BLA2C2: Design of a Novel Blockchain-based Light-Weight Authentication & Access Control Layer for Cloud Deployments

Cloud deployments are consistently under attack, from both internal and external adversaries. These attacks include, but are not limited to brute force, masquerading, improper access, session hijacking, cross site scripting (XSS), etc. To mitigate these attacks, a wide variety of authentication & access control models are proposed by researchers, and each of them vary in terms of their internal implementation characteristics. It was observed that these models are either highly complex, or lack in terms of security under multiple attacks, which limits their applicability for real-time deployments. Moreover, some of these models are not flexible and cannot be deployed under dynamic cloud scenarios (like constant reconfigurations of Virtual Machines, dynamic authentication use-cases, etc.). To overcome these issues, this text proposes design of a novel blockchain-based Light-weight authentication & access control layer that can be used for dynamic cloud deployments. The proposed model initially applies a header-level light-weight sanitization layer that removes Cross Site Scripting, SQL Injection, and other data-level attacks. This is followed by a light-weight authentication layer, that assists in improving login-level security for external attacks. The authentication layer uses IP matching with reverse geolocation mapping in order to estimate outlier login attempts. This layer is cascaded with an efficient blockchain-based access control model, which assists in mitigating session hijacking, masquerading, sybil and other control-level attacks. The blockchain model is developed via integration of Grey Wolf Optimization (GWO) to reduce unnecessary complexities, and provides faster response when compared with existing blockchain-based security deployments. Efficiency of the model was estimated in terms of accuracy of detection for different attack types, delay needed for detection of these attacks, and computational complexity during attack mitigation operations. This performance was compared with existing models, and it was observed that the proposed model showcases 8.3% higher accuracy, with 10.5% lower delay, and 5.9% lower complexity w.r.t. standard blockchain-based & other security models. Due to these enhancements, the proposed model was capable of deployment for a wide variety of large-scale scenarios

Smart and Secure CAV Networks Empowered by AI-Enabled Blockchain: Next Frontier for Intelligent Safe-Driving Assessment

Securing safe-driving for connected and autonomous vehicles (CAVs) continues to be a widespread concern despite various sophisticated functions delivered by artificial intelligence for in-vehicle devices. Besides, diverse malicious network attacks become ubiquitous along with the worldwide implementation of the Internet of Vehicles, which exposes a range of reliability and privacy threats for managing data in CAV networks. Combined with the fact that the capability of existing CAVs in handling intensive computation tasks is limited, this implies a need for designing an efficient assessment system to guarantee autonomous driving safety without compromising data security. Motivated by this, in this article, we propose a novel framework, namely Blockchain-enabled intElligent Safe-driving assessmenT (BEST), that offers a smart and reliable approach for conducting safe driving supervision while protecting vehicular information. Specifically, a promising solution that exploits a long short-term memory model is introduced to assess the safety level of the moving CAVs. Then, we investigate how a distributed blockchain obtains adequate trustworthiness and robustness for CAV data by adopting a byzantine fault tolerance-based delegated proof-of-stake consensus mechanism. Simulation results demonstrate that our presented BEST gains better data credibility with a higher prediction accuracy for vehicular safety assessment when compared with existing schemes. Finally, we discuss several open challenges that need to be addressed in future CAV networks.Comment: 8 pages, 6 figures. This paper has been accepted for publication by IEEE Networ

Evaluation of (De-)Centralized IT technologies in the fields of Cyber-Physical Production Systems

In the course of the digital transformation, organizations are not only facing increasing volatility of the markets, but also increasing customer requirements and thus an increasing complexity in production and logistics systems. Therefore, production plants need to become more flexible by transforming conventional production systems to Cyber-physical Production Systems (CPPS). CPPS allow organizations to dynamically react to fluctuations in demand and markets and to introduce new product lines quickly and effectively. The challenge in implementing CPPS is to handle and store relevant data streams between Cyber-physical objects in a secure but transparent way. As CPPS involve a high level of decentralization, the data storage can either be combined with centralized IT-solutions like a Cloud or utilize decentralized IT-technologies like Edge Computing or Distributed Ledger Technologies (DLT) like Blockchains. The paper addresses the suitability of centralized and decentralized technologies in terms of dealing with data streams in the fields of CPPS. For this purpose, based on a paper exploration, appropriate evaluation criteria are derived, followed by a comparison of exemplary centralized and decentralized technologies. The outcome is a qualitative evaluation of the supplement of each technology regarding its suitability of dealing with data streams

A Review of IoT Security and Privacy Using Decentralized Blockchain Techniques

IoT security is one of the prominent issues that has gained significant attention among the researchers in recent times. The recent advancements in IoT introduces various critical security issues and increases the risk of privacy leakage of IoT data. Implementation of Blockchain can be a potential solution for the security issues in IoT. This review deeply investigates the security threats and issues in IoT which deteriorates the effectiveness of IoT systems. This paper presents a perceptible description of the security threats, Blockchain based solutions, security characteristics and challenges introduced during the integration of Blockchain with IoT. An analysis of different consensus protocols, existing security techniques and evaluation parameters are discussed in brief. In addition, the paper also outlines the open issues and highlights possible research opportunities which can be beneficial for future research

Re-Encryption-Based Key Management Towards Secure and Scalable Mobile Applications in Clouds

Cloud computing confers strong economic advantages, but many clients are reluctant to implicitly trust a third-party cloud provider. To address these security concerns, data may be transmitted and stored in encrypted form. Major challenges exist concerning the aspects of the generation, distribution, and usage of encryption keys in cloud systems, such as the safe location of keys, and serving the recent trend of users that tend to connect to contemporary cloud applications using resource-constrained mobile devices in extremely large numbers simultaneously; these characteristics lead to difficulties in achieving efficient and highly scalable key management. In this work, a model for key distribution based on the principle of dynamic data re-encryption is applied to a cloud computing system in a unique way to address the demands of a mobile device environment, including limitations on client wireless data usage, storage capacity, processing power, and battery life. The proposed cloud-based re-encryption model is secure, efficient, and highly scalable in a cloud computing context, as keys are managed by the client for trust reasons, processor-intensive data re-encryption is handled by the cloud provider, and key redistribution is minimized to conserve communication costs on mobile devices. A versioning history mechanism effectively manages keys for a continuously changing user population. Finally, an implementation on commercial mobile and cloud platforms is used to validate the performance of the model

Blockchain-based multi-authority revocable data sharing scheme in smart grid

In view of the problems of inefficient data encryption, non-support of malicious user revocation and data integrity checking in current smart grid data sharing schemes, this paper proposes a blockchain-based multi-authority revocable data sharing scheme in the smart grid. Using online/offline encryption technology with hybrid encryption technology enhances the encryption performance for the data owner. The use of user binary tree technology enables the traceability and revocability of malicious users. The introduction of multiple attribute authorization authorities eliminates the threat of collusive attacks that exist in traditional data-sharing schemes. In addition, the semi-honest problem of third-party servers is solved by uploading data verification credentials to the blockchain. The security analysis results show that the scheme can resist selective plaintext attacks and collusion attacks. The performance analysis results show that the proposed scheme has lower computational overhead and better functionality than similar schemes, which is suitable for secure data sharing in smart grids