The Internet of Things (IoT) allows for the collection a huge amount of data from our natural and artificial environments, which we can convert to information that can be used to better understand and control the processes that our society depends on. For instance, we can use data collected from industry equipment to better predict when maintenance is needed; we can use data collected from vehicles and transport infrastructure to eliminate traffic jams and accidents; we can use connected home equipment to run our household more energy efficiently; and we can use connected medical devices to take care of the growing number of elderly people remotely. However, all this potential can only be realized if we can trust the data obtained from the environment via the Internet of Things, which ultimately leads to the requirement of making it secure. An equally important problem is to avoid turning the Internet of Things into a massive surveillance system, which could be misused to endanger the privacy of citizens that rely on its services.
Indeed, IoT affects the current balance of cyber security in two ways. First, attacks originating from cyber space can now target IoT systems and embedded IoT devices that interact with our physical environment. Hence, cyber attacks may have physical consequences, ranging from the damage of expensive equipment, through the unavailability of vital services, to maybe even loss of human life. Second, connected IoT devices can be converted to a substantial attack infrastructure to be used for attacking systems and services in cyber space. For instance, botnets built from millions of IoT devices hold the record for the most intensive DDoS attacks ever against popular Internet-based services. In addition, IoT systems often collect data from which privacy sensitive information can be derived, such as everyday habits, location, or health conditions of human users. Hence, improper handling and leakage of these data can result in massive privacy breaches.
The above-described challenges reinforce the need to better understand the security and privacy issues of IoT systems and applications and to find solutions to them. Hence, this Special Issue of Sensors aims at collecting original research papers, surveys, and case studies that advance the area of security and privacy for IoT systems and applications. This Special Issue includes but is not limited to the following topics:
1.security and privacy challenges and solutions in various IoT application domains (including but not limited to smart buildings, smart cities, intelligent transportation systems, smart factories and Industry 4.0, precision agriculture, digital healthcare, supply chain automation);
2.security architectures, protocols, and mechanisms for IoT systems (including but not limited to authentication, authorization, access control, auditing, intrusion detection, secured communications, lightweight and postquantum cryptography, key management, protection against denial-of-service attacks);
3.security mechanisms for embedded IoT devices (including but not limited to malware protection, firmware security, OS hardening, secure software development, root-of-trust establishment, runtime integrity verification, remote attestation, secure update mechanisms);
4.security design and analysis methods tailored to IoT systems and applications (including but not limited to threat modelling, security requirement specification, verification of security properties, security testing, ethical hacking, security certifications);
5.physical attacks on and countermeasures for IoT devices (including but not limited to device counterfeiting, battery exhaustion, wireless jamming, side channel attacks);
6.privacy-enhancing technologies for IoT systems (including but not limited to anonymization, differential privacy, query auditing, location privacy mechanisms, privacy preserving computation);
7.case studies of real security incidents and privacy breaches related to IoT systems and applications from which lessons can be derived to make IoT systems and applications more trustworthy and privacy preserving;
8.emerging trends and new directions in security and privacy of IoT systems and applications.