Abstract

Fog computing as an extension to the cloud computing infrastructure has been invaluable in enhancing the applicability of the Internet of Things (IoT) paradigm. IoT based Fog systems magnify the range and minimize the latency of IoT applications. However, as fog nodes are considered transient and they offer authenticated services, when an IoT end device loses connectivity with a fog node, it must authenticate freshly with a secondary fog node. In this work, we present a new security mechanism to leverage the initial authentication to perform fast lightweight secondary authentication to ensure smooth failover among fog nodes. The proposed scheme is secure in the presence of a current de-facto Canetti and Krawczyk (CK)-adversary. We demonstrate the security of the proposed scheme with a detailed security analysis using formal security under the broadly recognized Real-Or-Random (ROR) model, informal security analysis as well as through formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool. A testbed experiment for measuring computational time for different cryptographic primitives using the Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) has been done. Finally, through comparative analysis with other related schemes, we show how the presented approach is uniquely advantageous over other schemes.

Abstract

Due to wide-spread use of the Information and Communications Technology (ICT) and Internet of Things (IoT) enabled smart devices, called unmanned aerial vehicles (UAVs) (popularly known as drones), a lot of potential applications of Internet of Drones (IoD) are available ranging from the military to civilian applications. Access control mechanism is an important potential security service that is needed to secure communication among the drones in their respective flying zones, and also among the drones and the Ground Service Station (GSS). In 2021, Chaudhry et al. proposed a certificate based generic access control scheme for IoD environment, called GCACS-IoD. Their claims about the possible security attacks resistant of GCACS-IoD is not justified. In fact, we first prove that GCACS-IoD is unable to protect the disclosure of the private key rCR of the trusted control room (CR), which is extremely unfortunate careless design flaw and it leads to compromise the entire network. Using the disclosed private key rCR , we further show that GCACS-IoD is completely insecure against other serious attacks, such as malicious drones deployment attack, drone/GSS impersonation attacks and Ephemeral Secret Leakage (ESL) attack, which lead to compromise the session key between any two drones communicating in a particular flying zone. We thus feel that there is a strong need to remedy such serious weaknesses found in Chaudhry et al. ’s GCACS-IoD. An improved certificate-enabled generic access control scheme for IoD deployment, called as i GCACS-IoD, has been suggested, which overcomes the weaknesses found in the previous GCACS-IoD. The practical demonstration of i GCACS-IoD has been done through formal security verification and also through NS2 simulation study.

Abstract

A substantial number of authentication protocols are designed to safeguard vehicular ad-hoc network (VANET) communication from potential attacks; however, they experienced an inability to provide a balance between lightweight and security. Existing security and privacy-preserving based authentication protocols in vehicular networks mostly rely on the trusted authority and signatures to validate the communication on road. Accomplishing the quick validation and correspondence is difficult in such methodologies and further, they endure execution obliges from coming about overhead. To overcome these issues, we have developed an enhanced lightweight and secure authentication protocol (ELSAP) for V2V Communication in VANETs. Moreover, the scheme withheld with self-authentication prior to communication that enhances the network feasibilities, which in return needs less message transfer during authentication as well as communication, indicates lightweight features. Furthermore, two or more vehicles can securely perform mutual authentication, proven by Burrow–Abadi–Needham (BAN) logic. Additionally, the competency of the proposed protocol against the current updated threats is shown via security analysis and comparisons tools such as Automated Validation of Internet Security Protocols and Applications (AVISPA). The result of the performance analysis shows that the communication cost and computational cost outperformed the earlier authentication schemes alongside the security features of the proposed protocol.

Abstract

In the Internet of Vehicles (IoV), numerous potential applications have come up with the use of the Internet of Things (IoT)-empowered smart devices. In IoV, vehicles, roads, street signs and traffic lights can accordingly adjust to changing conditions in order to assist drivers, and also to improve safety, ease congestion and pollution reduction. Since various entities in an IoV environment make communications over public channels, there are potential security threats. To deal with such serious threats, we design a new blockchain-assisted certificateless key agreement protocol for IoV in smart transportation context, called Block-CLAP. To manage the dynamic vehicles efficiently, the vehicles are grouped into the dynamic clusters, and each cluster will have a cluster head (CH) with its members as other neighbor vehicles and an road-side unit (RSU). In Block-CLAP, through authentication key management, data reach to the CH and then to its nearby RSU securely using the established secret keys. The cloud server then securely collects the information from its attached RSUs and create the transactions. Later, the transactions are formed into blocks by the cloud server (CS) in a Peer-to-Peer (P2P) cloud servers network, and the blocks are verified and added through voting-based consensus algorithm in the blockchain. The detailed security analysis through formal, informal and formal security verification, and comparative study show that Block-CLAP provides superior security and has low communication and computational overheads as compared with other existing competing authentication schemes in the IoV environment. Finally, the blockchain-based implementation of Block-CLAP has been performed to measure computational time needed for a varied number of transactions per block and also for a varied number of blocks mined in the blockchain.

Abstract

Surveillance drones, called as unmanned aerial vehicles (UAV), are aircrafts that are utilized to collect video recordings, still images, or live video of the targets, such as vehicles, people or specific areas. Particularly in battlefield surveillance, there is high possibility of eavesdropping, inserting, modifying or deleting the messages during communications among the deployed drones and ground station server (GSS). This leads to launch several potential attacks by an adversary, such as main-in-middle, impersonation, drones hijacking, replay attacks, etc. Moreover, anonymity and untarcebility are two crucial security properties that need to be maintained in battlefield surveillance communication environment. To deal with such a crucial security problem, we propose a new access control protocol for battlefield surveillance in drone-assisted Internet of Things (IoT) environment, called ACPBS-IoT. Through the detailed security analysis using formal and informal (non-mathematical), and also the formal security verification under automated software simulation tool, we show the proposed ACPBS-IoT can resist several potential attacks needed in battlefield surveillance scenario. Furthermore, the testbed experiments for various cryptographic primitives have been performed for measuring the execution time. Finally, a detailed comparative study on communication and computational overheads, and security as well as functionality features reveals that the proposed ACPBS-IoT provides superior security and more functionality features, and better or comparable overheads than other existing competing access control schemes.

Abstract

A blockchain-based smart farming technology provides the agricultural data to the farmers and other users associated with smart farming on a single integrated platform. Moreover, persistence and auditability of stored data in blocks into the blockchain provide the confidence of using the correct data when needed later and adds transparency, anonymity, and traceability at the same time. To fulfill such a goal, in this article, we design a new smart contract-based blockchainenvisioned authenticated key agreement mechanism in a smart farming environment. The device-to-device (D2D) authentication phase and device-to-gateway (D2G) authentication phase support mutual authentication and key agreement between two Internetof-Things (IoT)-enabled devices and between an IoT device and the gateway node (GWN) in the network, respectively. The blocks are created by the edge servers on the authenticated data of IoT devices received from the GWNs and then sent to the cloud server (CS). The smart contract-based consensus mechanism allows verification and addition of the formed blocks by a peer-to-peer (P2P) CSs network. The security of the proposed scheme is done through formal and informal security analysis, and also using the formal security verification tool. A detailed comparative study reveals that the proposed scheme offers superior security and more functionality features as compared to existing competing authentication protocols. Finally, the blockchain-based simulation has been conducted to measure computational time for a varied number of mined blocks and also a varied number of transactions per block.

Abstract

Internet of Vehicles (IoV), a distributed network involving connected vehicles and Vehicular Ad Hoc Networks (VANETs), allows connected vehicles to communicate with other Internet-connected entities in real time. The communications among these entities (e.g. vehicles, pedestrians, fleet management systems, and road-side infrastructure) generally take place via an open channel. In other words, such an open communication can be targeted by the adversary to eavesdrop, modify, insert fabricated (or malicious) messages, or delete any data-in-transit; thus, resulting in replay, impersonation, man-in-the-middle, privileged-insider, and other related attacks. In addition to security, anonymity and untraceability are two other important features that should be achieved in an authentication protocol. In this paper, we propose a new mutual authentication and key agreement protocol in an IoV-enabled Intelligent Transportation System (ITS). Using both formal and informal security analysis, as well as formal security verification using an automated verification tool, we show that the proposed scheme is secure against several known attacks in an IoV-enabled ITS environment. Furthermore, a detailed comparative analysis shows that the proposed scheme has low communication and computational overheads, and offers better security and functionality attributes in comparison to seven other competing schemes. We also evaluate the performance of the proposed scheme using NS2.

Abstract

Nowadays, wireless sensor networks (WSNs) are essential for monitoring and data collection in many industrial environments. Industrial environments are usually huge. The distances between the devices located in them can be vast; in this case, the Industrial Internet of Things (IIoT) leads to greater productivity and efficiency of industries. Furthermore, the sensor devices in IIoT have limited memory and constrained processing power, and using gateway nodes is inevitable to cover these vast areas and manage communications between industrial sensors. Security threats such as compromised devices, denial of service, and leakage of confidential information can incur hefty expenses and irreparable damage to industrial systems. Hence, in the IIoT hierarchical architecture, anonymous and mutual authentication between users, gateway nodes, and sensor nodes is essential to protect users and the system’s security and privacy. In this article, we propose a lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-Based IIoT (LAPTAS). In LAPTAS, registered users can use their security smartcard to communicate with sensors and access their data. Moreover, the proposed scheme supports sensor node dynamic registration, password and biometric change, and revocation phase. Additionally, we evaluate and verify our scheme’s security formally using the Real-or-Random model and informally with the automatic cryptographic Protocol Verifier tool(ProVerif). Finally, our scheme is simulated by the OPNET network simulator and compared with other similar schemes to ensure that the LAPTAS meets all security and performance requirements.

Abstract

With the tremendous growth of Information and Communications Technology (ICT), Cyber Physical Systems (CPS) have opened the door for many potential applications ranging from smart grids and smart cities to transportation, retail, public safety and networking, healthcare and industrial manufacturing. However, due to communication via public channel occurring among various entities in an industrial CPS (ICPS) with the help of the 5G technology and Software-Defined Networking (SDN), it poses several potential security threats and attacks. To mitigate these issues, we propose a new three-factor user authentication and key agreement scheme (UAKA-5GSICPS) for 5G-enabled SDN based ICPS environment. UAKA-5GSICPS allows an authorized user to access the real-time data directly from some designated Internet of Things (IoT)-based smart devices provided that a successful mutual authentication among them is executed via their controller node in the SDN network. It is shown to be robust against various potential attacks through detailed security analysis including the simulation-based formal security verification. A detailed comparative study with the help of experimental results shows that UAKA-5GSICPS achieves better trade-off among security and functionality features, communication and computation overheads as compared to other existing competing schemes.

Abstract

Recent advances in Low Power Wide Area Network (LPWAN) are expected to augment the already prodigious proliferation of Industrial Internet of Things (IIoT). However, this unrepresented growth is tinged by the uncertainty of possible challenges in security and privacy. In this work, we propose a novel blockchain-envisioned fine grained user access control scheme for data security and scalability in IIoT environment. The proposed scheme supports multiple attribute authorities and also a constant size key and ciphertext. The data gathered by the IoT smart devices are encrypted using the cipher-policy attribute based encryption (CP-ABE) and sent to their nearby gateway nodes. Later, the gateway nodes form the transactions from the encrypted data from the smart devices which are used to form partial blocks. The partial blocks are then forwarded to the cloud server(s) in the peer-to-peer (P2P) network to convert them into full blocks, which are verified, mined and added into the blockchain using the voting-based practical Byzantine fault tolerance (PBFT) consensus algorithm. The proposed scheme also allows a user to access the secure data stored in the blocks into the blockchain using the CP-ABE mechanism. The security analysis demonstrates the robustness of the proposed scheme against various attacks, and the comparative study with related relevant schemes also highlights the advantage of the proposed scheme over existing approaches. Finally, a blockchain implementation of the presented scheme summarizes the computational costs for a varied number of transactions per block, and also for a varied number of blocks mined in the blockchain.