Internet of Things and Cyber Physical Systems The quantity, diversity, and sophistication of Internet of Things (IoT) items are rapidly increasing, posing significant issues but also innovative solutions for forensic science. Such systems are becoming increasingly common in public locations, businesses, universities, residences, and other shared offices, producing enormous amounts of data at rapid speeds in a variety of forms. IoT devices can be used as suspects, digital witnesses, or instruments of crime and cyberattacks, posing new investigation problems, forensic issues, security threats, legal concerns, privacy concerns, and ethical dilemmas. A cyberattack on IoT devices might target the device itself or associated systems, particularly vital infrastructure. This book discusses the advancements in IoT and Cyber Physical Systems (CPS) forensics. The first objective is to learn and understand the fundamentals of IoT forensics. This objective will answer the question of why and how IoT has evolved as one of the most promising and widely accepted technologies across the globe and has many widely accepted applications. The second objective is to learn how to use CPS to address many computational problems. CPS forensics is a promising domain, and there are various advancements in this field. This book is structured so that the topics of discussion are relevant to each reader’s major or interests. The book’s goal is to help each reader to see the relevance of IoT and CPS forensics to his or her career or interests. This book not only presents numerous case studies from a global perspective, but it also compiles a large amount of literature and research from a database. As a result, this book effectively demonstrates the concerns, difficulties, and trends surrounding the topic while also encouraging readers to think globally. The main goal of this project is to encourage both researchers and practitioners to share and exchange their experiences and recent studies between academia and industry. Advances in Cybersecurity Management Series Editors: Yassine Maleh and Ahmed A. Abd El-Latif The Advances in Cybersecurity Management series is a knowledge resource for practitioners, scientists, and researchers working in the various fields of cybersecurity, hacking, digital forensics, cyber warfare, viruses, or critical infrastructure. It explores the complexity of the business environment and the rapidly changing risk landscape in which it must operate. IT Governance and Information Security: Guides, Standards, and Frameworks Yassine Maleh, Abdelkebir Sahid, Mamoun Alazab, Mustapha Belaissaoui Security Engineering for Embedded and Cyber-Physical Systems Saad Motahhir, Yassine Maleh Internet of Things and Cyber Physical Systems: Security and Forensics Keshav Kaushik, Susheela Dahiya, Akashdeep Bhardwaj, Yassine Maleh For more information about this series, please visit: https://www.routledge.com/ Advances-in-Cybersecurity-Management/book-series/AICM Internet of Things and Cyber Physical Systems Security and Forensics Edited by Keshav Kaushik, Susheela Dahiya, Akashdeep Bhardwaj, and Yassine Maleh First edition published 2023 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2023 selection and editorial matter, Keshav Kaushik, Susheela Dahiya, Akashdeep Bhardwaj and Yassine Maleh; individual chapters, the contributors Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact [email protected] Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging-in-Publication Data Names: Kaushik, Keshav, editor. | Dahiya, Susheela, editor. | Bhardwaj, Akashdeep, 1971- editor. | Maleh, Yassine, 1987- editor. Title: Internet of things and cyber physical systems : security and forensics / edited by Keshav Kaushik, Susheela Dahiya, Akashdeep Bhardwaj, and Yassine Maleh. Description: First edition. | Boca Raton : CRC Press, 2023. | Includes bibliographical references and index. Identifiers: LCCN 2022033187 (print) | LCCN 2022033188 (ebook) | ISBN 9781032254067 (hbk) | ISBN 9781032254081 (pbk) | ISBN 9781003283003 (ebk) Subjects: LCSH: Internet of things‐‐Security measures. | Cooperating objects (Computer systems)‐‐Security measures. | Digital forensic science. Classification: LCC TK5105.8857 .I5788 2023 (print) | LCC TK5105.8857 (ebook) | DDC 004.67/8‐‐dc23/eng/20221017 LC record available at https://lccn.loc.gov/2022033187 LC ebook record available at https://lccn.loc.gov/2022033188 ISBN: 978-1-032-25406-7 (hbk) ISBN: 978-1-032-25408-1 (pbk) ISBN: 978-1-003-28300-3 (ebk) DOI: 10.1201/9781003283003 Typeset in Times by MPS Limited, Dehradun Contents About the Editors....................................................................................................vii List of Contributors..................................................................................................ix Chapter 1 Emerging Trends in Security, Cybercrime, and Digital Forensics in the Context of the Internet of Things............................1 Sameeka Saini, Abhilasha Chauhan, Luxmi Sapra, and Gesu Thakur Chapter 2 Internet of Things (IoT): Security, Cybercrimes, and Digital Forensics................................................................................23 Ankit Garg and Anuj Kumar Singh Chapter 3 Emerging Security Threats and Challenges in IoT..........................51 Priyank Parmar and Ravi Sheth Chapter 4 A Review on Security Frameworks and Protocols in the Internet of Things..............................................................................71 Meenu Vijarania, Swati Gupta, and Akshat Agarwal Chapter 5 Application of Artificial Intelligence for DDoS Attack Detection and Prevention on Cyber Physical Systems Using Deep Learning........................................................................83 J. E. T. Akinsola, R. O. Abimbola, M. A. Adeagbo, A. A. Awoseyi, F. O. Onipede, and A. A. Yusuf Chapter 6 Managing Trust in IoT Using Permissioned Blockchain...............127 Rajesh Kumar and Rewa Sharma Chapter 7 Cyber Physical System Security.....................................................151 Ankit Kumar Singh Chapter 8 Intrusion Detection Systems Apropos of the Internet of Things (IoT)................................................................................167 Abhilasha Chauhan, Sameeka Saini, Luxmi Sapra, and Gesu Thakur v vi Contents Chapter 9 Intrusion Detection for the Internet of Things...............................183 Vikas Kumar, Mukul Gupta, and Shubhika Gaur Chapter 10 Cybercrimes and Digital Forensics in Internet of Things.............209 Vinita Sharma Chapter 11 Security and Privacy for IoT-based Smart Cities..........................231 Pawan Whig, Shama Kouser, Kritika Puruhit, Naved Alam, and Arun Velu Chapter 12 Network Vulnerability Analysis for Internet of Things (IoT)‐based Cyber Physical Systems (CPS) Using Digital Forensics.........................253 J. E. T. Akinsola, F. O. Onipede, S. O. Osonuga, S. O. Abdul-Yakeen, R. O. Olopade, A. O. Eyitayo, and H. A. Badmus Index......................................................................................................................285 About the Editors Keshav Kaushik is an experienced educator with over eight years of teaching and research experience in Cybersecurity, Digital Forensics, and the Internet of Things. He is working as an Assistant Professor (Senior Scale) in the systemic cluster under the School of Computer Science at the University of Petroleum and Energy Studies, Dehradun, India. He has published 60+ research papers in International Journals and has presented at reputed International Conferences. He is a Certified Ethical Hacker (CEH) v11, CQI and IRCA Certified ISO/IEC 27001:2013 Lead Auditor, Quick Heal Academy Certified Cyber Security Professional (QCSP), and IBM Cybersecurity Analyst. He has acted as a keynote speaker and delivered 50+ professional talks on various national and international platforms. He has edited over ten books with reputed international publishers like Springer, Taylor and Francis, IGI Global, Bentham Science, etc. He has also chaired various special sessions at international conferences and has served as a reviewer in peer-reviewed journals and conference. Dr. Susheela Dahiya is currently working as an Associate Professor in the Department of Computer Science and Engineering at Graphic Era Hill University, Dehradun, Uttarakhand, India. She has received her M. Tech. (Computer Science & Engineering) in 2008 and Ph.D. degree in 2015 from the Indian Institute of Technology Roorkee. She had also qualified in the Graduate Aptitude Test in Engineering and National Eligibility Test in Computer Science. She has more than 9 years of academic/research/industry experience. Her research interests include Image & Video Processing, IoT, Cyber Security, Cloud Computing, and Deep Learning. She has authored several research papers in renowned conferences, Scopus & SCI journals and edited books. Dr. Akashdeep Bhardwaj is working as professor (cyber security & digital forensics) at the University of Petroleum & Energy Studies (UPES), Dehradun, India. An eminent IT industry expert with over 25 years of experience in areas such as cybersecurity, digital forensics, and IT management operations, Dr. Akashdeep leads projects and mentors graduate, masters, and doctoral students. Dr. Bhardwaj holds a Ph.D. in computer science, post-graduate diploma in management (equivalent to an MBA), and an engineering degree in computer science. Dr. Akashdeep has published several books and research papers in highly referred journals. He has worked as an IT technology and cybersecurity leader for various multinational organizations. He is certified in several cybersecurity technologies, compliance audits, and information security and holds vendor certifications from Microsoft, Cisco, and VMware. Dr. Yassine Maleh is an associate professor of cybersecurity and IT governance at Sultan Moulay Slimane University, Morocco. He is the founding chair of IEEE Consultant Network Morocco and founding president of the African Research Center of Information Technology & Cybersecurity. He is a senior member of IEEE and a member of the International Association of Engineers (IAENG) and the vii viii About the Editors Machine Intelligence Research Labs. Dr. Maleh has made contributions in the fields of information security and privacy, Internet of Things security, and wireless and constrained networks security. His research interests include information security and privacy, Internet of Things, network security, information systems, and IT governance. He has published over 50 papers (book chapters, international journals, and conferences/workshops), eight edited books, and three authored books. He is the editor-in-chief of the International Journal of Information Security and Privacy and the International Journal of Smart Security Technologies (IJSST). He serves as an associate editor for IEEE Access (2019 Impact Factor 4.098), the International Journal of Digital Crime and Forensics (IJDCF), and the International Journal of Information Security and Privacy (IJISP). He is a series editor of Advances in Cybersecurity Management by CRC Press/Taylor & Francis. He was also a guest editor of a special issue on Recent Advances on Cyber Security and Privacy for Cloud-of-Things in the International Journal of Digital Crime and Forensics (IJDCF), Volume 10, Issue 3, July–September 2019. He has served and continues to serve on executive and technical program committees and as a reviewer of numerous international conferences and journals such as Elsevier Ad Hoc Networks, IEEE Network Magazine, IEEE Sensor Journal, ICT Express, and Springer Cluster Computing. He was the publicity chair of BCCA 2019 and the general chair of the MLBDACP 19 symposium and ICI2C’21 Conference. He also received the Publon Top 1% Reviewer Award for the years 2018 and 2019. Contributors A. A. Awoseyi Arun Velu First Technical University Equifax Nigeria Atlanta, USA A. A. Yusuf F. O. Onipede Federal University of Petroleum First Technical University Resources Nigeria Nigeria Gesu Thakur Abhilasha Chauhan School of Computing Department of Computer Science and University of Engineering and Engineering Technology Roorkee School of Computing Roorkee, Uttarakhand, India DIT University Dehardun, Uttarakhand, India H. A. Badmus First Technical University Akshat Agarwal Nigeria Department of Computer Science Amity School of Engineering and J. E. T. Akinsola Technology First Technical University Amity University Nigeria Haryana, India Kritika Puruhit Ankit Garg JIET School of Computing (SOC) Jodhpur, Rajasthan, India University of Engineering & Technology Roorkee, India Luxmi Sapra Graphic Era Hill University Ankit Kumar Singh Dehardun, Uttarakhand, India NIT Jamshedpur India M. A. Adeagbo First Technical University Anuj Kumar Singh Nigeria School of Computing (SOC) University of Engineering & Technology Meenu Vijarania Roorkee, India Centre of Excellence, Department of Computer Science A. O. Eyitayo School of Engineering and Technology First Technical University K.R. Mangalam University Nigeria Gurugram, Haryana, India ix