IoTBDS 2022 Abstracts

Area 1 - Big Data Research

Full Papers

Paper Nr:	12
Title:	Reliability Estimation of a Smart Metering Architecture using a Monte Carlo Simulation
Authors:	Tobias Altenburg, Matthias Volk, Daniel Staegemann and Klaus Turowski
Abstract:	The trend of connectivity dominates the technological progress. The number of networked devices is constantly increasing and the use of smart meters has become more societally relevant. For that reason, reliability is an important attribute of related architectures. To calculate reliability, it is required to do a specific analysis for the entire system. This paper describes a structured approach for calculating the reliability of smart meter architectures considering the limited data availability. For this, we combine Reliability Block Diagrams with a Monte Carlo simulation. The result is a realistic approximation of the system reliability, that can be used to evaluate optimization methods.
Download

Short Papers

Paper Nr:	34
Title:	The Concept of Identifiability in ML Models
Authors:	Stephanie von Maltzan
Abstract:	Recent research indicates that the machine learning process can be reversed by adversarial attacks. These attacks can be used to derive personal information from the training. The supposedly anonymising machine learning process represents a process of pseudonymisation and is, therefore, subject to technical and organisational measures. Consequently, the unexamined belief in anonymisation as a guarantor for privacy cannot be easily upheld. It is, therefore, crucial to measure privacy through the lens of adversarial attacks and precisely distinguish what is meant by personal data and non-personal data and above all determine whether ML models represent pseudonyms from the training data.
Download

Paper Nr:	50
Title:	Advanced Lightweight Cryptography for Automotive Security: Surveys, Challenges and Solutions
Authors:	Phuc Tran and Duc Cuong Nguyen
Abstract:	Recently, automotive embedded systems have become strong principles of computing, along with an increasing need for secure communication. The rapid development of the V2X (Vehicle-to-Everything) technology for the entity’s interconnection leads to the rise of attack surface and the demand for cryptographic security standard. In addition, the requirement of having secure automotive services and devices against not only current but also future attacks are emerged. Unfortunately, providing robust, secure solutions for automotive embedded systems still faces big challenges. Because of the distinctive characteristics and infrastructures of the vehicular networks, the requirements for automotive security are far more complicated as compared to other type of networks, such as conventional wireless networks, and mobile networks. In this paper, we present a comprehensive survey of the developments in automotive security from the perspective of lightweight cryptographic solutions, including lightweight algorithms and lightweight protocols. Furthermore, security challenges, issues and their cryptographic countermeasures as well as limitations of future automotive industry are also discussed. These strategies can be flexibly adapted to meet strict security levels of automotive security in the future.
Download

Area 2 - Internet of Things (IoT) Applications

Full Papers

Paper Nr:	40
Title:	Shifting towards Antifragile Critical Infrastructure Systems
Authors:	Hind Bangui, Barbora Buhnova and Bruno Rossi
Abstract:	Antifragility, which is an evolutionary understanding of resilience, has become a predominant concept in academic and industrial fields as the criticality of vital infrastructures (like healthcare and transportation) has become more flexible and varying due the impact of digitization and adverse circumstances, such as changing the prioritization of industrial services while accelerating IoT (Internet of Things) deployment during the COVID-19 pandemic. The crucial role of antifragility is to enable critical infrastructures to gain from disorder to foster their adaptability to real unexpected environmental changes. Thus, this paper aims to provide a comprehensive survey on the antifragility concept while clarifying the difference with the resilience concept. Moreover, it highlights how the COVID-19 crisis has revealed the fragility of critical infrastructures and unintentionally promoted the antifragility concept. To showcase the main concepts, we adopt the blockchain as an example of an antifragile system.
Download

Short Papers

Paper Nr:	48
Title:	A Framework for Seamless Offloading in IoT Applications using Edge and Cloud Computing
Authors:	Himesh Welgama, Kevin Lee and Jonathan Kua
Abstract:	Typical Internet of Things (IoT) deployments are resource-constrained, with limited computation and storage, high network latency, and low bandwidth. The introduction of Edge and Cloud computing provides a method of mitigating these shortfalls. This paper proposes a framework for structuring IoT applications to allow for seamless offloading (based on CPU load) of work from IoT nodes to Edge and Cloud computing resources. The proposed flexible framework utilises software to orchestrate multiple containerised IoT applications for optimal performance within available computational resources. Edge and Cloud servers co-operate autonomously to determine the appropriate resource allocation based on the requirements of running IoT applications in real-time. The result is a framework that is suited to perform with heterogeneous IoT hardware while improving overall computational performance, latency and bandwidth relative to IoT architectures that do not auto-scale. This framework is evaluated using an experimental setup with multiple IoT nodes, Edge nodes and Cloud computing resources. It demonstrates the approach is viable and results in a flexible and scalable IoT solution.
Download

Paper Nr:	22
Title:	An Information Security Model for an IoT-enabled Smart Grid
Authors:	Abeer Akkad, Gary Wills and Abdolbaghi Rezazadeh
Abstract:	The evolution of an Internet of Things-enabled Smart Grid affords better automation, communication, monitoring, and control of electricity consumption. It is now essential to supply and transmit the data required, to achieve better sensing, more accurate control, wider information communication and sharing, and more rational decision-making. However, the rapid growth in connected entities, accompanied by the increased demand for electricity, has resulted in several challenges to be addressed. One of these is protecting energy information exchange proactively, before an incident occurs. It is argued that Smart Grid systems were designed without any regard for security, which is considered a serious omission, especially for data security, energy information exchange, and the privacy of both the consumers and utility companies. This research is motivated by the gap identified in the requirements and controls for maintaining cybersecurity in the bi-directional data flow within the IoT-enabled Smart Grid. The initial stages of the research define and explore the challenges and security requirements, through the literature and industrial standards. The Threat Modelling identified nine internet-based threats. The analysis proposes a security model which includes 45 relevant security controls and 7 security requirements.
Download

Paper Nr:	29
Title:	Internet-of-Things Management of Medical Chairs and Wheelchairs
Authors:	Chelsea Yeh, Alexander W. Lee, Hudson K. Dy and Karin C. Li
Abstract:	In this paper, we describe the application of the technologies of the Internet-of-Things (IoT) to the management of wheelchairs and medical chairs such as geriatric (Geri) chairs or treatment chairs. Specifically, it seeks to monitor the status of high-risk or physically-weakened patients in hospitals or care facilities as they rest on wheelchairs or await treatment on medical chairs with sensor data collected by embedded pressure and motion sensors, and provide real-time alerts to the medical staff. The potential for injuries from high-risk individuals attempting to stand and falling is very serious. The injuries often result in additional complications to the underlying health condition requiring the use of the wheelchair or treatment. The proposed IoT wheelchair and medical chair management system will alert the staff immediately when a susceptible individual stands or attempt to stand, and allow them to take immediate remedial action. The motion data from the network of sensors is further processed by machine learning models which predict occupant intent regarding sit-to-stand transition, providing preventive alerts to the staff. The research consists of two parts. The first part created IoT-connected sensors and devices used to capture the occupant’s motion on the chair and send the data to a central server. The second part developed the staff alert application that runs on mobile phones and consoles located in the nurses' stations, that receive the information from the server.
Download

Area 3 - Internet of Things (IoT) Fundamentals

Full Papers

Paper Nr:	38
Title:	BRAIN-IoT Architecture and Platform for Building IoT Systems
Authors:	Salim Chehida, Saddek Bensalem, Davide Conzon, Enrico Ferrera and Xu Tao
Abstract:	The integration of Internet of Things (IoT) for building complex and critical systems requires powerful platforms enabling to deal with multiple issues, including modeling, monitoring, control, maintaining and management of IoT applications. In this work, the authors propose a new platform based on layered architecture that integrates a set of assets for model-based development of IoT systems. This platform named BRAIN-IoT aims to meet the new challenges of IoT applications and to reduce the effort for building and managing these applications. It consists of three frameworks that allow building decentralized IoT applications with computing capacity at the edge in a computing continuum with the cloud. The modeling and validation framework is used to design, develop, and validate IoT applications logic. The distributed execution framework provides an autonomic distributed infrastructure for the dynamic deployment and execution of IoT services on a mixed cloud-edge environment. The security framework enables access control, end-to-end security and privacy of data collected using IoT devices. The BRAIN-IoT platform is mapped to a well-established IoT reference architecture and experimented on two industrial use cases.
Download

Short Papers

Paper Nr:	4
Title:	Threat Modelling with the GDPR towards a Security and Privacy Metrics Framework for IoT Smart-farm Application
Authors:	Steph Rudd and Hamish Cunningham
Abstract:	This paper considers a balance between privacy and security provisions for IoT devices constrained by processing ability, energy consumption, and storage. Risk-driven testing is invoked in conjunction with the seven GDPR principles towards a metrics framework suitable for such an energy-conscious network within the domain of IoT-oriented smart-farms. The resulting metrics framework demonstrates how the influence of privacy can minimise processing requirements, whilst threat modeling assures security. The research concludes that several redundant security provisions can be replaced with privacy alternatives that improve energy efficiency.
Download

Paper Nr:	15
Title:	Constructing High Quality Bilingual Corpus using Parallel Data from the Web
Authors:	Sai M. Cheok, Lap M. Hoi, Su-Kit Tang and Rita Tse
Abstract:	Natural language machine translation system requires a high-quality bilingual corpus to support its efficient translation operation at high accuracy rate. In this paper, we propose a bilingual corpus construction method using parallel data from the Web. It acts as a stimulus to significantly speed up the construction. In our proposal, there are 4 phases. Parallel data is first pre-processed and refined into three sets of data for training the CNN model. Using the well-trained model, future parallel data can be selected, classified and added to the bilingual corpus. The training result showed that the test accuracy reached 98.46%. Furthermore, the result on precision, recall and f1-score is greater than 0.9, which outperforms RNN and LSTM models.
Download

Paper Nr:	20
Title:	A Failure Prediction Platform for Internet of Things Applications
Authors:	Daniel D. Gaudio, Amil Imeri and Pascal Hirmer
Abstract:	In the Internet of Things (IoT), interconnected devices communicate through standard Internet protocols to reach common goals. The IoT has reached a wide range of different domains including home automation, health, or manufacturing. With the rising amount of IoT applications, the demand for robustness is increasing as well, which is a difficult issue especially in large IoT applications including hundreds or even thousands of different devices. Devices tend to be very volatile and prone to failures. Usually, IoT devices are comprised of cheap hardware components which enables the creation of larger applications but also leads to an increased amount of failures that endanger operation of the IoT applications. To help in increasing robustness in the IoT, in this paper, we introduce the Failure Prediction Prediction Platform (FPP) for Internet of Things applications, which uses a machine learning based approach to predict failures. We evaluate our platform by showing how different failure prediction algorithms can be integrated and applied.
Download

Paper Nr:	45
Title:	Factors Influencing LoRa Communication in IoT Deployment: Overview and Experience Analysis
Authors:	Thierry Antoine-Santoni, Bastien Poggi, David Araujo and Chabi Babatounde
Abstract:	LoRa communication offers wireless sensor networks deployment for system or environmental monitoring over long distances and with low energy consumption. However, this radio communication technology is subject to environmental disturbances. In this paper, we propose an overview of the studies carried out on LoRa signal disturbances, taking the RSSI as a comparison parameter. Secondly, we extract the main influences to compare them with the data collected on the experimental platform of the Smart Village of Cozzano (Mediterranean area, Southern of Corsica island), a scientific program aiming to develop digital tools for the monitoring and the preservation of the environment. We use one of the most popular techniques in multivariate statistics, especially when analyzing large datasets, the principal component analysis (PCA). The results show the impact of some environmental parameters on communication quality.
Download

Paper Nr:	47
Title:	Seen to Unseen: When Fuzzy Inference System Predicts IoT Device Positioning Labels That Had Not Appeared in Training Phase
Authors:	Han Xu, Zheming Zuo, Jie Li and Victor Chang
Abstract:	Situating at the core of Artificial Intelligence (AI), Machine Learning (ML), and more specifically, Deep Learning (DL) have embraced great success in the past two decades. However, unseen class label prediction is far less explored due to missing classes being invisible in training ML or DL models. In this work, we propose a fuzzy inference system to cope with such a challenge by adopting TSK+ fuzzy inference engine in conjunction with the Curvature-based Feature Selection (CFS) method. The practical feasibility of our system has been evaluated by predicting the positioning labels of networking devices within the realm of the Internet of Things (IoT). Competitive prediction performance confirms the efficiency and efficacy of our system, especially when a large number of continuous class labels are unseen during the model training stage.
Download

Paper Nr:	49
Title:	Performance Analysis of Machine Learning Algorithms in Storm Surge Prediction
Authors:	Vai-Kei Ian, Rita Tse, Su-Kit Tang and Giovanni Pau
Abstract:	Storm surge has recently emerged as a major concern. In case it occurs, we suffer from the damages it creates. To predict its occurrence, machine learning technology can be considered. It can help ease the damages created by storm surge, by predicting its occurrence, if a good dataset is provided. There are a number of machine learning algorithms giving promising results in the prediction, but using different dataset. Thus, it is hard to benchmark them. The goal of this paper is to examine the performance of machine learning algorithms, either single or ensemble, in predicting storm surge. Simulation result showed that ensemble algorithms can efficiently provide optimal and satisfactory result. The accuracy of prediction reaches a level, which is better than that of single machine learning algorithms.
Download

Paper Nr:	42
Title:	Energy Consumption of a Hexspider Robot-o as Function of Footwear and Underground: Experimental Investigations
Authors:	Bernhard Heiden, Christian A. Koren, Volodymyr Alieksieiev and Bianca Tonino-Heiden
Abstract:	In this paper, the previously designed and implemented spiderino robot-o, or a robot used to act in a swarm for educational purposes, is investigated regarding his energy-consuming properties. An experimental setup consists of a platform inside which the spiderino robot-o can freely move with a fixed random movement program. Furthermore, the robot-o feet were equipped with footwear made of materials with different friction coefficients, non-equipped or plastics, equipped with cork, equipped with rubber, and the underground was chosen to be stone, wood, plastics, and with regard to floor inclination for all variants flat and for the stone variant also inclined by 10%. The results show a characteristic curve in energy consumption according to a slightly different behaviour concerning the material combinations of footwear and floor, which adapts energy consumption physically due to the specific footwear-underground combination.
Download

Area 4 - IoT Technologies

Short Papers

Paper Nr:	10
Title:	Real-Time Object Detection with Intel NCS2 on Hardware with Limited Resources for Low-power IoT Devices
Authors:	Jurij Kuzmic, Patrick Brinkmann and Günter Rudolph
Abstract:	This paper presents several models for real-time object detection with a hardware extension on hardware with limited resources. Additionally, a comparison of two approaches for detecting individual objects with Single-Shot Multibox Detection (SSD) and You Only Look Once (YOLO) architecture in a 2D image with Convolution Neural Networks (ConvNet) is presented. Here, we focus on an approach to develop real-time object detection for hardware with limited resources in the field of the Internet of Things (IoT). Also, our selected models are trained and evaluated with real data from model making area. In the beginning, related work of this paper is discussed. As well known, a large amount of annotated training data for supervised learning of ConvNet is required. The data acquisition of the different real data sets is also discussed in this paper. Additionally, our dissimilar object detection models are compared in accuracy and run time to find the better and faster system for object detection on hardware with limited resources for low-power IoT devices. Through the experiments described in this paper, the comparison of the run time depending on different hardware is presented. Furthermore, the use of a hardware extension is analysed in this paper. For this purpose, we use the Intel Neural Compute Stick 2 (NCS2) to develop real-time object detection on hardware with limited resources. Finally, future research and work in this area are discussed.
Download

Paper Nr:	27
Title:	An Approach to Privacy-Preserving Distributed Intelligence for the Internet of Things
Authors:	Tariq Alsboui, Hussain Al-Aqrabi, Richard Hill and Shamaila Iram
Abstract:	In the Internet of things (IoT), security and privacy issues are a fundamental challenge determining the successful implementation of many IoT applications. Distributed ledger technology (e.g., Blockchain) offers a great promise to solve these issues. Blockchain-based solutions support security and privacy, yet they involve significant energy due to mining, low throughput, and computational overhead that is not acceptable for IoT resource-constrained devices. In this paper, we propose a scalable Privacy-Preserving Distributed Intelligence approach (PPDI) by leveraging the IOTA technology. IOTA is an emerging distributed ledger technology that allows for zero fees transactions for the IoT. The proposed PPDI aims to address the privacy issues in the IoT by using the IOTA Masked Authenticated Messaging (MAM) protocol. MAM ensures privacy by encrypting and granting permission to authorized users to access data. This paper presents a healthcare scenario that demonstrate how IOTA MAM can be used to address the privacy issue in the IoT. The experimental results clearly show that the IOTA MAM is a feasible solution that can be used to solve privacy related issues in the IoT domain.
Download

Paper Nr:	30
Title:	Towards a Digital Twin Framework for Connected Vehicles
Authors:	Jan Gerhards, Tim Schneider and Pascal Hirmer
Abstract:	In the last decade, vehicles have become more and more sophisticated in terms of automated driving assistance systems, safety systems, such as sleep detection, or infotainment. These systems are enabled through a growing amount of sensors and actuators built into modern vehicles, including cameras, GPS, distance sensors, or collision detection sensors, each controlled by a growing number of ECUs. Using the data generated by these vehicles, new applications can be developed, the most promising being autonomous driving. However, besides the sensing capabilities, e.g., to detect other vehicles or pedestrians, it is also necessary to provide a high interconnection of multiple vehicles in traffic. By doing so, vehicles can notify other vehicles of hazardous driving conditions, accidents, or traffic jams, leading to an Internet of Vehicles. Yet, ensuring a reliable and uniform communication and coordination of multiple heterogeneous vehicles from different manufacturers is a challenging task. In this paper, we introduce a first approach for a digital twin framework intended for connected vehicles. It enhances connected vehicles with an administration shell, making it possible for them to be recognized by other vehicles and to communicate with them.
Download

Paper Nr:	31
Title:	Using Environmental Data for IoT Device Energy Harvesting Prediction
Authors:	Mansour Alzahrani, Alex S. Weddell and Gary B. Wills
Abstract:	There has been significant innovation in the domain of Internet of Things (IoT) as nowadays wireless data transmission is playing an essential role in various organizations like agriculture, defence, transportation, etc. Batteries are the most common option to power wireless devices. However, using batteries to power IoT devices has drawbacks including the cost and disruption of frequent battery replacement, and environmental concerns about battery disposal. Solar energy harvesting is a promising solution for long-term operation applications. However, solar energy harvesting varies drastically over location and time. Due to fluctuating weather conditions and the environmental effects on PV surface condition, output could be reduced and become insufficient. Environmental conditions including temperature, wind, solar irradiance, humidity, tilt angle and the dust accumulated over time on the photovoltaic (PV) module surface affects the amount of energy harvested. To address this issue, a novel solution is required to autonomously predict the harvested energy and plan the IoT device tasks accordingly, to enhance its performance and lifetime. Using Machine Learning (ML) algorithms could make it possible to predict how much energy can be harvested using weather forecast data. This research is ongoing, and aims to apply ML algorithms on historical weather data including environmental factors to generate solar energy predictions for IoT device energy budget planning.
Download

Paper Nr:	35
Title:	Improving Developer Productivity on Internet of Things using JavaScript
Authors:	Fernando L. Oliveira, Rafael R. Parizi and Júlio B. Mattos
Abstract:	C is a compiled language traditionally used to develop Internet of Things (IoT) systems. It requires higher target domain knowledge and attention to manual issues like memory management, particularly on constrained devices. In addition, the growing complexity of applications has fostered the use of interpreted languages for programming embedded software. However, little is known about how interpreted languages improve the development of IoT software. This paper reports an experiment comparing JavaScript and C languages over performance and coding. We implemented solutions for the same problem at hand through each language, keeping the same hardware platform. As a result, we identified that the JavaScript language could be considered an alternative for the Design Space Exploration phase. Since the perceived benefits from the programmer perspective overcome the higher performance achieved in the C-based solution, collaborating to better understand the trade-off between development, maintainability, and optimization on constrained devices.
Download

Paper Nr:	32
Title:	Reference Architecture for IoT Platforms towards Cloud Continuum based on Apache Kafka and Orchestration Methods
Authors:	Zoltán Farkas and Róbert Lovas
Abstract:	Apache Kafka is a widely used, distributed, open-source event streaming platform, which is available as a basic reference architecture for IoT use cases of the Autonomous Systems National Laboratory and other initiatives in Hungary, e.g. related to development of cyber-medical systems. This reference architecture offers a base for setting up a multi-node Kafka cluster on a Hungarian research infrastructure, ELKH Cloud. However, the capacity, accessibility or the availability of a given deployment using a single data center might not be sufficient. In this case Apache Kafka can be extended with additional nodes provisioned in the given cloud, but our solution also enables the expansion of the cluster by involving other cloud providers. In this paper we present our proposed approach for enhancing the existing basic reference architecture towards cloud continuum, i.e. allowing the supported IoT use cases to expand the resources of an already deployed Apache Kafka cluster with resources allocated even in third-party commercial cloud providers, such as Microsoft Azure and AWS leveraging on the functionalities of the Occopus cloud orchestrator.
Download

Area 5 - Security, Privacy and Trust

Full Papers

Paper Nr:	8
Title:	A Real-time Explainable Anomaly Detection System for Connected Vehicles
Authors:	Duc Cuong Nguyen, Kien Dang Nguyen and Simy Chacko
Abstract:	Anomaly detection is one of the key factors to identify and prevent attacks on connected vehicles. It makes cars more secure and safer to use in the new era of connectivity. In this paper, we propose a real-time explainable deep learning-based anomaly detection system that effectively identifies anomalous activities in connected vehicles. Our approach provides real-time alerts for on-the-road connected vehicles with clear output that makes it easily comprehensible. By evaluating our approach on a simulated driving environment, we can showcase its effectiveness (AUC value of 0.95) and provide insights on different attack scenarios that would threaten the safety of car users.
Download

Paper Nr:	9
Title:	A Two-level Integrated Approach for Assigning Trust Metrics to Internet of Things Devices
Authors:	Evandro C. Macedo, Flavia C. Delicato, Luís D. Moraes and Giancarlo Fortino
Abstract:	The Internet of Things (IoT) is the next step of the Internet evolution and it is paving the way for the development of Cyber-Physical Systems (CPS). It will enable the development of a plethora of new systems and applications. The massive, ubiquitous spread of interconnected IoT devices has increasingly exposed the vulnerability of data and related applications in an unprecedented way. If the security of any component in such systems gets compromised, an associated data leak may cause serious threats to privacy, material losses, and even put people’s lives at risk. Therefore, studies on IoT security aspects have become increasingly important. This paper presents a proposal to deal with the still open issue related to trust aspects of IoT systems. The key idea consists of a two-level approach to simultaneously consider application and network characteristics, in which trust is modeled by combining a relative entropy measure of device’s data rate (at the low level), and a reputation of a device provided by distributed-ledger (at the high level). Numerical results show the effectiveness of the proposed approach in isolating anomalous/untrusted devices based on their acquired reputation and on the respective changes in data rate behavior.
Download

Paper Nr:	11
Title:	PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection
Authors:	Zhi Lu and Vrizlynn L. Thing
Abstract:	The explanation to an AI model’s prediction used to support decision making in cyber security, is of critical importance. It is especially so when the model’s incorrect prediction can lead to severe damages or even losses to lives and critical assets. However, most existing AI models lack the ability to provide explanations on their prediction results, despite their strong performance in most scenarios. In this work, we propose a novel explainable AI method, called PhilaeX, that provides the heuristic means to identify the optimized subset of features to form the complete explanations of AI models’ predictions. It identifies the features that lead to the model’s borderline prediction, and those with positive individual contributions are extracted. The feature attributions are then quantified through the optimization of a Ridge regression model. We verify the explanation fidelity through two experiments. First, we assess our method’s capability in correctly identifying the activated features in the adversarial samples of Android malwares, through the features attribution values from PhilaeX. Second, the deduction and augmentation tests, are used to assess the fidelity of the explanations. The results show that PhilaeX is able to explain different types of classifiers correctly, with higher fidelity explanations, compared to the state-of-the-arts methods such as LIME and SHAP.
Download

Paper Nr:	33
Title:	SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices
Authors:	Dorottya Papp, Gergely Ács, Roland Nagy and Levente Buttyán
Abstract:	Embedded devices are increasingly connected to the Internet to provide new and innovative applications in many domains. However, these devices can also contain security vulnerabilities, which allow attackers to compromise them using malware. In this paper, we present SIMBIoTA-ML, a light-weight antivirus solution that enables embedded IoT devices to take advantage of machine learning-based malware detection. We show that SIMBIoTA-ML can respect the resource constraints of embedded IoT devices, and it has a true positive malware detection rate of ca. 95%, while having a low false positive detection rate at the same time. In addition, the detection process of SIMBIoTA-ML has a near-constant running time, which allows IoT developers to better estimate the delay introduced by scanning a file for malware, a property that is advantageous in real-time applications, notably in the domain of cyber-physical systems.
Download

Short Papers

Paper Nr:	5
Title:	Efficient Lightweight Cryptography Algorithm in IoT Devices with Real-time Criteria
Authors:	Paul D. Rosero-Montalvo and Vanessa E. Alvear-Puertas
Abstract:	Cryptographic algorithms are used to ensure the communication channel between the transmitter and receiver. However, these algorithms are focused on processing data blocks that consume a lot of computational resources. Therefore, they have some constraints to be used in IoT devices. This work presents a lightweight AES cryptographic algorithm designed for IoT devices with real-time operative system criteria to improve the time response and with threads that can be suspended to leverage RAM resources for another task. As a result, we design an AES algorithm with a cipher key updating process that uses 11k bytes of Flash, 820 bytes of RAM, and a time response of around 14.5 us in real scenarios.
Download

Paper Nr:	17
Title:	Machine Learning and Feature Engineering for Detecting Living off the Land Attacks
Authors:	Tiberiu Boros, Andrei Cotaie, Antrei Stan, Kumar Vikramjeet, Vivek Malik and Joseph Davidson
Abstract:	Among the methods used by attackers to avoid detection, living off the land is particularly hard to detect. One of the main reasons is the thin line between what is actually operational/admin activity and what is malicious activity. Also, as shown by other research, this type of attack detection is underrepresented in Anti-Virus (AV) software, mainly because of the high risk of false positives. Our research focuses on detecting this type of attack through the use of machine learning. We greatly reduce the number of false detection by corpora design and specialized feature engineering which brings in-domain human expert knowledge. Our code is open-source and we provide pre-trained models.
Download

Paper Nr:	21
Title:	Common Cybersecurity Requirements in IoT Standards, Best Practices, and Guidelines
Authors:	Rauli Kaksonen, Kimmo Halunen and Juha Röning
Abstract:	The cybersecurity of the Internet of Things (IoT) is an increasing concern and product vendors are advised to follow security standards, best practices, and guidelines. From the many requirement sources, a vendor is likely to choose only a few. How does this selection impact the security requirements of an IoT product? To answer the question, we collect requirements from 16 sources and divide them into categories for comparison. Common categories are identified, with all sources covering Security design, Interface security, Authentication, Data protection, and System updates. The agreement on the high-level categories does not hold in the subcategories and the selection of the sources have a big impact to the requirement details. Consolidation of the IoT security requirements would be desirable and possible.
Download

Paper Nr:	23
Title:	Provisioning Security in a Next Generation Mobility as a Service System
Authors:	Tope Omitola, Ben Waterson, Niko Tsakalakis, Richard Gomer, Sophie Stalla-Bourdillon, Tom Cherrett and Gary Wills
Abstract:	The urban mobility landscape is evolving at an amazing rate, with the number of mobility services growing rapidly around the world. This evolution has brought about the concept of Mobility-as-a-Service (MaaS) in providing transportation services. MaaS capitalises on the Internet of Things to provide access to seamless multi- and inter-modal mobility to the end-user. A well implemented MaaS scheme involves many stakeholders, including passengers, producing, sharing, and consuming (personal) data. In order to encourage MaaS uptake in the general population, participating stakeholders must be confident of the ensuing data privacy and security, as part of their interactions with the system. In this paper, we use STRIDE Threat Modeling framework to analyse the threats that may arise in a MaaS ecosystem. From these threats, we develop mitigations that can be used to eliminate and/or reduce such threats. This threat elicitation and their accompanying mitigations can be used as springboards to establish the necessary security to engender trust in MaaS usage.
Download

Paper Nr:	36
Title:	Automating Security in a Continuous Integration Pipeline
Authors:	Sohrab Chalishhafshejani, Bao K. Pham and Martin G. Jaatun
Abstract:	Traditional approaches to software security are based on manual methods, which tend to stall development, leading to inefficiency. To speed up a software development lifecycle, security needs to be integrated and automated into the development process. This paper will identify solutions for automating the security phase into a continuous software delivery process, integrating security tools into a Github repository by using Github Actions to create automated vulnerability scanning workflows for a software project.
Download

Paper Nr:	39
Title:	A Semantic Security Model for Cyber-Physical Systems to Identify and Evaluate Potential Threats and Vulnerabilities
Authors:	Andreas Aigner and Abdelmajid Khelil
Abstract:	Establishing and sustaining a sufficient level of security in Cyber-Physical Systems (CPS) proposes a major challenge for engineers. Key characteristics, like heterogeneity, unpredictability and safety-relevance have the potential to significantly impact the overall level of security. However, exploited security-related vulnerabilities may cause malfunction of critical components or result in loss of sensitive information. Therefore, a toolkit, which is capable to identify vulnerabilities regarding security in CPS, would provide great benefit. Although a variety of security analysis frameworks exist, they mainly do not address the challenges proposed by CPS, which limits their applicability or accuracy. We aim to elaborate a more effective solution for CPS by analysing security on a Systems-of-Systems level. Moreover, we focus on the semantic relationships between essential security information, like attackers and attacks, towards the actual specification of the CPS. Our elaborated approach produces a quantitative expression of security, based on a variety of evaluation criteria and -policies. Ultimately, the generated output provides a quick indication about potential security-related threats and vulnerabilities. We utilize a prototypical, but realistic car-sharing application as a prime example for CPS, to illustrate the benefits and ease-of-use of our proposed solution.
Download

Paper Nr:	41
Title:	Putting Chaos into Perspective: Evaluation of Statistical Test Suite Implementations on Isolated Sequences of Arbitrary Length
Authors:	Pol Hölzmer, Manuel Koschuch and Matthias Hudler
Abstract:	Randomness is ambiguously defined as the absence of structure, whereby reliable generation and evaluation thereof imposes a complex problem. Efforts have been made to quantify randomness by developing randomness test suites as aggregation of selected statistical methods. This study aims to evaluate caveats developers may encounter employing such methods, and compares the application of randomness test suites for arbitrary data to evaluate features of randomness. Therefore, an initial set of three open-source Python-based implementations of the NIST SP 800-22 test suite have been analyzed and compared. The results indicate no ”one-size-fits-all” approach when assessing randomness; instead, it demonstrates how deviations between specification and implementation can lead to inaccurate results and erroneous conclusions about randomness.
Download

Paper Nr:	13
Title:	An Authenticated Accumulator Scheme for Secure Master Key Access in Microservice Architectures
Authors:	Hannes Salin and Dennis Fokin
Abstract:	We consider the use-case of Internet of Things ecosystems with an API-driven microservice architecture, where the need for accessing cryptographic functions is crucial. Devices communicate with a microservice backend, which in turn integrates to a secure key storage in order to compute digital signatures or message encryption. Access to a secure storage must be executed securely and naive approaches such as passwords or certificates are used in practice today, which still may be open to impersonation attacks. With the usage of efficient cryptographic accumulators we therefore propose a secure key access scheme with the microservices ecosystem in mind, and provide initial results from a proof-of-concept implementation in Java and jPBC, where we show a performance- and communication complexity analysis. Finally, we provide a security analysis of the scheme in the random oracle model.
Download

Paper Nr:	37
Title:	Implementing Test Driven Development in the Big Data Domain: A Movie Recommendation System as an Exemplary Case
Authors:	Daniel Staegemann, Matthias Volk, Priyanka Byahatti, Nikhilkumar Italiya, Suhas Shantharam, Apoorva B. Chandrashekar and Klaus Turowski
Abstract:	As a consequence of the ongoing digitalization in today’s society, the amount of data that is being produced is rapidly increasing. Moreover, not only the volume of the data is growing, but there are also more complex types of data and, depending on the use case, it is also necessary to integrate heterogenous data into one analysis. Since traditional ways of dealing with data are oftentimes overstrained by those new challenges, novel approaches and technologies have been developed. In its entirety, this phenomenon is summarized under the term big data. However, quality assurance in the big data realm is still not mature and this even more applies to the actual testing. Therefore, it is necessary to explore new approaches. One rather recent proposition was the application of the test driven development methodology to the big data domain. To further evaluate its feasibility and go beyond a purely theoretical point of view, the publication at hand discusses the test driven implementation of a movie recommendation system as an exemplary case. In doing so, it facilitates the general understanding of the topic, helps in judging the approach’s feasibility and provides some practical insights concerning its actual application.
Download