Abstract

Recently, with the increasing application of the Internet of Things (IoT), various IoT environments such as smart factories, smart homes, and smart grids are being generated. In the IoT environment, a lot of data are generated in real time, and the generated IoT data can be used as source data for various services such as artificial intelligence, remote medical care, and finance, and can also be used for purposes such as electricity bill generation. Therefore, data access control is required to grant access rights to various data users in the IoT environment who need such IoT data. In addition, IoT data contain sensitive information such as personal information, so privacy protection is also essential. Ciphertext-policy attribute-based encryption (CP-ABE) technology has been utilized to address these requirements. Furthermore, system structures applying blockchains with CP-ABE are being studied to prevent bottlenecks and single failures of cloud servers, as well as to support data auditing. However, these systems do not stipulate authentication and key agreement to ensure the security of the data transmission process and data outsourcing. Accordingly, we propose a data access control and key agreement scheme using CP-ABE to ensure data security in a blockchain-based system. In addition, we propose a system that can provide data nonrepudiation, data accountability, and data verification functions by utilizing blockchains. Both formal and informal security verifications are performed to demonstrate the security of the proposed system. We also compare the security, functional aspects, and computational and communication costs of previous systems. Furthermore, we perform cryptographic calculations to analyze the system in practical terms. As a result, our proposed protocol is safer against attacks such as guessing attacks and tracing attacks than other protocols, and can provide mutual authentication and key agreement functions. In addition, the proposed protocol is more efficient than other protocols, so it can be applied to practical IoT environments.

Abstract

Unmanned-aerial-vehicle (UAV)-enabled intelligent transportation system (ITS) is an advanced technology that can provide various services including autonomous driving, real-time creation of high-definition maps, and car sharing. In particular, a UAV-enabled ITS can be realized through the combination of traditional vehicular ad hoc networks (VANETs) and UAVs that can act as flying roadside units (RSUs) at the outskirts and monitor road conditions from predefined locations to spot car accidents and any law violations. Notably, to realize these services, real-time communication between UAVs and RSUs must be guaranteed. However, UAVs have limited computing powers, and if extensive computation is required during communication, the provision of real-time ITS services may be hindered. Furthermore, UAVs and RSUs communicate via public channels that are prone to various attacks, such as replay

Abstract

Attribute-based encryption (ABE) is widely used for a secure and efficient data sharing. The predetermined access policy of ABE shares the data with intended data users. However, ABE is not preferable in many applications that require collaboration among data users. In such applications, an authorized data user may be interested to collaborate with another data user who does not adhere to the access policy. Fixed access policy of ABE does not allow an authorized data user (who satisfies the access policy) to collaborate or share the data with any unauthorized data user (who fails to satisfy the access policy). Thus, due to the static and predefined access policy, data collaboration in ABE is significantly challenging. In this work,

Abstract

Due to high effectiveness and robust security proto- cols, lattice-based cryptography becomes a very broadly appli- cable optimistic post-quantum technique that is recently used in public key cryptosystem. An aggregate signature scheme enables a party to bundle a set of signatures together into a single short cryptographic signature, which can be verified by any verifier using the public information. In this paper, we provide a lattice- based aggregate signature scheme where the security depends on the difficulty of the Ring Learning-with-Error (Ring-LWE) problem. Next, we use the basic scheme in Internet of Drones (IoD) applications using the blockchain technology for secure and transparent data storage. The detailed security analysis and comparative study show that the proposed scheme provides superior security including resistance to quantum attacks and is efficient as compared to the existing state of art approaches. The testbed experimental results and the blockchain simulation demonstrate that the proposed scheme can be applied in real-life drones applications. Index Terms—Internet of Drones (IoD), unmanned aerial vehi- cles, lattice-based cryptography, aggregate signature, blockchain, security.

Abstract

Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI-envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM-CTH). The network and threat models of XAISM-CTH are designed and discussed. The conducted security analysis proves the security of XAISM-CTH against various potential attacks. XAISM-CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM-CTH has been provided to observe its impact on the performance of the system. KEYWORDS cyber threat hunting, explainable artificial intelligence (XAI), intrusion detection, privacy, security

Abstract

Increasing use of electronic healthcare (eHealth) services demands efficient and secure solutions. Such solutions need to ensure the prevention of unauthorised access to the patient data and provide faster response. Fog computing is a viable solution to provide faster responses in eHealth systems. Key distribution and authentication play a major role in providing security to patient data. Existing centralized architectures are susceptible to single-point-of-compromise, that is, the entire system is vulnerable when the centralized authority keys are unexpectedly revealed to an adversary. In this paper, we present a fog-based semi-centralised architecture for key distribution and authentication, in which the key distribution service is delegated to individual fog-servers. Thus, the fog-servers become responsible for key distribution to the users without the involvement of the centralised authority, which forms a paradigm of multiple client-server architecture. Thus, achieving centralized trust by designing a single sign-on authentication in such environments is a challenging problem. We design a single sign-on authentication protocol for semi-centralized architectures to achieve centralized trust by ensuring that the user keys are independent of the centralized authority’s keys. A rigorous security analysis under the random oracle model is performed to prove that the proposed protocol is secure against single-point-of-compromise. We also conduct extensive experiments to show the practical perspectives of the proposed scheme. The results show that the protocol is suitable for eHealth applications, including emergency services.

Abstract

Unmanned Aerial Vehicle (UAV) can be employed in various applications, including traffic control, and delivery application. However, these services are susceptible to various security attacks because sensitive data are exchanged through an open channel. Thus, a secure authentication scheme is essential for UAV. UAV has limited storage resources and computing capabilities. To overcome these problems, cloud computing is considered as a promising solution. Cloud computing provides various properties such as storage availability and scalability. Unfortunately, the cloud server’s database can be a major target for an adversary because it is a centralized system. If an adversary intrudes on the cloud server’s database, he/she may attempt to intercept or learn the stored data. To mitigate these issues, we design a secure and lightweight authentication and key agreement scheme for cloud-assisted UAV using blockchain in flying ad-hoc networks, called LAKA-UAV. LAKA-UAV utilizes blockchain technology to ensure access control and data integrity using log transactions and the cloud server securely manages collected data from UAV. We prove the security of LAKA-UAV based on informal security analysis and formal security verification implementation. Based on testbed experiments using MIRACL, LAKA-UAV provides about 2.13 times more efficient performance on average compared with related schemes in terms of computation. We present the blockchain implementation using Hyperledger Sawtooth platform

Abstract

The authenticated key agreement is one of the major security services that can be used to secure an Internet of Things (IoT) environment, where the devices collect the data and the data is then aggregated at the cloud server, and then a user needs to access the data stored at the server(s) securely. For this purpose, after a mutual authentication performed between a user and the accessed server, a session key needs to be established among them for secure communication. In this article, we design an efficient lattice-based authenticated key exchange protocol using ring-based version of learning with errors assumption for the IoT-enabled smart devices. The proposed protocol is basically a key exchange that uses the reconciliation mechanism. The detailed security analysis under the standard model has been performed along with the informal security analysis to show that the proposed protocol is robust against different attacks. We then simulate the proposed protocol under the NS-3 simulator to measure the network performance parameters like network throughput and latency. A comparative analysis shows that the proposed protocol has superior security, less computational cost, and comparable communication cost when compered these parameters with the other competing schemes.

Abstract

Cognitive Internet of Things (CIoT) supports the organizations to learn from the information (data) arriving from various connected devices, sensors, machines and other sources, and at the same time it inspires intelligence into different business operations, products, customer experiences, and people. Data poising attacks are very serious concerns because they may play a significant factor for businesses and organizations for both financial terms and damaging their reputations, when the Big data analytics on the analyzed data is itself corrupted. To mitigate this issue, in this paper, we suggest a blockchain-based Artificial Intelligence(AI)/Machine Learning(ML)-enabled Big data analytics mechanism for CIoT environment. The comprehensive experimental results have been provided under two circumstances: (1) performance of the ML model under data poisoning attacks and (2) performance of the ML model without data poisoning attacks. In the first case, we show how the data poison attacks can effect the ML model when the data is on some cloud storage (i.e. not in the blockchains), whereas in the second case we show the effect when the data is in the blockchains (i.e., without data poisoning attacks). The experimental results demonstrate that we have significant gains in performance in terms of accuracy, recall, precision and F1 score when there are no data poisoning attacks on the data. Moreover, a detailed blockchain simulation has carried out to demonstrate the practical aspects of the proposed security framework.

Abstract

recently, the Digital Twin (DT) technology has procured a lot of attention because of its applicability in the manufacturing and space industries. The DT environment involves the formation of a clone of the tangible object to perform simulations in the virtual space. The combination of conceptual development, predictive maintenance, real-time monitoring, and simulation characteristics of DT has increased the utilization of DT in different scenarios, such as medical environments, healthcare, manufacturing industries, aerospace, etc. However, these utilizations have also brought serious security pitfalls in DT deployment. Towards this, several authentication protocols with different security and privacy features for DT environments have been proposed. In this article, we first review a recently proposed two-factor authentication protocol for DT environments that utilizes the blockchain technology. However, the analyzed scheme is unable to offer the desirable security and cannot withstand various security attacks like offline password-guessing attack, smart card stolen attack, anonymity property, and known session- specific temporary information attack. We also demonstrate that an attacker can impersonate the analyzed protocol’s legal user, owner, and cloud server. To mitigate these security loopholes, we devise an effective three-factor privacy-preserving authentication scheme for DT environments. The proposed work is demonstrated to be secure by performing the informal security analysis, the formal security analysis using the widely recognized Burrows-Abadi-Needham (BAN) logic, and the Real-or-Random (ROR) model. A detailed comparative study with the existing competing schemes including the analyzed scheme demonstrates that the devised framework furnishes better security features while also having lower computation costs and comparable communication costs than the existing schemes.