Biblio

Data generated from various dynamic applications of Internet of Things (IoT) based healthcare technology is effectively used for decision-making, providing reliable and smart healthcare services to the elderly and patients with chronic diseases. Since these precious data are susceptible to various security attacks, continuous monitoring of the system's compliance and identification of security risks in IoT data propagation is essential through potentially several layers of applications. This paper pinpoints how security-aware data provenance graphs can support compliance checking and risk estimation by including sufficient information on security controls and other security-relevant evidence. Real-time analysis of these security evidence to enable a step-wise validation and providing the evidence of this validation to end-users is currently not possible with the available data. This paper analyzes the security concerns in different phases of data propagation in a designed IoT-health scenario and promotes step-wise validation of security evidence. It proposes a system model with a novel protocol that documents and verifies evidence for security controls for data-object relations in data provenance graphs to assist compliance checking of security regulation of healthcare systems. With this regard, this paper discusses the proposed system model design with the requirements for technical safeguards of the Health Insurance Portability and Accountability Act (HIPAA). Based on the verification output at each phase, the proposed protocol reports this chain of verification by creating certain security tokens. Finally, the paper provides a formal security validation and security design analysis to show the applicability of this step-wise validation within the proposed system model.

Fog Computing is one of the edge computing paradigms that envisages being the proximate processing and storage infrastructure for a multitude of IoT appliances. With its dynamic deployability as a medium level cloud service, fog nodes are enabling heterogeneous service provisioning infrastructure that features scalability, interoperability, and adaptability. Out of the various 5G based services possible with the fog computing platforms, security services are imperative but minimally investigated direct live. Thus, in this research, we are focused on launching security services in a fog node with an architecture capable of provisioning on-demand service requests. As the fog nodes are constrained on resources, our intention is to integrate light-weight virtualization technology such as Docker for forming the service provisioning infrastructure. We managed to launch multiple security instances configured to be Intrusion Detection and Prevention Systems (IDPSs) on the fog infrastructure emulated via a Raspberry Pi-4 device. This environment was tested with multiple network flows to validate its feasibility. In our proposed architecture, orchestration strategies performed by the security orchestrator were stated as guidelines for achieving pragmatic, dynamic orchestration with fog in IoT deployments. The results of this research guarantee the possibility of developing an ambient security service model that facilitates IoT devices with enhanced security.

Adaptation of e-commerce in third world countries requires more secure computing facilities. Online data is vulnerable and susceptible to active attacks. Hundreds of security mechanisms and services have been proposed to curb this challenge. However, available security mechanisms, sufficiently strong, are heavy for the machines used. To secure online data where machines' processing power and memory are deficient, a Hybrid Encryption Standard (HES) is proposed. The HES is built on the Data Encryption Standard (DES) algorithm and its siblings. The component units of the DES are redesigned towards reduced demands for processing power and memory. Precisely, white box designs of IP tables, PC tables, Expansion tables, Rotation tables, S-boxes and P-boxes are proposed, all aimed at reducing the processing time and memory demands. Evaluation of the performance of the HES algorithm against the performance of the traditional DES algorithm reveal that the HES out-performs the DES with regards to speed, memory demands, and general acceptance by novice practitioners in the cryptography field. In addition, reproducibility and flexibility are attractive features of the HES over the DES.

To increase security and to offer user experiences according to the requirements of a hyper-connected world, modern vehicles are integrating complex electronic systems, being transformed into systems of Cyber-Physical Systems (CPS). While a great diversity of heterogeneous hardware and software components must work together and control in real-time crucial functionalities, cybersecurity for the automotive sector is still in its infancy. This paper provides an analysis of the most common vulnerabilities and risks of connected vehicles, using a real example based on industrial and market-ready technologies. Several components have been implemented to inject and simulate multiple attacks, which enable security services and mitigation actions to be developed and validated.

In today's IIoT world, most of the IoT platform providers like Microsoft, Amazon and Google are focused towards connecting devices and extract data from the devices and send the data to the Cloud for analytics. Only there are few companies concentrating on Security measures implemented on Edge Node. Gartner estimates that by 2020, more than 25 percent of all enterprise attackers will make use of the Industrial IoT. As Cyber Security Threat is getting more important, it is essential to ensure protection of data both at rest and at motion. The reflex of Cyber Security in the Industrial IoT Domain is much more severe when compared to the Consumer IoT Segment. The new bottleneck in this are security services which employ computationally intensive software operations and system services [1]. Resilient services consume considerable resources in a design. When such measures are added to thwart security attacks, the resource requirements grow even more demanding. Since the standard IIoT Gateways and other sub devices are resource constrained in nature the conventional design for security services will not be applicable in this case. This paper proposes an intelligent architectural paradigm for the Constrained IIoT Gateways that can efficiently identify the Cyber-Attacks in the Industrial IoT domain.

The uptake of virtualization and cloud technologies has pushed novel development and operation models for the software, bringing more agility and automation. Unfortunately, cyber-security paradigms have not evolved at the same pace and are not yet able to effectively tackle the progressive disappearing of a sharp security perimeter. In this paper, we describe a novel cyber-security architecture for cloud-based distributed applications and network services. We propose a security orchestrator that controls pervasive, lightweight, and programmable security hooks embedded in the virtual functions that compose the cloud application, pursuing better visibility and more automation in this domain. Our approach improves existing management practice for service orchestration, by decoupling the management of the business logic from that of security. We also describe the current implementation stage for a programmable monitoring, inspection, and enforcement framework, which represents the ground technology for the realization of the whole architecture.

Authentication is the fundamental security service used in almost all remote applications. All such sensitive applications over an open network need authentication mechanism that should be delivered in a trusted way. In this paper, we design an RSA based authentication system for smart IoT environment over the air network using state-of-the-art industry standards. Our system provide security services including X.509 certificate, RSA based Public Key Infrastructure (PKI), challenge/response protocols with the help of proxy induced security service provider. We describe an innovative system model, protocol design, system architecture and evaluation against known threats. Also the implemented solution designed as an add on service for multiple other sensitive applications (smart city apps, cyber physical systems etc.) which needs the support of X.509 certificate based on hard tokens to populate other security services including confidentiality, integrity, non-repudiation, privacy and anonymity of the identities. The proposed scheme is evaluated against known vulnerabilities and given detail comparisons with popular known authentication schemes. The result shows that our proposed scheme mitigate all the known security risks and provide highest level assurance to smart gadgets.

Bitcoin is a cryptocurrency which acts as an application protocol that works on top of the IP protocol. This paper focuses on distinct Bitcoin security features, including security services, mechanisms, and algorithms. Further, we propose a well-defined security functional architecture to minimize security risks. The security features and requirements of Bitcoin have been structured in layers.

In the distributed Supervisory Control and Data Acquisitions (SCADA) system there is a need of doing the acquisition of very large amount of data on the network to visualize the same process in realtime or in the future. Water is distributed automatically to large area through autonomous SCADA systems. This makes the systems prone to various attacks at different instances and levels. The SCADA systems are also used for distributing common resources that range from Gas, Electricity, and Water distribution. It is the need of the hour to work on the security issues of such distribution systems to provide hassle-free services. This paper reviews the major problems on the water distribution system and possible attacks that are harmful during data acquisition and transfer. This paper also gives the insight on the latest technologies like elastic search and data modelling to increase the security of the water distribution system.

The technological evolution brought by the Internet of things (IoT) comes with new forms of cyber-attacks exploiting the complexity and heterogeneity of IoT networks, as well as, the existence of many vulnerabilities in IoT devices. The detection of compromised devices, as well as the collection and preservation of evidence regarding alleged malicious behavior in IoT networks, emerge as areas of high priority. This paper presents a blockchain-based solution, which is designed for the smart home domain, dealing with the collection and preservation of digital forensic evidence. The system utilizes a private forensic evidence database, where the captured evidence is stored, along with a permissioned blockchain that allows providing security services like integrity, authentication, and non-repudiation, so that the evidence can be used in a court of law. The blockchain stores evidences' metadata, which are critical for providing the aforementioned services, and interacts via smart contracts with the different entities involved in an investigation process, including Internet service providers, law enforcement agencies and prosecutors. A high-level architecture of the blockchain-based solution is presented that allows tackling the unique challenges posed by the need for digitally handling forensic evidence collected from IoT networks.

The public key infrastructure (PKI) based authentication protocol provides the basic security services for vehicular ad-hoc networks (VANETs). However, trust and privacy are still open issues due to the unique characteristics of vehicles. It is crucial for VANETs to prevent internal vehicles from broadcasting forged messages while simultaneously protecting the privacy of each vehicle against tracking attacks. In this paper, we propose a blockchain-based anonymous reputation system (BARS) to break the linkability between real identities and public keys to preserve privacy. The certificate and revocation transparency is implemented efficiently using two blockchains. We design a trust model to improve the trustworthiness of messages relying on the reputation of the sender based on both direct historical interactions and indirect opinions about the sender. Experiments are conducted to evaluate BARS in terms of security and performance and the results show that BARS is able to establish distributed trust management, while protecting the privacy of vehicles.

State-of-the-art system-on-chip (SoC) field programmable gate arrays (FPGAs) integrate hard powerful ARM processor cores and the reconfigurable logic fabric on a single chip in addition to many commonly needed high performance and high-bandwidth peripherals. The increasing reliance on untrustworthy third-party IP (3PIP) cores, including both hardware and software in FPGA-based embedded systems has made the latter increasingly vulnerable to security attacks. Detection of trojans in 3PIPs is extremely difficult to current static detection methods since there is no golden reference model for 3PIPs. Moreover, many FPGA-based embedded systems do not have the support of security services typically found in operating systems. In this paper, we present our run-time, low-cost, and low-latency hardware and software based solution for protecting data stored in on-chip memory blocks, which has attracted little research attention. The implemented memory protection design consists of a hierarchical top-down structure and controls memory access from software IPs running on the processor and hardware IPs running in the FPGA, based on a set of rules or access rights configurable at run time. Additionally, virtual addressing and encryption of data for each memory help protect confidentiality of data in case of a failure of the memory protection unit, making it hard for the attacker to gain access to the data stored in the memory. The design is implemented and tested on the Intel (Altera) DE1-SoC board featuring a SoC FPGA that integrates a dual-core ARM processor with reconfigurable logic and hundreds of memory blocks. The experimental results and case studies show that the protection model is successful in eliminating malicious IPs from the system without need for reconfiguration of the FPGA. It prevents unauthorized accesses from untrusted IPs, while arbitrating access from trusted IPs generating legal memory requests, without incurring a serious area or latency penalty.

The paper reviews the issue of secure routing in unmanned vehicle ad-hoc networks. Application of the Blockchain technology for routing and authentication information storage and distribution is proposed. A blockchain with the floating genesis block is introduced to solve problems associated with blockchain size growth in the systems using transactions with limited lifetime.

The Internet of Things (IoT) increasingly demonstrates its role in smart services, such as smart home, smart grid, smart transportation, etc. However, due to lack of standards among different vendors, existing networked IoT devices (NoTs) can hardly provide enough security. Moreover, it is impractical to apply advanced cryptographic solutions to many NoTs due to limited computing capability and power supply. Inspired by recent advances in IoT demand, in this paper, we develop an IoT security architecture that can protect NoTs in different IoT scenarios. Specifically, the security architecture consists of an auditing module and two network-level security controllers. The auditing module is designed to have a stand-alone intrusion detection system for threat detection in a NoT network cluster. The two network-level security controllers are designed to provide security services from either network resource management or cryptographic schemes regardless of the NoT security capability. We also demonstrate the proposed IoT security architecture with a network based one-hop confidentiality scheme and a cryptography-based secure link mechanism.

For a secure communication over an insecure channel the Diffie-Hellman key exchange protocol (DHKEP) is treated as the de facto standard. However, it suffers form server-side compromisation, identity compromisation, man-in-the-middle, replay attacks, etc. Also, there are single point of vulnerability (SOV), single point of failure (SOF) and user privacy preservation issues. This work proposes an identity-based two-server DHKEP to address the aforesaid issues and alleviating the attacks. To preserve user identity from outside intruders, a k-anonymity based identity hiding principle has been adopted. Further, to ensure efficient utilization of channel bandwidth, the proposed scheme employs elliptic curve cryptography. The security analysis substantiate that our scheme is provably secure and successfully addressed the above-mentioned issues. The performance study contemplates that the overhead of the protocol is reasonable and comparable with other schemes.

Often considered as the brain of an industrial process, Industrial control systems are presented as the vital part of today's critical infrastructure due to their crucial role in process control and monitoring. Any failure or error in the system will have a considerable damage. Their openness to the internet world raises the risk related to cyber-attacks. Therefore, it's necessary to consider cyber security challenges while designing an ICS in order to provide security services such as authentication, integrity, access control and secure communication channels. To implement such services, it's necessary to provide an efficient key management system (KMS) as an infrastructure for all cryptographic operations, while preserving the functional characteristics of ICS. In this paper we will analyze existing KMS and their suitability for ICS, then we propose a new KMS based on Identity Based Cryptography (IBC) as a better alternative to traditional KMS. In our proposal, we consider solving two security problems in IBC which brings it up to be more suitable for ICS.