Abstract

The modern day traffic continues to evolve in termsof scale, autonomy and access to information. Every vehiclegathers information and contributes its decisions to the globalvehicular network every second. With the advent of 5G equippeddigital communication and sophisticated algorithms are in placefor the vehicles to communicate with each other in a closelymonitored, yet decentralized network, there is a need to ensurethat no form of incorrect data be propagated without priorvalidation. There is also a requirement of maintaining cache sincethere is no centralized network where all vehicles report theiractivities and gather information from, at a required speed. Thedistribution of cache is a major hurdle both in terms of validationand propagation. Cache poisoning can occur if a malicious vehicleor a compromised vehicle intentionally or unintentionally putsincorrect data and other vehicles use that data to skew their ownfuture decisions. In this paper, we explore different methodologiesto address and combat the cache poisoning scenarios and suggestan efficient and secure scheme for validation and distribution ofcache using the Directed Acyclic Graph (DAG) based ledger,which is based on Tangle™.

Abstract

User access control is a crucial requirement in any Internet of Things (IoT) deployment, as it allows one to provide authorization, authentication, and revocation of a registered legitimate user to access real-time information and/or service directly from the IoT devices. To complement the existing literature, we design a new three-factor certificateless-signcryption-based user access control for the IoT environment (CSUAC-IoT). Specifically, in our scheme, a user U's password, personal biometrics, and mobile device are used as the three authentication factors. By executing the login and access control phase of CSUAC-IoT, a registered user (U) and a designated smart device (Si) can authorize and authenticate mutually via the trusted gateway node (GN) in a particular cell of the IoT environment. In our setting, the environment is partitioned into disjoint cells, and each cell will contain a certain number of IoT devices along with a GN. With the established session key between U and Si, both entities can then communicate securely. In addition, CSUAC-IoT supports new IoT devices deployment, user revocation, and password/biometric update functionality features. We prove the security of CSUAC-IoT under the real-or-random (ROR) model, and demonstrate that it can resist several common attacks found in a typical IoT environment using the AVISPA tool. A comparative analysis also reveals that CSUAC-IoT achieves better tradeoff for security and functionality, and computational and communication costs, in comparison to five other competing approaches.

Abstract

In recent years, the Internet of Drones (IoD) has emerged as an important research topic in the academy and industry because it has several potential applications ranging from the civilian to military. In IoD environment, several drones, called Unmanned Aerial Vehicles (UAVs), are deployed in different flying zones that communicate each other to exchange crucial information, and then the information are collected by the Ground Station Server . All the drones and the are registered with a central trusted authority, Control Room prior to their deployment. Since the drones and the communicate over open channel (e.g., wireless medium), there are security and privacy issues in the IoD environment. To handle such issues, in this paper we introduce a blockchain-based access control scheme in the IoD environment that allows secure communication among the drones, and also among the drones and the . Secure data gathered by the form transactions, and those transactions are made into the blocks. The blocks are finally added in the blockchain by the cloud servers connected with the via the Ripple Protocol Consensus Algorithm (RPCA) in a peer-to-peer cloud server network. Once the blocks are added into the blockchain, the transactions containing in the blocks cannot be altered, modified or even removed. We provide all sorts of security analysis including formal security under the random oracle model, informal security and simulation-based formal security verification to assure that the proposed scheme can resist various potential attacks with high probability needed in an IoD environment. In addition, a meticulous comparative analysis among the proposed scheme and other closely related existing schemes shows that our scheme offers more functionality attributes and better security, and also low communication and computation costs as compared to other schemes.

Abstract

In recent years, the Internet of Things (IoT) has exploded in popularity. The smart home, as an important facet of IoT, has gained its focus for smart intelligent systems. As users communicate with smart devices over an insecure communication medium, the sensitive information exchanged among them becomes vulnerable to an adversary. Thus, there is a great thrust in developing an anonymous authentication scheme to provide secure communication for smart home environments. Most recently, an anonymous authentication scheme for smart home environments with provable security has been proposed in the literature. In this paper, we analyze the recent scheme to highlight its several vulnerabilities. We then address the security drawbacks and present a more secure and robust authentication scheme that overcomes the drawbacks found in the analyzed scheme, while incorporating its advantages too. Finally, through a detailed comparative study, we demonstrate that the proposed scheme provides significantly better security and more functionality features with comparable communication and computational overheads with similar schemes.

Abstract

The sinkhole attack in an edge-based Internet of Things (IoT) environment (EIoT) can devastate and ruin the whole functioning of the communication. The sinkhole attacker nodes (SHAs) have some properties (for example, they first attract the other normal nodes for the shortest path to the destination and when normal nodes initiate the process of sending their packets through that path (i.e., via SHA), the attacker nodes start disrupting the traffic flow of the network). In the presence of SHAs, the destination (for example, sink node i.e., gateway/base station) does not receive the required information or it may receive partial or modified information. This results in reduction of the network performance and degradation in efficiency and reliability of the communication. In the presence of such an attack, the throughput decreases, end-to-end delay increases and packet delivery ratio decreases. Moreover, it may harm other network performance parameters. Hence, it becomes extremely essential to provide an effective and competent scheme to mitigate this attack in EIoT. In this paper, an intrusion detection scheme to protect EIoT environment against sinkhole attack is proposed, which is named as SAD-EIoT. In SAD-EIoT, the resource rich edge nodes (edge servers) perform the detection of different types of sinkhole attacker nodes with the help of exchanging messages. The practical demonstration of SAD-EIoT is also provided using the well known NS2 simulator to compute the various performance parameters. Additionally, the security analysis of SAD-EIoT is conducted to prove its resiliency against various types of SHAs. SAD-EIoT achieves around 95.83% detection rate and 1.03% false positive rate, which are considerably better than other related existing schemes. Apart from those, SAD-EIoT is proficient with respect to computation and communication costs. Eventually, SAD-EIoT will be a suitable match for those applications which can be used in critical and sensitive operations (for example, surveillance, security and monitoring systems).

Abstract

Digital networks connect an increasing number of users, sensors, and devices, which communicate, access, share, and analyze data. This phenomenon of diverse data generation is recognized as Big data. While people are benefiting from the convenience added by Big data, they also meet direct threats to privacy and data security. As Big data is massive, it needs an effective security framework with energy-efficient computing environment. Signcryption technique combines both encryption and signature to present an efficient solution. To address threats to data security, chosen cipher security and chosen message security are two important attributes. This means that it is very important to design an efficient framework where we can address these issues. This article introduces an identity-based signcryption technique by combining encryption as well as signature, which provides a solution for secure and authenticated communication in the Big data environment, called SFEEC (security framework for energy-efficient computing). SFEEC fulfills the requirements of less computation and communication overheads by offering pairing-free computation at the user end. SFEEC is also proven under the “indistinguishable against chosen ciphertext” and “secure against chosen message” attacks in the standard model.

Abstract

In the Internet of Vehicles (IoV), secure information sharing among vehicles is crucial in order to upgrade driving safety as well as to strengthen vehicular services. However, public communication among vehicles leads to various potential attacks, such as replay, man-in-the-middle, impersonation, unlinkability and traceability attacks. To address this issue, we design a new conditional privacy preserving batch verification-based authentication mechanism in the IoV environment using Elliptic Curve Cryptography (ECC) technique, where a vehicle can authenticate its neighbor vehicle and also a Road-Side Unit (RSU) can authenticate its nearby vehicles in a batch. The proposed scheme is shown to be highly secure against a passive/active adversary through various security analysis, such as random oracle based formal security, formal security verification via automated simulation tool, and also informal security analysis. An exhaustive comparative analysis reveals that the proposed scheme offers better security and functionality attributes, and comparable storage, communication and computation overheads when these are compared with the relevant schemes.

Abstract

With the ever-increasing rate of adoption of internet-enabled smart devices, the allure of greater integration of technologies, such as smart home, smart city, and smart grid into everyday life is undeniable. However, this trend inevitably leaves a massive amount of information and infrastructure connected to the public Internet, which exposes the data to many security threats and challenges. In this paper, we discuss the need for fine-grained user access control for IoT smart devices. The inherently distributed nature of IoT environment necessitates the support of multi-authority attribute-based encryption (ABE) for the implementation of fine-grained access control. Therefore, we present a secure fine-grained user access control scheme for data usage in the IoT environment. The proposed scheme is a three-factor user access control scheme, which supports multi-authority ABE and it is highly scalable as both the ABE key size stored in the user’s smart card and ciphertext size needed for authentication request are constant with respect to the number of attributes. Through the formal and informal security analysis, we show that the proposed scheme is secure and robust against several potential attacks required in an IoT environment. Moreover, we demonstrate that the proposed scheme performs at par or better than existing schemes while providing greater functionality features.

Abstract

The demand for remote data storage and computation services is increasing exponentially in our data-driven society; thus, the need for secure access to such data and services. In this paper, we design a new biometric-based authentication protocol to provide secure access to a remote (cloud) server. In the proposed approach, we consider biometric data of a user as a secret credential. We then derive a unique identity from the user's biometric data, which is further used to generate the user's private key. In addition, we propose an efficient approach to generate a session key between two communicating parties using two biometric templates for a secure message transmission. In other words, there is no need to store the user's private key anywhere and the session key is generated without sharing any prior information. Extensive experiments and a comparative study demonstrate the efficiency and utility of the proposed approach.

Abstract

Global industry is undergoing major transformations with the genesis of a new paradigm known as the Internet of Things (IoT) with its underlying technologies. Many company leaders are investing more effort and money in transforming their services to capitalize on the benefits provided by the IoT. Thereby, the decision makers in public waste management do not want to be outdone, and it is challenging to provide an efficient and real-time waste management system. This paper proposes a solution (hardware, software, and communications) that aims to optimize waste management and include a citizen in the process. The system follows an IoT-based approach where the discarded waste from the smart bin is continuously monitored by sensors that inform the filling level of each compartment, in real-time. These data are stored and processed in an IoT middleware providing information for collection with optimized routes and generating important statistical data for monitoring the waste collection accurately in terms of resource management and the provided services for the community. Citizens can easily access information about the public waste bins through the Web or a mobile application. The creation of the real prototype of the smart container, the development of the waste management application and a real-scale experiment use case for evaluation, demonstration, and validation show that the proposed system can efficiently change the way people deal with their garbage and optimize economic and material resources. View Full-Text