Moreno Ambrosin, M. Conti, R. Lazzeretti, Chia-Mu Yu
{"title":"“互联网络物理系统的安全和隐私”特刊简介","authors":"Moreno Ambrosin, M. Conti, R. Lazzeretti, Chia-Mu Yu","doi":"10.1145/3431201","DOIUrl":null,"url":null,"abstract":"Cyber-Physical Systems (CPS) are becoming pervasive and changing our lives. Smart cyberphysical devices can be used in many different fields, such as connected vehicles, smart homes, mobile social networks and Internet of People, and Industrial Cyber-Physical Systems. CPS devices usually leverage on Machine-to-Machine (M2M) communication. This allows these devices to operate in interconnected groups, enabling them to autonomously perform critical operations, take decisions, or perform tasks that single devices cannot do. As we move towards an era of “automation,” interconnected CPS certainly make their existence as a panacea to address several issues in the smart world, but also are an attractive target for attackers, which can operate on single devices or on the whole network. In fact, these devices are usually resource-constrained and unable to defend themselves against security threats. Even a single compromised node in a group of cooperating devices can pose a serious security threat, e.g., by either disrupting communications (and thus the coordination) within the group, or sharing critical information to unauthorized external parties. Attackers can use devices as a vector to other targets, as in the case of Denial of Service (DoS) attacks, interfere with the normal functionality of the network to force abnormal behaviors, or simply infer private information through compromised devices. As such, security and privacy are a major concern to guarantee both the correct operational capabilities of devices and prevent data thefts and/or privacy violations. This special issue provides significant contributions for the improvement of different interconnected Cyber-physical Systems in several fields with the goal of improving their security and/or privacy. We start our special issue with two articles focusing on smart home security. Kafle et al. provide a systematic security analysis of Google Nest and Philips Hue, two widely popular data store-based smart home platforms. In “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” authors evaluate the security of the two platforms, identify vulnerabilities in them, and propose solutions for their mitigations. In “Canopy: A Verifiable Privacy-preserving Token Ring–based Communication Protocol for Smart Homes,” Panwar et al. propose a protocol that prevents privacy breaches in smart homes that can arise from the analysis of the traffic generated by smart devices. The protocol is based on a cryptographically secure token circulation in a ring network to which smart home devices are connected. We then continue with two articles whose subject is the network of connected people. Azad et al. in “Privacy-preserving Crowd-sensed Trust Aggregation in the User-centric Internet of People Networks” propose a protocol that uses homomorphic cryptosystem in a decentralized way","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"5 1","pages":"1 - 2"},"PeriodicalIF":2.0000,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3431201","citationCount":"0","resultStr":"{\"title\":\"Introduction to the Special Issue on Security and Privacy for Connected Cyber-physical Systems\",\"authors\":\"Moreno Ambrosin, M. Conti, R. Lazzeretti, Chia-Mu Yu\",\"doi\":\"10.1145/3431201\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber-Physical Systems (CPS) are becoming pervasive and changing our lives. Smart cyberphysical devices can be used in many different fields, such as connected vehicles, smart homes, mobile social networks and Internet of People, and Industrial Cyber-Physical Systems. CPS devices usually leverage on Machine-to-Machine (M2M) communication. This allows these devices to operate in interconnected groups, enabling them to autonomously perform critical operations, take decisions, or perform tasks that single devices cannot do. As we move towards an era of “automation,” interconnected CPS certainly make their existence as a panacea to address several issues in the smart world, but also are an attractive target for attackers, which can operate on single devices or on the whole network. In fact, these devices are usually resource-constrained and unable to defend themselves against security threats. Even a single compromised node in a group of cooperating devices can pose a serious security threat, e.g., by either disrupting communications (and thus the coordination) within the group, or sharing critical information to unauthorized external parties. Attackers can use devices as a vector to other targets, as in the case of Denial of Service (DoS) attacks, interfere with the normal functionality of the network to force abnormal behaviors, or simply infer private information through compromised devices. As such, security and privacy are a major concern to guarantee both the correct operational capabilities of devices and prevent data thefts and/or privacy violations. This special issue provides significant contributions for the improvement of different interconnected Cyber-physical Systems in several fields with the goal of improving their security and/or privacy. We start our special issue with two articles focusing on smart home security. Kafle et al. provide a systematic security analysis of Google Nest and Philips Hue, two widely popular data store-based smart home platforms. In “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” authors evaluate the security of the two platforms, identify vulnerabilities in them, and propose solutions for their mitigations. In “Canopy: A Verifiable Privacy-preserving Token Ring–based Communication Protocol for Smart Homes,” Panwar et al. propose a protocol that prevents privacy breaches in smart homes that can arise from the analysis of the traffic generated by smart devices. The protocol is based on a cryptographically secure token circulation in a ring network to which smart home devices are connected. We then continue with two articles whose subject is the network of connected people. Azad et al. in “Privacy-preserving Crowd-sensed Trust Aggregation in the User-centric Internet of People Networks” propose a protocol that uses homomorphic cryptosystem in a decentralized way\",\"PeriodicalId\":7055,\"journal\":{\"name\":\"ACM Transactions on Cyber-Physical Systems\",\"volume\":\"5 1\",\"pages\":\"1 - 2\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2020-12-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1145/3431201\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Cyber-Physical Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3431201\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3431201","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
Introduction to the Special Issue on Security and Privacy for Connected Cyber-physical Systems
Cyber-Physical Systems (CPS) are becoming pervasive and changing our lives. Smart cyberphysical devices can be used in many different fields, such as connected vehicles, smart homes, mobile social networks and Internet of People, and Industrial Cyber-Physical Systems. CPS devices usually leverage on Machine-to-Machine (M2M) communication. This allows these devices to operate in interconnected groups, enabling them to autonomously perform critical operations, take decisions, or perform tasks that single devices cannot do. As we move towards an era of “automation,” interconnected CPS certainly make their existence as a panacea to address several issues in the smart world, but also are an attractive target for attackers, which can operate on single devices or on the whole network. In fact, these devices are usually resource-constrained and unable to defend themselves against security threats. Even a single compromised node in a group of cooperating devices can pose a serious security threat, e.g., by either disrupting communications (and thus the coordination) within the group, or sharing critical information to unauthorized external parties. Attackers can use devices as a vector to other targets, as in the case of Denial of Service (DoS) attacks, interfere with the normal functionality of the network to force abnormal behaviors, or simply infer private information through compromised devices. As such, security and privacy are a major concern to guarantee both the correct operational capabilities of devices and prevent data thefts and/or privacy violations. This special issue provides significant contributions for the improvement of different interconnected Cyber-physical Systems in several fields with the goal of improving their security and/or privacy. We start our special issue with two articles focusing on smart home security. Kafle et al. provide a systematic security analysis of Google Nest and Philips Hue, two widely popular data store-based smart home platforms. In “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” authors evaluate the security of the two platforms, identify vulnerabilities in them, and propose solutions for their mitigations. In “Canopy: A Verifiable Privacy-preserving Token Ring–based Communication Protocol for Smart Homes,” Panwar et al. propose a protocol that prevents privacy breaches in smart homes that can arise from the analysis of the traffic generated by smart devices. The protocol is based on a cryptographically secure token circulation in a ring network to which smart home devices are connected. We then continue with two articles whose subject is the network of connected people. Azad et al. in “Privacy-preserving Crowd-sensed Trust Aggregation in the User-centric Internet of People Networks” propose a protocol that uses homomorphic cryptosystem in a decentralized way