Abstract

In recent years, the Internet of Things (IoT) enabled drones, also called as unmanned aerial vehicles (UAVs), are widely used in many applications ranging from military to civilian applications, such as wildlife monitoring. Since the drones provide a risk-free as well as low-cost facility in order to quickly and persistently monitor natural circumstances at high spacial temporal resolution, they help in wildlife monitoring research. Due to wireless communication nature, the communication among the deployed drones in their respective flying zones and the IoT smart devices installed in animal bodies, and also among the drones and their respective ground station server (GSS), is susceptible to various passive and active attacks. To mitigate these issues, we propose a public blockchain based access control implementation for wild-life monitoring purpose. The application of both access control and blockchain at the same time not only protects various attacks, but also maintains immutability, transparency as well as decentralization properties. Next, we simulate the proposed security framework for the blockchain part to measure the total computational time needed to add a varied number of blocks in a blockchain and also a varied number of transactions per block. Finally, a practical testbed experiment has been implemented to show the feasibility of the proposed framework. Index Terms—Wildlife monitoring, blockchain, consensus, access control, security, testbed experiments.

Abstract

Software-defined networking (SDN) is a programmable architecture for networking domain in which the security is provided by devising the network policies with the help of the network administrator. This is very cumbersome for the administrator to handle different attacks at various planes in SDN architecture. Blockchain can be used to prevent various attacks in SDN by providing a decentralization authentication environment. In this article, a secure Blockchain-based privacy-preserving protocol is proposed to thwart various security vulnerabilities in the SDN architecture. The proposed approach uses Modified-Delegated Proof of Stake as the consensus protocol to ensure safety and reliability in the network. Besides, a security protocol is designed using cryptographic primitives and analyzed using a detailed security analysis. Initially, the consensus protocols are implemented using solidity smart contracts and deployed to the public Blockchain using Ethereum. Consequently, the proposed approach is simulated on OMNet++ using INET framework. The experimental results show that the proposed SDN-Chain is secure, efficient, less incentive to centralize, and practically implementable in resource-limited wireless and mobile environments.

Abstract

Emerging next-generation Internet yields proper administration of a wide-ranging dynamic network to assist rapid ubiquitous resource accessibility, whilst providing higher channel bandwidth. Since its inception, the traditional static network infrastructure-based solutions involve manual configuration and proprietary controls of networked devices. It then leads to improper utilization of the overall resources, and hence experiences various security threats. Although transport layer security (TLS)-based solution is presently advocated in the said framework, it is vulnerable to many security threats like man-in-the-middle, replay, spoofing, privileged-insider, impersonation, and denial-of-service attacks. Moreover, the current settings of the said tool do not facilitate any secure and reliable mechanisms for data forwarding, application flow routing, new configuration deployment, and network event management. Also, it suffers from the single point of controller failure issue. In this paper, we propose a new private blockchain-enabled fine-grained access control mechanism for the SDN environment. In this regard, attribute-based encryption (ABE) and certificate-based access control protocol are incorporated. This proposed solution can resist several well-known security threats, and alleviate different system-level inconveniences. The formal and informal security inspections and performance-wise comparative study of the proposed scheme endorse better qualifying scores as compared to the other existing competing state-of-art schemes. Besides, the experimental testbed implementation and blockchain simulation show the implementation feasibility of the proposed mechanism.

Abstract

Fog computing as an extension to the cloud computing infrastructure has been invaluable in enhancing the applicability of the Internet of Things (IoT) paradigm. IoT based Fog systems magnify the range and minimize the latency of IoT applications. However, as fog nodes are considered transient and they offer authenticated services, when an IoT end device loses connectivity with a fog node, it must authenticate freshly with a secondary fog node. In this work, we present a new security mechanism to leverage the initial authentication to perform fast lightweight secondary authentication to ensure smooth failover among fog nodes. The proposed scheme is secure in the presence of a current de-facto Canetti and Krawczyk (CK)-adversary. We demonstrate the security of the proposed scheme with a detailed security analysis using formal security under the broadly recognized Real-Or-Random (ROR) model, informal security analysis as well as through formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool. A testbed experiment for measuring computational time for different cryptographic primitives using the Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL) has been done. Finally, through comparative analysis with other related schemes, we show how the presented approach is uniquely advantageous over other schemes.

Abstract

Due to wide-spread use of the Information and Communications Technology (ICT) and Internet of Things (IoT) enabled smart devices, called unmanned aerial vehicles (UAVs) (popularly known as drones), a lot of potential applications of Internet of Drones (IoD) are available ranging from the military to civilian applications. Access control mechanism is an important potential security service that is needed to secure communication among the drones in their respective flying zones, and also among the drones and the Ground Service Station (GSS). In 2021, Chaudhry et al. proposed a certificate based generic access control scheme for IoD environment, called GCACS-IoD. Their claims about the possible security attacks resistant of GCACS-IoD is not justified. In fact, we first prove that GCACS-IoD is unable to protect the disclosure of the private key rCR of the trusted control room (CR), which is extremely unfortunate careless design flaw and it leads to compromise the entire network. Using the disclosed private key rCR , we further show that GCACS-IoD is completely insecure against other serious attacks, such as malicious drones deployment attack, drone/GSS impersonation attacks and Ephemeral Secret Leakage (ESL) attack, which lead to compromise the session key between any two drones communicating in a particular flying zone. We thus feel that there is a strong need to remedy such serious weaknesses found in Chaudhry et al. ’s GCACS-IoD. An improved certificate-enabled generic access control scheme for IoD deployment, called as i GCACS-IoD, has been suggested, which overcomes the weaknesses found in the previous GCACS-IoD. The practical demonstration of i GCACS-IoD has been done through formal security verification and also through NS2 simulation study.

Abstract

A substantial number of authentication protocols are designed to safeguard vehicular ad-hoc network (VANET) communication from potential attacks; however, they experienced an inability to provide a balance between lightweight and security. Existing security and privacy-preserving based authentication protocols in vehicular networks mostly rely on the trusted authority and signatures to validate the communication on road. Accomplishing the quick validation and correspondence is difficult in such methodologies and further, they endure execution obliges from coming about overhead. To overcome these issues, we have developed an enhanced lightweight and secure authentication protocol (ELSAP) for V2V Communication in VANETs. Moreover, the scheme withheld with self-authentication prior to communication that enhances the network feasibilities, which in return needs less message transfer during authentication as well as communication, indicates lightweight features. Furthermore, two or more vehicles can securely perform mutual authentication, proven by Burrow–Abadi–Needham (BAN) logic. Additionally, the competency of the proposed protocol against the current updated threats is shown via security analysis and comparisons tools such as Automated Validation of Internet Security Protocols and Applications (AVISPA). The result of the performance analysis shows that the communication cost and computational cost outperformed the earlier authentication schemes alongside the security features of the proposed protocol.

Abstract

In the Internet of Vehicles (IoV), numerous potential applications have come up with the use of the Internet of Things (IoT)-empowered smart devices. In IoV, vehicles, roads, street signs and traffic lights can accordingly adjust to changing conditions in order to assist drivers, and also to improve safety, ease congestion and pollution reduction. Since various entities in an IoV environment make communications over public channels, there are potential security threats. To deal with such serious threats, we design a new blockchain-assisted certificateless key agreement protocol for IoV in smart transportation context, called Block-CLAP. To manage the dynamic vehicles efficiently, the vehicles are grouped into the dynamic clusters, and each cluster will have a cluster head (CH) with its members as other neighbor vehicles and an road-side unit (RSU). In Block-CLAP, through authentication key management, data reach to the CH and then to its nearby RSU securely using the established secret keys. The cloud server then securely collects the information from its attached RSUs and create the transactions. Later, the transactions are formed into blocks by the cloud server (CS) in a Peer-to-Peer (P2P) cloud servers network, and the blocks are verified and added through voting-based consensus algorithm in the blockchain. The detailed security analysis through formal, informal and formal security verification, and comparative study show that Block-CLAP provides superior security and has low communication and computational overheads as compared with other existing competing authentication schemes in the IoV environment. Finally, the blockchain-based implementation of Block-CLAP has been performed to measure computational time needed for a varied number of transactions per block and also for a varied number of blocks mined in the blockchain.

Abstract

Surveillance drones, called as unmanned aerial vehicles (UAV), are aircrafts that are utilized to collect video recordings, still images, or live video of the targets, such as vehicles, people or specific areas. Particularly in battlefield surveillance, there is high possibility of eavesdropping, inserting, modifying or deleting the messages during communications among the deployed drones and ground station server (GSS). This leads to launch several potential attacks by an adversary, such as main-in-middle, impersonation, drones hijacking, replay attacks, etc. Moreover, anonymity and untarcebility are two crucial security properties that need to be maintained in battlefield surveillance communication environment. To deal with such a crucial security problem, we propose a new access control protocol for battlefield surveillance in drone-assisted Internet of Things (IoT) environment, called ACPBS-IoT. Through the detailed security analysis using formal and informal (non-mathematical), and also the formal security verification under automated software simulation tool, we show the proposed ACPBS-IoT can resist several potential attacks needed in battlefield surveillance scenario. Furthermore, the testbed experiments for various cryptographic primitives have been performed for measuring the execution time. Finally, a detailed comparative study on communication and computational overheads, and security as well as functionality features reveals that the proposed ACPBS-IoT provides superior security and more functionality features, and better or comparable overheads than other existing competing access control schemes.

Abstract

A blockchain-based smart farming technology provides the agricultural data to the farmers and other users associated with smart farming on a single integrated platform. Moreover, persistence and auditability of stored data in blocks into the blockchain provide the confidence of using the correct data when needed later and adds transparency, anonymity, and traceability at the same time. To fulfill such a goal, in this article, we design a new smart contract-based blockchainenvisioned authenticated key agreement mechanism in a smart farming environment. The device-to-device (D2D) authentication phase and device-to-gateway (D2G) authentication phase support mutual authentication and key agreement between two Internetof-Things (IoT)-enabled devices and between an IoT device and the gateway node (GWN) in the network, respectively. The blocks are created by the edge servers on the authenticated data of IoT devices received from the GWNs and then sent to the cloud server (CS). The smart contract-based consensus mechanism allows verification and addition of the formed blocks by a peer-to-peer (P2P) CSs network. The security of the proposed scheme is done through formal and informal security analysis, and also using the formal security verification tool. A detailed comparative study reveals that the proposed scheme offers superior security and more functionality features as compared to existing competing authentication protocols. Finally, the blockchain-based simulation has been conducted to measure computational time for a varied number of mined blocks and also a varied number of transactions per block.

Abstract

Internet of Vehicles (IoV), a distributed network involving connected vehicles and Vehicular Ad Hoc Networks (VANETs), allows connected vehicles to communicate with other Internet-connected entities in real time. The communications among these entities (e.g. vehicles, pedestrians, fleet management systems, and road-side infrastructure) generally take place via an open channel. In other words, such an open communication can be targeted by the adversary to eavesdrop, modify, insert fabricated (or malicious) messages, or delete any data-in-transit; thus, resulting in replay, impersonation, man-in-the-middle, privileged-insider, and other related attacks. In addition to security, anonymity and untraceability are two other important features that should be achieved in an authentication protocol. In this paper, we propose a new mutual authentication and key agreement protocol in an IoV-enabled Intelligent Transportation System (ITS). Using both formal and informal security analysis, as well as formal security verification using an automated verification tool, we show that the proposed scheme is secure against several known attacks in an IoV-enabled ITS environment. Furthermore, a detailed comparative analysis shows that the proposed scheme has low communication and computational overheads, and offers better security and functionality attributes in comparison to seven other competing schemes. We also evaluate the performance of the proposed scheme using NS2.