Ubiquitous Computing

Computing has evolved over the years and the evolution is accelerating. In the early I970’s one mainframe computer was serving many people. In the 1980s, the mainframe computer was replaced by personal computer based on the idea of one computer for one person. Through the ages the technology has dramatically transformed and nowadays we are in ubiquitous computing era (ubicomp). The whole concept of IoT and Ubiquitous computing can be seen in Figure 2.23.

Mark Weiser the father of ubiquitous computing invented the term ubiquitous to describe smart computing devices or IoT devices appearing everywhere in any location and in any format. According to the famous quote from his article The Computer of the 2Т'¹ Century’ published in Scientific American in 1991 "The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.” [46] The IoT refers to a type of network to connect anything with the Internet based on specific protocols through devices that collect data, process, and analyze that data and then return it back to the user. The goal of the IoT is to enable things to be connected anytime, anyplace with anything and anyone ideally using any path/network and any service. Mark Weiser’s visions can be drawn from his position towards three dominant trends in computer science at his time virtual reality, artificial intelligence, and user agents.

Modern processors are made from tiny chips cheaper and generally better from the past. As the technology improves permits to place a wireless transceiver on things we use in everyday life. Giving a digital identity to the objects by using an electronic code such as “ucode” could be one of the keys for the Ubiquitous IoT Network.

FIGURE 2.23 Internet of Things. Redrawn from [63]

The IERC definition states that IoT is "A dynamic global network infrastructure with self-configuring capabilities based on standard and interoperable communication protocols where physical and virtual "things” have identities, physical attributes, and virtual personalities and use intelligent interfaces, and are seamlessly integrated into the information network” [47]

Ubiquitous computing can offer various advantages, improving the quality of life in many aspects. Internet-connected things, such as wearable IoT technology or sensors placed in the user’s environment, are communicating with each other, exchanging information and therefore are able to provide insight about situations and individuals that would otherwise be difficult to obtain. Hence, ubiquitous computing has become a big trend nowadays.

Furthermore, machine learning solutions can provide an extra layer of applicability for IoT devices, by adding the personalization factor. Pattern and activity recognition can be proven to be beneficial in multiple IoT application domains. For instance, the authors in [48] presented a Human Activity Recognition System, which utilizes a wearable sensor and deep learning techniques in order to recognize the most common daily activities of the users. Such personalized systems can be used in order to learn the user’s behavioral patterns and assess the user’s well-being as well as predict any possible anomalies threatening the wearer [49]. Thus, the predictive capabilities of machine learning can be successfully integrated in the IoT healthcare and assisted living domain. Additionally, by analyzing and learning from human behaviors, predictive models can be developed, aiming to detect in a timely manner behavioral irregularities, for instance in the mental health sector. With machine learning solutions, services can be tailored to the needs of smart city inhabitants [50]. Essentially, by monitoring a user’s behavior, personalized recommendations can be proposed to the citizen, with the help of artificial intelligence.

The purpose of Ubiquitous computing is the presence of computing in every aspect of human life, with seamless integration. Personalized systems utilizing machine learning techniques can further benefit both commercial and noncommercial users. Thus, ubiquitous computing has great potential to be the technology of the future.

IoT Security Issues

It is estimated that as of the current year (2020), there are about 31 billion IoT devices [51 ] connected on the internet, a number that corresponds to roughly 4.1 devices for each human. It is believed that about 127 new devices are connected to the internet every single second [52]. Hence, highly personal, and sensitive data are produced and exchanged in very large volumes every day. This has inevitably contributed to data privacy leakages and service disruptions, as a result of cyber-attacks targeting various IoT application domains. However, as recent events indicate, cyber-attacks against IoT environments can be proven to cause more severe consequences than just the aforementioned ones.

Since little to no security solutions are implemented in order to protect IoT devices, there are many examples pointing to the hazards of having smart devices connected to the internet. For instance, smart traffic lights aim to route traffic in an intelligent way. by using sensor and camera technology. An adversary could easily manipulate unsecure, internet-connected traffic lights and therefore induce accidents that could possibly be fatal. Possibly the most well-known malware targeting IoT device is the Mirai malware. Mirai targeted unsecure IoT devices, by scanning for vulnerabilities. If the default log-in credentials were not changed, Mirai used them to log-in, infect the device and take control of the device, turning it into a bot, therefore forming the first ever known botnet that was composed by IoT devices. The botnet was believed to be used against US’s most used Domain Name System (DNS) provider, in order to successfully cause a distributed denial-of-service (DDoS) attack. As a result of the attack, the provider lost about 8% of its customers following the incident, therefore causing a significant loss in revenue [53]. Another impactful cyberattack targeting the industrial sector was the 2015 Ukrainian power grid attack, which resulted in power supply disruptions for about 225,000 people. As discussed in the previous sections, the healthcare is one of the most user-sensitive application domain, with data privacy and security being the biggest considerations. However, the implantation of smart pacemakers, without any communication security measures poses significant threats against the patient’s life, if a malicious adversary wanted to manipulate the device.

As noticed, many security issues exist and need to be addressed in order to make IoT secure and safe for everyone. This section’s purpose is to provide a detailed description of IoT-related security problems and present possible countermeasures as well.

• Denial of Service (DoS) and Distributed Denial of Service (DDoS) are possibly the most well-known and applied attacks. DoS and DDoS aim to exhaust the device’s resources by producing an enormous amount of network traffic.

also known as flooding the target. As a result of this attack, there are disruptions in the device’s operation, and possibly the total failure of the device to operate for the duration of the attack. Therefore, the availability aspect is heavily impacted. As IoT devices are by default resource-constrained, it is very easy to for a DoS attack to be effectively accomplished.

• • Botnets, as explained in the Mirai case, are composed by infected vulnerable devices that can be used to perform DDoS attacks. The infected devices are called bots or zombies; they show no sign of exploitation as they continue to operate normally. The device’s security is breached, usually with a malware, in order to give full control privileges to the bot master, who can then issue arbitrary commands for the bots to execute against another target.
• • Jamming attacks target the network layer of the IoT architectures. These attacks aim to tamper with the communication channel in various ways, in order to cause disruptions in information exchange between IoT devices. For instance, the attacker may produce a radio signal that interferes with the communication channel in a continuous way; thus, IoT devices are unable to communicate. Such as a jamming attack, is known as constant jamming [54]. An attacker may attempt to send constantly packets via the communication channel in order to effectively jam it; thus, deceiving the receiving IoT devices into believing there is more traffic to receive and therefore stop communicating. Additionally, an attacker may choose the jamming attack implementation based on the communications that are taking place in the channel. For instance, they may choose to not initiate the attack in case the channel is not utilized at the specific moment, and wait until devices start to communicate.
• • Spoofing attacks aim to represent a malicious adversary as a legal entity by fabricating data, in order to perform malicious actions. This could potentially involve an addition of an IoT device, or an IoT device-behaving software to the network that behaves in a normal manner, which however produces false data. In addition, spoofing attacks can be used as a means to perform further attacks, such as Man In The Middle attacks, the concept of which is explained below.
• • A Man-In-The-Middle (MITM) attack involves a malicious adversary who manages in an illegal way, to position himself between two communicating legal entities, therefore eavesdropping all traffic exchanged between them. Apart from simply monitoring traffic that is not intended for him. the attacker could potentially drop all traffic between the nodes, thus inducing a DoS attack as the communication is disrupted, or modify the context of the traffic in order to achieve a malicious goal [54]. There are many means to accomplish a MITM attack, with the most applied one being Address Resolution Protocol (ARP) spoofing.
• • Sybil attack affects mostly peer-to-peer networks and aims to create an illusion of multiple entities by having one or more malicious nodes forging new identities, therefore misleading other nodes and compromising the overall effectiveness of the system [55].
• • A wormhole attack refers to the creation of a low-latency communication channel between two possibly compromised legitimate network entities. The purpose of this tunnel is to record and forward traffic from one entity to another, replaying traffic [56] from there. It is also possible that traffic is dropped from the recording node’s end, therefore causing disruptions in the network [57].
• • Traffic Analysis, although not an actual attack, aims to gather intelligence about specific devices by monitoring their network traffic. As a result, specific attacks can be orchestrated and vulnerabilities can be discovered by analyzing network packets in terms of protocols, addressing, context of exchange, etc. Many packet-analyzing tools are available currently, such as Wireshark [58] or Tcpdump [59], supporting a wide range of protocols.
• • Application-layer protocol-specific attacks aim to exploit the way the protocol operates by identifying key vulnerability points in protocol specifications. Since application-layer IoT protocols are not designed with security in mind, this is very easy to accomplish. For instance, in MQTT, it is possible for an adversary to subscribe to all topics with the “#” character in an unsecure MQTT broker, therefore eavesdropping all traffic produced by legal nodes. Additionally, messages are not encrypted, which means that a potential MITM attack against two network entities could result in the total loss of data confidentiality and integrity, if the exchanged messages are modified. In CoAP, the risk of amplification is described, which could result in DDoS’ing the targets. Since response packets can be quite larger than request packets, an attacker could take advantage of that by using vulnerable CoAP nodes to create amplified packets to send to a target.

As presented above, there are many security challenges IoT has to effectively mitigate in order for the services to be provided in an undisrupted, secure, and optimal way. For this reason, many solutions have been proposed, with the most predominant one being an implementation of an Intrusion Detection System (IDS). Intrusion Detection Systems aim to detect in a timely manner possible attacks against the system. There are currently two main categories of Intrusion Detection Systems, namely Anomaly Detection Systems and Signature-Based IDS.

Anomaly Detection Systems usually monitor network traffic and locate possible anomalies. Such systems are currently developed mainly with machine learning solutions. Machine learning for anomaly detection can involve training algorithms such as autoencoders, decision trees, random forest, naive bayes, deep neural networks, etc. The training phase includes the introduction of a usually normal, nonmalicious dataset, aiming to train the resulting model to fully recognize such traffic as normal; therefore, any deviation from normal behavior will be classified as an anomaly. Machine learning algorithms can also be trained to recognize various behaviors other than normal, by introducing labeled datasets with various attack scenarios to the algorithm. As a result, the trained model can be integrated for the creation of an IDS, in which all traffic will be passed through, in order to determine if the traffic is normal or not, or in the case of training with multiple attack scenarios, determine if a specific attack is under execution, or if the traffic is considered normal. Such intrusion detection systems can recognize attacks that have not yet taken place or are not known by the IDS, thus being a very attractive solution for IoT systems. A drawback of anomaly detection systems is the possibility of training with insufficient normal datasets; thus, the final model will classify normal behavior as anomalous.

On the other hand, signature-based intrusion detection systems are based on the creation of rules, similar to a database, in the form of attack signatures. Attack signatures are characteristics of known attacks that have already taken place. Any traffic that does not match an existing signature will be considered as normal. Signature- based IDS are not usually developed with machine learning techniques. The major drawback of this technique is that, in order for the system to be able to effectively recognize a plethora of attacks, a sufficient amount of rules will have to be established, which can be difficult. Any attacks that are not registered in the IDS’s knowledge base in the form of a signature, will be classified as normal. Additionally, this technique is not able to detect unknown attacks, contrary to anomaly-based IDS.

It is possible to create an IDS that integrates a response mechanism, which may mitigate the impact an attack may have against IoT. Such IDSs, are classified as Intrusion Detection and Prevention Systems (IDPS). A response to an attack could be discarding any traffic that was deemed to be malicious, notifying a handler in case an attack was detected, or blocking any malicious IPs.