Elsevier

Digital Investigation

Volume 22, September 2017, Pages 3-13
Digital Investigation

Future challenges for smart cities: Cyber-security and digital forensics

https://doi.org/10.1016/j.diin.2017.06.015Get rights and content

Abstract

Smart cities are comprised of diverse and interconnected components constantly exchanging data and facilitating improved living for a nation's population. Our view of a typical smart city consists of four key components, namely, Smart Grids, Building Automation Systems (BAS), Unmanned Aerial Vehicles (UAVs), Smart Vehicles; with enabling Internet of Things (IoT) sensors and the Cloud platform. The adversarial threats and criminal misuses in a smart city are increasingly heterogenous and significant, with provisioning of resilient and end-to-end security being a daunting task. When a cyber incident involving critical components of the smart city infrastructure occurs, appropriate measures can be taken to identify and enumerate concrete evidence to facilitate the forensic investigation process. Forensic preparedness and lessons learned from past forensic analysis can help protect the smart city against future incidents. This paper presents a holistic view of the security landscape of a smart city, identifying security threats and providing deep insight into digital investigation in the context of the smart city.

Introduction

More than 50% of the world's population today reside in urban areas and this percentage is expected to increase because of population migration to these regions in the quest for better jobs and education (Khatoun and Zeadally, 2016). The concept of the smart city represents the first major impetus for change in metropolissized urban planning since Victor Gruen re-envisioned the urban landscape in America in the 1950s. As a consequence, smart cities have recently gained attention; comprising a collection of entities deployed and maintained in a city to facilitate convenient and improved living for a nation's population. Various initiatives worldwide have facilitated the emergence of smart cities that address the needs of businesses, institutions, and citizens, through targeted and efficient delivery of service. The smart city promise of provisioning a connected environment for all its citizens is realized through intelligent and sustainable enabling technologies and platforms including the Internet of Things (IoT) and the Cloud.

Smart city services can extend into many diverse domains including the environment, transportation, health, tourism, home energy management and safety and security (Byun et al., 2014, Kantarci and Mouftah, 2014, Lopes et al., 2015). The U.S. National Institute of Standards and Technology (NIST) smart city model is one of the most widely adopted reference models (Khatoun and Zeadally, 2016). It comprises six categories, namely, smart environment, smart mobility, smart economy, smart governance, smart people and smart living; with IoT as the enabling technology. We base our study on four components of the above categories:

  • Smart Grids (Smart Environments)

  • Building Automation Systems (Smart Living)

  • Unmanned Aerial Vehicles (Smart Mobility)

  • Smart Vehicles (Smart Mobility)

The smart city will include several types of IoT sensors including those required for smart parking, structural health awareness, urban noise mapping in real-time, traffic level monitoring and route optimization and smart street lighting. The enabling technology for the above smart city components is the IoT whilst the enabling platform for centralized data storage and rendering is the Cloud.

Smart cities are exposed to a diverse set of cyber security threats and criminal misuses. In this environment, a single smart city vulnerability, when exploited by an individual or organized group, may put the entire city at risk (Khatoun and Zeadally, 2016). This complex environment also presents a significant challenge for digital forensic investigations, which will invariably rely upon the data generated by the smart city components. To envision a secure smart city cyber security platform with access to reliable forensic evidence, due diligence for data transfer and storage in the Cloud is mandatory. Such forensic preparedness can provide help to develop more effective ways to detect and prevent problems before they cause widespread harm (Sachowski, 2016, Casey, 2009).

In addition, if a cyber-attack transpires against critical components of a connected smart city ICT infrastructure, as illustrated in Fig. 1, a standard scientifically proven method must be applied for acquisition and subsequent analysis of the data, as part of the forensic investigation.

In this paper, we present a comprehensive analysis of the vulnerabilities and the associated threat landscape for each of the four identified components of a smart city, namely, Smart grids, Building Automation Systems (BAS), Unmanned Aerial Vehicles (UAVs), Smart Vehicles; with enabling IoT sensor technology and the Cloud. Following this, we present a detailed analysis of challenges associated with forensic investigations of smart city data.

Section snippets

Smart grids

Smart grid technology is changing the way traditional power grids operate (Fig. 2) by reducing energy demands, global warming and consequently, utility costs. Consumers are required to share information about their energy consumption with their utility providers, over communication channels using smart meters. The interconnection of multiple smart meters and computerized infrastructure of the grid makes them vulnerable to several network based attacks (McDaniel and McLaughlin, 2009).

Data from

Digital forensic challenges and value for smart cities

In the previous section, we have highlighted the security threats against the smart city components, and the value of forensic preparedness to protect the smart city. In this section, an analysis of the challenges faced when conducting digital forensic investigations in the smart city domain is presented. In addition, the importance of digital forensic investigation in the smart city is discussed.

Due to the interconnected and heterogenous nature of smart cities, situations arise where all the

Case study: reckless driver in a smart city

An illicit driver enters a smart city attempting to subvert all policing controls in place for traffic regulation. The driven vehicle enters the city and increases speed past the stipulated limit, threatening other motorists and commuters alike. Two scenarios can be identified here. In the first case, the vehicle may not be a smart vehicle and so would be detected by road-side IoT sensors as violating the speed limits stipulated by the city council. In such a case, an incident response team

Conclusion

Challenges associated with acquisition and storage of smart city data emerging from its individual components i.e., Smart grids, Building Automation Systems, Unmanned Aerial Vehicles and Smart Vehicles; and enabling IoT Sensors, Cloud platform, remain largely unaddressed. Through this article we have provided a thorough insight into the smart city threat landscape for each of its four components and as well as for the enabling technologies/platforms. A detailed assessment of the type and source

References (64)

  • R. Baldwin

    Audi's New Traffic-light Countdown Is the First Step to Smarter Cities

    (2016)
  • A. Behl

    Emerging security challenges in cloud computing: an insight to cloud security challenges and their mitigation

  • S. Bera et al.

    Cloud computing applications for smart grid: a survey

    IEEE Trans. Parallel Distr. Syst.

    (2015)
  • J.-Y. Byun et al.

    Internet of things for smart crime detection

    Contemp. Eng. Sci.

    (2014)
  • B. Canis et al.

    “Black Boxes” in Passenger Vehicles: Policy Issues

    (July 2014)
  • E. Casey

    Handbook of Digital Forensics and Investigation

    (2009)
  • E. Casey et al.

    The impact of full disk encryption on digital forensics

    ACM SIGOPS Oper. Syst. Rev.

    (2008)
  • Cisco

    Iot Threat Environment

    (2015)
  • B. Cusack et al.

    Up-dating Investigation Models for Smart Phone Procedures

  • Cyber security and Resilience of Smart Cars: Good practices and recommendations

    (Dec 2017)
  • S. Gambs et al.

    Show me how you move and i will tell you who you are

  • W. Granzer et al.

    Security in building automation systems

    Ind. Electron. IEEE Trans.

    (2010)
  • A. Greenberg

    The Jeep Hackers are Back to Prove Car Hacking Can Get Much Worse

    (January 2016)
  • D.G. Holmberg

    Bacnet Wide Area Network Security Threat Assessment

    (2003)
  • J. Jin et al.

    An information framework for creating a smart city through internet of things

    IEEE Internet Things J.

    (2014)
  • M.N. Johnstone et al.

    Timing attack detection on bacnet via a machine learning approach

  • P. Jokar et al.

    A survey on security issues in smart grids

    Secur. Commun. Netw.

    (2016)
  • B. Kantarci et al.

    Trustworthy sensing for public safety in cloud-centric internet of things

    IEEE Internet Things J.

    (2014)
  • W. Kastner et al.

    Communication systems for building automation and control

    Proc. IEEE

    (2005)
  • T. Kechadi et al.

    The state of the art forensic techniques in mobile cloud environment: a survey, challenges and current trends

    Int. J. Digit. Crime Forensics

    (2015)
  • M.A. Khan et al.

    Scalable and secure network storage in cloud computing

    Int. J. Comput. Sci. Inf. Secur.

    (2016)
  • R. Khatoun et al.

    Smart cities: concepts, architectures, research opportunities

    Commun. ACM

    (2016)
  • Cited by (0)

    View full text