A Dual-Chaining Watermark Scheme for Data Integrity Protection in Internet of Things

Chaining watermark is an effective way to verify the integrity of streaming data in wireless network environment, especially in resource-constrained sensor networks, such as the perception layer of Internet of Things applications. However, in all existing single chaining watermark schemes, how to ensure the synchronization between the data sender and the receiver is still an unsolved problem. Once the synchronization points are attacked by the adversary, existing data integrity authentication schemes are difficult to work properly, and the false negative rate might be up to 50 percent. And the additional fixed group delimiters not only increase the data size, but are also easily detected by adversaries. In this paper, we propose an effective dual-chaining watermark scheme, called DCW, for data integrity protection in smart campus IoT applications. The proposed DCW scheme has the following three characteristics: (1) In order to authenticate the integrity of the data, fragile watermarks are generated and embedded into the data in a chaining way using dynamic grouping; (2) Instead of additional fixed group delimiters, chained watermark delimiters are proposed to synchronize the both transmission sides in case of the synchronization points are tampered; (3) To achieve lossless integrity authentication, a reversible watermarking technique is applied. The experimental results and security analysis can prove that the proposed DCW scheme is able to effectively authenticate the integrity of the data with free distortion at low cost in our smart meteorological Internet of Things system.     

Cogent and Energy Efficient Authentication Protocol for WSN in IoT

Given the accelerating development of Internet of things (IoT), a secure and robust authentication mechanism is urgently required as a critical architectural component. The IoT has improved the quality of everyday life for numerous people in many ways. Owing to the predominantly wireless nature of the IoT, connected devices are more vulnerable to security threats compared to wired networks. User authentication is thus of utmost importance in terms of security on the IoT. Several authentication protocols have been proposed in recent years, but most prior schemes do not provide sufficient security for these wireless networks. To overcome the limitations of previous schemes, we propose an efficient and lightweight authentication scheme called the Cogent Biometric-Based Authentication Scheme (COBBAS). The proposed scheme is based on biometric data, and uses lightweight operations to enhance the efficiency of the network in terms of time, storage, and battery consumption. A formal security analysis of COBBAS using Burrows–Abadi–Needham logic proves that the proposed protocol provides secure mutual authentication. Formal security verification using the Automated Validation of Internet Security Protocols and Applications tool shows that the proposed protocol is safe against man-in-the-middle and replay attacks. Informal security analysis further shows that COBBAS protects wireless sensor networks against several security attacks such as password guessing, impersonation, stolen verifier attacks, denial-of-service attacks, and errors in biometric recognition. This protocol also provides user anonymity, confidentiality, integrity, and biometric recovery in acceptable time with reasonable computational cost.     

Security Requirement Management for Cloud-Assisted and Internet of Things—Enabled Smart City

The world is rapidly changing with the advance of information technology. The expansion of the Internet of Things (IoT) is a huge step in the development of the smart city. The IoT consists of connected devices that transfer information. The IoT architecture permits on-demand services to a public pool of resources. Cloud computing plays a vital role in developing IoT-enabled smart applications. The integration of cloud computing enhances the offering of distributed resources in the smart city. Improper management of security requirements of cloud-assisted IoT systems can bring about risks to availability, security, performance, confidentiality, and privacy. The key reason for cloud- and IoT-enabled smart city application failure is improper security practices at the early stages of development. This article proposes a framework to collect security requirements during the initial development phase of cloud-assisted IoT-enabled smart city applications. Its three-layered architecture includes privacy preserved stakeholder analysis (PPSA), security requirement modeling and validation (SRMV), and secure cloud-assistance (SCA). A case study highlights the applicability and effectiveness of the proposed framework. A hybrid survey enables the identification and evaluation of significant challenges.     

Lightweight Authentication Protocol Based on Physical Unclonable Function

In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.     

LWDSA: light-weight digital signature algorithm for wireless sensor networks

The essential security mechanism in wireless sensor networks (WSNs) is authentication, where nodes can authenticate each other before transmitting a valid data to a sink. There are a number of public key authentication procedures available for WSN in recent years. Due to constraints in WSN environment there is a need for light-weight authentication procedure that consumes less power during computation. This proposed work aims at developing a light-weight authentication protocol using MBLAKE2b with elliptic curve digital signature algorithm (ECDSA). The proposed protocol is also tested using the protocol verification tool Scyther and found to be secure in all claims and roles. This proposed algorithm increases the network life time and reduces the computation time, which is essential for the constrained environment like WSNs.     

Dynamic trust management for secure communications in social internet of things (SIoT)

The world has faced three Information and Communication Technology (ICT) revolutions and the third ICT wave led to Internet of Things, the notion of anything, everything, anytime and everywhere. Out of the many visions of IoT, one revolutionary concept is to make IoT sociable i.e., incorporating social networking within Internet of Things. This revolution has led to the notion of Social Internet of Things (SIoT). Establishing a SIoT network or community is not so simple and requires integration of heterogeneous technology and communication solutions. This paper focuses on establishing a secure and reliable communication over nodes in SIoT by computing trust dynamically among neighboring nodes. Trust Management is an important area that has attracted numerous researchers over the past few years. The proposed DTrustInfer computes trust based on first hand observation, second hand observation, centrality and dependability factor of a node. Properties of trust such as honesty, cooperativeness, community interest and energy of a node are considered for computing trust. Also, this paper ensures secure communication among SIoT nodes through simple secret codes. Experimental results show that the proposed DTrustInfer outperforms the existing trust models significantly.     

Building a Trust Model for Secure Data Sharing (TM-SDS) in Edge Computing Using HMAC Techniques

With the rapid growth of Internet of Things (IoT) based models, and the lack amount of data makes cloud computing resources insufficient. Hence, edge computing-based techniques are becoming more popular in present research domains that makes data storage, and processing effective at the network edges. There are several advanced features like parallel processing and data perception are available in edge computing. Still, there are some challenges in providing privacy and data security over networks. To solve the security issues in Edge Computing, Hash-based Message Authentication Code (HMAC) algorithm is used to provide solutions for preserving data from various attacks that happens with the distributed network nature. This paper proposed a Trust Model for Secure Data Sharing (TM-SDS) with HMAC algorithm. Here, data security is ensured with local and global trust levels with the centralized processing of cloud and by conserving resources effectively. Further, the proposed model achieved 84.25% of packet delivery ratio which is better compared to existing models in the resulting phase. The data packets are securely transmitted between entities in the proposed model and results showed that proposed TM-SDS model outperforms the existing models in an efficient manner.     

Network Invulnerability Enhancement Algorithm Based on WSN ClosenessCentrality

Wireless Sensor Network (WSN) is an important part of the Internet of Things (IoT), which are used for information exchange and communication between smart objects. In practical applications, WSN lifecycle can be influenced by the unbalanced distribution of node centrality and excessive energy consumption, etc. In order to overcome these problems, a heterogeneous wireless sensor network model with small world characteristics is constructed to balance the centrality and enhance the invulnerability of the network. Also, a new WSN centrality measurement method and a new invulnerability measurement model are proposed based on the WSN data transmission characteristics. Simulation results show that the life cycle and data transmission volume of the network can be improved with a lower network construction cost, and the invulnerability of the network is effectively enhanced.     

Two-Stage High-Efficiency Encryption Key Update Scheme for LoRaWAN Based IoT Environment

Secure data communication is an essential requirement for an Internet of Things (IoT) system. Especially in Industrial Internet of Things (IIoT) and Internet of Medical Things (IoMT) systems, when important data are hacked, it may induce property loss or life hazard. Even though many IoT-related communication protocols are equipped with secure policies, they still have some security weaknesses in their IoT systems. LoRaWAN is one of the low power wide-area network protocols, and it adopts Advanced Encryption Standard (AES) to provide message integrity and confidentiality. However, LoRaWAN's encryption key update scheme can be further improved. In this paper, a Two-stage High-efficiency LoRaWAN encryption key Update Scheme (THUS for short) is proposed to update LoRaWAN's root keys and session keys in a secure and efficient way. The THUS consists of two stages, i.e., the Root Key Update (RKU) stage and the Session Key Update (SKU) stage, and with different update frequencies, the RKU and SKU provide higher security level than the normal LoRaWAN specification does. A modified AES encryption/decryption process is also utilized in the THUS for enhancing the security of the THUS. The security analyses demonstrate that the THUS not only protects important parameter during key update stages, but also satisfies confidentiality, integrity, and mutual authentication. Moreover, The THUS can further resist replay and eavesdropping attacks.     

Continuous Mobile User Authentication Using a Hybrid CNN-Bi-LSTM Approach

Internet of Things (IoT) devices incorporate a large amount of data in several fields, including those of medicine, business, and engineering. User authentication is paramount in the IoT era to assure connected devices’ security. However, traditional authentication methods and conventional biometrics-based authentication approaches such as face recognition, fingerprints, and password are vulnerable to various attacks, including smudge attacks, heat attacks, and shoulder surfing attacks. Behavioral biometrics is introduced by the powerful sensing capabilities of IoT devices such as smart wearables and smartphones, enabling continuous authentication. Artificial Intelligence (AI)-based approaches introduce a bright future in refining large amounts of homogeneous biometric data to provide innovative user authentication solutions. This paper presents a new continuous passive authentication approach capable of learning the signatures of IoT users utilizing smartphone sensors such as a gyroscope, magnetometer, and accelerometer to recognize users by their physical activities. This approach integrates the convolutional neural network (CNN) and recurrent neural network (RNN) models to learn signatures of human activities from different users. A series of experiments are conducted using the MotionSense dataset to validate the effectiveness of the proposed method. Our technique offers a competitive verification accuracy equal to 98.4%. We compared the proposed method with several conventional machine learning and CNN models and found that our proposed model achieves higher identification accuracy than the recently developed verification systems. The high accuracy achieved by the proposed method proves its effectiveness in recognizing IoT users passively through their physical activity patterns.     

OTS Scheme Based Secure Architecture for Energy-Efficient IoT in Edge Infrastructure

For the past few decades, the Internet of Things (IoT) has been one of the main pillars wielding significant impact on various advanced industrial applications, including smart energy, smart manufacturing, and others. These applications are related to industrial plants, automation, and e-healthcare fields. IoT applications have several issues related to developing, planning, and managing the system. Therefore, IoT is transforming into G-IoT (Green Internet of Things), which realizes energy efficiency. It provides high power efficiency, enhances communication and networking. Nonetheless, this paradigm did not resolve all smart applications’ challenges in edge infrastructure, such as communication bandwidth, centralization, security, and privacy. In this paper, we propose the OTS Scheme based Secure Architecture for Energy-Efficient IoT in Edge Infrastructure to resolve these challenges. An OTS-based Blockchain-enabled distributed network is used at the fog layer for security and privacy. We evaluated our proposed architecture’s performance quantitatively as well as security and privacy. We conducted a comparative analysis with existing studies with different measures, including computing cost time and communication cost. As a result of the evaluation, our proposed architecture showed better performance.     

Design of Intelligent Mosquito Nets Based on Deep Learning Algorithms

An intelligent mosquito net employing deep learning has been one of the hotspots in the field of Internet of Things as it can reduce significantly the spread of pathogens carried by mosquitoes, and help people live well in mosquito-infested areas. In this study, we propose an intelligent mosquito net that can produce and transmit data through the Internet of Medical Things. In our method, decision-making is controlled by a deep learning model, and the proposed method uses infrared sensors and an array of pressure sensors to collect data. Moreover the ZigBee protocol is used to transmit the pressure map which is formed by pressure sensors with the deep learning perception model, determining automatically the intention of the user to open or close the mosquito net. We used optical flow to extract pressure map features, and they were fed to a 3-dimensional convolutional neural network (3D-CNN) classification model subsequently. We achieved the expected results using a nested cross-validation method to evaluate our model. Deep learning has better adaptability than the traditional methods and also has better anti-interference by the different bodies of users. This research has the potential to be used in intelligent medical protection and large-scale sensor array perception of the environment.     

基于物联网的爆破振动无线监测系统

针对工程爆破振动监测系统不断提出的新要求,基于新兴的物联网概念,结合无线网络技术,设计并研制了基于物联网的无线爆破振动监测系统。采用ARM为主控芯片的嵌入式操作系统,内嵌无线传输模块实时传输爆破数据,具有RFID设备认证功能和GPS全球卫星定位和精确定时功能,用户仅需登陆终端爆破监测管理系统即可获取爆破现场实时数据。基于物联网的爆破振动无线监测系统,能够大大地降低人工现场布线工作量、组网灵活、综合成本低,可广泛应用于各个领域的工程爆破振动监测,极具应用前景和市场推广价值。     

Blockchain-Based SQKD and IDS in Edge Enabled Smart Grid Network

Smart Grid is a power grid that improves flexibility, reliability, and efficiency through smart meters. Due to extensive data exchange over the Internet, the smart grid faces many security challenges that have led to data loss, data compromise, and high power consumption. Moreover, the lack of hardware protection and physical attacks reduce the overall performance of the smart grid network. We proposed the BLIDSE model (Blockchain-based secure quantum key distribution and Intrusion Detection System in Edge Enables Smart Grid Network) to address these issues. The proposed model includes five phases: The first phase is blockchain-based secure user authentication, where all smart meters are first registered in the blockchain, and then the blockchain generates a secret key. The blockchain verifies the user ID and the secret key during authentication matches the one authorized to access the network. The secret key is shared during transmission through secure quantum key distribution (SQKD). The second phase is the lightweight data encryption, for which we use a lightweight symmetric encryption algorithm, named Camellia. The third phase is the multi-constraint-based edge selection; the data are transmitted to the control center through the edge server, which is also authenticated by blockchain to enhance the security during the data transmission. We proposed a perfect matching algorithm for selecting the optimal edge. The fourth phase is a dual intrusion detection system which acts as a firewall used to drop irrelevant packets, and data packets are classified into normal, physical errors and attacks, which is done by Double Deep Q Network (DDQN). The last phase is optimal user privacy management. In this phase, smart meter updates and revocations are done, for which we proposed Forensic based Investigation Optimization (FBI), which improves the security of the smart grid network. The simulation is performed using network simulator NS3.26, which evaluates the performance in terms of computational complexity, accuracy, false detection, and false alarm rate. The proposed BLIDSE model effectively mitigates cyber-attacks, thereby contributing to improved security in the network.     

基于物联网的爆破振动无线监测系统

针对工程爆破振动监测系统不断提出的新要求,基于新兴的物联网概念,结合无线网络技术,设计并研制了基于物联网的无线爆破振动监测系统。采用ARM为主控芯片的嵌入式操作系统,内嵌无线传输模块实时传输爆破数据,具有RFID设备认证功能和GPS全球卫星定位和精确定时功能,用户仅需登陆终端爆破监测管理系统即可获取爆破现场实时数据。基于物联网的爆破振动无线监测系统,能够大大地降低人工现场布线工作量、组网灵活、综合成本低,可广泛应用于各个领域的工程爆破振动监测,极具应用前景和市场推广价值。     

物联网技术在物流包装应用中的问题及对策

目的研究物联网技术在物流包装中的应用进展,提出待解决问题的对策。方法运用物联网和包装管理的基本原理,采用探究性、描述性和因果性研究方法系统阐释其工作机理。结果应提高芯片技术研发和生产能力,创建可视化智能管理系统,加强物流包装EDI技术的开发和应用,提高包装信息响应,加强电子产品代码(EPC)网络管理,提高网络安全技术水平,从而加强物联网技术在物流包装领域中的推广和应用。结论物流包装领域可通过实施物联网技术实现持续改进的目标。     

A Novel Anonymous Authentication Scheme Based on Edge Computing in Internet of Vehicles

The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying traffic management applications. However, cloud computing has disadvantages such as high delay, low privacy and high communication cost, which can not meet the needs of real-time interactive information of Internet of vehicles. Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges. Therefore, in order to ensure the user information security and improve the real-time of vehicle information interaction, this paper proposes an anonymous authentication scheme based on edge computing. In this scheme, the concept of edge computing is introduced into the Internet of vehicles, which makes full use of the redundant computing power and storage capacity of idle edge equipment. The edge vehicle nodes are determined by simple algorithm of defining distance and resources, and the improved RSA encryption algorithm is used to encrypt the user information. The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters . Compared with the traditional RSA algorithm, it can resist more attacks, so it is used to ensure the security of user information. It can not only protect the privacy of vehicles, but also avoid anonymous abuse. Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.     

Lattice-Based Authentication Scheme to Prevent Quantum Attack in Public Cloud Environment

Public cloud computing provides a variety of services to consumers via high-speed internet. The consumer can access these services anytime and anywhere on a balanced service cost. Many traditional authentication protocols are proposed to secure public cloud computing. However, the rapid development of high-speed internet and organizations’ race to develop quantum computers is a nightmare for existing authentication schemes. These traditional authentication protocols are based on factorization or discrete logarithm problems. As a result, traditional authentication protocols are vulnerable in the quantum computing era. Therefore, in this article, we have proposed an authentication protocol based on the lattice technique for public cloud computing to resist quantum attacks and prevent all known traditional security attacks. The proposed lattice-based authentication protocol is provably secure under the Real-Or-Random (ROR) model. At the same time, the result obtained during the experiments proved that our protocol is lightweight compared to the existing lattice-based authentication protocols, as listed in the performance analysis section. The comparative analysis shows that the protocol is suitable for practical implementation in a quantum-based environment.     

一种新的轻量级的RFID认证协议(英文)

无线射频识别技术(RFID)有望在不久的将来取代条形码系统,它的信息存储量以及传输信息的能力相比条形码都有明显的优势。然而,由此引发的用户隐私入侵和系统安全威胁一直是用户日益关注的问题。由于其设备的资源受限,以及无法执行强加密算法,因此于RFID系统中安全协议的执行是一个极大的挑战。为此,近来许多认证协议已被提出以防止未经授权的定位跟踪、检测、假冒、克隆等。本文提出了一种新的有效的轻量级射频识别认证协议,对于某些应用,它已能提供足够的安全级别。该协议中标签只需执行hash和异或运算而阅读器和后台服务器承担大部分的运算量包括伪随机数的产生以及加解密的运算。相比于其他协议,我们实现了防止隐私泄露、伪装等安全攻击的特点,适合于低成本、低计算量的RFID系统。     

An Intelligent Hybrid Mutual Authentication Scheme for Industrial Internet of Thing Networks

Internet of Things (IoT) network used for industrial management is vulnerable to different security threats due to its unstructured deployment, and dynamic communication behavior. In literature various mechanisms addressed the security issue of Industrial IoT networks, but proper maintenance of the performance reliability is among the common challenges. In this paper, we proposed an intelligent mutual authentication scheme leveraging authentication aware node (AAN) and base station (BS) to identify routing attacks in Industrial IoT networks. The AAN and BS uses the communication parameter such as a route request (RREQ), node-ID, received signal strength (RSS), and round-trip time (RTT) information to identify malicious devices and routes in the deployed network. The feasibility of the proposed model is validated in the simulation environment, where OMNeT++ was used as a simulation tool. We compare the results of the proposed model with existing field-proven schemes in terms of routing attacks detection, communication cost, latency, computational cost, and throughput. The results show that our proposed scheme surpasses the previous schemes regarding these performance parameters with the attack detection rate of 97.7 %.