Abstract

Emerging 5G/6G communication and next-generation Internet (NGI) technologies demand proper administration and control of an ultra large-scale dynamic network to provide high-speed ubiquitous networked-resource accessing while assisting higher channel bandwidth. The conventional static network infrastructure-based solutions provide only manual supervision and third-party provisioning of the networked assets. In addition, such settings mostly forefront to unsuitable resource usage, and sometimes lead to several security and privacy concerns. The de facto Software-Defined Networking (SDN) has come up with several new promises to solve such limitations. Since its inception, SDN decouples the traditional data layer from the control plane of a third-party network equipment, which is claimed to be ensured higher security, dynamicity, scalability, efficiency, and faster reconfiguration capability of a ultra large-scale dynamic network as compared with the conventional network. However, a thorough inspection of the literature presently shows that most of the vulnerabilities are originated from the two specific layers, namely, control and data plane of the underlying SDN framework. Also, due to the absence of proper authentication and access control mechanisms ensuring inevitable protection of the SDN controller node and the network assets is a very challenging task. Though secure socket layer (SSL) or transport layer security (TLS)-based solutions are predominantly advocated in this domain to assist security in SDN framework but such mechanisms are also vulnerable to spoofing, sniffing, eavesdropping, replay, man-in-the-middle, privileged-insider, denial-of-service, distributed-denial-of-service, impersonation attacks. Therefore, this work qualitatively countermeasures all the recently attended (or unattended) state-of-the-art security and privacy concerns related to the recently reported access control, authentication, key management, secure data aggregation, privacy-aware secure auditing, and layer-wise functional inconvenience policies with respect to each and every layers of SDN platform. This study hence will be helpful to the academicians and researchers for the future development of new policies and protocols in the SDN platform.

Abstract

Low-power wireless sensor networks (WSNs) and Internet of Things (IoT) have great impact for the real-time applications in future 5th generation (5G) mobile networks due to the wireless-powered communication technologies. The Age of Information (AoI) plays a crucial performance metric in an IoT-enabled real-time smart warehouse application, where the freshness of the aggregated data is very important. However, wireless medium communication among the beacon nodes and the user equipments (tracking nodes) gives an opportunity to an adversary not only to eavesdrop the data but also to corrupt the data by means of deleting, modifying or inserting malicious information during communication among the entities involved in the smart warehouse environment. To mitigate these issues, we design a security scheme for AoI-enabled 5G smart ware- house through an access control mechanism, where the secure communication among the beacon nodes and the tracking nodes will take place by mutual device authentication and key agree- ment process. The fresh data collected at the enterprise cloud is then used for big data analytics for better predictions and anal- ysis, such as optimal device scheduling so that the data becomes very fresh. The rigorous security analysis and comparative study show that the proposed mechanism has significantly better secu- rity and comparable communication and computational costs as compared to the relevant schemes. In addition, through the real- time testbed experiments, we show that the proposed scheme is practical in 5G smart warehouse context. Index Terms—Access control and key agreement (ACKA), Age of Information (AoI), bi

Abstract

The primary objective of postquantum cryptography (also known as quantum-resistant cryptography) is to develop the cryptographic systems that need to be robust against both quantum and classical computers, and can also interoperate with the existing communications protocols and networks. In an Internet of Things (IoT) environment, the communicated messages contain sensitive information that are transmitted over an open channel, where message integrity and data privacy become challenging tasks. Although several traditional cryptographic security protocols can be applied for IoT security and data privacy, such as authentication, access control, key agreement, and digital signature, but they are not resilient against quantum attacks. To overcome these issues, in this article, we first present an advanced and efficient construction of postquantum lattice-based signcryption scheme, and then apply the constructed lattice-based signcryption in IoT applications, where data sensed by the deployed IoT smart devices is securely stored at the cloud, via the gateway nodes (aggregators). The data stored at the cloud servers cannot be even modified by them due to the involved signatures generated by the aggregators. The formal security analysis shows the robustness of our designed lattice-based signcryption scheme. Other detailed information security analysis and a performance analysis with the traditional number-theoretical based public key cryptosystems show the efficacy, and significantly better security and functionality features of the proposed scheme under the lattice-based postquantum context.

Abstract

We propose a new access control mechanism for video surveillance system based on user’s biometrics, which allows to access real-time video surveillance data from deployed Internet of Things (IoT) smart devices. For this purpose, mutual authentication is performed between a user and accessed smart devices via the cloud server(s) and the session keys are then established to make secure communication. The proposed scheme allows accessing real time video and older videos that are in cloud servers, and also user’s credential update phase. Through the security analysis, it has been shown that the proposed scheme is robust against a variety of potential passive/active attacks. A detailed comparative study shows the efficacy of the proposed scheme as compared to other existing solutions. Finally, the real testbed experiments have been carried out for secure surveillance system using Raspberry PI devices as IoT devices, user’s devices and servers to show its practical application.

Abstract

Authentication for controller area network (CAN) buses in an intra-vehicular network involving electronic control units (ECUs) is a challenging factor. The Society of Automotive Engineers standard (SAE J1939) incorporating the ISO 11898- 1 specification for the data link and physical layers of the standard CAN and CAN-flexible data rate (CAN-FD) handles communication among ECUs. The SAE J1939 is vulnerable to attacks, namely replay, masquerading and machine-in-the-middle (MITM) attacks. To prevent such attacks, there exist protocol suites for resource-constrained and resource-unconstrained nodes proposed in the literature which are not formally analysed. We formally analyse one of the comprehensive protocol suites using the state-of-the-art Tamarin automated software validation tool. The analysis reveals that the protocols have a vulnerability that can be exploited by replay attack. The identified replay attack prevents further frame authentication. To mitigate the identified attacks, we propose two new authentication protocols. At first, we propose one pass authentication protocol for computationally re- stricted nodes. For nodes that are not restricted computationally, we present a certificateless signature-based authentication proto- col. Additionally, we present a new certificateless key insulated manageable signature (CL-KIMS) scheme for the signature-based authentication protocol. CL-KIMS ensures key insulation and random access key update properties. CL-KIMS scheme assures a novel property, known as self-healing property. The security of the proposed protocol suite and the signature scheme is formally analysed using the random oracle model (ROM). Especially, CL- KIMS scheme is shown to be provably secure in the ROM against Type-I and Type-II adversaries. We use the Tamarin tool to verify mutual authentication, session key security, known key secrecy and forward security. A detailed performance comparison shows that compared with the existing protocol suites, the proposed protocol suite has lesser communication overhead and ensures

Abstract

Identity-based encryption is an important cryptographic system that is employed to ensure confidentiality of a message in communication. &is article presents a provably secure identity based encryption based on post quantum security assumption. &e security of the proposed encryption is based on the hard problem, namely Learning with Errors on integer lattices. &is construction is anonymous and produces pseudo random ciphers. Both public-key size and ciphertext-size have been reduced in the proposed encryption as compared to those for other relevant schemes without compromising the security. Next, we incorporate the constructed identity based encryption (IBE) for Internet of &ings (IoT) applications, where the IoT smart devices send securely the sensing data to their nearby gateway nodes(s) with the help of IBE and the gateway node(s) secure aggregate the data from the smart devices by decrypting the messages using the proposed IBE decryption. Later, the gateway nodes will securely send the aggregated data to the cloud server(s) and the Big data analytics is performed on the authenticated data using the Artificial Intelligence (AI)/Machine Learning (ML) algorithms for accurate and better predictions.

Abstract

The Internet of Medical Things (IoMT) is a collection of smart healthcare devices, hardware infrastructure, and related software applications, facilitating to connect healthcare information technology system via the Internet. It is also called IoT in healthcare, facilitating secure communication of remote healthcare devices over the Internet for quick and flexible analysis of healthcare data. In other words, IoMT is an amalgam of medical devices and applications, which improves overall healthcare outcomes. However, this system is prone to security- and privacy-related attacks on healthcare data. Therefore, providing a robust security mechanism to prevent the attacks and vulnerability of IoMT is essential. To mitigate this, we proposed a new Artificial-Intelligence envisioned secure communication scheme for IoMT. The discussed network and threat models provide details of the associated network arrangement of the IoMT devices and attacks relevant to IoMT. Furthermore, we provide the security analysis of the proposed scheme to show its security against different possible attacks. Moreover, a comparative study of the proposed scheme with other similar schemes is presented. Our results show that the proposed scheme outperforms other similar schemes in terms of communication and computation costs, and security and functionality attributes. Finally, we provide a pragmatic study of the proposed scheme to observe its impact on various network performance parameters.

Abstract

The cyber physical systems integrate the sensing, computation, control and networking processes into physical objects and infrastructure, which are connected through the Internet to execute a common task. Cyber physical systems can be applied in various applications, like healthcare, transportation, industrial production, environment and sustainability, and security and surveillance. However, the tight coupling of cyber systems with physical systems introduce challenges in addressing stability, security, efficiency and reliability. The machine learning (ML) security is the inclusion of cyber security mechanism to provide protection to the machine learning models against various cyber attacks. The ML models work through the traditional training and testing approaches. However, execution of such kind of approaches may not function effectively in case if a system is connected to the Internet. As online hackers can exploit deployed security mechanisms and poison the data. This data is then taken as the input by the ML models. In this article, we provide the details of various machine learning security attacks in cyber physical systems. We then discuss some defense mechanisms to protect against these attacks. We also present a threat model of ML security mechanisms deployed in cyber systems. Furthermore, we discuss various issues and challenges of ML security mechanisms deployed in cyber systems. Finally, we provide a detailed comparative study on performance of the ML models under the influence of various ML attacks in cyber physical systems.

Abstract

Elliptic Curve Cryptography (ECC)-based authenti-cation schemes for the Radio-frequency identification (RFID) environment have emerged as a very safe, secure, and robust candidate of mutual authentication. However, the limited resource availability in a passive tag makes such schemes difficult to realize in practice. Public/private key pair generation, storage, and the computation using those keys are the major bottlenecks towards the faster and efficient design of such schemes. Therefore, we have designed our scheme without using public/private key pairs. We only utilize the Elliptic Curve Discrete Logarithm Problem (ECDLP) property for the realization of our key-less scheme on the secure elliptic curves. Our scheme is primarily aimed at efficient implementation of authentication schemes in Warehouse Management System (WMS), where the data is stored in local servers. This new idea helps to save the memory space in the tags and the server. Moreover, the computation cost also reduces to a great extent in comparison to other schemes. We have compared our scheme with several other schemes and found it efficient in terms of storage cost as well. The simulation result of our scheme with the popular automated software validation tool, Scyther, shows that it is safe from different possible attacks.

Abstract

Healthcare 5.0 is a system that can be deployed to provide various healthcare services. It does these services by utilising a new generation of information technologies, such as Internet of Things (IoT), Artificial Intelligence (AI), Big data analytics, blockchain and cloud computing. Due to the introduction of healthcare 5.0, the paradigm has been now changed. It is disease-centered to patient-centered care where it provides healthcare services and supports to the people. However, there are several security issues and challenges in healthcare 5.0 which may cause the leakage or alteration of sensitive healthcare data. This demands that we need a robust framework in order to secure the data of healthcare 5.0, which can facilitate different security related procedures like authentication, access control, key management and intrusion detection. Therefore, in this review article, we propose the design of a secure generalized healthcare 5.0 framework. The details of various applications of healthcare 5.0 along with the security requirements and threat model of healthcare 5.0 are provided. Next, we discuss about the existing security mechanisms in healthcare 5.0 along with their performance comparison. Some future research directions are finally discussed for the researchers working in healthcare 5.0 domain.