Blockzone: A Decentralized and Trustworthy Data Plane for DNS

The domain name system (DNS) provides a mapping service between memorable names and numerical internet protocol addresses, and it is a critical infrastructure of the Internet. The authenticity of DNS resolution results is crucial for ensuring the accessibility of Internet services. Hundreds of supplementary specifications of protocols have been proposed to compensate for the security flaws of DNS. However, DNS security incidents still occur frequently. Although DNS is a distributed system, for a specified domain name, only authorized authoritative servers can resolve it. Other servers must obtain the resolution result through a recursive or iterative resolving procedure, which renders DNS vulnerable to various attacks, such as DNS cache poisoning and distributed denial of service (DDoS) attacks. This paper proposes a novel decentralized architecture for a DNS data plane, which is called Blockzone. First, Blockzone utilizes novel mechanisms, which include on-chain authorization and off-chain storage, to implement a decentralized and trustworthy DNS data plane. Second, in contrast to the hierarchical authentication and recursive query of traditional DNS, Blockzone implements a decentralized operation model. This model significantly increases the efficiency of domain name resolution and verification and enhances the security of DNS against DDoS and cache poisoning attacks. In addition, Blockzone is fully compatible with the traditional DNS implementation and can be incrementally deployed as a plug-in service of DNS without changing the DNS protocol or system architecture. The Blockzone scheme can also be generalized to address security issues in other areas, such as the Internet of things and edge computing.     

Task-Attribute-Based Access Control Scheme for IoT via Blockchain

As a new form of network, the Internet of things (IoT) is becoming more widely used in people’s lives. In this paper, related theoretical research and practical applications of the IoT are explored. The security of the IoT has become a hot research topic. Access controls are methods that control reasonable allocations of data and resources and ensure the security of the IoT. However, most access control systems do not dynamically assign users’ rights. Additionally, with some access control systems, there is a risk of overstepping other user’s authority, and there may exist a central authority that is a single point of failure. Therefore, to solve these problems, this paper proposes a Task-Attribute-Based Access Control scheme for the IoT via blockchain that combines the access control technologies of both the IoT and blockchain. This model, which merges the advantages of task-based access controls and attribute-based access controls, is perfectly integrated with blockchain technology. This model uses hash functions and digital signature algorithms to ensure the authenticity and integrity of the data, and it can dynamically allocate users’ minimum privileges and thus perfectly solves the single point of failure problem. The model is implemented using a Geth client and solidity code, and the simulation results demonstrate the effectiveness of the model.     

Two-Stage High-Efficiency Encryption Key Update Scheme for LoRaWAN Based IoT Environment

Secure data communication is an essential requirement for an Internet of Things (IoT) system. Especially in Industrial Internet of Things (IIoT) and Internet of Medical Things (IoMT) systems, when important data are hacked, it may induce property loss or life hazard. Even though many IoT-related communication protocols are equipped with secure policies, they still have some security weaknesses in their IoT systems. LoRaWAN is one of the low power wide-area network protocols, and it adopts Advanced Encryption Standard (AES) to provide message integrity and confidentiality. However, LoRaWAN's encryption key update scheme can be further improved. In this paper, a Two-stage High-efficiency LoRaWAN encryption key Update Scheme (THUS for short) is proposed to update LoRaWAN's root keys and session keys in a secure and efficient way. The THUS consists of two stages, i.e., the Root Key Update (RKU) stage and the Session Key Update (SKU) stage, and with different update frequencies, the RKU and SKU provide higher security level than the normal LoRaWAN specification does. A modified AES encryption/decryption process is also utilized in the THUS for enhancing the security of the THUS. The security analyses demonstrate that the THUS not only protects important parameter during key update stages, but also satisfies confidentiality, integrity, and mutual authentication. Moreover, The THUS can further resist replay and eavesdropping attacks.     

A Blockchain-Based Architecture for Securing Industrial IoTs Data in Electric Smart Grid

There are numerous internet-connected devices attached to the industrial process through recent communication technologies, which enable machine-to-machine communication and the sharing of sensitive data through a new technology called the industrial internet of things (IIoTs). Most of the suggested security mechanisms are vulnerable to several cybersecurity threats due to their reliance on cloud-based services, external trusted authorities, and centralized architectures; they have high computation and communication costs, low performance, and are exposed to a single authority of failure and bottleneck. Blockchain technology (BC) is widely adopted in the industrial sector for its valuable features in terms of decentralization, security, and scalability. In our work, we propose a decentralized, scalable, lightweight, trusted and secure private network based on blockchain technology/smart contracts for the overhead circuit breaker of the electrical power grid of the Al-Kufa/Iraq power plant as an industrial application. The proposed scheme offers a double layer of data encryption, device authentication, scalability, high performance, low power consumption, and improves the industry’s operations; provides efficient access control to the sensitive data generated by circuit breaker sensors and helps reduce power wastage. We also address data aggregation operations, which are considered challenging in electric power smart grids. We utilize a multi-chain proof of rapid authentication (McPoRA) as a consensus mechanism, which helps to enhance the computational performance and effectively improve the latency. The advanced reduced instruction set computer (RISC) machines ARM Cortex-M33 microcontroller adopted in our work, is characterized by ultra-low power consumption and high performance, as well as efficiency in terms of real-time cryptographic algorithms such as the elliptic curve digital signature algorithm (ECDSA). This improves the computational execution, increases the implementation speed of the asymmetric cryptographic algorithm and provides data integrity and device authenticity at the perceptual layer. Our experimental results show that the proposed scheme achieves excellent performance, data security, real-time data processing, low power consumption (70.880 mW), and very low memory utilization (2.03% read-only memory (RAM) and 0.9% flash memory) and execution time (0.7424 s) for the cryptographic algorithm. This enables autonomous network reconfiguration on-demand and real-time data processing.     

Security Requirement Management for Cloud-Assisted and Internet of Things—Enabled Smart City

The world is rapidly changing with the advance of information technology. The expansion of the Internet of Things (IoT) is a huge step in the development of the smart city. The IoT consists of connected devices that transfer information. The IoT architecture permits on-demand services to a public pool of resources. Cloud computing plays a vital role in developing IoT-enabled smart applications. The integration of cloud computing enhances the offering of distributed resources in the smart city. Improper management of security requirements of cloud-assisted IoT systems can bring about risks to availability, security, performance, confidentiality, and privacy. The key reason for cloud- and IoT-enabled smart city application failure is improper security practices at the early stages of development. This article proposes a framework to collect security requirements during the initial development phase of cloud-assisted IoT-enabled smart city applications. Its three-layered architecture includes privacy preserved stakeholder analysis (PPSA), security requirement modeling and validation (SRMV), and secure cloud-assistance (SCA). A case study highlights the applicability and effectiveness of the proposed framework. A hybrid survey enables the identification and evaluation of significant challenges.     

A Secure NDN Framework for Internet of Things Enabled Healthcare

Healthcare is a binding domain for the Internet of Things (IoT) to automate healthcare services for sharing and accumulation patient records at anytime from anywhere through the Internet. The current IP-based Internet architecture suffers from latency, mobility, location dependency, and security. The Named Data Networking (NDN) has been projected as a future internet architecture to cope with the limitations of IP-based Internet. However, the NDN infrastructure does not have a secure framework for IoT healthcare information. In this paper, we proposed a secure NDN framework for IoT-enabled Healthcare (IoTEH). In the proposed work, we adopt the services of Identity-Based Signcryption (IBS) cryptography under the security hardness Hyperelliptic Curve Cryptosystem (HCC) to secure the IoTEH information in NDN. The HCC provides the corresponding level of security using minimal computational and communicational resources as compared to bilinear pairing and Elliptic Curve Cryptosystem (ECC). For the efficiency of the proposed scheme, we simulated the security of the proposed solution using Automated Validation of Internet Security Protocols and Applications (AVISPA). Besides, we deployed the proposed scheme on the IoTEH in NDN infrastructure and compared it with the recent IBS schemes in terms of computation and communication overheads. The simulation results showed the superiority and improvement of the proposed framework against contemporary related works.     

Cogent and Energy Efficient Authentication Protocol for WSN in IoT

Given the accelerating development of Internet of things (IoT), a secure and robust authentication mechanism is urgently required as a critical architectural component. The IoT has improved the quality of everyday life for numerous people in many ways. Owing to the predominantly wireless nature of the IoT, connected devices are more vulnerable to security threats compared to wired networks. User authentication is thus of utmost importance in terms of security on the IoT. Several authentication protocols have been proposed in recent years, but most prior schemes do not provide sufficient security for these wireless networks. To overcome the limitations of previous schemes, we propose an efficient and lightweight authentication scheme called the Cogent Biometric-Based Authentication Scheme (COBBAS). The proposed scheme is based on biometric data, and uses lightweight operations to enhance the efficiency of the network in terms of time, storage, and battery consumption. A formal security analysis of COBBAS using Burrows–Abadi–Needham logic proves that the proposed protocol provides secure mutual authentication. Formal security verification using the Automated Validation of Internet Security Protocols and Applications tool shows that the proposed protocol is safe against man-in-the-middle and replay attacks. Informal security analysis further shows that COBBAS protects wireless sensor networks against several security attacks such as password guessing, impersonation, stolen verifier attacks, denial-of-service attacks, and errors in biometric recognition. This protocol also provides user anonymity, confidentiality, integrity, and biometric recovery in acceptable time with reasonable computational cost.     

智能DNS在校园网多链路控制的应用

为了解决校内外用户高速访问高校校园网的内部资源服务器的问题,提出了校园网智能DNS解决方案.智能DNS利用Bind9视图技术,结合F5负载均衡器的虚拟服务器和链路控制原理,能根据网络用户IP的来源,将校内资源服务器的域名动态解析成用户IP对应网络的IP地址,从而提高用户访问校内资源的速度和可靠性.测试结果表明,教科网、电信网和联通网等公网用户和内网用户都能获得最佳的链路以访问校内资源,校内用户访问其他公网资源也能获得更好的体验.     

Blockchain-Based Trusted Electronic Records Preservation in Cloud Storage

Cloud storage represents the trend of intensive, scale and specialization of information technology, which has changed the technical architecture and implementation method of electronic records management. Moreover, it will provide a convenient way to generate more advanced and efficient management of the electronic data records. However, in cloud storage environment, it is difficult to guarantee the trustworthiness of electronic records, which results in a series of severe challenges to electronic records management. Starting from the definition and specification of electronic records, this paper firstly analyzes the requirements of the trustworthiness in cloud storage during their long-term preservation according to the information security theory and subdivides the trustworthiness into the authenticity, integrity, usability, and reliability of electronic records in cloud storage. Moreover, this paper proposes the technology framework of preservation for trusted electronic records. Also, the technology of blockchain, proofs of retrievability, the open archival information system model and erasure code are adopted to protect these four security attributes, to guarantee the credibility of the electronic record.     

Haar整数频域变换耦合动态引力模型的加密算法

目的实现数字图像与QR二维码信息的安全保密。方法基于频域-空域双重加密的思想,提出Haar整数频域变换耦合动态引力模型的图像无损加密认证算法,并将该算法应用于QR二维码的加密传输。首先引入Haar小波变换,定义频域系数修整模型,将明文分解为4个子带;随后基于256位外部密钥,迭代3D Chen系统,建立混沌序列择取与优化机制,有效消除瞬态效应,从而输出3个优化子序列,通过融合这些序列,输出一组密钥流,基于升序排列,形成位置扰乱源,对4个子带完成频域置乱,再利用Haar逆变换,形成置乱密文;构建像素点质量动态估计模型,改进引力模型,对置乱密文完成空域扩散;定义密文深度分段扩散机制,对初始密文完成二次扩散,提高密文的NPCR(Number of Pixels Change Rate)与UACI(Unified Average Change Insensitive)值;最后,引入HASH检测机制,赋予算法决策功能,对图像在传输中是否遭到攻击进行认证。结果与基于混沌理论的加密技术相比,文中算法具备更高的安全性与抗剪切攻击能力,且解密图像的失真度最小;同时,对QR二维码信息也具有较高的保密度和较低的解密失真度,在安全加密的同时,也较好地保留了QR二维码的原有结构信息。结论文中算法具有较高的安全性,能够安全保护图像与QR二维码在网络中安全传输,在包装与印刷防伪条码领域具有较好的实际应用价值。     

Privacy Preserving Blockchain Technique to Achieve Secure and Reliable Sharing of IoT Data

In present digital era, an exponential increase in Internet of Things (IoT) devices poses several design issues for business concerning security and privacy. Earlier studies indicate that the blockchain technology is found to be a significant solution to resolve the challenges of data security exist in IoT. In this view, this paper presents a new privacy-preserving Secure Ant Colony optimization with Multi Kernel Support Vector Machine (ACOMKSVM) with Elliptical Curve cryptosystem (ECC) for secure and reliable IoT data sharing. This program uses blockchain to ensure protection and integrity of some data while it has the technology to create secure ACOMKSVM training algorithms in partial views of IoT data, collected from various data providers. Then, ECC is used to create effective and accurate privacy that protects ACOMKSVM secure learning process. In this study, the authors deployed blockchain technique to create a secure and reliable data exchange platform across multiple data providers, where IoT data is encrypted and recorded in a distributed ledger. The security analysis showed that the specific data ensures confidentiality of critical data from each data provider and protects the parameters of the ACOMKSVM model for data analysts. To examine the performance of the proposed method, it is tested against two benchmark dataset such as Breast Cancer Wisconsin Data Set (BCWD) and Heart Disease Data Set (HDD) from UCI AI repository. The simulation outcome indicated that the ACOMKSVM model has outperformed all the compared methods under several aspects.     

Secure Provenance of Electronic Records Based on Blockchain

At present, the provenance of electronic records is stored centrally. The centralized way of information storage has huge risks. Whether the database itself is destroyed or the communication between the central database and the external interruption occurs, the provenance information of the stored electronic records will not play its role. At the same time, uncertainties such as fires and earthquakes will also pose a potential threat to centralized databases. Moreover, the existing security provenance model is not specifically designed for electronic records. In this paper, a security provenance model of electronic records is constructed based on PREMIS and METS. Firstly, this paper analyses the security requirements of the provenance information of electronic records. Then, based on the characteristics of blockchain decentralization, and combined with coding theory, a distributed secure provenance guarantees technology of electronic records is constructed, which ensures the authenticity, integrity, confidentiality and reliability of the provenance information.     

Securing ARP and DHCP for mitigating link layer attacks

Network security has become a concern with the rapid growth and expansion of the Internet. While there are several ways to provide security for communications at the application, transport, or network layers, the data link layer security has not yet been adequately addressed. Dynamic Host Configuration Protocol (DHCP) and Address Resolution Protocol (ARP) are link layer protocols that are essential for network operation. They were designed without any security features. Therefore, they are vulnerable to a number of attacks such as the rogue DHCP server, DHCP starvation, host impersonation, man-in-the-middle, and denial of service attacks. Vulnerabilities in ARP and DHCP threaten the operation of any network. The existing solutions to secure ARP and DHCP could not mitigate DHCP starvation and host impersonation attacks. This work introduces a new solution to secure ARP and DHCP for preventing and mitigating these LAN attacks. The proposed solution provides integrity and authenticity for ARP and DHCP messages. Security properties and performance of the proposed schemes are investigated and compared to other related schemes.     

An empirical study of the accessibility of web references in two Chinese academic journals

To discover the current situation and characteristics of web reference accessibility, the present study examined the accessibility of 1,637 web references in two key Chinese academic journals published from 1999 to 2003. The author develops linear regression models to demonstrate the decay of web reference accessibility. The study examines the influence of high use of web references in a paper, the associations between web reference accessibility and generic domain, country domain, protocol, and resource type, respectively, and classifies inaccessible web references according to Internet Explorer feedbacks. It compares the retrieval efficacy among three kinds of retrieval methods and reports on the limitations of Internet Archive.     

Root Cause Analysis of Failed Diesel Engine Aluminum Pistons

Root cause analysis was performed to determine the cause of failure of numerous cast aluminum pistons used in high speed diesel engines over ~7 months. The analysis consisted of metallurgical and engine systems evaluations. The metallurgical evaluation of two of the initial failed pistons showed failure by exposure to incompletely atomized and combusted fuel droplets that melted and eroded the piston crown outer diameters. The initial suspected root cause of the uncombusted fuel droplets was the presence of fuel-tank biological growth. The tanks were cleaned and the engines restored to service, but there were additional piston failures after only a short time back on-line, including piston seizures that fractured the pistons and cylinder liners. A subsequent, much more detailed engine system evaluation showed that the true root cause explaining all the failures was incorrect fuel injection timing. Two key points to be taken from this analysis are: (1) determination of the true root cause in this case required continuous and close interaction among metallurgical and engine systems personnel throughout an extended analysis process; (2) getting to the true root cause may require tenacious ‘detective’ work to track down and eliminate all other potential causes.     

Assessing the authority of free online scholarly information

Authority generally relates to expertise, recognition of official status of a source, and the reputation of the author and publisher. As the Internet has become a ubiquitous tool in modern science and scholarly research, evaluating the authority of free online scholarly information is becoming crucial. However, few empirical studies have focused on this issue. Using a modified version of Jim Kapoun’s “Five criteria for evaluating web pages” as framework, this research selected 32 keywords from eight disciplines, inputted them into three search engines (Google, Yahoo and AltaVista) and used Analytic Hierarchy Process to determine the weights. The first batches of results (web pages) from keyword searching were selected as evaluation samples (in the two search phases, the first 50 and 10 results were chosen, respectively), and a total of 3,134 samples were evaluated for authority based on the evaluation framework. The results show that the average authority value for free online scholarly information is about 3.63 (out of five), which is in the “fair” level (3 ≤ Z < 4) (Z is the value assigned to each sample). About 41% of all samples collected provide more authoritative scholarly information. Different domain names, resource types, and disciplines of free online scholarly information perform differently when scored in terms of authority. In conclusion, the authority of free online scholarly information has been unsatisfactory, and needs to be improved. Furthermore, the evaluation framework and its application developed herein could be a useful instrument for librarians, researchers, students, and the public to select Internet resources.     

Dynamic Proofs of Retrievability Based on Partitioning-Based Square Root Oblivious RAM

With the development of cloud storage, the problem of efficiently checking and proving data integrity needs more consideration. Therefore, much of growing interest has been pursed in the context of the integrity verification of cloud storage. Provable data possession (PDP) and Proofs of retrievablity (POR) are two kinds of important scheme which can guarantee the data integrity in the cloud storage environments. The main difference between them is that POR schemes store a redundant encoding of the client data on the server so as to she has the ability of retrievablity while PDP does not have. Unfortunately, most of POR schemes support only static data. Stefanov et al. proposed a dynamic POR, but their scheme need a large of amount of client storage and has a large audit cost. Cash et al. use Oblivious RAM (ORAM) to construct a fully dynamic POR scheme, but the cost of their scheme is also very heavy. Based on the idea which proposed by Cash, we propose dynamic proofs of retrievability via Partitioning-Based Square Root Oblivious RAM (DPoR-PSR-ORAM). Firstly, the notions used in our scheme are defined. The Partitioning-Based Square Root Oblivious RAM (PSR-ORAM) protocol is also proposed. The DPOR-PSR-ORAM Model which includes the formal definitions, security definitions and model construction methods are described in the paper. Finally, we give the security analysis and efficiency analysis. The analysis results show that our scheme not only has the property of correctness, authenticity, next-read pattern hiding and retrievabiltiy, but also has the high efficiency.     

An Improved Dictionary Cracking Scheme Based on Multiple GPUs for Wi-Fi Network

The Internet has penetrated all aspects of human society and has promoted social progress. Cyber-crimes in many forms are commonplace and are dangerous to society and national security. Cybersecurity has become a major concern for citizens and governments. The Internet functions and software applications play a vital role in cybersecurity research and practice. Most of the cyber-attacks are based on exploits in system or application software. It is of utmost urgency to investigate software security problems. The demand for Wi-Fi applications is proliferating but the security problem is growing, requiring an optimal solution from researchers. To overcome the shortcomings of the wired equivalent privacy (WEP) algorithm, the existing literature proposed security schemes for Wi-Fi protected access (WPA)/WPA2. However, in practical applications, the WPA/WPA2 scheme still has some weaknesses that attackers exploit. To destroy a WPA/WPA2 security, it is necessary to get a PSK pre-shared key in pre-shared key mode, or an MSK master session key in the authentication mode. Brute-force cracking attacks can get a phase-shift keying (PSK) or a minimum shift keying (MSK). In real-world applications, many wireless local area networks (LANs) use the pre-shared key mode. Therefore, brute-force cracking of WPA/WPA2-PSK is important in that context. This article proposes a new mechanism to crack the Wi-Fi password using a graphical processing unit (GPU) and enhances the efficiency through parallel computing of multiple GPU chips. Experimental results show that the proposed algorithm is effective and provides a procedure to enhance the security of Wi-Fi networks.     

高性能安全路由器BW7000的设计与实现

高性能和安全是计算机网络研究的两个主要问题。路由器在保证转发性能的前提下提供网络安全保护已经成为当前的研究热点。文章介绍了在完成国家"八六三"计划重大课题"高性能安全路由器"的过程中解决的若干关键技术问题。高性能安全路由器BW7000基于自主设计的高性能路由器操作系统HEROS。为保证高性能的路由转发,设计实现了基于RAM的高性能路由查找算法;为支持服务质量控制和安全管理,设计实现了基于无冲突HashTrie树的分组分类算法和基于反馈的分布式分组调度算法;为保证网络安全,提出了基于分布式密钥管理的路由器安     

EFFECTS OF CRACK LENGTH, NOTCH ROOT RADIUS AND GRAIN SIZE ON FRACTURE TOUGHNESS OF FINE CERAMICS

Generally, fracture toughness and fracture stress of ceramics depend on crack length, notch root radius and grain size. These three parameters are most important when assessing the integrity of structural ceramic members and developing high-performance ceramics. A new failure criterion called the process zone size failure criterion, has been proposed based on the existence of a crack-tip process zone. Using this criterion, it is shown that theoretical values are in good agreement with many test results quoted from many papers. It is concluded that this failure criterion is useful when evaluating crack length and notch root radius problems. The effect of grain size on both the fracture toughness and on the toughening mechanism is also considered.