Abstract

Software‐defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data‐forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built‐in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state‐of‐the‐art SDN controllers and the available countermeasures. Furthermore, an in‐depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.

Abstract

Secure access of the real-time data from the IoT smart devices (e.g., vehicles) by a legitimate external party (user) is an important security service for Big Data collection in Internet of Things (IoT)-based Intelligent Transportation System (ITS). To deal with this important issue, we design a new three-factor user authentication scheme, called UAP-BCIoT, which relies on Elliptic Curve Cryptography (ECC). The mutual authentication between the user and an IoT device happens via the semi-trusted Cloud-Gateway (CG) node in UAP-BCIoT. UAP-BCIoT supports several functionality features needed for IoT-based ITS environment including IoT smart device credential validation and Big Data analytics. A detailed security analysis is conducted based on the defined threat model to show that UAP-BCIoT is resilient against many known attacks. A thorough comparative study reveals that UAP-BCIoT supports better security, offers various functionality attributes, and also provides similar costs in communication as well computation as compared to other relevant schemes Finally, the practical demonstration of the proposed UAP-BCIoT is also provided to measure its impact on the network performance parameters.

Abstract

Drones, which are also known as Unmanned Aerial Vehicles (UAVs), are very useful in delivering the packages, and real-time object detection and tracking with minimal human interference. However, there may be several security threats in such an environment, for instance, a malicious user can spy unauthorized drones, transfer malicious packages, or even damage the network reliability that can have direct impact on drones control. This may lead to a potential threat for people, governments, and business sectors. To deal with these issues, in this paper, we propose a novel access control scheme for unauthorized UAV detection and mitigation in an Internet of Drones (IoD) environment, called ACSUD-IoD. With the help of the blockchain-based solution incorporated in ACSUD-IoD, the transactional data having both the normal secure data from a drone (UAV) to the Ground Station Server and the abnormal (suspected) data for detection of unauthorized UAVs by the are stored in private blockchain, that are authentic and genuine. As a result, the Big data analytics can be performed on the authenticated transactional data stored in the blockchain. Through the detailed security analysis including formal security under the broadly-accepted Real-Or-Random (ROR) model, formal security verification using the widely-applied Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and non-mathematical security analysis show the robustness of the proposed scheme against a number of potential attacks needed in an IoD environment. The testbed experiments for various cryptographic primitives using the broadly-accepted Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) have been performed under both server and Raspberry PI 3 configurations. Furthermore, a detailed comparative analysis among the proposed scheme and other existing competing schemes shows the efficacy and more robustness as compared to the existing schemes. Finally, the blockchain-based practical demonstration shows the effectiveness of the proposed scheme.

Abstract

5G mobile communication systems promote the mobile network to not only interconnect people, but also interconnect and control the machine and other devices. 5G-enabled Internet of Things (IoT) communication environment supports a wide-variety of applications, such as remote surgery, self-driving car, virtual reality, flying IoT drones, security and surveillance and many more. These applications help and assist the routine works of the community. In such communication environment, all the devices and users communicate through the Internet. Therefore, this communication agonizes from different types of security and privacy issues. It is also vulnerable to different types of possible attacks (for example, replay, impersonation, password reckoning, physical device stealing, session key computation, privileged-insider, malware, man-in-the-middle, malicious routing, and so on). It is then very crucial to protect the infrastructure of 5G-enabled IoT communication environment against these attacks. This necessitates the researchers working in this domain to propose various types of security protocols under different types of categories, like key management, user authentication/device authentication, access control/user access control and intrusion detection. In this survey paper, the details of various system models (i.e., network model and threat model) required for 5G-enabled IoT communication environment are provided. The details of security requirements and attacks possible in this communication environment are further added. The different types of security protocols are also provided. The analysis and comparison of the existing security protocols in 5G-enabled IoT communication environment are conducted. Some of the future research challenges and directions in the security of 5G-enabled IoT environment are displayed. The motivation of this work is to bring the details of different types of security protocols in 5G-enabled IoT under one roof so that the future researchers will be benefited with the conducted work.

Abstract

Access control is one of the important security services that is essential for an Internet of Things (IoT)-enabled authorized user using his/her smart mobile device to authenticate with the trusted Hospital Authority (HA) in a hospital. After mutual authentication, a secret key is established among the user and HA for secure data transmission. The secure data (transactions) gathered by the HA from the users in the hospital is encrypted using a shared key among various trusted hospital authorities involved in the private blockchain network of hospitals. The HA of each hospital is responsible for constructing the blocks in the blockchain using the encrypted transactions because the data in healthcare application is treated as confidential and private. To deal with this important problem, we design a novel access control scheme using private blockchain technology. The proposed scheme is shown to be secure against various well-known attacks. Moreover, the proposed scheme provides better security and functionality features, and also requires low communication and computational costs as compared to relevant approaches.

Abstract

6G-enabled network in a box (NIB) is a multi- generational, rapidly deployable hardware and software technology for the communication. 6G-enabled NIB provides high level of flexibility which makes it capable to provide connectivity services for different types of applications as it is effective for the communications of after disaster scenario battlefields scenario and industrial scenario. In 6G-enabled NIB deployed industrial applications, various passive and active attacks are possible because the involved entities communicate over insecure channel. In this paper, a new remote user authentication and key management scheme is proposed for securing 6G-enabled NIB deployed for industrial applications, which we call in short as UAKMS-NIB. The security analysis shows the resilience of the UAKMS-NIB against various types of possible attacks. The practical demonstration of UAKMS-NIB is also provided to measure its impact on the network performance parameters.

Abstract

With the emergence of the concept of smart city and the increasing demands for a range of vehicles, Internet of Vehicles (IoV) has achieved a lot of attention by providing multiple benefits, including vehicle emergence, accidents, levels of pollution, and traffic congestion. Moreover, IoV provides various services by combining vehicular ad-hoc networks (VANET) with the Internet of Things (IoT) in smart cities. However, the communication among vehicles is susceptible to various security threats because the sensitive message is transmitted via a insecure channel in the IoV-based smart city environment. Thus, a secure message authentication protocol is indispensable to ensure various services for IoV in a smart city environment. In 2020, a secure message authentication protocol for IoV communication in smart cities has been proposed. However, we discover that the analyzed scheme suffers from various potential attacks such as impersonation, secret key disclosure, and off-line guessing attacks, and also does not ensure authentication. To solve the security threats of the analyzed scheme, we design a secure and efficient message authentication protocol for IoV in a smart city environment, called IoV-SMAP. The proposed IoV-SMAP can resist security drawbacks and provide user anonymity, and mutual authentication. We demonstrate the security of IoV-SMAP by performing informal and formal analyses such as the Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Application (AVISPA) simulations. In addition, we compare the performance of IoV-SMAP with related existing competing authentication schemes. We demonstrate that IoV-SMAP provides better security along with efficiency than related competing schemes and is suitable for the IoV-based smart city environment.

Abstract

As the communications among the vehicles, theRoad-Side Units(RSU)and the Edge Servers(ES)take placevia wireless communication and the Internet, an adversary maytake the opportunity to tamper with the data communicatedamong various entities in an Internet of Vehicles (IoV) envi-ronment. Therefore, it demands secure communication amongthe involved entities in an IoV-based Intelligent TransportationSystem (ITS) deployment. In this work, we design a newblockchain-enabled certificate-based authentication scheme forvehicle accident detection and notification in ITS, called BCAS-VADN. In BCAS-VADN, through the authentication process, eachvehicle can securely notify accident related transactions to itsnearby Cluster Head(CH), if an accident is detected on roadseither by its own or neighbor vehicle(s). TheCHthen securelysends the transactions received from the vehicles to itsRSUand subsequently, these transactions are also received secretlyby theESs. TheESis responsible for preparing partial blockcontaining transactions and Merkle tree root, and a digital signa-ture on those information, and then forwarding to its associatedCloud Server(CS)in the Blockchain Center(BC)for completeblock creation, verification and addition of the block using thedesigned consensus process. Due to blockchain technology usage,it is shown that BCAS-VADN is not only secure against variouspotential attacks, but also maintains transparency, immutabilityand decentralization of the information. Furthermore, a compre-hensive comparative analysis reveals that BCAS-VADN achievesbetter security and more functionality attributes, and has lowcommunication and computational overheads as compared toother competitive authentication schemes in IoV. In addition,the practical demonstration using the blockchain technology hasbeen also provided.

Abstract

Agriculture is a vital area for the sustenance ofmankind engulfing manufacturing, security, traceability, andsustainable resource management. With the resources recedingexpeditiously, it is of utmost significance to innovate techniquesthat help in the subsistence of agriculture. The growth of Internetof Things (IoT) and Blockchain technology as two rapidlyemerging fields can ameliorate the state of food chain today. Thispaper provides a rigorous literature review to inspect the state-of-the-art development of the schemes that provide informationsecurity using blockchain technology. After identifying the corerequirements in smart agriculture, a generalized blockchain-based security architecture has been proposed. A detailed costanalysis has been conducted on the studied schemes. A meticu-lous comparative analysis uncovered the drawbacks in existingresearch. Furthermore, detailed analysis of the literature has alsorevealed the security goals towards which the research has beendirected and helped to identify new avenues for future researchusing artificial intelligence.

Abstract

Recent technological evolution in the Internet ofThings (IoT) age supports better solutions to magnify themanagement of the power quality and reliability concerns, andimposes the measures of a smart grid. In smart grid environment,a smart meter needs to securely access the services from a serviceprovider via insecure channel. However, since the communicationis via public channel, it imposes various security threats byan adversary. To deal to this, in this article we design a newanonymous signature-based authenticated key exchange schemefor IoT-enabled smart grid environment, called AAS-IoTSG.The dynamic smart meter addition phase is also permissiblein AAS-IoTSG after initial deployment. The security of AAS-IoTSG has been tested rigorously using formal security analysisunder the Real-Or-Random (ROR) model which is one of thebroadly-accepted standard random oracle models, formal secu-rity verification under the broadly-used Automated Validationof Internet Security Protocols and Applications (AVISPA) tooland also using informal security analysis. Finally, an exhaustivecomparative study unveils that AAS-IoTSG supports bettersecurity & functionality features and requires less communication& computation overheads as compared to the existing state-of-artauthentication mechanisms in smart grid systems