective countermeasures. How-
ever, traditional cybersecurity protection strategies cannot be applied directly to these intelligent applications
because of the heterogeneity, scalability, and dynamic characteristics of smart cities. Furthermore, it is
necessary to be aware of security and privacy threats when designing and implementing new mechanisms or
systems. Motivated by these factors, we survey the current situations of smart cities with respect to security
and privacy to provide an overview of both the academic and industrial fields and to pave the way for further
exploration. Specifically, this survey begins with an overview of smart cities to provide an integrated context
for readers. Then, we discuss the privacy and security issues in current smart applications along with the
corresponding requirements for building a stable and secure smart city. In the next step, we summarize
the existing protection technologies. Finally, we present open research challenges and identify some future
research directions.
INDEX TERMS Smart city, Internet of things, security, privacy.
IN the past two decades, the concept of “smart city”
has attracted increasing attention in both academic and
industrial fields because of its strong realistic requirement
and practical background in an increasingly urbanized world.
According to the latest United Nations Population Fund,
more than half of the world’s population now lives in urban
areas, and it is predicted that approximately 66 percent of the
world’s population will live in an urban environment by 2050
[1], resulting in excessive burdens to the climate, energy,
environment, and living conditions.
Aiming to mitigate these challenges and improve the well-
being of citizens, create economic development and manage
modern cities in a sustainable and intelligent way, a growing
number of cities worldwide have started to develop their own
smart strategies. In 2017, Cisco announced a one billion dol-
lar investment in smart cities. As the world’s most populous
nation, China alone has more than 200 smart city projects
in progress [2]. Predictably, the infrastructure of a city is
embedded with billions of devices that can be mutually ben-
eficial for the citizens by means of various applications, such
as smart transportation, smart government, smart healthcare,
smart environments, and smart homes.
However, the creation of these smart applications may also
pose numerous security and privacy problems due to the
vulnerabilities commonly existing in each layer of a smart
system. Attacks, such as the unauthorized access, Sybil, and
denial of service (DoS), can degrade the quality of intelligent
services [3]. For example, in 2015, nearly 230 thousand
citizens living in Ukraine suffered a long period of electricity
disconnection because the power grid system was attacked
by hackers [4]. In addition, data over-collection by service
providers and some third parties subjects residents to privacy
threats [5].
Many protection methods (e.g., encryption, biometrics,
anonymity) are widely applied in different application fields.
Unfortunately, these methods are not sufficient for the smart
city environment. The main reason is that most of the sensors
and devices have limited computational power, so only sim-
ple cryptography algorithms can be used directly [6]. These
ineffective measures indirectly pose serious threats to the
whole system. In addition, compared with conventional com-
VOLUME 4, 2016 1
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
TABLE 1: Comparison of related surveys from the perspective of enabling technologies
Reference Cryptography Blockchain Biometrics Machine
Theory Ontology Non-
Gharaibeh et
al. [9] X X 0X0 0 0 0
Eckhoff et al.
[10] X0X0X000
Zhang et al.
[3] X0X00000
Kitchin et al.
[81] X000X0 0 X
Sicari et al.
[7] X0X0X000
This work XXXXXXXX
puting systems, the heterogeneity, scalability and dynamic
characteristics of IoT systems subject smart applications to
high security and privacy risks. Furthermore, with the rapid
development of information technologies such as machine
learning and data mining, attackers have become “smarter”
and have developed the ability to bypass the current attack
detection mechanisms. These challenges motivate us to re-
view the already applied and developed technologies in terms
of protecting smart cities and to attempt to provide potential
research opportunities for the readers to further study this
promising and practical field.
During the past few years, several surveys have been
conducted in this field, most of which are focused on the
overall IoT ecosystem. For example, Sicari et al. [7] pre-
sented an overview of the current issues and solutions in IoT
systems, including security, privacy and trust. Nia et al. [8]
recently discussed security issues on the edge-side layer of
IoT. By contrast, the quantity of survey papers on smart city
security and privacy is still limited. In 2017, a comprehensive
survey conducted by Gharaibeh et al. [9] highlighted the
achievements of smart cities and then discussed existing
security issues from a data-centric perspective. Focusing on
the security and privacy problems, Zhang et al. [3] provided
a taxonomy of different security solutions with respect to
different smart applications. Eckhoff et al. [10] conducted a
survey of nine specific technologies for protecting privacy in
a smart city contest.
Our survey is different from the existing ones because it is
a survey conducted from the viewpoint of related disciplines.
To reflect the novelty of this survey, we present a comparison
in Table 1. The contributions of this work are listed as
We provide an extensive overview of protection methods
for securing smart cities from the perspectives of different
disciplines, including the latest developed or applied mecha-
nisms and theories.
We evaluate the availability of state-of-the-art protection
technologies for smart cities and present some open issues
that have limited effective countermeasures.
We identify future research opportunities corresponding
to the current challenges and the up-to-date security require-
ments, which can contribute to the construction of more
secure, privacy protected and stable smart cities.
The rest of this paper is structured as follows. Section II
provides an overview of the architecture, applications and
characteristics of smart cities. In Section III, we identify
security and privacy issues as well as some updated threats
generated by emerging smart applications. The correspond-
ing requirements for smart cities are provided in Section IV.
The security and privacy technologies employed for smart
cities are investigated with respect to different disciplines in
Section V. Challenges and potential opportunities based on
our understanding are provided in Section VI. Finally, we
summarize and conclude the study in Section VII.
As the features of smart cities are closely related to the
security requirements and challenges presented in the fol-
lowing sections and because most of the protection methods
introduced in Section IV were developed based on the spe-
cific scenarios of different smart applications, it is necessary
to introduce the characteristics, architecture, and common
applications of smart cities to provide an integrated context
and enable readers to easily understand the main contents of
this survey.
To keep up with the development of smart cities, multiple
architectures have been designed [11]. However, to the best
of our knowledge, there is no uniform IoT architecture. As
the emphasis of this work is to summarize security and
privacy issues in smart cities, the architecture described here
is based on the well-known three-layer architecture and the
generally accepted architecture proposed in [106]. As shown
in Fig. 1, the architecture can be divided into four layers; a
brief introduction is provided in the following.
Perception layer, also called the sensing layer, recog-
nition layer or the edge layer, is the lowest layer of the
architecture. The perception layer is mainly used for data
collection from things (e.g., heterogeneous devices, WSNs
and sensors) in the real world and transmitting the acquired
information to the network layer for further processing.
Network layer is the core layer in the IoT architecture that
depends on basic networks, such as the Internet, WSNs, and
communications networks. The responsibility of this layer is
2VOLUME 4, 2016
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
to transmit the data collected by the perception layer and to
connect smart things, network devices, and servers.
FIGURE 1: IoT-based architecture for a smart city
Support layer, which works very closely with the ap-
plication layer, provides support for the requirements of
diversified applications via intelligent computing techniques
(e.g., cloud computing, edge computing, fog computing).
Application layer, as the top layer, is responsible for
providing intelligent and practical services or applications to
users based on their personalized requirements. We provide a
detailed description in the following subsection.
One objective of building smart cities is to benefit residents
with respect to different aspects that are closely related to the
living standards of residents, such as energy, environment,
industry, living, and services. We illustrate the emerging
intelligent applications of smart cities in Fig. 2 and describe
them in detail as follows.
1) Smart Government
Smart government plays a crucial role in a smart city. The
purpose of smart government is to better serve citizens and
communities by interconnecting data, institutions, proceed-
ings, and physical infrastructures based on information tech-
nology [12]. In addition, smart governance enables citizens to
get involved in public decisions and city planning [13], which
can improve the efficiency while simultaneously increasing
information transparency. For example, e-government allows
individuals to utilize governmental services online, such as
applying for a conference centre, paying for bills and report-
ing problems.
2) Smart Transportation
Smart transportation aims to provide a "smarter" usage of
transport systems. Specifically, intelligent transport networks
can better serve the public by enhancing safety, speed and
reliability [14]. By using transport-oriented mobile appli-
cations, consumers can easily plan their schedules while
finding the most economic and fastest routes. Other common
applications in smart transport facilities are driver’s pass-
ports, license recognition systems, car-parking searching and
prediction [15].
3) Smart Environment
Smart environment can contribute substantially in terms of
building a sustainable society. Specifically, by adopting tech-
nical management tools, a smart city has the ability to mon-
itor energy consumption, air quality, the structural reliability
of buildings, and traffic congestion and to address pollution
or waste efficiently [16]. Ideally, novel environmental sensor
networks may even have the ability to predict and detect
natural disasters in the future [17].
4) Smart Utilities
Smart utilities enable smart cities to reduce the overcon-
sumption of resources such as water and gas and to improve
economic growth and contribute to environmental protection.
Smart metering, as a practical smart utility application, is
widely applied in smart grids to monitor the distributed
energy resources [18]. In addition, smart water meters [19]
and smart light sensors [20] are used to manage resources
and reduce energy loss.
5) Smart Services
Smart services benefit citizens in many aspects. For example,
intelligent healthcare applications can timely monitor peo-
ple’s health conditions via wearable devices and medical sen-
sors [21]. Furthermore, some smart services can create com-
fortable, intelligent and energy-saving living environments,
such as through the remote control of home appliances. Last
but not the least, social networking, entertainment, smart
shopping and other smart services have considerably im-
proved the convenience of people’s daily lives.
FIGURE 2: Applications in smart cities
It is important to understand the differences between the
aforementioned smart applications and traditional ones.
Moreover, the characteristics (as illustrated in Fig. 3) of smart
cities should be considered and combined before developing
any new security or privacy protection method.
VOLUME 4, 2016 3
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
FIGURE 3: Characteristics of smart cities
1) Heterogeneity
In IoT-based systems, high heterogeneity is the most distin-
guishing characteristic, which means the systems are inde-
pendent, distributed, being stored or used by different users.
It also refers to the wide variety of IoT nodes, communi-
cation protocols and technologies, mobility means, diverse
hardware performances, platforms, etc. [22]. To the best of
our knowledge, there is no uniform definition of smart city,
and the IoT architecture varies by smart city. Therefore, the
lack of a common security framework and service is another
major problem.
2) Resource Constraints
Most IoT devices are resource constrained, which means
not only limited memory, battery capacity and processing
capabilities, but also constrained network interfaces due to
low-power radio standards. To be more specific, cheaper,
smaller, but energy deficient embedded devices are widely
applied in smart cities. Typically, the random-access memory
and storage capacities of these devices are limited, with 8-bit
or 16-bit microcontrollers. The wireless networks equipped
with IEEE 802.15.4 radio lead to low data rates and frame
sizes (20-250 kb/s and up to 127 octets, respectively) [23].
3) Mobility
Urban mobility has been seen as an important engine for
the growth and progress of modern cities. In smart cities,
mobility refers not just to the movement within a city and
the delivery of goods from one place to another destination,
it also means technologies like citywide wireless communi-
cation and real-time monitoring of the traffic flow, as well
as the flexible reactions to problems. In addition, mobility
in smart cities is customized through the well-developed
communication infrastructure.
4) Connectivity and Scalability
Connectivity enables any device to connect to the smart
world. It is the most basic feature for a successful smart
city and has been regarded as fundamental to moving smart
city plans forward [24]. At the same time, scalability is an
apparent feature in smart city scenarios. Smart cities are
rapidly developing from small to large, resulting in explosive
growth in both data and network traffic. Therefore, a smart
city is not able to operate well without scalable systems and
5) User involvement
The definition of a smart city is not just about cutting-
edge technologies and infrastructures, human factors (learn-
ing, creativity, and education) are also essential for the
development of smart cities [25] since the main purpose
of building smart cities is to serve residents. Furthermore,
citizens’ involvement can improve the quality of those smart
applications. For example, an initial understanding of their
requirements and concerns regarding security will result in
the best outcome in terms of protection strategies.
Although the aforementioned developments in smart cities
have contributed considerably to the improvements of the
whole society, almost every smart application is vulnera-
ble hacking through up-to-date attacks, such as background
knowledge attacks, collusion attacks, Sybil attacks, eaves-
dropping attacks, spam attacks, likability attacks, inside curi-
ous attacks, outside forgery attacks, and identity attacks [81],
In recent years, significant problems have been found
in different application scenarios. For example, the smart
metering infrastructure in smart grids can monitor the private
lives of residents, including their living habits and working
hours [102]. Similarly, in the context of smart homes and
healthcare, device manufacturers and service providers may
gain access to the sensitive data [105]. In addition, the large
amount of trajectory information collected by smart mobility
applications can be used to infer the location and mobility
patterns of a user [103]. In addition to these problems, the
following items are the latest issues generated by the rapidly
developing smart applications.
1) Botnet Activities in IoT-based Smart Cities
The recently emerged IoT botnets have posed serious threats
to IoT systems. A representative example is the Mirai bot-
net, which can infect devices (e.g., IP cameras, webcams,
printers, DVRs, and routers), spread infection to many het-
erogeneous IoT devices, and finally cause a DDoS against
target servers [107]. Compared with computers and smart
phones, IoT devices are often designed with poor security or
even none at all. Unfortunately, this danger was not realized
until the second half of 2016. Therefore, much more work
is needed, and the security community should develop novel
defences. Otherwise, this new normal of DDos attacks will
have a destructive impact on the IoT-enabled ecosystem [98].
2) Threats of Driverless Cars in Smart Cities
High-tech companies have spent billions of dollars devel-
oping autonomous vehicles (AVs), aiming to reduce traffic
accidents and to build a cleaner and smarter society [104].
However, this rapidly growing application has been seen as a
major security issue because once an AV is hacked, both life
safety and data privacy will be threatened [108]. Specifically,
hackers can exploit security bugs to conduct remote attacks,
such as applying the brakes, shutting down the engine and
4VOLUME 4, 2016
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
controlling the steering. In addition, the massive personal
data collected by the computer system of a self-driving
vehicle may cause significant privacy issues.
3) Privacy Issues of Virtual Reality in Smart Cities
In technology-driven smart cities, virtual reality (VR) tech-
nology has been embraced by various organizations and
entities, such as city planning departments, healthcare service
providers and the engineering industry sector. However, the
sensitive information shared with third parties, the unen-
crypted communications between VR devices, and the data
stored by sensors all pose threats of privacy leakage [110].
Unfortunately, because these new applications are rushed to
market, designers and users have not made appropriate and
comprehensive privacy considerations.
4) Threats Posed by AI in Smart Cities
AI systems play indispensable roles in various smart appli-
cations, such as automatic control of trading systems, home
appliances and pacemakers. However, the growing use of
AI also poses security risks. For example, service providers
and device manufactures can use data mining technologies
to excessively analyse personal data and to extract sensitive
information that exceed the primary objectives of the related
services [91]. Furthermore, attackers with knowledge of AI
are also getting smarter [92]. Hackers may understand how
ML-based protection mechanisms were trained or designed
so that they are able to adopt targeted approaches to weaken
the training effects and to reduce the reliability of the algo-
Considering the characteristics of IoT devices, the complex
environment of smart cities, and the security and privacy
threats mentioned earlier, the remainder of this section fo-
cuses mainly on identifying the requirements related to se-
curing smart cities.
Authentication is a basic requirement for different layers of
a smart system and is needed to prove identities and ensure
that only authorized clients can access services across a het-
erogeneous system [26]. Specifically, IoT devices deployed
in smart cities can authenticate the network, other nodes, and
the messages from management stations. Furthermore, since
the quantity of authentication data is growing explosively in
smart cities, it is important to develop advanced technologies
to guarantee real-time and precise authentication.
The purpose of confidentiality is to prevent information
from passive attacks or being exposed to the wrong source.
In IoT-based applications, attackers are assumed to have the
ability to eavesdrop on communication or to access devices.
Therefore, to protect the confidentiality of information trans-
mission between nodes, encryption-based technologies are
widely applied to build reliable communication and storage
systems [27].
It is notable that transparency and reliability are two fac-
tors that make the design of identification and authentication
methods difficult [28].
In general, availability means that devices and services
should be available when needed. Corresponding to our
topic, smart systems or applications should have the ability
to maintain effective functioning even when under attack.
Moreover, since these devices are susceptible to attacks, a
smart system must be able to detect any abnormal conditions
and have the ability to stop further damage to the system.
Resilience is regarded as the attack-resistance ability of a
system that can tolerate various faults and failures caused
by attacks and large-scale disasters. Protection mechanisms
should have strong robustness and the ability to continue
learning adaptively to cope with the increasingly intelligent
It is also important to ensure the integrity of both IoT
devices and the data exchanged between devices and the
cloud. Because data are exchanged across many devices in
an overall smart application, the data are easily tampered with
during the transmission process if they are not well protected.
Some methods such as firewalls and protocols can manage
data traffic in IoT communications, but they cannot guarantee
the integrity at endpoints because of the low computational
power of most IoT devices.
According to the vulnerabilities of the devices and networks
deployed in a smart city, a smart system can be seen as
secure only if it has the ability to monitor its operation
conditions and to detect any abnormal events in a timely
manner. The traditional intrusion detection system (IDS) is
widely used in three approaches: misuse detection, anomaly
detection, and specification-based detection [29]. However,
in the heterogeneous and complex smart city ecosystem, the
simple adaptation of a global IDS solution is not flexible and
is unrealistic [30]. In addition, because most of the sensors
and devices are resource-constrained, lightweight intrusion
detection methods must be developed.
Prediction and knowing about incoming threats in advance
is better than detection and recovery after an attacks. Xynos
et al. [31] found that many intrusion prediction systems (IPS)
failed to detect and prevent attacks, with a high failure rate,
especially for web-based applications. Similarly, one study
focused on smart grids indicated that many harmful attacks
are caught off guard, which means that it is too late to take
measures after detecting the attack, and current security pro-
tection strategies are unable to provide sufficient protection
for a smart grid [32].
Therefore, it is of great importance to develop intelligent
IPS systems to achieve security situation awareness and to
automatically predict various attacks on smart applications.
VOLUME 4, 2016 5
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
Privacy and security are closely related; all the requirements
presented before can affect privacy protection. The necessity
of this subsection is to include some security prerequisites
that were not covered by previous subsections.
In smart city scenarios, in addition to some common
harms, such as packet interception in communication, mal-
ware in mobile devices and applications, hacking on servers
and falsification permission, sensitive data leakage, whether
intentional or unintentional, is the main cause of privacy
breaches.In 2017, a comprehensive survey [3] reported that
four sources of data can be used to hack privacy, namely,
observable data, repurposed data, published data, and leaked
data, which contains large amount of users’ sensitive infor-
mation. To avoid misuse by unauthorized persons, adequate
and effective countermeasures, such as encryption methods
and anonymous mechanisms, and some novel techniques,
such as differential privacy [33], must be applied.
Sometimes, the privacy of citizens can be breached even
though a system is secure and not harmed by offenders.
One potential way for this to occur is the powerful data
mining algorithms. With these mining tools, some service
providers and third parties can easily discover consumers’
personal information, for example, the example provided by
[34]. Accordingly, privacy preserving data mining (PPDM)
strategies must be employed.
It is also worthwhile to note that the adoption of only
technical solutions is not sufficient, although they have some
positive effects. Other means of protection, such as gover-
nance, education, and policies, should also be implemented
In this section, we highlight critical insights into current and
potential technologies used to handle security and privacy
threats in the smart city environment. Table 2 shows the
technical examples used in this section from the perspectives
of different disciplines.
Cryptographic algorithms are the backbone of security and
privacy protection for the services of smart applications
because they avoid the access of distrusted parties during the
data life circle of storing, processing and sharing. In this sub-
section, we attempt to summarize the current cryptographic
tools applied to smart systems and to highlight some novel
and promising technologies.
Traditional algorithm and encryption standards are not
completely suitable for resource-constrained devices because
of the computational complexity and energy consumption
[22]. Therefore, lightweight encryption has become a basic
requirement for applying cryptographic technologies in prac-
tice. In 2016, Mahmood et al. [42] developed a lightweight
authentication mechanism for an IoT scenario that can pro-
tect end-to-end users’ communications from DDoS attacks.
Recently, a novel lightweight authentication protocol was
proposed by Li et al. [43] by adopting a public key encryption
scheme and aiming to secure smart city applications.
It is notable that homomorphic encryption (HE), which
enables computations on encrypted data and chains differ-
ent services together without exposing sensitive data, has
attracted increasing attention. For example, HE can be used
to protect electricity consumption aggregation in a smart grid
system [36], to protect privacy for healthcare monitoring
[44], and to solve cloud computing security issues [45].
However, although full HE witnessed some breakthroughs
in recent years, the high computational expense remains a
restriction of the method.
Zero-knowledge proofs, first introduced by Goldwasser et
al. [46], is another method applied in the cryptographic do-
main to enable one party to prove something to other parties
without conveying any other information. Zero-knowledge
proofs can be used to handle authentication issues. For exam-
ple, Dousti et al. [38] used zero-knowledge proofs to develop
an efficient authentication protocol for smart cards.
Although the blockchain technique is a specific technology
rather than a discipline, we use this subsection to introduce
it because of the substantially increasing interest around it
in recent years. A comprehensive survey in this field was
conducted in 2016 by Christidis et al. [47], who verified the
realizability of applying blockchian to the IoT domain and
indicated its significant application value in the developing
IoT ecosystem.
The decentralized feature of blockchain enables applica-
tions to operate in a distributed manner, which is the main
reason behind the popularity of many blockchain-based IoT
applications. For example, in 2016, Biswas et al. [48] devel-
oped a blockchain-based security framework that can both
guarantee the communication security of devices in a smart
city and improve the reliability and efficiency of the system.
Similarly, in 2017, Dorri et al. [39] integrated blockchian
technology into a smart home scenario, and the newly de-
veloped framework can achieve the goal of confidentiality,
integrity, and availability. Another recent study conducted
by Lei et al. [40] addressed the security issues in vehicular
communication systems through the blockchain structure.
Sharma et al. [49] indicated that existing clouds cannot
satisfy the new requirements of future scalable IoT networks.
They made use of blockchain’s advantages in combination
with fog computing and software defined networking (SDN)
technology to develop a novel distributed architecture that
satisfies the required design principles, such as resilience,
efficiency, adaptability, scalability, and security.
Clearly, although blockchain technology has become a hot
topic in recent years and has resulted in more reliable and
convenient applications, it is still at a quite early stage in the
IoT era. We need to take steps to better utilize this technology
to settle serious privacy and security concerns.
6VOLUME 4, 2016
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
Disciplines Year References Applications scenario Technologies
2017 [35] Smart transportation Two-level authentication key exchange scheme
2016 [36] Smart grid Homomorphic encryption
2017 [37] Smart shopping RFID
2016 [38] Smart card Zero-knowledge proofs
2017 [39] Smart home Blockchain-based smart home architecture
2017 [40] Smart transportation Network topology and decentralized blockchain-based framework
2017 [49] IoT architecture Distributed architecture based on blockchain technique and fog computing
Biometrics 2016 [41] Mobile sensors Cascading bandpass filter for noise cancellation
2017 [51] Storage devices Biometric based authentication and key negotiation protocol
ML and DM
2017 [56] Wi-Fi networks Deep feature learning
2015 [57] Smartphone SVM-based authentication system
2017 [58] Mobile devices Bayesian linear regression model
2017 [64] Social networking Privacy preserving k-means clustering
Game theory
2017 [68] Low-resource IoT devices Nash Equilibrium
2016 [69] Honeypot-enabled networks Bayesian game of incomplete information
2016 [71] Wireless networks Zero-sum game
2016 [77] Smart home Layered cloud architectural mode based on ontology
2017 [79] Mobile computing Context-aware and personalized privacy control
2017 [82] IoT architecture Semantic-ontology-based situation reasoning method
TABLE 2: Examples of security and privacy protection methods in smart cities
In IoT-based systems, biometrics are widely for authentica-
tion. Specifically, this technology can be used to automat-
ically recognize a person through unique behavioural and
biological characteristics. The bio-data are extracted from
fingerprints, faces, voices, handwritten signatures and so
on. One method worth mentioning here is brainwave-based
authentication [50], which can achieve a high degree of
authentication accuracy while simultaneously guaranteeing
To protect the confidential information of users in storage
devices, a key negotiation and mutual authentication protocol
was proposed by Amin et al. [51]. The novel protocol not
only effectively defeats security attacks but also maintains an
acceptable communication cost and overhead in comparison
with other related systems.
Another characteristic to note is that if these bio-based
methods are not appropriately used, the risk of privacy
leakage will increase. Natguanathan et al. [52] reported that
we need to develop privacy-preserving biometric schemes
(PPBSs), such as the work performed by Wang et al, [53].
They also indicated the promising future of using biometrics
in other applications, such as e-business.
Based on the current practical situations, machine learn-
ing (ML) technologies have been employed to improve the
efficiency of intrusion detection systems, which is one of
the most commonly used security infrastructures to protect
networks from attacks. Wireless sensor network (WSNs) the
key component of the smart world, have received increas-
ing attention. A comprehensive survey [54] indicated three
advantages of adopting machine learning technologies to
secure WSNs and summarized different ML algorithms. Luo
et al. [55] proposed a machine-based scheme to secure data
sensing and fusion in WSNs. Moreover, a recent study [56]
developed a novel feature extraction and selection model to
detect attacks in Wi-Fi networks, which has a high detection
In addition to network-centric security methods, a few
user-centric ML technologies have been applied in recent
years to analyse, predict and make personalized decisions.
The rapidly expanding sensor networks and smartphones
have subjected citizens to many privacy and security con-
cerns. Lee et al. [57] adopted SVM to design a multi-sensor-
based authentication system for smartphone users. The key
idea was to learn users’ behaviour patterns and corresponding
environmental features. In 2017, researchers [58] developed
a novel permission mechanism for mobile platforms based
on ML technology. However, similar efforts, such as [59]
and [60], have a common problem, that is, the data used for
analysis cannot avoid of the subjectiveness of participants
and may not sufficient reflect the situation in a real IoT
We note that many defence strategies can be strengthened
by ML technologies. Shamshirband et al. [61] introduced
a game theoretic model through ML to detect and prevent
intrusions in WSNs. Biggio et al. [62] reviewed the current
situation of the biometric security systems from the perspec-
tive of adversarial ML.
In the field of data mining (DM), a comprehensive survey
conducted by Tsai et al. [63] indicated that vast quantities
of data collected by many sensors and devices around con-
sumers are used to mine new regulations and information to
provide better services. However, some security and privacy
concerns result from DM technologies because of the sen-
sitive information, such as users’ locations and behavioural
patients, may be disclosed. To mitigate this problem, some
privacy preserving data mining (PPDM) technologies have
been developed in recent years [5], [64].
Game theory, a powerful mathematical tool, has been suc-
cessfully applied in the fields of cybersecurity and privacy
VOLUME 4, 2016 7
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
protection and in various application scenarios [65]. A com-
prehensive survey conducted by Cuong et al. [66] reported
the characteristics of the game-theoretical approach and its
advantages in comparison with traditional defence mecha-
nisms, which are described below.
1) Proven mathematics;
2) Reliable defence;
3) Timely action;
4) Distributed solutions.
Predictably, interest in using game theory to address se-
curity and privacy issues in IoT-based applications has in-
creased in recent years. For example, Abass et al. [67] devel-
oped novel attack analysing strategies for cloud storage by
evolutionary game theory. In another recent work, Sedjelmaci
at el. [68] targeted low-powered devices and proposed a
lightweight anomaly detection technique that both guarantees
accuracy and reduces energy consumption.
Focusing on communication security issues in networks,
La et al. [69] formulated a game theoretic model to study the
attack and defence problem in honeypot-enabled networks.
The model has potential to be adapted to new emerging IoT
applications, such as smart healthcare, smart buildings, and
sensor networks. Similarly, a recent paper written by Wang et
al. [70] introduced a honeypot game to address attack prob-
lems in advanced metering infrastructure networks. Another
work conducted by Xiao et al. [71] adopted a zero-sum game
to detect spoofing attacks in wireless networks.
With respect to privacy issues, many studies develop
mechanisms by combining game theory with other privacy
protection technologies, such as k-anonymity [72] and dif-
ferential privacy [73]. In addition, game theory is an effective
tool to balance protection intensity and data utility, as in the
approach proposed by Xu et al. [74] in 2015.
Although fewer studies have applied game theory to a
specific smart city application, many technologies have been
developed within the scope of IoT security, and we believe
that with the rapid evolution of the everything-connected
smart cities, game-theoretic approaches will play a signifi-
cant role in solving some new security and privacy issues of
this smart era.
Ontology, one of the major branches of philosophy, has
been identified as a promising tool to address heterogeneous
issues, especially for unstructured data, knowledge and con-
figurable systems. The main purpose of employing ontology
is to better understand, describe, and reuse some formally
represented knowledge and to search for new knowledge and
isolate inconsistencies.
The aforementioned inherent features have advanced many
ontology-based efforts to resolve security and privacy prob-
lems, such as cyber attack detection and security risk man-
agement [75], [76]. However, the application of ontology to
the IoT domain is an emerging area, and only a few related
efforts can be found recent years. Tao et al. [77] developed
a novel ontology-based security management model in the
domain of smart homes that enables smart devices to interact
more effectively and improves the security of the system.
Also applied to smart homes, Mohsin et al. [78] proposed
an ontology-driven security analysis framework to support
capturing consistencies automatically in the process of inter-
As noted previously that mobile phones are the pivot of a
smart city, Kim et al. [79] designed an ontology-based model
called QoPI to characterize, represent, and manage users’
personalized and dynamic privacy-control patterns under mo-
bile computing situations. From the perspective of trust, Lee
et al. [80] provided a novel definition of “trust ontology”
and used it to measure the trustworthiness among content
providers and consumers according to the preferences, pur-
poses and perspectives of users.
One obvious limitation of the current ontology-based stud-
ies in terms of IoT security is that most of them focus on
a specific application scenario or requirement and lack a
unified model, which affects their application value. Attempt-
ing to solve this problem, in 2017, Xu et al. [82] proposed
a semantic-ontology-based situation reasoning method that
provides a more comprehensive view of the security situation
while simultaneously improving the ability for emergency
response. Unfortunately, this method only focuses on the
network layer of the IoT architecture and cannot address the
overall security problems.
The application of technical solutions alone is not sufficient
for protection. The existing technology limitations can be
mitigated by the reinforcement of the related policy, regu-
lation, governance, education and so on [81].
From the perspective of governance and politics, according
to [83], sound governance is critical to creating a reliable
smart system. Walravens [84] argued that governments have
the responsibility to carefully consider which data can be
opened and who has the right to access the data. Similarly,
Batty et al. [85] indicated that regulations enforced by the
government must protect data and model development under
a smart city framework.
Training directed at improving the related skills of manu-
facturers, service providers, and users is also important [87].
For example, application designers should gain the ability to
develop stable and resilient coding through training. Vendors
are responsible for updating firewalls to fix vulnerabilities.
Furthermore, device manufacturers should enhance the over-
all level of safety and quality standards as much as possible.
Education programmes aim to enrich citizens’ knowledge
of how smart applications operate and how to protect them-
selves [88]. However, the effectiveness remains a challenge.
Aleisa et al. [89] found that although some users know the
potential harms of privacy leakage, they ignore the concerns
to take advantage of the convenience.
8VOLUME 4, 2016
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
We have discussed current security and privacy protection
technologies for smart cities. Many novel countermeasures
have recently been proposed in various fields. Unfortunately,
according to the updated threats and security requirements
we noted earlier, it is reasonable to conclude that more
effective protection methods must be developed to keep pace
with the rapid growth of smart cities. The following items are
promising opportunities and research directions based on our
The IoT can be seen as a network of networks, in which
heterogeneous networks, such as the Internet, smartphone
networks, social networks, and industrial networks, are in-
terconnected and integrated [95]. Under this type of complex
environment, novel effective technologies are needed to cope
with the latest challenges [96]. For example, an understand-
ing of malware propagation characteristics in IoT-based in-
frastructures, modelling of the spread patterns of information
in wireless sensor networks, and the development of effective
prevention strategies are of great significance [99].
As an emerging technology to implement smart cities, Fog-
based structures present new security challenges because
the operation environments of distributed Fog systems are
more vulnerable to attacks than centralized clouds [109].
Compared with Clouds, Fog systems are small, resulting in
their limited ability to protect themselves. In addition, as Fog
nodes are close to end users, they provide precious oppor-
tunities to protect the privacy of consumers before personal
sensitive data leave the edge. Therefore, the protections of
smart devices in Fog-based smart systems should receive
much more attention [97].
In user-centric smart cities, consumers should have the right
to delete or move data from one service provider to any other
service provider at any time [90]. Moreover, people’s prefer-
ences towards security and privacy must be considered since
attitudes and requirements can vary by person. Moreover, the
growing number of configurable privacy settings makes it
difficult for users to align their settings with their actual pref-
erences [100]. Therefore, the development of user-friendly
protection assistants that can both improve the security and
comfort of various smart applications is promising.
The task of “data minimization” is two-fold. One is to mini-
mize the amount of data collected, used, and stored by IoT
applications, which requires not only technical guarantees
but also reinforcement from related governance and politics.
The other is how to minimize the knowledge discovered.
Specifically, service providers can only discover knowledge
limited to the boundaries of their primary objectives and are
unable to mine any other sensitive information from citizens
without their permission [94].
Although various novel mechanisms have been developed
in recent years, the direct application of some of these
mechanisms is unrealistic. The limited processing abilities
and energy sources of sensors and devices make it possible
for only basic and weak preserving algorithms to be imple-
mented. Consequently, to satisfy the strong mobility, flexibil-
ity, dynamic and low-cost requirements, further research is
required to develop lightweight countermeasures to minimize
overhead while simultaneously guaranteeing protection.
Smart applications are being talked everywhere, and nearly
every country has smart projects under development. How-
ever, no uniform concept of a smart city, including its defini-
tion and architecture, exists. Consequently, many of the de-
veloped security protection mechanisms and network proto-
cols focus mainly on a specific area, which means they cannot
be incorporated into and shared among the entire smart city
environment. Therefore, additional theoretical studies are a
necessary foundation to reduce the barriers to securing smart
The widespread use of smart applications has caused many
security and privacy issues. The development of more ad-
vanced protection models and frameworks is essential and
highly demanded in both industrial and academic fields.
Motivated by these factors, we surveyed the latest efforts
and advances in countermeasures from the perspectives of
different disciplines. We also discussed up-to-date issues and
open challenges that have emerged in recent years to lay
a foundation for further studies. Various protection mecha-
nisms and strategies have been developed in recent years.
However, there is a long way to go to satisfy the multiple
security requirements of these rapidly developing smart ap-
plications. It is reasonable to predict that in the following few
years, mitigating the presented challenges will be the primary
task of smart city-related studies.
[1] U. Nations, “World urbanization prospects: The 2014 revision, highlights.
department of economic and social affairs,” Population Division, United
Nations, 2014.
[2] Y. Li, Y. Lin, and S. Geertman, “The development of smart cities in china,”
in Proc. of the 14th International Conference on Computers in Urban
Planning and Urban Management, 2015, pp. 7–10.
[3] K. Zhang, J. Ni, K. Yang, X. Liang, J. Ren, and X. S. Shen, “Security
and privacy in smart city applications: Challenges and solutions,” IEEE
Communications Magazine, vol. 55, no. 1, pp. 122–129, 2017.
[4] K. Zetter, “Inside the cunning, unprecedented hack of ukraine’s power
grid,” Wired, 2016.
VOLUME 4, 2016 9
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
[5] L. Li, R. Lu, K.-K. R. Choo, A. Datta, and J. Shao, “Privacy-preserving-
outsourced association rule mining on vertically partitioned databases,”
IEEE Transactions on Information Forensics and Security, vol. 11, no. 8,
pp. 1847–1861, 2016.
[6] B. Alomair and R. Poovendran, “Efficient authentication for mobile and
pervasive computing,” IEEE Transactions on Mobile Computing, vol. 13,
no. 3, pp. 469–481, 2014.
[7] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, pri-
vacy and trust in internet of things: The road ahead,” Computer Networks,
vol. 76, pp. 146–164, 2015.
[8] A. M. Nia and N. K. Jha, “A comprehensive study of security of internet-
of-things,” IEEE Transactions on Emerging Topics in Computing, 2017.
[9] A. Gharaibeh, M. A. Salahuddin, S. J. Hussini, A. Khreishah, I. Khalil,
M. Guizani, and A. Al-Fuqaha, “Smart cities: A survey on data man-
agement, security, and enabling technologies,” IEEE Communications
Surveys & Tutorials, vol. 19, no. 4, pp. 2456–2501, 2017.
[10] D. Eckhoff and I. Wagner, “Privacy in the smart city–applications, tech-
nologies, challenges and solutions,” IEEE Communications Surveys &
Tutorials, 2017.
[11] I. Yaqoob, E. Ahmed, I. A. T. Hashem, A. I. A. Ahmed, A. Gani, M. Imran,
and M. Guizani, “Internet of things architecture: Recent advances, taxon-
omy, requirements, and open challenges,” IEEE wireless communications,
vol. 24, no. 3, pp. 10–16, 2017.
[12] J. R. Gil-Garcia, “Towards a smart state? inter-agency collaboration,
information integration, and beyond,” Information Polity, vol. 17, no. 3,
4, pp. 269–280, 2012.
[13] S. Alawadhi and H. J. Scholl, “Smart governance: A cross-case analysis
of smart city initiatives,” in System Sciences (HICSS), 2016 49th Hawaii
International Conference on. IEEE, 2016, pp. 2953–2963.
[14] S. P. Mohanty, U. Choppali, and E. Kougianos, “Everything you wanted
to know about smart cities: The internet of things is the backbone,” IEEE
Consumer Electronics Magazine, vol. 5, no. 3, pp. 60–70, 2016.
[15] E. I. Vlahogianni, K. Kepaptsoglou, V. Tsetsos, and M. G. Karlaftis, “A
real-time parking prediction system for smart cities,” Journal of Intelligent
Transportation Systems, vol. 20, no. 2, pp. 192–204, 2016.
[16] A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, “Internet of
things for smart cities,” IEEE Internet of Things journal, vol. 1, no. 1, pp.
22–32, 2014.
[17] B. Tang, Z. Chen, G. Hefferman, T. Wei, H. He, and Q. Yang, “A
hierarchical distributed fog computing architecture for big data analysis
in smart cities,” in Proceedings of the ASE BigData & SocialInformatics
2015. ACM, 2015, p. 28.
[18] Y. Kabalci, “A survey on smart metering and smart grid communication,
Renewable and Sustainable Energy Reviews, vol. 57, pp. 302–318, 2016.
[19] M. J. Mudumbe and A. M. Abu-Mahfouz, “Smart water meter system
for user-centric consumption measurement,” in Industrial Informatics (IN-
DIN), 2015 IEEE 13th International Conference on. IEEE, 2015, pp.
[20] M. Magno, T. Polonelli, L. Benini, and E. Popovici, “A low cost, highly
scalable wireless sensor network solution to achieve smart led light control
for green buildings,” IEEE Sensors Journal, vol. 15, no. 5, pp. 2963–2973,
[21] L. Catarinucci, D. De Donno, L. Mainetti, L. Palano, L. Patrono, M. L.
Stefanizzi, and L. Tarricone, “An iot-aware architecture for smart health-
care systems,” IEEE Internet of Things Journal, vol. 2, no. 6, pp. 515–526,
[22] Q. Jing, A. V. Vasilakos, J. Wan, J. Lu, and D. Qiu, “Security of the internet
of things: Perspectives and challenges,” Wireless Networks, vol. 20, no. 8,
pp. 2481–2501, 2014.
[23] A. Sehgal, V. Perelman, S. Kuryla, and J. Schonwalder, “Management of
resource constrained devices in the internet of things,” IEEE Communica-
tions Magazine, vol. 50, no. 12, 2012.
[24] M. Centenaro, L. Vangelista, A. Zanella, and M. Zorzi, “Long-range
communications in unlicensed bands: The rising stars in the iot and smart
city scenarios,” IEEE Wireless Communications, vol. 23, no. 5, pp. 60–67,
[25] T. Nam and T. A. Pardo, “Conceptualizing smart city with dimensions of
technology, people, and institutions,” in Proceedings of the 12th annual
international digital government research conference: digital government
innovation in challenging times. ACM, 2011, pp. 282–291.
[26] D. He, S. Zeadally, N. Kumar, and J.-H. Lee, “Anonymous authentication
for wireless body area networks with provable security,” IEEE Systems
Journal, 2016.
[27] V. Angelakis, E. Tragos, H. C. Pöhls, A. Kapovits, and A. Bassi, De-
signing, Developing, and Facilitating Smart Cities: Urban Design to IoT
Solutions. Springer, 2017.
[28] Z.-K. Zhang, M. C. Y. Cho, and S. Shieh, “Emerging security threats and
countermeasures in iot,” in Proceedings of the 10th ACM Symposium on
Information, Computer and Communications Security. ACM, 2015, pp.
[29] A. Abduvaliyev, A.-S. K. Pathan, J. Zhou, R. Roman, and W.-C. Wong,
“On the vital areas of intrusion detection systems in wireless sensor
networks,” IEEE Communications Surveys & Tutorials, vol. 15, no. 3, pp.
1223–1237, 2013.
[30] D. Midi, A. Rullo, A. Mudgerikar, and E. Bertino, “Kalis-a system for
knowledge-driven adaptable intrusion detection for the internet of things,
in Distributed Computing Systems (ICDCS), 2017 IEEE 37th International
Conference on. IEEE, 2017, pp. 656–666.
[31] K. Xynos, I. Sutherland, and A. Blyth, “Effectiveness of blocking evasions
in intrusion prevention system,” University of South Wales, pp. 1–6, 2013.
[32] J. Wu, K. Ota, M. Dong, J. Li, and H. Wang, “Big data analysis based
security situational awareness for smart grid,” IEEE Transactions on Big
Data, 2016.
[33] C. Dwork, F. McSherry, K. Nissim, and A. Smith, “Calibrating noise to
sensitivity in private data analysis,” in TCC, vol. 3876. Springer, 2006,
pp. 265–284.
[34] L. Xu, C. Jiang, J. Wang, J. Yuan, and Y. Ren, “Information security in big
data: privacy and data mining,” IEEE Access, vol. 2, pp. 1149–1176, 2014.
[35] A. Dua, N. Kumar, A. K. Das, and W. Susilo, “Secure message commu-
nication protocol among vehicles in smart city,” IEEE Transactions on
Vehicular Technology, 2017.
[36] A. Abdallah and X. Shen, “A lightweight lattice-based homomorphic
privacy-preserving data aggregation scheme for smart grid,” IEEE Trans-
actions on Smart Grid, 2016.
[37] R. Li, T. Song, N. Capurso, J. Yu, J. Couture, and X. Cheng, “Iot
applications on secure smart shopping system,” IEEE Internet of Things
Journal, vol. 4, no. 6, pp. 1945–1954, 2017.
[38] M. S. Dousti and R. Jalili, “An efficient statistical zero-knowledge au-
thentication protocol for smart cards,” International Journal of Computer
Mathematics, vol. 93, no. 3, pp. 453–481, 2016.
[39] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for
iot security and privacy: The case study of a smart home,” in Pervasive
Computing and Communications Workshops (PerCom Workshops), 2017
IEEE International Conference on. IEEE, 2017, pp. 618–623.
[40] A. Lei, H. Cruickshank, Y. Cao, P. Asuquo, C. P. A. Ogah, and Z. Sun,
“Blockchain-based dynamic key management for heterogeneous intelli-
gent transportation systems,” IEEE Internet of Things Journal, 2017.
[41] H.-S. Choi, B. Lee, and S. Yoon, “Biometric authentication using noisy
electrocardiograms acquired by mobile sensors,” IEEE Access, vol. 4, pp.
1266–1273, 2016.
[42] Z. Mahmood, H. Ning, and A. Ghafoor, “Lightweight two-level session
key management for end user authentication in internet of things,” in Inter-
net of Things (iThings) and IEEE Green Computing and Communications
(GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom)
and IEEE Smart Data (SmartData), 2016 IEEE International Conference
on. IEEE, 2016, pp. 323–327.
[43] N. Li, D. Liu, and S. Nepal, “Lightweight mutual authentication for iot and
its applications,” IEEE Transactions on Sustainable Computing, 2017.
[44] M. S. H. Talpur, M. Z. A. Bhuiyan, and G. Wang, “Shared–node iot net-
work architecture with ubiquitous homomorphic encryption for healthcare
monitoring,” International Journal of Embedded Systems, vol. 7, no. 1, pp.
43–54, 2014.
[45] I. Jabbar and S. Najim, “Using fully homomorphic encryption to secure
cloud computing,” Internet of Things and Cloud Computing, vol. 4, no. 2,
pp. 13–18, 2016.
[46] S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexity of
interactive proof systems,” SIAM Journal on computing, vol. 18, no. 1, pp.
186–208, 1989.
[47] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for
the internet of things,” IEEE Access, vol. 4, pp. 2292–2303, 2016.
[48] K. Biswas and V. Muthukkumarasamy, “Securing smart cities using
blockchain technology,” in High Performance Computing and Communi-
cations, 2016, pp. 1392–1393.
[49] P. K. Sharma, M.-Y. Chen, and J. H. Park, “A software defined fog node
based distributed blockchain cloud architecture for iot,” IEEE Access,
10 VOLUME 4, 2016
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
[50] L. Zhou, C. Su, W. Chiu, and K.-H. Yeh, “You think, therefore you are:
Transparent authentication system with brainwave-oriented bio-features
for iot networks,” IEEE Transactions on Emerging Topics in Computing,
[51] R. Amin, R. S. Sherratt, D. Giri, S. H. Islam, and M. K. Khan, “A soft-
ware agent enabled biometric security algorithm for secure file access in
consumer storage devices,” IEEE Transactions on Consumer Electronics,
vol. 63, no. 1, pp. 53–61, 2017.
[52] I. Natgunanathan, A. Mehmood, Y. Xiang, G. Beliakov, and J. Yearwood,
“Protection of privacy in biometric data,” IEEE access, vol. 4, pp. 880–
892, 2016.
[53] Y. Wang, J. Wan, J. Guo, Y.-M. Cheung, and P. C. Yuen, “Inference-
based similarity search in randomized montgomery domains for privacy-
preserving biometric identification,” IEEE transactions on pattern analysis
and machine intelligence, 2017.
[54] M. A. Alsheikh, S. Lin, D. Niyato, and H.-P. Tan, “Machine learning in
wireless sensor networks: Algorithms, strategies, and applications,” IEEE
Communications Surveys & Tutorials, vol.16, no. 4, pp. 1996–2018, 2014.
[55] X. Luo, D. Zhang, L. T. Yang, J. Liu, X. Chang, and H. Ning, “A kernel
machine-based secure data sensing and fusion scheme in wireless sensor
networks for the cyber-physical systems,” Future Generation Computer
Systems, vol. 61, pp. 85–96, 2016.
[56] M. E. Aminanto, R. Choi, H. C. Tanuwidjaja, P. D. Yoo, and K. Kim,
“Deep abstraction and weighted feature selection for wi-fi impersonation
detection,” IEEE Transactions on Information Forensics and Security,
[57] W.-H. Lee and R. B. Lee, “Multi-sensor authentication to improve smart-
phone security,” in Information Systems Security and Privacy (ICISSP),
2015 International Conference on. IEEE, 2015, pp. 1–11.
[58] K. Olejnik, I. I. Dacosta Petrocelli, J. C. Soares Machado, K. Huguenin,
M. E. Khan, and J.-P. Hubaux, “Smarper: Context-aware and automatic
runtime-permissions for mobile devices,” in Proceedings of the 38th
IEEE Symposium on Security and Privacy (SP), no. EPFL-CONF-226751.
IEEE, 2017.
[59] H. Lee and A. Kobsa, “Privacy preference modeling and prediction
in a simulated campuswide iot environment,” in Pervasive Computing
and Communications (PerCom), 2017 IEEE International Conference on.
IEEE, 2017, pp. 276–285.
[60] P. Wijesekera, A. Baokar, L. Tsai, J. Reardon, S. Egelman, D. Wag-
ner, and K. Beznosov, “The feasibility of dynamically granted permis-
sions: Aligning mobile privacy with user preferences,” arXiv preprint
arXiv:1703.02090, 2017.
[61] S. Shamshirband, A. Patel, N. B. Anuar, M. L. M. Kiah, and A. Abraham,
“Cooperative game theoretic approach using fuzzy q-learning for detect-
ing and preventing intrusions in wireless sensor networks,” Engineering
Applications of Artificial Intelligence, vol. 32, pp. 228–241, 2014.
[62] B. Biggio, G. Fumera, P. Russu, L. Didaci, and F. Roli, “Adversarial
biometric recognition: A review on biometric system security from the
adversarial machine-learning perspective,” IEEE Signal Processing Maga-
zine, vol. 32, no. 5, pp. 31–41, 2015.
[63] C.-W. Tsai, C.-F. Lai, M.-C. Chiang, L. T. Yang et al., “Data mining
for internet of things: A survey.” IEEE Communications Surveys and
Tutorials, vol. 16, no. 1, pp. 77–97, 2014.
[64] K. Xing, C. Hu, J. Yu, X. Cheng, and F. Zhang, “Mutual privacy preserving
k-means clustering in social participatory sensing,” IEEE Transactions on
Industrial Informatics, vol. 13, no. 4, pp. 2066–2076, 2017.
[65] S. Yu, “Big privacy: Challenges and opportunities of privacy study in the
age of big data,” IEEE access, vol. 4, pp. 2751–2763, 2016.
[66] C. T. Do, N. H. Tran, C. Hong, C. A. Kamhoua, K. A. Kwiat, E. Blasch,
S. Ren, N. Pissinou, and S. S. Iyengar, “Game theory for cyber security and
privacy,” ACM Computing Surveys (CSUR), vol. 50, no. 2, p. 30, 2017.
[67] A. A. ABASS, L. Xiao, N. Mandayam, and Z. Gajic, “Evolutionary game
theoretic analysis of advanced persistent threats against cloud storage,
IEEE Access, 2017.
[68] H. Sedjelmaci, S.-m. Senouci, and T. Taleb, “An accurate security game for
low-resource iot devices,” IEEE Transactions on Vehicular Technology,
[69] Q. D. La, T. Q. Quek, J. Lee, S. Jin, and H. Zhu, “Deceptive attack and
defense game in honeypot-enabled networks for the internet of things,”
IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1025–1035, 2016.
[70] K. Wang, M. Du, S. Maharjan, and Y. Sun, “Strategic honeypot game
model for distributed denial of service attacks in the smart grid,” IEEE
Transactions on Smart Grid, 2017.
[71] L. Xiao, Y. Li, G. Han, G. Liu, and W. Zhuang, “Phy-layer spoofing detec-
tion with reinforcement learning in wireless networks,” IEEE Transactions
on Vehicular Technology, vol. 65, no. 12, pp. 10037–10 047, 2016.
[72] X. Liu, K. Liu, L. Guo, X. Li, and Y. Fang, “A game-theoretic approach for
achieving k-anonymity in location based services,” in INFOCOM, 2013
Proceedings IEEE. IEEE, 2013, pp. 2985–2993.
[73] M. Kearns, M. Pai, A. Roth, and J. Ullman, “Mechanism design in large
games: Incentives and privacy,” in Proceedings of the 5th conference on
Innovations in theoretical computer science. ACM, 2014, pp. 403–410.
[74] L. Xu, C. Jiang, Y. Chen, Y. Ren, and K. R. Liu, “Privacy or utility in
data collection? a contract theoretic approach,” IEEE Journal of Selected
Topics in Signal Processing, vol. 9, no. 7, pp. 1256–1269, 2015.
[75] A. Razzaq, Z. Anwar, H. F. Ahmad, K. Latif, and F. Munir, “Ontology
for attack detection: An intelligent approach to web application security,
computers & security, vol. 45, pp. 124–146, 2014.
[76] B. A. Mozzaquatro, R. Jardim-Goncalves, and C. Agostinho, “Towards a
reference ontology for security in the internet of things,” in Measurements
& Networking (M&N), 2015 IEEE International Workshop on. IEEE,
2015, pp. 1–6.
[77] M. Tao, J. Zuo, Z. Liu, A. Castiglione, and F. Palmieri, “Multi-layer cloud
architectural model and ontology-based security service framework for iot-
based smart homes,” Future Generation Computer Systems, 2016.
[78] M. Mohsin, Z. Anwar, F. Zaman, and E. Al-Shaer, “Iotchecker: a data-
driven framework for security analytics of internet of things configura-
tions,” Computers & Security, 2017.
[79] S.-H. Kim, I.-Y. Ko, and S.-H. Kim, “Quality of private information (qopi)
model for effective representation and prediction of privacy controls in
mobile computing,” Computers & Security, vol. 66, pp. 1–19, 2017.
[80] O.-J. Lee, H. L. Nguyen, J. E. Jung, T.-W. Um, and H.-W. Lee, “Towards
ontological approach on trust-aware ambient services,” IEEE Access,
vol. 5, pp. 1589–1599, 2017.
[81] R. Kitchin, “Getting smarter about smart cities: Improving data privacy
and data security,” 2016.
[82] G. Xu, Y. Cao, Y. Ren, X. Li, and Z. Feng, “Network security situation
awareness based on semantic ontology and user-defined rules for internet
of things,” IEEE Access, vol. 5, pp. 21046–21 056, 2017.
[83] A. Meijer and M. P. R. Bolívar, “Governing the smart city: a review
of the literature on smart urban governance,” International Review of
Administrative Sciences, vol. 82, no. 2, pp. 392–408, 2016.
[84] N. Walravens, “Mobile business and the smart city: Developing a business
model framework to include public design parameters for mobile city
services,” Journal of theoretical and applied electronic commerce research,
vol. 7, no. 3, pp. 121–135, 2012.
[85] M. Batty, K. W. Axhausen, F. Giannotti, A. Pozdnoukhov, A. Bazzani,
M. Wachowicz, G. Ouzounis, and Y. Portugali, “Smart cities of the future,
The European Physical Journal Special Topics, vol. 214, no. 1, pp. 481–
518, 2012.
[86] S. Misra, M. Maheswaran, and S. Hashmi, Security challenges and ap-
proaches in internet of things. Springer, 2017.
[87] W. Hurst, N. Shone, A. El Rhalibi, A. Happe, B. Kotze, and B. Duncan,
“Advancing the micro-ci testbed for iot cyber-security research and educa-
tion,” CLOUD COMPUTING 2017, p. 139, 2017.
[88] N. Aleisa and K. Renaud, “Yes, i know this iot device might invade my
privacy, but i love it anyway! a study of saudi arabian perceptions,” 2017.
[89] C. Perera, R. Ranjan, L. Wang, S. U. Khan, and A. Y. Zomaya, “Privacy
of big data in the internet of things era,” IEEE IT Special Issue Internet of
Anything, vol. 6, 2015.
[90] Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management for
internet of things,” Journal of network and computer applications, vol. 42,
pp. 120–134, 2014.
[91] X. Li, R. Lu, X. Liang, X. Shen, J. Chen, and X. Lin, “Smart commu-
nity: an internet of things application,” IEEE Communications Magazine,
vol. 49, no. 11, 2011.
[92] A. Acquisti, L. Brandimarte, and G. Loewenstein, “Privacy and human
behavior in the age of information,” Science, vol. 347, no. 6221, pp. 509–
514, 2015.
[93] C. Perera, C. McCormick, A. K. Bandara, B. A. Price, and B. Nuseibeh,
“Privacy-by-design framework for assessing internet of things applications
and platforms,” in Proceedings of the 6th International Conference on the
Internet of Things. ACM, 2016, pp. 83–92.
[94] K. Xu, Y. Qu, and K. Yang, “A tutorial on the internet of things: From a
heterogeneous network integration perspective,” IEEE Network, vol. 30,
no. 2, pp. 102–108, 2016.
VOLUME 4, 2016 11
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2018.2853985, IEEE Access
Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS
[95] S. Yu, M. Liu, W. Dou, X. Liu, and S. Zhou, “Networking for big data:
A survey,” IEEE Communications Surveys & Tutorials, vol. 19, no. 1, pp.
531–549, 2017.
[96] D. Puthal, S. Nepal, R. Ranjan, and J. Chen, “Threats to networking cloud
and edge datacenters in the internet of things,” IEEE Cloud Computing,
vol. 3, no. 3, pp. 64–71, 2016.
[97] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “Ddos in the iot: Mirai
and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.
[98] S. Yu, G. Gu, A. Barnawi, S. Guo, and I. Stojmenovic, “Malware propaga-
tion in large-scale networks,” IEEE Transactions on Knowledge and Data
Engineering, vol. 27, no. 1, pp. 170–179, 2015.
[99] B. Liu, M. S. Andersen, F. Schaub, H. Almuhimedi, S. Zhang, N. Sadeh,
A. Acquisti, and Y. Agarwal, “Follow my recommendations: A person-
alized privacy assistant for mobile app permissions,” in Symposium on
Usable Privacy and Security, 2016.
[100] M. A. Ferrag, L. Maglaras, and A. Ahmim, “Privacy-preserving schemes
for ad hoc social networks: A survey,” IEEE Communications Surveys &
Tutorials, vol. 19, no. 4, pp. 3015–3045, 2017.
[101] S. Finster and I. Baumgart, “Privacy-aware smart metering: A survey,”
IEEE Communications Surveys & Tutorials, vol. 16, no. 3, pp. 1732–1745,
[102] Z. Ning, F. Xia, N. Ullah, X. Kong, and X. Hu, “Vehicular social
networks: Enabling smart mobility,” IEEE Communications Magazine,
vol. 55, no. 5, pp. 16–55, 2017.
[103] R. Petrolo, V. Loscri, and N. Mitton, “Towards a smart city based on cloud
of things, a survey on the smart city vision and paradigms,” Transactions
on Emerging Telecommunications Technologies, vol. 28, no. 1, 2017.
[104] T. Gong, H. Huang, P. Li, K. Zhang, and H. Jiang, “A medical healthcare
system for privacy protection based on iot,” in Parallel Architectures,
Algorithms and Programming (PAAP), 2015 Seventh International Sym-
posium on. IEEE, 2015, pp. 217–222.
[105] L. Tan and N. Wang, “Future internet: The internet of things,” in Ad-
vanced Computer Theory and Engineering (ICACTE), 2010 3rd Interna-
tional Conference on, vol. 5. IEEE, 2010, pp. V5–376.
[106] K. Angrishi, “Turning internet of things (iot) into internet of vulnerabili-
ties (iov): Iot botnets,” arXiv preprint arXiv:1702.03681, 2017.
[107] M. Hutson, “A matter of trust.” Science (New York, NY), vol. 358, no.
6369, p. 1375, 2017.
[108] M. Chiang and T. Zhang, “Fog and iot: An overview of research opportu-
nities,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 854–864, 2016.
[109] E. Bastug, M. Bennis, M. Médard, and M. Debbah, “Toward inter-
connected virtual reality: Opportunities, challenges, and enablers,” IEEE
Communications Magazine, vol. 55, no. 6, pp. 110–117, 2017.
LEI CUI (S’17) received a B.S. from the Col-
lege of Electrical and Power Engineering, Taiyuan
University of Technology, China, in 2010. He is
currently pursuing a Ph.D. at the school of Infor-
mation Technology, Deakin University, Australia.
His research interests include security and privacy
issues in the IoT, social networks, and Big Data.
GANG XIE received a B.S. in control theory and
a Ph.D. in circuits and systems from Taiyuan Uni-
versity of Technology, China, in 1994 and 2006,
respectively. He is currently the vice president of
Taiyuan University of Science and Technology,
China, and has also been a professor of Taiyuan
University of Technology since 2008. His main re-
search interests cover intelligent information pro-
cessing, complex networks and Big Data. He has
received six provincial science and technology
awards, authored more than 100 papers and held five invention patents.
YOUYANG QU (S’17) received a B.S. in 2012
and an M.S. in 2015 from Beijing Institute of
Technology. He is currently pursuing a Ph.D. at the
School of Information Technology, Deakin Uni-
versity. His research interests focus on addressing
security and privacy issues in social networks,
cloud computing, IoT, and Big Data.
LONGXIANG GAO (SM’17) received a Ph.D. in
Computer Science from Deakin University, Aus-
tralia. He is currently a Lecturer at the School of
Information Technology, Deakin University. Be-
fore joining Deakin University, he was a post-
doctoral research fellow at IBM Research and
Development Australia. His research interests in-
clude data processing, mobile social networks,
Fog computing and network security.
Dr. Gao has over 30 publications, including
patents, monographs, book chapters, and journal and conference papers.
Some of his publications have been published in the top venues, such as
IEEE TMC, IEEE IoT, IEEE TDSC and IEEE TVT. He received the 2012
Chinese Government Award for Outstanding Students Abroad (Ranked No.1
in Victoria and Tasmania consular districts). Dr. Gao is a Senior Member of
IEEE and is active in IEEE Communication Society. He has served as the
TPC co-chair, publicity co-chair, organization chair and TPC member for
many international conferences.
YUNYUN YANG received a B.Sc. in 2010
in Mathematics and Applied Mathematics from
Xinzhou Teachers University, Xinzhou, China,
and an M.Sc. degree in Computer Engineering
from Yanshan University, Qinhuangdao, China in
2013. She received a Ph.D. from the College of
Information Engineering, Taiyuan University of
Technology, in 2017. She is currently a teacher in
the College of Electrical and Power Engineering,
Taiyuan University of Technology. Her research
interests include complex networks, Big Data, and machine learning.
12 VOLUME 4, 2016
... The system comprises of serious game and a wearable sensor network to improve the engagement of patients during the rehabilitation process [21]. With respect to the environment, a study reported an AR-based prototype of the bicycle that with the use of IOT, can promote and encourage the bikesharing concept in a community [22]. Another study combined the IOT with AR for the measurement of air quality and other environmental factors. ...
Full-text available
s: Augmented Reality (AR) and the Internet of Things (IOT) are trending technologies that have gained popularity in smart cities. In this paper, we propose a non-expansive and uncomplicated prototype that combines the two technologies, namely, the Internet of Things and Augmented Reality, to build an air quality monitoring system for a smart environment. The webAR application developed can be used on any device, and it control measurements of temperature, humidity, and air quality data collected from multiple IOT devices. In addition to the ease of use and speed of loading compared to other applications, our prototype offers an application that does not require installation, a major factor that limits user use. Finally, the paper indicates the prospects of these technologies and the challenges their development is facing.
... For example in the projects of smart cities, all the controls are done by the devices. In year 2015 a cyber attack was done by a group in the Ukrainian residents and 230000 people suffered from no-supply of electricity as the target was an electric gride [2]. To protect domain of IoT encryption can play a vital role. ...
In this contemporary age of technological advancements, the expanse of IoT devices has permeated every facet of our surroundings. IoT has evolved into an indispensable component across various domains. The proliferation of IoT devices has inevitably brought forth concerns regarding the security of the data they produce. With the accumulation of exabytes of data from IoT devices, a pressing need for ensuring data security, particularly as it traverses the internet, has arisen. The consistent generation of substantial data by IoT devices on a daily basis further complicates the task of safeguarding this information. Cryptography emerges as a potent solution in addressing this challenge. By leveraging cryptographic techniques, it becomes feasible to establish a robust and effective layer of security within the realm of IoT. This study is primarily dedicated to the escalating presence of IoT devices and the role of cryptography in furnishing solutions for managing the data generated by these IoT devices.
... For example, we have assigned rewards by smart contracts, and a number is defined as 1000 thumbs up [14]. Then these likes are defined as transactions, and every like is supposed to be stored and registered by one BPSC each and saved into the blockchain [15]. This process becomes very long and time-consuming. ...
Full-text available
Blockchain decentralization is a reference to decision making and transferring of data control. It is derived as a distributed network from a centralized network, either in an individual, organization, or group. The decentralized system reduces the user’s trust level, which has to be shown by one another. Instead, they confine the functionality of the system network to be degraded. This determines the ability to control the decentralized system using smart contracts. In this paper, we propose a blockchain decentralization system on the smart contracts produced by the blocks. This is called smart blockchain. Smart blockchain or Smart chain is the new generation of blockchain network that allows one or more than a smart contract. The decentralized system of smart contracts here collects the data accurately and flawlessly. The decentralized nature of smart blockchain ensures that there is no single point of control or failure, making it resistant to tampering, hacking, and other malicious activities. Simultaneously this decentralization method helps store and register the data in new blocks. The complete process of a transaction is automatic, without any human interaction. The blockchain used in networks like Ethereum, etc., can be entirely replaced by the smart blockchain or smart chain. The deployment and registration done in smart contracts are overcome with the smart blockchain. We have worked on the four processes in this paper. They are new_block, new_transaction, last_block, and hash. Using the flask framework, the requests are communicated and satisfied on the HTTP Protocol. The further assessment of this decentralized system enabling the smart blockchain can bring a difference in application research, such as Smart Homes using IoT Technology. Smart blockchain technology evaluates security, complexity, privacy, integrity, and implementation protocols. Additionally, we experimentally show the protocols’ outperformance towards multiple blocks of a blockchain.
... In particular, the authors introduced seven-layer IoT-A model which highlights the importance of security mechanisms ensuring confidentiality, integrity, and availability capabilities for each layer, namely, things, data acquisition, fog networking, data aggregation, data centralization, data analytics and application. Similarly, Cui et al. (2018) extended the possible security methods along with specifying its existing weaknesses as heterogeneity of networks, vulnerability of fog systems, user-centric protection, rational data optimization, facilitating protection solutions. In a line, focusing on smart farming, Gupta et al. (2020) categorized potential cyber-attacks in four groups as data attacks, for example, attempts to change or falsify information, networking and equipment attacks which include malware injections or jamming attacks, supply chain attacks and attacks related with industry specificity as regulations, cyber terrorism, cloud computing issues. ...
Full-text available
The main purpose of the study is to present a bibliometric overview of the published research within the cybersecurity framework over the recent decade. The study applies bibliometric analysis in order to analyze the most relevant journals, authors, and countries, as well as the most cited papers between 2011 and 2021. We identified activity and relationship indicators about the distribution of articles over time, most-cited journals, and most relevant countries, co-author analysis, and keyword analysis. Different classifications have been made, including an analysis of the most influential journal, the most cited papers, the most relevant authors, and countries with over 20 publications in the field over the last decade. Also, the analysis identified four leading topics: cybersecurity management, intrusion detection and prevention, smart grids, cybercrime and cyberattacks.
Full-text available
Future connected and autonomous vehicles (CAVs) must be secured against cyberattacks for their everyday functions on the road so that safety of passengers and vehicles can be ensured. This article presents a holistic review of cybersecurity attacks on sensors and threats regarding multi‐modal sensor fusion. A comprehensive review of cyberattacks on intra‐vehicle and inter‐vehicle communications is presented afterward. Besides the analysis of conventional cybersecurity threats and countermeasures for CAV systems, a detailed review of modern machine learning, federated learning, and blockchain approach is also conducted to safeguard CAVs. Machine learning and data mining‐aided intrusion detection systems and other countermeasures dealing with these challenges are elaborated at the end of the related section. In the last section, research challenges and future directions are identified. This article is categorized under: Commercial, Legal, and Ethical Issues > Security and Privacy Technologies > Machine Learning Technologies > Internet of Things
Conference Paper
Full-text available
Modern smartphone platforms have millions of apps, many of which request permissions to access private data and resources, like user accounts or location. While these smartphone platforms provide varying degrees of control over these permissions, the sheer number of decisions that users are expected to manage has been shown to be unrealistically high. Prior research has shown that users are often unaware of, if not uncomfortable with, many of their permission settings. Prior work also suggests that it is theoretically possible to predict many of the privacy settings a user would want by asking the user a small number of questions. However, this approach has neither been operationalized nor evaluated with actual users before. We report on a field study (n=72) in which we implemented and evaluated a Personalized Privacy Assistant (PPA) with participants using their own Android devices. The results of our study are encouraging. We find that 78.7% of the recommendations made by the PPA were adopted by users. Following initial recommendations on permission settings, participants were motivated to further review and modify their settings with daily "pri-vacy nudges." Despite showing substantial engagement with these nudges, participants only changed 5.1% of the settings previously adopted based on the PPA's recommendations. The PPA and its recommendations were perceived as useful and usable. We discuss the implications of our results for mobile permission management and the design of personalized privacy assistant solutions.
Full-text available
We continue a line of research initiated in Dinur and Nissim (2003); Dwork and Nissim (2004); and Blum et al. (2005) on privacy-preserving statistical databases. Consider a trusted server that holds a database of sensitive information. Given a query function $f$ mapping databases to reals, the so-called {\em true answer} is the result of applying $f$ to the database. To protect privacy, the true answer is perturbed by the addition of random noise generated according to a carefully chosen distribution, and this response, the true answer plus noise, is returned to the user. Previous work focused on the case of noisy sums, in which $f = \sum_i g(x_i)$, where $x_i$ denotes the $i$th row of the database and $g$ maps database rows to $[0,1]$. We extend the study to general functions $f$, proving that privacy can be preserved by calibrating the standard deviation of the noise according to the {\em sensitivity} of the function $f$. Roughly speaking, this is the amount that any single argument to $f$ can change its output. The new analysis shows that for several particular applications substantially less noise is needed than was previously understood to be the case. The first step is a very clean definition of privacy---now known as differential privacy---and measure of its loss. We also provide a set of tools for designing and combining differentially private algorithms, permitting the construction of complex differentially private analytical tools from simple differentially private primitives. Finally, we obtain separation results showing the increased value of interactive statistical release mechanisms over non-interactive ones.
Full-text available
Researchers are studying why many consumers are apprehensive about autonomous vehicles, and how to put them at ease.
Full-text available
The recent expansion of the Internet of Things (IoT) and the consequent explosion in the volume of data produced by smart devices have led to the outsourcing of data to designated data centers. However, to manage these huge data stores, centralized data centers such as cloud storage cannot afford auspicious way. There are many challenges that must be addressed in the traditional network architecture due to the rapid growth in the diversity and number of devices connected to the internet, which is not designed to provide high availability, real-time data delivery, scalability, security, resilience, and low latency. To address these issues, this paper proposes a novel blockchain-based distributed cloud architecture with a Software Defined Networking (SDN) enable controller fog nodes at the edge of the network to meet the required design principles. The proposed model is a distributed cloud architecture based on blockchain technology, which provides low-cost, secure, and on-demand access to the most competitive computing infrastructures in an IoT network. By creating a distributed cloud infrastructure, the proposed model enables cost-effective high-performance computing. Furthermore, to bring computing resources to the edge of the IoT network and allow low latency access to large amounts of data in a secure manner, we provide a secure distributed fog node architecture that uses SDN and blockchain techniques. Fog nodes are distributed fog computing entities that allow the deployment of fog services, and are formed by multiple computing resources at the edge of the IoT network. We evaluated the performance of our proposed architecture and compared it with the existing models using various performance measures. The results of our evaluation show that performance is improved by reducing the induced delay, reducing the response time, increasing throughput, and the ability to detect real-time attacks in the IoT network with low performance overheads.
Full-text available
As modern vehicle and communication technologies advanced apace, people begin to believe that Intelligent Transportation System (ITS) would be achievable in one decade. ITS introduces information technology to the transportation infrastructures and aims to improve road safety and traffic efficiency. However, security is still a main concern in Vehicular Communication Systems (VCS). This can be addressed through secured group broadcast. Therefore, secure key management schemes are considered as a critical technique for network security. In this paper, we propose a framework for providing secure key management within the heterogeneous network. The security managers (SMs) play a key role in the framework by capturing the vehicle departure information, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel network topology based on a decentralised blockchain structure. The blockchain concept is proposed to simplify the distributed key management in heterogeneous VCS domains. The second part of the framework uses the dynamic transaction collection period to further reduce the key transfer time during vehicles handover. Extensive simulations and analysis show the effectiveness and efficiency of the proposed framework, in which the blockchain structure performs better in term of key transfer time than the structure with a central manager, while the dynamic scheme allows SMs to flexibly fit various traffic levels.
Secure messages exchange among different vehicles is one of the most challenging tasks in future smart cities. Any malicious activity has the potential to compromise the confidentiality, integrity, and authenticity of messages exchanged between different vehicles. To ensure secure message communication among the vehicles in a smart city environment, a novel scheme using elliptic curve cryptographic (ECC) technique has been presented in this paper. For this purpose, a two-level authentication key exchange scheme has been designed. In the first level authentication, CHs are verified by series of messages exchanged between CHs and the CA. The verified CHs are responsible for authentication of vehicles in the second level authentication, followed by exchange of messages between CH and vehicle. The security analysis using widely-accepted Burrows-Abadi-Needham (BAN) logic, formal security analysis using random oracle model and verification using the widely-known Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, and also the informal security analysis have been done with respect to various types of attacks. Moreover, a comparative analysis of the proposed scheme with existing related schemes reveals that it generates low overhead and latency, and high reliability during messages exchange between vehicles and the CA.
This book discusses how smart cities strive to deploy and interconnect infrastructures and services to guarantee that authorities and citizens have access to reliable and global customized services. The book addresses the wide range of topics present in the design, development and running of smart cities, ranging from big data management, Internet of Things, and sustainable urban planning. The authors cover - from concept to practice – both the technical aspects of smart cities enabled primarily by the Internet of Things and the socio-economic motivations and impacts of smart city development. The reader will find smart city deployment motivations, technological enablers and solutions, as well as state of the art cases of smart city implementations and services. · Provides a single compendium of the technological, political, and social aspects of smart cities; · Discusses how the successful deployment of smart Cities requires a unified infrastructure to support the diverse set of applications that can be used towards urban development; · Addresses design, development and running of smart cities, including big data management and Internet of Things applications
The recent advances in mobile technologies have resulted in IoT-enabled devices becoming more pervasive and integrated into our daily lives. The security challenges that need to be overcome mainly stem from the open nature of a wireless medium such as a Wi-Fi network. An impersonation attack is an attack in which an adversary is disguised as a legitimate party in a system or communications protocol. The connected devices are pervasive, generating high-dimensional data on a large scale, which complicates simultaneous detections. Feature learning, however, can circumvent the potential problems that could be caused by the large-volume nature of network data. This study thus proposes a novel Deep-Feature Extraction and Selection (D-FES), which combines stacked feature extraction and weighted feature selection. The stacked autoencoding is capable of providing representations that are more meaningful by reconstructing the relevant information from its raw inputs. We then combine this with modified weighted feature selection inspired by an existing shallow-structured machine learner. We finally demonstrate the ability of the condensed set of features to reduce the bias of a machine learner model as well as the computational complexity. Our experimental results on a well-referenced Wi-Fi network benchmark dataset, namely, the Aegean Wi-Fi Intrusion Dataset (AWID), prove the usefulness and the utility of the proposed D-FES by achieving a detection accuracy of 99.918% and a false alarm rate of 0.012%, which is the most accurate detection of impersonation attacks reported in the literature.
The Internet-of-Things (IoT) is an evolutionary paradigm seamlessly integrating an enormous number of smart objects within the Internet. Recently, with the rapid growth and universality of wearable technology, novel security threats are emerging at the system level as well as at edge nodes in IoT-based networks. In this study, we envision a future IoT scenario in which end-users are with smart wearable objects related to human brainwave retrieval. A novel transparent authentication system using brainwaves as bio-features for IoT-based networks is proposed. In brief, this study firstly provides a comprehensive review of transparent authentication in recent years and presents the state of the art of this important research field. Secondly, we investigate the feasibility of extracting long-term memory ability from users' brainwaves. Thirdly, we conduct the bio-features identified in the brainwaves of users as authentication tokens in the proposed authentication system which transparently performs continuous (or real-time) entity verification in the background without the need for direct input from the user. Experiment results demonstrate the efficacy of the proposed authentication system in achieving high verification accuracy. IEEE
Many modern cities strive to integrate information technology into every aspect of city life to create so-called smart cities. Smart cities rely on a large number of application areas and technologies to realize complex interactions between citizens, third parties, and city departments. This overwhelming complexity is one reason why holistic privacy protection only rarely enters the picture. A lack of privacy can result in discrimination and social sorting, creating a fundamentally unequal society. To prevent this, we believe that a better understanding of smart cities and their privacy implications is needed. We therefore systematize the application areas, enabling technologies, privacy types, attackers and data sources for the attacks, giving structure to the fuzzy term “smart city”. Based on our taxonomies, we describe existing privacy-enhancing technologies, review the state of the art in real cities around the world, and discuss promising future research directions. Our survey can serve as a reference guide, contributing to the development of privacy-friendly smart cities.