A Computationally Efficient Online/Offline Signature Scheme for Underwater Wireless Sensor Networks

Underwater wireless sensor networks (UWSNs) have emerged as the most widely used wireless network infrastructure in many applications. Sensing nodes are frequently deployed in hostile aquatic environments in order to collect data on resources that are severely limited in terms of transmission time and bandwidth. Since underwater information is very sensitive and unique, the authentication of users is very important to access the data and information. UWSNs have unique communication and computation needs that are not met by the existing digital signature techniques. As a result, a lightweight signature scheme is required to meet the communication and computa‑ tion requirements. In this research, we present a Certificateless Online/Offline Signature (COOS) mechanism for UWSNs. The proposed scheme is based on the concept of a hyperelliptic curves cryptosystem, which offers the same degree of security as RSA, bilinear pairing, and elliptic curve cryptosystems (ECC) but with a smaller key size. In addition, the proposed scheme was proven secure in the random oracle model under the hyperelliptic curve discrete logarithm problem. A se‑ curity analysis was also carried out, as well as comparisons with appropriate current online/offline signature schemes. The comparison demonstrated that the proposed scheme is superior to the exist‑ ing schemes in terms of both security and efficiency. Additionally, we also employed the fuzzy‑based Evaluation‑based Distance from Average Solutions (EDAS) technique to demonstrate the effective‑ ness of the proposed scheme.publishedVersio

A Content Poisoning Attack Detection and Prevention System in Vehicular Named Data Networking

Named data networking (NDN) is gaining momentum in vehicular ad hoc networks (VANETs) thanks to its robust network architecture. However, vehicular NDN (VNDN) faces numerous challenges, including security, privacy, routing, and caching. Specifically, the attackers can jeopardize vehicles’ cache memory with a Content Poisoning Attack (CPA). The CPA is the most difficult to identify because the attacker disseminates malicious content with a valid name. In addition, NDN employs request–response-based content dissemination, which is inefficient in supporting push-based content forwarding in VANET. Meanwhile, VNDN lacks a secure reputation management system. To this end, our contribution is three-fold. We initially propose a threshold-based content caching mechanism for CPA detection and prevention. This mechanism allows or rejects host vehicles to serve content based on their reputation. Secondly, we incorporate a blockchain system that ensures the privacy of every vehicle at roadside units (RSUs). Finally, we extend the scope of NDN from pull-based content retrieval to push-based content dissemination. The experimental evaluation results reveal that our proposed CPA detection mechanism achieves a 100% accuracy in identifying and preventing attackers. The attacker vehicles achieved a 0% cache hit ratio in our proposed mechanism. On the other hand, our blockchain results identified tempered blocks with 100% accuracy and prevented them from storing in the blockchain network. Thus, our proposed solution can identify and prevent CPA with 100% accuracy and effectively filters out tempered blocks. Our proposed research contribution enables the vehicles to store and serve trusted content in VNDN

Challenges in Blockchain as a Solution for IoT Ecosystem Threats and Access Control: A Survey

The Internet of Things (IoT) is increasingly influencing and transforming various aspects of our daily lives. Contrary to popular belief, it raises security and privacy issues as it is used to collect data from consumers or automated systems. Numerous articles are published that discuss issues like centralised control systems and potential alternatives like integration with blockchain. Although a few recent surveys focused on the challenges and solutions facing the IoT ecosystem, most of them did not concentrate on the threats, difficulties, or blockchain-based solutions. Additionally, none of them focused on blockchain and IoT integration challenges and attacks. In the context of the IoT ecosystem, overall security measures are very important to understand the overall challenges. This article summarises difficulties that have been outlined in numerous recent articles and articulates various attacks and security challenges in a variety of approaches, including blockchain-based solutions and so on. More clearly, this contribution consolidates threats, access control issues, and remedies in brief. In addition, this research has listed some attacks on public blockchain protocols with some real-life examples that can guide researchers in taking preventive measures for IoT use cases. Finally, a future research direction concludes the research gaps by analysing contemporary research contributions

Cryptanalysis of an online/offline certificateless signature scheme for Internet of Health Things

Recently, Khan et al. [An online-offline certificateless signature scheme for internet of health things,” Journal of Healthcare Engineering, vol. 2020] presented a new certificateless offline/online signature scheme for Internet of Health Things (IoHT) to fulfill the authenticity requirements of the resource-constrained environment of (IoHT) devices. The authors claimed that the newly proposed scheme is formally secured against Type-I adversary under the Random Oracle Model (ROM). Unfortunately, their scheme is insecure against adaptive chosen message attacks. It is demonstrated that an adversary can forge a valid signature on a message by replacing the public key. Furthermore, we performed a comparative analysis of the selective parameters including computation time, communication overhead, security, and formal proof by employing Evaluation based on Distance from Average Solution (EDAS). The analysis shows that the designed scheme of Khan et al. doesn’t have any sort of advantage over the previous schemes. Though, the authors utilized a lightweight hyperelliptic curve cryptosystem with a smaller key size of 80-bits. Finally, we give some suggestions on the construction of a concrete security scheme under ROM

A comprehensive survey of V2X cybersecurity mechanisms and future research paths

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.This work is supported by the H2020-INSPIRE-5Gplus project (under Grant agreement No. 871808), the ”Ministerio de Asuntos Económicos y Transformacion Digital” and the European Union-NextGenerationEU in the frameworks of the ”Plan de Recuperación, Transformación y Resiliencia” and of the ”Mecanismo de Recuperación y Resiliencia” under references TSI-063000-2021-39/40/41, and the CHIST-ERA-17-BDSI-003 FIREMAN project funded by the Spanish National Foundation (Grant PCI2019-103780).Peer ReviewedPostprint (published version

BC4LLM: Trusted Artificial Intelligence When Blockchain Meets Large Language Models

In recent years, artificial intelligence (AI) and machine learning (ML) are reshaping society's production methods and productivity, and also changing the paradigm of scientific research. Among them, the AI language model represented by ChatGPT has made great progress. Such large language models (LLMs) serve people in the form of AI-generated content (AIGC) and are widely used in consulting, healthcare, and education. However, it is difficult to guarantee the authenticity and reliability of AIGC learning data. In addition, there are also hidden dangers of privacy disclosure in distributed AI training. Moreover, the content generated by LLMs is difficult to identify and trace, and it is difficult to cross-platform mutual recognition. The above information security issues in the coming era of AI powered by LLMs will be infinitely amplified and affect everyone's life. Therefore, we consider empowering LLMs using blockchain technology with superior security features to propose a vision for trusted AI. This paper mainly introduces the motivation and technical route of blockchain for LLM (BC4LLM), including reliable learning corpus, secure training process, and identifiable generated content. Meanwhile, this paper also reviews the potential applications and future challenges, especially in the frontier communication networks field, including network resource allocation, dynamic spectrum sharing, and semantic communication. Based on the above work combined and the prospect of blockchain and LLMs, it is expected to help the early realization of trusted AI and provide guidance for the academic community

A Novel Digital Signature Scheme for Advanced Asymmetric Encryption Techniques

Digital signature schemes are practical mechanisms for achieving message integrity, authenticity, and non-repudiation. Several asymmetric encryption techniques have been proposed in the literature, each with its proper limitations. RSA and El Gamal prove their robustness, but are unsuitable in several domains due to their computational complexity. Other asymmetric encryption schemes have been proposed to provide a cloud homomorphic encryption service, where the researchers focused only on how to ensure the homomorphic property. This paper proposes a new digital signature scheme dedicated to a family of encryption techniques. The proposal consists of two parts: the first focused on the secret key, and the second focused on the public key. Signature validity checking was performed by multiplying these two parts to reform again the sender’s public key, then comparing the result with the decrypted message. The validation of the decrypted message guarantees data integrity, where the signer public key is used to ensure authenticity. The proposed scheme takes a shorter execution time for the entire signature operation, including signing and verification, compared to other modern techniques. The analysis showed its robustness against private key recovery and forgery attacks. The implementation results of the proposed scheme showed promising performance in terms of complexity and robustness. The results confirmed that the proposed scheme is efficient and effective for signature generation and verification

Secure and Efficient Federated Learning in Edge Computing

Federated Learning (FL) has emerged as a promising paradigm for privacy-preserving Machine Learning (ML). It enables distributed end devices (clients) to collaboratively train a shared global model without exposing their local data. However, FL typically assumes that all clients are benign and trust the coordinating central server, which is unrealistic for many real-world scenarios. In practice, clients can harm the FL process by sharing poisonous model updates (known as poisoning attack) or sending counterfeit yet harmless parameters to the central server to obtain the trained global model without actual contribution (known as free-riding attack), while the central server could malfunction or misbehave. Moreover, the deployment of FL for real-world applications is hindered by the high communication overhead between the server and clients that are often at the network edge with limited bandwidth. This thesis aims to develop novel FL approaches toward secure and efficient FL in edge computing. First, a novel lightweight blockchain-based FL framework is devised to mitigate the single point of failure of traditional FL. This is achieved by removing the centralized model aggregation to the distributed blockchain nodes. Incorporating the Inter-Planetary File System and Verifiable Random Function, the proposed framework is energy-efficient and scalable with the blockchain network size. Next, a secure and efficient federated edge learning system is proposed, based on the developed blockchain-based FL framework, with a communication-efficient training scheme to reduce the communication cost of clients and a secure model aggregation protocol to build defense against poisoning attacks. Then, an original Shapley value-based defense mechanism is designed to further enhance the robustness of FL, not only against adversarial poisoning attack but also the stealthy free-riding attack. Extensive experiments show that the proposed approach can detect typical free-riding attacks with high precision and is resistant to poisoning attacks launched by adversarial clients

Navigating the IoT landscape: Unraveling forensics, security issues, applications, research challenges, and future

Given the exponential expansion of the internet, the possibilities of security attacks and cybercrimes have increased accordingly. However, poorly implemented security mechanisms in the Internet of Things (IoT) devices make them susceptible to cyberattacks, which can directly affect users. IoT forensics is thus needed for investigating and mitigating such attacks. While many works have examined IoT applications and challenges, only a few have focused on both the forensic and security issues in IoT. Therefore, this paper reviews forensic and security issues associated with IoT in different fields. Future prospects and challenges in IoT research and development are also highlighted. As demonstrated in the literature, most IoT devices are vulnerable to attacks due to a lack of standardized security measures. Unauthorized users could get access, compromise data, and even benefit from control of critical infrastructure. To fulfil the security-conscious needs of consumers, IoT can be used to develop a smart home system by designing a FLIP-based system that is highly scalable and adaptable. Utilizing a blockchain-based authentication mechanism with a multi-chain structure can provide additional security protection between different trust domains. Deep learning can be utilized to develop a network forensics framework with a high-performing system for detecting and tracking cyberattack incidents. Moreover, researchers should consider limiting the amount of data created and delivered when using big data to develop IoT-based smart systems. The findings of this review will stimulate academics to seek potential solutions for the identified issues, thereby advancing the IoT field.Comment: 77 pages, 5 figures, 5 table