Abstract

Secure storage and sharing of Personal Health Records (PHRs) in Internet of Medical Things (IoMT) is one of the significant challenges in the healthcare ecosystem. Due to the high value of personal health information, PHRs are one of the favourite targets of cyber attackers worldwide. Over the years, many solutions have been proposed; however, most solutions are inefficient for practical applications. For instance, several existing schemes rely on the bilinear pairings, which incur high computational costs. To mitigate these issues, we propose a novel PHR-sharing scheme that is dynamic, efficient, and practical. Specifically, we combine searchable symmetric encryption, blockchain technology and a decentralized storage system, known as Inter-Planetary File System (IPFS) to guarantee confidentiality of PHRs, verifiability of search results, and forward security. Moreover, we provide formal security proofs for the proposed scheme. Finally, we have conducted extensive test-bed experiments and the results demonstrate that the proposed scheme can be used in practical scenarios related to IoMT environment.

Abstract

In V2X (vehicle-to-everything) communication, there is a two-way communication among the vehicle(s) and other Internet of Things (IoT)-enabled smart devices around it that may change how we need to drive. Due to the advancement of Information and Communications Technology (ICT) and the rapid development of IoT in transportation, traditional applications are converted to intelligent applications. In V2X communications, the collected information from the IoT smart devices and other sources passes through low-latency, high-bandwidth, high-reliability links. With the future adoption of the 5th generation mobile network (5G) and beyond networks, V2X continues to produce a huge volume of data. However, collecting and storing data securely in blockchain-based storage are extremely needed for immutability and transparency. In this survey article, the convergence of IoT, V2X and blockchain technologies, and various security challenges and their countermeasures are discussed. Next, we discuss various V2X applications and their respective services. Moreover, IoT-V2X architecture and its enabling technologies are discussed in this article. In addition, we also provide a comprehensive analysis of various security mechanisms. Finally, we provide some important challenges and issues of Blockchain for Intelligent Transportation System (BITS)

Abstract

The Internet of Things (IoT)-enabled ride sharing is one of the most transforming and innovative technologies in the transportation industry. It has myriads of advantages, but with increasing demands there are security concerns as well. Traditionally, cryptographic methods are used to address the security and privacy concerns in a ride sharing system. Unfortunately, due to the emergence of quantum algorithms, these cryptographic protocols may not remain secure. Hence, there is a necessity for privacy-preserving ride sharing protocols which can resist various attacks against quantum computers. In the domain of privacy preserving ride sharing, a threshold private set intersection (TPSI) can be adopted as a viable solution because it enables the users to determine the intersection of private data sets if the set intersection cardinality is greater than or equal to a threshold value. Although TPSI can help to alleviate privacy concerns, none of the existing TPSI is quantum secure. Furthermore, the existing TPSI faces the issue of long-term security. In contrast to classical and post quantum cryptography, quantum cryptography (QC) provides a more robust solution, where QC is based on the postulates of quantum physics (e.g., Heisenberg uncertainty principle, no cloning theorem, etc.) and it can handle the prevailing issues of quantum threat and long-term security. Herein, we propose the first QC based TPSI protocol which has a direct application in privacy preserving ride sharing. Due to the use of QC, our IoT-enabled ride sharing scheme remains quantum secure and achieves long-term security as well.

Abstract

The objective of Advanced Persistent Threat (APT) attacks is to exploit Cyber-Physical Systems (CPSs) in combination with the Industrial Internet of Things (I-IoT) by using fast attack methods. Machine learning (ML) techniques have shown potential in identifying APT attacks in autonomous and malware detection systems. However, detecting hidden APT attacks in the I-IoT-enabled CPS domain and achieving real-time accuracy in detection present significant challenges for these techniques. To overcome these issues, a new approach is suggested that is based on the Graph Attention Network (GAN), a multi- dimensional algorithm that captures behavioral features along with the relevant information that other methods do not deliver. This approach utilizes masked self-attentional layers to address the limitations of prior Deep Learning (DL) methods that rely on convolutions. Two datasets, the DAPT2020 malware, and Edge I-IoT datasets are used to evaluate the approach, and it attains the highest detection accuracy of 96.97% and 95.97%, with prediction time of 20.56 seconds and 21.65 seconds, respectively. The GAN approach is compared to conventional ML algorithms, and simulation results demonstrate a significant performance improvement over these algorithms in the I-IoT-enabled CPS realm.

Abstract

A persistent, targeted cyber attack is called an advanced persistent threat (APT) attack. The attack is mainly launched to gain sensitive information, take over the system, and for financial gain, which creates nowadays more hurdles and challenges for the organization in preventing, detecting, and recovering from such attacks. Due to the nature of APT attacks, it is difficult to detect them quickly. Therefore machine learning techniques come into these research areas. This study uses deep and machine learning models such as random forest, decision tree, convolutional neural network, multilayer perceptron and so forth to categorize and effectively detect APT attacks by utilizing publicly accessible datasets. The datasets used in this study are CSE-CIC-IDS2018, CIC-IDS2017, NSL-KDD, and UNSW-NB15. This study proposes the hybrid ensemble machine learning model, a mixed approach of random forest and XGBoost classifiers. It has obtained the maximum prediction accuracy of 98.92%, 99.91%, 99.24%, and 97.11% for datasets CSE-CIC-IDS2018, CIC-IDS2017, NSL-KDD, and UNSW-NB15, with a false positive rate of 0.52%, 0.12%, 0.62%, and 5.29% respectively. These results are compared to other closely related recent studies in the literature. Our experiment's findings show that our model has performed significantly better for all datasets.

Abstract

The most significant and critical infrastructures, such as the electricity utilities, clean water facilities, nuclear plants and manufacturing industries are controlled and supervised by the industrial control systems. These systems undergo through a metamorphosis as a result of the Industry 4.0 revolution, which emphasises enhanced connectivity and flexibility with the Internet of Things (IoT) and cloud computing technologies. As the data is transferred across the Internet, Industry 4.0 communication can be easily attacked by launching different potential attacks. As a consequence, we attempt to propose a novel certificate-based access control and key establishment scheme for securing Industry 4.0 communication, called ACKS-IA. It offers access control and key establishment between smart industrial devices, as well as between a smart device and its associated cloud server. A formal security analysis of ACKS-IA through the broadly-accepted Burrows–Abadi– Needham (BAN) logic is provided. It confirms that ACKS-IA is secured and provides secure mutual authentication among the communication entities. The detailed informal security analysis and comparative study with the existing related schemes reveal that the proposed ACKS-IA is secured and efficient in terms of communication cost, computation cost, and security and functionality features including anonymity and untraceability as compared to other competing schemes. Finally, a real testbed implementation of ACKS-IA is provided to measure its effect on important performance attributes.

Abstract

The epidemic growth of the Internet of Things (IoT) objects have revolutionized Maritime Transportation Systems (MTS). Though, it becomes challenging for the centralized cloud-centric framework to fulfil the application requirements such as low latency and power utilization. The introduction of the distributed edge-centric framework has recently helped the IoT-enabled MTS to meet these requirements by manipulating the tasks at the edge of the networks. Despite the fact that MTS leverages mobile subscribers by overcoming inherent cloud computing limitations, data security and user privacy requirements in establishing the MTS setup are still non-trivial challenges. In this article, we develop a key agreement solution for mobile users to realize mutual authentication in a single round. Our protocol offers user anonymity to maintain user privacy, and it can prevent physical attacks by physically unclonable functions. Initially, the security analysis is conferred to substantiate our protocol’s security persistence or strength. Later, its performance correlation is observed under the assumption of diverse metrics in a predefined empirical setup. The meticulous performance correlation endorses the precedence of our protocol over specified related protocols.

Abstract

In recent years there has been rampant growth in the field of ML, AI, Big Data, IoT, cyber security, and cloud computing. These technologies have also integrated into the field of smart healthcare. The Internet of Medical Things (IoMT)-driven e-health is one such domain, which utilizes these modern technologies to provide cost-effective and secure healthcare care services to the patients [1]. It contain sensors, devices, actuators, etc. All the raw data is collected from these devices, which is prepossessed and refined to give useful insights. The medical professional can analyze and visualize critical health parameters such as ‘‘blood pressure (BP), heart rate, temperature, etc Based on the current status of the patient, alerts can be generated to doctors or the nursing staff in case of any eventuality. The integration of IoMT with e-health can enhance live tracking, monitoring and health services of patients [2], [3]. This data is regularly shared by the integrated devices and stored over the cloud server, where the healthcare professional can get all the diagnostics of patients. With the benefits of the technology, there are some security challenges. It can be architectural design flaws, a software bug, or a hardware backdoor that can lead to the compromise of the security of the systems. The cyber threat actor can gain authorized access to the system and paralyze all the networks at once. Weak control access, authentication and authorization protocols in the network may compromise the systems to the cyber attackers [4]. Attacks such as ransomware, rootkit, malware, denial of service (DoS), etc., can cause harm to the devices and tamper the healthcare data. Attackers can remotely access the smart healthcare devices and can use them as the botnet devices. With remote access, the attackers can redirect the network somewhere else and can huge network flooding [5], [6]. There have been a lot of high-impact cyber attacks happening to the e-health infrastructure. For example, a patient with the smart pacemaker monitors heart rate, temperature, and blood flow rate that can be critical to a heart alignment patient. Imagine this device gets compromised by a threat actor, it can create panic even worse and can cause death to the patient [7]. For mitigation of the cyber-attacks on all the critical infrastructure (i.e., e-health), cyber security comes into action. With threat modeling and hunting, we can actively search for any threat in the network, its source, and the severity of the threats. Once threats are found in the network, all the mitigation techniques can be used to secure the network from any intrusion. Cyber security provides a strong mechanism (i.e., authentication and key agreement) with all the tools and techniques to safeguard the e-health system [5], [6], [8]. Therefore, proper registration, authentication, authorization and intrusion detection schemes can be used to mitigate the various cyber attacks, i.e., ‘‘replay attempts, man-in-themiddle (MiTM) attacks, replay attacks, illegal session key computation, stolen verifier, etc., [8]

Abstract

Internet of Things (IoT)-based smart factories offer the manufacturing sectors a great opportunity to embrace the fourth industrial revolution (Industry 4.0). The real-time monitoring of manufacturing operations in an Industry 4.0 needs to be ensured by the deployed technologies, like Artificial Intelligence (AI) and Big Data analytics. The overall purpose is to improve the outcomes of the production process. However, Industry 4.0 becomes vulnerable to different potential attacks as the communication takes place via public environments. In this article, an authentication and key agreement method has been suggested to secure the communication that can occur in a Fog-based Industry 4.0 environment. The security proposal provides secure mutual authentication along with key establishment between various smart industrial devices and fog servers, as well as between fog servers and cloud servers. The security analysis and comparative study reveal that the proposed method can mitigate various potential attacks, and it also offers important security and functionality attributes as compared to those for other competing schemes.

Abstract

Denial-of-service (DoS) attacks are a major concern in the field of Internet technology, and they pose a difficult security challenge. Among the different types of DoS attacks, distributed denial-of-service (DDoS) attacks are especially concerning because they can quickly drain the resources of a target, disrupting their computational and communication capabilities without warning. In response to the severity of this problem, various defense strategies have been developed to defend against DDoS attacks. In this paper, a survey on the various DDoS attacks detection schemes is presented. An overview of the DDoS attack methodology is given. The information on different types of DDoS detection methods in SDN environment is also provided. Then a comparative study of different DDoS attack detection schemes is given, which contains the comparisons of different schemes in terms of their advantages, limitations, accuracy values, and time complexity.