Abstract

Vehicular Ad Hoc Network (VANET) and Internet of Vehicle (IoV) technologies are particularly attracting attention from industry communities because of the intelligent transportation systems of smart city technologies. This study proposes an authentication and key agreement protocol for vehicle-to-vehicle(V2V) communication of IoV. Through V2V communication, traffic system management and road safety can be guaranteed. However, V2V communication cannot manage many vehicles as a whole, so it needs to be segmented and communicated by region. Therefore, considering locality, key agreement is made for V2V communication of the same or different regions, and a lightweight protocol is proposed for dynamic properties of vehicles to achieve such a goal. In addition, since the vehicle information is transmitted through a public channel, the security against various attacks is guaranteed by using mutual authentication and honey_list technology. It provides verification of safety through a detailed security analysis using the formal analysis using the widely-accepted Real-Or-Random(ROR) model, formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) software validation tool and non-mathematical(informal) security analysis. In addition, a detailed comparative study that the proposed scheme can be applied in the communication environment between actual vehicles as compared to other existing competing schemes.

Abstract

Internet of Things (IoT) is one of the fastest-growing technologies. With the deployment of massive and faster mobile networks, almost every daily-use item is connected to the Internet. IoT-enabled industrial multimedia environment is used for the collection and analysis of different types of multimedia data (i.e., images, videos, audios, etc.). This multimedia data is generated by various types of smart devices like drones, robots, smart controller, smart surveillance system which are deployed for the industrial monitoring and control. The multimedia data is generated in the enormous amount which can be considered as the big data. This data is further utilized in various types of business needs for example, chances of fire accidents in the industrial plant, overall machine health, etc., which can be predicted through the application of big data analytics. Therefore, IoT-enabled industrial multimedia environment is very helpful to the concerned authorities as they come to know the important information in advance. However, all the smart devices are connected and controlled through the Internet. It further causes severe threats to the communication happens in an IoT-enabled industrial multimedia environment. It is vulnerable to various types of attacks such as replay, man-in-the-middle, impersonation, secret information leakage, sensitive information modification, and malware injection (i.e., mirai). Therefore, it is important to prevent the communication of such an environment against the different types of possible attacks. These days, the attacks performed by botnets (i.e., malware attacks such as mirai and reaper) have drawn attention to the researchers. Under the influence of such attacks, the communication of IoT-enabled industrial multimedia environment is disrupted. Moreover, the attackers may also control the smart devices remotely and can change their functionalities. Hence, we need some robust mechanism to detect the presence of the malware attacks in such an environment. In this paper, we propose a malware detection mechanism in IoT-enabled industrial multimedia environment with the help of machine-learning approach, which is named as MADP-IIME. MADP-IIME uses four different types of machine learning methods (i.e., naive bayes, logistic regression, artificial neural networks (ANN) and random forest) to detect the presence of malware attacks successfully. Furthermore, MADP-IIME performs better than other related existing schemes and achieves 99.5% detection and 0.5% false positive rate. In addition, the conducted security analysis proves the resilience of the proposed MADP-IIME against different types of malware attacks.

Abstract

A secure authentication protocol plays a crucial role in securing communications over wireless and mobile networks. Due to resource-limitations and the nature of the wireless channel, the global mobile networks are highly susceptible to various attacks. Recently, an efficient authentication system for global roaming has been proposed in the literature. In this article, we first show that the analyzed authentication system is vulnerable man-in-the-middle attack, replay attack and Denial-of-Service (DoS) attack, and it does not ensure untraceability and local password-verification process to identify wrong passwords. To fix these security flaws, we propose a more efficient and robust authentication system for roaming in mobility networks. We use the formal verification tools like ProVerif, Automated Validation of Internet Security Protocols and Applications (AVISPA) and Burrows-Abadi-Needham (BAN) logic to check the regularity of the authentication protocol. Moreover, we prove the secrecy of a session key through the formal security using the random oracle model, known as Real-Or-Random (ROR) model. Finally, a detailed performance evaluation proves that the security protocol not only provides a security strength, but also preserves the low computational overhead. Thus, the proposed authentication protocol is secure and computationally efficient as compared to other relevant schemes.

Abstract

resent Address Federal University of Piauí (UFPI)Campus Petrônio Portela - Bloco 8 Centro de Tecnologia, Ininga 64049-550 Teresina - PI, Brazil. Funding information: Companhia Energética de Minas Gerais, Grant/Award Number: Project No D0640; Conselho Nacional de Desenvolvimento Científico e Tecnológico, Grant/Award Numbers: Grant N. 309335/2017-5, Grant No. 431726/2018-3; FCT/MCTES, Grant/Award Number: Project UIDB/EEA/50008/2020; Brazilian National Council for Scientific and Technological Development, Grant/Award Numbers: 309335/2017-5, 431726/2018-3; FAPEMIG/CEMIG, Grant/Award Number: D0640; TSDA Comunicações Company

Abstract

In recent years, security and data privacy in Wireless Sensor Networks (WSNs) have gained great thrust. Several anonymity-preserving user authentication and key establishment mechanisms for WSNs with single base station have been suggested in the literature. However, sometimes a single base station may be insufficient to maintain the proper quality of services or it may be a single point of failure in WSNs. Very recently Amin et al. suggested a multiple base stations based anonymous user authentication and key establishment approach for WSNs to address the aforementioned problem. In this paper, we first demonstrate that Amin et al.’s scheme has several security pitfalls. To address the security issues in Amin et al.’s scheme, we design a more secure and anonymous user authentication and key establishment mechanism for WSNs that is also based on multiple base stations concept. An exhaustive comparative study demonstrates that the proposed mechanism gives significantly better security and more functionality attributes with comparable commutation as well as computation overheads while those are compared with Amin et al’s. approach.

Abstract

With the rapid growth of wireless technology, Internet of Things (IoT) became very popular in both industrial as well as consumer product domains. While there is a lot of available platforms and technologies for IoT, the access control issue is often overlooked in the IoT security research. An effective access control depends on the proper user authentication mechanism. Thus, access control in this scenario is an emerging and challenging problem in the IoT environment. In this paper, we design an anonymous fine-grained user access control mechanism for IoT architecture. In the proposed scheme, the user authentication is performed by the smart device node based on the user attributes, which enables fine-grained access control over the authorized data. We utilize the widely accepted formal verification tool, called the Automated Validation of Internet Security Protocols and Applications (AVISPA), to formally prove the security of the proposed scheme. Additionally, we also provide a detailed informal security analysis of the scheme. Finally, we perform a simulation study using the broadly used NS3 network simulator to show the practical impact on the proposed scheme on various network parameters.

Abstract

Software-defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data-forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built-in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state-of-the-art SDN controllers and the available countermeasures. Furthermore, an in-depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.

Abstract

This article introduces a new consortium blockchain-enabled access control scheme in edge computing based generic Internet of Things environment (called CBACS-EIoT), where the mutual authentication among the IoT smart devices and the gateway node(s), and also among the gateway node(s) and respective edge server(s) occur. In addition, key management phase is executed among the edge server(s) and associated cloud server(s). Using the established secret keys, the entities in the network communicate securely. The data gathered securely by the gateway nodes are then used to form various types of blocks (private, public, or consortium) at the edge server(s) based on application types in the generic IoT environment. The created blocks are mined by the edge servers in order to add them in the blockchain center. A detailed security analysis including the formal security has revealed that the proposed CBACS-EIoT is robust against various potential attacks needed in the IoT environment. To further strengthen the security, the simulation-based formal security verification on CBACS-EIoT has been carried out to exhibit that CBACS-EIoT is secure against passive and active attacks. Finally, a meticulous comparative performance analysis shows that CBACS-EIoT offers superior security and supports more functionality features, and also provides less communication and computational overheads compared with existing relevant schemes.

Abstract

Software Defined Networking (SDN) becomes a de facto standard for the future Internet. SDN decouples the control plane from the data plane of a proprietary network asset to ensure better programmability and security for designing more innovative future network applications. Presently, the SDN framework does not have proper access control mechanism among different entities, namely SDN applications, SDN controllers and switches. To achieve this goal, this paper proposes a blockchain-based access control scheme for the SDN framework. The proposed scheme has the capability to resist various wellknown attacks and alleviate the existing single point of controller failure issue in SDN. Index Terms—software-defined networking, blockchain, consensus, security, access control.

Abstract

On the basis of the Internet of Things (IoT) applications, several variants such as Internet of Energy (IoE), Internet of Vehicles (IoV), Internet of Drones (IoD), Internet of Medical Things (Internet of Health, IoMT) and Internet of Intelligent Battlefield Things (IoIBT) are developed. The smart devices involved in IoT can also utilize artificial intelligence algorithm (i.e., machine learning) to make the communication environment more effective and efficient. Intelligent Battlefield Things (IBT) communication environment is an example of that kind. It consists of smart and intelligent devices (i.e., drones), which monitor the activities of the enemies and retaliate accordingly. Hence, we need very less or negligible human involvement. IBT communication environment is very suitable for the purpose of battlefield communication (i.e., war zone, target tracking and hitting, border area surveillance and retaliation). However, IBT has certain drawbacks, because it may be vulnerable to different types of attacks, such as replay, man-in-the-middle, impersonation, data modification, data leakage attacks, etc. Therefore, it becomes essential to provide a security mechanism to secure the communication that happens in IBT environment. To achieve this purpose, we propose a secure communication framework for the blockchain of IBT environment. In addition, the benefits of applications of blockchain of IBT are discussed. The issues and challenges of blockchain of IBT environment are also highlighted. Finally, a security analysis of the proposed framework is conducted to depict its resilience against possible attacks.