Chapter 9
IoT Security
In this chapter, we briefly overview the security concerns in IoT systems.
9.1 Security Challenges in IoT
9.1.1 Cybersecurity for Billions of Devices
For the IT department, the IoT will create a need to manage large numbers of different types of devices, many of which may not be able to ask a user for login credentials or run traditional security software. For hackers, the sheer quantity and diversity of these devices will increase the potential attack surface. Gartner estimates that by 2020, more than 25 percent of all enterprise attackers will make use of the IoT. The challenge of preventing attacks will be compounded by IoT deployments in settings where there is an absence of technical expertise, such as homes and small enterprises. From an operational technology perspective, the Industrial IoT (IIoT) makes industrial control systems more autonomous and connected.
Cyber-physical systems affect the physical world and, when compromised, significant material damage may be caused, safety may be jeopardized, and the environment may be harmed. Hence a successful attack on an IIoT system has the potential to be as serious as the worst industrial accidents to date. Hacking attacks are increasingly carried out by professionals with extensive resources and a high level of technical knowledge, and since the IoT affects peoples daily lives and industrial operations, there will be plenty of incentives to hack IoT systems. Many current IoT devices are extremely easy to hack, and the IoT has quickly become a popular enabler for massive Distributed Denial of Service (DDoS) attacks. Mitigating DDoS is problematic as neither the owners nor the sellers of the devices bear the costs of the attacks, and IoTbased DDoS has the potential to become a major problem for society. Therefore, critical infrastructure must not only be able to withstand direct hacking, it must also be resilient to attacks such as DDoS and jamming.
127
128 CHAPTER 9. IOT SECURITY 9.1.2 Privacy and Information Security in yhe Iot
Privacy is understood and regulated in different ways across countries and ju- risdictions. The media attention on privacy has raised public awareness, and a global customer survey shows that privacy is the main IoT concern. Even seem- ingly harmless data relating to electricity consumption or room temperature, for example, may reveal too much about a persons habits. But with billions of sensors everywhere, the IoT will drastically increase the amount of potentially sensitive information being generated concerning peoples movements, activities, and health. Compounding the problem, in most cases, people will not be aware of the sensors around them, or how the combined data from various sources can be misused.
Figure 9.1: Overview of an interoperable ecosystem.
9.1.3 Device Security and Software Update
Todays users expect security and privacy even of the smallest devices. However, a high level of tamper resistance may conflict with a desire to keep device costs down. Limited processors, small amounts of memory, and low throughput radio make some existing security protocols less than optimal for many devices. Any device running on batteries has yet another limitation as every micro ampere- hour needs to be rationed to prolong the devices lifetime. Many IoT devices will have a long lifetime and, as manual configuration is expensive, over-the air firmware and software updates become crucial. However, ensuring robust and non-fatal updates when there is not enough memory to save both the old and new firmware is still a challenge. Another challenge is how to enforce remote firmware updates when the operating system and applications are infected by viruses attempting to block these updates.
9.1.4 Trust in Intermediaries A Necessary Threat?
IoT systems rely on intermediaries to reduce response time, bandwidth, and en- ergy consumption. Since radio reception and transmission draw relatively high levels of power, many IoT devices sleep almost all of the time and, therefore, need to rely on proxies to cache requests and responses. Gateways are needed to bridge different radio technologies or offload processing. Furthermore, in mesh
9.1. SECURITY CHALLENGES IN IOT 129
networks, every node is an intermediary. While proxies and gateways are nec- essary in many IoT deployments, they open pathways for attacks. Even when security protocols like IPsec and TLS are used, there is commonly a breach in security when an intermediary is able to read, change, or inject information without being detected. A trust model involving a multitude of trusted inter- mediaries breaks down as soon as the security of one of these intermediaries is compromised. Application layer security is needed to address such challenges. Another challenge related to this situation is working out how to maintain trust in data that is processed on its way from sensor to consumer.
9.1.5 The Implications of Regulation
As the IoT affects a range of diverse sectors such as agriculture, transportation, utilities, and healthcare, many IoT systems are governed by various regulatory frameworks in each country. And in some cases, such as autonomous vehicles, completely new regulations are required. The regulatory focus on security and privacy has intensified in recent years. The US Government, for example, has enforced secure management of radio parameters and fined companies for using default passwords, and the EU has reformed its regulations on the protection of personal data. Several countries have published directives on cybersecurity and protection of critical infrastructure; some have even pushed for substitution of foreign technology suppliers with domestic ones. So far, regulators have taken a heavy-handed approach to privacy, but a light-handed approach to the IoT and cyber-security. But since society will depend more on the trustworthy functioning of the IoT, regulators will most likely increase its regulation.
9.1.6 Defending Cyber-Physical Systems
In autonomous cyber-physical systems, integrity and availability become more important than confidentiality. Losing control of locks, vehicles, or medical equipment is far worse than having someone eavesdrop on them. Therefore, properties like message freshness, proximity, and channel binding also become essential, sometimes in unexpected ways. As a current example, consider the proximity-based security systems used in smart car keys, access cards, and con- tactless payment systems. While those systems all verify freshness, they do not verify proximity, so two attackers can relatively easily relay the signal from a de- vice in a victims pocket, gaining access to office buildings, opening and starting cars, or transferring money. Unless the security, safety, and privacy properties of IoT systems are carefully evaluated, suppliers may get some embarrassing and costly surprises.
130
CHAPTER 9. IOT SECURITY
Figure 9.2: Relay attacks on proximity-based security.
What Can Go Wrong with IoT? Botnets and DDoS Attacks
9.2 9.2.1
Many people in the general public first became aware of IoT security threats when they heard about the Mirai botnet in September 2016. By some esti- mates, Mirai infected approximately 2.5 million IoT devices, including printers, routers and Internet-connected cameras. The botnet creators used it to launch distributed denial of service (DDoS) attacks, including an attack against cyber- security. Essentially, the attackers used all the devices infected with Mirai to attempt to connect to the targeted website at the same time, in the hopes of overwhelming the servers and preventing anyone from reaching the site.
Since Mirai first made news, attackers have launched other IoT botnet at- tacks, including Reaper and Hajime. Experts say more such attacks are likely
in the future. Watch this video on Botnet u 9.2.2 Remote Recording
The possibility that attackers could hack into IoT devices and record the owners without their knowledge came to light not as a result of the work of hackers, but as a result of the work of the Central Intelligence Agency (CIA). Documents divulged by WikiLeaks implied that the spy agency knew about dozens of zero- day exploits for IoT devices but did not disclose the bugs because they hoped to use the vulnerabilities to secretly record conversations that would reveal the activities of US adversaries. The documents pointed to vulnerabilities in smart TVs, as well as Android and iOS smartphones. The obvious implication is that criminals could also be exploiting these vulnerabilities for nefarious purposes.
9.2.3 Spam
In January 2014, one of the first-ever known attacks involving IoT devices used more than 100,000 Internet-connect devices, including TVs, routers, and at least one smart refrigerator to send 300,000 spam emails per day. The attackers sent
9.2. WHAT CAN GO WRONG WITH IOT? 131
no more than 10 messages from any one device, making it very hard to block or pinpoint the origin of the attack.
This early attack was far from the last. IoT spam attacks were continuing last fall with Linux.ProxyM IoT botnet.
9.2.4 APTs
In recent years, advanced persistent threats (APTs) have become a major con- cern for security professionals. APTs are highly capable attackers, such as nation-states or corporations, that launch sophisticated cyberattacks that are difficult to prevent or mitigate. For example, the Stuxnet worm that destroyed Iranian nuclear centrifuges and the 2014 Sony Pictures hack have been at- tributed to nation-states.
As more critical infrastructure gets connected to the Internet, many experts warn that APTs could launch an IoT attack targeting the power grid, industrial control systems or other Internet-connected systems. Some have even warned that terrorists could launch an IoT attack that could cripple world economies.
9.2.5 Ransomware
Ransomware has become all too prevalent on home PCs and corporate networks. Now experts say it is just a matter of time before ransomware attackers start locking up smart devices. Security researchers have already demonstrated the ability to install ransomware on smart thermostats. They could, for example, turn up the heat to 95 degrees and refuse to turn it back to normal until the owner agreed to pay a ransom in Bitcoin. They might also be able to launch similar attacks against connected garage doors, vehicles or even appliances. How much would you pay to unlock your smart coffee pot first thing in the morning?
Watch this video for more information on Ransomware u 9.2.6 Data Theft
Obtaining sensitive data, such as customer names, credit card numbers, social security numbers and other personally identifiable information, continues to be one of the primary goals of cyberattacks. And according to the Ponemon Institute, the average data breach costs companies $3.62 million, or about $141 per record stolen. IoT devices represent a whole new attack vector for criminals looking for ways to invade corporate or home networks. For example, if an improperly secured IoT device or sensor is connected to enterprise networks, that could give attackers a new way to enter the network and potentially find the valuable data they are looking for.
9.2.7 Home Intrusions
As smart locks and smart garage door openers become more commonplace, it also becomes more likely that cyber-criminals could become real-world thieves.
132 CHAPTER 9. IOT SECURITY
Home systems that are not properly secured could be vulnerable to criminals with sophisticated tools and software. Disturbingly, security researchers have demonstrated that it is fairly easy to break into smart locks from several different manufacturers, and smart garage doors don’t seem to be much safer.
9.2.8 Communicating with Kids
One of the most disturbing stories of IoT security gone wrong involved hacking a baby monitor. One couple discovered that a stranger had not only been using their baby monitor to spy on their three-year-old son, that stranger had also been speaking with their child over the device. The mother heard an unknown voice say, ”Wake up little boy, daddy’s looking for you,” and the child said that he was scared because someone was talking to him over the device at night.
As more children’s gear and toys become connected to the Internet, it seems likely that these frightening scenarios could become more commonplace.
9.2.9 Remote Vehicle Control
As vehicles become smarter and gain connections to the Internet, they also become vulnerable to attack. Hackers have shown that they could take control of a Jeep, setting the air conditioning to maximum, changing the radio station, starting the wipers and eventually slowing the vehicle to a stop. The news led to a recall of 1.4 million vehicles, but the white-hat researchers behind the original exploit said that they found additional vulnerabilities that weren’t addressed by the patch Chrysler applied to the recalled vehicles. Although experts say that the auto industry is doing a better job of securing vehicles, it’s almost certain that attackers will find new vulnerabilities in connected cars.
9.2.10 Personal Attacks
Sometimes the IoT encompasses more than just things- it can also include peo- ple who have connected medical devices implanted in their bodies. An episode of the television series Homeland featured an assassination attempt that tar- geted an implanted medical device, and former Vice President Dick Cheney was so worried about such a scenario that he had the wireless capabilities on his implanted defibrillator disconnected. This type of attack hasn’t happened in real life yet, but it remains a possibility as more medical devices become part of the IoT.
9.3 IoT Threats
IoT devices have many applications that are designed to make life easier and simpler. Think of engineers being able to access a device, perform remote di- agnosis and remediating any issue. This is after the device has informed the engineering team of an impending issue before it becomes a major problem!
9.3. IOT THREATS 133
Another example is being able to turn the lights on in your house or heating before coming home using your smartphone.
With this data exchange over the internet comes security issues. We high- light top ten security issues with IoT devices.
9.3.1 Insecure Web Interface
The first point concerns security related issues with the web interfaces built into IoT devices that allows a user to interact with the device, but at the same time could allow an attacker to gain unauthorised access to the device. Specific security vulnerabilities that could lead to this issue include:
• Account Enumeration
• Weak Default Credentials
• Credentials Exposed in Network Traffic • Cross-site Scripting (XSS)
• SQL-Injection
• Session Management
• Weak Account Lockout Settings.
9.3.2 Insufficient Authentication/Authorisation
This area deals with ineffective mechanisms being in place to authenticate to the IoT user interface and/or poor authorisation mechanisms whereby a user can gain higher levels of access then allowed. Specific security vulnerabilities that could lead to this issue include:
• Lack of Password Complexity
• Poorly Protected Credentials
• Lack of Two Factor Authentication • Insecure Password Recovery
• Privilege Escalation
• Lack of Role Based Access Control.
134 CHAPTER 9. IOT SECURITY 9.3.3 Insecure Network Services
This point relates to vulnerabilities in the network services that are used to access the IoT device that might allow an intruder to gain unauthorised access to the device or associated data. Specific security vulnerabilities that could lead to this issue include:
• Vulnerable Services
• Buffer Overflow
• Open Ports via UPnP
• Exploitable UDP Services
• Denial-of-Service
• DoS via Network Device Fuzzing.
9.3.4 Lack of Transport Encryption
This deals with data being exchanged with the IoT device in an unencrypted format. This could easily lead to an intruder sniffing the data and either cap- turing this data for later use or compromising the device itself. Specific security vulnerabilities that could lead to this issue include:
• Unencrypted Services via the Internet
• Unencrypted Services via the Local Network • Poorly Implemented SSL/TLS
• Misconfigured SSL/TLS.
9.3.5 Privacy Concerns
Privacy concerns are generated by the collection of personal data in addition to the lack of proper protection of that data. Privacy concerns are easy to discover by simply reviewing the data that is being collected as the user sets up and activates the device. Automated tools can also look for specific patterns of data that may indicate collection of personal data or other sensitive data. Specific security vulnerabilities that could lead to this issue include Collection of Unnecessary Personal Information.
Suggested below are some countermeasures to protect against the threats mentioned above:
• Ensuring only data critical to the functionality of the device is collected
• Ensuring that any data collected is of a less sensitive nature (i.e. try not to collect sensitive data)
9.3. IOT THREATS 135
• Ensuring that any data collected is de-identified or anonymised
• Ensuring any data collected is properly protected with encryption
• Ensuring the device and all of its components properly protect personal information
• Ensuring only authorised individuals have access to collected personal information
• Ensuring that retention limits are set for collected data
• Ensuring that end-users are provided with ”Notice and Choice” if data
collected is more than what would be expected from the product.
9.3.6 Insecure Cloud Interface
This point concerns security issues related to the cloud interface used to interact with the IoT device. Typically this would imply poor authentication controls or data traveling in an unencrypted format allowing an attacker access to the device or the underlying data. Specific security vulnerabilities that could lead to this issue include:
• Account Enumeration
• No Account Lockout
• Credentials Exposed in Network Traffic.
9.3.7 Insecure Mobile Interface
Similar to the point above, weak authentication or unencrypted data channels can allow an attacker access to the device or underlying data of an IoT device that uses a vulnerable mobile interface for user interaction. Specific security vulnerabilities that could lead to this issue include:
• Account Enumeration
• No Account Lockout
• Credentials Exposed in Network Traffic.
9.3.8 Insufficient Security Configurability
Insufficient security configurability is present when users of the device have lim- ited or no ability to alter its security controls. Insufficient security configurabil- ity is apparent when the web interface of the device has no options for creating granular user permissions or for example, forcing the use of strong passwords. The risk with this is that the IoT device could be easier to attack allowing unauthorised access to the device or the data. Specific security vulnerabilities that could lead to this issue include:
136
CHAPTER 9.
IOT SECURITY
• Lack of Granular Permission Model • Lack of Password Security Options • No Security Monitoring
• No Security Logging.
9.3.9 Insecure Software/Firmware
The lack of ability for a device to be updated presents a security weakness on its own. Devices should have the ability to be updated when vulnerabilities are discovered and software/firmware updates can be insecure when the up- dated files themselves and the network connection they are delivered on are not protected. Software/Firmware can also be insecure if they contain hardcoded sensitive data such as credentials. The inability of software/firmware being up- dated means that the devices remain vulnerable indefinitely to the security issue that the update is meant to address. Further, if the devices have hardcoded sen- sitive credentials, if these credentials get exposed, then they remain so for an indefinite period of time. Specific security vulnerabilities that could lead to this issue include:
• Encryption Not Used to Fetch Updates
• Update File not Encrypted
• Update Not Verified before Upload
• Firmware Contains Sensitive Information • No Obvious Update Functionality.
9.3.10 Poor Physical Security
Physical security weaknesses are present when an attacker can disassemble a device to easily access the storage medium and any data stored on that medium. Weaknesses are also present when USB ports or other external ports can be used to access the device using features intended for configuration or maintenance. This could lead to easy unauthorised access to the device or the data. Specific security vulnerabilities that could lead to this issue include:
• Access to Software via USB Ports • Removal of Storage Media.
9.4. A BRIEF OVERVIEW ON CRYPTOGRAPHY 137 9.4 A brief Overview on Cryptography
Cryptography is the practice and stud of techniques for secure communication in the presence of third parties called adversaries. The general problem here is that Alice and Bob want to communicate with each other, however Eve is overhearing their communications. Therefore, Alice and Bob need to find a way to encrypt the data such that Eve is unable to decrypt the data, or takes very long time to decrypt it.
In most cryptography algorithm, a key is exchanged between Alice and Bob, and they encrypt and decrypt their data using this key. Without knowing the key, Eve is unable to decrypt the data as she needs to search over all possible keys. This is computationally impractical when the key is long enough. The algorithm’s cryptographic strength is a logarithmic measure of the fastest known computational attack against the algorithm, also measured in bits.
For example, the best key-recovery attack found so far has a complexity of 2126 for AES-128. This does not mean that the security of AES is broken, as it would still take billions of years to brute-force a 126-bit key on current and foreseeable hardware. Its interesting to see why; 126 bits correspond to 8.5×1037 combinations. The fastest supercomputer available now can perform 122 × 1012 checks per second. One year has 365 × 24 × 60 × 60 = 31536000seconds, so for one to break a 126-bit AES key it would take approximately (8.5×1037)/[(122× 1012) × 31536000] = 2.2 × 1016 = 22 × 1015 = 22 million billion years!
9.4.1 Symmetric ciphers
Symmetric ciphers require the establishment of a common, secret key between two communicating parties, used subsequently for encrypting and decrypting data. Existing algorithms lay mainly either in the block ciphers category (in- cluding the so-called Substitution Permutation Network (SPN) and Feistel net- works) and the stream ciphers category. Here we briefly introduce SPN ciphers.
SPN block ciphers refer to algorithms that operate on data blocks of fixed- length (e.g. 32-, 64-, 128-bit). They exist in the field for quite some time now and their properties are well understood. AES is definitely the most prominent example, since its adoption is global and has withstood a lot of security analysis and attacks. AES is in the heart of modern 4G systems and probably the way to move forward in 5G as well. An increase from 128- to 256-bits of the key- lengths would seem reasonable, taking into account that the 4G architecture already supports 256-bit arithmetic.
But what is an SPN network anyway? To quote Claude Shannon and his seminal classified report A Mathematical Theory of Cryptography, a secrecy system should provide two main properties: confusion and diffusion. In their original definition by Shannon, confusion refers to making the relationship be- tween the symmetric key and the ciphertext as complex as possible; diffusion means to dissipate the statistical structure of plaintext over the ciphertext.
An example of an SPN is shown in Fig. 9.3, where the S-boxes constitute the Substitution part followed by a permutation network. The structure has 4
138 CHAPTER 9. IOT SECURITY
Figure 9.3: A Substitution Permutation Network.
rounds and the keys K1, K2, K3, K4 are derived from a single symmetric key K. This series of keys is called a key schedule and the derived keys are called round- keys. We may think of the S-boxes as simple circuits that replace a small block of input bits by another block. This replacement should obviously be one-to-one to enable decryption. It is a property of a well-designed S-box to achieve an almost pseudorandom substitution of the input bits. The permutation structure achieves the goal of confusion, that is flipping one bit of the key affects several of the round-keys, and every change in every round-key diffuses over all the bits, changing the ciphertext in a very complex manner.
One of the main goals of these networks is to make it very hard to ex- trapolate the key even if one has a large collection of plaintext-ciphertext pairs produced with the same key (known as the known-plaintext/ciphertext attacks). Therefore, each bit of the ciphertext should depend on the entire key so that changing a single bit of the key would change the entire ciphertext. SPNs offer the simplest way to achieve both diffusion and confusion, as in these systems the plaintext and the key often have a very similar role in output generation.
9.4.2 Asymmetric ciphers
While efficient symmetric ciphers are typically employed in payload encryp- tion/decryption operations, asymmetric algorithms offer the means for other useful operations like key agreement, authentication, integrity protection, etc. However, asymmetric ciphers suffer from long key-lengths which amount to large
9.4. A BRIEF OVERVIEW ON CRYPTOGRAPHY 139
chip area, circuit delays and increased power dissipation. This is after all the reason why asymmetric algorithms do not apply for payload encryption. Con- sequently, there are significant challenges in the quest to embed asymmetric ciphers in an IoT environment.
The three main contestants are the well-known Diffie-Hellman (DH), RSA, and ECC schemes, each one based on the intractability of a different mathe- matical problem that provides the required security. Here we briefly introduce the RSA algorithm.
RSA, named after its inventors Rivest, R., Shamir, A., and Adleman, L. has been in the foreplay since 1977 and has withstood a large number of at- tacks [35]. Today RSA is deployed in many commercial systems including web servers, browsers, email, secure remote login sessions, credit-card appli- cations, base-station enrolment procedures and many more. RSA is based on the presumably difficult mathematical problem of factoring large integers.
Figure 9.4: RSA encryption/decryption operations.
Figure 9.5: RSA Key-Generation.
RSA includes four main operations, that is key generation, key distribution, encryption and decryption (see Fig. 9.4). It also offers the means to generate digital signatures, a prerequisite for realization of public-key cryptography. The calculations involved in the key-generation are shown in Fig. 9.5 , while the encryption/decryption process is illustrated in Fig. 9.4. In this case, Alice per- forms the key-generation and informs Bob on her public-key. Bob then uses the public-key to encrypt a message M which can only be decrypted by Alice, who possesses the private-key d related to her public-key e.Of course this is a very simplified scenario for illustration purposes. In general, both parties generate private/public key pairs to establish mutual communication.
140 CHAPTER 9. IOT SECURITY 9.5 Some Notes of Security for IoT System
Manufacturers, telecom providers, and operators need to embrace a security- by-design approach. This means that decisions on security should be made early enough in the design process and not as gap-filling solutions. This is of paramount importance because security procedures have been traditionally a performance bottleneck. In view of the promised high-speed and ultra-reliable applications, late adoption of security algorithms and protocols could render the complete solution inefficient.
9.6
• •
Further Reading
Ericsson, IoT Security White Paper, n
D. Schinianakis, ”Alternative Security Options in the 5G and IoT Era,” in IEEE Circuits and Systems Magazine, vol. 17, no. 4, pp. 6-28, Fourthquarter 2017 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp= &arnumber=8115346&isnumber=8115341.
Bibliography
[1] H. Jayakumar, K. Lee, W. S. Lee, A. Raha, Y. Kim, and V. Raghunathan, “Powering the internet of things,” in Proceedings of the 2014 international symposium on Low power electronics and design. ACM, 2014, pp. 375–380.
[2] R.V.Prasad,S.Devasenapathy,V.S.Rao,andJ.Vazifehdan,“Reincarnationintheam- biance: Devices and networks with energy harvesting,” IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 195–213, 2014.
[3] A. Somov and R. Giaffreda. (2015) Powering iot devices: Technologies and opportunities. [Online]. Available: http://iot.ieee.org/newsletter/november- 2015/ powering-iot-devices-technologies-and-opportunities.html
[4] T. Tanaka, T. Suzuki, and K. Kurihara, “Energy harvesting technology for maintenance- free sensors,” Fujitsu Sci. Technol. J, vol. 50, pp. 93–100, 2014.
[5] T. Becker, M. Kluge, J. Schalk, K. Tiplady, C. Paget, U. Hilleringmann, and T. Ot- terpohl, “Autonomous sensor nodes for aircraft structural health monitoring,” IEEE Sensors Journal, vol. 9, no. 11, pp. 1589–1595, 2009.
[6] T. Torfs, T. Sterken, S. Brebels, J. Santana, R. van den Hoven, V. Spiering, N. Bertsch, D. Trapani, and D. Zonta, “Low power wireless sensor network for building monitoring,” IEEE Sensors Journal, vol. 13, no. 3, pp. 909–915, 2013.
[7] M. J. Whelan, M. V. Gangone, and K. D. Janoyan, “Highway bridge assessment using an adaptive real-time wireless sensor network,” IEEE Sensors Journal, vol. 9, no. 11, pp. 1405–1413, 2009.
[8] G. Park, T. Rosing, M. D. Todd, C. R. Farrar, and W. Hodgkiss, “Energy harvesting for structural health monitoring sensor networks,” Journal of Infrastructure Systems, vol. 14, no. 1, pp. 64–79, 2008.
[9] H. Bai, M. Atiquzzaman, and D. Lilja, “Wireless sensor network for aircraft health moni- toring,” in Broadband Networks, 2004. BroadNets 2004. Proceedings. First International Conference on. IEEE, 2004, pp. 748–750.
[10] C. A. Nelson, S. R. Platt, D. Albrecht, V. Kamarajugadda, and M. Fateh, “Power har- vesting for railroad track health monitoring using piezoelectric and inductive devices,” in The 15th International Symposium on: Smart Structures and Materials & Nondestruc- tive Evaluation and Health Monitoring. International Society for Optics and Photonics, 2008, pp. 69 280R–69 280R.
[11] H. Alemdar and C. Ersoy, “Wireless sensor networks for healthcare: A survey,” Computer Networks, vol. 54, no. 15, pp. 2688–2710, 2010.
[12] D. Mascaren ̃as, E. Flynn, C. Farrar, G. Park, and M. Todd, “A mobile host approach for wireless powering and interrogation of structural health monitoring sensor networks,” IEEE Sensors Journal, vol. 9, no. 12, pp. 1719–1726, 2009.
141
142 BIBLIOGRAPHY
[13] C. He, A. Arora, M. E. Kiziroglou, D. C. Yates, D. O’Hare, and E. M. Yeatman, “Mems energy harvesting powered wireless biometric sensor,” in 2009 Sixth International Work- shop on Wearable and Implantable Body Sensor Networks. IEEE, 2009, pp. 207–212.
[14] W. Y. Toh, Y. K. Tan, W. S. Koh, and L. Siek, “Autonomous wearable sensor nodes with flexible energy harvesting,” IEEE Sensors Journal, vol. 14, no. 7, pp. 2299–2306, 2014.
[15] P. De Mil, B. Jooris, L. Tytgat, R. Catteeuw, I. Moerman, P. Demeester, and A. Kamer- man, “Design and implementation of a generic energy-harvesting framework applied to the evaluation of a large-scale electronic shelf-labeling wireless sensor network,” EURASIP journal on wireless communications and networking, vol. 2010, no. 1, p. 1, 2010.
[16] T. V. Prabhakar, A. U. Nambi Sn, H. Jamadagni, K. Swaroop, R. V. Prasad, and I. Niemegeers, “A novel dtn based energy neutral transfer scheme for energy harvested wsn gateways,” ACM SIGMETRICS Performance Evaluation Review, vol. 38, no. 3, pp. 71–75, 2011.
[17] B. Franciscatto, “Design and implementation of a new low-power consumption DSRC transponder,” Ph.D. dissertation, Universite Grenoble Alpes, 2014.
[18] M.D.Prieto,D.Z.Millan,W.Wang,A.M.Ortiz,J.A.O.Redondo,andL.R.Martinez, “Self-powered wireless sensor applied to gear diagnosis based on acoustic emission,” IEEE Transactions on Instrumentation and Measurement, vol. 65, no. 1, pp. 15–24, 2016.
[19] B. Aygu ̈n and V. Cagri Gungor, “Wireless sensor networks for structure health monitor- ing: recent advances and future research directions,” Sensor Review, vol. 31, no. 3, pp. 261–276, 2011.
[20] L. Hou and N. W. Bergmann, “Novel industrial wireless sensor networks for machine condition monitoring and fault diagnosis,” IEEE Transactions on Instrumentation and Measurement, vol. 61, no. 10, pp. 2787–2798, 2012.
[21] J. Hu, J. Jong, and C. Zhao, “Vibration energy harvesting based on integrated piezo- electric components operating in different modes,” IEEE transactions on ultrasonics, ferroelectrics, and frequency control, vol. 57, no. 2, pp. 386–394, 2010.
[22] A. Decker, “Solar energy harvesting for autonomous field devices,” IET Wireless Sensor Systems, vol. 4, no. 1, pp. 1–8, 2014.
[23] A. S. Weddell, M. Magno, G. V. Merrett, D. Brunelli, B. M. Al-Hashimi, and L. Benini, “A survey of multi-source energy harvesting systems,” in Proceedings of the Conference on Design, Automation and Test in Europe. EDA Consortium, 2013, pp. 905–908.
[24] Silicon Labs. (2015) Battery size matters. [Online]. Available: https://www.silabs.com/Support%20Documents/TechnicalDocs/ battery-life-in-connected-wireless-iot-devices.pdf
[25] “Cellular networks for massive IoT,” Ericsson, Tech. Rep. Uen 284 23-3278, January 2016. [Online]. Available: https://www.ericsson.com/res/docs/whitepapers/wp iot.pdf
[26] Element14 Community. (2015) Why the internet of things needs energy harvesting. [On-
line]. Available: https://www.element14.com/community/groups/internet- of- things/ blog/2015/07/28/how-energy-harvesting-can-keep-the-iot-powered-up-and-growing
[27] Imprint Energy. (2016) Transforming the battery landscape. [Online]. Available: http://www.imprintenergy.com/
[28] Cymbet. (2015) Enerchip smart solid state batteries. [Online]. Available: http: //www.cymbet.com/products/enerchip-solid-state-batteries.php
BIBLIOGRAPHY 143
[29] H. R. Byon and Y. Zhao, “Aqueous lithium-iodine battery,” in Meeting Abstracts, no. 2.
The Electrochemical Society, 2014, pp. 104–104.
[30] W. Greatbatch, C. Holmes, E. Takeuchi, and S. Ebel, “Lithium/carbon monofluoride (li/cfx): a new pacemaker battery,” Pacing and clinical electrophysiology, vol. 19, no. 11, pp. 1836–1840, 1996.
[31] I. Cowie. (2014) All about batteries, part 10: Lithium sulfur dioxide (liso2) — ee times. [Online]. Available: http://www.eetimes.com/author.asp?section id=36&doc id= 1323439.
[32] ——. (2014) All about batteries, part 7: Lithium thionyl chloride — ee times. [Online]. Available: http://www.eetimes.com/author.asp?section id=36&doc id=1322276
[33] C. Menachem and H. Yamin, “High-energy, high-power pulses plus battery for long-term applications,” Journal of power sources, vol. 136, no. 2, pp. 268–275, 2004.
[34] W. Rowe. (2016) Iot battery outlook: Types of batteries for iot de-
vices. [Online]. Available: http://internetofthingsagenda.techtarget.com/feature/ IoT-battery-outlook-Types-of-batteries-for-IoT-devices
[35] M. Safak, “Wireless sensor and communication nodes with energy harvesting,” Journal of Communication, Navigation, Sensing and Services (CONASENSE), vol. 1, no. 1, pp. 47–66, 2014.
[36] P. Kamalinejad, C. Mahapatra, Z. Sheng, S. Mirabbasi, V. C. Leung, and Y. L. Guan, “Wireless energy harvesting for the internet of things,” IEEE Communications Magazine, vol. 53, no. 6, pp. 102–108, 2015.
[37] DRAYSON TECHNOLOGIES LTD. (2016) Rf energy harvesting for the low energy internet of things. [Online]. Available: http://www.getfreevolt.com/
[38] R. J. Vyas, B. B. Cook, Y. Kawahara, and M. M. Tentzeris, “E-wehp: A batteryless embedded sensor-platform wirelessly powered from ambient digital-tv signals,” IEEE Transactions on Microwave Theory and Techniques, vol. 61, no. 6, pp. 2491–2505, June 2013.
[39] B. Kellogg, A. Parks, S. Gollakota, J. R. Smith, and D. Wetherall, “Wi-fi backscatter: Internet connectivity for rf-powered devices,” in ACM SIGCOMM Computer Commu- nication Review, vol. 44, no. 4. ACM, 2014, pp. 607–618.
[40] A. M. Hawkes, A. R. Katko, and S. A. Cummer, “A microwave metamaterial with in- tegrated power harvesting functionality,” Applied Physics Letters, vol. 103, no. 16, p. 163901, 2013.
[41] S. Qi, M. Oudich, Y. Li, and B. Assouar, “Acoustic energy harvesting based on a planar acoustic metamaterial,” Applied Physics Letters, vol. 108, no. 26, p. 263501, 2016.
[42] G.Yang,V.Y.Tan,C.K.Ho,S.H.Ting,andY.L.Guan,“Wirelesscompressivesensing for energy harvesting sensor nodes,” IEEE Transactions on Signal Processing, vol. 61, no. 18, pp. 4491–4505, 2013.
[43] H. Sharma and P. Balamuralidhar, “A transmission scheme for robust delivery of ur- gent/critical data in internet of things,” in 2013 Fifth International Conference on Com- munication Systems and Networks (COMSNETS). IEEE, 2013, pp. 1–7.
[44] J. Tervo, A. Manninen, R. Ilola, and H. H ̈anninen, “State-of-the-art of thermoelectric materials processing,” Ju lkaisija-Utgivare Publisher, Finland, pp. 6–7, 2009.
144 BIBLIOGRAPHY
[45] Y. Zhao, J. S. Dyck, B. M. Hernandez, and C. Burda, “Enhancing thermoelectric perfor- mance of ternary nanocrystals through adjusting carrier concentration,” Journal of the American Chemical Society, vol. 132, no. 14, pp. 4982–4983, 2010.
[46] A. Z. Kausar, A. W. Reza, M. U. Saleh, and H. Ramiah, “Energizing wireless sensor networks by energy harvesting systems: Scopes, challenges and approaches,” Renewable and Sustainable Energy Reviews, vol. 38, pp. 973–989, 2014.
[47] X. Lu and S.-H. Yang, “Thermal energy harvesting for wsns,” in IEEE International Conference on Systems Man and Cybernetics (SMC). IEEE, 2010, pp. 3045–3052.
[48] Z.-G. Chen, G. Han, L. Yang, L. Cheng, and J. Zou, “Nanostructured thermoelectric ma- terials: Current research and future challenge,” Progress in Natural Science: Materials International, vol. 22, no. 6, pp. 535–549, 2012.
[49] N. Satyala, P. Norouzzadeh, and D. Vashaee, “Nano bulk thermoelectrics: Concepts, techniques, and modeling,” in Nanoscale Thermoelectrics. Springer, 2014, pp. 141–183.
[50] (2014) Thermo life energy corp. [Online]. Available: http://www.poweredbythermolife. com/
[51] F. K. Shaikh and S. Zeadally, “Energy harvesting in wireless sensor networks: A compre- hensive review,” Renewable and Sustainable Energy Reviews, vol. 55, pp. 1041 – 1054, 2016.
[52] V. Leonov, T. Torfs, P. Fiorini, and C. Van Hoof, “Thermoelectric converters of human warmth for self-powered wireless sensor nodes,” IEEE Sensors Journal, vol. 7, no. 5, pp. 650–657, 2007.
[53] Z. Wang, V. Leonov, P. Fiorini, and C. Van Hoof, “Realization of a wearable miniatur- ized thermoelectric generator for human body applications,” Sensors and Actuators A: Physical, vol. 156, no. 1, pp. 95–102, 2009.
[54] A. Cuadras, M. Gasulla, and V. Ferrari, “Thermal energy harvesting through pyroelec- tricity,” Sensors and Actuators A: Physical, vol. 158, no. 1, pp. 132–139, 2010.
[55] M.Ferrari,V.Ferrari,D.Marioli,andA.Taroni,“Modeling,fabricationandperformance measurements of a piezoelectric energy converter for power harvesting in autonomous microsystems,” IEEE transactions on instrumentation and measurement, vol. 55, no. 6, pp. 2096–2101, 2006.
[56] A. Harb, “Energy harvesting: State-of-the-art,” Renewable Energy, vol. 36, no. 10, pp. 2641–2654, 2011.
[57] Y. Wang, Y. Liu, C. Wang, Z. Li, X. Sheng, H. G. Lee, N. Chang, and H. Yang, “Storage- less and converter-less photovoltaic energy harvesting with maximum power point track- ing for internet of things,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 35, no. 2, pp. 173–186, 2016.
[58] M. Raju and M. Grazier. (2012) Ulp meets energy harvesting. [Online]. Avail- able: http://www.extensionmedia.com/basecamp/54722/eecatlowpowermarch2011/ ULP MEETS ENERGY TI v1.pdf
[59] C.O ́.Mathu ́na,T.ODonnell,R.V.Martinez-Catala,J.Rohan,andB.OFlynn,“Energy scavenging for long-term deployable wireless sensor networks,” Talanta, vol. 75, no. 3, pp. 613–623, 2008.
[60] J. Li, A. Liu, G. Shen, L. Li, C. Sun, and F. Zhao, “Retro-vlc: Enabling battery-free duplex visible light communication for mobile and iot applications,” in Proceedings of the 16th International Workshop on Mobile Computing Systems and Applications. ACM, 2015, pp. 21–26.
BIBLIOGRAPHY 145
[61] E. Sazonov, H. Li, D. Curry, and P. Pillay, “Self-powered sensors for monitoring of
highway bridges,” IEEE Sensors Journal, vol. 9, no. 11, pp. 1422–1429, 2009.
[62] T. Sterken, P. Fiorini, K. Baert, R. Puers, and G. Borghs, “An electret-based elec- trostatic/spl mu/-generator,” in TRANSDUCERS, Solid-State Sensors, Actuators and Microsystems, 12th International Conference on, 2003, vol. 2. IEEE, 2003, pp. 1291– 1294.
[63] E. Dallago, A. Danioni, M. Marchesi, V. Nucita, and G. Venchi, “A self-powered elec- tronic interface for electromagnetic energy harvester,” IEEE Transactions on Power Electronics, vol. 26, no. 11, pp. 3174–3182, 2011.
[64] T. Starner, “Human-powered wearable computing,” IBM systems Journal, vol. 35, no. 3.4, pp. 618–629, 1996.
[65] N. S. Shenck and J. A. Paradiso, “Energy scavenging with shoe-mounted piezoelectrics,” IEEE micro, vol. 21, no. 3, pp. 30–42, 2001.
[66] N. G. Elvin and A. A. Elvin, “Vibrational energy harvesting from human gait,” IEEE/ASME Transactions on Mechatronics, vol. 18, no. 2, pp. 637–644, 2013.
[67] P. D. Mitcheson, E. M. Yeatman, G. K. Rao, A. S. Holmes, and T. C. Green, “Energy harvesting from human and machine motion for wireless electronic devices,” Proceedings of the IEEE, vol. 96, no. 9, pp. 1457–1486, 2008.
[68] D. Benasciutti and L. Moro, “Energy harvesting with vibrating shoe-mounted piezo- electric cantilevers,” in Advances in Energy Harvesting Methods. Springer, 2013, pp. 141–162.
[69] S. J. Roundy, “Energy scavenging for wireless sensor nodes with a focus on vibration to electricity conversion,” Ph.D. dissertation, University of California, Berkeley, 2003.
[70] S. R. Platt, S. Farritor, K. Garvin, and H. Haider, “The use of piezoelectric ceramics for electric power generation within orthopedic implants,” IEEE/ASME Transactions on Mechatronics, vol. 10, no. 4, pp. 455–461, 2005.
[71] C.Dagdeviren,B.D.Yang,Y.Su,P.L.Tran,P.Joe,E.Anderson,J.Xia,V.Doraiswamy, B. Dehdashti, X. Feng et al., “Conformal piezoelectric energy harvesting and storage from motions of the heart, lung, and diaphragm,” Proceedings of the National Academy of Sciences, vol. 111, no. 5, pp. 1927–1932, 2014.
[72] G.-T. Hwang, H. Park, J.-H. Lee, S. Oh, K.-I. Park, M. Byun, H. Park, G. Ahn, C. K. Jeong, K. No et al., “Self-powered cardiac pacemaker enabled by flexible single crystalline pmn-pt piezoelectric energy harvester,” Advanced materials, vol. 26, no. 28, pp. 4880– 4887, 2014.
[73] K.-I. Park, S. Xu, Y. Liu, G.-T. Hwang, S.-J. L. Kang, Z. L. Wang, and K. J. Lee, “Piezoelectric batio3 thin film nanogenerator on plastic substrates,” Nano letters, vol. 10, no. 12, pp. 4939–4943, 2010.
[74] J. Kwon, W. Seung, B. K. Sharma, S.-W. Kim, and J.-H. Ahn, “A high performance pzt ribbon-based nanogenerator using graphene transparent electrodes,” Energy & Environ- mental Science, vol. 5, no. 10, pp. 8970–8975, 2012.
[75] K. MacVittie, J. Hala ́mek, L. Hal ́amkova ́, M. Southcott, W. D. Jemison, R. Lobel, and E. Katz, “From cyborg lobsters to a pacemaker powered by implantable biofuel cells,” Energy & Environmental Science, vol. 6, no. 1, pp. 81–86, 2013.