Biblio

Security and Controls with Data privacy in Internet of Things (IoT) devices is not only a present and future technology that is projected to connect a multitude of devices, but it is also a critical survival factor for IoT to thrive. As the quantity of communications increases, massive amounts of data are expected to be generated, posing a threat to both physical device and data security. In the Internet of Things architecture, small and low-powered devices are widespread. Due to their complexity, traditional encryption methods and algorithms are computationally expensive, requiring numerous rounds to encrypt and decode, squandering the limited energy available on devices. A simpler cryptographic method, on the other hand, may compromise the intended confidentiality and integrity. This study examines two lightweight encryption algorithms for Android devices: AES and RSA. On the other hand, the traditional AES approach generates preset encryption keys that the sender and receiver share. As a result, the key may be obtained quickly. In this paper, we present an improved AES approach for generating dynamic keys.

In most PUF-based authentication schemes, a central server is usually engaged to verify the response of the device’s PUF to challenge bit-streams. However, the server availability may be intermittent in practice. To tackle such an issue, this paper proposes a new protocol for supporting distributed authentication while avoiding vulnerability to information leakage where CRPs could be retrieved from hacked devices and collectively used to model the PUF. The main idea is to provision for scrambling the challenge bit-stream in a way that is dependent on the verifier. The scrambling pattern varies per authentication round for each device and independently across devices. In essence, the scrambling function becomes node- and packetspecific and the response received by two verifiers of one device for the same challenge bit-stream could vary. Thus, neither the scrambling function can be reverted, nor the PUF can be modeled even by a collusive set of malicious nodes. The validation results using data of an FPGA-based implementation demonstrate the effectiveness of our approach in thwarting PUF modeling attacks by collusive actors. We also discuss the approach resiliency against impersonation, Sybil, and reverse engineering attacks.

Food supply chain is a complex but necessary food production arrangement needed by the global community to maintain sustainability and food security. For the past few years, entities being a part of the food processing system have usually taken food supply chain for granted, they forget that just one disturbance in the chain can lead to poisoning, scarcity, or increased prices. This continually affects the vulnerable among society, including impoverished individuals and small restaurants/grocers. The food supply chain has been expanded across the globe involving many more entities, making the supply chain longer and more problematic making the traditional logistics pattern unable to match the expectations of customers. Food supply chains involve many challenges like lack of traceability and communication, supply of fraudulent food products and failure in monitoring warehouses. Therefore there is a need for a system that ensures authentic information about the product, a reliable trading mechanism. In this paper, we have proposed a comprehensive solution to make the supply chain consumer centric by using Blockchain. Blockchain technology in the food industry applies in a mindful and holistic manner to verify and certify the quality of food products by presenting authentic information about the products from the initial stages. The problem formulation, simulation and performance analysis are also discussed in this research work.

Mobile Ad-hoc Networks (MANETs) have attracted lots of concerns with its widespread use. In MANETs, wireless nodes usually self-organize into groups to complete collaborative tasks and communicate with one another via public channels which are vulnerable to attacks. Group key management is generally employed to guarantee secure group communication in MANETs. However, most existing group key management schemes for MANETs still suffer from some issues, e.g., receiver restriction, relying on a trusted dealer and heavy certificates overheads. To address these issues, we propose a group key management scheme for MANETs based on an identity-based authenticated dynamic contributory broadcast encryption (IBADConBE) protocol which builds on an earlier work. Our scheme abandons the certificate management and does not need a trusted dealer to distribute a secret key to each node. A set of wireless nodes are allowed to negotiate the secret keys in one round while forming a group. Besides, our scheme is receiver-unrestricted which means any sender can flexibly opt for any favorable nodes of a group as the receivers. Further, our scheme satisfies the authentication, confidentiality of messages, known-security, forward security and backward security concurrently. Performance evaluation shows our scheme is efficient.

Key management for self-organized wireless ad-hoc networks using peer-to-peer (P2P) keys is the primary goal of this article (SOWANs). Currently, wireless networks have centralized security architectures, making them difficult to secure. In most cases, ad-hoc wireless networks are not connected to trusted authorities or central servers. They are more prone to fragmentation and disintegration as a result of node and link failures. Traditional security solutions that rely on online trusted authorities do not work together to protect networks that are not planned. With open wireless networks, anyone can join or leave at any time with the right equipment, and no third party is required to verify their identity. These networks are best suited for this proposed method. Each node can make, distribute, and revoke its keying material in this paper. A minimal amount of communication and computation is required to accomplish this task. So that they can authenticate one another and create shared keys, nodes in the self-organized version of the system must communicate via a secure side channel between the users' devices.

This paper investigates the robustness of the received signal strength (RSS)-based physical layer authentication (PLA) for wireless mesh networks, through experimental results. Specifically, we develop a secure wireless mesh networking framework and apply the RSS-based PLA scheme, with the aim to perform continuous authentication. The mesh setup comprises three Raspberry-PI4 computing nodes (acting as Alice, Bob, and Eve) and a server. The server role is to perform the initial authentication when a new node joins the mesh network. After that, the legitimate nodes in the mesh network perform continuous authentication, by leveraging the RSS feature of wireless signals. In particular, Bob tries to authenticate Alice in the presence of Eve. The performance of the presented framework is quantified through extensive experimental results in an outdoor environment, where various nodes' positions, relative distances, and pedestrian speeds scenarios are considered. The obtained results demonstrate the robustness of the underlying model, where an authentication rate of 99% for the static case can be achieved. Meanwhile, at the pedestrian speed, the authentication rate can drop to 85%. On the other hand, the detection rate improves when the distance between the legitimate and wiretap links is large (exceeds 20 meters) or when Alice and Eve are moving in different mobility patterns.

Physically Unclonable Functions (PUFs) are hardware-based security primitives that utilize manufacturing process variations to realize binary keys (Weak PUFs) or binary functions (Strong PUFs). This primitive is desirable for key generation and authentication in constrained devices, due to its low power and low area overhead. However, in recent years many research papers are focused on the vulnerability of PUFs to modeling attacks. This attack is possible because the PUFs challenge and response exchanges are usually transmitted over communication channel without encryption. Thus, an attacker can collect challenge-response pairs and use it as input into a learning algorithm, to create a model that can predict responses given new challenges. In this paper we introduce a serial and a parallel novel 64-bits memory-based controlled PUF (Mc-PUF) architecture for device authentication that has high uniqueness and randomness, reliable, and resilient against modeling attacks. These architectures generate a response by utilizing bits extracted from the fingerprint of a synchronous random-access memory (SRAM) PUF with a control logic. The synthesis of the serial architecture yielded an area of 1.136K GE, while the parallel architecture was 3.013K GE. The best prediction accuracy obtained from the modeling attack was 50%, which prevents an attacker from accurately predicting responses to future challenges. We also showcase the scalability of the design through XOR-ing several Mc-PUFs, further improving upon its security and performance. The remainder of the paper presents the proposed architectures, along with their hardware implementations, area and power consumption, and security resilience against modeling attacks. The 3-XOR Mc-PUF had the greatest overhead, but it produced the best randomness, uniqueness, and resilience against modeling attacks.

The industrial Internet has built a new industrial manufacturing and service system with all elements, all industrial chains and all value chains connected through the interconnection of people, machines and things. It breaks the relatively closed and credible production environment of traditional industry. But at the same time, the full interconnection of cross-device, cross-system, and cross-region in the industrial Internet also brings a certain network trust crisis. The method proposed in this paper breaking the relatively closed manufacturing environment of traditional industries, extends the network connection object from human to machine equipment, industrial products and industrial services. It provides a safe and credible environment for the development of industrial Internet, and a trust guarantee for the across enterprises entities and data sharing.

This paper aims to identify Wi-SUN devices using physical layer fingerprint. We first extract physical layer features based on the received Wi-SUN signals, especially focusing on device-specific clock skew and frequency deviation in FSK modulation. Then, these physical layer fingerprints are used to train a machine learning-based classifier and the resulting classifier finally identifies the authorized Wi-SUN devices. Preliminary experiments on Wi-SUN certified chips show that the authenticator with the proposed physical layer fingerprints can distinguish Wi-SUN devices with 100 % accuracy. Since no additional computational complexity for authentication is involved on the device side, our approach can be applied to any Wi-SUN based IoT devices with security requirements.

The security proposed for Vehicle-to-Everything (V2X) systems in the European Union is specified in the ETSI Cooperative Intelligent Transport System (C-ITS) standards, and related documents are based on the trusted PKI/CAs. The C-ITS trust model platform comprises an EU Root CA and additional Root CAs run in Europe by member state authorities or private organizations offering certificates to individual users. A new method is described in this paper where the security in V2X is based on the Distributed Public Keystore (DPK) platform developed for Ethereum blockchain. The V2X security is considered as one application of the DPK platform. The DPK stores and distributes the vehicles, RSUs, or other C-ITS role-players’ public keys. It establishes a generic key exchange/ agreement scheme that provides mutual key, entity authentication, and distributing a session key between two peers. V2X communication based on this scheme can establish an end-to-end (e2e) secure session and enables vehicle authentication without the need for a vehicle certificate signed by a trusted Certificate Authority.

To ensure traffic safety and proper operation of vehicular networks, safety messages or beacons are periodically broadcasted in Vehicular Adhoc Networks (VANETs) to neighboring nodes and road side units (RSU). Thus, authenticity and integrity of received messages along with the trust in source nodes is crucial and highly required in applications where a failure can result in life-threatening situations. Several digital signature based approaches have been described in literature to achieve the authenticity of these messages. In these schemes, scenarios having high level of vehicle density are handled by RSU where aggregated signature verification is done. However, most of these schemes are centralized and PKI based where our goal is to develop a decentralized dynamic system. Along with authenticity and integrity, trust management plays an important role in VANETs which enables ways for secure and verified communication. A number of trust management models have been proposed but it is still an ongoing matter of interest, similarly authentication which is a vital security service to have during communication is not mostly present in the literature work related to trust management systems. This paper proposes a secure and publicly verifiable communication scheme for VANET which achieves source authentication, message authentication, non repudiation, integrity and public verifiability. All of these are achieved through digital signatures, Hash Message Authentication Code (HMAC) technique and logging mechanism which is aided by blockchain technology.

Nowadays the use of Wi-Fi has been widely used in public places, such as in restaurants. The use of Wi-Fi in public places has a very large security vulnerability because it is used by a wide variety of visitors. Therefore, this study was conducted to evaluate the security of the WLAN network in restaurants. The methods used are Vulnerability Assessment and Penetration Testing. Penetration Testing is done by conducting several attack tests such as Deauthentication Attack, Evil Twin Attack with Captive Portal, Evil Twin Attack with Sniffing and SSL stripping, and Unauthorized Access.

The revolution caused by the advanced analysis features of Internet of Things and big data have made a big turnaround in the digital world. Data analysis is not only limited to collect useful data but also useful in analyzing information quickly. Therefore, most of the variants of the shared system based on the parallel structural model are explored simultaneously as the appropriate big data storage library stimulates researchers’ interest in the distributed system. Due to the emerging digital technologies, different groups such as healthcare facilities, financial institutions, e-commerce, food service and supply chain management generate a surprising amount of information. Although the process of statistical analysis is essential, it can cause significant security and privacy issues. Therefore, the analysis of data privacy protection is very important. Using the platform, technology should focus on providing Advanced Cryptography Policy (ACP). This research explores different security risks, evolutionary mechanisms and risks of privacy protection. It further recommends the post-statistical modern privacy protection act to manage data privacy protection in binary format, because it is kept confidential by the user. The user authentication program has already filed access restrictions. To maintain this purpose, everyone’s attitude is to achieve a changing identity. This article is designed to protect the privacy of users and propose a new system of restoration of controls.

As a new service-oriented computing paradigm, cloud computing facilitates users to share and use resources. However, due to the dynamic and openness of its operating environment, only relying on traditional identity authentication technology can no longer fully meet the security requirements of cloud computing. The trust evaluation of user behavior has become the key to improve the security of cloud computing. Therefore, in view of some problems existing in our current research on user behavior trust, this paper optimizes and improves the construction of the evaluation index system and the calculation of trust value, and proposes a cloud end-user behavior trust evaluation model based on sliding window. Finally, the model is proved to be scientific and effective by simulation experiments, which has certain significance for the security protection of cloud resources.

Recently, it is predicted that interworking between heterogeneous devices will be accelerated due to the openness of the IoT (Internet of Things) platform, but various security threats are also expected to increase. However, most IoT open platforms remain at the level that utilizes existing security technologies. Therefore, a more secure security technology is required to prevent illegal copying and leakage of important data through stealing, theft, and hacking of IoT devices. In addition, a technique capable of ensuring interoperability with existing standard technologies is required. This paper proposes an IoT device authentication method based on PUF (Physical Unclonable Function) that operates on an IoT open platform. By utilizing PUF technology, the proposed method can effectively respond to the threat of exposure of the authentication key of the existing IoT open platform. Above all, the proposed method can contribute to compatibility and interoperability with existing technologies by providing a device authentication method that can be effectively applied to the OCF Iotivity standard specification, which is a representative IoT open platform.

Modern IoT infrastructure consists of different sub-systems, devices, applications, platforms, varied connectivity protocols with distinct operating environments scattered across different subsystems within the whole network. Each of these subsystems of the global system has its peculiar computational and security challenges. A security loophole in one subsystem has a directly negative impact on the security of the whole system. The nature and intensity of recent cyber-attacks within IoT networks have increased in recent times. Blockchain technology promises several security benefits including a decentralized authentication mechanism that addresses almost readily the challenges with a centralized authentication mechanism that has the challenges of introducing a single point of failure that affects data and system availability anytime such systems are compromised. The different design specifications and the unique functional requirements for most IoT devices require a strong yet universal authentication mechanism for multimedia data that assures an additional security layer to IoT data. In this paper, the authors propose a decentralized authentication to validate data integrity at the IoT node level. The proposed mechanism guarantees integrity, privacy, and availability of IoT node data.

With smart vehicles interconnected with multiple systems and other entities, whether they are people or IoT devices, the importance of a digital identity for them has emerged. We present in this paper how a Self-Sovereign Identities combined with blockchain can provide a solution to this end, in order to decentralize the identity management and provide them with capabilities to identify the other entities they interact with. Such entities can be the owners of the vehicles, other drivers and workshops that act as service providers. Two use cases are examined along with the interactions between the participants, to demonstrate how a decentralized identity management solution can take care of the necessary authentication and authorization processes. Finally, we test the system and provide the measurements to prove its feasibility in real-life deployments.

Nowadays, biometric-based authentication systems are widely used. This fact has led to increased attacks on biometric data of users. Therefore, biometric template protection is sure to keep the attention of researchers for the security of the authentication systems. Many previous works proposed the biometric template protection schemes by transforming the original biometric data into a secure domain, or establishing a cryptographic key with the use of biometric data. The main purpose was that fulfill the all three requirements: cancelability, security, and performance as many as possible. In this paper, using random projection merged with fuzzy commitment, we will introduce a hybrid scheme of biometric template protection. We try to limit their own drawbacks and take full advantages of these techniques at the same time. In addition, an analysis of non-invertibility property will be exercised with regards to the use of random projection aiming at enhancing the security of the system while preserving the discriminability of the original biometric template.

Emerging technologies change the qualities of modern healthcare by employing smart systems for patient monitoring. To well use the data surrounding the patient, tiny sensing devices and smart gateways are involved. These sensing systems have been used to collect and analyze the real-time data remotely in Internet of Medical Thinks (IoM). Since the patient sensed information is so sensitive, the security and privacy of medical data are becoming challenging problem in IoM. It is then important to ensure the security, privacy and integrity of the transmitted data by designing a secure and a lightweight authentication protocol for the IoM. In this paper, in order to improve the authentication and communications in health care applications, we present a novel secure and anonymous authentication scheme. We will use elliptic curve cryptography (ECC) with random numbers generated by fuzzy logic. We simulate IoM scheme using network simulator 3 (NS3) and we employ optimized link state routing protocol (OLSR) algorithm and ECC at each node of the network. We apply some attack algorithms such as Pollard’s ρ and Baby-step Giant-step to evaluate the vulnerability of the proposed scheme.

The mechanism of Fog computing is a distributed infrastructure to provide the computations as same as cloud computing. The fog computing environment provides the storage and processing of data in a distributed manner based on the locality. Fog servicing is better than cloud service for working with smart devices and users in a same locale. However the fog computing will inherit the features of the cloud, it also suffers from many security issues as cloud. One such security issue is authentication with efficient key management between the communicating entities. In this paper, we propose a secured two-way authentication scheme with efficient management of keys between the user mobile device and smart devices under the control of the fog server. We made use of operations such as one-way hash (SHA-512) functions, bitwise XOR, and fuzzy extractor function to make the authentication system to be better. We have verified the proposed scheme for its security effectiveness by using a well-used analysis tool ProVerif. We also proved that it can resist multiple attacks and the security overhead is reduced in terms of computation and communication cost as compared to the existing methods.

The fusion of peer-to-peer (P2P) fog network and the traditional three-tier fog computing architecture allows fog devices to conjointly pool their resources together for improved service provisioning and better bandwidth utilization. However, any unauthorized access to the fog network may have calamitous consequences. In this paper, a new lightweight two-party authenticated and key agreement (AKA) protocol is proposed for fog-to-fog collaboration. The security analysis of the protocol reveals that it is resilient to possible attacks. Moreover, the validation of the protocol conducted using the broadly-accepted Automated Verification of internet Security Protocols and Applications (AVISPA) shows that it is safe for practical deployment. The performance evaluation in terms of computation and communication overheads demonstrates its transcendence over the state-of-the-art protocols.

Plagiarism checkers have been widely used to verify the authenticity of dissertation/project submissions. However, when non-verbatim plagiarism or online examinations are considered, this practice is not the best solution. In this work, we propose a better authentication system for online examinations that analyses the submitted text's stylometry for a match of writing pattern of the author by whom the text was submitted. The writing pattern is analyzed over many indicators (i.e., features of one's writing style). This model extracts 27 such features and stores them as the writing pattern of an individual. Stylometric Analysis is a better approach to verify a document's authorship as it doesn't check for plagiarism, but verifies if the document was written by a particular individual and hence completely shuts down the possibility of using text-convertors or translators. This paper also includes a brief comparative analysis of some simpler algorithms for the same problem statement. These algorithms yield results that vary in precision and accuracy and hence plotting a conclusion from the comparison shows that the best bet to tackle this problem is through Artificial Neural Networks.

The growing internet-based services such as banking and shopping have brought both ease to human's lives and challenges in user identity authentication. Different methods have been investigated for user authentication such as retina, finger print, and face recognition. This study introduces a photoplethysmogram (PPG) based user identity authentication relying on textural features extracted from time-frequency image. The PPG signal is segmented into segments and each segment is transformed into time-frequency domain using continuous wavelet transform (CWT). Then, the textural features are extracted from the time-frequency images using Haralick's method. Finally, a classifier is employed for identity authentication purposes. The proposed system achieved an average accuracy of 99.14% and 99.9% with segment lengths of one and tweeny seconds, respectively, using random forest classifier.

Security has become a significant factor of Internet of Things (IoT) and Cyber Physical Systems (CPS) wherein the devices usually vary in computing power and intrinsic hardware features. It is necessary to use security-by-design method in the development of these systems. This paper focuses on the security design issue about this sort of heterogeneous embedded systems and proposes a systematic approach aiming to achieve optimal security design objective.

Modern cars are becoming more accessible targets for cyberattacks due to the proliferation of wireless communication channels. The intra-vehicle Controller Area Network (CAN) bus lacks authentication, which exposes critical components to interference from less secure, wirelessly compromised modules. To address this issue, we propose vProfile, a sender authentication system based on voltage fingerprints of Electronic Control Units (ECUs). vProfile exploits the physical properties of ECU output voltages on the CAN bus to determine the authenticity of bus messages, which enables the detection of both hijacked ECUs and external devices connected to the bus. We show the potential of vProfile using experiments on two production vehicles with precision and recall scores of over 99.99%. The improved identification rates and more straightforward design of vProfile make it an attractive improvement over existing methods.