The Internet of Things (IoT) will encompass a massive number of devices that must reliably transmit a diverse set of messages observed from their environment . The IoT will have applications in multiple areas including health care , smart grids , drones and industrial monitoring . However, an effective deployment of these diverse IoT services near real-time, reliable, secure, and low complexity message transmission from the IoT devices.
Most IoT architectures consist of four layers: perceptual, network, support, and application layer. The perceptual layer is the most fundamental layer which collects all kind of information from the physical world using RFID, GPS, accelerometer, and gyroscope data. The other three layers are centered around communication and computation of IoT signals as well as personalized services for end users. Due to simplicity of the devices and components at the perceptual layer, their resource-constrained nature, and their low computational and storage capabilities, securing the IoT signals at this layer is notoriously challenging.
Recently, a number of security solutions have been proposed for IoT signal protection [7, 8, 9, 10]. The work in  investigated physical layer security techniques in IoT scenario and presented some methods that are suitable for protecting IoT applications. These physical layer security methods include optimal sensor censoring, channel-based bit flipping, probabilistic ciphering of quantized IoT signals, and artificial noise signal transmission. In , the author suggested bridging the security gap in IoT devices by applying information theory and cryptography at the physical layer of the IoT. An authentication protocol for the IoT is presented in , using lightweight encryption method in order to cope with constrained IoT devices. Moreover, in , authors developed a learning mechanisms for fingerprinting and authenticating IoT devices and their environment.
To provide further security to IoT-like cyber-physical systems (CPSs), the idea of watermarking has been studied in [11, 12, 13, 14]. In , a method was proposed to watermark a predefined signal unto a CPS input signal that enables detection of replay attacks in which an adversary repeats a sequence of past measurements. A dynamic watermarking algorithm was proposed in  for integrity attack detection in networked CPSs. In , the authors introduced a security scheme that ensures detection of attacks that add a nonzero-average-power signal to sensor measurements using a non-stationary watermarking technique. Finally, the authors in  analyzed the optimality of Gaussian watermarked signals against cyber attacks in linear time-variant IoT-like systems.
However, the solutions of [7, 8, 9, 10] remain highly complex for deployment at the IoT perceptual layer, and require high computational power. Moreover, these methods do not take into account complex attacks such as eavesdropping in which the attacker collects data for a long time duration and uses it for designing undetectable attacks. Furthermore, the watermarking algorithms introduced in [11, 12, 13, 14], can be detrimental to the performance of the CPS since the augmented watermark is applied in parallel to the control signal of the system. This can, in turn, cause non-optimality in the performance of the system. In addition, the input signals to a CPS, in most cases, are physical signals such as a sensor or the mechanical power input to a generator, and therefore, are not applicable to IoT devices since altering the physical input to an IoT device such as thermometer requires changing the IoT devices’ environment.
The main contribution of this paper is a deep learning framework for dynamic watermarking of IoT signals. This framework enables the IoT’s cloud to authenticate the reliability of signals and detect existence of a cyber attacker who seeks to degrade the performance of the IoT by changing the devices’ output signal. The proposed deep learning algorithm uses long short-term memory (LSTM) 
blocks to extract stochastic features such as spectral flatness, skewness, kurtosis, and central moments from IoT signal and watermarks these features inside the original signal. This dynamic feature extraction allows the cloud to detect sophisticated eavesdropping attacks, since the attacker will not be able to extract the watermarked information. Moreover, the proposed LSTM reduces complexity and latency of the attack detection compared to other security methods such as encryption. This allows LSTM to effectively complement the cryptographic and security solutions of an IoT. Simulation results show that, using the proposed approach and for undersecond latency, the IoT signals can be reliably transmitted from IoT devices to the cloud.
Ii Signal Authentication and Attack Detection Using Watermarking
Consider an IoT device (IoTD) which generates a signal at time step with sampling frequency
, and transmits this signal to a cloud, that uses the received signal is used for estimation and control of the IoTD operation. In this system, we consider an adversary who seeks to compromise the IoTD or the communication link between the IoTD and cloud, and, then, manipulates the transmitted signal. In this case, the transmitted signal will bewhich will cause an estimation error at the cloud. Therefore, the cloud must implement an attack detection mechanism to differentiate between the honest and false signal received from an IoTD. Here, we propose a watermarking scheme for effective IoTD signal authentication and attack detection.
Ii-a Spread Spectrum Watermarking
Watermarking uses a hidden, predefined non-perceptual code (bit stream) inside a multimedia signal to authenticate the ownership of such signals. One of the widely used watermarking methods is spread spectrum (SS)  in which a key pseudo-noise sequence is added to the original signal. The watermarked signal can then be written as follows:
where is the watermarked signal, is a pseudo-noise binary sequence of and , is the relative power of the pseudo-noise signal to the original signal, is the hidden bit in the signal which can take values and , and is the number of samples (frame length) of the original signal used to hide a single bit. To extract the watermarked bit, the cloud receives the watermarked signal and correlates it with the key pseudo-noise sequence. The extraction process will be:
where, for the extracted bit is and for the extracted bit is and is the inner production of samples of and . and are independent stochastic variables at time and we consider having mean
and variance. Next, we analyze the bit error rate of the extracted bit.
In the proposed SS watermarking scheme the bit extraction error is .
For , we can write:
where , , , and . Since (3) can be expressed as sum of i.i.d variables for large values of and
, then, using the central limit theorem, we can write (3
) as linear combination of two Gaussian distributions aswhere
Since is a linear combination of two independent Gaussian distributions, then we have:
Now, we can show that is a Gaussian variable since it is a summation of a constant value with a Gaussian variables:
Then, to analyze the probability of error we consider. In this case an error occurs when , therefore, the probability of an error is:
The same error probability can be obtained for . ∎
From (7) we can observe that for large values of and , the bit extraction error goes to zero. However, selecting large values for and will cause some latency and computational challenges for IoT devices which will be discussed later.
Ii-B Static Watermarking for Attack Detection in IoTD
Now, using the SS method we present a technique for authentication of the signals transmitted from an IoTD to the cloud. We first generate a random pseudo-noise binary sequence with samples. Also, for every IoTD, we define a bit stream with samples. Then using (1), we embed every bit of in samples of . Therefore, for any bit stream , we use samples of , and this embedding procedure will repeat every samples of . At the cloud, using (2), we extract the bit stream. In case of a cyber attack, the received signal in the cloud will be rather than , and, hence, the extracted bit stream will differ from . Thus, the cloud will trigger an alarm for declaring the existence of a cyber attack. Fig. 1 shows the block diagram of static watermarking for attack detection in an IoTD.
In our proposed watermarking scheme, , , and play crucial roles in the security of a given IoTD. The value of must be very smaller than the value of . The reason is that, for comparable values of , an attacker can extract the key and bit stream , since if . Therefore, we must choose small values for . However, from Theorem 1, we know that, for small values of , we will have higher bit error rate. To overcome this issue, we have to increase the length of the pseudo-noise key, . Although increasing the value of will reduce the bit error rate, for large values of , the bit extraction procedure in (2) will result in higher computation load and will also cause higher latency since the cloud must wait for samples from the IoTD to detect the attack. Moreover, large values of will also cause larger delay in the cloud. Therefore, next, we propose a method to choose suitable values for these three parameters. must be chosen such that the attacker cannot use instead of to extract the embedded bit. Therefore, we have to adjust to cause a high bit error rate during the extraction of the hidden bit using the sequence. Thus, for two different watermarked signals and with equal embedded bit , we have:
where , , and
are Gaussian random variables with distributions, , , respectively (the proof is analogous to Theorem 1). and are the mean and variance of the multiplication of random variables and . Then, we can write as follows:
where . Therefore, the bit error rate incurred during the extraction of will be:
Since we want to have a high bit error rate for the attacker, we can write:
where is our desired probability of unsuccessful attack. Moreover we want to have a small extraction error for cloud as in (7). Thus, we have:
where is our desired bit extraction error probability. Therefore, from (11) and (12) we can derive the values for and which satisfy the security and performance requirement of the proposed watermarking scheme. Now, to analyze the attack detection delay, if we consider as the acceptable delay in seconds for attack detection, we can find the value of :
Using (11), (12), and (13) we can find the values for the three parameters which satisfy our performance and delay constraints. The proposed SS watermarking method can detect the cyber attacks which only have the ability to change the transmitted data from an IoTD to the cloud. By choosing optimal values for the three parameters of watermarking, the cloud can identify the reliability of the transmitted attack.
Now, consider a case in which an attacker can also collect data from the IoTDs. In this case, the attacher can launch more complex attacks by eavesdropping the legitimate transmitted data from the IoTD. For instance, if the attacker starts to record the transmitted data from the IoTD and sum the recorded data for a long time, it can potentially reveal the key . As an example, if the attacker collects the data for windows of size and adds this data together, it will end up having the following signal:
where is the signal received in window from an IoTD, and is the summation of collected data. If we consider as the variance of the sum of random variable then there will exists a value for where . Therefore, the attacker can use as the key for watermarked signal. The reason for the success of this eavesdropping attack is due to embedding a static bit stream in all the windows. However, if the bit stream changes dynamically in each window of samples then, the eavesdropping attack will not succeed anymore. In the following section, we propose a dynamic bit stream generation using a deep learning method.
Iii Deep Learning for Dynamic IoT Watermarking
To improve our security scheme, we propose a novel deep learning watermarking method for dynamically generating the bit stream which can thwart eavesdropping attacks. In our new dynamic watermarking scheme, we use the fingerprints of the signal generated by an IoTD to update the bit stream , dynamically. Signal fingerprints can be seen as unique identifiers of a signal that can be mapped to a bit stream. Signal processing methods such as spectral flatness, central moments, skewness, and kurtosis can be used for extraction of fingerprints from signals [17, 18, 19, 20]
. Here, we use a deep learning framework to extract these kind of stochastic features the IoTD signals. Deep learning has been successfully applied in a wide range of areas with significant performance improvement, including computer vision, natural language processing, and speech recognition. One of the widely-used deep learning methods for sequence classification is called LSTM  and . In the following, we explain how we use LSTM to extract the fingerprints from the IoTD signals.
Iii-a LSTM for Signal Fingerprinting in IoTD
To dynamically extract fingerprints from IoTD signals, we propose an LSTM algorithm that allows an IoTD to update the bit stream based on the sequence of generated data.
LSTMs are one of the deep recurrent neural networks (RNNs) that can store information for long periods of time and thus can learn long-term dependency of a given sequence. Essentially, LSTMs processes an input by adding new information into a memory, and using gates which control the extent to which new information should be memorized, old information should be forgotten, and current information should be used. Therefore, the output of LSTMs will be impacted by the network activation in previous time steps and thus LSTMs are suitable for our IoT application in which we want to extract fingerprints from signals which are dependent to previous time steps and LSTMs are a sequence to sequence mapping.
During the training phase, the parameters of the algorithm are learned from a given training dataset of different IoTD such as accelerometer, gyroscope and positioning devices. As in [17, 18, 19, 20] we choose spectral flatness, mean, variance, skewness, and kurtosis as features that are extracted from a signal with length and then map these values to a bit stream with length . Next, we watermark this extracted bit stream into the original signal using a key. To train the LSTM, we use the original signal and pseudo noise key as input stream and the watermarked signal as output stream. Fig. 2 shows the training phase using a block diagram model. Next, we illustrate how we use the trained LSTM to dynamically watermark an IoT signal.
Iii-B LSTM for Dynamic IoTD Watermarking
At the cloud, we use an LSTM for bit extraction. To train this LSTM, we use the watermarked signal and key as inputs to the neural network and the features of the original signal and extracted bit stream as outputs. The block diagram model for training phase of LSTM in the cloud is shown in Fig. 3. Using the LSTM block of Fig. 2 at the IoTD and the LSTM block of Fig. 3 at the cloud, we propose a dynamic LSTM watermarking scheme to implement an attack detector at the cloud.
In this method, a predefined bit stream is not used since a bit stream is dynamically generated inside the LSTM blocks at the IoTD and the cloud. This dynamic bit stream generation at the hidden layers of LSTMs solves the eavesdropping attack problem, since recording and summing the IoTD signals will not increase the power of the key sequence and the attacker will not be able to extract the key and bit stream. Using this method, the IoTD inserts the generated signal and key in its LSTM block in each window of samples and produces a watermarked signal with different bit stream in each window. At the cloud, the received watermarked signal and key are passed from the LSTM. Then, the two outputs (the extracted bits, and extracted features) are compared. In the case of dissimilarity of two sequences, the attack alarm is triggered. Fig. 4 shows the block diagram of dynamic LSTM watermarking for attack detection.
Iv Simulation Results and Analysis
For our simulations, we use a real dataset from an accelerometer with sampling frequency . In each simulation, we derive the optimal values for , , and using the method proposed in Section II such that they satisfy the reliability and delay constraints.
Fig. 5 shows the output of the LSTM trainer with and . It can be seen from Fig. 5 that the trained output of the LSTM, which is the dynamic watermarked signal, is very close to the training target . Moreover, Fig. 6 shows the performance of training, in which the training converges after 269 epochs
. Here, an epoch is a measure of the number of times all the training vectors are used once to update the weights of the neural network. The training error is 0.0055 which is calculated using mean squared error. Moreover, we tested the trained LSTM on another accelerometer data, and the testing error is close to 0.02 which is acceptable for our IoT application.
Fig. 7 illustrates the higher performance of LSTM compared to to static watermarking in bit extraction. From (7), we know that higher results in lower bit error. We can see from Fig. 7 that the extraction error rate for LSTM is approximately order of magnitude lower than the static watermarking when . This ratio gets better for higher , since we can observe that the error rate of LSTM is almost orders of magnitude lower than static watermarking when . This result allows designing attack detectors with lower delay, since we can choose lower for LSTM which results in smaller window size and reduces the detection delay.
To analyze the functionality of our proposed watermarking schemes in attack detection, we choose a static watermarking block with and . We also train our LSTM block with these features. Then, we implement two types of attack to the signal: a) a data injection attack in which the attacker starts to change the IoT device signal, and b) an eavesdropping attack, in which the attacker records the data from the IoT device, extracts the bit stream and implements an attack with the the same watermarking bit stream. In Fig. 8, the attack detectors compare the extracted bit stream with the actual hidden bit stream and the percentage of difference between these two is considered as a metric for attack detection. In other words, high difference between the two bit streams, an attack detection alarm is triggered. Fig. 8 shows that, for the first attack, both watermarking schemes can detect the attack. However, for eavesdropping, static watermarking cannot detect the existence of attack while the LSTM performs well. The reason is that in static watermarking the bit stream is the same for all the time windows, while in LSTM the watermarked bit stream dynamically changes for each time window.
Fig. 9 illustrates how an eavesdropping attack operates against the two watermarking schemes. We can see that, in static watermarking, the attacker records the signal and by summing the recorded data of each window, increases the ratio of pseudo-noise key power to the signal power and extracts the bit stream. However, since in LSTM, the bit stream dynamically changes in each window, the summation of the recorded data will not increase the ratio of the key power to the signal power. Therefore, the attacker will not be able to extract the bit stream and key from the recorded data. In addition, we can see from Fig. 8 that the delay of attack detection is seconds since the attacks starts at and the attack detector triggers the alarm at . The reason is that, for the window size of seconds, the cloud must wait for one time window to collect the data from the IoTD.
In this paper, we have proposed a novel deep learning method based on LSTM blocks for enabling attack detection of data injection and eavesdropping in IoT devices. We have introduced two watermarking schemes in which the IoT’s cloud, which collects the data from the IoT devices, can authenticate the reliability of received signals. We have shown that our proposed LSTM method is suitable for IoT security due to low complexity, small delay, and high accuracy in attack detection. Simulation results have shown that dynamic LSTM watermarking can also detect existence of complicated attacks such as eavesdropping in which the attacker collects data from the IoT devices and designs an undetectable attack.
-  Z. Dawy, W. Saad, A. Ghosh, J. G. Andrews, and E. Yaacoub, “Toward massive machine type cellular communications,” IEEE Wireless Communications, vol. 24, no. 1, pp. 120–128, February 2017.
-  S. M. R. Islam, D. Kwak, M. H. Kabir, M. Hossain, and K. S. Kwak, “The internet of things for health care: A comprehensive survey,” IEEE Access, vol. 3, pp. 678–708, 2015.
-  H. Farhangi, “The path of the smart grid,” IEEE Power and Energy Magazine, vol. 8, no. 1, pp. 18–28, January 2010.
-  M. Mozaffari, W. Saad, M. Bennis, and M. Debbah, “Unmanned aerial vehicle with underlaid device-to-device communications: Performance and tradeoffs,” IEEE Transactions on Wireless Communications, vol. 15, no. 6, pp. 3949–3963, June 2016.
-  L. D. Xu, W. He, and S. Li, “Internet of things in industries: A survey,” IEEE Transactions on Industrial Informatics, vol. 10, no. 4, pp. 2233–2243, Nov 2014.
-  H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the internet of things: A review,” in 2012 International Conference on Computer Science and Electronics Engineering, vol. 3, March 2012, pp. 648–651.
-  A. Mukherjee, “Physical-layer security in the internet of things: Sensing and communication confidentiality under resource constraints,” Proceedings of the IEEE, vol. 103, no. 10, pp. 1747–1761, Oct 2015.
-  W. Trappe, “The challenges facing physical layer security,” IEEE Communications Magazine, vol. 53, no. 6, pp. 16–20, June 2015.
-  J. Y. Lee, W. C. Lin, and Y. H. Huang, “A lightweight authentication protocol for internet of things,” in 2014 International Symposium on Next-Generation Electronics (ISNE), May 2014, pp. 1–2.
-  Y. Sharaf-Dabbagh and W. Saad, “On the authentication of devices in the internet of things,” in 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), June 2016, pp. 1–3.
-  Y. Mo, S. Weerakkody, and B. Sinopoli, “Physical authentication of control systems: Designing watermarked control inputs to detect counterfeit sensor outputs,” IEEE Control Systems, vol. 35, no. 1, pp. 93–109, Feb 2015.
-  B. Satchidanandan and P. R. Kumar, “Dynamic watermarking: Active defense of networked cyber-physical systems,” Proceedings of the IEEE, vol. 105, no. 2, pp. 219–240, Feb 2017.
-  P. Hespanhol, M. Porter, R. Vasudevan, and A. Aswani, “Dynamic watermarking for general LTI systems,” arXiv preprint arXiv:1703.07760, 2017.
-  M. Hosseini, T. Tanaka, and V. Gupta, “Designing optimal watermark signal for a stealthy attacker,” in 2016 European Control Conference (ECC), June 2016, pp. 2258–2262.
-  M. Chen, U. Challita, W. Saad, C. Yin, and M. Debbah, “Machine learning for wireless networks with artificial intelligence: A tutorial on neural networks,” arXiv preprint arXiv:1710.02913, 2017.
-  H. S. Malvar and D. A. F. Florencio, “Improved spread spectrum: a new modulation technique for robust watermarking,” IEEE Transactions on Signal Processing, vol. 51, no. 4, pp. 898–905, Apr 2003.
-  J. Haitsma and A. Kalker, “A highly robust audio fingerprinting system,” in Proc. of International Symposium on Music Information Retrieval (ISMIR), Paris, France, October 2002, pp. 107–115.
-  C. Bertoncini, K. Rudd, B. Nousain, and M. Hinders, “Wavelet fingerprinting of radio-frequency identification (rfid) tags,” IEEE Transactions on Industrial Electronics, vol. 59, no. 12, pp. 4843–4850, Dec 2012.
-  R. E. Learned and A. S. Willsky, “A wavelet packet approach to transient signal classification,” Applied and Computational Harmonic Analysis, vol. 2, no. 3, pp. 265 – 278, 1995.
-  J. B. Harley, Y. Ying, J. M. F. Moura, I. J. Oppenheim, L. Sobelman, and J. H. Garrett, “Application of mellin transform features for robust ultrasonic guided wave structural health monitoring,” AIP Conference Proceedings, vol. 1430, no. 1, pp. 1551–1558, 2012.
-  A. Graves, A. R. Mohamed, and G. Hinton, “Speech recognition with deep recurrent neural networks,” in 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, May 2013, pp. 6645–6649.