Hyper Elliptic Curve Based Certificateless Signcryption Scheme for Secure IIoT Communications

Industrial internet of things (IIoT) is the usage of internet of things (IoT) devices and applications for the purpose of sensing, processing and communicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-related processes to attain more profits. However, such IoT based smart industries need internet connectivity and interoperability which makes them susceptible to numerous cyber-attacks due to the scarcity of computational resources of IoT devices and communication over insecure wireless channels. Therefore, this necessitates the design of an efficient security mechanism for IIoT environment. In this paper, we propose a hyperelliptic curve cryptography (HECC) based IIoT Certificateless Signcryption (IIoT-CS) scheme, with the aim of improving security while lowering computational and communication overhead in IIoT environment. HECC with 80-bit smaller key and parameters sizes offers similar security as elliptic curve cryptography (ECC) with 160-bit long key and parameters sizes. We assessed the IIoT-CS scheme security by applying formal and informal security evaluation techniques. We used Real or Random (RoR) model and the widely used automated validation of internet security protocols and applications (AVISPA) simulation tool for formal security analysis and proved that the IIoT-CS scheme provides resistance to various attacks. Our proposed IIoT-CS scheme is relatively less expensive compared to the current state-of-the-art in terms of computational cost and communication overhead. Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead, respectively, compared to the most recent protocol.     

An End-to-End Authentication Scheme for Healthcare IoT Systems Using WMSN

The healthcare internet of things (IoT) system has dramatically reshaped this important industry sector. This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable connection of patients and healthcare providers. The goal is the remote monitoring of a patient’s physiological data by physicians. Moreover, this system can reduce the number and expenses of healthcare centers, make up for the shortage of healthcare centers in remote areas, enable consultation with expert physicians around the world, and increase the health awareness of communities. The major challenges that affect the rapid deployment and widespread acceptance of such a system are the weaknesses in the authentication process, which should maintain the privacy of patients, and the integrity of remote medical instructions. Current research results indicate the need of a flexible authentication scheme. This study proposes a scheme with enhanced security for healthcare IoT systems, called an end-to-end authentication scheme for healthcare IoT systems, that is, an E2EA. The proposed scheme supports security services such as a strong and flexible authentication process, simultaneous anonymity of the patient and physician, and perfect forward secrecy services. A security analysis based on formal and informal methods demonstrates that the proposed scheme can resist numerous security-related attacks. A comparison with related authentication schemes shows that the proposed scheme is efficient in terms of communication, computation, and storage, and therefore cannot only offer attractive security services but can reasonably be applied to healthcare IoT systems.     

Blockchain and IIoT Enabled Solution for Social Distancing and Isolation Management to Prevent Pandemics

Pandemics have always been a nightmare for humanity, especially in developing countries. Forced lockdowns are considered one of the effective ways to deal with spreading such pandemics. Still, developing countries cannot afford such solutions because these may severely damage the country’s economy. Therefore, this study presents the proactive technological mechanisms for business organizations to run their standard business processes during pandemic-like situations smoothly. The novelty of this study is to provide a state-of-the-art solution to prevent pandemics using industrial internet of things (IIoT) and blockchain-enabled technologies. Compared to existing studies, the immutable and tamper-proof contact tracing and quarantine management solution is proposed. The use of advanced technologies and information security is a critical area for practitioners in the internet of things (IoT) and corresponding solutions. Therefore, this study also emphasizes information security, end-to-end solution, and experimental results. Firstly, a wearable wristband is proposed, incorporating 4G-enabled ultra-wideband (UWB) technology for smart contact tracing mechanisms in industries to comply with standard operating procedures outlined by the world health organization (WHO). Secondly, distributed ledger technology (DLT) omits the centralized dependency for transmitting contact tracing data. Thirdly, a privacy-preserving tracing mechanism is discussed using a public/private key cryptography-based authentication mechanism. Lastly, based on geofencing techniques, blockchain-enabled machine-to-machine (M2M) technology is proposed for quarantine management. The step-by-step methodology and test results are proposed to ensure contact tracing and quarantine management. Unlike existing research studies, the security aspect is also considered in the realm of blockchain. The practical implementation of the proposed solution also obtains the results. The results indicate the successful implementation of blockchain-enabled contact tracing and isolation management using IoT and geo-fencing techniques, which could help battle pandemic situations. Researchers can also consider the 5G-enabled narrowband internet of things (NB-IoT) technologies to implement contact tracing solutions.     

Verifiable Identity-Based Encryption with Keyword Search for IoT from Lattice

Internet of Things (IoT), which provides the solution of connecting things and devices, has increasingly developed as vital tools to realize intelligent life. Generally, source-limited IoT sensors outsource their data to the cloud, which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved. Though encryption technology can guarantee the confidentiality of private data, it hinders the usability of data. Searchable encryption (SE) has been proposed to achieve secure data sharing and searching. However, most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers. Moreover, the untrusted cloud server may perform an unfaithful search execution. To address these problems, in this paper, we propose the first verifiable identity-based keyword search (VIBKS) scheme from lattice. In particular, a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results. Besides, in order to reduce the communication overhead, we refer to the identity-based mechanism. We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honest-but-curious adversary. In addition, we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.     

Task-Attribute-Based Access Control Scheme for IoT via Blockchain

As a new form of network, the Internet of things (IoT) is becoming more widely used in people’s lives. In this paper, related theoretical research and practical applications of the IoT are explored. The security of the IoT has become a hot research topic. Access controls are methods that control reasonable allocations of data and resources and ensure the security of the IoT. However, most access control systems do not dynamically assign users’ rights. Additionally, with some access control systems, there is a risk of overstepping other user’s authority, and there may exist a central authority that is a single point of failure. Therefore, to solve these problems, this paper proposes a Task-Attribute-Based Access Control scheme for the IoT via blockchain that combines the access control technologies of both the IoT and blockchain. This model, which merges the advantages of task-based access controls and attribute-based access controls, is perfectly integrated with blockchain technology. This model uses hash functions and digital signature algorithms to ensure the authenticity and integrity of the data, and it can dynamically allocate users’ minimum privileges and thus perfectly solves the single point of failure problem. The model is implemented using a Geth client and solidity code, and the simulation results demonstrate the effectiveness of the model.     

A Secure NDN Framework for Internet of Things Enabled Healthcare

Healthcare is a binding domain for the Internet of Things (IoT) to automate healthcare services for sharing and accumulation patient records at anytime from anywhere through the Internet. The current IP-based Internet architecture suffers from latency, mobility, location dependency, and security. The Named Data Networking (NDN) has been projected as a future internet architecture to cope with the limitations of IP-based Internet. However, the NDN infrastructure does not have a secure framework for IoT healthcare information. In this paper, we proposed a secure NDN framework for IoT-enabled Healthcare (IoTEH). In the proposed work, we adopt the services of Identity-Based Signcryption (IBS) cryptography under the security hardness Hyperelliptic Curve Cryptosystem (HCC) to secure the IoTEH information in NDN. The HCC provides the corresponding level of security using minimal computational and communicational resources as compared to bilinear pairing and Elliptic Curve Cryptosystem (ECC). For the efficiency of the proposed scheme, we simulated the security of the proposed solution using Automated Validation of Internet Security Protocols and Applications (AVISPA). Besides, we deployed the proposed scheme on the IoTEH in NDN infrastructure and compared it with the recent IBS schemes in terms of computation and communication overheads. The simulation results showed the superiority and improvement of the proposed framework against contemporary related works.     

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors. IoT devices are often small, low cost, and have limited resources. The IoT issues and challenges are growing increasingly. Security and privacy issues are among the most important concerns in IoT applications, such as smart buildings. Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks, where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel. Thus, remote cybersecurity attacks are a significant threat. Emerging applications in smart environments such as smart buildings require remote access for both users and resources. Since the user/building communication channel is insecure, a lightweight and secure authentication protocol is required. In this paper, we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment. The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous, unlinkable, and untraceable manner. The protocol also avoids clock synchronization problem and can resist quantum computing attacks. The security of the protocol is evaluated using two different methods: (1) informal analysis; (2) model check using the automated validation of internet security protocols and applications (AVISPA) toolkit. The communication overhead and computational cost of the proposed are analyzed. The security and performance analysis show that our protocol is secure and efficient.     

Cogent and Energy Efficient Authentication Protocol for WSN in IoT

Given the accelerating development of Internet of things (IoT), a secure and robust authentication mechanism is urgently required as a critical architectural component. The IoT has improved the quality of everyday life for numerous people in many ways. Owing to the predominantly wireless nature of the IoT, connected devices are more vulnerable to security threats compared to wired networks. User authentication is thus of utmost importance in terms of security on the IoT. Several authentication protocols have been proposed in recent years, but most prior schemes do not provide sufficient security for these wireless networks. To overcome the limitations of previous schemes, we propose an efficient and lightweight authentication scheme called the Cogent Biometric-Based Authentication Scheme (COBBAS). The proposed scheme is based on biometric data, and uses lightweight operations to enhance the efficiency of the network in terms of time, storage, and battery consumption. A formal security analysis of COBBAS using Burrows–Abadi–Needham logic proves that the proposed protocol provides secure mutual authentication. Formal security verification using the Automated Validation of Internet Security Protocols and Applications tool shows that the proposed protocol is safe against man-in-the-middle and replay attacks. Informal security analysis further shows that COBBAS protects wireless sensor networks against several security attacks such as password guessing, impersonation, stolen verifier attacks, denial-of-service attacks, and errors in biometric recognition. This protocol also provides user anonymity, confidentiality, integrity, and biometric recovery in acceptable time with reasonable computational cost.     

SIMAD: Secure Intelligent Method for IoT-Fog Environments Attacks Detection

The Internet of Thing IoT paradigm has emerged in numerous domains and it has achieved an exponential progress. Nevertheless, alongside this advancement, IoT networks are facing an ever-increasing rate of security risks because of the continuous and rapid changes in network environments. In order to overcome these security challenges, the fog system has delivered a powerful environment that provides additional resources for a more improved data security. However, because of the emerging of various breaches, several attacks are ceaselessly emerging in IoT and Fog environment. Consequently, the new emerging applications in IoT-Fog environment still require novel, distributed, and intelligent security models, controls, and decisions. In addition, the ever-evolving hacking techniques and methods and the expanded risks surfaces have demonstrated the importance of attacks detection systems. This proves that even advanced solutions face difficulties in discovering and recognizing these small variations of attacks. In fact, to address the above problems, Artificial Intelligence (AI) methods could be applied on the millions of terabytes of collected information to enhance and optimize the processes of IoT and fog systems. In this respect, this research is designed to adopt a new security scheme supported by an advanced machine learning algorithm to ensure an intelligent distributed attacks detection and a monitoring process that detects malicious attacks and updates threats signature databases in IoT-Fog environments. We evaluated the performance of our distributed approach with the application of certain machine learning mechanisms. The experiments show that the proposed scheme, applied with the Random Forest (RF) is more efficient and provides better accuracy (99.50%), better scalability, and lower false alert rates. In this regard, the distribution character of our method brings about faster detection and better learning.     

A Novel Ensemble Learning Algorithm Based on D-S Evidence Theory for IoT Security

In the last decade, IoT has been widely used in smart cities, autonomous driving and Industry 4.0, which lead to improve efficiency, reliability, security and economic benefits. However, with the rapid development of new technologies, such as cognitive communication, cloud computing, quantum computing and big data, the IoT security is being confronted with a series of new threats and challenges. IoT device identification via Radio Frequency Fingerprinting (RFF) extracting from radio signals is a physical-layer method for IoT security. In physical-layer, RFF is a unique characteristic of IoT device themselves, which can difficultly be tampered. Just as people’s unique fingerprinting, different IoT devices exhibit different RFF which can be used for identification and authentication. In this paper, the structure of IoT device identification is proposed, the key technologies such as signal detection, RFF extraction, and classification model is discussed. Especially, based on the random forest and Dempster-Shafer evidence algorithm, a novel ensemble learning algorithm is proposed. Through theoretical modeling and experimental verification, the reliability and differentiability of RFF are extracted and verified, the classification result is shown under the real IoT device environments.     

Blockzone: A Decentralized and Trustworthy Data Plane for DNS

The domain name system (DNS) provides a mapping service between memorable names and numerical internet protocol addresses, and it is a critical infrastructure of the Internet. The authenticity of DNS resolution results is crucial for ensuring the accessibility of Internet services. Hundreds of supplementary specifications of protocols have been proposed to compensate for the security flaws of DNS. However, DNS security incidents still occur frequently. Although DNS is a distributed system, for a specified domain name, only authorized authoritative servers can resolve it. Other servers must obtain the resolution result through a recursive or iterative resolving procedure, which renders DNS vulnerable to various attacks, such as DNS cache poisoning and distributed denial of service (DDoS) attacks. This paper proposes a novel decentralized architecture for a DNS data plane, which is called Blockzone. First, Blockzone utilizes novel mechanisms, which include on-chain authorization and off-chain storage, to implement a decentralized and trustworthy DNS data plane. Second, in contrast to the hierarchical authentication and recursive query of traditional DNS, Blockzone implements a decentralized operation model. This model significantly increases the efficiency of domain name resolution and verification and enhances the security of DNS against DDoS and cache poisoning attacks. In addition, Blockzone is fully compatible with the traditional DNS implementation and can be incrementally deployed as a plug-in service of DNS without changing the DNS protocol or system architecture. The Blockzone scheme can also be generalized to address security issues in other areas, such as the Internet of things and edge computing.     

我国ITS物联网发展策略研究

物物相联的物联网热浪为交通日益增长的我国提供了新的解决途径与发展机遇。提出了物联网下智能交通运输系统（ITS）的概念与架构,探讨了物联网下的ITS与传统ITS的区别及变革;分析了我国发展ITS物联网的基础条件以及需要突破的重点,提出了我国ITS物联网发展策略,以期促进我国交通运输业和物联网产业的快速发展。     

Post-Quantum Blockchain over Lattice

Blockchain is an emerging decentralized architecture and distributed computing paradigm underlying Bitcoin and other cryptocurrencies, and has recently attracted intensive attention from governments, financial institutions, high-tech enterprises, and the capital markets. Its cryptographic security relies on asymmetric cryptography, such as ECC, RSA. However, with the surprising development of quantum technology, asymmetric cryptography schemes mentioned above would become vulnerable. Recently, lattice-based cryptography scheme was proposed to be secure against attacks in the quantum era. In 2018, with the aid of Bonsai Trees technology, Yin et al. [Yin, Wen, Li et al. (2018)] proposed a lattice-based authentication method which can extend a lattice space to multiple lattice spaces accompanied by the corresponding key. Although their scheme has theoretical significance, it is unpractical in actual situation due to extremely large key size and signature size. In this paper, aiming at tackling the critical issue of transaction size, we propose a post quantum blockchain over lattice. By using SampleMat and signature without trapdoor, we can reduce the key size and signature size of our transaction authentication approach by a significant amount. Instead of using a whole set of vectors as a basis, we can use only one vector and rotate it enough times to form a basis. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed anti-quantum transaction authentication scheme over lattice provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the Yin et al. [Yin, Wen, Li et al. (2018)] scheme, our scheme has better performance in terms of energy consumption, signature size and signing key size. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.     

An Access Control Scheme Using Heterogeneous Signcryption for IoT Environments

When the Wireless Sensor Network (WSN) is combined with the Internet of Things (IoT), it can be employed in a wide range of applications, such as agriculture, industry 4.0, health care, smart homes, among others. Accessing the big data generated by these applications in Cloud Servers (CSs), requires higher levels of authenticity and confidentiality during communication conducted through the Internet. Signcryption is one of the most promising approaches nowadays for overcoming such obstacles, due to its combined nature, i.e., signature and encryption. A number of researchers have developed schemes to address issues related to access control in the IoT literature, however, the majority of these schemes are based on homogeneous nature. This will be neither adequate nor practical for heterogeneous IoT environments. In addition, these schemes are based on bilinear pairing and elliptic curve cryptography, which further requires additional processing time and more communication overheads that is inappropriate for real-time communication. Consequently, this paper aims to solve the above-discussed issues, we proposed an access control scheme for IoT environments using heterogeneous signcryption scheme with the efficiency and security hardiness of hyperelliptic curve. Besides the security services such as replay attack prevention, confidentiality, integrity, unforgeability, non-repudiations, and forward secrecy, the proposed scheme has very low computational and communication costs, when it is compared to existing schemes. This is primarily because of hyperelliptic curve lighter nature of key and other parameters. The AVISPA tool is used to simulate the security requirements of our proposed scheme and the results were under two backbends (Constraint Logic-based Attack Searcher (CL-b-AtSER) and On-the-Fly Model Checker (ON-t-FL-MCR)) proved to be SAFE when the presented scheme is coded in HLPSL language. This scheme was proven to be capable of preventing a variety of attacks, including confidentiality, integrity, unforgeability, non-repudiation, forward secrecy, and replay attacks.

     

An Efficient Internet Traffic Classification System Using Deep Learning for IoT

Internet of Things (IoT) defines a network of devices connected to the internet and sharing a massive amount of data between each other and a central location. These IoT devices are connected to a network therefore prone to attacks. Various management tasks and network operations such as security, intrusion detection, Quality-of-Service provisioning, performance monitoring, resource provisioning, and traffic engineering require traffic classification. Due to the ineffectiveness of traditional classification schemes, such as port-based and payload-based methods, researchers proposed machine learning-based traffic classification systems based on shallow neural networks. Furthermore, machine learning-based models incline to misclassify internet traffic due to improper feature selection. In this research, an efficient multilayer deep learning based classification system is presented to overcome these challenges that can classify internet traffic. To examine the performance of the proposed technique, Moore-dataset is used for training the classifier. The proposed scheme takes the pre-processed data and extracts the flow features using a deep neural network (DNN). In particular, the maximum entropy classifier is used to classify the internet traffic. The experimental results show that the proposed hybrid deep learning algorithm is effective and achieved high accuracy for internet traffic classification, i.e., 99.23%. Furthermore, the proposed algorithm achieved the highest accuracy compared to the support vector machine (SVM) based classification technique and k-nearest neighbours (KNNs) based classification technique.     

Secure Irrigation System for Olive Orchards Using Internet of Things

Smart irrigation system, also referred as precision irrigation system, is an attractive solution to save the limited water resources as well as to improve crop productivity and quality. In this work, by using Internet of things (IoT), we aim to design a smart irrigation system for olive groves. In such IoT system, a huge number of low-power and low-complexity devices (sensors, actuators) are interconnected. Thus, a great challenge is to satisfy the increasing demands in terms of spectral efficiency. Moreover, securing the IoT system is also a critical challenge, since several types of cybersecurity threats may pose. In this paper, we address these issues through the application of the massive multiple-input multiple-output (M-MIMO) technology. Indeed, M-MIMO is a key technology of the fifth generation (5G) networks and has the potential to improve spectral efficiency as well as the physical layer security. Specifically, by exploiting the available M-MIMO channel degrees of freedom, we propose a physical layer security scheme based on artificial noise (AN) to prevent eavesdropping. Numerical results demonstrate that our proposed scheme outperforms traditional ones in terms of spectral efficiency and secrecy rate.     

Quantum Remote State Preparation Based on Quantum Network Coding

As an innovative theory and technology, quantum network coding has become the research hotspot in quantum network communications. In this paper, a quantum remote state preparation scheme based on quantum network coding is proposed. Comparing with the general quantum remote state preparation schemes, our proposed scheme brings an arbitrary unknown quantum state finally prepared remotely through the quantum network, by designing the appropriate encoding and decoding steps for quantum network coding. What is worth mentioning, from the network model, this scheme is built on the quantum k-pair network which is the expansion of the typical bottleneck network—butterfly network. Accordingly, it can be treated as an efficient quantum network preparation scheme due to the characteristics of network coding, and it also makes the proposed scheme more applicable to the large-scale quantum networks. In addition, the fact of an arbitrary unknown quantum state remotely prepared means that the senders do not need to know the desired quantum state. Thus, the security of the proposed scheme is higher. Moreover, this scheme can always achieve the success probability of 1 and 1-max flow of value k. Thus, the communication efficiency of the proposed scheme is higher. Therefore, the proposed scheme turns out to be practicable, secure and efficient, which helps to effectively enrich the theory of quantum remote state preparation.     

Malware Detection Using Decision Tree Based SVM Classifier for IoT

The development in Information and Communication Technology has led to the evolution of new computing and communication environment. Technological revolution with Internet of Things (IoTs) has developed various applications in almost all domains from health care, education to entertainment with sensors and smart devices. One of the subsets of IoT is Internet of Medical things (IoMT) which connects medical devices, hardware and software applications through internet. IoMT enables secure wireless communication over the Internet to allow efficient analysis of medical data. With these smart advancements and exploitation of smart IoT devices in health care technology there increases threat and malware attacks during transmission of highly confidential medical data. This work proposes a scheme by integrating machine learning approach and block chain technology to detect malware during data transmission in IoMT. The proposed Machine Learning based Block Chain Technology malware detection scheme (MLBCT-Mdetect) is implemented in three steps namely: feature extraction, Classification and blockchain. Feature extraction is performed by calculating the weight of each feature and reduces the features with less weight. Support Vector Machine classifier is employed in the second step to classify the malware and benign nodes. Furthermore, third step uses blockchain to store details of the selected features which eventually improves the detection of malware with significant improvement in speed and accuracy. ML-BCT-Mdetect achieves higher accuracy with low false positive rate and higher True positive rate.     

A Cost-Effective Approach for NDN-Based Internet of Medical Things Deployment

Nowadays, healthcare has become an important area for the Internet of Things (IoT) to automate healthcare facilities to share and use patient data anytime and anywhere with Internet services. At present, the host-based Internet paradigm is used for sharing and accessing healthcare-related data. However, due to the location-dependent nature, it suffers from latency, mobility, and security. For this purpose, Named Data Networking (NDN) has been recommended as the future Internet paradigm to cover the shortcomings of the traditional host-based Internet paradigm. Unfortunately, the novel breed lacks a secure framework for healthcare. This article constructs an NDN-Based Internet of Medical Things (NDN-IoMT) framework using a lightweight certificateless (CLC) signature. We adopt the Hyperelliptic Curve Cryptosystem (HCC) to reduce cost, which provides strong security using a smaller key size compared to Elliptic Curve Cryptosystem (ECC). Furthermore, we validate the safety of the proposed scheme through AVISPA. For cost-efficiency, we compare the designed scheme with relevant certificateless signature schemes. The final result shows that our proposed scheme uses minimal network resources. Lastly, we deploy the given framework on NDN-IoMT.     

Research and Measures on the Security of Internet of Things

With the development of intelligent perception,recognition technology and pervasive computing,Internet of things( IoT) is widely used,the security problem is also concerned by more and more researchers. IoT is a double-edged sword. On the one hand,it has great potential in simplifying the business process and provides an effective way for the enterprise to interact with the customers. But on the other hand,it also provides convenience for cyber crimes and hackers.First of all,Three layers logic architecture of IoT is introduced,and the security problems at each level and the key points of the research are expounded,and then the security requirements are analyzed. The main causes of security problems are summarized and analyzed: physical attack and the threat of equipment and malware,file attack and hacker attack. Finally,through the application of the existing technology in IoT environment,the exploration of new technology and the security of the hardware related to IoT,the security of the software and the security team,the future research direction of the security of IoT is pointed out.