Lightweight PUF based authentication scheme for fog architecture

Fog computing improves efficiency and reduces the amount of bandwidth to the cloud. In many use cases, the internet of things (IoT) devices do not know the fog nodes in advance. Moreover, as the fog nodes are often placed in open publicly available places, they can be easily captured. Therefore, it should be ensured that even if the key material is leaked from the fog devices, the previously generated session keys and the identity of the devices can be kept secret, i.e. satisfying anonymity, unlinkability, perfect forward secrecy and resistance against stolen devices attack. Such demands require a multi-factor authentication scheme, which is typically done by providing input of the user with password or biometric data. However, in real use case scenarios, IoT devices should be able to automatically start the process without requiring such manual interaction and also fog devices need to autonomously operate. Therefore, this paper proposes a physical unclonable function (PUF) based mutual authentication scheme, being the first security scheme for a fog architecture, capable of providing simultaneously all these suggested security features. In addition, we also show the resistance against other types of attacks like synchronization and known session specific temporary information attack. Moreover, the scheme only relies on symmetric key based operations and thus results in very good performance, compared to the other fog based security systems proposed in literature.

     

Authentication-based Access Control and Data Exchanging Mechanism of IoT Devices in Fog Computing Environment

The emergence of fog computing has witnessed a big role in initiating secure communication amongst users. Fog computing poses the ability to perform analysis, processing, and storage for a set of Internet of Things (IoT) devices. Several IoT solutions are devised by utilizing the fog nodes to alleviate IoT devices from complex computation and heavy processing. This paper proposes an authentication scheme using fog nodes to manage IoT devices by providing security without considering a trusted third party. The proposed authentication scheme employed the benefits of fog node deployment. The authentication scheme using fog node offers reliable verification between the data owners and the requester without depending on the third party users. The proposed authentication scheme using fog nodes effectively solved the problems of a single point of failure in the storage system and offers many benefits by increasing the throughput and reducing the cost. The proposed scheme considers several entities, like end-users, IoT devices, fog nodes, and smart contracts, which help to administrate the authentication using access policies. The proposed authentication scheme using fog node provided superior results than other methods with minimal memory value of 4009.083 KB, minimal time of 76.915 s, and maximal Packet delivery ratio (PDR) of 76.

     

Fog-Sec: Secure end-to-end communication in fog-enabled IoT network using permissioned blockchain system

The technological integration of the Internet of Things (IoT)-Cloud paradigm has enabled intelligent linkages of things, data, processes, and people for efficient decision making without human intervention. However, it poses various challenges for IoT networks that cannot handle large amounts of operation technology (OT) data due to physical storage shortages, excessive latency, higher transfer costs, a lack of context awareness, impractical resiliency, and so on. As a result, the fog network emerged as a new computing model for providing computing capacity closer to IoT edge devices. The IoT-Fog-Cloud network, on the other hand, is more vulnerable to multiple security flaws, such as missing key management problems, inappropriate access control, inadequate software update mechanism, insecure configuration files and default passwords, missing communication security, and secure key exchange algorithms over unsecured channels. Therefore, these networks cannot make good security decisions, which are significantly easier to hack than to defend the fog-enabled IoT environment. This paper proposes the cooperative flow for securing edge devices in fog-enabled IoT networks using a permissioned blockchain system (pBCS). The proposed fog-enabled IoT network provides efficient security solutions for key management issues, communication security, and secure key exchange mechanism using a blockchain system. To secure the fog-based IoT network, we proposed a mechanism for identification and authentication among fog, gateway, and edge nodes that should register with the blockchain network. The fog nodes maintain the blockchain system and hold a shared smart contract for validating edge devices. The participating fog nodes serve as validators and maintain a distributed ledger/blockchain to authenticate and validate the request of the edge nodes. The network services can only be accessed by nodes that have been authenticated against the blockchain system. We implemented the proposed pBCS network using the private Ethereum 2.0 that enables secure device-to-device communication and demonstrated performance metrics such as throughput, transaction delay, block creation response time, communication, and computation overhead using state-of-the-art techniques. Finally, we conducted a security analysis of the communication network to protect the IoT edge devices from unauthorized malicious nodes without data loss.     

Detection of Abnormal Activities from Various Signals Based on Statistical Analysis

We perceive big data with massive datasets of complex and variegated structures in the modern era. Such attributes formulate hindrances while analyzing and storing the data to generate apt aftermaths. Privacy and security are the colossal perturb in the domain space of extensive data analysis. In this paper, our foremost priority is the computing technologies that focus on big data, IoT (Internet of Things), Cloud Computing, Blockchain, and fog computing. Among these, Cloud Computing follows the role of providing on-demand services to their customers by optimizing the cost factor. AWS, Azure, Google Cloud are the major cloud providers today. Fog computing offers new insights into the extension of cloud computing systems by procuring services to the edges of the network. In collaboration with multiple technologies, the Internet of Things takes this into effect, which solves the labyrinth of dealing with advanced services considering its significance in varied application domains. The Blockchain is a dataset that entertains many applications ranging from the fields of crypto-currency to smart contracts. The prospect of this research paper is to present the critical analysis and review it under the umbrella of existing extensive data systems. In this paper, we attend to critics' reviews and address the existing threats to the security of extensive data systems. Moreover, we scrutinize the security attacks on computing systems based upon Cloud, Blockchain, IoT, and fog. This paper lucidly illustrates the different threat behaviour and their impacts on complementary computational technologies. The authors have mooted a precise analysis of cloud-based technologies and discussed their defense mechanism and the security issues of mobile healthcare.

     

Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine

With the rapid development of the Internet of Things (IoT), there are several challenges pertaining to security in IoT applications. Compared with the characteristics of the traditional Internet, the IoT has many problems, such as large assets, complex and diverse structures, and lack of computing resources. Traditional network intrusion detection systems cannot meet the security needs of IoT applications. In view of this situation, this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance. Usually, traditional intrusion detection algorithms require considerable time for training, and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes; therefore, it is necessary to study intrusion detection algorithms with low weights, short training time, and high detection accuracy for deployment and application on cloud nodes. An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats. This paper discusses the problems related to IoT intrusion prevention in cloud computing environments. Based on the analysis of cloud computing security threats, this study extensively explores IoT intrusion detection, cloud node monitoring, and intrusion response in cloud computing environments by using cloud computing, an improved extreme learning machine, and other methods. We use the Multi-Feature Extraction Extreme Learning Machine (MFE-ELM) algorithm for cloud computing, which adds a multi-feature extraction process to cloud servers, and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes. In our simulation experiments, a classical dataset for intrusion detection is selected as a test, and test steps such as data preprocessing, feature engineering, model training, and result analysis are performed. The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes. Furthermore, it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time, so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.     

Enabling intelligence in fog computing to achieve energy and latency reduction

Fog computing is an emerging architecture intended for alleviating the network burdens at the cloud and the core network by moving resource-intensive functionalities such as computation, communication, storage, and analytics closer to the End Users (EUs). In order to address the issues of energy efficiency and latency requirements for the time-critical Internet-of-Things (IoT) applications, fog computing systems could apply intelligence features in their operations to take advantage of the readily available data and computing resources. In this paper, we propose an approach that involves device-driven and human-driven intelligence as key enablers to reduce energy consumption and latency in fog computing via two case studies. The first one makes use of the machine learning to detect user behaviors and perform adaptive low-latency Medium Access Control (MAC)-layer scheduling among sensor devices. In the second case study on task offloading, we design an algorithm for an intelligent EU device to select its offloading decision in the presence of multiple fog nodes nearby, at the same time, minimize its own energy and latency objectives. Our results show a huge but untapped potential of intelligence in tackling the challenges of fog computing.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

Energy aware cloud-edge service placement approaches in the Internet of Things communications

In recent years, applying Internet of Things (IoT) applications has significantly increased to facilitate and improve quality of human life activities in various fields such as healthcare, education, industry, economics, etc. The energy aware cloud-edge computing paradigm has developed as a hybrid computing solution to provide IoT applications using available cloud service providers and fog nodes for the smart devices and mobile applications. Since the IoT applications are developed in the form of several IoT services with various quality of service (QoS) metrics which can deploy on the cloud-edge providers with different resource capabilities, finding an efficient placement solution as one of challenging topics to be measured for IoT applications. The service placement issue arranges IoT applications on the cloud-edge providers with various capabilities of atomic services though sufficient different QoS factors to support service level agreement (SLA) contracts. This paper presents a technical analysis on the cloud-edge service placement approaches in IoT systems. The key point of this technical analysis is to identify substantial studies in the service placement approaches which need additional consideration to progress more efficient and effective placement strategies in IoT environments. In addition, a side-by-side taxonomy is proposed to categorize the relevant studies on cloud-edge service placement approaches and algorithms. A statistical and technical analysis of reviewed existing approaches is provided, and evaluation factors and attributes are discussed. Finally, open issues and forthcoming challenges of service placement approaches are presented.     

Energy Efficient Multitier Random DEC Routing Protocols for WSN: In Agricultural

Wireless Personal Communications - Fog computing is an emerging paradigm that provides confluence facilities between Internet of Things (IoT) devices and cloud. The fog nodes process the...     

Time to forge ahead: The Internet of Things for healthcare

Situated at the intersection of technology and medicine, the Internet of Things (IoT) holds the promise of addressing some of healthcare's most pressing challenges, from medical error, to chronic drug shortages, to overburdened hospital systems, to dealing with the COVID-19 pandemic. However, despite considerable recent technological advances, the pace of successful implementation of promising IoT healthcare initiatives has been slow. To inspire more productive collaboration, we present here a simple—but surprisingly underrated—problem-oriented approach to developing healthcare technologies. To further assist in this effort, we reviewed the various commercial, regulatory, social/cultural, and technological factors in the development of the IoT. We propose that fog computing—a technological paradigm wherein the burden of computing is shifted from a centralized cloud server closer to the data source—offers the greatest promise for building a robust and scalable healthcare IoT ecosystem. To this end, we explore the key enabling technologies that underpin the fog architecture, from the sensing layer all the way up to the cloud. It is our hope that ongoing advances in sensing, communications, cryptography, storage, machine learning, and artificial intelligence will be leveraged in meaningful ways to generate unprecedented medical intelligence and thus drive improvements in the health of many people.     

基于雾计算的物联网架构研究

物联网是一种能将物体连接至互联网使其更加智能的技术.但是物联网设备产生的大数据难以处理,网络架构的可扩展性差,以及用户的安全隐私容易泄露等问题都限制了物联网的发展.为了解决这些问题,通过分析雾计算所具有的优势提出基于雾计算的物联网架构.基于该架构,同时考虑到用户的安全隐私问题,又提出分层的网络架构.最后对文章进行总结和展望.     

A dynamic fog service provisioning approach for IoT applications

Internet of Things (IoT) is an ecosystem that can improve the life quality of humans through smart services, thereby facilitating everyday tasks. Connecting to cloud and utilizing its services are now public and common, and the experts seek to find some ways to complete cloud computing to use it in IoT, which in next decades will make everything online. Fog computing, where the cloud computing expands to the edge of the network, is one way to achieve the objectives of delay reduction, immediate processing, and network congestion. Since IoT devices produce variations of workloads over time, IoT application services will experience traffic trace fluctuations. So knowing about the distribution of future workloads required to handle IoT workload while meeting the QoS constraint. As a result, in the context of fog computing, the main objective of resource management is dynamic resource provisioning such that it avoids the excess or dearth of provisioning. In the present work, we first propose a distributed computing framework for autonomic resource management in the context of fog computing. Then, we provide a customized version of a provisioning system for IoT services based on control MAPE‐k loop. The system makes use of a reinforcement learning technique as decision maker in planning phase and support vector regression technique in analysis phase. At the end, we conduct a family of simulation‐based experiments to assess the performance of our introduced system. The average delay, cost, and delay violation are decreased by 1.95%, 11%, and 5.1%, respectively, compared with existing solutions.     

Multi-objective optimization for task offloading based on network calculus in fog environments

With the widespread application of wireless communication technology and continuous improvements to Internet of Things (IoT) technology, fog computing architecture composed of edge, fog, and cloud layers have become a research hotspot. This architecture uses Fog Nodes (FNs) close to users to implement certain cloud functions while compensating for cloud disadvantages. However, because of the limited computing and storage capabilities of a single FN, it is necessary to offload tasks to multiple cooperating FNs for task completion. To effectively and quickly realize task offloading, we use network calculus theory to establish an overall performance model for task offloading in a fog computing environment and propose a Globally Optimal Multi-objective Optimization algorithm for Task Offloading (GOMOTO) based on the performance model. The results show that the proposed model and algorithm can effectively reduce the total delay and total energy consumption of the system and improve the network Quality of Service (QoS).     

RAD‐EI: A routing attack detection scheme for edge‐based Internet of Things environment

Internet of Things (IoT) offers various types of application services in different domains, such as “smart infrastructure, health‐care, critical infrastructure, and intelligent transportation system.” The name edge computing signifies a corner or edge in a network at which traffic enters or exits from the network. In edge computing, the data analysis task happens very close to the IoT smart sensors and devices. Edge computing can also speed up the analysis process, which allows decision makers to take action within a short duration of time. However, edge‐based IoT environment has several security and privacy issues similar to those for the cloud‐based IoT environment. Various types of attacks, such as “replay, man‐in‐the middle, impersonation, password guessing, routing attack, and other denial of service attacks” may be possible in edge‐based IoT environment. The routing attacker nodes have the capability to deviate and disrupt the normal flow of traffic. These malicious nodes do not send packets (messages) to the edge node and only send packets to its neighbor collaborator attacker nodes. Therefore, in the presence of such kind of routing attack, edge node does not get the information or sometimes it gets the partial information. This further affects the overall performance of communication of edge‐based IoT environment. In the presence of such an attack, the “throughput of the network” decreases, “end‐to‐end delay” increases, “packet delivery ratio” decreases, and other parameters also get affected. Consequently, it is important to provide solution for such kind of attack. In this paper, we design an intrusion detection scheme for the detection of routing attack in edge‐based IoT environment called as RAD‐EI. We simulate RAD‐EI using the widely used “NS2 simulator” to measure different network parameters. Furthermore, we provide the security analysis of RAD‐EI to prove its resilience against routing attacks. RAD‐EI accomplishes around 95.0% “detection rate” and 1.23% “false positive rate” that are notably better than other related existing schemes. In addition, RAD‐EI is efficient in terms of computation and communication costs. As a result, RAD‐EI is a good match for some critical and sensitive applications, such as smart security and surveillance system.     

一种适用于雾计算的终端节点切换认证协议

针对当前雾计算环境下终端节点的切换认证协议在存储量、计算量和安全性等方面还存在缺陷,该文提出一种高效的终端节点切换认证协议。在该协议中,采用双因子组合公钥(TF-CPK)和认证Ticket相结合的方式,实现雾节点和终端节点的相互认证和会话密钥协商。安全性和性能分析结果表明,该协议支持不可跟踪性,可以抵抗众多已知攻击和安全威胁,且具有较小的系统开销。     

ECC-CoAP: Elliptic Curve Cryptography Based Constraint Application Protocol for Internet of Things

Constraint Application Protocol (CoAP), an application layer based protocol, is a compressed version of HTTP protocol that is used for communication between lightweight resource constraint devices in Internet of Things (IoT) network. The CoAP protocol is generally associated with connectionless User Datagram Protocol (UDP) and works based on Representational State Transfer architecture. The CoAP is associated with Datagram Transport Layer Security (DTLS) protocol for establishing a secure session using the existing algorithms like Lightweight Establishment of Secure Session for communication between various IoT devices and remote server. However, several limitations regarding the key management, session establishment and multi-cast message communication within the DTLS layer are present in CoAP. Hence, development of an efficient protocol for secure session establishment of CoAP is required for IoT communication. Thus, to overcome the existing limitations related to key management and multicast security in CoAP, we have proposed an efficient and secure communication scheme to establish secure session key between IoT devices and remote server using lightweight elliptic curve cryptography (ECC). The proposed ECC-based CoAP is referred to as ECC-CoAP that provides a CoAP implementation for authentication in IoT network. A number of well-known cryptographic attacks are analyzed for validating the security strength of the ECC-CoAP and found that all these attacks are well defended. The performance analysis of the ECC-CoAP shows that our scheme is lightweight and secure.

     

A New Lightweight User Authentication and Key Agreement Scheme for WSN

The Internet of Things (IoT) is one of the most up-to-date and newest technologies that allows remote control of heterogeneous networks and has a good outlook for industrial applications. Wireless sensor networks (or in brief WSNs) have a key role on the Internet of industrial objects. Due to the limited resources of the sensor nodes, designing a balanced authentication scheme to provide security in reasonable performance in wireless sensor networks is a major challenge in these applications. So far, several security schemes have been presented in this context, but unfortunately, none of these schemes have provided desired security in reasonable cost. In 2017, Khemissa et al. proposed a security protocol for mutual authentication between sensor node and user in WSNs, however, in this paper we show that this protocol is not safe enough in the confrontation of desynchronization, user impersonation and gateway impersonation attacks. The proposed attacks succeed with the probability of one and to be realized only require an execution of the protocol. Given merits of the Khemissa et al.’s protocol, we also improved their protocol in such a way that provides suitable level of security, and also we prove its security using two formal ways, i.e. BAN logic and also the Scyther tool. We also argue informally about the improved protocol’s security.

     

An energy‐aware approach for resource managing in the fog‐based Internet of Things using a hybrid algorithm

Regarding the recent information technology improvement, the fog computing (FC) emergence increases the ability of computational equipment and supplies modern solutions for traditional industrial applications. In the fog environment, Internet of Things (IoT) applications are completed by computing nodes that are intermediate in the fog, and the physical servers in data centers of the cloud. From the other side, because of resource constraints, dynamic nature, resource heterogeneity, and volatility of fog environment, resource management problems must be considered as one of the challenging issues of fog. The resource managing problem is an NP‐hard issue, so, in the current article, a powerful hybrid algorithm for managing resources in FC‐based IoT is proposed using an ant colony optimization (ACO) and a genetic algorithm (GA). GAs are computationally costly because of some problems such as the lack of guarantee for obtaining optimal solutions. Then, the precision and speed of convergence can be optimized by the ACO algorithm. Therefore, the powerful affirmative feedback pros of ACO on the convergence rate is considered. The algorithm uses GA's universal investigation power, and then it is transformed into ACO primary pheromone. This algorithm outperforms ACO and GA under equal conditions, as the simulation experiments showed.     

Survey of Testing Methods and Testbed Development Concerning Internet of Things

The concept of Internet of Things (IoT) was designed to change everyday lives of people via multiple forms of computing and easy deployment of applications. In recent years, the increasing complexity of IoT-ready devices and processes has led to potential risks related to system reliability. Therefore, the comprehensive testing of IoT technology has attracted the attention of many researchers, which promotes the extensive development of IoT testing methods and infrastructure. However, the current research on IoT testing methods and testbeds mainly focuses on specific application scenarios, lacking systematic review and analysis of many applications from different points of view. This paper systematically summarizes the latest testing methods covering different IoT fields and discusses the development status of the existing Internet of things testbed. Findings of this review demonstrate that IoT testing is moving toward larger scale and intelligent testing, and that in near future, IoT test architecture is set to become more standardized and universally applicable with multi-technology convergence—i.e., a combination of big data, cloud computing, and artificial intelligence—being the prime focus of IoT testing.

     

A certificateless signcryption with proxy re-encryption for practical access control in cloud-based reliable smart grid

Cloud computing has proven to be applicable in smart grid systems with the help of the cloud-based Internet of things (IoT) technology. In this concept, IoT is deployed as a front-end enabling the acquisition of smart grid-related data and its outsourcing to the cloud for data storage purposes. It is obvious that data storage is a pertinent service in cloud computing. However, its wide adoption is hindered by the concern of having a secure access to data without a breach on confidentiality and authentication. To address this problem, we propose a novel data access control scheme that simultaneously accomplishes confidentiality and authentication for cloud-based smart grid systems. Our scheme can enable the storing of encrypted smart grid-related data in the cloud. When a user prefers to access the data, the data owner issues a delegation command to the cloud for data re-encryption. The cloud is unable to acquire any plaintext information on the data. Only authorized users are capable of decrypting the data. Moreover, the integrity and authentication of data can only be verified by the authorized user. We obtain the data access control scheme by proposing a pairing free certificateless signcryption with proxy re-encryption (CLS-PRE) scheme. We prove that our CLS-PRE scheme has indistinguishability against adaptive chosen ciphertext attack under the gap Diffie–Hellman problem and existential unforgeability against adaptive chosen message attack under elliptic curve discrete logarithm problem in the random oracle model.