Abstract

The Internet of Intelligent Things (IoIT) communication environment can be utilized in various types of applications (for example, intelligent battlefields, smart healthcare systems, the industrial internet, home automation, and many more). Communications that happen in such environments can have different types of security and privacy issues, which can be resolved through the utilization of blockchain. In this paper, we propose a tutorial that aims in desiging a generalized blockchain-based secure authentication key management scheme for the IoIT environment. Moreover, some issues with using blockchain for a communication environment are discussed as future research directions. The details of different types of blockchain are also provided. Some of the widely-accepted consensus algorithms are then discussed. Next, we discuss different types of applications in blockchain-based IoIT communication environments. The details of the associated system models are provided, such as, the network and attack models for the blockchain-based IoIT communication environment, which are helpful in designing a security protocol for such an environment. A practical demonstration of the proposed generalized scheme is provided in order to measure the impact of the scheme on the performance of the essential parameters. Finally, some of the future research challenges in the blockch

Abstract

The Internet of Medical Things (IoMT) is a kind of connected infrastructure of smart medical devices along with software applications, health systems and services. These medical devices and applications are connected to healthcare systems through the Internet. The Wi-Fi enabled devices facilitate machine-to-machine communication and link to the cloud platforms for data storage. IoMT has the ability to make accurate diagnoses, with fewer mistakes and lower costs of care. IoMT with smartphone applications permits the patients to exchange their health related confidential and private information to the healthcare experts (i.e., doctors) for the better control of diseases, and also for tracking and preventing chronic illnesses. Due to insecure communication among the entities involved in IoMT, an attacker can tamper with the confidential and private health related information for example an attacker can not only intercept the messages, but can also modify, delete or insert malicious messages during communication. To deal this sensitive issue, we design a novel blockchain enabled authentication key agreement protocol for IoMT environment, called BAKMP-IoMT. BAKMP-IoMT provides secure key management between implantable medical devices and personal servers and between personal servers and cloud servers. The legitimate users can also access the healthcare data from the cloud servers in a secure way. The entire healthcare data is stored in a blockchain maintained by the cloud servers. A detailed formal security including the security verification of BAKMP-IoMT using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is performed to demonstrate its resilience against the different types of possible attack. The comparison of BAKMP-IoMT with relevant existing schemes is conducted which identifies that the proposed system furnishes better security and functionality, and also needs low communication and computational costs as compared to other schemes. Finally, the simulation of BAKMP-IoMT is conducted to demonstrate its impact on the performance parameters.

Abstract

The widespread use of mobile devices, sensors, and wireless sensor networks and the progressive development of the Internet of Things (IoT) has motivated medical and health-care societies to employ IoT to monitor, collect data, and communicate with patients using the wireless body area networks (WBANs). The collected data will make a lot of medical diagnosis applications of WBANs, which are obtained directly from the patients’ bodies. Therefore, because of the nature of wireless networks and freely accessible data feature over the public channel, the security and privacy of WBANs is the most critical concern for those who use it for health-care purposes. Accordingly, there is a need for an authentication scheme for letting a trusted user such as doctors or clinical personnel access to the sensor’s data from patients. In this paper, we propose a new lightweight hash-chain-based and forward secure authentication scheme for wireless body area networks in health-care IoT. Our scheme is secure against various known attacks obliged for WBANs. Additionally, we perform the formal security analysis using Real-or Random (ROR) model, and informal security on the proposed scheme, also, security verification of our scheme is validated by the ProVerif tool. Besides, our scheme is simulated by the OPNET network simulator and compared with several new schemes in terms of security and performance requirements. The simulation results and comparisons confirm that the proposed scheme is suitable for WBANs, and it supports more security features compared to related schemes.

Abstract

The Internet of Thing (IoT) is useful for connecting and collecting variable data of objects through the Internet, which makes to generate useful data for humanity. An indispensable enabler of IoT is the wireless sensor networks (WSNs). Many environments, such as smart healthcare, smart transportation and smart grid, have adopted WSN. Nonetheless, WSNs remain vulnerable to variety of attacks because they send and receive data over public channels. Moreover, the performance of IoT enabled sensor devices has limitations since the sensors are lightweight devices and are resource constrained. To overcome these problems, many security authentication protocols for WSNs have been proposed. However, many researchers have pointed out that preventing smartcard stolen and off-line guessing attacks is an important security issue, and guessing identity and password at the same time is still possible. To address these weaknesses, this paper presents a secure and efficient authentication protocol based on three-factor authentication by taking advantage of biometrics. Meanwhile, the proposed protocol uses a honey_list technique to protect against brute force and stolen smartcard attacks. By using the honey_list technique and three factors, the proposed protocol can provide security even if two of the three factors are compromised. Considering the limited performance of the sensors, we propose an efficient protocol using only hash functions excluding the public key based elliptic curve cryptography. For security evaluation of the proposed authentication protocol, we perform informal security analysis, and Real-Or-Random (ROR) model-based and Burrows Abadi Needham (BAN) logic based formal security analysis. We also perform the formal verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation software. Besides, compared to previous researches, we demonstrate that our proposed authentication protocol for WSNs systems is more suitable and secure than others.

Abstract

With advancements in engineering and science, the application dimensions of Cyber–Physical System (CPS) are increasing due to their improving efficiency, safety, reliability, usability and autonomy. By providing on-demand access to shared processing resources, cloud computing reduces infrastructure costs. Ensuring quality of service and information privacy and security is important in such environments. In this paper, we design a new authentication scheme related to the cloud-assisted CPS in two directions: (1) authentication between a user and a cloud server, and (2) authentication between a smart meter and a cloud server. In the former situation, any external party (user) can access the information stored in a cloud server provided that the user is legal and has the right to access information. In the later situation, a smart meter and a cloud server authentication is needed for secure communication of data stored in the cloud server. In both cases, both entities first mutually authenticate each other and only after successful authentication with the help of a trusted authority, establish a session key for their future secure communication. The proposed scheme deals with both the cases and provides high security as compared to other related works, which is shown through formal and informal security analysis. In addition, the mutual authentication using the widely-accepted Burrows–Abadi–Needham logic (BAN logic) and also formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool demonstrate further that the scheme is strong in security. Finally, the proposed scheme is shown to be efficient in terms of communication and computation costs as compared to those for other related existing schemes.

Abstract

Smart grid (SG) technology is regarded as the next generation of the power grid, which makes use of the two-way flows of electricity, as well as information, Pathways to a Smarter Power System. https://doi.org/10.1016/B978-0-08-102592-5.00013-2 © 2019 Elsevier Ltd. All rights reserved. 371 in order to build a broadly distributed automated energy delivery network. The Smart grid is a critical infrastructure that plays a critical role in the daily lives of people. Both the Smart Grid and its data must be protected from cyberattacks at all times [1, 2]. In SG, four components are present, namely sensing, control, communication, and actuation systems. The most important component of SG is the smart meter (SM), which consists of sensing and communication modules. In addition, there are service systems from the service providers (SPs), which consist of several modules for control, communication, and actuation. SMs are broadly used in homes for monitoring energy consumption in real time. Moreover, power pricing information to consumers is also provided by the SMs [3–6]. A detailed survey on SG including its applications can be found in [7–14]. In the following subsections, we now discuss the smart grid framework developed by the National Institute of Standards and Technology (NIST) and its taxonomy, based on domains and targeted research areas.

Abstract

As the “Internet communications infrastructure” develops to encircle smart devices, it is very much essential for designing suitable methods for secure communications with these smart devices, in the future Internet of Things (IoT) applications context. Due to wireless communication among the IoT smart devices and the gateway node (GWN), several security threats may arise in the IoT environment, including replay,man-in-the-middle, impersonation, malicious devices deployment,and physical devices capture attacks. In this article, to mitigate such security threats, we design a new certificate-based device access control scheme in IoT environment which is not only secure against mentioned attacks, but it also preserves anonymity property. A detailed security analysis using the widely accepted real-or-random (ROR) model-based formal security analysis, informal security analysis, and also formal security verification based on the broadly accepted automated validation of Internet security protocols and applications (AVISPAs) tool has been performed on the proposed scheme to show that it is secure against various known attacks. In addition, a comprehensive comparative analysis among the proposed scheme and other relevant schemes shows that a better trade off among the security and functionality attributes, communication, and computational costs is achieved for the proposed scheme as compared to other schemes.

Abstract

The combination of two overlapping technologies (bigdata and cloud computing) helps easy access to the evolving applications. In this context, there is a serious requirement of ensuring the transmission of data securely in order to improve the productivity over the public channel. Since the data collected by various sources are strictly private and confidential, there is also a great requirement to deal with the privacy preservation of the bigdata. To handle this issue, a new privacy-preserving bigdata collection technique in cloud computing environment, called 2PBDC, has been designed, which allows secure communication between the bigdata gateway nodes and the cloud servers. 2PBDC is shown to be secure against various known attacks against an active/passive adversary through the formal security verification as well as informal security analysis. A detailed comparative study among 2PBDC and other existing schemes has been conducted. This study shows that 2PBDC offers a better trade-off among the security and functionality features and communication and computation overheads while these are compared with other schemes.

Abstract

Fog computing (fog networking) is known as a decentralized computing infrastructure in which data, applications, compute as well as data storage are scattered in the most logical and efficient place among the data source (i.e., smart devices) and the cloud. It gives better services than cloud computing because it has better performance with reasonably low cost. Since the cloud computing has security and privacy issues, and fog computing is an extension of cloud computing, it is therefore obvious that fog computing will inherit those security and privacy issues from cloud computing. In this paper, we design a new secure key management and user authentication scheme for fog computing environment, called SAKA-FC. SAKAFC is efficient as it only uses the lightweight operations, such as one-way cryptographic hash function and bitwise exclusive-OR (XOR), for the smart devices as they are resource-constrained in nature. SAKAFC is shown to be secure with the help of the formal security analysis using the broadly accepted RealOr-Random (ROR) model, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also the informal security analysis. In addition, SAKA-FC is implemented for practical demonstration using the widely-used NS2 simulator.

Abstract

Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information technology along with computer systems with the purpose of compelling various organizations as well as companies to protect their systems and information from cyber attacks. Several cyber attacks are possible, such as viruses, phishing, Trojan horses, worms, Denial-ofService (DoS) attacks, illegal access (e.g., stealing intellectual property or confidential information) as well as control system attacks. In this article, we focus on importance of various standards in cyber defense, and architecture of cyber security framework. We discuss the security threats, attacks and measures in cyber security. We then discuss various standardization challenges in cyber security. We also discuss about the cyber security national strategy to secure cyberspace and also various government policies in protecting the cyber security. Finally, we provide some recommendations that are critical to cyber security and cyber defense. Keywords: Cyber security, Cyber attacks, Information security, Government policies, Standards.