Authentication-based Access Control and Data Exchanging Mechanism of IoT Devices in Fog Computing Environment

The emergence of fog computing has witnessed a big role in initiating secure communication amongst users. Fog computing poses the ability to perform analysis, processing, and storage for a set of Internet of Things (IoT) devices. Several IoT solutions are devised by utilizing the fog nodes to alleviate IoT devices from complex computation and heavy processing. This paper proposes an authentication scheme using fog nodes to manage IoT devices by providing security without considering a trusted third party. The proposed authentication scheme employed the benefits of fog node deployment. The authentication scheme using fog node offers reliable verification between the data owners and the requester without depending on the third party users. The proposed authentication scheme using fog nodes effectively solved the problems of a single point of failure in the storage system and offers many benefits by increasing the throughput and reducing the cost. The proposed scheme considers several entities, like end-users, IoT devices, fog nodes, and smart contracts, which help to administrate the authentication using access policies. The proposed authentication scheme using fog node provided superior results than other methods with minimal memory value of 4009.083 KB, minimal time of 76.915 s, and maximal Packet delivery ratio (PDR) of 76.

     

Performance optimization for smart grid blockchainintegrated with fog computing using DDQN

In order to solve the energy crisis and pollution problems, smart grid is widely used. However, there are many challenges such as the management of distributed energy during the construction. Blockchain, as an emerging technology, can provide a secure and transparent solution to the decentralized network. Meanwhile, fog computing network is considered to avoid the high deployment cost. The edge servers have abundant computing and storage resources to perform as nodes in grid blockchain. In this paper, an innovative structure of smart grid blockchain integrated with fog computing are proposed. And a new consensus mechanism called scalable proof of cryptographic selection (SPoCS) is designed to adapt the hybrid networks. The mechanism not only includes a special index, contribution degree, to measure the loyalty of fog nodes and the probability of being a function node, but also has flexible block interval adjustment method. Meanwhile, the number of function nodes (validating nodes and ordering nodes) can also be adjusted. And a deep reinforcement learning (DRL) method is used to select the appropriate quantity to improve the performance under the strict constraints of security and decentralization. The simulation shows the scheme performs well in the throughput, cost and latency.     

Authenticated key agreement scheme for fog-driven IoT healthcare system

The convergence of cloud computing and Internet of Things (IoT) is partially due to the pragmatic need for delivering extended services to a broader user base in diverse situations. However, cloud computing has its limitation for applications requiring low-latency and high mobility, particularly in adversarial settings (e.g. battlefields). To some extent, such limitations can be mitigated in a fog computing paradigm since the latter bridges the gap between remote cloud data center and the end devices (via some fog nodes). However, fog nodes are often deployed in remote and unprotected places. This necessitates the design of security solutions for a fog-based environment. In this paper, we investigate the fog-driven IoT healthcare system, focusing only on authentication and key agreement. Specifically, we propose a three-party authenticated key agreement protocol from bilinear pairings. We introduce the security model and present the formal security proof, as well as security analysis against common attacks. We then evaluate its performance, in terms of communication and computation costs.

     

ECC-CoAP: Elliptic Curve Cryptography Based Constraint Application Protocol for Internet of Things

Constraint Application Protocol (CoAP), an application layer based protocol, is a compressed version of HTTP protocol that is used for communication between lightweight resource constraint devices in Internet of Things (IoT) network. The CoAP protocol is generally associated with connectionless User Datagram Protocol (UDP) and works based on Representational State Transfer architecture. The CoAP is associated with Datagram Transport Layer Security (DTLS) protocol for establishing a secure session using the existing algorithms like Lightweight Establishment of Secure Session for communication between various IoT devices and remote server. However, several limitations regarding the key management, session establishment and multi-cast message communication within the DTLS layer are present in CoAP. Hence, development of an efficient protocol for secure session establishment of CoAP is required for IoT communication. Thus, to overcome the existing limitations related to key management and multicast security in CoAP, we have proposed an efficient and secure communication scheme to establish secure session key between IoT devices and remote server using lightweight elliptic curve cryptography (ECC). The proposed ECC-based CoAP is referred to as ECC-CoAP that provides a CoAP implementation for authentication in IoT network. A number of well-known cryptographic attacks are analyzed for validating the security strength of the ECC-CoAP and found that all these attacks are well defended. The performance analysis of the ECC-CoAP shows that our scheme is lightweight and secure.

     

SRGH: A secure and robust group‐based handover AKA protocol for MTC in LTE‐A networks

Machine‐type communication (MTC) is defined as an automatic aggregation, processing, and exchange of information among intelligent devices without humans intervention. With the development of immense embedded devices, MTC is emerging as the leading communication technology for a wide range of applications and services in the Internet of Things (IoT). For achieving the reliability and to fulfill the security requirements of IoT‐based applications, researchers have proposed some group‐based handover authentication and key agreement (AKA) protocols for mass MTCDs in LTE‐A networks. However, the realization of secure handover authentication for the group of MTCDs in IoT enabled LTE‐A network is an imminent issue. Whenever mass MTCDs enter into the coverage area of target base‐station simultaneously, the protocols incur high signaling congestion. In addition, the existing group‐based handover protocols suffer from the huge network overhead and numerous identified problems such as lack of key forward/backward secrecy, privacy‐preservation. Moreover, the protocols fail to avoid the key escrow problem and vulnerable to malicious attacks. To overcome these issues, we propose a secure and robust group‐based handover (SRGH) AKA protocol for mass MTCDs in LTE‐A network. The protocol establishes the group key update mechanism with forward/backward secrecy. The formal security proof demonstrates that the protocol achieves all the security properties including session key secrecy and data integrity. Furthermore, the formal verification using the AVISPA tool shows the correctness and informal analysis discusses the resistance from various security problems. The performance evaluation illustrates that the proposed protocol obtains substantial efficiency compared with the existing group‐based handover AKA protocols.     

Unmanned aerial vehicles in collaboration with fog computing network for improving quality of service

In this paper, we study a UAV-based fog or edge computing network in which UAVs and fog/edge nodes work together intelligently to provide numerous benefits in reduced latency, data offloading, storage, coverage, high throughput, fast computation, and rapid responses. In an existing UAV-based computing network, the users send continuous requests to offload their data from the ground users to UAV–fog nodes and vice versa, which causes high congestion in the whole network. However, the UAV-based networks for real-time applications require low-latency networks during the offloading of large volumes of data. Thus, the QoS is compromised in such networks when communicating in real-time emergencies. To handle this problem, we aim to minimize the latency during offloading large amounts of data, take less computing time, and provide better throughput. First, this paper proposed the four-tier architecture of the UAVs–fog collaborative network in which local UAVs and UAV–fog nodes do smart task offloading with low latency. In this network, the UAVs act as a fog server to compute data with the collaboration of local UAVs and offload their data efficiently to the ground devices. Next, we considered the Q-learning Markov decision process (QLMDP) based on the optimal path to handle the massive data requests from ground devices and optimize the overall delay in the UAV-based fog computing network. The simulation results show that this proposed collaborative network achieves high throughput, reduces average latency up to 0.2, and takes less computing time compared with UAV-based networks and UAV-based MEC networks; thus, it can achieve high QoS.     

Towards asynchronous federated learning for heterogeneous edge-powered internet of things

The advancement of the Internet of Things (IoT) brings new opportunities for collecting real-time data and deploying machine learning models. Nonetheless, an individual IoT device may not have adequate computing resources to train and deploy an entire learning model. At the same time, transmitting continuous real-time data to a central server with high computing resource incurs enormous communication costs and raises issues in data security and privacy. Federated learning, a distributed machine learning framework, is a promising solution to train machine learning models with resource-limited devices and edge servers. Yet, the majority of existing works assume an impractically synchronous parameter update manner with homogeneous IoT nodes under stable communication connections. In this paper, we develop an asynchronous federated learning scheme to improve training efficiency for heterogeneous IoT devices under unstable communication network. Particularly, we formulate an asynchronous federated learning model and develop a lightweight node selection algorithm to carry out learning tasks effectively. The proposed algorithm iteratively selects heterogeneous IoT nodes to participate in the global learning aggregation while considering their local computing resource and communication condition. Extensive experimental results demonstrate that our proposed asynchronous federated learning scheme outperforms the state-of-the-art schemes in various settings on independent and identically distributed (i.i.d.) and non-i.i.d. data distribution.     

基于区块链的雾网络中的任务卸载优化方案研究

当前物联网(IoT)应用的快速增长对用户设备的计算能力是一个巨大的挑战。雾计算(FC)网络可为用户设备提供近距离、快速的计算服务,为资源紧张,计算能力有限的用户设备提供了解决方案。该文提出一个基于区块链的雾网络模型,该模型中用户设备可以将计算密集型任务卸载到计算能力强的节点处理。为最小化任务处理时延和能耗,引入两种任务卸载模型,即设备到设备(D2D)协作群组任务卸载和雾节点(FNs)任务卸载。此外,针对雾计算网络任务卸载过程的数据安全问题,引入区块链技术构建去中心化分布式账本,防止恶意节点修改交易信息,实现数据安全可靠传输。为降低共识机制时延和能耗,提出了改进的基于投票的委托权益证明(DPoS)共识机制,得票数超过阈值的FNs组成验证集,验证集中的FN轮流作为管理者生成新区块。最后,以最小化网络成本为目标,联合优化任务卸载决策、传输速率分配和计算资源分配,提出任务卸载决策和资源分配(TODRA)算法进行求解,并通过仿真实验验证了该算法的有效性。     

基于雾计算的物联网架构研究

物联网是一种能将物体连接至互联网使其更加智能的技术.但是物联网设备产生的大数据难以处理,网络架构的可扩展性差,以及用户的安全隐私容易泄露等问题都限制了物联网的发展.为了解决这些问题,通过分析雾计算所具有的优势提出基于雾计算的物联网架构.基于该架构,同时考虑到用户的安全隐私问题,又提出分层的网络架构.最后对文章进行总结和展望.     

RAD‐EI: A routing attack detection scheme for edge‐based Internet of Things environment

Internet of Things (IoT) offers various types of application services in different domains, such as “smart infrastructure, health‐care, critical infrastructure, and intelligent transportation system.” The name edge computing signifies a corner or edge in a network at which traffic enters or exits from the network. In edge computing, the data analysis task happens very close to the IoT smart sensors and devices. Edge computing can also speed up the analysis process, which allows decision makers to take action within a short duration of time. However, edge‐based IoT environment has several security and privacy issues similar to those for the cloud‐based IoT environment. Various types of attacks, such as “replay, man‐in‐the middle, impersonation, password guessing, routing attack, and other denial of service attacks” may be possible in edge‐based IoT environment. The routing attacker nodes have the capability to deviate and disrupt the normal flow of traffic. These malicious nodes do not send packets (messages) to the edge node and only send packets to its neighbor collaborator attacker nodes. Therefore, in the presence of such kind of routing attack, edge node does not get the information or sometimes it gets the partial information. This further affects the overall performance of communication of edge‐based IoT environment. In the presence of such an attack, the “throughput of the network” decreases, “end‐to‐end delay” increases, “packet delivery ratio” decreases, and other parameters also get affected. Consequently, it is important to provide solution for such kind of attack. In this paper, we design an intrusion detection scheme for the detection of routing attack in edge‐based IoT environment called as RAD‐EI. We simulate RAD‐EI using the widely used “NS2 simulator” to measure different network parameters. Furthermore, we provide the security analysis of RAD‐EI to prove its resilience against routing attacks. RAD‐EI accomplishes around 95.0% “detection rate” and 1.23% “false positive rate” that are notably better than other related existing schemes. In addition, RAD‐EI is efficient in terms of computation and communication costs. As a result, RAD‐EI is a good match for some critical and sensitive applications, such as smart security and surveillance system.     

Group and hierarchical key management for secure communications in internet of things

Different devices with different characteristics form a network to communicate among themselves in Internet of Things (IoT). Thus, IoT is of heterogeneous in nature. Also, Internet plays a major role in IoT. So, issues related to security in Internet become issues of IoT also. Hence, the group and hierarchical management scheme for solving security issues in Internet of Things is proposed in this paper. The devices in the network are formed into groups. One of the devices is selected as a leader of each group. The communication of the devices from each group takes place with the help of the leader of the corresponding group using encrypted key to enhance the security in the network. Blom's key predistribution technique is used to establish secure communication among any nodes of group. The hierarchy is maintained such that the security can be increased further, but the delay is increased as it takes time to encrypt at every level of hierarchy. Hence, the numbers of levels of hierarchy need to be optimized such that delay is balanced. Hence, this algorithm is more suitable for delay‐tolerant applications. The performance of the proposed Algorithm is evaluated and is proved to perform better when compared with the legacy systems like Decentralized Batch‐based Group Key Management Protocol for Mobile Internet of Things (DBGK).     

Lightweight PUF based authentication scheme for fog architecture

Fog computing improves efficiency and reduces the amount of bandwidth to the cloud. In many use cases, the internet of things (IoT) devices do not know the fog nodes in advance. Moreover, as the fog nodes are often placed in open publicly available places, they can be easily captured. Therefore, it should be ensured that even if the key material is leaked from the fog devices, the previously generated session keys and the identity of the devices can be kept secret, i.e. satisfying anonymity, unlinkability, perfect forward secrecy and resistance against stolen devices attack. Such demands require a multi-factor authentication scheme, which is typically done by providing input of the user with password or biometric data. However, in real use case scenarios, IoT devices should be able to automatically start the process without requiring such manual interaction and also fog devices need to autonomously operate. Therefore, this paper proposes a physical unclonable function (PUF) based mutual authentication scheme, being the first security scheme for a fog architecture, capable of providing simultaneously all these suggested security features. In addition, we also show the resistance against other types of attacks like synchronization and known session specific temporary information attack. Moreover, the scheme only relies on symmetric key based operations and thus results in very good performance, compared to the other fog based security systems proposed in literature.

     

An application of meta-heuristic and nature-inspired algorithms for designing reliable networks based on the Internet of things: A systematic literature review

The widespread use of Internet of Things (IoT) in various wireless sensor networks applications has increased their importance in recent years. IoT is a smart technology that connects anything anywhere at any time. These smart objects, which connect the physical world with the world of computing infrastructure, are expected to permeate all aspects of our daily lives and revolutionize a number of application domains such as healthcare, energy conservation, and transportation. As wireless networking expands, the disadvantage of wireless communication is clearly obvious. People's apprehension over the IoT's dependability has therefore skyrocketed. IoT networks' key requirements are dependability, channel security, fault tolerance, and reliability. Monitoring the IoT networks depends on the availability and correct functioning of all the network nodes. Recent research has proposed promising solutions to address these challenges. This article systematically examines recent articles that use meta-heuristic and nature-inspired algorithms to establish reliable IoT networks. Eighteen articles were analyzed in four groups. Results showed that reliable enhancement mechanisms in IoT networks increase fault node detection, network efficiency, and lifetime and attain energy optimization results in the IoT concept. Additionally, it was discovered in the literature that the current studies focus on how to effectively use edge network capabilities for IoT application executions and support, along with the related needs.     

Secured data offloading using reinforcement learning and Markov decision process in mobile edge computing

Mobile Internet services are developing rapidly for several applications based on computational ability such as augmented/virtual reality, vehicular networks, etc. The mobile terminals are enabled using mobile edge computing (MEC) for offloading the task at the edge of the cellular networks, but offloading is still a challenging issue due to the dynamism, and uncertainty of upcoming IoT requests and wireless channel state. Moreover, securing the offloading data enhanced the challenges of computational complexities and required a secure and efficient offloading technique. To tackle the mentioned issues, a reinforcement learning-based Markov decision process offloading model is proposed that optimized energy efficiency, and mobile users' time by considering the constrained computation of IoT devices, moreover guarantees efficient resource sharing among multiple users. An advanced encryption standard is employed in this work to fulfil the requirements of data security. The simulation outputs reveal that the proposed approach surpasses the existing baseline models for offloading overhead and service cost QoS parameters ensuring secure data offloading.     

A blockchain-enabled security management framework for mobile edge computing

Mobile edge computing (MEC) integrates mobile and edge computing technologies to provide efficient computing services with low latency. It includes several Internet of Things (IoT) and edge devices that process the user data at the network's edge. The architectural characteristic of MEC supports many internet-based services, which attract more number of users, including attackers. The safety and privacy of the MEC environment, especially user information is a significant concern. A lightweight accessing and sharing protocol is required because edge devices are resource constraints. This paper addresses this issue by proposing a blockchain-enabled security management framework for MEC environments. This approach provides another level of security and includes blockchain security features like temper resistance, immutable, transparent, traceable, and distributed ledger in the MEC environment. The framework guarantees secure data storage in the MEC environment. The contributions of this paper are twofold: (1) We propose a blockchain-enabled security management framework for MEC environments that address the security and privacy concerns, and (2) we demonstrate through simulations that the framework has high performance and is suitable for resource-constrained MEC devices. In addition, a smart contract-based access and sharing mechanism is proposed. Our research uses a combination of theoretical analysis and simulation experiments to demonstrate that the proposed framework offers high security, low latency, legitimate access, high throughput, and low operations cost.     

Blockchain-based fog radio access networks: Architecture,key technologies,and challenges

Fog Radio Access Network (F-RAN) has been regarded as a promising solution to the alleviation of the ever-increasing traffic burden on current and future wireless networks, for it shifts the caching and computing resources from remote cloud to the network edge. However, it makes wireless networks more vulnerable to security attacks as well. To resolve this issue, in this article, we propose a secure yet trustless Blockchain-based F-RAN (BF-RAN), which allows a massive number of trustless devices to form a large-scale trusted cooperative network by leveraging the key features of blockchain, such as decentralization, tamper-proof, and traceability. The architecture of BF-RAN is first presented. Then, the key technologies, including access control, dynamic resource management, and network deployment are discussed. Finally, challenges and open problems in the BF-RAN are identified.     

A New Method to Find a High Reliable Route in IoT by Using Reinforcement Learning and Fuzzy Logic

Recently, Internet is moving quickly toward the interaction of objects, computing devices, sensors, and which are usually indicated as the Internet of things (IoT). The main monitoring infrastructure of IoT systems main monitoring infrastructure of IoT systems is wireless sensor networks. A wireless sensor network is composed of a large number of sensor nodes. Each sensor node has sensing, computing, and wireless communication capability. The sensor nodes send the data to a sink or a base station by using wireless transmission techniques However, sensor network systems require suitable routing structure to optimizing the lifetime. For providing reasonable energy consumption and optimizing the lifetime of WSNs, novel, efficient and economical schemes should be developed. In this paper, for enhancing network lifetime, a novel energy-efficient mechanism is proposed based on fuzzy logic and reinforcement learning. The fuzzy logic system and reinforcement learning is based on the remained energies of the nodes on the routes, the available bandwidth and the distance to the sink. This study also compares the performance of the proposed method with the fuzzy logic method and IEEE 802.15.4 protocol. The simulations of the proposed method which were carried out by OPNET (Optimum Network performance) indicated that the proposed method performed better than other protocols such as fuzzy logic and IEEE802.15.4 in terms of power consumption and network lifetime.

     

A Full Connectable and High Scalable Key Pre-distribution Scheme Based on Combinatorial Designs for Resource-Constrained Devices in IoT Network

Considering the internet of things (IoT), end nodes such as wireless sensor network, RFID and embedded systems are used in many applications. These end nodes are known as resource-constrained devices in the IoT network. These devices have limitations such as computing and communication power, memory capacity and power. Key pre-distribution schemes (KPSs) have been introduced as a lightweight solution to key distribution in these devices. Key pre-distribution is a special type of key agreement that aims to select keys called session keys in order to establish secure communication between devices. One of these design types is the using of combinatorial designs in key pre-distribution, which is a deterministic scheme in key pre-distribution and has been considered in recent years. In this paper, by introducing a key pre-distribution scheme of this type, we stated that the model introduced in the two benchmarks of KPSs comparability had full connectivity and scalability among the designs introduced in recent years. Also, in recent years, among the combinatorial design-based key pre-distribution schemes, in order to increase resiliency as another criterion for comparing KPSs, attempts were made to include changes in combinatorial designs or they combine them with random key pre-distribution schemes and hybrid schemes were introduced that would significantly reduce the design connectivity. In this paper, using theoretical analysis and maintaining full connectivity, we showed that the strength of the proposed design was better than the similar designs while maintaining higher scalability.

     

Secure and efficient scheme for fast initial link setup against key reinstallation attacks in IEEE 802.11ah networks

IEEE 802.11ah is a recently released IEEE standard to specify a wireless communication system with a long‐range, low‐power, and low data transmission rate over smart devices used in Internet of Things (IoT) systems. This new standard belongs to IEEE 802.11 wireless local area networks (WLANs) protocol family. It requires lightweight protocols to support the low‐power and low‐latency features of the IoT devices. On the other hand, an upcoming solution of fast initial link setup (FILS) specified by IEEE 802.11ai standard is a brand‐new approach aiming to establish fast and secure links among devices in WLANs to meet this new demand. It is natural and feasible to apply it to the 802.11ah networks to support massively deployed wireless nodes. However, security concerns on the link connection by the FILS scheme have not been fully eliminated, especially in the authentication process. It has been explored that a type of recently revealed malicious attack, key reinstallation attack (KRA) might be a threat to the FILS authentication. To prevent the success of the KRAs, in this paper, we proposed a secure and efficient FILS (SEF) protocol as the optional substitute of the FILS scheme. The SEF scheme is designed to eradicate potential threats from the KRAs without degrading the network performance.     

An Efficient and Secure Data Forwarding Mechanism for Opportunistic IoT

Internet of Things (IoT) is a heterogeneous network of interconnected things where users, smart devices and wireless technologies, collude for providing services. It is expected that a great deal of devices will get connected to the Internet in the near future. Opportunistic networks(OppNet) are a class of disruption tolerant networks characterized by uncertain topology and intermittent connectivity between the nodes. Opportunistic Internet of Things(OppIoT) is an amalgamation of the OppNet and IoT exploiting the communication between the IoT devices and the communities formed by humans. The data is exposed to a wide unfamiliar audience and the message delivery is dependent on the residual battery of the node, as most of the energy is spent on node discovery and message transmission. In such a scenario where a huge number of devices are accommodated, a scalable, adaptable, inter-operable, energy-efficient and secure network architecture is required. This paper proposes a novel defense mechanism against black hole and packet fabrication attacks for OppIoT, GFRSA, A Green Forwarding ratio and RSA (Rivest, Shamir and Adleman) based secure routing protocol. The selection of the next hop is based on node’s forwarding behavior, current energy level and its predicted message delivery probability. For further enhancing the security provided by the protocol, the messages are encrypted using asymmetric cryptography before transmission. Simulations performed using opportunistic network environment (ONE) simulator convey that GFRSA provides message security, saves energy and outperforms the existing protocols, LPRF-MC (Location Prediction-based Forwarding for Routing using Markov Chain) and RSASec (Asymmetric RSA-based security approach) in terms of correct packet delivery by 27.37%, message delivery probability is higher by 34.51%, number of messages dropped are reduced by 15.17% and the residual node energy is higher by 14.08%.