Biblio

RSA is a popular asymmetric key algorithm with two keys scheme, a public key for encryption and private key for decryption. RSA has weaknesses in encryption and decryption of data, including slow in the process of encryption and decryption because it uses a lot of number generation. The reason is RSA algorithm can work well and is resistant to attacks such as brute force and statistical attacks. in this paper, it aims to strengthen the scheme by combining RSA with the One Time Pad algorithm so that it will bring up a new design to be used to enhance security on two-factor authentication. Contribution in this paper is to find a new scheme algorithm for an enhanced scheme of RSA. One Time Pad and RSA can combine as well.

Studies on two-factor authentication based on RFID and face recognition have been carried out on a large scale. However, these studies didn't discuss the way to overcome the weaknesses of face recognition authentication in the access control systems. In this study, two authentication factors, RFID and face recognition, were implemented using the LBP (Local Binary Pattern) algorithm to overcome weaknesses of face recognition authentication in the access control system. Based on the results of performance testing, the access control system has 100% RFID authentication and 80% face recognition authentication. The average time for the RFID authentication process is 0.03 seconds, the face recognition process is 6.3885 seconds and the verification of the face recognition is 0.1970 seconds. The access control system can still work properly after three days without being switched off. The results of security testing showed that the capabilities spoofing detection has 100% overcome the photo attack.

{Mobile devices are promising to apply two-factor authentication in order to improve system security and enhance user privacy-preserving. Existing solutions usually have certain limits of requiring some form of user effort, which might seriously affect user experience and delay authentication time. In this paper, we propose PPGPass, a novel mobile two-factor authentication system, which leverages Photoplethysmography (PPG) sensors in wrist-worn wearables to extract individual characteristics of PPG signals. In order to realize both nonintrusive and secure, we design a two-stage algorithm to separate clean heartbeat signals from PPG signals contaminated by motion artifacts, which allows verifying users without intentionally staying still during the process of authentication. In addition, to deal with non-cancelable issues when biometrics are compromised, we design a repeatable and non-invertible method to generate cancelable feature templates as alternative credentials, which enables to defense against man-in-the-middle attacks and replay attacks. To the best of our knowledge, PPGPass is the first nonintrusive and secure mobile two-factor authentication based on PPG sensors in wearables. We build a prototype of PPGPass and conduct the system with comprehensive experiments involving multiple participants. PPGPass can achieve an average F1 score of 95.3%, which confirms its high effectiveness, security, and usability}.

Two-factor authentication (2FA) systems implement by verifying at least two factors. A factor is something a user knows (password, or phrase), something a user possesses (smart card, or smartphone), something a user is (fingerprint, or iris), something a user does (keystroke), or somewhere a user is (location). In the existing 2FA system, a user is required to act in order to implement the second layer of authentication which is not very user-friendly. Smart devices (phones, laptops, tablets, etc.) can receive signals from different radio frequency technologies within range. As these devices move among networks (Wi-Fi access points, cellphone towers, etc.), they receive broadcast messages, some of which can be used to collect information. This information can be utilized in a variety of ways, such as establishing a connection, sharing information, locating devices, and, most appropriately, identifying users in range. The principal benefit of broadcast messages is that the devices can read and process the embedded information without being connected to the broadcaster. Moreover, the broadcast messages can be received only within range of the wireless access point sending the broadcast, thus inherently limiting access to those devices in close physical proximity and facilitating many applications dependent on that proximity. In the proposed research, a new factor is used - something that is in the user's environment with minimal user involvement. Data from these broadcast messages is utilized to implement a 2FA scheme by determining whether two devices are proximate or not to ensure that they belong to the same user.

The Representational State Transfer (REST) is a distributed application architecture style which adopted on providing various network services. The identity authentication protocol Kerberos has been used to guarantee the security identity authentication of many service platforms. However, the deployment of Kerberos protocol is limited by the defects such as password guessing attacks, data tampering, and replay attacks. In this paper, an optimized Kerberos protocol is proposed and applied in a REST-style Cloud Storage Architecture. Firstly, we propose a Lately Used Newly (LUN) key replacement method to resist the password guessing attacks in Kerberos protocol. Secondly, we propose a formatted signature algorithm and a combination of signature string and time stamp method to cope with the problems of tampering and replay attacks which in deploying Kerberos. Finally, we build a security protection module using the optimized Kerberos protocol to guarantee a secure identity authentication and the reliable data communication between the client and the server. Analyses show that the module significantly improves the security of Kerberos protocol in REST-style cloud storage services.

Modern learning systems, say a tutoring platform, has many characteristics like digital data presentation with interactivity, mobility, which provides information about the study-content as per the learners understanding levels, intelligent learners behavior, etc. A sophisticated ubiquitous learner system maintains security and monitors the mischievous behavior of the learner, and authenticates and authorizes every learner, which is quintessential. Some of the existing security schemes aim only at single entry-point authentication, which may not suit to ubiquitous tutor platform. We propose a secured authentication scheme which is based on the information utility of the learner. Whenever a learner moves into a tutor platform, which has ubiquitous learner system technology, the system at first-begins with learners' identity authentication, and then it initiates trust evaluation after the successful authentication of the learner. Periodic credential verification of the learner will be carried out, which intensifies the authentication scheme of the system proposed. BAN logic has been used to prove the authentication in this system. The proposed authentication scheme has been simulated and analyzed for the indoor tutor platform environment.

In this paper, an attempt has been made to describe Kerberos authentication with multi factor authentication in context aware systems. Multi factor authentication will make the framework increasingly secure and dependable. The Kerberos convention is one of the most generally utilized security conventions on the planet. The security conventions of Kerberos have been around for a considerable length of time for programmers and other malware to Figure out how to sidestep it. This has required a quick support of the Kerberos convention to make it progressively dependable and productive. Right now, endeavor to help explain this by strengthening Kerberos with the assistance of multifaceted verification.

The recent advancements in ubiquitous sensing powered by Wireless Computing Technologies (WCT) and Cloud Computing Services (CCS) have introduced a new thinking ability amongst researchers and healthcare professionals for building secure and connected healthcare systems. The integration of Internet of Things (IoT) in healthcare services further brings in several challenges with it, mainly including encrypted communication through vulnerable wireless medium, authentication and access control algorithms and ownership transfer schemes (important patient information). Major concern of such giant connected systems lies in creating the data handling strategies which is collected from the billions of heterogeneous devices distributed across the hospital network. Besides, the resource constrained nature of IoT would make these goals difficult to achieve. Motivated by aforementioned deliberations, this paper introduces a novel approach in designing a security framework for edge-computing based connected healthcare systems. An efficient, multi-factor access control and ownership transfer mechanism for edge-computing based futuristic healthcare applications is the core of proposed framework. Data scalability is achieved by employing distributed approach for clustering techniques that analyze and aggregate voluminous data acquired from heterogeneous devices individually before it transits the to the cloud. Moreover, data/device ownership transfer scheme is considered to be the first time in its kind. During ownership transfer phase, medical server facilitates user to transfer the patient information/ device ownership rights to the other registered users. In order to avoid the existing mistakes, we propose a formal and informal security analysis, that ensures the resistance towards most common IoT attacks such as insider attack, denial of distributed service (DDoS) attack and traceability attacks.

Tunnel approach to the security and privacy aspects of communication networks has been an issue since the inception of networking technologies. Neither the technology nor the regulatory and legal frame works proactively play a significant role towards addressing the ever escalating security challenges. As we have move to ubiquitous computing paradigm where information secrecy and privacy is coupled with new challenges of human to machine and machine to machine interfaces, a transformational model for security should be visited. This research is attempted to highlight the peripheral view of IoT based miniature device security paradigm with focus on standardization, regulations, user adaptation, software and applications, low computing resources and power consumption, human to machine interface and privacy.

Existing consumer devices represent the most pervasive computational platform available, but their inherently decentralized nature poses significant challenges for distributed computing adoption. In particular, device owners must willingly cooperate in collective deployments even while others may intentionally work to maliciously disrupt that cooperation. Public, cooperative systems benefit from low barriers to entry improving scalability and adoption, but simultaneously increase risk exposure to adversarial threats via promiscuous participant adoption. In this work, I aim to facilitate widespread adoption of cooperative systems by discussing the unique security and operational challenges of these systems, and highlighting several novel approaches that mitigate these disadvantages.

Security is the basic topic for the normal operation of the power Internet of Things, and its growing scale determines the trend of dynamic deployment and flexible expansion in the future to meet the ever-changing needs. While large-scale networks have a high cost of hardware resources, so the security protection of the ubiquitous power Internet of Things must be lightweight. In this paper, we propose to build a platform of power Internet of things based on SDN (Software Defined Network) technology and extend the openflow protocol by adding some types of actions and meters to achieve the purpose of on-demand monitoring, dynamic defense and flexible response. To achieve the purpose of lightweight protection, we take advantage of DFI(Deep Flow Inspection) technology to collect and analyze traffic in the Internet of Things, and form a security prevention and control strategy model suitable for the power Internet of Things, without in-depth detection of payload and without the influence of ciphertext.

Computing capabilities such as real time data, unlimited connection, data from sensors, environmental analysis, automated decisions (machine learning) are demanded by many areas like industry for example decision making, machine learning, by research and military, for example GPS, sensor data collection. The possibility to make these features compatible with each domain that demands them is known as ubiquitous computing. Ubiquitous computing includes network topologies such as wireless sensor networks (WSN) which can help further improving the existing communication, for example the Internet. Also, ubiquitous computing is included in the Internet of Things (IoT) applications. In this article, it is discussed the mobility of WSN and its advantages and innovations, which make possible implementations for smart home and office. Knowing the growing number of mobile users, we place the mobile phone as the key factor of the future ubiquitous wireless networks. With secure computing, communicating, and storage capacities of mobile devices, they can be taken advantage of in terms of architecture in the sense of scalability, energy efficiency, packet delay, etc. Our work targets to present a structure from a ubiquitous computing point of view for researchers who have an interest in ubiquitous computing and want to research on the analysis, to implement a novel method structure for the ubiquitous computing system in military sectors. Also, this paper presents security and privacy issues in ubiquitous sensor networks (USN).

In the Ubiquitous Electric Internet of Things (UEIoT), the terminals are very easy to be accessed and attacked by attackers due to the lack of effective monitoring and safe isolation methods. Therefore, in the implementation of UEIoT, the security protection of terminals is particularly important. Therefore, this paper proposes a dual-system design scheme for terminal active immunity based on trusted computing. In this scheme, the terminal node in UEIoT is composed of two parts: computing part and trusted protection part. The computing component and the trusted protection component are logically independent of each other, forming a trusted computing active immune dual-system structure with both computing and protection functions. The Trusted Network Connection extends the trusted state of the terminal to the network, thus providing a solution for terminal secure access in the UEIoT.

In the Internet of Vehicles (IoV) paradigm, a model owner is able to leverage on the enhanced capabilities of Intelligent Connected Vehicles (ICV) to develop promising Artificial Intelligence (AI) based applications, e.g., for traffic efficiency. However, in some cases, a model owner may have insufficient data samples to build an effective AI model. To this end, we propose a Federated Learning (FL) based privacy preserving approach to facilitate collaborative FL among multiple model owners in the IoV. Our system model enables collaborative model training without compromising data privacy given that only the model parameters instead of the raw data are exchanged within the federation. However, there are two main challenges of incentive mismatches between workers and model owners, as well as among model owners. For the former, we leverage on the self-revealing mechanism in contract theory under information asymmetry. For the latter, we use the coalitional game theory approach that rewards model owners based on their marginal contributions. The numerical results validate the performance efficiency of our proposed hierarchical incentive mechanism design.

The concept behind the Internet of Things (IoT) is taking everything and connecting to the internet so that all devices would be able to send and receive data online. Internet of Vehicles (IoV) is a key component of smart city which is an outcome of IoT. Nowadays the concept of IoT has plaid an important role in our daily life in different sectors like healthcare, agriculture, smart home, wearable, green computing, smart city applications, etc. The emerging IoV is facing a lack of rigor in data processing, limitation of anonymity, privacy, scalability, security challenges. Due to vulnerability IoV devices must face malicious hackers. Nowadays with the help of blockchain (BC) technology energy system become more intelligent, eco-friendly, transparent, energy efficient. This paper highlights two major challenges i.e. scalability and security issues. The flavor of edge computing (EC) considered here to deal with the scalability issue. A BC is a public, shared database that records transactions between two parties that confirms owners through cryptography. After a transaction is validated and cryptographically verified generates “block” on the BC and transactions are ordered chronologically and cannot be altered. Implementing BC and smart contracts technologies will bring security features for IoV. It plays a role to implement the rules and policies to govern the IoV information and transactions and keep them into the BC to secure the data and for future uses.

The wide expansion of the Internet of Things is pushing the growth of vehicular ad-hoc networks (VANETs) into the Internet of Vehicles (IoV). Secure data communication is vital to the success and stability of the IoV and should be integrated into its various operations and aspects. In this paper, we present a framework for secure IoV communications by utilizing the High Performance Blockchain Consensus (HPBC) algorithm. Based on a previously published communication model for VANETs that uses an efficient routing protocol for transmitting packets between vehicles, we describe in this paper how to integrate a blockchain model on top of the IoV communications system. We illustrate the method that we used to implement HPBC within the IoV nodes. In order to prove the efficiency of the proposed model, we carry out extensive simulations that test the proposed model and study its overhead on the IoV network. The simulation results demonstrated the good performance of the HPBC algorithm when implemented within the IoV environment.

In order to realize the security authentication of information transmission between vehicle nodes in the vehicular ad hoc network, based on the certificateless public key cryptosystem and aggregate signature, a privacy-protected certificateless aggregate signature scheme is proposed, which eliminates the complicated certificate maintenance cost. This solution also solves the key escrow problem. By Communicating with surrounding nodes through the pseudonym of the vehicle, the privacy protection of vehicle users is realized. The signature scheme satisfies the unforgeability of an adaptive selective message attack under a random prophetic machine. The scheme meets message authentication, identity privacy protection, resistance to reply attacks.

In this digital era, technology is upgrading day by day and becoming more agile and intelligent. Smart devices and gadgets are now being used to find solutions to complex problems in various domains such as health care, industries, entertainment, education, etc. The Transport system, which is the biggest challenge for any governing authority of a state, is also not untouched with this development. There are numerous challenges and issues with the existing transport system, which can be addressed by developing intelligent and autonomous vehicles. The existing vehicles can be upgraded to use sensors and the latest communication techniques. The advancements in the Internet of Things (IoT) have the potential to completely transform the existing transport system to a more advanced and intelligent transport system that is the Internet of Vehicles (IoV). Due to the connectivity with the Internet, the Internet of Vehicles (IoV) is exposed to various security threats. Security is the primary issue, which requires to be addressed for success and adoption of the IoV. In this paper, the applicability of machine learning based solutions to address the security issue of IoV is analyzed. The performance of six machine-learning algorithms to detect Bot threats is validated by the k-fold cross-validation method in python.

The increasing vehicles have brought convenience to people as well as many traffic problems. The Internet of Vehicles (IoV) is an extension of the intelligent transportation system based on the Internet of Things (IoT), which is the omnibearing network connection among “Vehicles, Loads, Clouds”. However, IoV also faces threats from various known and unknown security vulnerabilities. Traditional security defense methods can only deal with known attacks, while there is no effective way to deal with unknown attacks. In this paper, we show an IoV system deployed on a Mimic Common Operating Environment (MCOE). At the sensing layer, we introduce a lightweight cryptographic algorithm, LBlock, to encrypt the data collected by the hardware. Thus, we can prevent malicious tampering of information such as vehicle conditions. At the application layer, we firstly put the IoV system platform into MCOE to make it dynamic, heterogeneous and redundant. Extensive experiments prove that the sensing layer can encrypt data reliably and energy-efficiently. And we prove the feasibility and security of the Internet of Vehicles system platform on MCOE.

Due to the low latency and high speed of 5G networks, the Internet of Vehicles (IoV) under the 5G network has been rapidly developed and has broad application prospects. The Third Generation Partnership Project (3GPP) committee has taken remote diagnosis as one of the development cores of IoV. However, how to ensure the security of remote diagnosis and maintenance services is also a key point to ensure vehicle safety, which is directly related to the safety of vehicle passengers. In this paper, we propose a secure and efficient authentication scheme based on extended chebyshev chaotic maps for remote diagnosis and maintenance in IoVs. In the proposed scheme, to provide strong security, anyone, such as the vehicle owner or the employee of the Vehicle Service Centre (VSC), must enter the valid biometrics and password in order to enjoy or provide remote diagnosis and maintenance services, and the vehicle and the VSC should authenticate each other to ensure that they are legitimate. The security analysis and performance evaluation results show that the proposed scheme can provide robust security with ideal efficiency.

With the rapid technological advancement of the universal internet of vehicles (UIoV), it becomes crucial to ensure safe and secure communication over the network, in an effort to achieve the implementation objective of UIoV effectively. A UIoV is characterized by highly dynamic topology, scalability, and thus vulnerable to various types of security and privacy attacks (i.e., replay attack, impersonation attack, man-in-middle attack, non-repudiation, and modification). Since the components of UIoV are constrained by numerous factors (e.g., low memory devices, low power), which makes UIoV highly susceptible. Therefore, existing schemes to address the privacy and security facets of UIoV exhibit an enormous scope of improvement in terms of time complexity and efficiency. This paper presents a lightweight authentication and batch verification scheme (LABVS) for UIoV using a bilinear map and cryptographic operations (i.e., one-way hash function, concatenation, XOR) to minimize the rate of message loss occurred due to delay in response time as in single message verification scheme. Subsequently, the scheme results in a high level of security and privacy. Moreover, the performance analysis substantiates that LABVS minimizes the computational delay and has better performance in the delay-sensitive network in terms of security and privacy as compared to the existing schemes.

Ensuring secure transmission over the communication channel is a fundamental responsibility to achieve the implementation objective of universal internet of vehicles (UIoV) efficiently. Characteristics like highly dynamic topology and scalability of UIoV makes it more vulnerable to different types of privacy and security attacks. Considerable scope of improvement in terms of time complexity and performance can be observed within the existing schemes that address the privacy and security aspects of UIoV. In this paper, we present an improvised authentication and lightweight batch verification method for security and privacy in UIoV. The suggested method reduces the message loss rate, which occurred due to the response time delay by implementing some low-cost cryptographic operations like one-way hash function, concatenation, XOR, and bilinear map. Furthermore, the performance analysis proves that the proposed method is more reliable that reduces the computational delay and has a better performance in the delay-sensitive network as compared to the existing schemes. The experimental results are obtained by implementing the proposed scheme on a desktop-based configuration as well as Raspberry Pi 4.

With the development of 5G communication technology, the status of the Internet of Vehicles in people's lives is greatly improved in the general trend of intelligent transportation. The combination of vehicles and Radio Frequency Identification (RFID) makes the application prospects of vehicle networking gradually expand. However, the wireless network of the Internet of Vehicles is open and mobile, so it can be easily stolen or tampered with by attackers. Moreover, it will cause serious traffic security problems and even threat people's lives. In this paper, we propose a lightweight authentication protocol for the Internet of Vehicles based on a mobile RFID system and give corresponding security requirements for modeling potential attacks. The protocol is based on the three-party mutual authentication, and uses bit-operated left-cycle shift operations and hetero-oriented operations to generate encrypted data. The simultaneous inclusion of triparty shared key information and random numbers makes the protocol resistant to counterfeit attacks, violent attacks, replay attacks and desynchronization attacks. Finally, a simulation analysis of the security protocol using the ProVerif tool shows that the protocol secures is not accessible to attackers during the data transfer, and achieve the three-party authentication between sensor nodes (SN), vehicle nodes (Veh) and backend servers.

Connected vehicles as a promising concept of Intelligent Transportation System (ITS), are a potential solution to address some of the existing challenges of emission, traffic congestion as well as fuel consumption. To achieve these goals, connectivity among vehicles through the wireless communication network is essential. However, vehicular communication networks endure from reliability and security issues. Cyber-attacks with purposes of disrupting the performance of the connected vehicles, lead to catastrophic collision and traffic congestion. In this study, we consider a platoon of connected vehicles equipped with Cooperative Adaptive Cruise Control (CACC) which are subjected to a specific type of cyber-attack namely "False Data Injection" attack. We developed a novel method to model the attack with ghost vehicles injected into the connected vehicles network to disrupt the performance of the whole system. To aid the analysis, we use a Partial Differential Equation (PDE) model. Furthermore, we present a PDE model-based diagnostics scheme capable of detecting the false data injection attack and isolating the injection point of the attack in the platoon system. The proposed scheme is designed based on a PDE observer with measured velocity and acceleration feedback. Lyapunov stability theory has been utilized to verify the analytically convergence of the observer under no attack scenario. Eventually, the effectiveness of the proposed algorithm is evaluated with simulation study.

A synthetic aperture radar (SAR) target detection method based on the fusion of multiscale superpixel segmentations is proposed in this paper. SAR images are segmented between land and sea firstly by using superpixel technology in different scales. Secondly, image segmentation results together with the constant false alarm rate (CFAR) detection result are coalesced. Finally, target detection is realized by fusing different scale results. The effectiveness of the proposed algorithm is tested on Sentinel-1A data.