Lightweight PUF based authentication scheme for fog architecture

Fog computing improves efficiency and reduces the amount of bandwidth to the cloud. In many use cases, the internet of things (IoT) devices do not know the fog nodes in advance. Moreover, as the fog nodes are often placed in open publicly available places, they can be easily captured. Therefore, it should be ensured that even if the key material is leaked from the fog devices, the previously generated session keys and the identity of the devices can be kept secret, i.e. satisfying anonymity, unlinkability, perfect forward secrecy and resistance against stolen devices attack. Such demands require a multi-factor authentication scheme, which is typically done by providing input of the user with password or biometric data. However, in real use case scenarios, IoT devices should be able to automatically start the process without requiring such manual interaction and also fog devices need to autonomously operate. Therefore, this paper proposes a physical unclonable function (PUF) based mutual authentication scheme, being the first security scheme for a fog architecture, capable of providing simultaneously all these suggested security features. In addition, we also show the resistance against other types of attacks like synchronization and known session specific temporary information attack. Moreover, the scheme only relies on symmetric key based operations and thus results in very good performance, compared to the other fog based security systems proposed in literature.

     

Fog-Sec: Secure end-to-end communication in fog-enabled IoT network using permissioned blockchain system

The technological integration of the Internet of Things (IoT)-Cloud paradigm has enabled intelligent linkages of things, data, processes, and people for efficient decision making without human intervention. However, it poses various challenges for IoT networks that cannot handle large amounts of operation technology (OT) data due to physical storage shortages, excessive latency, higher transfer costs, a lack of context awareness, impractical resiliency, and so on. As a result, the fog network emerged as a new computing model for providing computing capacity closer to IoT edge devices. The IoT-Fog-Cloud network, on the other hand, is more vulnerable to multiple security flaws, such as missing key management problems, inappropriate access control, inadequate software update mechanism, insecure configuration files and default passwords, missing communication security, and secure key exchange algorithms over unsecured channels. Therefore, these networks cannot make good security decisions, which are significantly easier to hack than to defend the fog-enabled IoT environment. This paper proposes the cooperative flow for securing edge devices in fog-enabled IoT networks using a permissioned blockchain system (pBCS). The proposed fog-enabled IoT network provides efficient security solutions for key management issues, communication security, and secure key exchange mechanism using a blockchain system. To secure the fog-based IoT network, we proposed a mechanism for identification and authentication among fog, gateway, and edge nodes that should register with the blockchain network. The fog nodes maintain the blockchain system and hold a shared smart contract for validating edge devices. The participating fog nodes serve as validators and maintain a distributed ledger/blockchain to authenticate and validate the request of the edge nodes. The network services can only be accessed by nodes that have been authenticated against the blockchain system. We implemented the proposed pBCS network using the private Ethereum 2.0 that enables secure device-to-device communication and demonstrated performance metrics such as throughput, transaction delay, block creation response time, communication, and computation overhead using state-of-the-art techniques. Finally, we conducted a security analysis of the communication network to protect the IoT edge devices from unauthorized malicious nodes without data loss.     

Authenticated key agreement scheme for fog-driven IoT healthcare system

The convergence of cloud computing and Internet of Things (IoT) is partially due to the pragmatic need for delivering extended services to a broader user base in diverse situations. However, cloud computing has its limitation for applications requiring low-latency and high mobility, particularly in adversarial settings (e.g. battlefields). To some extent, such limitations can be mitigated in a fog computing paradigm since the latter bridges the gap between remote cloud data center and the end devices (via some fog nodes). However, fog nodes are often deployed in remote and unprotected places. This necessitates the design of security solutions for a fog-based environment. In this paper, we investigate the fog-driven IoT healthcare system, focusing only on authentication and key agreement. Specifically, we propose a three-party authenticated key agreement protocol from bilinear pairings. We introduce the security model and present the formal security proof, as well as security analysis against common attacks. We then evaluate its performance, in terms of communication and computation costs.

     

Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme

Internet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen-verifier attack. We then propose a lightweight authentication protocol for secure communication of IoT embedded devices and cloud servers. The proposed scheme is proved to provide essential security requirements such as mutual authentication, device anonymity, and perfect forward secrecy and is robust against security attacks. We also formally verify the security of the proposed protocol using BAN logic and also the Scyther tool. We also evaluate the computation and communication costs of the proposed scheme and demonstrate that the proposed scheme incurs minimum computation and communication overhead, compared to related schemes, making it suitable for IoT environments with low processing and storage capacity.     

一种适用于雾计算的终端节点切换认证协议

针对当前雾计算环境下终端节点的切换认证协议在存储量、计算量和安全性等方面还存在缺陷,该文提出一种高效的终端节点切换认证协议。在该协议中,采用双因子组合公钥(TF-CPK)和认证Ticket相结合的方式,实现雾节点和终端节点的相互认证和会话密钥协商。安全性和性能分析结果表明,该协议支持不可跟踪性,可以抵抗众多已知攻击和安全威胁,且具有较小的系统开销。     

UCAP:a PCL secure user authentication protocol in cloud computing

As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.     

Reliable and secure data transfer in IoT networks

With the rapid technological improvements in mobile devices and their inclusion in Internet of Things (IoT), secure key management becomes mandatory to ensure security of information exchange. For instance, IoT applications, such as smart health-care and smart homes, provide automated services to the users with less or no user intervention. As these application use user-sensitive data, ensuring their security and privacy should be paramount, especially during the key management process. However, traditional approaches for key management will not suit well in IoT environment because of the inherent resource constraint property of IoT devices. In this paper, we propose a novel distributed key management scheme for IoT ecosystem. The proposed scheme efficiently provides security to IoT devices by delegating most of the resource consuming cryptographic processing to a local entity. This entity coordinates with other peer entities to provide a distributed key as well as an authentication mechanism to network devices. In particular, the proposed scheme exploits the advantages of mobile agents by deploying them in different subnetworks as and when required: (1) to process the cryptography work for the IoT devices, and (2) to act as an local authenticated entity to perform fast authentication process. To verify the effectiveness and correctness of our proposed scheme, we have simulated it in a large IoT scenario and evaluated against relevant metrics that includes user mobility, certification generation time, and communication overhead.

     

Unmanned aerial vehicles in collaboration with fog computing network for improving quality of service

In this paper, we study a UAV-based fog or edge computing network in which UAVs and fog/edge nodes work together intelligently to provide numerous benefits in reduced latency, data offloading, storage, coverage, high throughput, fast computation, and rapid responses. In an existing UAV-based computing network, the users send continuous requests to offload their data from the ground users to UAV–fog nodes and vice versa, which causes high congestion in the whole network. However, the UAV-based networks for real-time applications require low-latency networks during the offloading of large volumes of data. Thus, the QoS is compromised in such networks when communicating in real-time emergencies. To handle this problem, we aim to minimize the latency during offloading large amounts of data, take less computing time, and provide better throughput. First, this paper proposed the four-tier architecture of the UAVs–fog collaborative network in which local UAVs and UAV–fog nodes do smart task offloading with low latency. In this network, the UAVs act as a fog server to compute data with the collaboration of local UAVs and offload their data efficiently to the ground devices. Next, we considered the Q-learning Markov decision process (QLMDP) based on the optimal path to handle the massive data requests from ground devices and optimize the overall delay in the UAV-based fog computing network. The simulation results show that this proposed collaborative network achieves high throughput, reduces average latency up to 0.2, and takes less computing time compared with UAV-based networks and UAV-based MEC networks; thus, it can achieve high QoS.     

基于PUF的低开销物联网安全通信方案

将物理不可克隆函数（Physical Unclonable Function,PUF）与椭圆曲线上的无证书公钥密码体制相结合,提出一种面向物联网的安全通信方案,在节点设备不存储任何秘密参数的情况下,实现设备间消息的安全传递.方案无需使用高计算复杂度的双线性对运算,并提供了消息认证机制.安全性分析表明,该方案不仅能够抵抗窃听、篡改、重放等传统攻击,而且可以有效防范节点设备可能遭到的复制攻击.对比结果显示,相较于同类方案,该方案明显降低了设备的资源开销.     

基于雾计算的物联网架构研究

物联网是一种能将物体连接至互联网使其更加智能的技术.但是物联网设备产生的大数据难以处理,网络架构的可扩展性差,以及用户的安全隐私容易泄露等问题都限制了物联网的发展.为了解决这些问题,通过分析雾计算所具有的优势提出基于雾计算的物联网架构.基于该架构,同时考虑到用户的安全隐私问题,又提出分层的网络架构.最后对文章进行总结和展望.     

Research of authentication techniques for the Internet of things

Identity authentication technology is a key technology in the Internet of things (IoT)security field which ensures the authenticity of the identity information of users and device nodes connected to the IoT.Due to the low cost,low power consumption,small storage of IoT devices and heterogeneity of IoT network,the identity authentication mechanisms in traditional computer networks are often not applicable.Firstly,the development process of IoT was introduced,the security risks of IoT and the challenges faced by the authentication work were analyzed.Then the emphasis was put on comparison of the advantages and disadvantages among five typical authentication protocols.Moreover,the authentication technologies in several practical scenarios of RFID,smart grid,Internet of vehicles,and smart home were summarized and analyzed.Finally,the future research direction was discussed.     

CE2RV: Commissioned energy-efficient virtualization for large-scale heterogeneous wireless sensor networks

The Internet of Things (IoT) comprises sensor networks, intelligent things, devices, and humans for heterogeneous services and applications. Energy constraints in conventional wireless networks impact IoT performance resulting in service failures. For reducing the adverse impact of energy, this article introduces a commissioned energy-efficient resource virtualization (CE2RV) scheme. This proposed scheme classifies the sensor nodes as fast and slow-depleting for identifying service failures. The fast-depleting nodes are discontinued from the service replications, and the remaining energy high-node-connected resources are identified. Such resources are virtualized for thwarting the existing energy failures over various services. The node classifications are performed using a tree-learning algorithm. The classifications are performed for node replacement and service virtualization under different energy depletion rates. This is required for preventing sensor network disconnections between the users and service providers. The classification is required for overcoming multiple virtualizations between common nodes across different service providers. The proposed scheme's performance is analyzed using the metrics of service disconnections, energy utilization, energy efficiency, and service delay.     

A certificateless signcryption with proxy re-encryption for practical access control in cloud-based reliable smart grid

Cloud computing has proven to be applicable in smart grid systems with the help of the cloud-based Internet of things (IoT) technology. In this concept, IoT is deployed as a front-end enabling the acquisition of smart grid-related data and its outsourcing to the cloud for data storage purposes. It is obvious that data storage is a pertinent service in cloud computing. However, its wide adoption is hindered by the concern of having a secure access to data without a breach on confidentiality and authentication. To address this problem, we propose a novel data access control scheme that simultaneously accomplishes confidentiality and authentication for cloud-based smart grid systems. Our scheme can enable the storing of encrypted smart grid-related data in the cloud. When a user prefers to access the data, the data owner issues a delegation command to the cloud for data re-encryption. The cloud is unable to acquire any plaintext information on the data. Only authorized users are capable of decrypting the data. Moreover, the integrity and authentication of data can only be verified by the authorized user. We obtain the data access control scheme by proposing a pairing free certificateless signcryption with proxy re-encryption (CLS-PRE) scheme. We prove that our CLS-PRE scheme has indistinguishability against adaptive chosen ciphertext attack under the gap Diffie–Hellman problem and existential unforgeability against adaptive chosen message attack under elliptic curve discrete logarithm problem in the random oracle model.

     

A trust computed framework for IoT devices and fog computing environment

Wireless Networks - In this paper, we have demoralized the transmission processing concerns of fog nodes and IoT device layer attack during the handoff (mobility) of IoT devices in the fog...     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

Data Transmission Strategy Based on Node Motion Prediction IoT System in Opportunistic Social Networks

With the rapid popularization of mobile smart devices in the IoT and the 5G environment, nodes’ requirements for network response speed are constantly increasing. Edge computing uses edge servers to perform simple processing when data is transmitted, increasing the response speed of devices and reducing the pressure on network traffic. However, the random movement of many nodes in an opportunistic social network easily leads to dynamic changes in the network structure and unstable transmission links. Therefore, this research proposes a data transmission strategy based on node motion prediction in opportunistic social networks (MPDTS). Any node will be assigned to a different cluster depending on how likely it is to meet other nodes. Messages are forwarded within and between clusters using different judgment indicators. This method effectively combines the connection between nodes, the node’s activity level, and sports characteristics successfully reduces the waste of resources for invalid message delivery. Simultaneously, it improves the possibility of message forwarding to the target node. Comparative experiments with several methods show that the MPDTS method has more outstanding performance.

     

Towards asynchronous federated learning for heterogeneous edge-powered internet of things

The advancement of the Internet of Things (IoT) brings new opportunities for collecting real-time data and deploying machine learning models. Nonetheless, an individual IoT device may not have adequate computing resources to train and deploy an entire learning model. At the same time, transmitting continuous real-time data to a central server with high computing resource incurs enormous communication costs and raises issues in data security and privacy. Federated learning, a distributed machine learning framework, is a promising solution to train machine learning models with resource-limited devices and edge servers. Yet, the majority of existing works assume an impractically synchronous parameter update manner with homogeneous IoT nodes under stable communication connections. In this paper, we develop an asynchronous federated learning scheme to improve training efficiency for heterogeneous IoT devices under unstable communication network. Particularly, we formulate an asynchronous federated learning model and develop a lightweight node selection algorithm to carry out learning tasks effectively. The proposed algorithm iteratively selects heterogeneous IoT nodes to participate in the global learning aggregation while considering their local computing resource and communication condition. Extensive experimental results demonstrate that our proposed asynchronous federated learning scheme outperforms the state-of-the-art schemes in various settings on independent and identically distributed (i.i.d.) and non-i.i.d. data distribution.     

A New Method to Find a High Reliable Route in IoT by Using Reinforcement Learning and Fuzzy Logic

Recently, Internet is moving quickly toward the interaction of objects, computing devices, sensors, and which are usually indicated as the Internet of things (IoT). The main monitoring infrastructure of IoT systems main monitoring infrastructure of IoT systems is wireless sensor networks. A wireless sensor network is composed of a large number of sensor nodes. Each sensor node has sensing, computing, and wireless communication capability. The sensor nodes send the data to a sink or a base station by using wireless transmission techniques However, sensor network systems require suitable routing structure to optimizing the lifetime. For providing reasonable energy consumption and optimizing the lifetime of WSNs, novel, efficient and economical schemes should be developed. In this paper, for enhancing network lifetime, a novel energy-efficient mechanism is proposed based on fuzzy logic and reinforcement learning. The fuzzy logic system and reinforcement learning is based on the remained energies of the nodes on the routes, the available bandwidth and the distance to the sink. This study also compares the performance of the proposed method with the fuzzy logic method and IEEE 802.15.4 protocol. The simulations of the proposed method which were carried out by OPNET (Optimum Network performance) indicated that the proposed method performed better than other protocols such as fuzzy logic and IEEE802.15.4 in terms of power consumption and network lifetime.

     

Energy Efficient Multitier Random DEC Routing Protocols for WSN: In Agricultural

Wireless Personal Communications - Fog computing is an emerging paradigm that provides confluence facilities between Internet of Things (IoT) devices and cloud. The fog nodes process the...     

非对称数字水印系统研究

针对传统对称水印的不足,设计并实现了一种用于版权保护的非对称图像水印系统。该系统采用三级认证结构:用户和认证机构分别拥有由私钥变换而成的不同的公钥,他们可以利用各自的公钥对数字产品进行两层检测,并且无法去除和伪造水印,只有掌握私钥的版权所有者才能进行最终的认证。实验表明:该水印的检测性能良好,同时对常规的图像处理方法具有较强的顽健性。与其它非对称水印相比,该水印系统不但抵御公开攻击的能力较强,而且可防止认证机构的欺骗行为,因而具有更高的安全性。