Jie Liu , Yanqi Li , Rui Yao , Yang Zhang , Hongliang Liang
{"title":"Detecting vulnerabilities in IoT firmware via keyword identification and path optimization","authors":"Jie Liu , Yanqi Li , Rui Yao , Yang Zhang , Hongliang Liang","doi":"10.1016/j.iot.2025.101808","DOIUrl":"10.1016/j.iot.2025.101808","url":null,"abstract":"<div><div>The rapid growth of IoT devices has led to increased interconnectivity, exposing vulnerabilities in firmware, particularly in back-end programs that handle untrusted inputs such as HTTP requests. Existing static taint analysis methods can detect such vulnerabilities, but they often suffer from missing keywords and exploration of unnecessary paths, which reduces efficiency and coverage. In this paper, we present IotSleuth, an approach that detects vulnerabilities in firmware by identifying keywords in back-end binaries. Our key insight is that functions receiving requests from the front-end frequently invoke the same data processing routines multiple times with different strings. By analyzing these invocations, IotSleuth extracts keywords and propagates them to discover additional taint sources, effectively extending the coverage of traditional taint analysis. We further introduce path optimization strategies to reduce redundant path exploration, significantly improving analysis efficiency. We implemented IotSleuth and evaluated it on 117 IoT firmware samples from nine vendors. Experimental results show that IotSleuth discovered 27 new vulnerabilities, all of which were assigned Common Vulnerabilities and Exposures (CVE) identifiers, and outperformed KARONTE, SaTC, CINDY, and HermeScan in both detection effectiveness and analysis speed.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101808"},"PeriodicalIF":7.6,"publicationDate":"2025-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"CONTEXT-NET: A context-aware nexus-based aggregation protocol for opportunistic networks","authors":"Rounak Raman , Ayush Yadav , Deepika Kukreja , Deepak Kumar Sharma","doi":"10.1016/j.iot.2025.101809","DOIUrl":"10.1016/j.iot.2025.101809","url":null,"abstract":"<div><div>Opportunistic Networks enable communication in dynamic, resource-constrained environments using a store-carry-forward approach. However, challenges such as efficient data aggregation, collision avoidance, minimizing data redundancy, and trust management persist. This study proposes the Context-Aware Nexus-Based Aggregation Protocol (CONTEXT-NET), which integrates spatial, temporal, and contextual dimensions for optimized data transmission. CONTEXT-NET employs a nexus ring topology with synchronized sector-based scheduling, autoencoder-based dimensionality reduction, and a hybridized Ant Colony Optimization (ACO)-like routing algorithm for adaptive routing, ensuring minimal collisions and efficient data aggregation. A trust-based scoring system enhances security by identifying and excluding unreliable nodes. The dataset for analysis consists of a customized random dataset with diverse data types, including integers, strings, characters, booleans, and random criticality and priority bits. Experiments conducted in MATLAB demonstrate that CONTEXT-NET achieves stable throughput with a stability percentage of 94.72 %, while improving delivery probability by 6.45 %,reduces one-hop transmission delay by 28 %, end-to-end delay dropping by 7.9 % and mean overhead decreases by 5.96 % as the network scales from 50 to 100 nodes. These results confirm CONTEXT-NET’s ability to maintain consistent performance, enhance reliability, and improve efficiency in large-scale opportunistic networks. Validated across multiple application domains using a customized dataset with diverse data types and criticality levels, CONTEXT-NET emerges as a robust solution for real-world IoT and opportunistic networking applications.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101809"},"PeriodicalIF":7.6,"publicationDate":"2025-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Enrique Fernández-Morales , Llanos Tobarra , Antonio Robles-Gómez , Rafael Pastor-Vargas , Roberto Hernández , Joao Sarraipa
{"title":"eXplicability AI (XAI) for attack detection toward smart rural applications","authors":"Enrique Fernández-Morales , Llanos Tobarra , Antonio Robles-Gómez , Rafael Pastor-Vargas , Roberto Hernández , Joao Sarraipa","doi":"10.1016/j.iot.2025.101804","DOIUrl":"10.1016/j.iot.2025.101804","url":null,"abstract":"<div><div>This research evaluates the performance and computational efficiency of various AI models for intrusion detection in IoT environments, with the goal of enabling future deployment in Smart Rural scenarios. Leveraging the massive NF-UQ-NIDS-v2 dataset-comprising over 76 million labeled NetFlow records across 21 traffic classes-we benchmark five models, ranging from classical machine learning algorithms to deep learning architectures, across both high-performance and low-performance execution setups. The analysis covers standard classification metrics (accuracy, precision, recall, F1-score) and detailed resource usage indicators, including inference time, memory footprint, CPU cycles, and energy consumption per batch. Additionally, explainable AI techniques (SHAP and LIME) are employed to investigate model behavior and feature relevance under real-world constraints. Results show that classical models, particularly Random Forest and Decision Tree, achieve top-tier detection accuracy while maintaining minimal computational demands, making them strong candidates for constrained deployments. Deep learning models deliver comparable predictive performance but incur significantly higher resource consumption, requiring further optimization for practical use. Overall, this work provides a comprehensive evaluation framework and practical insights for selecting efficient and interpretable AI-based intrusion detection systems for rural and low-resource infrastructures.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101804"},"PeriodicalIF":7.6,"publicationDate":"2025-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Medina-García , J.A. Gómez-Galán , J.M. Vilaplana-Guerrero , J.A. Bogeat
{"title":"Efficient irrigation system using a combined wireless sensor network based on LoRaWAN and IEEE 802.15.4 technologies and photosynthetically active radiation measurements","authors":"J. Medina-García , J.A. Gómez-Galán , J.M. Vilaplana-Guerrero , J.A. Bogeat","doi":"10.1016/j.iot.2025.101801","DOIUrl":"10.1016/j.iot.2025.101801","url":null,"abstract":"<div><div>To address the demands of wireless communication, small amount of transmission, low power consumption, and cost-effectiveness in agricultural Internet of Things (IoT) applications, this paper introduces a hybrid information monitoring approach. It combines a low-data-rate personal area network based on IEEE 802.15.4 with a low-power wide-area network utilizing LoRaWAN. This method employs a communication architecture comprising a central node, multiple subnodes, and end devices to support the needs of large-scale information monitoring. Specifically, the main node is designed using LoRaWAN communication technology and performs in-field measurements of photosynthetically active radiation (PAR) using a device calibrated through intercomparison with reference radiometers. The subnodes or cluster heads incorporate LoRaWAN, sensor technologies, and IEEE 802.15.4. End devices also utilize IEEE 802.15.4 and sensor technologies. A control terminal manages sensor data and transmits the collected information to a web application for further processing. The advantages of this approach are that combining IEEE 802.15.4 and LoRaWAN at the device level enhances the spatial variability of agricultural fields, since tree and star network topologies are integrated to collect detailed information about specific crop areas, while providing low-power, long-distance network services and reducing the operating costs of the wide-area network information monitoring system. Additionally, hardware and firmware strategies were applied to further extend the system autonomy, and it can be self-powered. System testing revealed that, in a challenging environment, the maximum communication range reaches up to 60 m for IEEE 802.15.4 and 2 km for LoRaWAN. The average energy consumption is only 0.55 mAh, supporting real-time monitoring with latency under 100 ms, and the packet loss rate is approximately 2.5 %. Overall, the system operates reliably, and the data collected are accurate. The findings indicate that the proposed method effectively fulfills the needs for data gathering, transmission, storage, and processing across large areas. Furthermore, it proves to be valuable for implementing strategies aimed at improving both irrigation systems and the cultivation process of strawberry crops.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101801"},"PeriodicalIF":7.6,"publicationDate":"2025-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145362586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abeer Ahmed , Rawan Alnawasrah , Basem Almadani , Farouq Aliyu , Mustafa Ghaleb
{"title":"Contemporary smart hydroponics systems: Taxonomy, enabling technologies, and challenges","authors":"Abeer Ahmed , Rawan Alnawasrah , Basem Almadani , Farouq Aliyu , Mustafa Ghaleb","doi":"10.1016/j.iot.2025.101794","DOIUrl":"10.1016/j.iot.2025.101794","url":null,"abstract":"<div><div>Hydroponic farming is a sustainable agricultural technique that enables plant cultivation without soil. Hydroponics has evolved into a variety of configurations that integrate smart technologies to improve its efficiency and productivity. This paper reviews 40 publications to investigate the contemporary technologies, advantages, and challenges associated with modern hydroponic and aquaponic systems. Recent studies emphasize the role of middleware, Artificial Intelligence (AI), the Internet of Things (IoT), and the Industrial Internet of Things (IIoT) in enhancing system functionality. Middleware plays a critical role in facilitating seamless communication between system components. It also enables real-time capabilities through various communication protocols with a focus on quality of service (QoS). IoT and IIoT technologies enable data collection and environmental control, while AI contributes to automation, predictive analytics, and decision support. Together, these technologies help reduce resource consumption, such as nutrients, water, and energy. It also enables scalable, adaptive, and sustainable farming practices. Some of the challenges associated with hydroponic systems include initial development costs, security and privacy concerns, and the complexity of integrating advanced middleware.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101794"},"PeriodicalIF":7.6,"publicationDate":"2025-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shaohui Zhang , Qiuying Han , Hongfeng Wang , Jing Liu , Boyuan Li
{"title":"Federated learning with dual dynamic quantization optimization in smart agriculture","authors":"Shaohui Zhang , Qiuying Han , Hongfeng Wang , Jing Liu , Boyuan Li","doi":"10.1016/j.iot.2025.101798","DOIUrl":"10.1016/j.iot.2025.101798","url":null,"abstract":"<div><div>The convergence of Federated Learning (FL), Machine Learning (ML), and the Internet of Things (IoT) creates promising opportunities for smart agriculture, where connectivity constraints and limited device resources pose major bottlenecks. To address these challenges, we propose a Dual Dynamic Quantization Optimization (FedDDO) framework that jointly integrates quantizer design, adaptive bit allocation, and quantization-error-aware aggregation. On the client side, FedDDO dynamically adjusts quantization bit-widths according to real-time resource conditions, while on the server side, aggregation weights are optimized based on quantization error feedback. A novel Minimum Relative Quantization Error (MRQE) quantizer is designed to align with unbiased error assumptions, and theoretical analysis under non-convex settings provides convergence guarantees. Extensive experiments on both standard benchmarks (CIFAR-10/100) and agriculture-specific datasets (rice seedling classification and disease recognition) demonstrate that FedDDO effectively reduces communication costs and accelerates convergence, achieving competitive accuracy while preserving domain applicability.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101798"},"PeriodicalIF":7.6,"publicationDate":"2025-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"IoT enabled health indicators estimation and indoor environment classification","authors":"Cezar Anicai, Muhammad Zeeshan Shakir","doi":"10.1016/j.iot.2025.101791","DOIUrl":"10.1016/j.iot.2025.101791","url":null,"abstract":"<div><div>Internet of Things (IoT) and Machine Learning (ML) have revolutionized the way we approach monitoring and analysing physiological data. Through these technologies invaluable insights can be gathered for early detection of cardiovascular issues, optimizing exercise routines or predicting stress levels. This study presents the development of an IoT test-bed, utilizing a single-board computer alongside ambient environment and health sensors for data collection. A data analysis pipeline has been designed to accurately estimate Heart Rate (HR) and Skin Resistance (SR) values exclusively using the ambient environment data and to classify the environment according to the risk it poses on cardiac health. The results of this study indicate the potential of using ML to capture the relationships between ambient environment conditions and health indicators. It has been found that Random Forest (RF) models are capable of classifying environments in three risk categories with an accuracy of 86.5% and estimate HR and SR with a MAE of 1.86 and 0.36, respectively. These contributions collectively advance the understanding of how environmental factors such as temperature, humidity, pressure and air quality influence health and show a promising potential for non-invasive monitoring.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101791"},"PeriodicalIF":7.6,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Luis Cruz-Piris , Andrés Marín-López , Manuel Álvarez-Campana , Mario Sanz , José Ignacio Moreno , David Arroyo
{"title":"Measuring the impact of post quantum cryptography in Industrial IoT scenarios","authors":"Luis Cruz-Piris , Andrés Marín-López , Manuel Álvarez-Campana , Mario Sanz , José Ignacio Moreno , David Arroyo","doi":"10.1016/j.iot.2025.101793","DOIUrl":"10.1016/j.iot.2025.101793","url":null,"abstract":"<div><div>The continuously evolving nature of cryptography is driven by the emergence of new threats and attack vectors. Quantum computers pose a paradigmatic security risk to cryptography, challenging its very core principles. This quantum threat can be appropriately addressed through quantum-safe cryptographic primitives, such as quantum key distribution and post-quantum cryptography (PQC). In the case of PQC, the paradigm shift involves using algorithms with significantly higher computational costs. This paper analyzes the possibilities and challenges of transitioning from current cryptographic systems to PQC alternatives, with a focus on the critical case of constrained-resource devices. We demonstrate the feasibility of such a transition in IoT and Industrial IoT (IIoT) scenarios with limited nodes, and we evaluate how new proposals can mitigate the impact of signature computations on securing IoT/IIoT devices. In this work, we design and implement a novel framework to conduct an extensive set of experiments measuring the performance of different families of PQC algorithms in terms of execution time and power consumption. Both the framework and the dataset have been published in the EU Open Research Repository Zenodo to facilitate the future selection of algorithms that best adapt to the specific characteristics of each system.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101793"},"PeriodicalIF":7.6,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Exploiting edge features for transferable adversarial attacks in distributed machine learning","authors":"Giulio Rossolini , Fabio Brau , Alessandro Biondi , Battista Biggio , Giorgio Buttazzo","doi":"10.1016/j.iot.2025.101795","DOIUrl":"10.1016/j.iot.2025.101795","url":null,"abstract":"<div><div>As machine learning models become increasingly deployed across the edge of internet of things environments, a partitioned deep learning paradigm in which models are split across multiple computational nodes introduces a new dimension of security risk. Unlike traditional inference setups, these distributed pipelines span the model computation across heterogeneous nodes and communication layers, thereby exposing a broader attack surface to potential adversaries. Building on these motivations, this work explores a previously overlooked vulnerability: even when both the edge and cloud components of the model are inaccessible (i.e., black-box), an adversary who intercepts the intermediate features transmitted between them can still pose a serious threat. We demonstrate that, under these mild and realistic assumptions, an attacker can craft highly transferable proxy models, making the entire deep learning system significantly more vulnerable to evasion attacks. In particular, the intercepted features can be effectively analyzed and leveraged to distill surrogate models capable of crafting highly transferable adversarial examples against the target model. To this end, we propose an exploitation strategy specifically designed for distributed settings, which involves reconstructing the original tensor shape from vectorized transmitted features using simple statistical analysis, and adapting surrogate architectures accordingly to enable effective feature distillation.</div><div>A comprehensive and systematic experimental evaluation has been conducted to demonstrate that surrogate models trained with the proposed strategy, i.e., leveraging intermediate features, tremendously improve the transferability of adversarial attacks. These findings underscore the urgent need to account for intermediate feature leakage in the design of secure distributed deep learning systems, particularly in edge scenarios, where constrained devices are more exposed to communication vulnerabilities and offer limited protection mechanisms.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101795"},"PeriodicalIF":7.6,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145324437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Juan Alberto Llopis, Luis Iribarne, Javier Criado, Rosa Ayala
{"title":"WoTtrader: A trading service for the Web of Things","authors":"Juan Alberto Llopis, Luis Iribarne, Javier Criado, Rosa Ayala","doi":"10.1016/j.iot.2025.101784","DOIUrl":"10.1016/j.iot.2025.101784","url":null,"abstract":"<div><div>The increasing integration of Internet of Things (IoT) devices into various ecosystems necessitates an efficient trading service for discovering and managing these devices. The Web of Things (WoT) offers a model for representing and discovering IoT devices, facilitating their integration and search. However, the WoT discovery model lacks the capability for query delegation, the process of forwarding queries to other connected services in distributed discovery systems, particularly in multi-dependent ecosystems, such as smart cities. In response to this gap, this paper presents WoTtrader, a new trading service for the WoT that enhances the discovery model with expanded recommendation features. This service enables the discovery of devices in environments where it coexists with other WoT discovery services developed by third parties. Compared to existing WoT discovery systems, WoTtrader supports multi-level query delegation across syntactic, semantic, and natural language searches, enabling broader device coverage, higher accuracy, proactive device discovery, adaptation of IoT devices to the WoT framework, and the integration with third-party services. The proposed trading service has been deployed and evaluated against other WoT discovery implementations. The results indicate that WoTtrader provides moderate response times while maintaining the highest accuracy when searching for devices across different nodes. Finally, the paper discusses the findings, limitations, and future directions to improve WoTtrader and enhance its adaptability within diverse WoT environments.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"34 ","pages":"Article 101784"},"PeriodicalIF":7.6,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145266680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}