Call for Paper - complete

Content of this page

Topic

There is a trend to move more and more information processing towards the edges of information systems, close to the data sources and sinks, and to the end-users [31]. In 2018, Gartner evaluated that 10% of “enterprise-generated data is created and processed outside a traditional centralized data center or cloud” [55], and predicted in 2021 that this number would increase to 50% in 2025 [63] (which it originally predicted at 75% in its 2018 report [55]) while the number of IoT devices will triple [63] or quadruple [23] between 2020 and 2030 reaching “more than 15 billion IoT devices [that] will connect to the enterprise infrastructure by 2029” [23] (IoT analytics even forecasts 27 billions connected IoT devices by 2025 [38]). There are varying reasons for this trend, among which: improving latency, relieving the network bandwidth from part of the huge amount of data generated, and bringing some autonomy to the end-users interacting at the periphery of the information system. This trend exists in the civil world, and in particular in industry with the specific concept of Industrial IoT (IIoT) [86] [81] [52] [80], but also in the military one with the concepts of the Internet of Battle Things (IoBT) [49] [78] [2] or Internet of Military Things (IoMT) [87] [18], which aim in part to increase local information exploitation [73] [57] [58]. To develop those concepts in the military domain, among other initiatives, the Internet of Battlefield Things Collaborative Research Alliance (IoBT-CRA) [70] [1] [89] was established in 2017 for a 10 years period.

In this call, devices handling those peripheral computations are called Smart Peripheral Devices (SPDs). Those SPDs are quiet different from, and have more variability, than devices found in the “core” of information systems (servers, desktops and laptops). They range: from somewhat expensive and powerful devices, such as smartphones or communication equipment of military vehicles [58]; to low cost low power devices, such as disposable wearable devices or disposable vessels [54] [25]; through Internet of Things (IoT) devices [88], and some lightweight Edge Computing devices [85]. While quite different, SPDs share some characteristics: they reside at the periphery of the system and are more susceptible to loss and theft; they have to comply with specific constraints limiting the resources they can use; they run on specific hardware usually not found in “core” devices; they use connection technologies not found in the core of the system to communicate with the core and between themselves; they handle some information processing directly, independently from the core of the system; they have to allow for “temporary” disconnections from the core, while still being able to function properly; and they are not continuously visible and monitored by the core of the information system.

Those specifics raise some concerns over their resilience to cybersecurity attacks [20] [21] [61] [8] [77] [9] [37] [50] [26] [53] [5] [79], and even the faithfulness of their supply chain [72]. As stated by Verizon for IoT [83], but applying to all SPD, “an [SPD] can be an attack vector (a weak point that can be exploited to mount an attack), a vehicle for attacks (like a part of a botnet used to carry out a distributed denial-of-service (DDoS) attack) or a target in its own right”. For example, the Mirai botnet [4] infected many IoT devices and has been used to attack many other systems. Mobiles are also an interesting target for attackers [74] [90] [14] [67]. Over a one year period, half of companies recently surveyed by Verizon suffered a compromise involving a mobile device [83]; for half of the companies concerned, applications were involved (in 2021, the percentage of organizations experiencing the installation of a malware on a remote device doubled [43]); and half of SMBs that suffered a mobile-related hack said that it had a major impact. Attackers do design applications and phishing campaigns specifically for mobiles [83], and if they do its because there is a benefit in doing so. As a consequence, more than 8 companies out of 10 have a specific budget for mobile security [83]. Last year C&ESAR addressed the concept of Zero Trust, among others. From the point of view of the security of the core of the information system, an SPD can be disconnected if the core has lost trust in it. However, the features carried by this SPD will also be lost. It is therefore important to be able to secure those SPDs.

However, cybersecurity technologies and methodologies applied to the core of information systems are not necessarily directly applicable to SPDs. Adapting standard Endpoint Detection and Response (EDR) solutions to the vast variety of SPD and integrating them to the core IT system SIEM is not a simple task. The specific technologies used for SPDs may contain weaknesses and vulnerabilities different from those of core system technologies [84] [76]. Ensuring the cybersecurity of SPDs may also require specific methodologies [51].

For example, SPDs use specific technologies in their processing stack (hardware and software). Among the various hardware used, they rely more commonly on ARM platforms and technologies. Those hardwares and deployment environment have specific characteristics impacting their cybersecurity [6] [75]. Among the various hardware support for securing SPDs [39], we can cite Secure Elements (SE) [11] or Tusted Execution Element (TEE). SPDs also use specific operating systems, such as Android and iOS for smartphones [91] [35]. And, for some of them, they allow end-users (hopefully the device administrator) to pull computing payloads from application stores populated by softwares coming from various, sometimes obscure, sources. The low confidence in the cybersecurity level of those application stores has pushed some institutions such as Google to launch initiatives to improve the state of affairs [36] or to launch projects aiming at standardizing the cybersecurity requirements for those applications [62] [42]. This state of affairs with regard to the low cybersecurity level of mobile applications pushes for much need improvements [16].

SPDs also use different technologies to connect to the core of the information system and to connect between themselves. One promising technology is the 5G one [46] [7] [44] [38] [40], and 6G in the future [24] [3]. However, this technology, as well as the others, have raised cybersecurity concerns among researchers [10], institutions [22] [28] [27] [60] [59] [32] [65] [69] and industry [66] [41]. For example, even the specification of Bluetooth contains vulnerabilities [19] [13] [12]. The deployment environment and ability of SPDs to create device-to-device connections result in networks, such as ad hoc or mesh ones, having different shapes and behaving differently than core information system networks, and having specific cybersecurity concerns.

To secure communications in those networks, SPDs can rely on cryptography. However, the low level of infrastructure support some of them receive and low computation power some of them have may require some specific cryptographic solutions, such as lightweight cryptography [34] or specific key agreement protocols [56].

Another challenge that comes with SPDs is their deployment “far away” from the core of the information system, and with an intermittent connection to it. This setting prevents the implementation of security policies centered around the core of the information system. SPDs require sepcific security policies that require specific means for deployment, management and enforcement. Those means need to be secured in their own right in order to prevent attackers from exploiting them to take control of the managed SPDs.

Finally, the peripheral deployment of SPDs, their proximity to information sources, and their common reliance on information collection imply concerns over privacy and data protection issues [33] [45] [48] [47]. As a consequence, policymakers have published specific and generic laws and regulations that apply to SPDs [64] [82] [68] [15] [17] [71] [29] [30].

References

[1] T. Abdelzaher, “Alliance for IoBT Research on Evolving Intelligent Goal-driven Networks (IoBT REIGN),” University of Illinois at Urbana-Champaign, Website, 2022. [Online]. Available: https://iobt.illinois.edu/.

[2] T. Abdelzaher et al., “Toward an Internet of Battlefield Things: A Resilience Perspective,” Computer, vol. 51, no. 11, pp. 24–36, Nov. 2018, doi: 10.1109/MC.2018.2876048.

[3] C. D. Alwis et al., “Survey on 6G Frontiers: Trends, Applications, Requirements, Technologies and Future Research,” IEEE Open Journal of the Communications Society, vol. 2, pp. 836–886, 2021, doi: 10.1109/OJCOMS.2021.3071496.

[4] M. Antonakakis et al., “Understanding the Mirai Botnet,” in Proc. USENIX security symposium, 2017, pp. 1093–1110, [Online]. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis.

[5] M. Aqeel, F. Ali, M. waseem Iqbal, T. Rana, M. Arif, and M. Auwul, “A Review of Security and Privacy Concerns in the Internet of Things (IoT),” Journal of Sensors, vol. 2022, pp. 1–20, Sep. 2022, doi: 10.1155/2022/5724168.

[6] Arrow, “Hardware Security for IoT Devices and Types of Hardware Security Attacks,” Arrow, Technical article, 2020. [Online]. Available: https://www.arrow.com/en/research-and-events/articles/understanding-the-importance-of-hardware-security.

[7] H. Attar et al., “5G System Overview for Ongoing Smart Applications: Structure, Requirements, and Specifications,” Computational Intelligence and Neuroscience, pp. 1–11, Oct. 2022, doi: 10.1155/2022/2476841.

[8] H. Awan, “Mobile Security Threats Prediction for 2023,” efani, 2022. [Online]. Available: https://www.efani.com/blog/mobile-threats-prediction-2023.

[9] P. S. Bangare and K. P. Patil, “Security Issues and Challenges in Internet of Things (IOT) System,” in Proc. Advance Computing and Innovative Technologies in Engineering (ICACITE), 2022, pp. 91–94, doi: 10.1109/ICACITE53722.2022.9823709.

[10] D. Basin, J. Dreier, L. Hirschi, S. Radomirovic, R. Sasse, and V. Stettler, “A Formal Analysis of 5G Authentication,” in Proc. Computer and Communications Security (CCS), 2018, pp. 1383–1396, doi: 10.1145/3243734.3243846.

[11] E. Bernard-Moulin, “Protect your IoT device with hardware-based Secure Elements,” IC’ALPS, Blog post, 2021. [Online]. Available: https://www.icalps.com/news/blog_post/embedded-security-iot/.

[12] Bluetooth SIG, Inc., “Bluetooth SIG Statement Regarding the ‘Pairing Mode Confusion in BLE Passkey Entry’ Vulnerability,” Bluetooth SIG, Inc., Dec. 2022. [Online]. Available: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-ble-passkey/.

[13] Bluetooth SIG, Inc., “Bluetooth SIG Statement Regarding the ‘Pairing Mode Confusion in BR/EDR’ Vulnerability,” Bluetooth SIG, Inc., Dec. 2022. [Online]. Available: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-br-edr/.

[14] C. Brown et al., “Assessing Threats to Mobile Devices & Infrastructure: The Mobile Threat Catalogue,” National Institute of Standards; Technology (NIST), NIST Interagency Report 8144, Sep. 2016. Draft.

[15] I. Brown, Regulation and the Internet of Things. Oxford Internet Institute, 2015.

[16] Build38, “Mobile application security trends for 2023,” Build38, Blog post, 2022. [Online]. Available: https://build38.com/trends-app-protection-2023/.

[17] California Senate, “California Senate Bill No. 327,” California Senate, Sep. 2018. Référence 209 dans la page wikipedia sur IoT.

[18] L. Cameron, “Internet of Things Meets the Military and Battlefield: Connecting Gear and Biometric Wearables for an IoMT and IoBT,” IEEE Computer Society, 2018.

[19] CERT-FR, “Multiples vulnérabilités dans Bluetooth Core Specification,” ANSSI, Avis du CERT-FR CERTFR-2022-AVI-1107, Dec. 2022. [Online]. Available: https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-1107/.

[20] Check Point, “Mobile Security Report 2021,” Check Point Software Technologies Ltd., Apr. 2021. [Online]. Available: https://resources.checkpoint.com/cyber-security-resources/mobile-security-report-2021.

[21] Check Point, “Mobile Security Trends in 2022,” Check Point Software Technologies Ltd., Blog Post, 2022. [Online]. Available: https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-mobile-security/mobile-security-trends-in-2022/.

[22] CISA, “5G Security and Resilience,” Cybersecurity; Infrastructure Security Agency (CISA), Website, 2023. [Online]. Available: https://www.cisa.gov/5g.

[23] K. Costello, “Gartner Predicts the Future of Cloud and Edge Infrastructure,” Gartner, Inc., Article, 2021. [Online]. Available: https://www.gartner.com/smarterwithgartner/gartner-predicts-the-future-of-cloud-and-edge-infrastructure.

[24] S. Dang, O. Amin, B. Shihada, and M.-S. Alouini, “What should 6G be?Nature Electronics, vol. 3, no. 1, pp. 20–29, Jan. 2020.

[25] DARPA Staff, “Ocean of Things Aims to Expand Maritime Awareness across Open Seas,” DARPA, Dec. 2017. [Online]. Available: https://www.darpa.mil/news-events/2017-12-06.

[26] P. Delgado-Santos, G. Stragapede, R. Tolosana, R. Guest, F. Deravi, and R. Vera-Rodriguez, “A Survey of Privacy Vulnerabilities of Mobile Device Sensors,” ACM Computing Surveys, vol. 54, no. 11s, pp. 1–30, Jan. 2022, doi: 10.1145/3510579.

[27] Enduring Security Framework (ESF) working group, “ESF Potential Threats to 5G Network Slicing,” National Security Agency (NSA), the Cybersecurity; Infrastructure Security Agency (CISA),; the Office of the Director of National Intelligence (ODNI), Guidance, Dec. 2022. [Online]. Available: https://www.cisa.gov/5g-library.

[28] Enduring Security Framework (ESF) working group, “Potential Threat Vectors to 5G Infrastructure,” National Security Agency (NSA), the Cybersecurity; Infrastructure Security Agency (CISA),; the Office of the Director of National Intelligence (ODNI), Apr. 2021. [Online]. Available: https://www.cisa.gov/5g-library.

[29] ETSI, “Cyber Security for Consumer Internet of Things: Baseline Requirements,” ETSI, European Standard EN 303 645, Jun. 2020. Version 2.1.1. [Online]. Available: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf.

[30] ETSI, “Guide to Cyber Security for Consumer Internet of Things,” ETSI, Technical Report 103 621, Sep. 2022. Version 1.2.1. [Online]. Available: https://www.etsi.org/deliver/etsi_tr/103600_103699/103621/01.02.01_60/tr_103621v010201p.pdf.

[31] European Commission, “Europe’s Internet of Things Policy,” European Commission, Webpage, 2022. [Online]. Available: https://digital-strategy.ec.europa.eu/en/policies/internet-things-policy.

[32] European Commission, “Member States publish a report on EU coordinated risk assessment of 5G networks security,” European Union (EU), Press release, 2019. [Online]. Available: https://ec.europa.eu/commission/presscorner/detail/en/IP_19_6049.

[33] FTC Staff, “FTC Report on Internet of Things Urges Companies to Adopt Best Practices to Address Consumer Privacy and Security Risks,” Federal Trade Commission (FTC), Press Release, Jan. 2015. [Online]. Available: https://www.ftc.gov/news-events/news/press-releases/2015/01/ftc-report-internet-things-urges-companies-adopt-best-practices-address-consumer-privacy-security.

[34] S. Ganiev and Z. Khudoykulov, “Lightweight Cryptography Algorithms for IoT Devices: Open issues and challenges,” in Proc. Information Science and Communications Technologies (ICISCT), 2021, pp. 01–04, doi: 10.1109/ICISCT52966.2021.9670281.

[35] S. Garg and N. Baliyan, “Comparative analysis of Android and iOS from security viewpoint,” Computer Science Review, vol. 40, p. 100372, 2021, doi: 10.1016/j.cosrev.2021.100372.

[36] Google, “App Defense Alliance.” 2023, [Online]. Available: https://appdefensealliance.dev.

[37] Y. Harbi, Z. Aliouat, S. Harous, A. Bentaleb, and A. Refoufi, “A Review of Security in Internet of Things,” Wireless Personal Communications, vol. 108, no. 1, pp. 325–344, Sep. 2019, doi: 10.1007/s11277-019-06405-y.

[38] M. Hasan, “State of IoT 2022: Number of connected IoT devices growing 18% to 14.4 billion globally,” IoT Analytics GmbH, Blog post, 2022. [Online]. Available: https://iot-analytics.com/number-connected-iot-devices/.

[39] W. Hu, C.-H. Chang, A. Sengupta, S. Bhunia, R. Kastner, and H. Li, “An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 40, no. 6, pp. 1010–1038, Jun. 2021, doi: 10.1109/TCAD.2020.3047976.

[40] X. Huang, T. Yoshizawa, and S. B. M. Baskaran, “Authentication Mechanisms in the 5G System,” Journal of ICT Standardization, vol. 9, no. 2, pp. 61–78, 2021, doi: 10.13052/jicts2245-800X.921.

[41] D. Hutchins, “Making the Move to 5G,” Government Business Council (GBC), Playbook, Jul. 2022. Underwritten by Verizon Communications Inc. [Online]. Available: https://www.verizon.com/business/resources/reports/making-the-move-to-5g.pdf.

[42] ioXt Alliance, “The Global Standard for IoT Security.” Online, Jan. 2023, [Online]. Available: https://www.ioxtalliance.org/.

[43] Jamf, “Security 360 Annual Trends Report,” Jamf, 2022.

[44] X. Ji et al., “Overview of 5G security technology,” Science China: Information Sciences, vol. 61, no. 8, Aug. 2018, doi: 10.1007/s11432-017-9426-4.

[45] A. Karale, “The Challenges of IoT Addressing Security, Ethics, Privacy, and Laws,” Internet of Things, vol. 15, p. 100420, 2021, doi: 10.1016/j.iot.2021.100420.

[46] R. Khan, P. Kumar, D. N. K. Jayakody, and M. Liyanage, “A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions,” IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 196–248, 2020, doi: 10.1109/COMST.2019.2933899.

[47] T. Klosowski, “How Mobile Phones Became a Privacy Battleground—and How to Protect Yourself,” The New York Times: Wirecutter, 2022, [Online]. Available: https://www.nytimes.com/wirecutter/blog/protect-your-privacy-in-mobile-phones/.

[48] K. Kollnig et al., “Before and after GDPR: Tracking in Mobile Apps,” Internet Policy Review, vol. 10, no. 4, 2021, doi: 10.14763/2021.4.1611 .

[49] A. Kott, A. Swami, and B. West, “The Internet of Battle Things,” Computer, vol. 49, no. 12, pp. 70–75, Dec. 2017, doi: 10.1109/MC.2018.2876048.

[50] B. Liao, Y. Ali, S. Nazir, L. He, and H. U. Khan, “Security Analysis of IoT Devices by Using Mobile Computing: A Systematic Literature Review,” IEEE Access, vol. 8, pp. 120331–120350, 2020, doi: 10.1109/ACCESS.2020.3006358.

[51] B. Liao, Y. Ali, S. Nazir, L. He, and H. U. Khan, “Security Analysis of IoT Devices by Using Mobile Computing: A Systematic Literature Review,” IEEE Access, vol. 8, pp. 120331–120350, Jul. 2020, doi: 10.1109/ACCESS.2020.3006358.

[52] P. K. Malik et al., “Industrial Internet of Things and its Applications in Industry 4.0: State of The Art,” Computer Communications, vol. 166, pp. 125–139, 2021, doi: 10.1016/j.comcom.2020.11.016.

[53] Y. Mekdad et al., “A Survey on Security and Privacy Issues of UAVs.” arXiv, 2021, doi: 10.48550/ARXIV.2109.14442.

[54] MeriTalk Staff, “DARPA Floats a Proposal for the Ocean of Things,” MeriTalk, Jan. 2018, [Online]. Available: https://www.meritalk.com/articles/darpa-floats-a-proposal-for-the-ocean-of-things/.

[55] R. van der Meulen, “What Edge Computing Means for Infrastructure and Operations Leaders,” Gartner, Inc., Article, 2018. [Online]. Available: https://www.gartner.com/smarterwithgartner/what-edge-computing-means-for-infrastructure-and-operations-leaders.

[56] M. Miettinen and N. Asokan, “Ad-hoc key agreement: A brief history and the challenges ahead,” Computer Communications, vol. 131, pp. 32–34, 2018, doi: 10.1016/j.comcom.2018.07.030.

[57] Ministère des Armées, “SICS (Système d’information du combat de SCORPION),” Ministère des Armées, Webpage, 2022. [Online]. Available: https://www.defense.gouv.fr/eurosatory/poles-thematiques/scorpion/connectivite/sics-systeme-dinformation-du-combat-scorpion.

[58] Ministère des Armées, “The SCORPION programme,” Ministère des Armées, Webpage, 2022. [Online]. Available: https://www.defense.gouv.fr/eurosatory/the-scorpion-programme.

[59] MITRE, “MITRE and the Office of the Under Secretary of Defense Announce FiGHT™ Framework to Protect 5G Ecosystem,” MITRE; the Department of Defense (DoD), Press Release, Sep. 2022.

[60] MITRE and the Department of Defense (DoD), “FiGHT™ (5G Hierarchy of Threats),” MITRE; the Department of Defense (DoD), Knowledge Base, 2022. [Online]. Available: https://fight.mitre.org/.

[61] M. binti Mohamad Noor and W. H. Hassan, “Current research on Internet of Things (IoT) security: A survey,” Computer Networks, vol. 148, pp. 283–294, 2019, doi: 10.1016/j.comnet.2018.11.025.

[62] B. Mueller, S. Schleier, J. Willemsen, and C. Holguera, “OWASP Mobile Application Security Verification Standard (MASVS),” Open Web Application Security Project (OWASP), Jan. 2022. Version 1.4.2. [Online]. Available: https://mas.owasp.org/.

[63] A. Neff, “Predicts 2022: The Distributed Enterprise Drives Computing to the Edge,” Gartner, Inc., 2021.

[64] M. Nelson, “Understanding Global IoT Security Regulations,” Security Boulevard, Blog Post, 2021. [Online]. Available: https://securityboulevard.com/2021/06/understanding-global-iot-security-regulations/.

[65] NIS Cooperation Group, “EU coordinated risk assessment of the cybersecurity of 5G networks,” European Union (EU), 2019. [Online]. Available: https://ec.europa.eu/commission/presscorner/detail/en/IP_19_6049.

[66] NIST, “5G Cybersecurity: Volume B: Approach, Architecture, and Security Characteristics,” NIST, Special Report (SP) 1800-33B, Apr. 2022. Preliminary Draft. [Online]. Available: https://www.nccoe.nist.gov/5g-cybersecurity.

[67] NIST, “Mobile Threat Catalogue,” NIST, Website, 2023. [Online]. Available: https://pages.nist.gov/mobile-threat-catalogue/.

[68] P. Nolan, “The ’Internet of Things’: Legal Challenges in an Ultra-connected World,” Mason Hayes & Curran LLP, Insights: Privacy & Data Security, Jan. 2016. [Online]. Available: http://www.mhc.ie/latest/blog/the-internet-of-things-legal-challenges-in-an-ultra-connected-world.

[69] V. Oeselg, R. Šalaševičius, H. Ploom, and A. Palm, “Military Movement: Risks from 5G Networks,” NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), Research Report, 2022.

[70] Office of Strategic Communications, “Internet of Battlefield Things (IoBT) CRA,” U.S. Army DEVCOM Army Research Laboratory, Website, 2023. [Online]. Available: https://www.arl.army.mil/cras/iobt-cra/.

[71] Office of the Privacy Commissioner of Canada, “Privacy guidance for manufacturers of Internet of Things devices,” Office of the Privacy Commissioner of Canada, Guidance, Aug. 2020. [Online]. Available: https://www.priv.gc.ca/en/privacy-topics/technology/gd_iot_man/.

[72] C. Parton, “Chinese Cellular IoT technology: An analysis of threats and mitigation measures,” OODA LLC, White paper, Jan. 2023. Full report “Cellular IoT modules – Supply Chain Security” available at https://www.oodaloop.com/wp-content/uploads/2023/01/Cellular_IoT_Paper_JAN_Master_PDF.pdf. [Online]. Available: https://www.oodaloop.com/globalrisk/2023/01/23/chinese-cellular-iot-technology-an-analysis-of-threats-and-mitigation-measures/.

[73] M. Pesqueur, “L’ailier de demain : le partenariat homme-machine dans l’armée de Terre,” Ifri, Notes de l’Ifri, Nov. 2021. [Online]. Available: https://www.ifri.org/sites/default/files/atoms/files/pesqueur_partenariat_homme_machine_2021.pdf.

[74] Pradeo, “Mobile security predictions for 2022,” Pradeo, Blog post, 2022. [Online]. Available: https://blog.pradeo.com/pradeos-predictions-2022.

[75] M. K. Pratt, “Bolster physical defenses with IoT hardware security,” TechTarget, News article, 2021. [Online]. Available: https://www.techtarget.com/iotagenda/tip/Bolster-physical-defenses-with-IoT-hardware-security.

[76] A. Qamar, A. Karim, and V. Chang, “Mobile malware attacks: Review, taxonomy & future directions,” Future Generation Computer Systems, vol. 97, pp. 887–909, 2019, doi: 10.1016/j.future.2019.03.007.

[77] G. Rowlands, “The Internet of Military Things & Machine Intelligence: A Winning Edge or Security Nightmare?” III, 2017.

[78] S. Russell and T. Abdelzaher, “The Internet of Battlefield Things: The Next Generation of Command, Control, Communications and Intelligence (C3I) Decision-Making,” in Proc. IEEE Military Communications Conference (MilCom), Oct. 2018, pp. 737–742, doi: 10.1109/MILCOM.2018.8599853.

[79] S. Sendhil, “The security impact of IoT on business transformation,” ManageEngine, Insights, 2023. [Online]. Available: https://insights.manageengine.com/digital-transformation/the-security-impact-of-iot-on-business-transformation/.

[80] M. Serror, S. Hack, M. Henze, M. Schuba, and K. Wehrle, “Challenges and Opportunities in Securing the Industrial Internet of Things,” IEEE Transactions on Industrial Informatics, vol. 17, no. 5, pp. 2985–2996, 2021, doi: 10.1109/TII.2020.3023507.

[81] E. Sisinni, A. Saifullah, S. Han, U. Jennehag, and M. Gidlund, “Industrial Internet of Things: Challenges, Opportunities, and Directions,” IEEE Transactions on Industrial Informatics, vol. 14, no. 11, pp. 4724–4734, 2018, doi: 10.1109/TII.2018.2852491.

[82] Thales, “IoT Cybersecurity: regulating the Internet of Things,” Thales, Webpage, Jun. 2021. [Online]. Available: https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/inspired/iot-regulations.

[83] Verizon, “Verizon 2022 Mobile Security Index,” Verizon, Aug. 2022.

[84] P. Weichbroth and L. Łysik, “Mobile Security: Threats and Best Practices,” Mobile Information Systems, vol. 2020, Dec. 2020, doi: 10.1155/2020/8828078.

[85] Wikipedia contributors, “Edge computing — Wikipedia, The Free Encyclopedia.” https://en.wikipedia.org/w/index.php?title=Edge_computing&oldid=1127185952, 2022.

[86] Wikipedia contributors, “Industrial internet of things — Wikipedia, The Free Encyclopedia.” https://en.wikipedia.org/wiki/Industrial_internet_of_things, 2023.

[87] Wikipedia contributors, “Internet of Military Things — Wikipedia, The Free Encyclopedia.” https://en.wikipedia.org/w/index.php?title=Internet_of_Military_Things&oldid=1130011550, 2022.

[88] Wikipedia contributors, “Internet of things — Wikipedia, The Free Encyclopedia.” https://en.wikipedia.org/w/index.php?title=Internet_of_things&oldid=1128546461, 2022.

[89] Wikipedia contributors, “IoBT-CRA — Wikipedia, The Free Encyclopedia.” https://en.wikipedia.org/wiki/IoBT-CRA, 2022.

[90] Wikipedia contributors, “Mobile security — Wikipedia, The Free Encyclopedia.” 2022, [Online]. Available: https://en.wikipedia.org/w/index.php?title=Mobile_security&oldid=1127644660.

[91] M. Zinkus, T. M. Jois, and M. Green, “Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions.” arXiv, 2021, doi: 10.48550/ARXIV.2105.12613.

Submission process

C&ESAR solicits the following types of papers:

  • Regular paper: 10 to 16 pages paper describing work not yet published;
  • Short paper: 4 to 8 pages paper describing work not yet published;
  • Extended abstract: 3 to 6 pages abstract of a large audience didactic paper recently published (by the same authors or a superset of them) in a peer-reviewed journal or conference proceedings (papers of interest include in particular: states of the art or practice; surveys; experience reports; and directly applicable solutions to common problems).

The regular paper type includes Systematization of Knowledge (SoK) papers that “evaluate, systematize, and contextualize existing knowledge” (https://www.jsys.org/type_SoK/). Examples of SoK papers can be found at https://oaklandsok.github.io/.

Steps

C&ESAR follows a 3 steps submission process (abstract, proposal, final version). Evaluation and selection is done on the proposal and final version steps. During the proposal step, a selective evaluation is done with a low selection rate on a detailed outline of the proposed article (or directly on the final version if a final version is submitted as proposal). During the final version step, an evaluation with a high selection rate is done on the final version of the accepted proposals.

  • First step (abstract): title, authors and abstract of the proposals have to be registered no later than Wednesday, May 10, 2023 on EasyChair: https://easychair.org/conferences/?conf=cesar2023.
  • Second step (proposal): proposals (3 to 16 pages for all types of papers) have to be submitted as a PDF file no later than Wednesday, May 17, 2023 via EasyChair. Authors will be notified of their proposal preselection by Wednesday, June 28, 2023 (a final selection will be made on the final version).
    • Regular paper: If desired, authors can already submit a complete paper of up to 16 pages. However, reviewers will not be required to invest more efforts at this stage than they would for a 6 pages proposal.
    • Short paper: If desired, authors can already submit a complete paper of up to 8 pages. However, reviewers will not be required to invest more efforts at this stage than they would for a 6 pages proposal.
    • Extended abstract proposals must: be explicitly identified as such by the mention “(extended abstract)” in their title; explicitly identify and cite the original publication; and, contain an appendix containing the (anonymized) comments made by the reviewers of the original publication. If desired, at this stage, authors can submit the PDF of the original article instead of the PDF of a summary. However, reviewers will not be required to invest more efforts at this stage than they would for a 6 pages summary.
  • Third step (final version): authors of preselected papers have to upload the final version of their paper on EasyChair by Wednesday, August 30, 2023. Authors of preselected papers commit to address reviewers’ comments in this final version. A final selection with a really high selection rate is performed at this stage.

Language and selection criteria

Language

Papers are written in French or in English (English translations of title and abstract of papers written in French must be provided).

Audience

C&ESAR is aimed at the following audience of decision makers and practitioners:

  • Decision makers interested in:
    • broad and well constructed overview of a problematic and its solutions;
  • “technology scouts” of operational units interested in:
    • knowing more about the state of practice (what others in the same domain do),
    • identifying recent mature technologies that may help solving some of their operational problems;
  • Engineers and researchers of innovation units interested in:
    • knowing more about the state of the art in their specialty,
    • knowing more about the operational problems addressed by others in their community,
    • identifying recent to be matured technologies that may help solving some of their operational problems;
  • Engineers and researchers of research units interested in:
    • knowing more about the state of the art in specialties related to their own,
    • identifying operational problems related to their research specialties

Selection criteria

For all types of papers, selection criteria include in particular: fitness for the audience; clarity; pedagogical (didactical) value; and respect of this call for papers topic and guidelines.

For regular papers and short papers, highly specialized technical papers will be appreciated if they contribute to explain and analyze the state of the art or practice and their deficiencies.

For extended abstracts, the original publication must be clearly identified and cited. Moreover, the selection process is more selective, and emphasizes the didactical quality and large audience of the papers.

Instructions for the format of proposals and papers

Proposals and papers must be submitted as PDF files, without page numbering, following the single column format of “CEUR Workshop Proceedings” in “emphasizing capitalized style” (http://ceur-ws.org/HOWTOSUBMIT.html#PREPARE).

Templates are available for LaTeX, docx (Word) and ODT (Word or LibreOffice) at the following URL: http://ceur-ws.org/Vol-XXX/CEURART.zip.

A PDF example and a TeX template configured for C&ESAR 2023 are available on Overleaf at https://www.overleaf.com/read/pybqxvxhzpwj (it must be duplicated before edition). Submissions not looking like this example will not be considered for inclusion in the official proceedings.

Proceedings

Authors can opt out of inclusion in any form of proceedings.

As far as possible (and since 2021), the official conference proceedings are submitted for publication to “CEUR Workshop Proceedings” (http://ceur-ws.org), and efforts are performed in order to facilitate indexing of articles in Google Scholar. This publication is conditioned by the respect of this publisher’s constraints (http://ceur-ws.org/HOWTOSUBMIT.html) and acceptance criteria, in particular respect of its paper format and having a majority of high quality articles written in English.

In order to increase the probablity of acceptance by the publisher and indexing by publication databases such as DBLP, only a curated list of the most qualitative papers form the official conference proceedings which are submitted for publication as a volume of “CEUR Workshop Proceedings”. The official proceedings inclusion decision is at the discretion of the editors of the proceedings and is based, in part, on the following recommendations:

  • articles that do not respect the “CEUR Workshop Proceedings” format are not included;
  • articles in French are unlikely to be included;
  • articles should describe the state of the art, and position the content of the article in this context;
  • articles should contain a number of references and citations in adequation with the volume of publications related to the work described;
  • regular papers are more likely to be included than short papers.

Articles accepted for presentation at the conference, but not included in the official conference proceedings (all articles if there are no proceedings published as a volume of “CEUR Workshop Proceedings”), are published on C&ESAR’s websites.

In order to facilitate presentation of work already pusblished elsewhere or intended for publication in another venue, authors can explicitly opt out of inclusion in any form of proceedings.

Deadlines

  • Registration of proposals (title and abstract): Wednesday, May 10, 2023
  • Submission of the proposals (3 to 16 pages): Wednesday, May 17, 2023
  • Notification of preselection to authors: Wednesday, June 28, 2023
  • Submission of the final version: Wednesday, August 30, 2023
    • 10 to 16 pages for regular papers
    • 4 to 8 pages for short papers
    • 3 to 6 pages for extended abstracts
  • Notification of acceptation to authors: Wednesday, September 20, 2023
  • European Cyber Week (ECW): Tuesday, November 21, 2023 to Thursday, November 23, 2023