Biblio

Multi-authority attribute-based encryption (MA-ABE) is a promising technique to achieve fine-grained access control over encrypted data in cross domain applications. However, the dynamic change of users' access privilege brings security problems, and the heavy encryption computational cost is issue for resource-constrained users in IoT. Moreover, the invalid or illegal ciphertext will waste system resources. We propose a large universe MA-CP-ABE scheme with revocation and online/offline encryption. In our scheme, an efficient revocation mechanism is designed to change users' access privilege timely. Most of the encryption operations have been executed in the user's initialization phase by adding reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Moreover, the scheme supports ciphertext verification and only valid ciphertext can be stored and transmitted. The proposed scheme is proven statically secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable for resource constrained users in edge computing for IoT.

Bloom filters (BFs) are fast and space-efficient data structures used for set membership queries in many applications. BFs are required to satisfy three key requirements: low space cost, high-speed lookups, and fast updates. Prior works do not satisfy these requirements at the same time. The standard BF does not support deletions of items and the variants that support deletions need additional space or performance overhead. The state-of-the-art cuckoo filters (CF) has high performance with seemingly low space cost. However, the CF suffers a critical issue of varying space cost per item. This is because the exclusive-OR (XOR) operation used by the CF requires the total number of buckets to be a power of two, leading to the space inflation. To address the issue, in this paper we propose a scalable variant of the cuckoo filter called additive and subtractive cuckoo filter (ASCF). We aim to improve the space efficiency while sustaining comparably high performance. The ASCF uses the addition and subtraction (ADD/SUB) operations instead of the XOR operation to compute an item's two candidate bucket indexes based on its fingerprint. Experimental results show that the ASCF achieves both low space cost and high performance. Compared to the CF, the ASCF reduces up to 1.9x space cost per item while maintaining the same lookup and update throughput. In addition, the ASCF outperforms other filters in both space cost and performance.

Supervisory control and data acquisition (SCADA) systems are the key driver for critical infrastructures and industrial facilities. Cyber-attacks to SCADA networks may cause equipment damage or even fatalities. Identifying risks in SCADA networks is critical to ensuring the normal operation of these industrial systems. In this paper we propose a Bayesian network-based cyber-security risk assessment model to dynamically and quantitatively assess the security risk level in SCADA networks. The major distinction of our work is that the proposed risk assessment method can learn model parameters from historical data and then improve assessment accuracy by incrementally learning from online observations. Furthermore, our method is able to assess the risk caused by unknown attacks. The simulation results demonstrate that the proposed approach is effective for SCADA security risk assessment.

Delay and security are both highly concerned in the Internet of Things (IoT). In this paper, we set up a secure analytical framework for IoT networks to characterize the network delay performance and secrecy performance. Firstly, stochastic geometry and queueing theory are adopted to model the location of IoT devices and the temporal arrival of packets. Based on this model, a low-complexity secure on-off scheme is proposed to improve the network performance. Then, the delay performance and secrecy performance are evaluated in terms of packet delay and packet secrecy outage probability. It is demonstrated that the intensity of IoT devices arouse a tradeoff between the delay and security and the secure on-off scheme can improve the network delay performance and secrecy performance. Moreover, secrecy transmission rate is adopted to reflect the delay-security tradeoff. The analytical and simulation results show the effects of intensity of IoT devices and secure on-off scheme on the network delay performance and secrecy performance.