Security of IoT in 5G Cellular Networks: A Review of Current Status, Challenges and Future Directions

The Internet of Things (IoT) refers to a global network that integrates real life physical objects with the virtual world through the Internet for making intelligent decisions. In a pervasive computing environment, thousands of smart devices, that are constrained in storage, battery backup and computational capability, are connected with each other. In such an environment, cellular networks that are evolving from 4G to 5G, are set to play a crucial role. Distinctive features like high bandwidth, wider coverage, easy connectivity, in-built billing mechanism, interface for M2M communication, etc., makes 5G cellular network a perfect candidate to be adopted as a backbone network for the future IoT. However, due to resource constrained nature of the IoT devices, researchers have anticipated several security and privacy issues in IoT deployments over 5G cellular network. Off late, several schemes and protocols have been proposed to handle these issues. This paper performs a comprehensive review of such schemes and protocols proposed in recent times. Different open security issues, challenges and future research direction are also summarized in this review paper

Lightweight identity based online/offline signature scheme for wireless sensor networks

Data security is one of the issues during data exchange between two sensor nodes in wireless sensor networks (WSN). While information flows across naturally exposed communication channels, cybercriminals may access sensitive information. Multiple traditional reliable encryption methods like RSA encryption-decryption and Diffie–Hellman key exchange face a crisis of computational resources due to limited storage, low computational ability, and insufficient power in lightweight WSNs. The complexity of these security mechanisms reduces the network lifespan, and an online/offline strategy is one way to overcome this problem. This study proposed an improved identity-based online/offline signature scheme using Elliptic Curve Cryptography (ECC) encryption. The lightweight calculations were conducted during the online phase, and in the offline phase, the encryption, point multiplication, and other heavy measures were pre-processed using powerful devices. The proposed scheme uniquely combined the Inverse Collusion Attack Algorithm (CAA) with lightweight ECC to generate secure identitybased signatures. The suggested scheme was analyzed for security and success probability under Random Oracle Model (ROM). The analysis concluded that the generated signatures were immune to even the worst Chosen Message Attack. The most important, resource-effective, and extensively used on-demand function was the verification of the signatures. The low-cost verification algorithm of the scheme saved a significant number of valued resources and increased the overall network’s lifespan. The results for encryption/decryption time, computation difficulty, and key generation time for various data sizes showed the proposed solution was ideal for lightweight devices as it accelerated data transmission speed and consumed the least resources. The hybrid method obtained an average of 66.77% less time consumption and up to 12% lower computational cost than previous schemes like the dynamic IDB-ECC two-factor authentication key exchange protocol, lightweight IBE scheme (IDB-Lite), and Korean certification-based signature standard using the ECC. The proposed scheme had a smaller key size and signature size of 160 bits. Overall, the energy consumption was also reduced to 0.53 mJ for 1312 bits of offline storage. The hybrid framework of identity-based signatures, online/offline phases, ECC, CAA, and low-cost algorithms enhances overall performance by having less complexity, time, and memory consumption. Thus, the proposed hybrid scheme is ideally suited for a lightweight WSN

Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions

In recent years, low-carbon transportation has become an indispensable part as sustainable development strategies of various countries, and plays a very important responsibility in promoting low-carbon cities. However, the security of low-carbon transportation has been threatened from various ways. For example, denial of service attacks pose a great threat to the electric vehicles and vehicle-to-grid networks. To minimize these threats, several methods have been proposed to defense against them. Yet, these methods are only for certain types of scenarios or attacks. Therefore, this review addresses security aspect from holistic view, provides the overview, challenges and future directions of cyber security technologies in low-carbon transportation. Firstly, based on the concept and importance of low-carbon transportation, this review positions the low-carbon transportation services. Then, with the perspective of network architecture and communication mode, this review classifies its typical attack risks. The corresponding defense technologies and relevant security suggestions are further reviewed from perspective of data security, network management security and network application security. Finally, in view of the long term development of low-carbon transportation, future research directions have been concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable Energy Review

Protocolos para la seguridad de la información en eHealth: Criptografía en entornos mHeath

Abstract. The advance of technology has brought with it the evolution of tools in various fields, among which the medical field stands out. Today’s medicine has tools that 30 years ago were unthinkable making its functioning completely different. Thanks to this fusion of medicine and technology new terms concerning this symbiosis, such as eHealth or mHealth, may be found in our daily lives. Both users and all the areas that work in the protection and performance of health and safety benefit from it. In this doctoral thesis we have worked in several lines with the aim of improving information security in several mHealth systems trying to make the proposed solutions extrapolable to other environments. Firstly, a tool, supported by an expert system and using identity-based encryption for the protection of patient information, for the diagnosis, treatment and monitoring of children with attention deficit disorder is proposed. Second, a solution focused on geared towards enhancing solutions for two of the fundamental problems of medical data information security: the secure management of patient information and the identification of patients within the hospital environment, is included. The solution proposed for the identification problem is based on the use of NFC bracelets that store an identifier associated with the patient and is generated through an HMAC function. In the third work, the problem of identification is again analyzed, but this time in emergency environments where no stable communication networks are present. It also proposes a system for the classification of victims whose objective is to improve the management of health resources in these scenarios. The fourth contribution is a system for improving the traceability and management of small emergencies and everyday events based on the use of blockchains. To conclude with the contributions of this thesis, a cryptographic scheme which improves security in healthcare devices with little computing capacity is presented. The general aim of this thesis is providing improvements in current medicine through mHealth systems, paying special attention to information security. Specifically, measures for the protection of data integrity, identification, authentication and nonrepudiation of information are included. The completion of this doctoral thesis has been funded through a pre-doctoral FPI grant from the Canary Islands Government.El avance de la tecnología ha traído consigo la evolución de herramientas en diversos ámbitos, entre ellos destaca el de la medicina. La medicina actual posee unas herramientas que hace 30 años eran impensables, lo que hace que su funcionamiento sea completamente diferente. Gracias a esta fusión de medicina y tecnología encontramos en nuestro día a día nuevos términos, como eHealth o mHealth, que hacen referencia a esta simbiosis, en la que se benefician tanto los usuarios, como todas las áreas que trabajan en la protección y actuación de la salud y seguridad de las mismas. En esta tesis doctoral se ha trabajado en varias líneas con el objetivo de mejorar la seguridad de la información en varios sistemas mHealth intentando que las soluciones propuestas sean extrapolables a otros entornos. En primer lugar se propone una herramienta destinada al diagnóstico, tratamiento y monitorización de niños con trastorno de déficit de atención que se apoya en un sistema experto y usa cifrado basado en identidad para la protección de la información de los pacientes. En segundo lugar, se incluye una solución centrada en aportar mejoras en dos de los problemas fundamentales de la seguridad de la información de los datos médicos: la gestión segura de la información de los pacientes y la identificación de los mismos dentro del entorno hospitalario. La solución planteada para el problema de identificación se basa en la utilización de pulseras NFC que almacenan un identificador asociado al paciente y que es generado a través de una función HMAC. En el tercer trabajo se analiza de nuevo el problema de identificación de las personas pero esta vez en entornos de emergencia en los que no se cuenta con redes de comunicaciones estables. Además se propone un sistema de clasificación de víctimas en dichos entornos cuyo objetivo es mejorar la gestión de recursos sanitarios en estos escenarios. Como cuarta aportación se presenta un sistema de mejora de la trazabilidad y de la gestión de pequeñas emergencias y eventos cotidianos basada en el uso de blockchain. Para terminar con las aportaciones de esta tesis, se presenta un esquema criptográfico que mejora los esquemas actuales de seguridad utilizados para dispositivos del entorno sanitario que poseen poca capacidad computacional. La finalidad general perseguida en esta tesis es aportar mejoras al uso de la medicina actual a través de sistemas mHealth en los que se presta especial atención a la seguridad de la información. Concretamente se incluyen medidas para la protección de la integridad de los datos, identificación de personas, autenticación y no repudio de la información. La realización de esta tesis doctoral ha contando con financiación del Gobierno de Canarias a través de una beca predoctoral FPI

Systematic Review of Internet of Things Security

The Internet of Things has become a new paradigm of current communications technology that requires a deeper overview to map its application domains, advantages, and disadvantages. There have been a number of in-depth research efforts to study various aspects of IoT. However, to the best of our knowledge, there is no literature that have discussed specifically and deeply about the security and privacy aspects of IoT. To that end, this paper aims at providing a more comprehensive and systematic review of IoT security based on the survey result of the most recent literature over the past three years (2015 to 2017). We have classified IoT security research based on the research objectives, application domains, vulner-abilities/threats, countermeasures, platforms, proto-cols, and performance measurements. We have also provided some security challenges for further research

A secure and lightweight drones-access protocol for smart city surveillance

The rising popularity of ICT and the Internet has enabled Unmanned Aerial Vehicle (UAV) to offer advantageous assistance to Vehicular Ad-hoc Network (VANET), realizing a relay node's role among the disconnected segments in the road. In this scenario, the communication is done between Vehicles to UAVs (V2U), subsequently transforming into a UAV-assisted VANET. UAV-assisted VANET allows users to access real-time data, especially the monitoring data in smart cities using current mobile networks. Nevertheless, due to the open nature of communication infrastructure, the high mobility of vehicles along with the security and privacy constraints are the significant concerns of UAV-assisted VANET. In these scenarios, Deep Learning Algorithms (DLA) could play an effective role in the security, privacy, and routing issues of UAV-assisted VANET. Keeping this in mind, we have devised a DLA-based key-exchange protocol for UAV-assisted VANET. The proposed protocol extends the scalability and uses secure bitwise XOR operations, one-way hash functions, including user's biometric verification when users and drones are mutually authenticated. The proposed protocol can resist many well-known security attacks and provides formal and informal security under the Random Oracle Model (ROM). The security comparison shows that the proposed protocol outperforms the security performance in terms of running time cost and communication cost and has effective security features compared to other related protocols

Blockchain inspired secure and reliable data exchange architecture for cyber-physical healthcare system 4.0

A cyber-physical system is considered to be a collection of strongly coupled communication systems and devices that poses numerous security trials in various industrial applications including healthcare. The security and privacy of patient data is still a big concern because healthcare data is sensitive and valuable, and it is most targeted over the internet. Moreover, from the industrial perspective, the cyber-physical system plays a crucial role in the exchange of data remotely using sensor nodes in distributed environments. In the healthcare industry, Blockchain technology offers a promising solution to resolve most securities-related issues due to its decentralized, immutability, and transparency properties. In this paper, a blockchain-inspired secure and reliable data exchange architecture is proposed in the cyber-physical healthcare industry 4.0. The proposed system uses the BigchainDB, Tendermint, Inter-Planetary-File-System (IPFS), MongoDB, and AES encryption algorithms to improve Healthcare 4.0. Furthermore, blockchain-enabled secure healthcare architecture for accessing and managing the records between Doctors and Patients is introduced. The development of a blockchain-based Electronic Healthcare Record (EHR) exchange system is purely patient-centric, which means the entire control of data is in the owner's hand which is backed by blockchain for security and privacy. Our experimental results reveal that the proposed architecture is robust to handle more security attacks and can recover the data if 2/3 of nodes are failed. The proposed model is patient-centric, and control of data is in the patient's hand to enhance security and privacy, even system administrators can't access data without user permission