Reconfigurable Security: Edge Computing-based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication

Anonymous network access using the digital marketplace

With increasing usage of mobile telephony, and the trend towards additional mobile Internet usage, privacy and anonymity become more and more important. Previously-published anonymous communication schemes aim to obscure their users' network addresses, because real-world identity can be easily be derived from this information. We propose modifications to a novel call-management architecture, the digital marketplace, which will break this link, therefore enabling truly anonymous network access

Augmenting Agent Platforms to Facilitate Conversation Reasoning

Within Multi Agent Systems, communication by means of Agent Communication Languages (ACLs) has a key role to play in the co-operation, co-ordination and knowledge-sharing between agents. Despite this, complex reasoning about agent messaging, and specifically about conversations between agents, tends not to have widespread support amongst general-purpose agent programming languages. ACRE (Agent Communication Reasoning Engine) aims to complement the existing logical reasoning capabilities of agent programming languages with the capability of reasoning about complex interaction protocols in order to facilitate conversations between agents. This paper outlines the aims of the ACRE project and gives details of the functioning of a prototype implementation within the Agent Factory multi agent framework

How to Work with Honest but Curious Judges? (Preliminary Report)

The three-judges protocol, recently advocated by Mclver and Morgan as an example of stepwise refinement of security protocols, studies how to securely compute the majority function to reach a final verdict without revealing each individual judge's decision. We extend their protocol in two different ways for an arbitrary number of 2n+1 judges. The first generalisation is inherently centralised, in the sense that it requires a judge as a leader who collects information from others, computes the majority function, and announces the final result. A different approach can be obtained by slightly modifying the well-known dining cryptographers protocol, however it reveals the number of votes rather than the final verdict. We define a notion of conditional anonymity in order to analyse these two solutions. Both of them have been checked in the model checker MCMAS

Anonymity and Information Hiding in Multiagent Systems

We provide a framework for reasoning about information-hiding requirements in multiagent systems and for reasoning about anonymity in particular. Our framework employs the modal logic of knowledge within the context of the runs and systems framework, much in the spirit of our earlier work on secrecy [Halpern and O'Neill 2002]. We give several definitions of anonymity with respect to agents, actions, and observers in multiagent systems, and we relate our definitions of anonymity to other definitions of information hiding, such as secrecy. We also give probabilistic definitions of anonymity that are able to quantify an observer s uncertainty about the state of the system. Finally, we relate our definitions of anonymity to other formalizations of anonymity and information hiding, including definitions of anonymity in the process algebra CSP and definitions of information hiding using function views.Comment: Replacement. 36 pages. Full version of CSFW '03 paper, submitted to JCS. Made substantial changes to Section 6; added references throughou

Blindspot: Indistinguishable Anonymous Communications

Communication anonymity is a key requirement for individuals under targeted surveillance. Practical anonymous communications also require indistinguishability - an adversary should be unable to distinguish between anonymised and non-anonymised traffic for a given user. We propose Blindspot, a design for high-latency anonymous communications that offers indistinguishability and unobservability under a (qualified) global active adversary. Blindspot creates anonymous routes between sender-receiver pairs by subliminally encoding messages within the pre-existing communication behaviour of users within a social network. Specifically, the organic image sharing behaviour of users. Thus channel bandwidth depends on the intensity of image sharing behaviour of users along a route. A major challenge we successfully overcome is that routing must be accomplished in the face of significant restrictions - channel bandwidth is stochastic. We show that conventional social network routing strategies do not work. To solve this problem, we propose a novel routing algorithm. We evaluate Blindspot using a real-world dataset. We find that it delivers reasonable results for applications requiring low-volume unobservable communication.Comment: 13 Page

A Cloud-based RFID Authentication Protocol with Insecure Communication Channels

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Radio Frequency Identification (RFID) has becomea widespread technology to automatically identify objects and withthe development of cloud computing, cloud-based RFID systemsattract more research these days. Several cloud-based RFIDauthentication protocols have been proposed to address privacyand security properties in the environment where the cloudprovider is untrusted therefore the tag’s data are encrypted andanonymously stored in the cloud database. However, most of thecloud-based RFID authentication protocols assume securecommunication channels between the reader and the cloud server.To protect data transmission between the reader and the cloudserver without any help from a third party, this paper proposes acloud-based RFID authentication protocol with insecurecommunication channels (cloud-RAPIC) between the reader and the cloud server. The cloud-RAPIC protocol preserves tag privacyeven when the tag does not update its identification. The cloudRAPIC protocol has been analyzed using the UPriv model andAVISPA verification tool which have proved that the protocolpreserves tag privacy and protects data secrecy