A Comprehensive Survey on the Cooperation of Fog Computing Paradigm-Based IoT Applications: Layered Architecture, Real-Time Security Issues, and Solutions

The Internet of Things (IoT) can enable seamless communication between millions of billions of objects. As IoT applications continue to grow, they face several challenges, including high latency, limited processing and storage capacity, and network failures. To address these stated challenges, the fog computing paradigm has been introduced, purpose is to integrate the cloud computing paradigm with IoT to bring the cloud resources closer to the IoT devices. Thus, it extends the computing, storage, and networking facilities toward the edge of the network. However, data processing and storage occur at the IoT devices themselves in the fog-based IoT network, eliminating the need to transmit the data to the cloud. Further, it also provides a faster response as compared to the cloud. Unfortunately, the characteristics of fog-based IoT networks arise traditional real-time security challenges, which may increase severe concern to the end-users. However, this paper aims to focus on fog-based IoT communication, targeting real-time security challenges. In this paper, we examine the layered architecture of fog-based IoT networks along working of IoT applications operating within the context of the fog computing paradigm. Moreover, we highlight real-time security challenges and explore several existing solutions proposed to tackle these challenges. In the end, we investigate the research challenges that need to be addressed and explore potential future research directions that should be followed by the research community.©2023 The Authors. Published by IEEE. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/fi=vertaisarvioitu|en=peerReviewed

Covert Channels and Anonymous Communication in Ad-hoc Networks

Ad-hoc wireless networks distinguish themselves from their traditional wired counterparts by three unique characteristics: mobility, lack of infrastructure, and shared wireless channel. These properties have gained popularity in various military and civilian applications, but have also introduced challenging problems in terms of ensuring satisfying network performance and network security. Ad hoc networks are a fertile ground for new threats and security problems. We start by demonstrating how new covert attacks can be launched by using the ad hoc network protocols. In particular, nodes in ad-hoc wireless networks have to cooperate with each other in order to accomplish many networking functions such as routing and channel access. We observe that covert information can be conveyed during the cooperation procedure. It is very difficult to eliminate or even detect these covert channels. Simulation results show that performance of these covert channels depends on various network characteristics. Anonymous communication has been considered as one possible way of fighting covert threats. In fact, anonymity and privacy by themselves have attracted intensive attention as important societal issues and desirable security features. One of the key components in most anonymous routing protocols is anonymous trapdoors, for which we propose a new construction scheme based on pairing-based cryptographies. More careful analysis has shown that anonymity could be in conflict with other secure properties and secure mechanisms, such as accountability and intrusion detection. We propose a solution that can flexibly trade off anonymity against accountability according to the needs of individual applications. The basic idea is to distribute the real identity of a given user among a set of pseudonyms in such a way that only a sufficient number of pseudonyms can lead to the recovery of the identity. Users authenticate each other anonymously under pseudonyms. When the number of times a user is caught misbehaving exceeds the threshold, the user's real identity can be recovered from the pseudonyms that had been used. Thus, accountability is enforced. As conclusion, we propose to jointly investigate and incorporate all different secure properties by using various secure mechanisms across multiple protocol layers of the network

Collaboration Enforcement In Mobile Ad Hoc Networks

Mobile Ad hoc NETworks (MANETs) have attracted great research interest in recent years. Among many issues, lack of motivation for participating nodes to collaborate forms a major obstacle to the adoption of MANETs. Many contemporary collaboration enforcement techniques employ reputation mechanisms for nodes to avoid and penalize malicious participants. Reputation information is propagated among participants and updated based on complicated trust relationships to thwart false accusation of benign nodes. The aforementioned strategy suffers from low scalability and is likely to be exploited by adversaries. To address these problems, we first propose a finite state model. With this technique, no reputation information is propagated in the network and malicious nodes cannot cause false penalty to benign hosts. Misbehaving node detection is performed on-demand; and malicious node punishment and avoidance are accomplished by only maintaining reputation information within neighboring nodes. This scheme, however, requires that each node equip with a tamper-proof hardware. In the second technique, no such restriction applies. Participating nodes classify their one-hop neighbors through direct observation and misbehaving nodes are penalized within their localities. Data packets are dynamically rerouted to circumvent selfish nodes. In both schemes, overall network performance is greatly enhanced. Our approach significantly simplifies the collaboration enforcement process, incurs low overhead, and is robust against various malicious behaviors. Simulation results based on different system configurations indicate that the proposed technique can significantly improve network performance with very low communication cost

A comprehensive survey of V2X cybersecurity mechanisms and future research paths

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.This work is supported by the H2020-INSPIRE-5Gplus project (under Grant agreement No. 871808), the ”Ministerio de Asuntos Económicos y Transformacion Digital” and the European Union-NextGenerationEU in the frameworks of the ”Plan de Recuperación, Transformación y Resiliencia” and of the ”Mecanismo de Recuperación y Resiliencia” under references TSI-063000-2021-39/40/41, and the CHIST-ERA-17-BDSI-003 FIREMAN project funded by the Spanish National Foundation (Grant PCI2019-103780).Peer ReviewedPostprint (published version

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs

Optimising routing and trustworthiness of ad hoc networks using swarm intelligence

This thesis was submitted for the degree of Doctor of Philsophy and awarded by Brunel UniversityThis thesis proposes different approaches to address routing and security of MANETs using swarm technology. The mobility and infrastructure-less of MANET as well as nodes misbehavior compose great challenges to routing and security protocols of such a network. The first approach addresses the problem of channel assignment in multichannel ad hoc networks with limited number of interfaces, where stable route are more preferred to be selected. The channel selection is based on link quality between the nodes. Geographical information is used with mapping algorithm in order to estimate and predict the links’ quality and routes life time, which is combined with Ant Colony Optimization (ACO) algorithm to find most stable route with high data rate. As a result, a better utilization of the channels is performed where the throughput increased up to 74% over ASAR protocol. A new smart data packet routing protocol is developed based on the River Formation Dynamics (RFD) algorithm. The RFD algorithm is a subset of swarm intelligence which mimics how rivers are created in nature. The protocol is a distributed swarm learning approach where data packets are smart enough to guide themselves through best available route in the network. The learning information is distributed throughout the nodes of the network. This information can be used and updated by successive data packets in order to maintain and find better routes. Data packets act like swarm agents (drops) where they carry their path information and update routing information without the need for backward agents. These data packets modify the routing information based on different network metrics. As a result, data packet can guide themselves through better routes. In the second approach, a hybrid ACO and RFD smart data packet routing protocol is developed where the protocol tries to find shortest path that is less congested to the destination. Simulation results show throughput improvement by 30% over AODV protocol and 13% over AntHocNet. Both delay and jitter have been improved more than 96% over AODV protocol. In order to overcome the problem of source routing introduced due to the use of the ACO algorithm, a solely RFD based distance vector protocol has been developed as a third approach. Moreover, the protocol separates reactive learned information from proactive learned information to add more reliability to data routing. To minimize the power consumption introduced due to the hybrid nature of the RFD routing protocol, a forth approach has been developed. This protocol tackles the problem of power consumption and adds packets delivery power minimization to the protocol based on RFD algorithm. Finally, a security model based on reputation and trust is added to the smart data packet protocol in order to detect misbehaving nodes. A trust system has been built based on the privilege offered by the RFD algorithm, where drops are always moving from higher altitude to lower one. Moreover, the distributed and undefined nature of the ad hoc network forces the nodes to obligate to cooperative behaviour in order not to be exposed. This system can easily and quickly detect misbehaving nodes according to altitude difference between active intermediate nodes

Intrusion tolerant routing with data consensus in wireless sensor networks

Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaWireless sensor networks (WSNs) are rapidly emerging and growing as an important new area in computing and wireless networking research. Applications of WSNs are numerous, growing, and ranging from small-scale indoor deployment scenarios in homes and buildings to large scale outdoor deployment settings in natural, industrial, military and embedded environments. In a WSN, the sensor nodes collect data to monitor physical conditions or to measure and pre-process physical phenomena, and forward that data to special computing nodes called Syncnodes or Base Stations (BSs). These nodes are eventually interconnected, as gateways, to other processing systems running applications. In large-scale settings, WSNs operate with a large number of sensors – from hundreds to thousands of sensor nodes – organised as ad-hoc multi-hop or mesh networks, working without human supervision. Sensor nodes are very limited in computation, storage, communication and energy resources. These limitations impose particular challenges in designing large scale reliable and secure WSN services and applications. However, as sensors are very limited in their resources they tend to be very cheap. Resilient solutions based on a large number of nodes with replicated capabilities, are possible approaches to address dependability concerns, namely reliability and security requirements and fault or intrusion tolerant network services. This thesis proposes, implements and tests an intrusion tolerant routing service for large-scale dependable WSNs. The service is based on a tree-structured multi-path routing algorithm, establishing multi-hop and multiple disjoint routes between sensors and a group of BSs. The BS nodes work as an overlay, processing intrusion tolerant data consensus over the routed data. In the proposed solution the multiple routes are discovered, selected and established by a self-organisation process. The solution allows the WSN nodes to collect and route data through multiple disjoint routes to the different BSs, with a preventive intrusion tolerance approach, while handling possible Byzantine attacks and failures in sensors and BS with a pro-active recovery strategy supported by intrusion and fault tolerant data-consensus algorithms, performed by the group of Base Stations