INTERNET OF THINGS
At its core, the idea of the Internet of Things (IoT) can be defined in one simple sentence: “a worldwide network of interconnected entities.” Still, this core idea can be expanded in a multitude of ways. One of the cornerstone concepts of the IoT, the “things” themselves, actually encompasses multiple types of devices: from simple RFID tags and wireless sensor devices to complex systems like connected cars, consumer devices such as TVs and cameras, and even basic facilities like fridges and doors. The scope of the IoT can also be refined and/or extended, covering new areas such as in the Industrial Internet of Things (describing how IoT applies to the industrial and manufacturing sector) and in the Internet of Everything (which includes the things alongside people, processes, data, and their connections). Moreover, the IoT has become closely related to other paradigms, either because they have similar core values (as is the case with machine-to-machine systems and cyber-physical systems), or because they make use of one another (as is the case with Edge Computing). This heterogeneity, plus other factors, make the creation of fault-tolerant IoT infrastructures that are protected against failures and attacks a very complex task . For this very reason, over the last few years NICS has been working on the development of novel IoT security and privacy mechanisms.
One example are the challenges that IoT security and privacy face in areas such as Industry 4.0 (SEGRES, SADCIP) and Industry 5.0 (SecTwin, DISS-IIoT), 5G (5G+TACTILE_4), and Edge Computing (SecureEDGE, SMOG). As IoT is one of the core concepts of the Industry 4.0, it is essential to assess how IoT-enabled cyberattacks can affect our critical infrastructures . Precisely, NICS has developed a novel APTs (Advanced Persistent threats) traceability solution for industrial ecosystems  that can also integrate the output of industrial IoT devices, regardless of the technologies used . As for 5G and Edge Computing, NICS mainly focuses on innovative deployment strategies of intrusion detection systems. These strategies include not only the deployment of passive detection mechanisms from a bottom-up perspective (crowdsourced IoT entities ) and from a top-down perspective (immune system-like agents deployed from the cloud ), but also the deployment of proactive agents (i.e. honeypots) that actively analyze the behavior of malicious IoT entities . Besides, NICS has also explored other security and privacy aspects related to 5G and Edge computing, including the integration of security and privacy mechanisms in the Internet of Vehicles , the deployment of a distributed and user-friendly privacy platform , and even the security of the Edge itself . Finally, we have studied the requirements related to the certification of IoT devices (CIES), and provided some solutions that allow human operators to reduce the time needed to analyze a device .
Other mechanisms that are being actively studied by NICS researchers include trust and IoT forensics. On the subject of trust and the IoT, we are tackling several challenges, such as the inclusion of trust in the development of an IoT entity considering all the phases of its life-cycle , and the creation of trusted local IoT environments (e.g. smart homes) through segmentation and trust management . Precisely, in this line of work we have analyzed the behavior of smart home devices, and defined trust models that aim to address their security risks . Many of these developments have been carried out under the umbrella of several projects, such as IoT-Trust.
As for IoT forensics, our work focuses on two areas: the development of cybersecurity profiles, where we automate the process of gathering IoT data (extracted from devices  or the cloud ) and link it to human users, and the creation of ‘Digital Witnesses’, where IoT devices are capable of obtaining, safeguarding, and securely electronic evidence related to a (cyber)crime . During the development of these concepts, carried out under the IoTest project, we carefully considered the privacy of users: our work allows citizens to share their data with some privacy guarantees .
There are other security challenges that have been studied by NICS in the last years, such as the security requirements and protocols that will be needed in a distributed IoT. Here, multiple entities located at the edge of the network can locally and remotely collaborate with each other without depending on a purely centralized infrastructure. In the context of various projects, such as SPRINT, NESSoS, and IOT-SEC, we studied the security challenges  and secure engineering challenges  related to this particular deployment strategy, developed various security protocols such as key exchange between constrained clients and servers , and analyzed the feasibility of new deployment models where local IoT environments, such as smart homes, behave as interconnected islands .
Finally, in previous projects, NICS has developed several IoT security mechanisms in scenarios such as i) Smart homes, where we studied attacks and countermeasures related to wireless hacking ; ii) Smart Cities (ENVIA), where we studied how smart pavement and other local (e.g. mobile phones) and remote entities (e.g. Internet Services) could securely interact with each other; iii) Intelligent Transport systems (DEPHISIT, SAVE) where sensors located within a vehicle enabled value-added services such as traffic management and road safety, and iv) e-Health, where we analyzed the secure interaction of IoT building blocks (WSN, RFID) .
Wireless Sensor Networks
In addition to our work on the Internet of Things, NICS has also been involved in the security of sensor devices that are not directly connected to the Internet: Wireless Sensor Networks (WSN). Such networks must implement various lightweight underlying protocols, such as routing, aggregation, and time synchronization, to enable the provisioning of its services. Still, these protocols are not enough to adequately protect WSNs . It is necessary to implement various security mechanisms that will provide support for the different protocols of the network. Moreover, such security mechanisms must be adapted to the specific requirements of the WSNs applications and environments, so as to optimally make use of the limited network resources.
At NICS, we have studied and designed many of these security mechanisms in the context of several projects, such as ARES and CRISIS. In particular, not only we have studied the different security primitives that can be used in a WSN , but also we have analyzed how keys can be transmitted using out-of-band channels , how public key infrastructures could be applied in this context , and how key management systems can be optimally selected to manage the cryptographic keys used by those primitives . Beyond the creation of secure channels, we have also investigated how other supporting protocols, such as intrusion detection systems  and trust management systems , can benefit all the protocols of the network by giving a quasi-real-time map on the state of the network and the behavior of its elements. Finally, we also have investigated how all these mechanisms could be efficiently integrated into a software architecture, devising a transversal layer that retains the benefits of layered architectures while limiting the disadvantages of cross-layer architectures . Precisely, some of the ideas of this transversal layer were applied to a peer-to-peer context in the SMEPP project  and in the Feel@Home project .
Another aspect related to the security of WSN is location privacy . An adversary can obtain sensitive information about the network itself or the area/phenomenon being monitored. In particular, the location of the nodes reporting data , and consequently the location of events, is part of the information that could be leaked because of the nature of WSNs, more precisely due to the communications pattern. NICS considers that this contextual data must be carefully protected since the events can be directly related either to individuals or to important assets. The criticality of the location privacy problem is evident in many current WSNs scenarios, such as Critical Infrastructure monitoring, endangered animal species surveillance, and cargo tracking. On top of that, the communication pattern may also reveal the location of the base station, which may result in attackers being able to compromise the whole network. In this respect, we devised a solution which was capable of providing robust protect against traffic analysis attacks  as well as against node compromise attacks .
- (2011): Securing the Internet of Things. In: IEEE Computer, vol. 44, no. 9, pp. 51 -58, 2011, ISSN: 0018-9162.
- (2018): Evolution and Trends in the Security of the Internet of Things. In: IEEE Computer, vol. 51, pp. 16-25, 2018, ISSN: 0018-9162.
- (2021): Risk Assessment for IoT-Enabled Cyber-Physical Systems. In: Advances in Core Computer Science-Based Technologies, pp. 157-173, Springer International Publishing, Cham, 2021, ISBN: 978-3-030-41196-1.
- (2018): Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection. In: The 12th International Conference on Critical Information Infrastructures Security, pp. 119-130, Springer Springer, 2018.
- (2018): Survey of IoT-enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services. In: IEEE Communications Surveys and Tutorials, vol. 20, pp. 3453-3495, 2018, ISSN: 1553-877X.
- (2020): Integration of a Threat Traceability Solution in the Industrial Internet of Things. In: IEEE Transactions on Industrial Informatics, vol. 16, no. 6575-6583, 2020, ISSN: 1551-3203.
- (2018): Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation. In: Mobile Networks and Applications (MONET), pp. 881-889, 2018, ISSN: 1383-469X.
- (2019): Immune System for the Internet of Things using Edge Technologies. In: IEEE Internet of Things Journal, vol. 6, pp. 4774-4781, 2019, ISSN: 2327-4662.
- (2018): A comprehensive methodology for deploying IoT honeypots. In: 15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2018), pp. 229–243, Springer Nature Switzerland AG Springer Nature Switzerland AG, Regensburg (Germany), 2018.
- (2019): Edge-Assisted Vehicular Networks Security. In: IEEE Internet of Things Journal, vol. 6, pp. 8038-8045, 2019, ISSN: 2327-4662.
- (2022): Personal IoT Privacy Control at the Edge. In: IEEE Security & Privacy, vol. 20, pp. 23 – 32, 2022, ISSN: 1540-7993.
- (2017): From Smog to Fog: A Security Perspective. In: 2nd IEEE International Conference on Fog and Edge Mobile Computing (FMEC 2017), pp. 56-61, IEEE Computer Society IEEE Computer Society, Valencia, Spain. 8-11 May 2017, 2017, ISBN: 978-1-5386-2859-1.
- (2018): Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges. In: Future Generation Computer Systems, vol. 78, pp. 680-698, 2018, ISSN: 0167-739X.
- (2022): AndroCIES: Automatización de la certificación de seguridad para aplicaciones Android. In: XVII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2022), pp. 192-197, Ediciones Universidad Cantabria Ediciones Universidad Cantabria, Santander, Spain, 2022.
- (2018): A Trust-by-Design Framework for the Internet of Things. In: 2018 9th IFIP International Conference on New Technologies Mobility and Security (NTMS), IEEE IEEE, Paris, 2018, ISSN: 2157-4960.
- (2019): TrUStAPIS: A Trust Requirements Elicitation Method for IoT. In: International Journal of Information Security, pp. 111-127, 2019, ISSN: 1615-5262.
- (2020): A Model Specification Implementation for Trust Negotiation. In: The 14th International Conference on Network and System Security (NSS 2020), pp. 327-341, Springer Springer, Melbourne, Australia, 2020.
- (2022): Novel Approaches for the Development of Trusted IoT Entities. In: 37th International Conference on ICT Systems Security and Privacy Protection – IFIP SEC 2022, pp. 215-230, Springer Springer, Copenhagen, 2022, ISSN: 1868-4238.
- (2022): Verification and Validation Methods for a Trust-by-Design Framework for the IoT. In: 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’22), pp. 183-194, Springer Springer, Newark, NJ, USA, 2022, ISBN: 978-3-031-10683-5.
- (2019): A Segregated Architecture for a Trust-based Network of Internet of Things. In: IEEE Consumer Communications & Networking Conference 2019, IEEE IEEE, Las Vegas (USA), 2019.
- (2019): An Analysis of Trust in Smart Home Devices. In: The 20th World Conference on Information Security Applications: WISA-Workshop 2019, Springer Springer, Jeju Island, Korea, 2019.
- (2019): Cybersecurity Profiles based on Human-Centric IoT Devices. In: Human-centric Computing and Information Sciences, vol. 9, no. 1, pp. 1-23, 2019, ISSN: 2192-1962.
- (2020): Becoming JUDAS: Correlating Users and Devices during a Digital Investigation. In: IEEE Transactions on Information Forensics & Security, vol. 15, pp. 3325-3334, 2020, ISSN: 1556-6013.
- (2016): Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices. In: IEEE Network, pp. 12-19, 2016, ISSN: 0890-8044.
- (2018): IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations. In: Sensors, vol. 18, no. 492, 2018, ISSN: 1424-8220.
- (2013): On the features and challenges of security and privacy in distributed internet of things. In: Computer Networks, vol. 57, pp. 2266–2279, 2013, ISSN: 1389-1286.
- (2013): Towards Engineering Trust-aware Future Internet Systems. In: Franch, Xavier; Soffer, Pnina (Ed.): 3rd International Workshop on Information Systems Security Engineering (WISSE 2013), pp. 490-501, Springer-Verlag Springer-Verlag, Valencia, 2013, ISSN: 1865-1348.
- (2011): Key management systems for sensor networks in the context of the Internet of Things. In: Computers & Electrical Engineering, vol. 37, pp. 147-159, 2011, ISSN: 0045-7906.
- (2018): Feasibility of Societal Model for Securing Internet of Things. In: KSII Transactions on Internet and Information Systems, vol. 12, no. 8, pp. 3567-3588, 2018, ISSN: 1976-7277.
- (2022): A Test Environment for Wireless Hacking in Domestic IoT Scenarios. In: Mobile Networks and Applications, 2022, ISSN: 1383-469X.
- (2013): User-centric secure integration of personal RFID tags and sensor networks. In: Security and Communication Networks, vol. 6, pp. 1177–1197, 2013, ISSN: 1939-0114.
- (2005): On the Security of Wireless Sensor Networks. In: Computational Science and Its Applications (ICCSA’05), pp. 681-690, Springer Springer, Singapore, 2005, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- (2009): Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks. In: Foundations of Security Analysis and Design 2009, pp. 289-338, Springer Berlin/Heidelberg Springer Berlin/Heidelberg, Bertinoro (Italy), 2009, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- (2009): Integrating Wireless Sensor Networks and the Internet: A Security Analysis. In: Internet Research, vol. 19, no. 2, pp. 246-259, 2009, ISSN: 1066-2243.
- (2007): A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes. In: Mobile Networks and Applications, vol. 12, no. 4, pp. 231-244, 2007, ISSN: 1383-469X.
- (2008): On the Hardware Implementation Efficiency of Cryptographic Primitives. In: Lopez, Javier; Zhou, Jianying (Ed.): Wireless Sensor Network Security, IOS Press, 2008, ISBN: 978-1-58603-813-7.
- (2008): KeyLED – Transmitting Sensitive Data over out-of-band Channels in Wireless Sensor Networks. In: 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS’08), pp. 796-801, IEEE IEEE, Atlanta (USA), 2008, ISBN: 978-1-4244-2574-7.
- (2007): Applicability of Public Key Infrastructures in Wireless Sensor Networks. In: European PKI Workshop: Theory and Practice (EuroPKI’07), pp. 313-320, Springer Springer, Mallorca (Spain), 2007, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- (2006): Applying Key Infrastructures for Sensor Networks in CIP/CIIP Scenarios. In: 1st International Workshop on Critical Information Infrastructures Security (CRITIS’06), pp. 166-178, Springer Berlin / Heidelberg Springer Berlin / Heidelberg, 2006, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- (2008): A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks. In: Proceedings of the 7th International Conference on Cryptology and Network Security (CANS’08), pp. 120-132, Springer Springer, Hong Kong (China), 2008, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- (2012): On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks. In: Wireless Communications and Mobile Computing, vol. 12, pp. 133-143, 2012, ISSN: 1530-8669.
- (2011): SenseKey – Simplifying the Selection of Key Management Schemes for Sensor Networks. In: 5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11), IEEE IEEE, Singapore, 2011.
- (2012): Selecting key management schemes for WSN applications. In: Computers & Security, vol. 31, no. 38, pp. 956–966, 2012, ISSN: 0167-4048.
- (2006): Applying Intrusion Detection Systems to Wireless Sensor Networks. In: IEEE Consumer Communications & Networking Conference (CCNC 2006), pp. 640-644, IEEE IEEE, Las Vegas (USA), 2006, ISBN: 1-4244-0085-6.
- (2008): Situation Awareness Mechanisms for Wireless Sensor Networks. In: IEEE Communications Magazine, vol. 46, no. 4, pp. 102-107, 2008, ISSN: 0163-6804.
- (2011): Towards a Cooperative Intrusion Detection System for Cognitive Radio Networks. In: Workshop on Wireless Cooperative Network Security (WCNS’11), Springer Springer, 2011.
- (2007): A Survey on the Applicability of Trust Management Systems for Wireless Sensor Networks. In: 3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU’07), pp. 25-30, IEEE Computer Society IEEE Computer Society, Istanbul (Turkey), 2007.
- (2007): Featuring Trust and Reputation Management Systems for Constrained Hardware Devices. In: 1st International Conference on Autonomic Computing and Communication Systems (Autonomics’07), ICST ICST, Rome (Italy), 2007, ISBN: 978-963-9799-09-7.
- (2009): Trust and Reputation Systems for Wireless Sensor Networks. In: Gritzalis, Stefanos; Karygiannis, Tom; Skianis, Charalabos (Ed.): Security and Privacy in Mobile and Wireless Networking, pp. 105-128, Troubador Publishing Ltd, 2009, ISBN: 978-1905886-906.
- (2010): Trust Management Systems for Wireless Sensor Networks: Best practices. In: Computer Communications, vol. 33, no. 9, pp. 0140-3664, 2010, ISSN: 0140-3664.
- (2011): A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures. In: Wireless Communications and Mobile Computing, vol. 11, pp. 267-276, 2011, ISSN: 1530-8669.
- (2012): Secure architecure for the integration of RFID and sensors in personal networks. In: 7th International Workshop on Security and Trust Management (STM’11), pp. 207-222, Springer Springer, Copenhagen, Denmark, 2012, ISBN: 978-3-642-29962-9.
- (2009): SMEPP: A Secure Middleware for Embedded P2P. In: ICT Mobile and Wireless Communications Summit (ICT-MobileSummit’09), Santander (Spain), 2009, ISBN: 978-1-905824-12-0.
- (2012): Advanced Secure Multimedia Services for Digital Homes. In: Information Systems Frontiers, vol. 14, pp. 527-540, 2012, ISSN: 1387-3326.
- (2011): Digital Home Networking. Wiley-ISTE, 2011, ISSN: 1848213212.
- (2016): Location Privacy in Wireless Sensor Networks. Taylor & Francis, 2016, ISBN: 9781498776332.
- (2011): Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks. In: The Computer Journal, vol. 54, pp. 1603-1615, 2011, ISSN: 0010-4620.
- (2012): Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN. In: Foresti, Sara; Yung, Moti; Martinelli, Fabio (Ed.): 17th European Symposium on Research in Computer Security (ESORICS 2012), pp. 163-180, Springer Springer, Pisa, Italy, 2012, ISSN: 0302-9743.
- (2015): Probabilistic receiver-location privacy protection in wireless sensor networks. In: Information Sciences, vol. 321, pp. 205 – 223, 2015, ISSN: 0020-0255.