Internet of Threats Introspection in Dynamic Intelligent Virtual Sensing Victor R. Kebande Joseph Bugeja Jan A. Persson Internet of Things and People Internet of Things and People Internet of Things and People Research Center, Research Center, Research Center, Malmö Universitet Malmö Universitet Malmö Universitet Malmö, Sweden Malmö, Sweden Malmö, Sweden victor.kebande@mau.se joseph.bugeja@mau.se jan.a.persson@mau.se ABSTRACT Continued ubiquity of communication infrastructure across 1 INTRODUCTION Internet of Things (IoT) ecosystems has seen persistent advances The emergence of the Internet of Things (IoT) and the need to of dynamic, intelligent, virtualised sensing and actuation. This has disseminate effective services to human beings across IoT led to effective interaction across the connected ecosystem of environments has paved the way for the physical world to be “things”. Furthermore, this has enabled the creation of smart digitally connected. Sensing has been at the center of all these environments that has created the need for the development of proliferations, however, the need to enforce the security of different IoT protocols that support the relaying of information information for smart IoT environments, connected ‘things’ and across billions of electronic devices over the Internet. That systems like Industrial Control Systems (ICS), cyber-physical notwithstanding, the phenomenon of virtual sensors that are Systems (CPS) and the Supervisory Control and Data Acquisition supported by IoT technologies like Wireless Sensor Networks (SCADA) networks has given rise to the considerations of IoT (WSNs), RFID, WIFI, Bluetooth, ZigBee, IEEE 802.15.4, etc., security. Most of the IoT devices currently do not have advanced emulates physical sensors, and enables more efficient resource security capabilities and given the continued increase of IoT management through the dynamic allocation of virtual sensor device’s capabilities, information produced by these devices has resources. A distinctive example of this has been the proposition of increased in volume and complexity over the years, effectively the Dynamic Intelligent Virtual Sensors (DIVS). This DIVS widening the threat landscape. Currently, IoT-based attacks seem concept is a novel proposition that allows sensing to be done by the to be channeled towards the control systems and the Critical use of logical instances through the use of labeled data. This allows Infrastructure Systems (CIS) that mainly comprise embedded IoT for making accurate predictions during data fusion. However, a devices and systems. The main target, however, is the information potential security attack on DIVS may end up providing false labels that is produced and exchanged by these devices and the services during the User Feedback Process (UFP), which may interfere with rendered. It is imperative to note that there is a need to ensure the the accuracy of DIVS. This paper investigates the threat landscape safety of this information. This is as this information may involve in DIVS when employed in IoT ecosystems, in order to identify the attributes that can be inadvertently used to compromise the extent to which the severity of these threats may hinder accurate overall resilience, security and privacy of an IoT system and its prediction of DIVS in IoT, based on labeled data. The authors have users. conducted a threat introspection in DIVS from a security Virtual sensors provide an abstraction of physical computing perspective. resources that are able to be adopted as logical representations across users which brings about effectiveness [1] on how sensor KEYWORDS data is processed during data fusion. However, during machine Virtual sensors, Internet of Threats, Introspection, IoT, learning process, there may exist security challenges that can Security, Privacy, VIoT, DIVS. interfere or change the fusing data. While virtual sensors provide cost-effective approaches that allow them to utilise nodes when only needed, the use of virtual sensing has triggered other alarming security challenges in IoT environments. The most 1st Workshop on Cyber-Physical Social Systems (CPSS2019), infamous security challenge has been passive and active threats October 22, 2019, Bilbao, Spain. that exist in virtual sensors in IoT ecosystems [33]. Preliminary studies that have been conducted on virtual sensors [2-7] have Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). mainly focused on how WSNs can be deployed in a virtualised 22 CPSS2019, October 22, 2019, Bilbao, Spain V.R. Kebande, J. Bugeja and J.A. Persson environment in order to achieve sensing as a service (SaaS) but Organisation: The remainder of this paper is structured as security of virtual sensors is least explored under these follows: Section 2 covers the background while Section 3 handles circumstances. This research has been motivated by the fact that Virtual Internet of Threats (VIoT) adversarial model. After this, the User-feedback Process (UFP) in DIVS could advertently be Section 4 explains the VIoT introspection in DIVS. This is attacked through malicious inputs through labeled data in order to followed by Section 5 that presents open security problems and influence the behavior of virtual sensors. Still attackers could use future research directions. Next, Section 6 gives a discussion of virtual sensors to push malicious code into IoT devices [21]. the study. Finally, the paper concludes in Section 7 and make Consequently, besides attacking IoT devices over prevailing mention of future work. threats, adversaries can use sensor instances to attack other interconnected sensors in the case of virtual sensors. 2. BACKGROUND Therefore, the authors prioritize the security perspective of virtual sensors from the standpoint of identifying the threats in virtual This section provides background information on the following sensors and suggesting research directions. Additionally, a areas: virtual sensing in IoT, DIVS, and the need for DIVS discussion that has used the Dynamic Intelligent Virtual Sensor security across IoT paradigms. Virtual sensing in IoT has been (DIVS) proposition as a basis has formed the focal part of this discussed in this paper to show how pertinent virtualisation is for study. Consequently, the authors through this paper take a step to the sensor networks in IoT. DIVS which is an intelligent virtual give an introspection on the risks posed by threats in virtual sensor forms the basis of the discussion in this paper. The need sensors in IoT environment. To bring out the problem explicitly, for DIVS security is discussed to show different technologies in the authors consider a fictitious hypothetical scenario below that WSN that face security challenges. These discussions are relevant has mainly been used for illustration purposes. to the study presented in the rest of the paper. XYZ is a smart campus, that allows real-time activity Virtual sensing in IoT detection in study rooms. A user’s activity can be detected Research by [5] has highlighted that Virtualised Wireless Sensor through the presence of a DIVS, which inputs sensor data Networks (VWSNs) are important for IoT paradigms if the like sound level, temperature, motion etc. X is a malicious paradigm is to achieve effective connectivity, scalability and cost user who has managed to interfere with the DIVS during saving approaches, which allows IoT users to get dedicated the User Feedback Process (UFP). Also, X has been able resources [8]. Apart from that, sensor virtualisation consists of to masquerade using false labels and has managed to instances running over applications on a sensor node that mount multiple illegal sensor nodes with the same emulates a physical sensor. Additionally, virtual sensing in IoT is identities within the network and this has also enabled a supported by several standards like ZigBee, Zwave, 6LowPAN, total shut down of the smart cameras. X has been able to 802.11 and IEEE 802.15.4 [9-12]. Notably, research by [1] gives achieve this because it is possible in the UFP to achieve a different perspective of VWSN that is based on VWSN’s this for instance through pushing a button or input of data implementation. These authors highlight that VWSNs can be through a panel. Apart from that, information between implemented either at node-level or at network-level, where other DIVS has been re-routed and dynamic services have node-level allows multiple sensor tasks to be computed at a single been denied. sensor node concurrently. On the other hand, network-level virtualisation allows the formation of Virtual Sensor Network Based on the aforementioned challenge in the hypothetical (VSN) by a subset of WSN nodes. This is apparent in the scenario, it is important to note that the existence of DIVS, acts subsequent sections of this paper. Also, research by [13] has as an open environment for IoT-based virtual sensor threats given proposed a Dynamic Intelligent Virtual Sensor (DIVS) that can that, at the time of writing, the security aspects of virtual sensors create abstraction layers over physical infrastructures to enable has not been explored. the logical instances to perform tasks, which has been discussed in the section to follow. Contributions: The authors give the contribution of this paper as follows: Dynamic intelligent virtual sensor (DIVS) The Dynamic Intelligent Virtual Sensor (DIVS) which has been 1. Give an introspection of the threats in IoT in the used as a preliminary study in this paper presents the notion of a perspective of DIVS dubbed Virtual Internet of virtual sensor that is deployed in a heterogeneous sensing Threats (VIoT); environment. Based on Figure 1, DIVS has a machine learning 2. Explore the possible IoT threats from an information component based on labelled instances. More precisely, DIVS security perspective using DIVS as a baseline; uses heterogeneous sensor data which is able to undergo data 3. Explore open security problems in virtual sensors, fusion [13], [22]. Through the ability of online learning, DIVS is give a discussion on the propositions and suggest able to adjust with the changing nature of an IoT environment. research direction worth taking. Generally, DIVS creates an abstraction layer that overlays the physical infrastructure and the abstraction layer caters mainly of 23 Internet of Threats Introspection in Dynamic intelligent Virtual Sensing CPSS2019, October 22, 2019, Bilbao, Spain multiple logical instances [22]. Based on the availability of these technology requires to be authenticated [14], while ZigBee [18] logical instances, services can easily be managed or created based uses low power wireless transmission and faces integrity and on available fusing data. An important aspect that forms part of encryption issues. Radio Frequency Identification (RFID) which the security consideration is that the user through the User uses frequency waves requires encryption due to the susceptibility Feedback Process (UFP) (see Fig 1) is able to provide of integrity attacks [15]. Wireless Sensor Networks (WSNs) input/feedback for learning purposes. The UFP in its entirety is which use wireless technique to propagate requires encryption not a secure communication process in DIVS. Figure 1 shows the since information collected by sensors is sent to the server [16]. DIVS data processing pipeline. Wireless-Fidelity (Wi-Fi) that uses radio frequency signals requires authentication due to potential unauthorised access of information [19]. Message Queuing Telemetry Transport (MQTT) is a messaging protocol that uses a publish and subscribe model and it requires encryption techniques. MQTT has been used in the implementation of the DIVS concept, while IEEE 802.15.4 and 6LoWPAN for wireless requires authentication each respectively [20]. Finally, LoRaWAN which also uses long range wireless propagation mechanism requires encryption due to end devices being able to send messages to gateways [20]. In view of the foregoing, the DIVS concept [13] represents a virtual sensor that does not possess a security component and this study explores the extent to which DIVS may pose as a security threat or other threats that DIVS may face in an IoT environment. A successful attack at the DIVS concept could fulfil some of the Figure 1: DIVS Data processing pipeline [22] adversarial motives that have been mentioned in the hypothetical scenario among others. Based on these shortcomings, the The UFP, marked X in the figure, is intended to be a process adversarial threat model is discussed next. involving users to, on request by the DIVS or based on the user, provide information to improve the accuracy of the DIVS. The 3 VIRTUAL INTERNET OF THREAT (VIOT) information is typically in the format of labeled data, i.e. the ADVERSARIAL THREAT MODEL correct classification of the current state. Hence, the provision of false labels could rather quickly deteriorate the accuracy of In this section, the authors highlight the adversarial threat model prediction being made by the DIVS, i.e. the data fusion is that is centered on the DIVS [13] based on the hypothetical modified through the online learning approach such that false scenario illustrated in Section 1. Insights on the DIVS concept are predictions will be made, however, this channel faces a variety of highlighted on a high-level standpoint (See Fig 1), which together threats. Of interest in this research is to explore the threat with the threat model, that is presented in this section have been landscape from an information security perspective, using DIVS used to sum up the Internet of threat introspection discussion in as a foundation. Also, it is important to explore how a DIVS this paper. The DIVS concept has been discussed in this section attack can influence the accuracy of the DIVS. because it represents a virtual sensor that is susceptible to sensor threats from a security point of view. Need for DIVS security across IoT paradigms There is a need for enforcing the security technique of the DIVS VIoT Attacker’s Capability in the IoT paradigm. This is because the common approach for A threat is an act that can exploit security weaknesses in a system the design of security solutions for sensors are generally related and exerts a negative impact on it. Sensor threats are active to the security functions that an IT product gives [34]. The authors malicious actions that are more focused on compromising sensors of this paper emphasize the assumptions (threat model) that may through interference, leakage of information, draining sensor be exploited by an attacker, owing to the fact, that the energy or through Denial of Service (DoS), etc [21]. Virtual requirements of DIVS may change over time given the sensors allow encapsulated layers of software to be able to environment it is deployed in. In fact, the safety of virtual sensors provide services as a physical sensor, where sensor instances can should be supported by a number of architectural protocols, and perform tasks like physical sensors. However, the sensor the safety of this communication has also been backed up by the instances are susceptible to threats just like in any virtualised security of these protocols or technologies. That notwithstanding, environment – a virtualized environment involves virtual (rather the increased complexity of IoT threats and attacks has increased than actual) computer hardware platforms, storage devices, and the need for sensor technology sensitization in order to ensure computer network resources [35]. Most of the sensor sources of more secure communication. For example, 5G technology threats result from the communication and interaction of the provides seamless connectivity due to low latency and high embedded physical and virtual processes of the devices. An security through wireless communication, however, this assumption is made in our threat model that, the UFP in the DIVS 24 CPSS2019, October 22, 2019, Bilbao, Spain V.R. Kebande, J. Bugeja and J.A. Persson is an insecure channel that involves a range of sensors, where Considering the aforementioned, there is a possibility of an some may be illegal sensor nodes or the information being relayed adversary interference with the UFP to limit the accurate may travel over insecure channels (See hypothetical scenario, prediction of the DIVS service. The assumption is that the Section 1). Also, based on the hypothetical scenario, the authors possible attacks that may be directed to DIVS service hold some assume that any user interacting with the DIVS service cannot be characteristics as follows: trusted, therefore raising trust issues. Additionally, the authors assume that integrity, confidentiality and authentication, which • False labels to the DIVS could interfere with the are some of the prime goals that are meant to be achieved in DIVS online learning process by giving outputs other than could be violated by a malicious user in the UFP. In this context, the originally intended hence affecting the accuracy of the threats could be targeted to the data fusion model through DIVS prediction during data fusion. online learning based on the UFP. • The UFP between on the DIVS service may be an insecure transmission mechanism through which an Threat Model adversary is able to have full or partial control which may make him able to modify or tamper. The threat model, for the focus of analysis, is a culmination of the • An adversary can deny service to the DIVS possibilities that may be experienced as a result of the execution communication channel which may interfere with the of the DIVS (see Fig. 1) service to and from the oracle/user for UFP. labeled instances, which has been termed as the DIVS service- • If a gatekeeper is tasked in managing the UFP, an UFP. Given that virtual sensors are deployed in an uncontrolled, adversary can attack and capture it which eventually potentially open environment, the authors assume that the UFP may break the entire communication channel of the has the potential of being captured or being tampered with by an UFP. adversary using a variety of techniques. While the existing • Still, an adversary over the UFP channel could obtain literature [21], [32] has shown that sensors can resist being sensitive data in a malicious way that could violate tampered with, e.g., through tamper-resistant packaging, our data privacy. threat model focuses on the data transmitted between the oracle • An adversary could use the sensor instances of the and the DIVS service. The authors argue that an adversary may DIVS as instruments of launching sensor-based or be more interested to attack the UFP, resulting in inaccurate other malicious attacks. predictions, i.e, that can allow one to provide false labels in order Based on the above-mentioned characteristics, there is a need to to interfere with online learning of DIVS. This has also been highlight the security goals that are aimed to be achieved by the based on the propositions of the Dolev-Yao intruder attacker DIVS architecture based on the UFP. The prioritisation of the model which is the basic foundation for adversary scenario security goals depends on the control environment and how the [23]. The Dolev-Yao attacker model employs a set of rules that services are dispatched. These goals have been inclined towards can outline the potential actions used by an attacker concerning the integrity of the information being transmitted in order to avoid information exchanged between parties during protocol the injection of false data, communication alteration, tampering execution. This foundation shows the duplex communication between the users and the DIVS service, authenticity of between two distinct nodes in a WSN during normal user- transmitting parties, privacy and trust. These concerns mainly feedback process to the DIVS service. During this UFP to DIVS represent top concerns that can be shared across IoT-based service, A as depicted in equation (i) could easily be transmitting systems. an encrypted message {M} to B and Z could intercept {M} and re-encrypt to M ({M}) as is shown in (i), (ii), (iii), (iv) and (v) 4. VIRTUAL INTERNET OF THREAT (VIOT) respectively. INTROSPECTION IN DIVS In this section, the authors highlight VIoT introspection A(send) ->(transmit_the_process) B(receive): {M}(encrypted)_B (i) approaches in DIVS as a contribution that has been given from a security perspective. This section has concentrated on showing B(send) ->(echo_ACK) A(receive): {M}_A(encrypted) (ii) how virtual sensors are susceptible to threats and attacks in DIVS. This is then followed by a discussion on virtual sensor threats, This could be intercepted, modified and rerouted easily, hence the vulnerabilities and attacks. It is important to note that the VIoT need to create or have correlating aspects; discussion presented in this section is inclined to the initially described DIVS and based on the analogies of the hypothetical Z (adversary)->(intercept) B: {M}_B(encrypted) (iii) scenario (See Section 1). B (received from Z) ->(echo_ACK) Z: {M}_Z(encrypted) (iv) VIoT from a security perspective Virtual sensors that mainly emulate physical sensors represent the M (Z -> A: {M}_A) (Re-encrypted) (v) interaction with the target environment using specialised software. The software in this context is used to allow the sensing 25 Internet of Threats Introspection in Dynamic intelligent Virtual Sensing CPSS2019, October 22, 2019, Bilbao, Spain of various context-aware entities in order to have a virtualised identified sensors have intelligent and security components and representation that emulates the physical electronic sensor nodes, this is shown in Table 1. where mostly many activities are associated to the traditional From Table 1, the DIVS [13] is an intelligent sensor that allows WSNs [25], [26]. For example, the most effective way to manage multiple logical instances to run simultaneously through node a million sensors that are deployed in a smart IoT environment, level virtualisation and based on its representation, information or a smart city, to monitor people’s activities in order to collect security concerns are hardly addressed. Importantly, the study on sensor data is to apply intelligent virtual sensors. This is a cost- threats should be more focused on checking the integrity of the effective exercise where an application can utilise virtual sensors information being transmitted from the user to the DIVS service or opportunistic sensing [24]. From an information security through the UFP that was highlighted in the adversarial threat standpoint, the existence of configuration flaws or vulnerabilities model. Next, a cloud of virtual sensors by [27] has a sensor in sensors allow an adversary to use virtual sensors as instruments implemented at network level virtualisation and this sensor is not of perpetrating attacks. This is because a number of resources end intelligent and the security and information privacy concerns are up being shared which in the long run opens the possibility of not discussed. shred vulnerabilities. The authors have explored a more recent study on virtual sensors The possible threat area for this sensor is that it lacks security [1-10], from how they are implemented; node-level sensor and techniques for virtual, intermediate nodes and aggregating data. network-level sensor virtualisation. From this study, open Also, a virtual sensor as a service [28] that is implemented at problems and future research directions have also been noted from network level virtualisation level has not highlighted security and the study. Additionally, the authors have also been able to classify privacy concerns which remains open due to lack of a security from the literature (using √ and X to show the presence and component in the cloud which makes it susceptible to attack. absence of a virtual sensor component respectively), whether the Finally, an interactive model based virtual sensors for IoT applications [29] also has open potential threats that need security Table 1. Virtual sensors implementation level overview and possible threats Literature on Dynamic Node-level Network-level Information Virtual and Sensor Sensor Security & Sensor Threat Sensors Intelligent Virtualisation Virtualisation Privacy 1 Dynamic Integrity of Intelligent transmitted Virtual information, Sensor √ √ X X privacy and (DIVS) [13] trust of the transmitting parties 2 A cloud of Security of virtual virtual and sensors [27] intermediate X X √ X nodes and security of aggregating data 3 Virtual sensor Lack of as a service security [28] component in the cloud- X X √ X centric IoT architecture. Lack of sensor activity detection 4 A location- Secure virtual based Sensor instance interactive monitoring and model of IoT- √ √ X X integrity checks sensors [29] 26 CPSS2019, October 22, 2019, Bilbao, Spain V.R. Kebande, J. Bugeja and J.A. Persson monitoring of sensor instances coupled with integrity checks. It is Most of the IoT-based virtual sensors transmit information worth to mention that what is partial and what is similar on without necessary safety even though security holds paramount information security and privacy is shown in Table 1 and the importance. The security and privacy of virtual sensors is a discussion has been presented from a cursory investigation. critical issue that at the time of writing this article has not been explored extensively. Disregarding the security of information VIoT security goals that is passed by virtual sensors means that the full benefits of IoT The IoT ecosystem which is heterogeneous consists of “things”, cannot be achieved. Additionally, the availability of many IoT which also consist of a number of sensors that are able to collect communication devices has increased the threat landscape and and transmit sensor data based in an IoT environment. The need security risks have increased. Given the increased number of for access-control infrastructure in IoT has been highlighted as an connected devices, the IoT technologies also face formidable important approach that can mitigate security breaches and security challenges, standardisation issues and communication leakage of sensor data. Generally, IoT consists of features that are complexities. Based on the DIVS goals, we have classified threats able to be sensed in a computer network, actuation nodes etc. based on active or passive threats. In this context, active threats These “things” can also be monitored within an IoT environment, are achieved by modifying the functionality of IoT systems while either in a virtual or physical setting as is highlighted by the IEEE passive threats are through the communication channel. This is 1451 family of standards and interfaces [30]. The security in IoT shown in Figure 3. context plays a vital role for ensuring the safety of information and the devices within IoT ecosystem. Figure 2 shows the relationship that exists between the sensor data and security goals. The security layers should be added to the communication and transmission of sensor data and the things that carry data need to have a relationship to the physical devices in order for communication to be complete. Other relevant devices include a data capturing device, sensors and actuators [5]. General IoT communicating devices ensure effective communication over a device that has embedded processing. Consequently, from the perspective of IoT, it is possible to protect sensor data, in memory, at rest, in transit and also end-to-end security from the user to the service to the physical hardware. Figure 3: Mapping DIVS security goals to potential threats The DIVS security goals have been mapped to the potential virtual sensor threats. Based on the three goals: integrity, authenticity, privacy and trust, a selected number of threats are mapped to each goal in a generic way. However, each of the IoT supported technology could still face other attacks. For example, Man In The Middle (MITM), data tampering, malicious input and impersonation attacks are categorized as active threats under DIVS integrity and authenticity goals respectively as is shown in Figure 2 previously. Apart from that, data collection, tracking users, eavesdropping, and traffic analysis have been categorised as passive threats under DIVS privacy goal. Figure 2: The relationship between VIoT goals Figure 2, shows a representation of the VIoT security goals that That notwithstanding, IoT security technologies that support need to be achieved by the virtual IoT environment. It is virtual sensing (See Section 2.3) are mainly constructed to imperative to note that the prime objective of these goals is to support low-power devices and resource-constrained devices. As ensure the safety of the sensor data and communication. a result, the expansion of IoT and the complexity of how Authenticity is the basic building block for a strong IoT information security can be managed keeps changing. It is worth ecosystem while privacy and trust limit the unnecessary exchange elaborating that there exist other forms of attacks that culminate of information through proper verifications of the identities of from IoT communication technologies, which in the long run things and users. IoT integrity provides a mechanism of affect the virtual sensing. For example, privacy of information cryptographic protection of sensor data, which provides a strong and are threats that face 5G [14], RFID [15] faces integrity approach for end-to-end protection of data in IoT environment. attacks, WSN [16] technology faces Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. Low energy Bluetooth [17] faces the threats of blue jacking and blue snarfing, 27 Internet of Threats Introspection in Dynamic intelligent Virtual Sensing CPSS2019, October 22, 2019, Bilbao, Spain ZigBee [18] is susceptible to Man in the Middle (MITM) attacks, data through the use of different multiple levels of secure eavesdropping for Wireless Fidelity (WIFI) [19] and port access in order to prevent unauthorised access to obscurity for MQTT [20]. Physical and Media Access Control individual data even when security cameras are used. (MAC) attacks for IEEE 802.15.4 [20], DoS and eavesdropping for LoRaWAN [20] and IP spoofing for 6LoWPAN [20]. It is • Virtual sensor attribution: While it remains important important to note that there may exist many threats as a result and to discover what IoT device may be attributed to a the selected threats have been used for illustrative purposes. particular threat or attack, it is also important to focus on virtual sensor attribution. This is mainly because when 5. OPEN SECURITY ISSUES AND RESEARCH virtual sensors may be used as attack objects, they have DIRECTIONS a possibility of interfering with an IoT environment In this section, the authors give a discussion on the open security either actively or passively [33]. issues in virtual sensors and research directions that are worth taking. The important aspect of the aforementioned concept is the 6. DISCUSSIONS learning/adaptability capability of DIVS to changing We revisit the hypothetical scenario that has been highlighted in environments. VIoT concept which culminates from the Section 1 of this paper. The scenario mainly focused on the susceptibility of virtual sensors to threats in the IoT environment drawbacks that are achieved as a result of attacks on integrity, is still an emerging phenomenon given that still this research area confidentiality and authenticity as a result of the existing threats is less explored at the time of writing this paper. Furthermore, the on virtual sensors. Given how virtual sensing is achieved in an rise of the threats in IoT has been as a result of increased sensor IoT environment, succeeding with these attacks is considered a technologies, increased number of devices, and increased amount serious breach of security techniques that can easily compromise of information that are produced by these devices. For example, a whole IoT environment. X, the malicious user from the the DIVS concept puts forward a virtual sensor that is deployed hypothetical scenario (section 1) has been able to achieve in the IoT environment to accumulate sensor data in an malicious goals through spoofing and the threats are realised as environment that has a multitude of sensor threats. The authors soon as X is able to shut down the smart cameras and mount illegal explore the following issues and research directions: sensor nodes through a rented VM. Consequently, given that the scenario pinpoints the failure on how security could be enforced, • Protecting the communication channel from virtual and a success on the malicious goals by X, we review the security sensor: Little focus has been put on how one can ensure goals that the DIVS which has been used as a basis of study in that the operations of virtual sensors are able to overcome this paper is meant to achieve. It is therefore, an important integrity threats. It is important for IoT tool designers to measure to ensure the adoption of an IoT architecture with be able to design tools that are able to identify threats that security capabilities for the DIVS/virtual sensors. relate to malicious configurations that can hamper or compromise the integrity of sensor data. Further research The security techniques that can help to protect virtual sensors in should also focus on creating dynamic intelligent virtual the IoT environment should mainly focus on how the information sensor configurations that are tamper free from alterations that is passed between sensors and the environment is being and modification of communication process. Through this, sensed. While the internet and communication carry much the accuracy of the online learning process can be importance, it is also important to say that it acts as a safe haven guaranteed. for attackers and it could be used to propagate attacks. If we revisit the DIVS concept (section 2.2), it is an example of a virtual • Virtual sensor resilience: Generally virtual sensors form and dynamic intelligent sensor that needs information security part of the IoT system at large and it is important to ensure protection techniques that can safeguard information that is being that if the virtual nodes are compromised, the IoT’s relayed. VIoT introspection attempts to do an extensive functionality should continue to operate. It is vital that the exploration on how susceptible the virtual sensors are to threat compromised nodes are identified, isolated and reported. tribulations in an IoT environment and also it shows the Further research should be focused on not being able to drawbacks that this may have to IoT communication technologies change the existing functionality of the IoT system in case that has been shown in Table 3 of this article. A more realistic vulnerabilities or an attack is detected, but also for the approach that highlights the mechanism of hardening the virtual virtual sensor to continue operating with a high level of sensing in IoT is the use of four-layer IoT architecture that has the accuracy. support of security recommendations that are aimed at protecting IoT communications [31], [32]. This security recommendation • Privacy: There is a need for ensuring that privacy span across four layers namely the application layer (1) that enhancing technologies are employed to IoT generated ensures there is proper authentication/key agreement and privacy data that moves across connected things through data during message passing. Then this is followed by a support layer segregation and separation. Research directions should (2) that ensures that there is secure cloud computing in case be more focused on protection through aggregation of resources are being shared, then network layer (3) that supports 28 CPSS2019, October 22, 2019, Bilbao, Spain V.R. Kebande, J. Bugeja and J.A. Persson identity authentication and encryption approaches. Lastly, the [11] Wang, X., & Mu, Y. (2015). Addressing and privacy support for 6LoWPAN. IEEE Sensors Journal, 15(9), 5193-5201. perception layer (4) that supports encryption and key agreement [12] Farooq, M. O., & Kunz, T. (2012, November). Contiki-based IEEE 802.15. 4 in order to support the sensor data. Given that there is direct node's throughput and wireless channel utilization analysis. In 2012 IFIP information passing at the DIVS, it makes the threats to be likely Wireless Days (pp. 1-3). IEEE. [13] Mihailescu, R. C., Persson, J., Davidsson, P., & Eklund, U. (2016, October). to be forthcoming and based on these, the authors echo the Towards collaborative sensing using dynamic intelligent virtual sensors. importance, that the four-layer IoT security architecture, may play In International Symposium on Intelligent and Distributed Computing (pp. 217- 226). Springer, Cham. as far as this information security of DIVS is concerned. If we [14] Akpakwu, G. A., Silva, B. J., Hancke, G. P., & Abu-Mahfouz, A. M. (2017). A revisit the user-feedback process (UFP)/flow in the DIVS, survey on 5G networks for the Internet of Things: Communication technologies and challenges. IEEE Access, 6, 3619-3647. information is expected to be transmitted or sent by authentic [15] Fadel, E., Gungor, V. C., Nassef, L., Akkari, N., Malik, M. A., Almasri, S., & users from the application layer where their authenticity and Akyildiz, I. F. (2015). A survey on wireless sensor networks for smart privacy can be enhanced. It is important to say that the grid. Computer Communications, 71, 22-33. [16] Padgette, J., Scarfone, K., & Chen, L. (2012). Guide to bluetooth security. NIST functionality of virtual sensors allows logical instances to be used Special Publication, 800(121), 25. on an on-demand basis and this raises the question of the logical [17] Wang, W., He, G., & Wan, J. (2011, September). Research on Zigbee wireless communication technology. In 2011 International Conference on Electrical and instances being threats to other virtual sensors/instances. In this Control Engineering (pp. 1245-1249). IEEE. case, the virtual instance could be used to propagate attacks, [18] Dragomir, D., Gheorghe, L., Costea, S., & Radovici, A. (2016, September). A where it could be possible for the attacker to use an instance and survey on secure communication protocols for IoT systems. In 2016 International Workshop on Secure Internet of Things (SIoT) (pp. 47-62). IEEE. then shut down the virtual component or change the location of [19] Akpakwu, G. A., Silva, B. J., Hancke, G. P., & Abu-Mahfouz, A. M. (2017). A the virtual component. survey on 5G networks for the Internet of Things: Communication technologies and challenges. IEEE Access, 6, 3619-3647. [20] Dragomir, D., Gheorghe, L., Costea, S., & Radovici, A. (2016, September). A 7. CONCLUSION AND FUTURE WORK survey on secure communication protocols for IoT systems. In 2016 International Workshop on Secure Internet of Things (SIoT) (pp. 47-62). IEEE. This paper has introduced the concept of VIoT introspection and [21] Sikder, A. K., Petracca, G., Aksu, H., Jaeger, T., & Uluagac, A. S. (2018). A the authors have concentrated on giving discussions on the need survey on sensor-based threats to internet-of-things (iot) devices and for introducing information security layers in virtual sensing. This applications. arXiv preprint arXiv:1802.02041. [22] Tegen, A., Davidsson, P., Mihailescu, R. C., & Persson, J. A. (2019). study gives a comprehensive overview at virtual sensors from an Collaborative Sensing with Interactive Learning using Dynamic Intelligent information security perspective. It is the authors’ belief that the Virtual Sensors. Sensors, 19(3), 477. [23] Herzog, J. (2005). A computational interpretation of Dolev–Yao study will have a broad impact as far as virtual sensor threats are adversaries. Theoretical Computer Science, 340(1), 57-81 concerned. While this is work in progress, future work is aimed [24] Ma, H., Zhao, D., & Yuan, P. (2014). Opportunities in mobile crowd at creating a real-time attack detection VIoT test-bed to be able to sensing. IEEE Communications Magazine, 52(8), 29-35 [25] S, W.; S, Y.; Akyildiz, E.C.I.F. Wireless Sensor Networks: A Survey. Int. J. Adv. identify and mitigate the virtual IoT sensor threats. Res. Comput. Sci. Softw. Eng. 2002, 38, 393–422 [26] Nitti, M.; Pilloni, V.; Colistra, G.; Atzori, L. The Virtual Object as a Major Element of the Internet of Things: A Survey. IEEE Commun. Surv. Tutor. 2016, ACKNOWLEDGEMENT 18, 1228–1240. [CrossRef] This research was partially funded by The Swedish Knowledge [27] Madria, S., Kumar, V., & Dalvi, R. (2013). Sensor cloud: A cloud of virtual Foundation through the Internet of Things and People grant sensors. IEEE software, 31(2), 70-77. [28] Khansari, M. E., Sharifian, S., & Motamedi, S. A. (2018). Virtual sensor as a number 20140035. service: a new multicriteria QoS-aware cloud service composition for IoT applications. The Journal of Supercomputing, 74(10), 5485-5512. [29] Bilal, M., & Kang, S. G. (2017). An authentication protocol for future sensor REFERENCES networks. Sensors, 17(5), 979. [1] Khan, I., Belqasmi, F., Glitho, R., Crespi, N., Morrow, M., & Polakos, P. (2015). [30] Kang, L. IEEE 1451 and IEEE 1588 Standards. Available online: Wireless sensor network virtualization: A survey. IEEE Communications https://www.nist.gov/sites/default/files/ documents/el/isd/ieee/Information-on- Surveys & Tutorials, 18(1), 553-576. 1451_1588-V36.pdf (accessed on 30 May 2018). [2] Nkomo, M., Hancke, G., Abu-Mahfouz, A., Sinha, S., & Onumanyi, A. (2018). [31] Darwish, D. (2015). Improved layered architecture for internet of things. Int. J. Overlay virtualized wireless sensor networks for application in industrial internet Comput. Acad. Res.(IJCAR), 4, 214-223. of things: A review. Sensors, 18(10), 3215. [32] Burhan, M., Rehman, R., Khan, B., & Kim, B. S. (2018). IoT Elements, Layered [3] Khan, I., Belqasmi, F., Glitho, R., Crespi, N., Morrow, M., & Polakos, P. (2015). Architectures and Security Issues: A Comprehensive Survey. Sensors, 18(9), Wireless sensor network virtualization: early architecture and research 2796. perspectives. IEEE Network, 29(3), 104-112. [33] Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of [4] Dinh, T., Kim, Y., & Lee, H. (2017). A location-based interactive model of things: Vision, applications and research challenges. Ad hoc networks, 10(7), internet of things and cloud (IoT-Cloud) for mobile cloud computing 1497-1516. applications. Sensors, 17(3), 489. [34] Bialas, A.(2010). Intelligent Sensors Security. Sensors, 10(1), 822-859. [5] Armando, N., Rodrigues, A., Pereira, V., Sá Silva, J., & Boavida, F. (2018). An [35] Dijiang Huang, Huijun Wu, Chapter 2 - Virtualization, Editor(s): Dijiang Huang, outlook on physical and virtual sensors for a socially interactive Huijun Wu, Mobile Cloud Computing, Morgan Kaufmann, 2018, Pages 31-64, interonet. Sensors, 18(8), 2578. ISBN 9780128096413, https://doi.org/10.1016/B978-0-12-809641-3.00003-X. [6] Dinh, T., & Kim, Y. (2017, May). An efficient sensor-cloud interactive model for on-demand latency requirement guarantee. In 2017 IEEE International Conference on Communications (ICC) (pp. 1-6). IEEE. [7] S, W.; S, Y.; Akyildiz, E.C.I.F. Wireless Sensor Networks: A Survey. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 2002, 38, 393–422 [8] Khalid, Z., Fisal, N., & Rozaini, M. (2014). A survey of middleware for sensor and network virtualization. Sensors, 14(12), 24046-24097. [9] Kumar, A., & Hancke, G. P. (2014). A zigbee-based animal health monitoring system. IEEE sensors Journal, 15(1), 610-617. [10] Fouladi, B., & Ghanoun, S. (2013). Security evaluation of the Z-Wave wireless protocol. Black hat USA, 24, 1-2. 29