Security and Safety

  • Dimitrios Serpanos
  • Marilyn Wolf


Safety is a critical requirement for IoT systems and services in numerous application domains, such as health, transportation, energy, and manufacturing. Security is a prerequisite of safety, because its violation leads to unsafe systems. In this chapter, we review security technologies and challenges for IoT systems, from the device level to the application and process level.


  1. [AES01]
    NIST. (2001). Advanced Encryption Standard. FIPS Publication 197, November 26, 2001.Google Scholar
  2. [Ana15]
    Anand, A., & Knepper, R. (2015). ROSCoq: Robots powered by constructive reals. In Proceedings of the 2015 International Conference on Interactive Theorem Proving (pp. 34–50). Springer LNCS-9236.Google Scholar
  3. [And96]
    Anderson, R., & Kuhn, M. (1996). Tamper resistance: A cautionary note. In Proceedings of the 2nd Workshop on Electronic Commerce, USENIX Association, Berkeley, CA, 1996, pp. 1–11.Google Scholar
  4. [Arb97]
    Arbaugh, W., Farber, D., & Smith, J. (1997). A secure and reliable bootstrap architecture. In Proceedings of the IEEE Symposium on Security and Privacy, 1997, pp. 65–71.Google Scholar
  5. [ARM05]
    ARM Security Technology. (2005). Building a Secure System using TrustZone Technology. ARM white paper, Document PRD29-GENC-009492C, 2005.
  6. [Bar06]
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., & Whelan, C. (2006). The sorcerer’s apprentice guide to fault attacks. Proceedings of the IEEE, 94(2), 370–382.CrossRefGoogle Scholar
  7. [Bel03]
    Belenky, A., & Ansari, N. (2003). IP traceback with deterministic packet marking. IEEE Communications Letters, 7(40), 162–164.CrossRefGoogle Scholar
  8. [Ber04]
    Bertot, Y., & Castran, P. (2004). Interactive theorem proving and program development-Coq’Art: The calculus of inductive constructions. Berlin Heidelberg: Springer.Google Scholar
  9. [Bes81]
    Best, R. (1981). Crypto microprocessor for executing enciphered programs. US patent 4,278,837, July 1981.Google Scholar
  10. [Bly93]
    Blythe, S., Fraboni, B., Lall, S., Ahmed, H., & De Riu, U. (1993). Layout reconstruction of complex silicon chips. IEEE Journal on Solid-State Circuits, 28(2), 138–145.CrossRefGoogle Scholar
  11. [Bol95]
    Bolding, D. (1995). Network security, filters and firewalls. Crossroads, 2(1), 8–10.CrossRefGoogle Scholar
  12. [Cab01]
    Cabrera, J., Lewis, L., Qin, X., Lee, W., Prasanth, R., Ravichandran, B., & Mehra, R. (2001). Proactive detection of distributed denial of service attacks using MIB traffic variables—A feasibility study. In Proceedings of the IEEE/IFIP International Symposium on Integrated Network Management, pp. 609–622.Google Scholar
  13. [Cha03]
    Chan, H., Perrig, A., & Song, D. (2003). Random key predistribution schemes for sensor networks. In Proceedings of the IEEE Symposium on Security and Privacy, pp. 197–213.Google Scholar
  14. [Cha16]
    Chan, M., Ricketts, D., Lerner, S., & Malecha, G. (2016). Formal verification of stability properties of cyber-physical systems. In CoqPL’16, Jan 2016.Google Scholar
  15. [Chl96]
    Chlipala, A. (2016). Ur/web: A simple model for programming the web. Communications of the ACM, 59(8).Google Scholar
  16. [Cos16]
    Costan, V., & Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive: Report 2016/086, IACR.Google Scholar
  17. [Del15]
    Delaware, B., Pit-Claudel, C., Gross, J., & Chlipala, A. (2015). Fiat: Deductive synthesis of abstract data types in a proof assistant. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’15), Mumbai, India, Jan. 15–17, 2015, pp. 689–700.Google Scholar
  18. [Dij67]
    Dijkstra, E. W. (1967). A constructive approach to the problem of program correctness, August 1967, circulated privately.Google Scholar
  19. [Gar03]
    Garfinkel, T., Rosenblum, M., & Boneh, D. (2003). Flexible OS support and applications for trusted computing. In Proceedings of the 9th Conference on Hot Topics in Operating Systems (Vol. 9, pp. 25–25).Google Scholar
  20. [Gol07]
    Goldsby, H. J., Cheng, B. H. C., & Zhang, J. (2008). AMOEBA-RT: Run-Time Verification of Adaptive Software. In Proceedings of Models in Software Engineering (MODELS 2007), Nashville, TN, USA, September 30–October 5, 2007, LNCS-5002, Springer, pp. 212–224.Google Scholar
  21. [Hod04]
    Hodge, V., & Austin, J. (2004). A survey of outlier detection methodologies. Artificial Intelligence Review, 22(2), 85–126.CrossRefMATHGoogle Scholar
  22. [Hus03]
    Hussain, A., Heidemann, J., & Papadopoulos, C. (2003). A framework for classifying denial of service attacks. In Proceedings of the conference on applications, technologies, architectures, and protocols for computer communications (pp. 99–110). New York: ACM.Google Scholar
  23. [Jin10]
    Jin, Y., & Makris, Y. (2010). Hardware Trojans in wireless cryptographic ICs. IEEE Design and Test, 27(1), 26–35.CrossRefGoogle Scholar
  24. [Joy09]
    Joye, M. (2009). Protecting RSA against fault attacks: The embedding method. In Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 41–45.Google Scholar
  25. [Ker08]
    Keramidas, G., Antonopoulos, A., Serpanos, D., & Kaxiras, S. (2008). Nondeterministic caches: A simple and effective defense against side channel attacks. Design Automation of Embedded Systems, 12(3), 221–230.CrossRefGoogle Scholar
  26. [Kha15]
    Khan, M. T., Serpanos, D., & Shrobe, H. (2015). On the formal semantics of the cognitive middleware AWDRAT. Technical Report MIT-CSAIL-TR-2015-007, Computer Science and Artificial Intelligence Laboratory, MIT, USA, March 2015.Google Scholar
  27. [Kha17]
    Khan, M. T., Serpanos, D., & Shrobe, H. ARMET: Behavior-Based Secure and Resilient Industrial Control Systems. In Proceedings of the IEEE, Preprint. URL:
  28. [Kim04]
    Kim, S. S., Reddy, A. L. N., & Vannucci, M. (2004). Detecting traffic anomalies through aggregate analysis of packet header data. In Proceedings of 3rd International IFIP-TC6 Networking Conference (NETWORKING 2004), Athens, Greece, May 9–14, 2004, Springer LNCS-3042, pp. 1047–1059.Google Scholar
  29. [Koc96]
    Kocher, P. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology – CRYPTO’96. Springer, pp. 104–113.Google Scholar
  30. [Koc99]
    Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology-CRYPTO’99. Springer, pp. 789–789.Google Scholar
  31. [Kuh97]
    Kuhn, M. (1997). The Trust No1 cryptoprocessor concept. mgk25/.
  32. [Lak05]
    Lakhina, A., Crovella, M., & Diot, C. (2005). Mining anomalies using traffic feature distributions. In Proceeding of the 2005 Conference on Applications, Technologies, Architectures and Protocols for Computer Communications (SIGCOMM 2005), Philadelphia, PA, USA, August 22–16, 2005, pp. 217–228.Google Scholar
  33. [Lie03]
    Lie, D., Thekkath, C., & Horowitz, M. (2003). Implementing an untrusted operating system on trusted hardware. ACM SIGOPS Operating Systems Review, 37(5), 178–192.CrossRefGoogle Scholar
  34. [Lie00]
    Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., & Horowitz, M. (2000). Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices, 35(11), 168–177.CrossRefGoogle Scholar
  35. [Mal16]
    Malecha, G., Ricketts, D., Alvarez, M. M., & Lerner, S. (2016). Towards foundational verification of cyber-physical systems. In Proceedings of 2016 Science of Security for Cyber-Physical Systems Workshop (SOSCYPS), April 2016, pp. 1–5.Google Scholar
  36. [Mic11]
    MICROSOFT. (2011). Shared source initiative.
  37. [Mor15]
    Dworkin, M. J. (2015). SHA-3 Standard: Permutation-based hash and extendable-output functions. Federal Information Processing Standards (NIST FIPS) – 202, August 04, 2015.Google Scholar
  38. [Mul06]
    Muller, G. (2006). Special issue: Privacy and security in highly dynamic systems-introduction. Communications of the ACM, 49(9), 28–31.CrossRefGoogle Scholar
  39. [New16]
    Newman, L. H. (2016). What we know about Friday’s massive east coast internet outage. WIRED, October 21, 2016.
  40. [Pax99]
    Paxson, V. (1999). Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23–24), 2435–2463.CrossRefGoogle Scholar
  41. [Pea02]
    Pearson, S. (2002). Trusted computing platforms: TCPA technology in context. USA: Prentice Hall.Google Scholar
  42. [Pen07]
    Peng, T., Leckie, C., & Ramamohana-Rao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39(1), Article 3.CrossRefGoogle Scholar
  43. [Per04]
    Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53–57.CrossRefGoogle Scholar
  44. [Qui01]
    Quisquater, J. J., & Samyde, D. (2001). Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security, Springer LNCS-2140, pp. 200–210.Google Scholar
  45. [Rav04]
    Ravi, S., Raghunathan, A., Kocher, P., & Hattangady, S. (2004). Security in embedded systems: Design challenges. ACM Transactions on Embedded Computing Systems, 3(3), 461–491.CrossRefGoogle Scholar
  46. [Roe99]
    Roesch, M. (1999). Snort – lightweight intrusion detection for networks. In Proceedings of the 13th USENIX Conference on System Administration (LISA ‘99), pp. 229–238.Google Scholar
  47. [RSA78]
    Rivest, R. L., Shamir, A., & Adleman, L. (Feb. 1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.MathSciNetCrossRefMATHGoogle Scholar
  48. [Sav01]
    Savage, S., Wetherall, D., Karlin, A., & Anderson, T. (2001). Network support for IP traceback. IEEE/ACM Transactions on Networking, 9(3), 226–237.CrossRefGoogle Scholar
  49. [Ser08]
    Serpanos, D., & Henkel, J. (2008). Dependability and security will change embedded computing. Computer, 41(1), 103–105.CrossRefGoogle Scholar
  50. [Ser13]
    Serpanos, D. N., & Voyiatzis, A. G. (2013). Security challenges in embedded systems. ACM Transactions on Embedded Computing Systems, 12(1s), Article 66.Google Scholar
  51. [Sie82]
    Siewiorek, D., & Swarz, R. (1982). The theory and practice of reliable system design. Bedford: Digital Press.MATHGoogle Scholar
  52. [Sli02]
    Slijepcevic, S., Potkonjak, M., Tsiatsis, V., Zimbeck, S., & Srivastava, M. (2002). On communication security in wireless ad-hoc sensor networks. In Proceedings of the 11th IEEE International Workshop on Enabling Technologies, pp. 139–144.Google Scholar
  53. [Sno02]
    Snoeren, A., Partridge, C., Sanchez, L., Jones, C., Tchakountio, F., Schwartz, B., Kent, S., & Strayer, W. (2002). Single-packet IP traceback. IEEE/ACM Transactions on Networking, 10(6), 721–734.CrossRefGoogle Scholar
  54. [Val00]
    Valdes, A., & Skinner, K. (2000). Adaptive, model-based monitoring for Cyber Attack Detection. In Proceedings of the 3rd International Workshop on Recent Advances in Intrusion Detection (RAID 2000), Toulouse, France, October 2–4, 2000, Springer, pp. 80–93.Google Scholar
  55. [Wan07]
    Wang, H., Jin, C., & Shin, K. (2007). Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Transactions on Networking, 15(1), 40–53.CrossRefGoogle Scholar
  56. [Wan02]
    Wang, H., Zhang, D., & Shin, K. (2002). Detecting SYN flooding attacks. In Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM’02), pp. 1530–1539.Google Scholar
  57. [Wat07]
    Watterson, C., & Heffernan, D. (2007). Runtime verification and monitoring of embedded systems. Software, IET, 1(5), 172–179.CrossRefGoogle Scholar
  58. [Yan12]
    Yang, J., Yessenov, K., & Solar-Lezama, A. (2012). A language for automatically enforcing privacy policies. In Proceedings of the 39th ACM Symposium on Principles of Programming Languages (POPL 2012), Philadelphia, PA, USA, January 25–27, 2012, pp. 85–96.Google Scholar
  59. [Zhu03]
    Zhu, S., Setia, S., & Jajodia, S. (2003). LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 62–72.Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Dimitrios Serpanos
    • 1
  • Marilyn Wolf
    • 2
  1. 1.Electrical & Computer EngineeringUniversity of PatrasPatrasGreece
  2. 2.School of ECEGeorgia Institute of TechnologyAtlantaUSA

Personalised recommendations