Threat Modeling for Enhancing Security of IoT Audio Classification Devices under a Secure Protocols Framework

• URL: http://arxiv.org/abs/2509.14657v2
• Date: Fri, 19 Sep 2025 09:59:54 GMT
• Title: Threat Modeling for Enhancing Security of IoT Audio Classification Devices under a Secure Protocols Framework
• Authors: Sergio Benlloch-Lopez, Miquel Viel-Vazquez, Javier Naranjo-Alcazar, Jordi Grau-Haro, Pedro Zuccarello,
• Abstract summary: We present a security protocol that treats the edge device, cellular network and cloud as three separate trust domains.<n>A STRIDE-driven threat model and attack-tree analysis guide the design.<n>Data in transit is protected by TLS 1.3 and hybridised with Kyber and Dilithium to provide post-quantum resilience.
• Score: 0.22369578015657954
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The rapid proliferation of IoT nodes equipped with microphones and capable of performing on-device audio classification exposes highly sensitive data while operating under tight resource constraints. To protect against this, we present a defence-in-depth architecture comprising a security protocol that treats the edge device, cellular network and cloud backend as three separate trust domains, linked by TPM-based remote attestation and mutually authenticated TLS 1.3. A STRIDE-driven threat model and attack-tree analysis guide the design. At startup, each boot stage is measured into TPM PCRs. The node can only decrypt its LUKS-sealed partitions after the cloud has verified a TPM quote and released a one-time unlock key. This ensures that rogue or tampered devices remain inert. Data in transit is protected by TLS 1.3 and hybridised with Kyber and Dilithium to provide post-quantum resilience. Meanwhile, end-to-end encryption and integrity hashes safeguard extracted audio features. Signed, rollback-protected AI models and tamper-responsive sensors harden firmware and hardware. Data at rest follows a 3-2-1 strategy comprising a solid-state drive sealed with LUKS, an offline cold archive encrypted with a hybrid post-quantum cipher and an encrypted cloud replica. Finally, we set out a plan for evaluating the physical and logical security of the proposed protocol.

Related papers

• Systems-Level Attack Surface of Edge Agent Deployments on IoT [5.081228499547384]
  We present an empirical security analysis of three architectures (cloud-hosted, edge-local, and hybrid)<n>We identify five systems-level attack surfaces, including two emergent failures observed during live testbed operation.<n>Results demonstrate that deployment architecture, not just model or prompt design, is a primary determinant of security risk in agent-controlled IoT systems.
  arXiv  Detail & Related papers  (2026-02-26T01:48:46Z)
• Solving the Post-Quantum Control Plane Bottleneck: Energy-Aware Cryptographic Scheduling in Open RAN [8.221622045367923]
  Post-Quantum Cryptography (PQC) is the primary scalable defence but introduces a significant bottleneck for the RAN control plane.<n>This paper proposes energy-aware framework to solve this PQC bottleneck, ensuring quantum resilience without sacrificing operational energy efficiency.
  arXiv  Detail & Related papers  (2026-02-12T10:58:54Z)
• Towards Quantum-Resistant Trusted Computing: Architectures for Post-Quantum Integrity Verification Techniques [0.0]
  The transition of firmware protection to Post-Quantum Cryptography (PQC) is urgent.<n>This paper offers an analysis of the most common trust techniques and their roadmap towards a Post-Quantum (PQ) world.
  arXiv  Detail & Related papers  (2026-01-16T08:52:09Z)
• Multi-Agent-Driven Cognitive Secure Communications in Satellite-Terrestrial Networks [58.70163955407538]
  Malicious eavesdroppers pose a serious threat to private information via satellite-terrestrial networks (STNs)<n>We propose a cognitive secure communication framework driven by multiple agents that coordinates spectrum scheduling and protection through real-time sensing.<n>We exploit generative adversarial networks to produce adversarial matrices, and employ learning-aided power control to set real and adversarial signal powers for protection layer.
  arXiv  Detail & Related papers  (2026-01-06T10:30:41Z)
• Byzantine-Robust Federated Learning Framework with Post-Quantum Secure Aggregation for Real-Time Threat Intelligence Sharing in Critical IoT Infrastructure [0.0]
  Traditional federated learning approaches for IoT security suffer from two critical vulnerabilities: susceptibility to Byzantine attacks and inadequacy against future quantum computing threats.<n>This paper presents a novel Byzantine-robust federated learning framework integrated with post-quantum secure aggregation.<n>The proposed framework combines a adaptive weighted aggregation mechanism with lattice-based cryptographic protocols to simultaneously defend against model poisoning attacks and quantum adversaries.
  arXiv  Detail & Related papers  (2026-01-03T03:13:46Z)
• Cryptanalysis of LC-MUME: A Lightweight Certificateless Multi-User Matchmaking Encryption for Mobile Devices [0.0]
  We show that a Type-I adversary can successfully forge a validtext cipher without possessing the complete private key of the sender.<n>We propose a strategy to strengthen the security of matchmaking encryption schemes in mobile computing environments.
  arXiv  Detail & Related papers  (2025-07-30T13:36:52Z)
• T2VShield: Model-Agnostic Jailbreak Defense for Text-to-Video Models [88.63040835652902]
  Text to video models are vulnerable to jailbreak attacks, where specially crafted prompts bypass safety mechanisms and lead to the generation of harmful or unsafe content.<n>We propose T2VShield, a comprehensive and model agnostic defense framework designed to protect text to video models from jailbreak threats.<n>Our method systematically analyzes the input, model, and output stages to identify the limitations of existing defenses.
  arXiv  Detail & Related papers  (2025-04-22T01:18:42Z)
• Privacy Enhanced QKD Networks: Zero Trust Relay Architecture based on Homomorphic Encryption [0.0]
  Quantum key distribution (QKD) enables unconditionally secure symmetric key exchange between parties.<n>Traditional solutions rely on trusted relay nodes, which perform intermediate re-encryption of keys using one-time pad (OTP) encryption.<n>We propose a zero-trust relay design that applies fully homomorphic encryption (FHE) to perform intermediate OTP re-encryption.
  arXiv  Detail & Related papers  (2025-03-21T10:20:06Z)
• A Comprehensive Framework for Building Highly Secure, Network-Connected Devices: Chip to App [1.4732811715354452]
  This paper proposes a holistic approach to securing network-connected devices.<n>At the hardware level, we focus on secure key management, reliable random number generation, and protecting critical assets.<n>For secure communication, we emphasize TLS 1.3 and optimized cipher suites tailored for both standard and resource-constrained devices.
  arXiv  Detail & Related papers  (2025-01-23T14:44:34Z)
• A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights [2.522402937703098]
  QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. This paper presents a detailed evaluation of the impact of cryptography on QUIC performance.
  arXiv  Detail & Related papers  (2024-05-15T11:27:28Z)
• Coding-Based Hybrid Post-Quantum Cryptosystem for Non-Uniform Information [53.85237314348328]
  We introduce for non-uniform messages a novel hybrid universal network coding cryptosystem (NU-HUNCC) We show that NU-HUNCC is information-theoretic individually secured against an eavesdropper with access to any subset of the links.
  arXiv  Detail & Related papers  (2024-02-13T12:12:39Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• SemProtector: A Unified Framework for Semantic Protection in Deep Learning-based Semantic Communication Systems [51.97204522852634]
  We present a unified framework that aims to secure an online semantic communications system with three semantic protection modules. Specifically, these protection modules are able to encrypt semantics to be transmitted by an encryption method, mitigate privacy risks from wireless channels by a perturbation mechanism, and calibrate distorted semantics at the destination. Our framework enables an existing online SC system to dynamically assemble the above three pluggable modules to meet customized semantic protection requirements.
  arXiv  Detail & Related papers  (2023-09-04T06:34:43Z)
• Quantum Encryption in Phase Space for Coherent Optical Communications [0.0]
  Quantum Encryption in Phase Space (QEPS) is a physical layer encryption method to secure data over the optical fiber. We study two preventative measures for different modulation formats which will prevent an eavesdropper from obtaining any data.
  arXiv  Detail & Related papers  (2023-01-15T15:08:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.