Abstract

The Internet of Thing (IoT) is useful for connecting and collecting variable data of objects through the Internet, which makes to generate useful data for humanity. An indispensable enabler of IoT is the wireless sensor networks (WSNs). Many environments, such as smart healthcare, smart transportation and smart grid, have adopted WSN. Nonetheless, WSNs remain vulnerable to variety of attacks because they send and receive data over public channels. Moreover, the performance of IoT enabled sensor devices has limitations since the sensors are lightweight devices and are resource constrained. To overcome these problems, many security authentication protocols for WSNs have been proposed. However, many researchers have pointed out that preventing smartcard stolen and off-line guessing attacks is an important security issue, and guessing identity and password at the same time is still possible. To address these weaknesses, this paper presents a secure and efficient authentication protocol based on three-factor authentication by taking advantage of biometrics. Meanwhile, the proposed protocol uses a honey_list technique to protect against brute force and stolen smartcard attacks. By using the honey_list technique and three factors, the proposed protocol can provide security even if two of the three factors are compromised. Considering the limited performance of the sensors, we propose an efficient protocol using only hash functions excluding the public key based elliptic curve cryptography. For security evaluation of the proposed authentication protocol, we perform informal security analysis, and Real-Or-Random (ROR) model-based and Burrows Abadi Needham (BAN) logic based formal security analysis. We also perform the formal verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation software. Besides, compared to previous researches, we demonstrate that our proposed authentication protocol for WSNs systems is more suitable and secure than others.

Abstract

With advancements in engineering and science, the application dimensions of Cyber–Physical System (CPS) are increasing due to their improving efficiency, safety, reliability, usability and autonomy. By providing on-demand access to shared processing resources, cloud computing reduces infrastructure costs. Ensuring quality of service and information privacy and security is important in such environments. In this paper, we design a new authentication scheme related to the cloud-assisted CPS in two directions: (1) authentication between a user and a cloud server, and (2) authentication between a smart meter and a cloud server. In the former situation, any external party (user) can access the information stored in a cloud server provided that the user is legal and has the right to access information. In the later situation, a smart meter and a cloud server authentication is needed for secure communication of data stored in the cloud server. In both cases, both entities first mutually authenticate each other and only after successful authentication with the help of a trusted authority, establish a session key for their future secure communication. The proposed scheme deals with both the cases and provides high security as compared to other related works, which is shown through formal and informal security analysis. In addition, the mutual authentication using the widely-accepted Burrows–Abadi–Needham logic (BAN logic) and also formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool demonstrate further that the scheme is strong in security. Finally, the proposed scheme is shown to be efficient in terms of communication and computation costs as compared to those for other related existing schemes.

Abstract

Smart grid (SG) technology is regarded as the next generation of the power grid, which makes use of the two-way flows of electricity, as well as information, Pathways to a Smarter Power System. https://doi.org/10.1016/B978-0-08-102592-5.00013-2 © 2019 Elsevier Ltd. All rights reserved. 371 in order to build a broadly distributed automated energy delivery network. The Smart grid is a critical infrastructure that plays a critical role in the daily lives of people. Both the Smart Grid and its data must be protected from cyberattacks at all times [1, 2]. In SG, four components are present, namely sensing, control, communication, and actuation systems. The most important component of SG is the smart meter (SM), which consists of sensing and communication modules. In addition, there are service systems from the service providers (SPs), which consist of several modules for control, communication, and actuation. SMs are broadly used in homes for monitoring energy consumption in real time. Moreover, power pricing information to consumers is also provided by the SMs [3–6]. A detailed survey on SG including its applications can be found in [7–14]. In the following subsections, we now discuss the smart grid framework developed by the National Institute of Standards and Technology (NIST) and its taxonomy, based on domains and targeted research areas.

Abstract

As the “Internet communications infrastructure” develops to encircle smart devices, it is very much essential for designing suitable methods for secure communications with these smart devices, in the future Internet of Things (IoT) applications context. Due to wireless communication among the IoT smart devices and the gateway node (GWN), several security threats may arise in the IoT environment, including replay,man-in-the-middle, impersonation, malicious devices deployment,and physical devices capture attacks. In this article, to mitigate such security threats, we design a new certificate-based device access control scheme in IoT environment which is not only secure against mentioned attacks, but it also preserves anonymity property. A detailed security analysis using the widely accepted real-or-random (ROR) model-based formal security analysis, informal security analysis, and also formal security verification based on the broadly accepted automated validation of Internet security protocols and applications (AVISPAs) tool has been performed on the proposed scheme to show that it is secure against various known attacks. In addition, a comprehensive comparative analysis among the proposed scheme and other relevant schemes shows that a better trade off among the security and functionality attributes, communication, and computational costs is achieved for the proposed scheme as compared to other schemes.

Abstract

The combination of two overlapping technologies (bigdata and cloud computing) helps easy access to the evolving applications. In this context, there is a serious requirement of ensuring the transmission of data securely in order to improve the productivity over the public channel. Since the data collected by various sources are strictly private and confidential, there is also a great requirement to deal with the privacy preservation of the bigdata. To handle this issue, a new privacy-preserving bigdata collection technique in cloud computing environment, called 2PBDC, has been designed, which allows secure communication between the bigdata gateway nodes and the cloud servers. 2PBDC is shown to be secure against various known attacks against an active/passive adversary through the formal security verification as well as informal security analysis. A detailed comparative study among 2PBDC and other existing schemes has been conducted. This study shows that 2PBDC offers a better trade-off among the security and functionality features and communication and computation overheads while these are compared with other schemes.

Abstract

Fog computing (fog networking) is known as a decentralized computing infrastructure in which data, applications, compute as well as data storage are scattered in the most logical and efficient place among the data source (i.e., smart devices) and the cloud. It gives better services than cloud computing because it has better performance with reasonably low cost. Since the cloud computing has security and privacy issues, and fog computing is an extension of cloud computing, it is therefore obvious that fog computing will inherit those security and privacy issues from cloud computing. In this paper, we design a new secure key management and user authentication scheme for fog computing environment, called SAKA-FC. SAKAFC is efficient as it only uses the lightweight operations, such as one-way cryptographic hash function and bitwise exclusive-OR (XOR), for the smart devices as they are resource-constrained in nature. SAKAFC is shown to be secure with the help of the formal security analysis using the broadly accepted RealOr-Random (ROR) model, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also the informal security analysis. In addition, SAKA-FC is implemented for practical demonstration using the widely-used NS2 simulator.

Abstract

Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information technology along with computer systems with the purpose of compelling various organizations as well as companies to protect their systems and information from cyber attacks. Several cyber attacks are possible, such as viruses, phishing, Trojan horses, worms, Denial-ofService (DoS) attacks, illegal access (e.g., stealing intellectual property or confidential information) as well as control system attacks. In this article, we focus on importance of various standards in cyber defense, and architecture of cyber security framework. We discuss the security threats, attacks and measures in cyber security. We then discuss various standardization challenges in cyber security. We also discuss about the cyber security national strategy to secure cyberspace and also various government policies in protecting the cyber security. Finally, we provide some recommendations that are critical to cyber security and cyber defense. Keywords: Cyber security, Cyber attacks, Information security, Government policies, Standards.

Abstract

Industrial wireless sensor network (IWSN) is an emerging class of a generalized WSN having constraints of energy consumption, coverage, connectivity, and security. However, security and privacy is one of the major challenges in IWSN as the nodes are connected to Internet and usually located in an unattended environment with minimum human interventions. In IWSN, there is a fundamental requirement for a user to access the real-time information directly from the designated sensor nodes. This task demands to have a user authentication protocol. To satisfy this requirement, this paper proposes a lightweight and privacy-preserving mutual user authentication protocol in which only the user with a trusted device has the right to access the IWSN. Therefore, in the proposed scheme, we considered the physical layer security of the sensor nodes. We show that the proposed scheme ensures security even if a sensor node is captured by an adversary. The proposed protocol uses the lightweight cryptographic primitives, such as one way cryptographic hash function, physically unclonable function, and bitwise exclusive operations. Security and performance analysis shows that the proposed scheme is secure, and is efficient for the resource-constrained sensing devices in IWSN.

Abstract

Recently, the Tactile Internet (TI) becomes a new era of the Internet. The TI provides ultra-reliable, ultra-responsive and intelligent network connectivity for delivering real-time control and physical haptic experiences from a remote location. The TI provides a different feeling to human–machine interaction by implementing the real-time interactive systems. In this review article, we discuss a generalized authentication model which can be used to perform authentication procedure among different communicating parties in order to secure remote surgery in the TI environment. By using the proposed authentication model, an authentication protocol can be designed so that an authenticated surgeon can use the robot/robotic arms to perform the surgery securely as well as remotely. Since the application is very critical, the important instructions provided by the surgeon to the robot/robotic arms must not be leaked in between the communication during the surgical procedure. To deal with this emerging research area, a secure mutual user authentication mechanism should be provided between a remote surgeon and the robot/robotic arms so that they can communicate securely using the established session key among them. Further, several security issues and challenges for such kind of communication are also discussed in this article. Finally, we discuss few points that need to be considered as future research works that are related to authentication for securing remote surgery in the TI environment.

Abstract

For secure communication between any two neighboring sensing devices on the Internet of Things (IoT) environment, it is essential to design a secure device access control and key agreement protocol, in which the two phases, namely, ‘‘node authentication’’ and ‘‘key agreement’’ are involved. While the node authentication allows two sensing devices to authenticate each other using their own pre-loaded secret credentials in memory, the key agreement phase permits to establish a secret key between them if the mutual authentication is successful. In this paper, we propose a new certificate-based ‘‘lightweight access control and key agreement protocol in the IoT environment, called LACKA-IoT,’’ that utilizes the elliptic curve cryptography (ECC) along with the ‘‘collision-resistant one-way cryptographic hash function.’’ Through a detailed security analysis using the formal security under the ‘‘Real-Or-Random (ROR) model,’’ informal (non-mathematical) security analysis, and formal security verification using the broadly used ‘‘Automated Validation of Internet Security Protocols and Applications (AVISPA)’’ tool, we show that the LACKA-IoT can protect various known attacks that are needed for a secure device access control mechanism in the IoT. Furthermore, through a comparative study of the LACKA-IoT and other relevant schemes, we show that there is a better tradeoff among the security and functionality features and communication and computational costs of the LACKA-IoT as compared to other schemes. Finally, the ‘‘practical demonstration using the NS2 simulation’’ has been carried out on the LACKA-IoT to measure various network parameters