Future challenges for smart cities: Cyber-security and digital forensics
Introduction
More than 50% of the world's population today reside in urban areas and this percentage is expected to increase because of population migration to these regions in the quest for better jobs and education (Khatoun and Zeadally, 2016). The concept of the smart city represents the first major impetus for change in metropolissized urban planning since Victor Gruen re-envisioned the urban landscape in America in the 1950s. As a consequence, smart cities have recently gained attention; comprising a collection of entities deployed and maintained in a city to facilitate convenient and improved living for a nation's population. Various initiatives worldwide have facilitated the emergence of smart cities that address the needs of businesses, institutions, and citizens, through targeted and efficient delivery of service. The smart city promise of provisioning a connected environment for all its citizens is realized through intelligent and sustainable enabling technologies and platforms including the Internet of Things (IoT) and the Cloud.
Smart city services can extend into many diverse domains including the environment, transportation, health, tourism, home energy management and safety and security (Byun et al., 2014, Kantarci and Mouftah, 2014, Lopes et al., 2015). The U.S. National Institute of Standards and Technology (NIST) smart city model is one of the most widely adopted reference models (Khatoun and Zeadally, 2016). It comprises six categories, namely, smart environment, smart mobility, smart economy, smart governance, smart people and smart living; with IoT as the enabling technology. We base our study on four components of the above categories:
- •
Smart Grids (Smart Environments)
- •
Building Automation Systems (Smart Living)
- •
Unmanned Aerial Vehicles (Smart Mobility)
- •
Smart Vehicles (Smart Mobility)
The smart city will include several types of IoT sensors including those required for smart parking, structural health awareness, urban noise mapping in real-time, traffic level monitoring and route optimization and smart street lighting. The enabling technology for the above smart city components is the IoT whilst the enabling platform for centralized data storage and rendering is the Cloud.
Smart cities are exposed to a diverse set of cyber security threats and criminal misuses. In this environment, a single smart city vulnerability, when exploited by an individual or organized group, may put the entire city at risk (Khatoun and Zeadally, 2016). This complex environment also presents a significant challenge for digital forensic investigations, which will invariably rely upon the data generated by the smart city components. To envision a secure smart city cyber security platform with access to reliable forensic evidence, due diligence for data transfer and storage in the Cloud is mandatory. Such forensic preparedness can provide help to develop more effective ways to detect and prevent problems before they cause widespread harm (Sachowski, 2016, Casey, 2009).
In addition, if a cyber-attack transpires against critical components of a connected smart city ICT infrastructure, as illustrated in Fig. 1, a standard scientifically proven method must be applied for acquisition and subsequent analysis of the data, as part of the forensic investigation.
In this paper, we present a comprehensive analysis of the vulnerabilities and the associated threat landscape for each of the four identified components of a smart city, namely, Smart grids, Building Automation Systems (BAS), Unmanned Aerial Vehicles (UAVs), Smart Vehicles; with enabling IoT sensor technology and the Cloud. Following this, we present a detailed analysis of challenges associated with forensic investigations of smart city data.
Section snippets
Smart grids
Smart grid technology is changing the way traditional power grids operate (Fig. 2) by reducing energy demands, global warming and consequently, utility costs. Consumers are required to share information about their energy consumption with their utility providers, over communication channels using smart meters. The interconnection of multiple smart meters and computerized infrastructure of the grid makes them vulnerable to several network based attacks (McDaniel and McLaughlin, 2009).
Data from
Digital forensic challenges and value for smart cities
In the previous section, we have highlighted the security threats against the smart city components, and the value of forensic preparedness to protect the smart city. In this section, an analysis of the challenges faced when conducting digital forensic investigations in the smart city domain is presented. In addition, the importance of digital forensic investigation in the smart city is discussed.
Due to the interconnected and heterogenous nature of smart cities, situations arise where all the
Case study: reckless driver in a smart city
An illicit driver enters a smart city attempting to subvert all policing controls in place for traffic regulation. The driven vehicle enters the city and increases speed past the stipulated limit, threatening other motorists and commuters alike. Two scenarios can be identified here. In the first case, the vehicle may not be a smart vehicle and so would be detected by road-side IoT sensors as violating the speed limits stipulated by the city council. In such a case, an incident response team
Conclusion
Challenges associated with acquisition and storage of smart city data emerging from its individual components i.e., Smart grids, Building Automation Systems, Unmanned Aerial Vehicles and Smart Vehicles; and enabling IoT Sensors, Cloud platform, remain largely unaddressed. Through this article we have provided a thorough insight into the smart city threat landscape for each of its four components and as well as for the enabling technologies/platforms. A detailed assessment of the type and source
References (64)
- et al.
A survey on the critical issues in smart grid technologies
Renew. Sustain. Energy Rev.
(2016) - et al.
Electricity theft: overview, issues, prevention and a smart meter based approach to control theft
Energy Policy
(2011) - et al.
Cyber-security for the controller area network (can) communication protocol
- et al.
Data protection in a big data society. Ideas for a future regulation
Digit. Investig.
(2015) - et al.
Impacts of increasing volume of digital forensic data: a survey and future research challenges
Digit. Investig.
(2014) - et al.
Forensic analysis of cloud-native artifacts
Digit. Investig.
(2016) - et al.
Security challenges in building automation and scada
- et al.
Security threats and countermeasures in cloud computing
Int. J. Appl. Innovat. Eng. Manag. (IJAIEM)
(2012) Automotive Security Best Practices: Recommendations for Security and Privacy in the Era of the Next-generation Car
(2016)Securing the internet of things infrastructure standards and techniques