Abstract

With the rapid growth of wireless technology, Internet of Things (IoT) became very popular in both industrial as well as consumer product domains. While there is a lot of available platforms and technologies for IoT, the access control issue is often overlooked in the IoT security research. An effective access control depends on the proper user authentication mechanism. Thus, access control in this scenario is an emerging and challenging problem in the IoT environment. In this paper, we design an anonymous fine-grained user access control mechanism for IoT architecture. In the proposed scheme, the user authentication is performed by the smart device node based on the user attributes, which enables fine-grained access control over the authorized data. We utilize the widely accepted formal verification tool, called the Automated Validation of Internet Security Protocols and Applications (AVISPA), to formally prove the security of the proposed scheme. Additionally, we also provide a detailed informal security analysis of the scheme. Finally, we perform a simulation study using the broadly used NS3 network simulator to show the practical impact on the proposed scheme on various network parameters.

Abstract

Software-defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data-forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built-in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state-of-the-art SDN controllers and the available countermeasures. Furthermore, an in-depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.

Abstract

This article introduces a new consortium blockchain-enabled access control scheme in edge computing based generic Internet of Things environment (called CBACS-EIoT), where the mutual authentication among the IoT smart devices and the gateway node(s), and also among the gateway node(s) and respective edge server(s) occur. In addition, key management phase is executed among the edge server(s) and associated cloud server(s). Using the established secret keys, the entities in the network communicate securely. The data gathered securely by the gateway nodes are then used to form various types of blocks (private, public, or consortium) at the edge server(s) based on application types in the generic IoT environment. The created blocks are mined by the edge servers in order to add them in the blockchain center. A detailed security analysis including the formal security has revealed that the proposed CBACS-EIoT is robust against various potential attacks needed in the IoT environment. To further strengthen the security, the simulation-based formal security verification on CBACS-EIoT has been carried out to exhibit that CBACS-EIoT is secure against passive and active attacks. Finally, a meticulous comparative performance analysis shows that CBACS-EIoT offers superior security and supports more functionality features, and also provides less communication and computational overheads compared with existing relevant schemes.

Abstract

Software Defined Networking (SDN) becomes a de facto standard for the future Internet. SDN decouples the control plane from the data plane of a proprietary network asset to ensure better programmability and security for designing more innovative future network applications. Presently, the SDN framework does not have proper access control mechanism among different entities, namely SDN applications, SDN controllers and switches. To achieve this goal, this paper proposes a blockchain-based access control scheme for the SDN framework. The proposed scheme has the capability to resist various wellknown attacks and alleviate the existing single point of controller failure issue in SDN. Index Terms—software-defined networking, blockchain, consensus, security, access control.

Abstract

On the basis of the Internet of Things (IoT) applications, several variants such as Internet of Energy (IoE), Internet of Vehicles (IoV), Internet of Drones (IoD), Internet of Medical Things (Internet of Health, IoMT) and Internet of Intelligent Battlefield Things (IoIBT) are developed. The smart devices involved in IoT can also utilize artificial intelligence algorithm (i.e., machine learning) to make the communication environment more effective and efficient. Intelligent Battlefield Things (IBT) communication environment is an example of that kind. It consists of smart and intelligent devices (i.e., drones), which monitor the activities of the enemies and retaliate accordingly. Hence, we need very less or negligible human involvement. IBT communication environment is very suitable for the purpose of battlefield communication (i.e., war zone, target tracking and hitting, border area surveillance and retaliation). However, IBT has certain drawbacks, because it may be vulnerable to different types of attacks, such as replay, man-in-the-middle, impersonation, data modification, data leakage attacks, etc. Therefore, it becomes essential to provide a security mechanism to secure the communication that happens in IBT environment. To achieve this purpose, we propose a secure communication framework for the blockchain of IBT environment. In addition, the benefits of applications of blockchain of IBT are discussed. The issues and challenges of blockchain of IBT environment are also highlighted. Finally, a security analysis of the proposed framework is conducted to depict its resilience against possible attacks.

Abstract

Internet of Drones (IoD) architecture is designed to support a co-ordinated access for the airspace using the unmanned aerial vehicles (UAVs) known as drones. Recently, IoD communication environment is extremely useful for various applications in our daily activities. Artificial intelligence (AI)-enabled Internet of Things (IoT)-based drone-aided healthcare service is a specialized environment which can be used for different types of tasks, for instance, blood and urine samples collections, medicine delivery and for the delivery of other medical needs including the current pandemic of COVID-19. Due to wireless nature of communication among the deployed drones and their ground station server, several attacks (for example, replay, man-in-the-middle, impersonation and privileged-insider attacks) can be easily mounted by malicious attackers. To protect such attacks, the deployment of effective authentication, access control and key management schemes are extremely important in the IoD environment. Furthermore, combining the blockchain mechanism with deployed authentication make it more robust against various types of attacks. To mitigate such issues, we propose a private-blockchain based framework for secure communication in an IoT-enabled drone-aided healthcare environment. The blockchain-based simulation of the proposed framework has been carried out to measure its impact on various performance parameters.

Abstract

Industrial Internet of Things (IIoT) is a communication environment that consists of various interconnected sensing devices, instruments, and other devices connected together with industrial software tools and applications. The important applications of IIoT include industrial automation, predictive maintenance, smart logistics management, power management, smart package management and smart robotics. However, IIoT may be vulnerable to different types of attacks as the IoT smart devices communicate among each other via insecure communication means. Thus, there is an essential requirement of deployment of secure access control scheme in IIoT environment, which is one of the important security services for securing IIoT. In this paper, we propose a novel access control scheme for fog based IIoT communication, called SAC-FIIoT. We provide the details of network model as well as threat model, which are required to design SAC-FIIoT. The security analysis of SAC-FIIoT shows its resilience against various types of possible attacks. SAC-FIIoT is also compared with other related competing existing schemes and it was found that its performance is better than these competing schemes. Therefore, SAC-FIIoT is suitable for access control in a fog-based IIoT environment.

Abstract

Among the security services, like authentication, access control, key management and intrusion detection, user authentication is very much needed for a smart city environment because an external authorized user may require the real time data to be accessed directly from the deployed Internet of Things (IoT) enabled smart devices. Using the established session key between the user and an access smart device though mutual authentication and key agreement process, the real time data can be securely accessed. To deal with this issue, we propose a new user authentication scheme in smart city environment using three factors of a legal registered user (mobile device, password and biometrics). The proposed scheme is shown to be robust against a number of potential attacks needed in an IoT-based smart city deployment. The simulation study for formal security verification using the widely-accepted “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool demonstrates that the proposed scheme is also secure. Furthermore, experiments on various cryptographic primitives have been carried out using “MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library” under both server and Raspberry PI 3 settings. Finally, a comprehensive comparative analysis shows the effectiveness and better security of the proposed scheme as compared with other state of art user authentication schemes.

Abstract

The vehicles in Internet of Vehicles (IoV) can be used to opportunistically gather and distribute the data in a smart city environment. However, at the same time, various security threats arise due to insecure communication happening among various entities in an IoV-based smart city deployment. To address this issue, we aim to design a novel blockchain-enabled batch authentication scheme in Artificial Intelligence (AI)-envisioned IoV-based smart city deployment. The latest trends and revolutions in technologies incorporate AI/Machine Learning (ML) in blockchaining to produce a secure, efficient and intelligent blockchain based system. The data stored in the blocks in the blockchain are authentic and genuine, which makes the AI/ML algorithms to work at their exceptions in order produce correct predictions on the blockchain data. Through the signing phase of the proposed scheme, each vehicle in a dynamically formed cluster broadcasts a message to its own member and respective road-side unit (RSU). In the proposed scheme, two types of authentication take place: vehicle to vehicle (V2V) authentication allows a vehicle to authenticate its neighbor vehicles in its cluster, while batch authentication permits a group of cluster vehicles to be authenticated by their . At the end, a group key is established among the vehicles and in their cluster. then gathers securely data from its vehicles and form several transactions including the information of vehicles and its own given information to the cluster member vehicles. The transactions are formed later by the nearby fog server associated with and then by the cloud server to form a complete block. The created blocks are mined by the cloud servers in a Peer-to-Peer (P2P) cloud server network through the voting-based Practical Byzantine Fault Tolerance (PBFT) consensus algorithm. The authentic and genuine data of the blockchain are utilized for Big data analytics through AI/ML algorithms. It is shown that the proposed scheme is highly robust against various attacks through formal and informal security analysis, and also through formal security verification tool. A detailed comparative analysis reveals that the proposed scheme achieves superior security and functionality features, and offers comparable storage, communication and computational costs as compared to other existing competing schemes. Finally, the blockchain implementation has been carried out on the proposed scheme to show its effectiveness.

Abstract

We design a new blockchain-based access control protocol in IoT-enabled smart-grid system, called DBACP-IoTSG. Through the proposed DBACP-IoTSG, the data is securely brought to the service providers from their respectively smart meters. The Peer-to-Peer (P2P) network is formed by the participating services providers, where the peer nodes are responsible for creating the blocks from the gathered data securely from their corresponding smart meters and adding them into the blockchain after validation of the blocks using the voting-based consensus algorithm. In our work, the blockchain is considered as private because the data collected from the consumers of the smart meters are private and confidential. By the formal security analysis under the random oracle model, non-mathematical security analysis and software-based formal security verification, DBACP-IoTSG is shown to be resistant against various attacks. We carry out the experimental results of various cryptographic primitives that are needed for comparative analysis using the widely-used Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL). A detailed comparative study reveals that DBACP-IoTSG supports more functionality features and provides better security apart from its low communication and computation costs as compared to recently proposed relevant schemes. In addition, the blockchain implementation of DBACPIoTSG has been performed to measure computational time needed for the varied number of blocks addition and also the varied number of transactions per block in the blockchain.