Forthcoming and Online First Articles

International Journal of Internet of Things and Cyber-Assurance

International Journal of Internet of Things and Cyber-Assurance (IJITCA)

Forthcoming articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Online First articles are published online here, before they appear in a journal issue. Online First articles are fully citeable, complete with a DOI. They can be cited, read, and downloaded. Online First articles are published as Open Access (OA) articles to make the latest research available as early as possible.

Open AccessArticles marked with this Open Access icon are Online First articles. They are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.

Register for our alerting service, which notifies you by email when new issues are published online.

International Journal of Internet of Things and Cyber-Assurance (4 papers in press)

Regular Issues

  • United States and Territories 3rd-Party COVID-19 mHealth Contact Tracing: What are Security and Privacy Risks   Order a copy of this article
    by Suzanna Schmeelk, Shannon Roth, Christopher Shaw, Mughees Tariq, Julia Rooney, Emily Lackraj, Khalil Wood, John Kamen, Denise Dragos 
    Abstract: COVID-19 has become a public health crisis that has affected millions of individuals. With the spread of this pandemic and the constant increase in fatalities worldwide, countries tried to mitigate the spread; many states, localities, and USA territories responded by developing contact tracing mobile applications for health (mHealth). Since this pandemic quite suddenly became a widespread problem, developers built many applications quickly. Due to the rise of data security and privacy issues, this paper analyses reported security concerns associated with 3rd-party library variants of these contract tracing applications. We analyse the applications downloaded in October 2021 through a mobile application penetration testing tool framework, the mobile security framework (MobSF). We aggregate and report on the 3rd-party application security and privacy findings.
    Keywords: mobile application risk analysis; COVID-19 contact tracing; cyber and information security; mHealth applications.
    DOI: 10.1504/IJITCA.2023.10053663
     
  • A model to detect man-in-the-middle attack in IoT networks: a machine learning approach   Order a copy of this article
    by Abel Tadesse, Tibebe Beshah 
    Abstract: The internet of things (IoT) is a network comprised of processors, sensors, actuators, and wireless access points that interoperate with one another for collecting vast amount of environmental phenomena using sensors and relay these sensors readings to a central database or server via gateways wirelessly. The man-in-the-middle (MITM) attack is a type of cyberattack where a perpetrator with malicious intents intercept an ongoing communication between two parties and use this communications breach to either eavesdrop on the communicated message or even alter the message and send it to the intended legitimate receiver. End nodes in IoT networks are highly susceptible to cyberattacks like MITM attacks that exploit address resolution protocol (ARP) vulnerabilities. In this study, a machine learning model is developed to predict if an IoT networks sensors records have originated from an ARP cache poisoned IoT network based solely on the networks sensors readings themselves.
    Keywords: internet of things; IoT; IoT networks; IoT vulnerability; sensors; IoT testbed; address resolution protocol; address resolution protocol cache poisoning; ARP; man-in-the-middle attack; MITM; machine learning.
    DOI: 10.1504/IJITCA.2023.10057940
     
  • TruCerT: trusted certification of IoT devices using hardware-based root-of-trust   Order a copy of this article
    by Anum Khurshid, Mudassar Aslam, Simon Bouget, Shahid Raza 
    Abstract: The IoT research community is reinforcing their focus on IoT certification since the EU Cybersecurity Act. The key to establishing an IoT certification framework lies in automating the certification, re-certification and risk-assessment processes. The main challenge however arises from the diversity of manufacturers shipping their devices, their susceptibility to remote hacks, new vulnerabilities and software updates breaking the existing certification seal. We propose TruCerT, an automated and trusted audit and certification mechanism to guarantee software-state assurance. The mechanism builds on remote integrity verification (RIV) procedures and leverages Trusted Platform Module (TPM 2.0) on IoT devices. We derive the requirements of an IoT device certification scheme from the EU Cybersecurity Act guidelines and discuss their fulfillment. An overview of the network overhead and execution overhead of TruCerT and a formal analysis using Tamarin is provided, verifying that the protocol delivers authentic, non-spoofable certificates and is resistant to replay attacks.
    Keywords: internet of things; IoT; IoT certification; IoT device security certification; Trusted Platform Module; TPM 2.0; software-state integrity; assurance; remote integrity verification; RIV; EU Cybersecurity Act; EU Cybersecurity Certification Framework.
    DOI: 10.1504/IJITCA.2023.10059641
     
  • An ensemble-based IDS for edge computing network   Order a copy of this article
    by Amit Kumar 
    Abstract: Advanced and sophisticated cyber-attacks are rapidly evolving in the context of edge computing and IoT networks. The distributed nature of these networks, the large number of connected devices, and the potential heterogeneity of the devices and protocols involved create an expanded attack surface for cybercriminals. Hence, this research aims to design and develop efficient and robust ensemble-based intrusion detection system (IDS) for detecting attacks in edge computing networks. The proposed model employs a voting classifier in four different classification models: decision tree, random forest, extra tree and K-nearest neighbours. This paper uses the recursive feature elimination technique to select the relevant and practical features. The novelty of the paper is the detection of new types of intrusion or attacks in network traffic. Therefore, the recently released dataset CIC-IDS-2017 was used to evaluate the proposed IDS model. Analytical results showed that the proposed model has achieved high accuracy of 99.92%, recall of 99.93%, the precision of 99.97%, f1-score of 99.95%, and a false-positive rate of 0.001%, as compared to the previous studies.
    Keywords: edge computing; intrusion detection system; IDS; internet of things; IoT.
    DOI: 10.1504/IJITCA.2023.10066266