Abstract
The IoT paradigm revolves around a tight interaction between the IT side (i.e., the thing and the software therein) and the human counterpart. From a security standpoint, both these aspects should be taken into consideration when building up reliable and effective security solutions. We argue that traditional static approaches to securing IoT fail to deal with such a complexity, as they do not take into account the dynamic nature of human beings that keep evolving while interacting with IoT device. To overcome this limitation, in this paper we put forward the idea of precision cybersecurity that complements the traditional security model by allowing for the definition of mechanisms and security policies which can be dynamically tailored around individuals. To this aim, we provide the first modeling of a precision cybersecurity workflow (PCW), and we implement it in a tool. Then, we apply it to a both security and safety critical IoT deployment, namely an IoT Medical-Healthcare real scenario, to prove the viability of the proposal.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
References
Amaraweera, S.P., Halgamuge, M.N.: Internet of things in the healthcare sector: overview of security and privacy issues. Secur. Priv. Trust Iot Environ. 153–179 (2019)
Arseni, S.C., Chifor, B.C., Coca, M., Medvei, M., Bica, I., Matei, I.: RESFIT: a reputation and security monitoring platform for IoT applications. Electron. (Switz.) 10(15), 1840 (2021)
Barrett, M.: Framework for improving critical infrastructure cybersecurity version 1.1 (2018). https://doi.org/10.6028/NIST.CSWP.04162018
Berger, C., Eichhammer, P., Reiser, H., Domaschka, J., Hauck, F., Habiger, G.: A survey on resilience in the IoT: taxonomy, classification, and discussion of resilience mechanisms. ACM Comput. Surv. 54(7), 1–39 (2022). https://doi.org/10.1145/3462513
Bhuiyan, M.N., Rahman, M.M., Billah, M.M., Saha, D.: Internet of things (IoT): a review of its enabling technologies in healthcare applications, standards protocols, security and market opportunities. IEEE Internet Things J. 8, 10474–10498 (2021)
Butpheng, C., Yeh, K.H., Xiong, H.: Security and privacy in IoT-cloud-based e-health systems-a comprehensive review. Symmetry 12(7), 1191 (2020)
Calabretta, M., Pecori, R., Vecchio, M., Veltri, L.: MQTT-auth: a token-based solution to endow MQTT with authentication and authorization capabilities. J. Commun. Softw. Syst. 14(4), 320–331 (2018)
Chacko, A., Hayajneh, T.: Security and privacy issues with IoT in healthcare. EAI Endors. Trans. Pervasive Health Technol. 4(14) (2018)
Chifor, B.C., Bica, I., Patriciu, V.V.: Mitigating dos attacks in publish-subscribe IoT networks. In: 2017 9th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pp. 1–6. IEEE (2017)
Colombo, P., Ferrari, E.: Access control enforcement within MQTT-based internet of things ecosystems. In: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, pp. 223–234 (2018)
Colombo, P., Ferrari, E., Tümer, E.D.: Regulating data sharing across MQTT environments. J. Netw. Comput. Appl. 174, 102907 (2021)
Diro, A., Reda, H., Chilamkurti, N., Mahmood, A., Zaman, N., Nam, Y.: Lightweight authenticated-encryption scheme for internet of things based on publish-subscribe communication. IEEE Access 8, 60539–60551 (2020)
Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management. J. Inf. Secur. 04, 92–100 (2013)
Elemam, E., Bahaa-Eldin, A.M., Shaker, N.H., Sobh, M.A.: A secure MQTT protocol, telemedicine IoT case study. In: 2019 14th International Conference on Computer Engineering and Systems (ICCES), pp. 99–105. IEEE (2019)
Fáñez, M., Villar, J., de la Cal, E., González, V., Sedano, J., Khojasteh, S.: Mixing user-centered and generalized models for fall detection. Neurocomputing 452, 473–486 (2021)
Firdous, S.N., Baig, Z., Valli, C., Ibrahim, A.: Modelling and evaluation of malicious attacks against the IoT MQTT protocol. In: 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 748–755 (2017)
Hammi, B., Zeadally, S., Khatoun, R., Nebhen, J.: Survey on smart homes: vulnerabilities, risks, and countermeasures. Comput. Secur. 117 (2022). https://www.scopus.com/inward/record.uri?eid=2-s2.0-85126601158 &doi=10.1016%2fj.cose.2022.102677 &partnerID=40 &md5=64340c17de56a9712c366f4f4f79bba0
Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., Sikdar, B.: A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access 7, 82721–82743 (2019)
Hathaliya, J.J., Tanwar, S.: An exhaustive survey on security and privacy issues in healthcare 4.0. Comput. Commun. 153, 311–335 (2020)
Hindy, H., Bayne, E., Bures, M., Atkinson, R., Tachtatzis, C., Bellekens, X.: Machine learning based IoT intrusion detection system: an MQTT case study (MQTT-IoT-IDS2020 dataset). In: Ghita, B., Shiaeles, S. (eds.) INC 2020. LNNS, vol. 180, pp. 73–84. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-64758-2_6
Hsieh, S.L., Chen, C.C., Wu, S.H., Yue, T.W.: A wrist -worn fall detection system using accelerometers and gyroscopes. In: Proceedings of the 11th IEEE International Conference on Networking, Sensing and Control, pp. 518–523 (2014). https://doi.org/10.1109/ICNSC.2014.6819680
Husnain, M., et al.: Preventing MQTT vulnerabilities using IoT-enabled intrusion detection system. Sensors 22(2) (2022). https://www.scopus.com/inward/record.uri?eid=2-s2.0-85122801941 &doi=10.3390%2fs22020567 &partnerID=40 &md5=543e08cd987bcb6b63c906cf9cd57442
Khan, M.A., et al.: A deep learning-based intrusion detection system for MQTT enabled IoT. Sensors 21(21), 7016 (2021)
La Marra, A., Martinelli, F., Mori, P., Saracino, A.: Implementing usage control in internet of things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 1056–1063. IEEE (2017)
Merlo, A., Ruggia, A., Sciolla, L., Verderame, L.: Armand: Anti-repackaging through multi-pattern anti-tampering based on native detection. Pervasive Mob. Comput. 76, 101443 (2021)
Morelli, U., Vaccari, I., Ranise, S., Cambiaso, E.: DoS attacks in available MQTT implementations: investigating the impact on brokers and devices, and supported anti-DoS protections. In: The 16th International Conference on Availability, Reliability and Security, pp. 1–9 (2021)
Palmieri, A., Prem, P., Ranise, S., Morelli, U., Ahmad, T.: MQTTSA: a tool for automatically assisting the secure deployments of MQTT brokers. In: 2019 IEEE World Congress on Services (SERVICES), vol. 2642–939X, pp. 47–53 (2019). https://doi.org/10.1109/SERVICES.2019.00023
Pathak, A.K., Saguna, S., Mitra, K., Åhlund, C.: Anomaly detection using machine learning to discover sensor tampering in IoT systems. In: ICC 2021-IEEE International Conference on Communications, pp. 1–6. IEEE (2021)
Pepa, L., Capecci, M., Andrenelli, E., Ciabattoni, L., Spalazzi, L., Ceravolo, M.: A fuzzy logic system for the home assessment of freezing of gait in subjects with parkinsons disease. Expert Syst. Appl. 147, 113197 (2020)
Pepa, L., Capecci, M., Verdini, F., Ceravolo, M., Spalazzi, L.: An architecture to manage motor disorders in Parkinson’s disease. In: IEEE World Forum on Internet of Things, WF-IoT 2015 - Proceedings, pp. 615–620. Institute of Electrical and Electronics Engineers Inc. (2015)
Potrino, G., De Rango, F., Santamaria, A.F.: Modeling and evaluation of a new IoT security system for mitigating dos attacks to the MQTT broker. In: 2019 IEEE Wireless Communications and Networking Conference (WCNC), pp. 1–6. IEEE (2019)
Rasouli, M., Miehling, E., Teneketzis, D.: A supervisory control approach to dynamic cyber-security. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 99–117. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_6
Riesco, R., Villagrá, V.A.: Leveraging cyber threat intelligence for a dynamic risk framework. Int. J. Inf. Secur. 18(6), 715–739 (2019). https://doi.org/10.1007/s10207-019-00433-2
Szczepaniuk, E.K., Szczepaniuk, H., Rokicki, T., Klepacki, B.: Information security assessment in public administration. Comput. Secur. 90, 101709 (2020)
Vaccari, I., Aiello, M., Cambiaso, E.: SlowITe, a novel denial of service attack affecting MQTT. Sensors 20(10), 2932 (2020)
Vaccari, I., Aiello, M., Cambiaso, E.: SlowTT: A slow denial of service against IoT networks. Information 11(9), 452 (2020)
Wang, N., Jiao, L., Wang, P., Dabaghchian, M., Zeng, K.: Efficient identity spoofing attack detection for IoT in mm-wave and massive MIMO 5G communication. In: 2018 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2018)
Watzlaf, V., Zhou, L., Dealmeida, D., Hartman, L.: A systematic review of research studies examining telehealth privacy and security practices used by healthcare providers. Int. J. Telerehabil. 9(2), 39–59 (2017)
Yankson, B.: Continuous improvement process (CIP)-based privacy-preserving framework for smart connected toys. Int. J. Inf. Secur. 20(6), 849–869 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Spegni, F., Sabatelli, A., Merlo, A., Pepa, L., Spalazzi, L., Verderame, L. (2023). A Precision Cybersecurity Workflow for Cyber-physical Systems: The IoT Healthcare Use Case. In: Katsikas, S., et al. Computer Security. ESORICS 2022 International Workshops. ESORICS 2022. Lecture Notes in Computer Science, vol 13785. Springer, Cham. https://doi.org/10.1007/978-3-031-25460-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-031-25460-4_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25459-8
Online ISBN: 978-3-031-25460-4
eBook Packages: Computer ScienceComputer Science (R0)