Systematic Review of Internet of Things Security

The Internet of Things has become a new paradigm of current communications technology that requires a deeper overview to map its application domains, advantages, and disadvantages. There have been a number of in-depth research efforts to study various aspects of IoT. However, to the best of our knowledge, there is no literature that have discussed specifically and deeply about the security and privacy aspects of IoT. To that end, this paper aims at providing a more comprehensive and systematic review of IoT security based on the survey result of the most recent literature over the past three years (2015 to 2017). We have classified IoT security research based on the research objectives, application domains, vulner-abilities/threats, countermeasures, platforms, proto-cols, and performance measurements. We have also provided some security challenges for further research

Deniable-Based Privacy-Preserving Authentication Against Location Leakage in Edge Computing

This is the author accepted manuscript. The final version is available from IEEE via the DOI in this recordEdge computing provides cloud services at the edge of the network for Internet of Things (IoT) devices. It aims to address low latency of the network and alleviates data processing of the cloud. This “cloud-edge-device” paradigm brings convenience as well as challenges for location-privacy protection of the IoT. In the edge computing environment, the fixed edge equipment supplies computing services for adjacent IoT devices. Therefore, edge computing suffers location leakage as the connection and authentication records imply the location of IoT devices. This article focuses on the location awareness in the edge computing environment. We adopt the “deniability” of authentication to prevent location leakage when IoT devices connect to the edge nodes. In our solution, an efficient deniable authentication based on a two-user ring signature is constructed. The robustness of authentication makes the fixed edge equipment accept the legal end devices. Besides, the deniability of authentication cannot convince any third party that the fact of this authentication occurred as communication transcript is no longer an evidence for this connection. Therefore, it handles the inherent location risk in edge computing. Compared to efficient deniable authentications, our protocol saves 10.728% and 14.696% computational cost, respectively.Ministry of EducationSichuan Science and Technology ProgramNational Natural Science Foundation of ChinaEuropean Union Horizon 202

On Provable Security for Complex Systems

We investigate the contribution of cryptographic proofs of security to a systematic security engineering process. To this end we study how to model and prove security for concrete applications in three practical domains: computer networks, data outsourcing, and electronic voting. We conclude that cryptographic proofs of security can benefit a security engineering process in formulating requirements, influencing design, and identifying constraints for the implementation