Aggregatable Certificateless Designated Verifier Signature

In recent years, the Internet of Things (IoT) devices have become increasingly deployed in many industries and generated a large amount of data that needs to be processed in a timely and efficient manner. Using aggregate signatures, it provides a secure and efficient way to handle large numbers of digital signatures with the same message. Recently, the privacy issue has been concerned about the topic of data sharing on the cloud. To provide the integrity, authenticity, authority, and privacy on the data sharing in the cloud storage, the notion of an aggregatable certificateless designated verifier signature scheme (ACLDVS) was proposed. ACLDVS also is a perfect tool to enable efficient privacy-preserving authentication systems for IoT and or the vehicular ad hoc networks (VANET). Our concrete scheme was proved to be secured underling of the Computational Diffie-Hellman assumption. Compared to other related schemes, our scheme is efficient, and the signature size is considerably short

APEX2S: A Two-Layer Machine Learning Model for Discovery of host-pathogen protein-protein Interactions on Cloud-based Multiomics Data

Presented by the avalanche of biological interactions data, computational biology is now facing greater challenges on big data analysis and solicits more studies to mine and integrate cloud-based multiomics data, especially when the data are related to infectious diseases. Meanwhile, machine learning techniques have recently succeeded in different computational biology tasks. In this article, we have calibrated the focus for host-pathogen protein-protein interactions study, aiming to apply the machine learning techniques for learning the interactions data and making predictions. A comprehensive and practical workflow to harness different cloud-based multiomics data is discussed. In particular, a novel two-layer machine learning model, namely APEX2S, is proposed for discovery of the protein-protein interactions data. The results show that our model can better learn and predict from the accumulated host-pathogen protein-protein interactions

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Post quantum proxy signature scheme based on the multivariate public key cryptographic signature

Proxy signature is a very useful technique which allows the original signer to delegate the signing capability to a proxy signer to perform the signing operation. It finds wide applications especially in the distributed environment where the entities such as the wireless sensors are short of computational power and needed to be convinced to the authenticity of the server. Due to less proxy signature schemes in the post-quantum cryptography aspect, in this article, we investigate the proxy signature in the post-quantum setting so that it can resist against the potential attacks from the quantum adversaries. A general multivariate public key cryptographic proxy scheme based on a multivariate public key cryptographic signature scheme is proposed, and a heuristic security proof is given for our general construction. We show that the construction can reach Existential Unforgeability under an Adaptive Chosen Message Attack with Proxy Key Exposure assuming that the underlying signature is Existential Unforgeability under an Adaptive Chosen Message Attack. We then use our general scheme to construct practical proxy signature schemes for three well-known and promising multivariate public key cryptographic signature schemes. We implement our schemes and compare with several previous constructions to show our efficiency advantage, which further indicates the potential application prospect in the distributed network environment

REISCH: incorporating lightweight and reliable algorithms into healthcare applications of WSNs

Healthcare institutions require advanced technology to collect patients' data accurately and continuously. The tradition technologies still suffer from two problems: performance and security efficiency. The existing research has serious drawbacks when using public-key mechanisms such as digital signature algorithms. In this paper, we propose Reliable and Efficient Integrity Scheme for Data Collection in HWSN (REISCH) to alleviate these problems by using secure and lightweight signature algorithms. The results of the performance analysis indicate that our scheme provides high efficiency in data integration between sensors and server (saves more than 24% of alive sensors compared to traditional algorithms). Additionally, we use Automated Validation of Internet Security Protocols and Applications (AVISPA) to validate the security procedures in our scheme. Security analysis results confirm that REISCH is safe against some well-known attacks

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph

Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

Intégration de la blockchain à l'Internet des objets

L'Internet des objets (IdO) est en train de transformer l'industrie traditionnelle en une industrie intelligente où les décisions sont prises en fonction des données. L'IdO interconnecte de nombreux objets (ou dispositifs) qui effectuent des tâches complexes (e.g., la collecte de données, l'optimisation des services, la transmission de données). Toutefois, les caractéristiques intrinsèques de l'IdO entraînent plusieurs problèmes, tels que la décentralisation, une faible interopérabilité, des problèmes de confidentialité et des failles de sécurité. Avec l'évolution attendue de l'IdO dans les années à venir, il est nécessaire d'assurer la confiance dans cette énorme source d'informations entrantes. La blockchain est apparue comme une technologie clé pour relever les défis de l'IdO. En raison de ses caractéristiques saillantes telles que la décentralisation, l'immuabilité, la sécurité et l'auditabilité, la blockchain a été proposée pour établir la confiance dans plusieurs applications, y compris l'IdO. L'intégration de la blockchain a l'IdO ouvre la porte à de nouvelles possibilités qui améliorent intrinsèquement la fiabilité, la réputation, et la transparence pour toutes les parties concernées, tout en permettant la sécurité. Cependant, les blockchains classiques sont coûteuses en calcul, ont une évolutivité limitée, et nécessitent une bande passante élevée, ce qui les rend inadaptées aux environnements IdO à ressources limitées. L'objectif principal de cette thèse est d'utiliser la blockchain comme un outil clé pour améliorer l'IdO. Pour atteindre notre objectif, nous relevons les défis de la fiabilité des données et de la sécurité de l'IdO en utilisant la blockchain ainsi que de nouvelles technologies émergentes, notamment l'intelligence artificielle (IA). Dans la première partie de cette thèse, nous concevons une blockchain qui garantit la fiabilité des données, adaptée à l'IdO. Tout d'abord, nous proposons une architecture blockchain légère qui réalise la décentralisation en formant un réseau superposé où les dispositifs à ressources élevées gèrent conjointement la blockchain. Ensuite, nous présentons un algorithme de consensus léger qui réduit la puissance de calcul, la capacité de stockage, et la latence de la blockchain. Dans la deuxième partie de cette thèse, nous concevons un cadre sécurisé pour l'IdO tirant parti de la blockchain. Le nombre croissant d'attaques sur les réseaux IdO, et leurs graves effets, rendent nécessaire la création d'un IdO avec une sécurité plus sophistiquée. Par conséquent, nous tirons parti des modèles IA pour fournir une intelligence intégrée dans les dispositifs et les réseaux IdO afin de prédire et d'identifier les menaces et les vulnérabilités de sécurité. Nous proposons un système de détection d'intrusion par IA qui peut détecter les comportements malveillants et contribuer à renforcer la sécurité de l'IdO basé sur la blockchain. Ensuite, nous concevons un mécanisme de confiance distribué basé sur des contrats intelligents de blockchain pour inciter les dispositifs IdO à se comporter de manière fiable. Les systèmes IdO existants basés sur la blockchain souffrent d'une bande passante de communication et d’une évolutivité limitée. Par conséquent, dans la troisième partie de cette thèse, nous proposons un apprentissage machine évolutif basé sur la blockchain pour l'IdO. Tout d'abord, nous proposons un cadre IA multi-tâches qui exploite la blockchain pour permettre l'apprentissage parallèle de modèles. Ensuite, nous concevons une technique de partitionnement de la blockchain pour améliorer l'évolutivité de la blockchain. Enfin, nous proposons un algorithme d'ordonnancement des dispositifs pour optimiser l'utilisation des ressources, en particulier la bande passante de communication.Abstract : The Internet of Things (IoT) is reshaping the incumbent industry into a smart industry featured with data-driven decision making. The IoT interconnects many objects (or devices) that perform complex tasks (e.g., data collection, service optimization, data transmission). However, intrinsic features of IoT result in several challenges, such as decentralization, poor interoperability, privacy issues, and security vulnerabilities. With the expected evolution of IoT in the coming years, there is a need to ensure trust in this huge source of incoming information. Blockchain has emerged as a key technology to address the challenges of IoT. Due to its salient features such as decentralization, immutability, security, and auditability, blockchain has been proposed to establish trust in several applications, including IoT. The integration of IoT and blockchain opens the door for new possibilities that inherently improve trustworthiness, reputation, and transparency for all involved parties, while enabling security. However, conventional blockchains are computationally expensive, have limited scalability, and incur significant bandwidth, making them unsuitable for resource-constrained IoT environments. The main objective of this thesis is to leverage blockchain as a key enabler to improve the IoT. Toward our objective, we address the challenges of data reliability and IoT security using the blockchain and new emerging technologies, including machine learning (ML). In the first part of this thesis, we design a blockchain that guarantees data reliability, suitable for IoT. First, we propose a lightweight blockchain architecture that achieves decentralization by forming an overlay network where high-resource devices jointly manage the blockchain. Then, we present a lightweight consensus algorithm that reduces blockchain computational power, storage capability, and latency. In the second part of this thesis, we design a secure framework for IoT leveraging blockchain. The increasing number of attacks on IoT networks, and their serious effects, make it necessary to create an IoT with more sophisticated security. Therefore, we leverage ML models to provide embedded intelligence in the IoT devices and networks to predict and identify security threats and vulnerabilities. We propose a ML intrusion detection system that can detect malicious behaviors and help further bolster the blockchain-based IoT’s security. Then, we design a distributed trust mechanism based on blockchain smart contracts to incite IoT devices to behave reliably. Existing blockchain-based IoT systems suffer from limited communication bandwidth and scalability. Therefore, in the third part of this thesis, we propose a scalable blockchain-based ML for IoT. First, we propose a multi-task ML framework that leverages the blockchain to enable parallel model learning. Then, we design a blockchain partitioning technique to improve the blockchain scalability. Finally, we propose a device scheduling algorithm to optimize resource utilization, in particular communication bandwidth