Open Access is an initiative that aims to make scientific research freely available to all. To date our community has made over 100 million downloads. It’s based on principles of collaboration, unobstructed discovery, and, most importantly, scientific progression. As PhD students, we found it difficult to access the research we needed, so we decided to create a new Open Access publisher that levels the playing field for scientists across the world. How? By making research easy to access, and puts the academic needs of the researchers before the business interests of publishers.
We are a community of more than 103,000 authors and editors from 3,291 institutions spanning 160 countries, including Nobel Prize winners and some of the world’s most-cited researchers. Publishing on IntechOpen allows authors to earn citations and find new collaborators, meaning more people see your work not only from your own field of study, but from other related fields too.
Smart cities are managed and controlled through comprehensive and complex information systems. The main characteristics of smart cities are expressed in the massive reliance on computerized systems, which comprise large, distributed databases, integrated complex software systems, WAN with a vast number of terminals connected to the Internet and cloud computing, and physical systems fully computerized and remotely controlled. Smart cities are more likely to be sophisticated and more affluent than common cities, making them attractive to cybersecurity attackers motivated by theft and benefits stealing, such as ransom. The concept of smart cities is catching attention across the globe, and it is important in per context of emerging economies. It is inevitable to assume that smart cities incorporate all kinds of system vulnerabilities, which are more likely to be known and exploited by malicious cybersecurity attackers. This chapter elaborates on the leading cybersecurity risks more likely to be encountered in smart cities. We present current concepts and technologies available for mitigating them and provide a comprehensive solution for safe, smart cities.
*Address all correspondence to: dombmnc@edu.aac.ac.il
1. Introduction
Smart city’s main goal is to raise the quality of life standard of its residents to a new level by utilizing its resources more effectively and generating an intelligent ecosystem utilizing digital technology, aiming to provide inventive city transport networks, better water supply, waste disposal, light and heat buildings, user-friendly financial services, residents’ engagement in decision participation, safe environment with accessible public areas without restrictions, and making smart citizens of a smart city. Smart cities connect people to data networks, evolving structures involving people, technology, and policies that impact privacy and security, encouraging the development of new innovative cybersecurity protocols for smart cities. Policy guidelines in smart cities are required to guarantee the security, integrity, and secrecy of smart governance. City governance services are more complex and advanced, requiring the awareness of increased cyberspace security risks using more sophisticated technology and infrastructure. Hence, risk identification and mitigation are part of all domains in governance systems. Authorities and administrations aim to arrange city-wide interventions using IoT systems to build an integrated ecosystem for the entire city. It requires a high degree of responsibility for the tasks to be completed and well-managed IoT systems, assuming a vast technical background by professionals in the field. Governance service providers adopt a culture of security and information confidentiality as part of their services [1].
Smart cities decided to cope with public issues with the help of technology and the prudent management of natural reseizures. Smart city systems provide management tools generating people networks, infrastructure, companies, and resources to achieve sustainable economic development, high quality of life, and general well-being for most citizens. A key tool for data collection in smart cities is the Internet of things (IoT) networks with embedded electronics, software, sensors, and connectivity for exchanging data with servers, centralized systems, and connected devices using communication systems. IoT data is collected from sensors, assembled, and sent to various applications executed locally or in the cloud. The rapid evolvement and distribution of smart devices embedded within typical smart city services become a preferred and easy target, exposing them to cyber-attacks. These services apply to transportation, health care, water, electricity, and other municipal services.
In smart governance, municipal authorities aim to deploy IoT-based applications to build an ecosystem for the full smart city managing a substantial number of mutual and parallel tasks involving interactions among the municipality and residents [2]. Technology is necessary to coordinate and manage these systems, such as an ICT-based system that offers the elements necessary for smart governance for managing the following: 1. Permission hierarchy model. 2. Follow-up on assignments. 3. Inclusion to facilitate data interchange 4. Integration with future ICT components. 5. Privacy and safety processes [3].
We focus on technological solutions for security policies as part of regular personal and community behavior. We utilize a cybersecurity perspective that smart city designers can translate and develop elements that can be integrated within their design to better deal with cyber-attacks and violation of personal privacy and practical cybersecurity approaches. We examine the characteristics of cyber threats related to these domains involving advanced emerging technologies. The rest of this chapter is comprised as follows. The next section outlines the main security challenges a typical smart city encounter. Section 3 lists the main security vulnerabilities typical to smart cities. In section 4, we continue with common solutions and tools required for securing smart cities, and in section 5, we describe several detection mechanisms to discover cyber-attacks in the context of smart cities. In sections 6, 7, 8, and 9, we describe several emerging technologies and developments in the cybersecurity domain. We conclude this chapter in section 10.
2. Security vulnerabilities of smart cities and mitigation strategies
The immense spread and growth of automation in every aspect of life improved significantly human life, such as technology, digital computing, electronic devices, smartphones, and data transmission networks. However, it also caused the evolution of cybercrimes that have become a major threat. Modern cities are open and oriented to adopt innovative technologies to improve their operation, services, transportation, water, electricity, data transmission, supply chain, and overall system resilience. Implementing embedded security systems, Firewalls, cryptography, and more are mandatory to protect this rich digital environment.
Smart cities become vulnerable to cyber-attacks due to their widespread connectivity and remote-control operations using communication networks, which are public and may be accessed by cyber-attackers [4]. Smart cities are expected to detect any cyber-attacks, such as DDoS, and react immediately, stopping their progress and recovering damages. A city cyber-attack could exploit an IoT device and use it as a gateway, penetrating the attacked subject and changing, corrupting, and erasing data. It may also stop or manipulate system operations such as traffic lights, public transportation, street lighting, power grids, water supply, and other services. Regardless of how emerging technologies alter these essential systems. Smart cities use analytics to automate and optimize the synchronization of a wide range of services, monitor the surrounding impact, and improve city performance. This information is required for the applications that centrally oversee intelligent and public area lighting, using distributed IoT and sensor inputs. Good lighting helps improve residents’ safety and traffic management, reduce accidents, better parking, and reduce crime. The following are listed vulnerabilities per service.
Traffic management: Using cameras to provide traffic balance, reduce traffic congestion, allow instant changes in traffic lights, close roads, provide detour alternatives, and prioritize emergency navigation.
Parking: Provide available parking, reservation information, payment, discover violations, messaging and warning drivers, and automatic ticketing. Real-time and AI-based distributed systems targeting immediate reactions to citizens’ requests and emergency calls. A research team hacked and manipulated wireless traffic lights. A polish teenager hacked the city’s tram, and four have been injured. Active and passive cyber-attacks compromise the security of smart cities’ applications. Sabotage, manipulation, and espionage are the main motivations of cyber-attacks. A passive attack aims to get information, such as the configuration and behavior of the system and its architecture of the victim’s system, without changing it. Active attacks affect the system’s operation by modifying and injecting malicious data. This section outlines security vulnerabilities in various smart city applications. In the next section, we outline mitigation concepts.
Distributed Denial of Service (DDoS): The purpose is to prevent the system’s normal operation and destroy its availability in smart cities. The attacker tries to overwhelm the network’s resources with bandwidth-consuming attacks such as attacks. In smart cities, the impacts of DoS attacks on any system that provides centralized monitoring.
Malware: applications whose testing stage is incomplete, are utilized to bypass security measures and access control gates, take control of the central monitoring system, damage system machinery, and manipulate system parameters.
Eavesdropping: Unauthorized sniffing and manipulating of the transmitted data over the institution network, stealing the institute network map, and applying changes to the traffic behavior, weakening network integrity and security, causing users confusion, privacy violation, wrong decision making, and causing financial damages.
Masquerading: The attacker tries to steal, change, or damage data.
False information (FI): Attackers spread fake messages on social media, impacting people’s behavior.
Message modification: The attacker is manipulating transmitted messages, distorting inter-user conversations, and spreading wrong data causing uncertainty leading to dangerous actions that may be taken at the personal and community levels.
Traffic analysis (TA): Attackers attain critical traffic information, such as timetables and routing maps, and intentionally disrupt the normal behavior of the transportation system.
Data injection attack (FDIA): Occurs when attackers manage to get operational measurements from various critical smart city systems, such as public transportation schedules and power plant monitoring thresholds, and make changes impacting the normal systems’ behavior, causing service disruptions.
Exploitation of home security loopholes: Home devices, smart living gadgets, and IoT may compromise security, enabling hackers to attack or violate privacy and expose account information. People control their smart homes, making them a valuable database for hackers.
To cope with it, mapping and analyzing the hazards identify the risks associated with smart home systems and ways to reduce risks.
Embedded IoT devices: They collect data, such as traffic management and real-time response systems, to improve city operations. They are balancing smart cities and cybersecurity. IoT devices could be better with built-in security mechanisms due to their limited computing power.
Objects can be scanned or sensed, such as thermostats, domestic appliances, security cameras, and lighting systems connected to the public communication network, remotely monitored and accessible to attackers. The security of IoT could be better due to the lack of computing power, memory, and storage, which allows very minimal security protection. Its spread generates a large attack surface and multiple vulnerabilities, inviting attackers who take over the control of a lighting system, raising severe consequences for personal safety.
Connected devices are expected to be protected by comprehensive IoT security solutions. Practical, simple, yet secure solutions that OEMs and services can easily and widely adopt seem adequate based on their assurance of executing code solely generated by the device OEM or a trusted party. Secure boot technology is used to avoid the replacement of firmware with harmful devices. It ensures that IoT devices can only communicate with authorized services. Mutual authentication is applied when any device connects to the system, ensuring the data comes from a legitimate and authenticated source. The data is then analyzed to detect security violations. Frequent key replacement prevents service disruption. Distributed Denial of Service attacks are critical security threats and attacks on smart cities. BoT-IoT with embedded random forest (RF) and decision tree (DT) is a recommended detecting tool for DDoS attacks, achieving 91% success. According to NIST, an IoT-enabled framework in smart cities addresses cybersecurity and data protection. Clear IoT data use and privacy policies improve security awareness to prevent cyber-attacks.
At the same time, there must be boundaries around. Secure privacy in smart cities oversees the data of all its residents; synchronized credentialing is mandatory to avoid weak points and protect all residents’ personal information. City staff should define how connected devices behave. When devices are activated, their encryption measures should be active at all links up to the destination. Smart technology, connectivity, and applications should be able to meet residents’ needs where cybersecurity is well-considered and managed. Smart transportation systems improve the safety, speed, and reliability of accessibility. Modern and sustainable transportation systems provide scheduling, selection of the optimized route, driver’s license recognition, car parking searching, and safety-related applications in smart transportation facilities, which are more likely to be crowded due to their high living style. IoT reduces accidents due to initiative-taking actions in detecting human errors, and affordable IoT systems for estimating road network safety are implemented; some even use IoT technologies for smart mobility in smart city scenarios. IoT-based solutions, such as smart traffic, parking, and mobility solutions, are employed in transportation leading to safer streets. Here are a few projects: a transportation system that recognizes and monitors buses by inter-messaging. It uses IoT, radio frequency identification (RFID), general packet radio services (GPRS), (GIS), and (GPS). Another project embeds temperature and humidity sensors to monitor automobiles and buses. A recent project suggests a real-time traffic monitor using collected data to identify roadway issues. An intelligent application with embedded IoT, using Intel Edison and Raspberry Pi, minimizes the damaged packets and incorporates encryption for decreasing surface attacks. One more project integrates D-switches and software-defined networking (SDN) and inserts a high volume of deterministic virtual private networks (DVPN), preventing congestion, interference, and DDOS, reducing buffer size in D-switches, improving speed communications, and encrypted packets within a DVPN are quantum-safe encryption due to the use of lengthy encryption keys.
Integrate transportation safety applications, creating a vehicular ad hoc network (Vanet), complemented with secured privacy applications, provides a communication platform interconnecting vehicles reporting congestion, accidents, and road surface conditions to other cars. However, there are several security and privacy problems, particularly location privacy. We may add Group signatures to provide conditional privacy preservation. The vehicle’s previous communications and positions are unlikable and saved—a simple conditional privacy-preservation system using hash-chain algorithms to provide identity monitoring using on-road instant local revocation verification. A vehicle receiving a message from another vehicle authenticates the sender’s certificate. The receiver requests the roadside unit to review the message if the sender lacks credentials. The roadside unit will issue a valid certificate if the information is correct. Otherwise, the vehicle is added to the revocation list. Another tool is a multi-level architecture that reduces attacks on the road communication system. Autonomous cars also manage new attack types like Ransomware, IoT, Botnet, and DDoS. Because cars are interconnected, attacks spread further, increasing the overall risk. Developing secured traffic systems, modeling the secured integration of automated vehicles and road infrastructure, engaging vehicles with pedestrians where traffic signals are missing, and interconnecting vehicles via wireless communications. Interconnect vehicles using wireless communication are exposed to cyber-attacks, such as the “Sitbit” attack, where fake identities are placed to change traffic light timing by utilizing existing flaws in traffic signal control systems, causing significant delays, excess fuel consumption, air pollution, and traffic congestion. An assessment model for cyber-attacks on autonomous vehicles is proposed to evaluate the transportation system’s performance, considering the following parameters: number of attacked cars, intensity, efficiency, safety, emissions, and fuel consumption. It concludes that the negative impact on traffic flow grows as the number of cyber-attacked vehicles and the severity of attacks increases. It reduces capacity and increases rear-end collision risk, air pollution, and fuel consumption.
Trains are the most used in modern cities. With the automation of railway operations, the increase in the number of passengers, and the integration with other transportation methods, the railway industry is experiencing adaptation changes in its operation processes and infrastructure. It is transitioning from a standalone system to an open platform, using off-the-shelf standard elements and increasing networked control and automation systems accessible remotely via networks. This change raises its vulnerability to cyber-attacks and its attractiveness to cybercriminals to focus on ticket machines, WiFi communication, and passenger information screens. Safe traffic assumes complete visibility, identification, and mitigation of threats to the signaling system, telecommunication, and operations management. For example, we may locally disconnect the system from its cables by adding an SDN switch. The SDN switch should detect ARP spoofing, and the system remains undiscovered to man-in-the-middle attackers. Railways are exposed to physical attacks, and hence, they are equipped with a tamper resistance box that encapsulates the hardware and controls the equipment against cyber-attacks. Smart environment applications quantify and analyze vast parameters such as climate, green spaces, city cleanliness, movement initiatives, contamination level, optimal resource management, and environmental actions. Results show quality improvements in public spaces, facilities, and life and strengthen security in areas. Smart cities collect traffic congestion, energy utilization, air, and building quality, analyze it, and issue a corresponding pollution report. Wireless sensor networks (WSNs) monitor the natural environment, detect natural disasters, and enhance security awareness. Voice-activated devices are used everywhere and at home, allowing disabled and older people to operate with minimum energy [5], or using mobile phones to interpret voice commands [6]. Table 1 outlines the generic mitigation methods to cope with each security risk dimension. In this chapter, we elaborate on mitigations having a technological perspective and practical deployment.
Dimension
Mitigation methods
Infrastructure vulnerabilities Data privacy Network vulnerabilities. Access control IoT devices Human behavior Security standards and regulation
Facility review, discovery, and assessment Risk management plan. Ethical violations Ongoing monitoring Privacy by design and hiding real ID when it is not required. Data minimization Transparent data practices and user control and rights Risk assessment and deployment of prevention systems. Encrypt all transmitted data using symmetric and asymmetric methods Intrusion detection, authentication, and authorization mechanisms. Secure device management Role-based access controls-RBAC3 Adoption of a variety of biometrics. Secure access controls and protocols Secure communication protocols Security monitoring Education and ethical guidelines Behavioral analytics and predictive models Collaboration and partnerships Community engagement Adoption of international standards Smart grid security standards Articulate with local and national frameworks
Table 1.
Security dimensions and their corresponding generic mitigation methods [7].
4. Attack detection and mitigation systems for smart cities
Most cybersecurity alert methods rely on attack detection methods, such as intrusion detection systems (IDS) and Firewalls. However, they could be more effective since detection rules are out-of-date and limited to single-step attacks [8]. The attackers developed workarounds, and the detection time increased. Deep learning and knowledge graph-based cyber-attack detection methods are less popular due to their lack of explanations. However, recent developments of XAI try to complement AI with s explanations such that AI will be comparable to other methods and will be reasonable and expected to some extent. Nevertheless, AI-based cybersecurity systems, deployed in smart cities, are popular. We can already find machine and deep learning that are integrated into cybersecurity defense systems. In parallel, attackers try hard to look for new attack strategies, methods, and technologies, which accelerates the need to react promptly. One of the advanced analysis models used is MDATA graph matching, a cyber-attack detection approach, incorporating a dynamic model using temporal-spatial data. It activates several modules, knowledge extraction, construction of MDATA graphs, vulnerabilities, and multi-stage attack identification. Experiments show its effectiveness of 90% and performance of 14ms. Artificial intelligence (AI) is a spreading and expanding concept and technology in modern times. It imitates the human brain to oversee real-life issues. It is implemented in many domains, such as robotics, smart cars, prediction, e-commerce, navigation, human resources, health care, agriculture, gaming, automobiles, social media, and marketing. AI security is leveraging AI to detect and respond to cyber threats and attacks early based on historical activities. AI embedded in drones and blockchain technologies enforces security in smart cities. Emerging technologies such as AI, blockchain, and drones are important in smart cities, especially regarding security and regional monitoring [9]. The use of drones supports the intelligent city concept with all its advantages. Drones are used in smart cities for assorted services, such as surveillance, traffic control, monitoring public areas, package delivery, detection of malicious activities, and more. AI-based drones enhance surveillance everywhere, assisting in detecting security-related events. Drowns with embedded machine-learning capabilities enable the prediction of jamming attacks by applying Q-learning [10, 11] and DQN [12]. Attacks such as intrusion, DDOS, and traffic blockage are managed by a variety of algorithms [13, 14, 15]; while other research focuses on threats to private and agencies [16, 17].
5. Artificial intelligence-enabled (AI) cybersecurity defense for smart cities
Drones are equipped with quality software, wireless communication systems, and data exchange protocols, have cybersecurity vulnerabilities, and have a high probability of cyber-attacks, making them sensitive to cyber threats [18]. Despite this, reality proves that drones have limited computing resources, forcing the need to balance security and performance, and compromising cybersecurity. Drones rely on wireless protocols for communication with ground control stations and other connected devices, which hackers can target. Therefore, strong measures should be implemented to cope with potential cyber-attacks and sensitive data and maintain their reliability and security. Vulnerability to hacking is one of the primary concerns. Malicious actors attempt to gain access to drone systems, manipulate their flight controls, or compromise their onboard sensors and cameras. Drones suffer from all typical attacks applicable to their structure and behavior, such as MITM and DDoS.
The evolving progress of drones has played a significant role in smart cities. However, at the same time, there are concerns related to cybersecurity, privacy, and public safety. Malicious entities can use drones for cyber-attacks and threats [19]. It is complicated to identify harmful drones. The dependency of drones on GPS makes it vulnerable to GPS spoofing, data stealing, change of date and time, and operations interference. GPS spoofing is transmitting distorted coordinates and false signals, deflecting the drone from its course, and synchronizing with the attacker’s signals, changing the drone’s GPS control system to be fully controlled by the attacker. Civilian drones are easy to attack due to their lack of authentication methods [20]. For example, a GPS spoofing attack forced a drone to follow a route set by the spoofer, proving that such an attack was technically and operationally feasible. Communications’ DDoS is applied by using the air-cracking script to perform the attack, sending a De-authentication key, and the drone memory fills the control. The controller avoided reconnecting to the system, causing the drone to crash. It is a DOS attack that crashes the drone in a STRIDE configuration. Password cracking attacks against passwords have demonstrated an increase in more connected devices. Password cracking in commercial drones disclosed positive security flaws, is an authentication intrusion, and this attack is an identity spoofing. An open WiFi attack relates to drones with free WiFi, providing many users access to the network and leading the team to hijack the drone successfully. In addition, the device allows multiple user connections so that multiple unauthenticated users can control the drone with no way to verify the drone’s owner. SDK threat disrupts the privilege escalation scheme by allowing access to inaccessible features for unauthorized users; attackers track user authentication information and modify some codes, allowing malicious users to execute the operations of legitimate drone users. Telnet attack occurs when the intruder is using Telnet, gaining direct access to the drone, and changing files and scripts to interfere and restart the drone by deactivating the motor, causing it to drop. The drone was deactivated by accessing the operating system file system via Telnet (Busy Box). The user ID and password and many drone executables identified the data. This attack demonstrates an interruption as an attempt to divulge information as sensitive data are collected and sent to the attacker by an authorized user to hijack the drone. Drone packet spoofing uses a Python script that mimics a drone controller.
WiFi is the communication standard between the ground station and the drone, which can be hijacked due to the lack of encryption, allowing the drone to connect, hack, and perform remote man-in-middle attacks. A de-authentication attack on drones is done by using aircrackng20. A passive search for the wireless network is conducted. After a network is detected, packets from that wireless network are filtered and analyzed to discover user addresses. Accordingly, the attacker executes a de-authentication attack, where the network users are de-authenticated, resulting in disassociating packets to connected users, disconnecting them, and losing the connection between the users and the drone, severely impacting businesses and residents who depend on drones for their ongoing lifestyle. Several immediate actions may reduce the impact. Having an alternate emergency communication network, cluster network stations, and applying strict inter-clustering message passing to delay the attack from further spreading, implementing penetration detection methods, monitoring the ratio of the number of de-authentication transactions per time frame, and having a hazard call when this number crosses a threshold, encrypt all transmitted messages.
Smart cities have their systems interconnected and thus accessible to all city members based on their predefined rights and needs. This wide surface attack attracts attackers and becomes a challenge to smart city security personnel. To minimize this risk and prevent unauthorized people from accessing any smart city system, a strong access control system should be implemented. The best method for preventing unauthorized people from penetrating city systems is using biometrics technologies. There is a wide variety of reliable biometric methods that may fit to cope with many kinds of penetration attempts. The various biometric methods are divided into physical and behavioral as depicted in Figure 1. Fingerprint matching is the most used biometrics-based technology due to its convenient collection stage, reliability, and acceptance by the average person. Recent developments in biometrics suggest a fingerprint collection by a 1000DPI electronic reader, whose fingerprint image includes thousands of sweat pores, presented as white dots on top of the ridges. This addition of dots allows the digitization of the entire fingerprint-matching system. Its’ accuracy and reliability are much higher than in the classical pattern-recognition minutia-based approach. A face image matching method suggests collecting about 48 features from the image, such as inter-pupil distance, nose-to-chin distance, and more. Another proposal is using hyperspectral cameras to generate multilayer images, extracting attributes from each layer, and constructing a systematic unique code associated with the person appearing in the image. One more face authentication approach is by reconstructing a 3D image from two 2D images taken in parallel by two adjacent standard 2D cameras. The reconstruction process includes hidden attributes injected into the 3D final image.
Figure 1.
Taxonomy of biometrics technology.
Table 2 associates each biometric technology with seven characteristics, enabling us to decide which technology is the best to be deployed in each situation. We can also use Table 2 to decide which biometric technologies complement each other and can be fused to generate a combined robust technology with improved accuracy. The fusion of technologies can be done in three levels, at the features collection stage or the decision stage.
7. Cybersecurity for electric vehicles (EV) in smart cities
The development of electric vehicles and smart grids generated the vehicle-to-grid (V2G) technology, which involves pushing unused power from the car into the smart grid. Smart power grids are used for exchanging information and allocating resources between customers and a grid, enabling the flow of electricity between them, and introducing the V2G technology that enables pushing EV battery energy back to the grid. EV integration into smart cities is important for developing sustainable transportation solutions and reasonable security and privacy risk mitigation. User data and privacy concerns increase with the use of sensors that collect personal ID, charging logs, driving habits, locations, car data, personal data breaches, and crypto jackings, Due to these threats, the confidentiality and privacy of user data are at continued risk [21]. The more we make EVs sustainable by introducing cameras, tracking devices, and sensors, the more we add to cybersecurity threats. The city’s power grid utility servers are vulnerable to malware attacks from other EVs. Local attacks are mutual cyber threats to the smart grid, with malicious actors using techniques such as jamming, DDoS, controller malfunction, and load alteration attacks. Cybersecurity in smart cities is classified into passive and active attacks. Passive attack in a smart city refers to accessing information or systems without disrupting normal functioning [22]. These attacks target the vulnerabilities of communication networks, sensors, data repositories, and control systems. Figure 2 depicts the potential threads on EVs. Attackers exploit weaknesses to access data, monitor activities, or gather information for further malicious activities. Active cyber-attacks mean disrupting operations, manipulating data, or causing damage to critical infrastructure components. The attacker may employ hacking, malware, social engineering, or denial-of-service attacks to weaken the security and integrity of smart city systems. Attacks on smart cities are detected using interactive visualization and false alarms. Communication, infrastructure, data, and stakeholders (ACIDS) is a framework to identify threats in the various layers of a smart city system. The proposed layered approach improved the overall security of a smart city system. Malicious actors utilize EVs and the grid to cause wide-area blackouts, attacks on communication protocols between EVs, chargers, and back-end systems that are vulnerable to tampering, cyber-attacks on home charging units, and phasor measurement units (PMUs) for power grid’s reliability and safety. Anonymous certificates have used to conceal the identity of users that each vehicle node store anonymous certificates to use different public–private key pairs in each authentication process. Mitigating these attacks is done by authentication using bilinear mapping technology to ensure that the communicating peer entities have legitimate identities and can effectively resist spoofing attacks. Another proposal uses a key protocol for mutual authentication without revealing the user’s identity or using mobile IP communication and a mobile agent IPv6 protocol by employing blind signatures based on the RSA algorithm and incorporating built-in tag technology, which could also ensure traceability for vehicles. Figure 2 depicts the mitigation actions against the threats to EV operations.
Figure 2.
Security threats to EV sensors [22].
A pairing-based authentication protocol is used to ensure the confidentiality of communication, protect the identity of vehicle users, and prevent vehicles from being tracked by malicious attackers. A dynamic privacy-preserving and lightweight key negotiation protocol for V2G in SIoT, which could resist attacks such as impersonation, offline password guessing, man-in-the-middle, replay, and tracking, has been added. A lightweight authentication protocol using non-singular elliptic curves is added to eliminate issues of untrusted third parties in V2G networks. Simultaneously, a secure two-party protocol was used to negotiate the system’s universal key between third-party entities and the dispatch center, preventing internal attacks. A fog-based billing identity authentication reduces the interaction frequency between users and cloud servers and improves authentication efficiency.
8. Quantum computing and blockchain applications for smart cities
Advances in IoT, big data, cloud computing, social media, and smart meters contribute to the advancement and realization of smart utilities [23]. IoT smart nodes comprising devices, sensors, services, applications, and real-time communications became a critical industry component. Quantum computation, information, algorithms, communication, and information processing devices enable the implementation of quantum hardware to deliver security-enhanced protocols that impact future technologies in computation, communication, cryptography, and information theory. Blockchain is a technique to achieve decentralized and secure data management with tamper-proof immutability and traceability. Advanced quantum computing and communication technologies mitigate cloud storage and data transfer risks. Applying smart utilities requires networking and communication infrastructures, data collection and analysis, crowdsourcing technologies, policies, regulations, and information security. IoT devices like water networks are embedded in critical infrastructure sensitive to cyber-attacks. Thus, it is important to continually monitor utility networks to eliminate attacks on IT and OT: management and optimization of water utility services. Blockchain technology for safe communication among smart devices is a solution to security breaches. Quantum walks are considered nonlinear mappings of elements to the set of probability distributions. This property and the high sensitivity to changes describe discrete quantum walks as discrete-time and discrete-valued chaotic systems. Quantum communication channels are used to exchange decryption keys between senders and receivers. The exchanged key parameters are required for message encryption, decryption, and authentication processes. Each blockchain unit contains a hash value linked to the previous and current block. QHF with public key parameters generates the hash value for linking each block in the chain with the previous one. The framework assumes that each stakeholder on the blockchain system has a validated profile and key parameters for each node. Security analysis is used in the evaluation of cybersecurity systems (Figure 3).
Smart cities are the result of the maturation and accessibility of advanced technologies available for integration in all aspects of life, such as data communication, telecom, IoT, electronics, automation, and computerized physical equipment. The complete reliance on automation and communication causes hostile elements to take advantage of the exposure to automation to infiltrate significant municipal systems causing functional damage, intentional disruptions, and financial extortion. Therefore, smart cities should integrate cyber and privacy solutions to ensure the interoperability of all elements that form the city’s infrastructure and processes. In this chapter, we described the main security issues related to smart cities. In the beginning sections, we focused on common security threats we can typically find in the context of smart cities. In the rest of the chapter, we introduced emerging aspects related to new threats and new mitigations. Sustainability and security are two concepts that smart cities maintain and keep advancing. However, we noticed that these concepts contradict each other, and as we enhance sustainability, we decrease security accordingly. To settle this conflict, we are required to increase our efforts in looking for more ideas required to mitigate cybersecurity-increasing risks and cyber-attacks. In future work, we will continue our follow-up on developments in security threats and sophisticated attacks. And accordingly, explore solutions and technologies for mitigating advancement.
References
1.Demertzi V, Demertzis S, Demertzis K. An overview of cyber threats, attacks and countermeasures on the primary domains of smart cities. Applied Sciences. 2023;13(2):790. DOI: 10.3390/app13020790
2.Cho Y, Oh J, Kwon D, Son S, Yu S, Park Y, et al. A secure three-factor authentication protocol for E-Governance system based on multiserver environments. IEEE Access. 2022;10:74351-74365
3.Sifah EB, Xia H, Cobblah CNA, Xia Q , Gao J, Du X. BEMPAS: A decentralized employee performance assessment system based on blockchain for smart city governance. IEEE Access. 2020;8:99528-99539
4.Kitchin R, Dodge M. The (In)Security of smart cities: Vulnerabilities, risks, mitigation, and prevention. Journal of Urban Technology. 2019;26(2):47-65. DOI: 10.1080/10630732.2017.1408002
5.Mtshali P, Khubisa F. A smart home appliance control system for physically disabled people. In: Proceedings of the 2019 Conference on Information Communications Technology and Society (ICTAS), Durban, South Africa, 6-8 March 2019. IEEE Xplore; 2019. pp. 1-5
6.Kasthuri R, Nivetha B, Shabana S, Veluchamy M, Sivakumar S. Smart device for visually impaired people. In: Proceedings of the 2017 Third International Conference on Science Technology Engineering & Management (ICONSTEM), Chennai, India, 23-24 March 2017. IEEE Xplore; 2017. pp. 54-59
7.Almeida F. Prospects of cybersecurity in smart cities. Future Internet. 2023;15:285. DOI: 10.3390/fi15090285
8.Jia Y, Gu Z, Du L, Long Y, Wang Y, Li J, et al. Artificial intelligence-enabled cyber security defense for smart cities: A novel attack detection framework based on the MDATA model. Knowledge-Based Systems. 2023;276:110781. DOI: 10.1016/j.knosys.2023.110781
9.Rawat B, Bist AS, Apriani D, Permadi NI, Nabila EA. AI-based drones for security concerns in smart cities. APTISI Transactions on Management. 2022;7(2):122-127. DOI: 10.33050/atm.v7i2.1834
10.Purnama S, Rahardja U, Aini Q , Khoirunisa A, Toyibah RA. Approaching the anonymous deployment of blockchain-based fair advertising on vehicle networks. In: 2021 Third International Conference on Cybernetics and Intelligent System (ICORIS). IEEE Xplore; 2021. pp. 1-6
11.Widayanti R, Rahardja U, Oganda FP, Hardini M, Devana VT. Students formative assessment framework (Faus) using the blockchain. In: 2021 Third International Conference on Cybernetics and Intelligent System (ICORIS). IEEE Xplore; 2021. pp. 1-6. DOI: 10.1109/ICORIS52787.2021.9649582
12.El Emam K. Seven ways to evaluate the utility of synthetic data. IEEE Security and Privacy. 2020;18(4):56-59
13.Ranyal E, Jain K. Unmanned aerial vehicle’s vulnerability to GPS spoofing a review. Journal of the Indian Society of Remote Sensing. 2021;49(3):585-591
14.Euler S, Maattanen H-L, Lin X, Zou Z, Bergström M, Sedin J. Mobility Support for cellular-connected unmanned aerial vehicles: Performance and analysis. In: 2019 IEEE Wireless Communications and Networking Conference (WCNC). IEEE Xplore; 2019. pp. 1-6. DOI: 10.1109/WCNC.2019.8885820
15.Majeed R, Abdullah NA, Mushtaq MF, Kazmi R. Drone security: Issues and challenges. Parameters. International Journal of Advanced Computer Science and Applications (IJACSA), SAI, 2021;12(5):15. DOI: 10.14569/IJACSA.2021.0120584,2021. CorpusID:235640850. Available from: https://api.semanticscholar.org
16.Nguyen HPD, Nguyen DD. Drone application in smart cities: The general overview of security vulnerabilities and countermeasures for data communication. In Development and Future of the Internet of Drones (IoD): Insights, Trends and Road Ahead. ResearchGate. 2021. pp. 185-210. DOI: 10.1007/978-3-030-63339-4_7
17.Azmi M, Shihab MS, Rustiana D, Lazirkha DP. The effect of advertising, sales promotion, and brand image on repurchasing intention (study on Shopee users). IAIC Transactions on Sustainable Digital Innovation. 2022;3(2):76-85
18.Shafik W, Matinkhah SM, Shokoor F. Cybersecurity in unmanned aerial vehicles: A review. International Journal on Smart Sensing and Intelligent Systems. 2023;16(1):1-16
19.Vattapparamban E, Güvenç İ, Yurekli Aİ, Akkaya K, Uluağaç S. Drones for smart cities: Issues in cybersecurity, privacy, and public safety. In: 2016 International Wireless Communications and Mobile Computing Conference (IWCMC), Paphos, Cyprus. IEEE Xplore; 2016. pp. 216-221. DOI: 10.1109/IWCMC.2016.7577060
20.Paganini P. Hacking drones – Overview of the main threats. INFOSEC, Resource Center/Hacking. June 2013. Available from: http://resources.infosecinstitute.com/
21.Saoudi O, Singh I, Mahyar H. Autonomous vehicles: Open-source technologies, considerations, and development. arXiv 2022, Cornell University, arXiv:2202.03148
22.Muhammad Z, Saleem B, Shahid J. Emerging cybersecurity and privacy threats to electric vehicles and their impact on human and environmental sustainability. Energies. 2023;16(3):1113. DOI: 10.3390/en16031113
23.Abd El-Latif AA, Abd-El-Atty B, Mehmood I, Muhammad K, Venegas-Andraca SE, Peng J. Quantum-inspired blockchain-based cybersecurity: Securing smart edge utilities in IoT-based smart cities. Information Processing & Management. 2021;58(4):102549. DOI: 10.1016/j.ipm.2021.102549
Written By
Menachem Domb and Yehuda Shnaps
Submitted: 23 February 2024Reviewed: 28 March 2024Published: 03 May 2024
Open access peer-reviewed chapter - ONLINE FIRST
