Introduction to the Special Issue on Security and Privacy for Connected Cyber-physical Systems

IF 2 Q3 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS

ACM Transactions on Cyber-Physical Systems Pub Date : 2020-12-30 DOI:10.1145/3431201

Moreno Ambrosin, M. Conti, R. Lazzeretti, Chia-Mu Yu

{"title":"Introduction to the Special Issue on Security and Privacy for Connected Cyber-physical Systems","authors":"Moreno Ambrosin, M. Conti, R. Lazzeretti, Chia-Mu Yu","doi":"10.1145/3431201","DOIUrl":null,"url":null,"abstract":"Cyber-Physical Systems (CPS) are becoming pervasive and changing our lives. Smart cyberphysical devices can be used in many different fields, such as connected vehicles, smart homes, mobile social networks and Internet of People, and Industrial Cyber-Physical Systems. CPS devices usually leverage on Machine-to-Machine (M2M) communication. This allows these devices to operate in interconnected groups, enabling them to autonomously perform critical operations, take decisions, or perform tasks that single devices cannot do. As we move towards an era of “automation,” interconnected CPS certainly make their existence as a panacea to address several issues in the smart world, but also are an attractive target for attackers, which can operate on single devices or on the whole network. In fact, these devices are usually resource-constrained and unable to defend themselves against security threats. Even a single compromised node in a group of cooperating devices can pose a serious security threat, e.g., by either disrupting communications (and thus the coordination) within the group, or sharing critical information to unauthorized external parties. Attackers can use devices as a vector to other targets, as in the case of Denial of Service (DoS) attacks, interfere with the normal functionality of the network to force abnormal behaviors, or simply infer private information through compromised devices. As such, security and privacy are a major concern to guarantee both the correct operational capabilities of devices and prevent data thefts and/or privacy violations. This special issue provides significant contributions for the improvement of different interconnected Cyber-physical Systems in several fields with the goal of improving their security and/or privacy. We start our special issue with two articles focusing on smart home security. Kafle et al. provide a systematic security analysis of Google Nest and Philips Hue, two widely popular data store-based smart home platforms. In “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” authors evaluate the security of the two platforms, identify vulnerabilities in them, and propose solutions for their mitigations. In “Canopy: A Verifiable Privacy-preserving Token Ring–based Communication Protocol for Smart Homes,” Panwar et al. propose a protocol that prevents privacy breaches in smart homes that can arise from the analysis of the traffic generated by smart devices. The protocol is based on a cryptographically secure token circulation in a ring network to which smart home devices are connected. We then continue with two articles whose subject is the network of connected people. Azad et al. in “Privacy-preserving Crowd-sensed Trust Aggregation in the User-centric Internet of People Networks” propose a protocol that uses homomorphic cryptosystem in a decentralized way","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3431201","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3431201","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Cyber-Physical Systems (CPS) are becoming pervasive and changing our lives. Smart cyberphysical devices can be used in many different fields, such as connected vehicles, smart homes, mobile social networks and Internet of People, and Industrial Cyber-Physical Systems. CPS devices usually leverage on Machine-to-Machine (M2M) communication. This allows these devices to operate in interconnected groups, enabling them to autonomously perform critical operations, take decisions, or perform tasks that single devices cannot do. As we move towards an era of “automation,” interconnected CPS certainly make their existence as a panacea to address several issues in the smart world, but also are an attractive target for attackers, which can operate on single devices or on the whole network. In fact, these devices are usually resource-constrained and unable to defend themselves against security threats. Even a single compromised node in a group of cooperating devices can pose a serious security threat, e.g., by either disrupting communications (and thus the coordination) within the group, or sharing critical information to unauthorized external parties. Attackers can use devices as a vector to other targets, as in the case of Denial of Service (DoS) attacks, interfere with the normal functionality of the network to force abnormal behaviors, or simply infer private information through compromised devices. As such, security and privacy are a major concern to guarantee both the correct operational capabilities of devices and prevent data thefts and/or privacy violations. This special issue provides significant contributions for the improvement of different interconnected Cyber-physical Systems in several fields with the goal of improving their security and/or privacy. We start our special issue with two articles focusing on smart home security. Kafle et al. provide a systematic security analysis of Google Nest and Philips Hue, two widely popular data store-based smart home platforms. In “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” authors evaluate the security of the two platforms, identify vulnerabilities in them, and propose solutions for their mitigations. In “Canopy: A Verifiable Privacy-preserving Token Ring–based Communication Protocol for Smart Homes,” Panwar et al. propose a protocol that prevents privacy breaches in smart homes that can arise from the analysis of the traffic generated by smart devices. The protocol is based on a cryptographically secure token circulation in a ring network to which smart home devices are connected. We then continue with two articles whose subject is the network of connected people. Azad et al. in “Privacy-preserving Crowd-sensed Trust Aggregation in the User-centric Internet of People Networks” propose a protocol that uses homomorphic cryptosystem in a decentralized way

查看原文本刊更多论文

“互联网络物理系统的安全和隐私”特刊简介

信息物理系统(CPS)正变得无处不在，并改变着我们的生活。智能网络物理设备可以应用于许多不同的领域，如互联汽车、智能家居、移动社交网络和人联网、工业网络物理系统等。CPS设备通常利用机器对机器(M2M)通信。这允许这些设备在相互连接的组中运行，使它们能够自主执行关键操作、做出决策或执行单个设备无法完成的任务。随着我们走向“自动化”时代，相互连接的CPS肯定会成为解决智能世界中几个问题的灵丹妙药，但也会成为攻击者的一个有吸引力的目标，攻击者可以在单个设备或整个网络上操作。实际上，这些设备通常资源有限，无法抵御安全威胁。即使是一组协作设备中的单个受损节点也可能构成严重的安全威胁，例如，通过破坏组内的通信(从而破坏协调)，或向未经授权的外部方共享关键信息。攻击者可以使用设备作为攻击其他目标的载体，例如在拒绝服务(DoS)攻击的情况下，干扰网络的正常功能以强制执行异常行为，或者简单地通过受损设备推断私人信息。因此，安全和隐私是保证设备正确操作能力和防止数据盗窃和/或隐私侵犯的主要关注点。本特刊为改进不同的互联网络物理系统在几个领域提供了重要的贡献，目的是提高其安全性和/或隐私。我们以两篇关于智能家居安全的文章作为特刊的开始。Kafle等人对谷歌Nest和Philips Hue这两个广受欢迎的基于数据存储的智能家居平台进行了系统的安全分析。在“基于集中式数据存储的家庭自动化平台的安全性:对Nest和Hue的系统分析”中，作者评估了这两个平台的安全性，确定了其中的漏洞，并提出了缓解这些漏洞的解决方案。在“Canopy:一种用于智能家居的可验证的隐私保护令牌环通信协议”中，Panwar等人提出了一种协议，可以防止智能家居中因分析智能设备产生的流量而导致的隐私泄露。该协议基于智能家居设备连接的环形网络中的加密安全令牌循环。然后我们继续看两篇文章，它们的主题是相互联系的人的网络。Azad等人在“以用户为中心的互联网中的隐私保护人群感知信任聚合”中提出了一种以去中心化方式使用同态密码系统的协议

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Cyber-Physical Systems COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-

CiteScore

5.70

自引率

4.30%

发文量