Imp Raft: a consensus algorithm based on Raft and storage compression consensus for IoT scenario

In order to meet various challenges in the Internet of things (IoT), such as identity authentication, privacy preservation of distributed data and network security, the integration of blockchain and IoT became a new trend in recent years. As the key supporting technology of blockchain, the consensus algorithm is a hotspot of distributed system research. At present, the research direction of the consensus algorithm is mainly focused on improving throughput and reducing delay. However, when blockchain is applied to IoT scenario, the storage capacity of lightweight IoT devices is limited, and the normal operations of blockchain system cannot be guaranteed. To solve this problem, an improved version of Raft (Imp Raft) based on Raft and the storage compression consensus (SCC) algorithm is proposed, where initialization process and compression process are added into the flow of Raft. Moreover, the data validation process aims to ensure that blockchain data cannot be tampered with. It is obtained from experiments and analysis that the new proposed algorithm can effectively reduce the size of the blockchain and the storage burden of lightweight IoT devices.     

Integration of Internet of Things and blockchain technology in healthcare domain: A systematic literature review

Healthcare is a vitally important field in the industry and evolving day by day in the aspect of technology, services, computing, and management. Its potential significance can be increased by incorporating Internet of Things (IoT) technology to make it smart in the aspect of automating activities, which is then further reformed in the healthcare domain with the help of blockchain technology. Blockchain technology provides many features to IoT-based healthcare domain applications such as restructuring by securing traditional practices, data management, data sharing, patient remote monitoring, and drug analysis. In this study, a systematic literature review has been carried out in which a total of 52 studies were selected to conduct systematic literature review from databases PubMed, IEEE Access, and Scopus; the study includes IoT technology and blockchain integration in healthcare domain-related application areas. This study also includes taxonomy that mentions the aspects and areas in healthcare domain incorporating the traditional system with the integration of IoT and blockchain to provide transparency, security, privacy, and immutability. This study also includes the incorporation of related sensors, platforms of blockchain, the objective focus of selected studies, and future directions by incorporating IoT and blockchain in healthcare domain. This study will help researchers who want to work with IoT and blockchain technology integration in healthcare domain.     

Fog-Sec: Secure end-to-end communication in fog-enabled IoT network using permissioned blockchain system

The technological integration of the Internet of Things (IoT)-Cloud paradigm has enabled intelligent linkages of things, data, processes, and people for efficient decision making without human intervention. However, it poses various challenges for IoT networks that cannot handle large amounts of operation technology (OT) data due to physical storage shortages, excessive latency, higher transfer costs, a lack of context awareness, impractical resiliency, and so on. As a result, the fog network emerged as a new computing model for providing computing capacity closer to IoT edge devices. The IoT-Fog-Cloud network, on the other hand, is more vulnerable to multiple security flaws, such as missing key management problems, inappropriate access control, inadequate software update mechanism, insecure configuration files and default passwords, missing communication security, and secure key exchange algorithms over unsecured channels. Therefore, these networks cannot make good security decisions, which are significantly easier to hack than to defend the fog-enabled IoT environment. This paper proposes the cooperative flow for securing edge devices in fog-enabled IoT networks using a permissioned blockchain system (pBCS). The proposed fog-enabled IoT network provides efficient security solutions for key management issues, communication security, and secure key exchange mechanism using a blockchain system. To secure the fog-based IoT network, we proposed a mechanism for identification and authentication among fog, gateway, and edge nodes that should register with the blockchain network. The fog nodes maintain the blockchain system and hold a shared smart contract for validating edge devices. The participating fog nodes serve as validators and maintain a distributed ledger/blockchain to authenticate and validate the request of the edge nodes. The network services can only be accessed by nodes that have been authenticated against the blockchain system. We implemented the proposed pBCS network using the private Ethereum 2.0 that enables secure device-to-device communication and demonstrated performance metrics such as throughput, transaction delay, block creation response time, communication, and computation overhead using state-of-the-art techniques. Finally, we conducted a security analysis of the communication network to protect the IoT edge devices from unauthorized malicious nodes without data loss.     

基于区块链的SDN物联网部署安全

与传统互联网相比,由于基于SDN的物联网覆盖面更广、连接的设备更多、传输的数据更复杂等原因,还存在很多安全方面的技术挑战。提出了在SDN物联网中加入一个基于区块链的安全层作为安全网关,对进入物联网的数据进行一次性的精确验证,各安全网关作为平等的区块链节点加入区块链系统,结合区块链系统的可追踪和不可篡改性,提高了SDN物联网部署的安全性能和效率。     

Future IoT‐enabled threats and vulnerabilities: State of the art,challenges, and future prospects

In the recent era, the security issues affecting the future Internet‐of‐Things (IoT) standards has fascinated noteworthy consideration from numerous research communities. In this view, numerous assessments in the form of surveys were proposed highlighting several future IoT‐centric subjects together with threat modeling, intrusion detection systems (IDS), and various emergent technologies. In contrast, in this article, we have focused exclusively on the emerging IoT‐related vulnerabilities. This article is a multi‐fold survey that emphasizes on understanding the crucial causes of novel vulnerabilities in IoT paradigms and issues in existing research. Initially, we have emphasized on different layers of IoT architecture and highlight various emerging security challenges associated with each layer along with the key issues of different IoT systems. Secondly, we discuss the exploitation, detection, and defense methodologies of IoT malware‐enabled distributed denial of service (DDoS), Sybil, and collusion attack capabilities. We have also discussed numerous state‐of‐the‐art strategies for intrusion detection and methods for IDS setup in future IoT systems. Third, we have presented a brief classification of existing IoT authentication protocols and a comparative analysis of such protocols based on different IoT‐enabled cyber attacks. For conducting a real‐time future IoT research, we have presented some emerging blockchain solutions. We have also discussed a comparative examination of some of the recently developed simulation tools and IoT test beds that are characterized based on different layers of IoT infrastructure. We have also outlined some of the open issues and future research directions and also facilitate the readers with broad classification of existing surveys in this domain that addresses several scopes related to the IoT paradigm. This survey article focuses in enabling IoT‐related research activities by comparing and merging scattered surveys in this domain.     

基于属性密码体制的区块链安全技术研究进展

区块链是一种集合了分布式存储、点对点传输、共识机制、密码学算法和智能合约等关键技术的分布式账本,具有去中心化、不可篡改、透明化等特性.近年来区块链技术的安全性问题逐渐显露,阻碍了区块链应用的发展.本文介绍了区块链的基本概念与安全模型,分析了区块链的安全性问题;然后,基于属性密码体制,从访问控制、密钥管理、数据隐私保护这...     

A methodological review on attack and defense strategies in cyber warfare

Cyberspace is an integration of cyber physical system components that integrates computation, networking, physical processes, embedded computers and network monitors which uses feedback loops for controlling the processes where the computations are affected by processes and vice versa. More general, cyber physical systems include all equipments operated on preprogrammed instructions ranging from simple electronic devices to the ultra-modern warfare equipments along with life saving devices. Active cyber-attacks can cause cyber warfare situations by disrupting an entire community of people, which in turn raises an emergency situation to the nation. Thus, cyber warfare is a major threat to the nation at large. In this paper, we analyze the various aspects of cyber warfare situations and a survey on ongoing attacks, defense and cyber forensics strategies in that field. Internet of Things (IoT) is an emerging computing area which enables Machine to Machine communication in cyber physical systems. An attack on IoT causes major issues to the security on the devices and thus, the various threats and attacks on IoT are analyzed here. Overall monitoring and data acquisition in cyber physical systems is done by Supervisory Control and Data Acquisition systems and are mainly targeted by the attackers in order to leave the cyberspace applications not functioning. Therefore, the various threats, attacks and research issues pertaining to the cyberspace are surveyed in this paper along with a few research issues and challenges that are to be solved in the area of cyber warfare.

     

A systematic literature review of machine learning applications in IoT

The Internet of Things (IoT) is a network of interconnected smart objects having capabilities that collectively form an ecosystem and enable the delivery of smart services to users. The IoT is providing several benefits into people's lives through the environment. The various applications that are run in the IoT environment offer facilities and services. The most crucial services provided by IoT applications are quick decision for efficient management. Recently, machine learning (ML) techniques have been successfully used to maximize the potential of IoT systems. This paper presents a systematic review of the literature on the integration of ML methods in the IoT. The challenges of IoT systems are split into two categories: fundamental operation and performance. We also look at how ML is assisting in the resolution of fundamental system operation challenges such as security, big data, clustering, routing, and data aggregation.     

Machine Learning Based Intrusion Detection Systems for IoT Applications

Internet of Things (IoT) and its applications are the most popular research areas at present. The characteristics of IoT on one side make it easily applicable to real-life applications, whereas on the other side expose it to cyber threats. Denial of Service (DoS) is one of the most catastrophic attacks against IoT. In this paper, we investigate the prospects of using machine learning classification algorithms for securing IoT against DoS attacks. A comprehensive study is carried on the classifiers which can advance the development of anomaly-based intrusion detection systems (IDSs). Performance assessment of classifiers is done in terms of prominent metrics and validation methods. Popular datasets CIDDS-001, UNSW-NB15, and NSL-KDD are used for benchmarking classifiers. Friedman and Nemenyi tests are employed to analyze the significant differences among classifiers statistically. In addition, Raspberry Pi is used to evaluate the response time of classifiers on IoT specific hardware. We also discuss a methodology for selecting the best classifier as per application requirements. The main goals of this study are to motivate IoT security researchers for developing IDSs using ensemble learning, and suggesting appropriate methods for statistical assessment of classifier’s performance.

     

Consensus Algorithms on Appendable-Block Blockchains: Impact and Security Analysis

The Internet of Things (IoT) has been making people’s lives more efficient and more comfortable in the past years, and it is expected to get even better. This improvement may benefit from the use of blockchain to enhance security, scalability, reliability and auditability. Recently, different blockchain architectures were proposed to provide a solution that is better suited for IoT scenarios. One of them, called appendable-block blockchains, proposed a data structure that allows to include transactions in blocks that were already inserted in the blockchain. This approach allows appendable-block blockchains to manage large amounts of data produced by IoT devices through decoupled and appendable data structures. Nevertheless, consensus algorithms can impact throughput and latency in scenarios with large amount of produced transactions, since IoT devices can produce data very quickly (milliseconds) while these data might take some time to be included in a block (seconds). Consequently, it is important to understand the behaviour of different consensus algorithms over appendabble-block blockchain in these type of scenarios. Therefore, we adapted the appendable-block blockchain to use and compare the impact of different consensus algorithms: Practical Byzantine Fault Tolerance (PBFT), witness-based, delegated Byzantine Fault Tolerance (dBFT) and Proof-of-Work (PoW). The results show that both dBFT and PBFT can achieve fast consensus (< 150ms) in the context of appendable-block blockchains. We also present a discussion regarding attacks in each consensus algorithm to help one to choose the best solution (considering performance and security issues) for each scenario.

     

A blockchain future for internet of things security: a position paper

Internet of Things (IoT) devices are increasingly being found in civilian and military contexts, ranging from smart cities and smart grids to Internet-of-Medical-Things, Internet-of-Vehicles, Internet-of-Military-Things, Internet-of-Battlefield-Things, etc. In this paper, we survey articles presenting IoT security solutions published in English since January 2016. We make a number of observations, including the lack of publicly available IoT datasets that can be used by the research and practitioner communities. Given the potentially sensitive nature of IoT datasets, there is a need to develop a standard for sharing IoT datasets among the research and practitioner communities and other relevant stakeholders. Thus, we posit the potential for blockchain technology in facilitating secure sharing of IoT datasets (e.g., using blockchain to ensure the integrity of shared datasets) and securing IoT systems, before presenting two conceptual blockchain-based approaches. We then conclude this paper with nine potential research questions.     

区块链网络安全保障:攻击与防御

随着区块链技术的迅猛发展,区块链系统的安全问题正逐渐暴露出来,给区块链生态系统带来巨大风险.通过回顾区块链安全方面的相关工作,对区块链潜在的安全问题进行了系统的研究.将区块链框架分为数据层、网络层、共识层和应用层4层,分析其中的安全漏洞及攻击原理,并讨论了增强区块链安全的防御方案.最后,在现有研究的基础上展望了区块链安...     

Capability-based IoT access control using blockchain

Internet of Things (IoT) devices facilitate intelligent service delivery in a broad range of settings, such as smart offices, homes and cities. However, the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures. There are known security and privacy limitations with such schemes and architectures, such as the single-point failure or surveillance (e.g., device tracking). Hence, in this paper, we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices. Then, we propose a protocol to provide a systematic view of system interactions, to improve security. We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case. Our evaluation results show that the proposed solution is feasible, secure, and scalable.     

基于区块链的威胁情报共享及评级技术研究

随着计算机和网络技术的快速发展,网络安全事件频发,安全漏洞不断,威胁情报的作用和价值越来越大。基于区块链的开放、共识、自治和去中心、去信任、不可篡改、可追溯等特点,提出了通过区块链技术构建威胁情报信息的区块,包括IP地址信息、域名信息、URL信息、安全事件信息、漏洞信息、威胁情报源可信度、威胁情报源贡献率等;并设计了基于区块链的威胁情报共享和评级系统,给出了相应的基于区块链的威胁情报共享方法和评级方法,可以实现及时有效获取及分析出最新、最有价值的威胁情报信息,从而及时进行防护及应急响应,促进整个威胁情报生态的闭环持续有效开展。     

Applying blockchain-based method to smart contract classification for CPS applications

Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0. Various operations on blockchain are performed through the invocation and execution of smart contracts. This leads to extensive combinations between blockchain, smart contract, Internet of Things (IoT) and Cyber-Physical System (CPS) applications, and then many blockchain-based IoT or CPS applications emerge to provide multiple benefits to the economy and society. In this case, obtaining a better understanding of smart contracts will contribute to the easier operation, higher efficiency and stronger security of those blockchain-based systems and applications. Many existing studies on smart contract analysis are based on similarity calculation and smart contract classification. However, smart contract is a piece of code with special characteristics and most of smart contracts are stored without any category labels, which leads to difficulties of smart contract classification. As the back end of a blockchain-based Decentralized Application (DApp) is one or several smart contracts, DApps with labeled categories and open source codes are applied to achieve a supervised smart contract classification. A three-phase approach is proposed to categorize DApps based on various data features. In this approach, 5,659 DApps with smart contract source codes and pre-tagged categories are first obtained based on massive collected DApps and smart contracts from Ethereum, State of the DApps and DappRadar. Then feature extraction and construction methods are designed to form multi-feature vectors that could present the major characteristics of DApps. Finally, a fused classification model consisting of KNN, XGBoost and random forests is applied to the multi-feature vectors of all DApps for performing DApp classification. The experimental results show that the method is effective. In addition, some positive correlations between feature variables and categories, as well as several user behavior patterns of DApp calls, are found in this paper.     

量子计算在信息安全中的潜在应用与挑战

文中旨在研究量子计算在信息安全中的潜在应用与挑战。通过分析量子计算的潜在应用以及量子计算对传统加密算法的影响,深入探索了量子计算时代的信息安全挑战,具体包括量子计算对云安全的潜在威胁、量子计算对区块链技术的影响以及量子计算对物联网（IoT）设备安全产生的影响,同时提出了应对这些挑战的对策。     

Research advances on blockchain-as-a-service: architectures,applications and challenges

Due to the complexity of blockchain technology, it usually costs too much effort to build, maintain and monitor a blockchain system that supports a targeted application. To this end, the emerging “Blockchain as a Service” (BaaS) makes the blockchain and distributed ledgers more accessible, particularly for businesses, by reducing costs and overheads. BaaS combines the high computing power of cloud computing, the pervasiveness of IoT and the decentralization of blockchain, allowing people to build their own applications while ensuring the transparency and openness of the system. This paper surveys the research outputs of both academia and industry. First, it introduces the representative architectures of BaaS systems and then summarizes the research contributions of BaaS from the technologies for service provision, roles, container and virtualization, interfaces, customization and evaluation. The typical applications of BaaS in both academic and practical domains are also introduced. At present, the research on the blockchain is abundant, but research on BaaS is still in its infancy. Six challenges of BaaS are concluded in this paper for further study directions.     

国产密码的研究与应用

本论文聚焦在国产密码的研究与应用,包括梳理国产密码政策法规和国产密码算法情况,分析当前密码技术面临的风险,例举国产密码在物联网中的成功应用,如身份认证、数据传输、数据存储方面的应用,最后提出对国产密码的发展展望。本论文为国产密码的研究与应用提供支持。     

Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine

With the rapid development of the Internet of Things (IoT), there are several challenges pertaining to security in IoT applications. Compared with the characteristics of the traditional Internet, the IoT has many problems, such as large assets, complex and diverse structures, and lack of computing resources. Traditional network intrusion detection systems cannot meet the security needs of IoT applications. In view of this situation, this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance. Usually, traditional intrusion detection algorithms require considerable time for training, and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes; therefore, it is necessary to study intrusion detection algorithms with low weights, short training time, and high detection accuracy for deployment and application on cloud nodes. An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats. This paper discusses the problems related to IoT intrusion prevention in cloud computing environments. Based on the analysis of cloud computing security threats, this study extensively explores IoT intrusion detection, cloud node monitoring, and intrusion response in cloud computing environments by using cloud computing, an improved extreme learning machine, and other methods. We use the Multi-Feature Extraction Extreme Learning Machine (MFE-ELM) algorithm for cloud computing, which adds a multi-feature extraction process to cloud servers, and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes. In our simulation experiments, a classical dataset for intrusion detection is selected as a test, and test steps such as data preprocessing, feature engineering, model training, and result analysis are performed. The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes. Furthermore, it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time, so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.     

Internet of Things offloading: Ongoing issues,opportunities, and future challenges

Internet of Things (IoT) has very remarkable advantages over customary communication technologies. However, IoT suffers from different issues, such as limited battery life, low storage capacity, and little computing capacity. For this reason, in many IoT applications and devices, we require an alternative unit to execute the tasks from the user's device and return results. In general, the problem of limited resources by transferring the computation workload to other devices/systems with better resources is addressed by offloading computation. It can be focused on improving the application, extending battery life, or expanding storage capacity. The offloading operation can be performed based on various quality of service (QoS) parameters that contain computational demands for load balancing, response time, application, energy consumption, latency, and other things. Moreover, the systematic literature review (SLR) method is used to identify, assess, and integrate findings from all relevant studies that address one or more research questions on IoT offloading and conduct a comprehensive study of empirical research on offloading techniques. However, we present a new taxonomy for them based on offloading decision mechanisms and overall architectures. Furthermore, we offer a parametric comparison for the offloading methods. As well, we present the future direction and research opportunities in IoT offloading computation. This survey will assist academics and practitioners to directly understand the progress in IoT offloading.