Sparse Signal Processing Concepts for Efficient 5G System Design

As it becomes increasingly apparent that 4G will not be able to meet the emerging demands of future mobile communication systems, the question what could make up a 5G system, what are the crucial challenges and what are the key drivers is part of intensive, ongoing discussions. Partly due to the advent of compressive sensing, methods that can optimally exploit sparsity in signals have received tremendous attention in recent years. In this paper we will describe a variety of scenarios in which signal sparsity arises naturally in 5G wireless systems. Signal sparsity and the associated rich collection of tools and algorithms will thus be a viable source for innovation in 5G wireless system design. We will discribe applications of this sparse signal processing paradigm in MIMO random access, cloud radio access networks, compressive channel-source network coding, and embedded security. We will also emphasize important open problem that may arise in 5G system design, for which sparsity will potentially play a key role in their solution.Comment: 18 pages, 5 figures, accepted for publication in IEEE Acces

Authentication and Authorization Scheme for Various User-Roles and Devices in Smart Grid

The smart grid, as the next generation of the power grid, is characterized by employing many different types of intelligent devices, such as intelligent electronic devices located at substations, smart meters positioned in the home area network, and outdoor field equipment deployed in the fields. Also, there are various users in the smart grid network, including customers, operators, maintenance personnel, and etc., who use these devices for various purposes. Therefore, a secure and efficient mutual authentication and authorization scheme is needed in the smart grid to prevent various insider and outsider attacks on many different devices. In this paper, we propose an authentication and authorization scheme for mitigating outsider and insider threats in the smart grid by verifying the user authorization and performing the user authentication together whenever a user accesses the devices. The proposed scheme computes each user-role dynamically using an attribute-based access control and verifies the identity of user together with the device. Security and performance analysis show that the proposed scheme resists various insider as well as outsider attacks, and is more efficient in terms of communication and computation costs in comparison with the existing schemes. The correctness of the proposed scheme is also proved using BAN-Logic and Proverif

Lightweight mutual authentication and privacy preservation schemes for IOT systems.

Internet of Things (IoT) presents a holistic and transformative approach for providing services in different domains. IoT creates an atmosphere of interaction between humans and the surrounding physical world through various technologies such as sensors, actuators, and the cloud. Theoretically, when everything is connected, everything is at risk. The rapid growth of IoT with the heterogeneous devices that are connected to the Internet generates new challenges in protecting and preserving user’s privacy and ensuring the security of our lives. IoT systems face considerable challenges in deploying robust authentication protocols because some of the IoT devices are resource-constrained with limited computation and storage capabilities to implement the currently available authentication mechanism that employs computationally expensive functions. The limited capabilities of IoT devices raise significant security and privacy concerns, such as ensuring personal information confidentiality and integrity and establishing end-to-end authentication and secret key generation between the communicating device to guarantee secure communication among the communicating devices. The ubiquity nature of the IoT device provides adversaries more attack surfaces which can lead to tragic consequences that can negatively impact our everyday connected lives. According to [1], authentication and privacy protection are essential security requirements. Therefore, there is a critical need to address these rising security and privacy concerns to ensure IoT systems\u27 safety. This dissertation identifies gaps in the literature and presents new mutual authentication and privacy preservation schemes that fit the needs of resource-constrained devices to improve IoT security and privacy against common attacks. This research enhances IoT security and privacy by introducing lightweight mutual authentication and privacy preservation schemes for IoT based on hardware biometrics using PUF, Chained hash PUF, dynamic identities, and user’s static and continuous biometrics. The communicating parties can anonymously communicate and mutually authenticate each other and locally establish a session key using dynamic identities to ensure the user’s unlinkability and untraceability. Furthermore, virtual domain segregation is implemented to apply security policies between nodes. The chained-hash PUF mechanism technique is implemented as a way to verify the sender’s identity. At first, this dissertation presents a framework called “A Lightweight Mutual Authentication and Privacy-Preservation framework for IoT Systems” and this framework is considered the foundation of all presented schemes. The proposed framework integrates software and hardware-based security approaches that satisfy the NIST IoT security requirements for data protection and device identification. Also, this dissertation presents an architecture called “PUF Hierarchal Distributed Architecture” (PHDA), which is used to perform the device name resolution. Based on the proposed framework and PUF architecture, three lightweight privacy-preserving and mutual authentication schemes are presented. The Three different schemes are introduced to accommodate both stationary and mobile IoT devices as well as local and distributed nodes. The first scheme is designed for the smart homes domain, where the IoT devices are stationary, and the controller node is local. In this scheme, there is direct communication between the IoT nodes and the controller node. Establishing mutual authentication does not require the cloud service\u27s involvement to reduce the system latency and offload the cloud traffic. The second scheme is designed for the industrial IoT domain and used smart poultry farms as a use case of the Industrial IoT (IIoT) domain. In the second scheme, the IoT devices are stationary, and the controller nodes are hierarchical and distributed, supported by machine-to-machine (M2M) communication. The third scheme is designed for smart cities and used IoV fleet vehicles as a use case of the smart cities domain. During the roaming service, the mutual authentication process between a vehicle and the distributed controller nodes represented by the Roadside Units (RSUs) is completed through the cloud service that stores all vehicle\u27s security credentials. After that, when a vehicle moves to the proximity of a new RSU under the same administrative authority of the most recently visited RSU, the two RSUs can cooperate to verify the vehicle\u27s legitimacy. Also, the third scheme supports driver static and continuous authentication as a driver monitoring system for the sake of both road and driver safety. The security of the proposed schemes is evaluated and simulated using two different methods: security analysis and performance analysis. The security analysis is implemented through formal security analysis and informal security analysis. The formal analysis uses the Burrows–Abadi–Needham logic (BAN) and model-checking using the automated validation of Internet security protocols and applications (AVISPA) toolkit. The informal security analysis is completed by: (1) investigating the robustness of the proposed schemes against the well-known security attacks and analyze its satisfaction with the main security properties; and (2) comparing the proposed schemes with the other existing authentication schemes considering their resistance to the well-known attacks and their satisfaction with the main security requirements. Both the formal and informal security analyses complement each other. The performance evaluation is conducted by analyzing and comparing the overhead and efficiency of the proposed schemes with other related schemes from the literature. The results showed that the proposed schemes achieve all security goals and, simultaneously, efficiently and satisfy the needs of the resource-constrained IoT devices

ivPair: context-based fast intra-vehicle device pairing for secure wireless connectivity

The emergence of advanced in-vehicle infotainment (IVI) systems, such as Apple CarPlay and Android Auto, calls for fast and intuitive device pairing mechanisms to discover newly introduced devices and make or break a secure, high-bandwidth wireless connection. Current pairing schemes are tedious and lengthy as they typically require users to go through pairing and verification procedures by manually entering a predetermined or randomly generated pin on both devices. This inconvenience usually results in prolonged usage of old pins, significantly degrading the security of network connections. To address this challenge, we propose ivPair, a secure and usable device pairing protocol that extracts an identical pairing pin or fingerprint from vehicle\u27s vibration response caused by various factors such as driver\u27s driving pattern, vehicle type, and road conditions. Using ivPair, users can pair a mobile device equipped with an accelerometer with the vehicle\u27s IVI system or other mobile devices by simply holding it against the vehicle\u27s interior frame. Under realistic driving experiments with various types of vehicles and road conditions, we demonstrate that all passenger-owned devices can expect a high pairing success rate with a short pairing time, while effectively rejecting proximate adversaries attempting to pair with the target vehicle

Time-constrained nature-inspired optimization algorithms for an efficient energy management system in smart homes and buildings

This paper proposes two bio-inspired heuristic algorithms, the Moth-Flame Optimization (MFO) algorithm and Genetic Algorithm (GA), for an Energy Management System (EMS) in smart homes and buildings. Their performance in terms of energy cost reduction, minimization of the Peak to Average power Ratio (PAR) and end-user discomfort minimization are analysed and discussed. Then, a hybrid version of GA and MFO, named TG-MFO (Time-constrained Genetic-Moth Flame Optimization), is proposed for achieving the aforementioned objectives. TG-MFO not only hybridizes GA and MFO, but also incorporates time constraints for each appliance to achieve maximum end-user comfort. Different algorithms have been proposed in the literature for energy optimization. However, they have increased end-user frustration in terms of increased waiting time for home appliances to be switched ON. The proposed TG-MFO algorithm is specially designed for nearly-zero end-user discomfort due to scheduling of appliances, keeping in view the timespan of individual appliances. Renewable energy sources and battery storage units are also integrated for achieving maximum end-user benefits. For comparison, five bio-inspired heuristic algorithms, i.e., Genetic Algorithm (GA), Ant Colony Optimization (ACO), Cuckoo Search Algorithm (CSA), Firefly Algorithm (FA) and Moth-Flame Optimization (MFO), are used to achieve the aforementioned objectives in the residential sector in comparison with TG-MFO. The simulations through MATLAB show that our proposed algorithm has reduced the energy cost up to 32.25% for a single user and 49.96% for thirty users in a residential sector compared to unscheduled load

Älykäs tunnistauminen ja käyttöoikeuksien hallinta monimuotoisessa verkotetussa maailmassa

Our living environments are full of various connected computing devices. These environments in homes, offices, public spaces, transportation etc. are gaining abilities to acquire and apply knowledge about the environment and its users in order to improve users' experience in that environment. However, before smart adaptive solutions can be deployed in critical applications, authentication and authorization mechanisms are needed to provide protection against various security threats. These mechanisms must be able to interoperate and share information with different devices. The thesis focuses to questions on how to facilitate the interoperability of authentication and authorization solutions and how to enable adaptability and smartness of these solutions. To address questions, this thesis explores existing authentication and authorizations solutions. Then the thesis builds new reusable, interoperable, and adaptive security solutions. The smart space concept, based on semantic web technologies and publish-and-subscribe architecture, is recognized as a prominent approach for interoperability. We contribute by proposing solutions, which facilitate implementation of smart access control applications. An essential enabler for smart spaces is a secure platform for information sharing. This platform can be based on various security protocols and frameworks, providing diverse security levels. We survey security-levels and feasibility of some key establishment protocols and solutions for authentication and authorization. We also study ecosystem and adaptation issues as well as design and implement a fine-grained and context-based reusable security model, which enables development of self-configuring and adaptive authorization solutions.Ympäristöt, joissa elämme, ovat täynnä erilaisia verkkolaitteita. Nämä koteihin, toimistoihin, julkisiin tiloihin ja ajoneuvoihin muodostuvat ympäristöt ovat oppimassa hyödyntämään ympäriltä saatavilla olevaa tietoa ja sopeuttamaan toimintaansa parantaakseen käyttäjän kokemusta näistä ympäristössä. Älykkäiden ja sopeutuvien tilojen käyttöönotto kriittisissä sovelluksissa vaatii kuitenkin tunnistautumis- ja käyttöoikeuksien hallintamenetelmiä tietoturvauhkien torjumiseksi. Näiden menetelmien pitää pystyä yhteistoimintaan ja mahdollistaa tiedonvaihto erilaisten laitteiden kanssa. Tämä lisensiaatin tutkimus keskittyy kysymyksiin, kuinka helpottaa tunnistautumis- ja käyttöoikeusratkaisujen yhteensopivuutta ja kuinka mahdollistaa näiden ratkaisujen sopeutumiskyky ja älykäs toiminta. Tutkimuksessa tarkastellaan olemassa olevia menetelmiä. Tämän jälkeen kuvataan toteutuksia uusista tietoturvaratkaisuista, jotka ovat uudelleenkäytettäviä, eri laitteiden kanssa yhteensopivia ja eri vaatimuksiin mukautuvia. Älytilat, jotka perustuvat semanttisten web teknologioiden ja julkaise-ja-tilaa arkkitehtuurin hyödyntämiseen, tunnistetaan työssä lupaavaksi yhteensopivuuden tuovaksi ratkaisuksi. Tutkimus esittää ratkaisuja, jotka helpottavat älykkäiden tunnistautumis- ja käyttöoikeuksien hallintaratkaisujen kehitystä. Oleellinen yhteensopivuuden mahdollistaja on tietoturvallinen yhteensopivuusalusta. Tämä alusta voi perustua erilaisiin avaintenhallinta ja tunnistautumisprotokolliin sekä käyttöoikeuksien hallintakehyksiin. Tutkimuksessa arvioidaan joidenkin olemassa olevien ratkaisujen käytettävyyttä ja tietoturvatasoa. Tutkimuksessa myös tutkitaan ekosysteemi- ja sopeutumiskysymyksiä sekä toteutetaan hienojakoinen ja kontekstiin perustuva uudelleen käytettävä tietoturvamalli, joka mahdollistaa itsesääntyvien ja mukautuvien käyttöoikeuksien hallinta sovellusten toteuttamisen

Lightweight Information Security Methods for Indoor Wireless Body Area Networks: from Channel Modeling to Secret Key Extraction

A group of wirelessly communicating sensors that are placed inside, on or around a human body constitute a Wireless Body Area Network (WBAN). Continuous monitoring of vital signs through WBANs have a potential to revolutionize current health care services by reducing the cost, improving accessibility, and facilitating medical diagnosis. However, sensitive nature of personal health data requires WBANs to integrate appropriate security methods and practices. As limited hardware resources make conventional security measures inadequate in a WBAN context, this work is focused on alternative techniques based on Wireless Physical Layer Security (WPLS). More specifically, we introduce a symbiosis of WPLS and Compressed Sensing to achieve security at the time of sampling. We successfully show how the proposed framework can be applied to electrocardiography data saving significant computational and memory resources. In the scenario when a WBAN Access Point can make use of diversity methods in the form of Switch-and-Stay Combining, we demonstrate that output Signal-to-Noise Ratio (SNR) and WPLS key extraction rate are optimized at different switching thresholds. Thus, the highest key rate may result in significant loss of output SNR. In addition, we also show that the past WBAN off-body channel models are insufficient when the user exhibits dynamic behavior. We propose a novel Rician based off-body channel model that can naturally reflect body motion by randomizing Rician factor K and considering small and large scale fading to be related. Another part of our investigation provides implications of user\u27s dynamic behavior on shared secret generation. In particular, we reveal that body shadowing causes negative correlation of the channel exposing legitimate participants to a security threat. This threat is analyzed from a qualitative and quantitative perspective of a practical secret key extraction algorithm