Systematic Review on Security and Privacy Requirements in Edge Computing: State of the Art and Future Research Opportunities

Edge computing is a promising paradigm that enhances the capabilities of cloud computing. In order to continue patronizing the computing services, it is essential to conserve a good atmosphere free from all kinds of security and privacy breaches. The security and privacy issues associated with the edge computing environment have narrowed the overall acceptance of the technology as a reliable paradigm. Many researchers have reviewed security and privacy issues in edge computing, but not all have fully investigated the security and privacy requirements. Security and privacy requirements are the objectives that indicate the capabilities as well as functions a system performs in eliminating certain security and privacy vulnerabilities. The paper aims to substantially review the security and privacy requirements of the edge computing and the various technological methods employed by the techniques used in curbing the threats, with the aim of helping future researchers in identifying research opportunities. This paper investigate the current studies and highlights the following: (1) the classification of security and privacy requirements in edge computing, (2) the state of the art techniques deployed in curbing the security and privacy threats, (3) the trends of technological methods employed by the techniques, (4) the metrics used for evaluating the performance of the techniques, (5) the taxonomy of attacks affecting the edge network, and the corresponding technological trend employed in mitigating the attacks, and, (6) research opportunities for future researchers in the area of edge computing security and privacy

Lightweight ECC Based Multifactor Authentication Protocol (LEMAP) for Device to Device Cellular Network

Device to Device (D2D) communication is a type of technology where two devices can communicate directly with each other without the need to contact Base Station or any central infrastructure. With emerging of Long Term Evaluation (LTE) and Fifth Generation (5G) technology, D2D has gained a lot of attention for communication between closely located mobile devices for offering high speed, energy efficiency, throughput, less delay, and efficient spectrum usage. D2D has changed recent wireless networks with new trends as D2D can play a vital role in sharing resources by load off the network in local areas by direct communication between devices and useful in natural disasters where BS is destroyed. D2D has revolutionized the direct communication as it is a basis for 5G network. D2D allows miniature devices like cell phone, tablets and radio devices to work as Non-Transparent Relays (NTR) where they can provide services as well as forward traffic, request services by direct communication without the need of Base Station (BS) or central network infrastructure. Multi-hop D2D can be used for peer-to-peer communication or even access to cellular networks. This concept of multihop D2D communication has introduced a number of issues and challenges that were not prevalent in traditional current cellular communication. One of the major issues in D2D is security that is required in D2D communication to transmit information securely over non secure channel. The major challenge when considering security is that current established security techniques cannot be modified as security-requiring devices are miniature with restricted processing and storage or are constrained by power and bandwidth issues. Another issue is that how devices can get secure mutual authentication for secure communication. To tackle these issues, a lightweight multifactor authentication scheme that allows multihop secure communication over open channel is designed called as Lightweight ECC based Multifactor Authentication Protocol (LEMAP) in multihop D2D communication. Formal analysis of scheme is performed using well known BAN Logic method which is used to check correctness of protocol. The formal analysis of LEMAP proves that it can mitigate replay attack, Man-in-the-Middle (MITM) attack, Rogue device attack, Denial of Service (DoS) attack, timestamp exploitation attack, impersonation attack and masquerading attack. LEMAP also achieves security requirements confidentiality, integrity, privacy, non-repudiation, secure mutual authentication and anonymity. The communication cost and computational overhead of benchmark protocols and the proposed scheme LEMAP are also calculated. The results show that LEMAP is 6%-28% percent stronger than the selected benchmark algorithms such as 2PAKEP, Chaotic based authentication and TwoFactor authentication protocol. Additionally, LEMAP provides additional security by using trust validation, double hashing, and reduced authentication overhead. Discrete logarithm analysis shows that LEMAP is more secure compared to current security algorithms or current security algos are used as attacks against LEMAP. LEMAP is a lightweight and flexible scheme which can be used in 5G as well as multihop D2D communication to provide secure communication environment. Keywords: D2D security, multihop D2D security, multi factor, light-weight security, EC

Security, usability, and biometric authentication scheme for electronic voting using multiple keys

We propose electronic voting authentication scheme, which is a key management mechanism for electronic voting system intended to limit the number of attacks on a polling station and strengthen the security control. The motivation is to diversify security requirements of messages exchanged between polling stations. There are different types of messages exchanged between polling stations and each type of message has different security needs. A security mechanism developed on the basis of a single key is not enough to ensure the diverse security needs of voting network. In electronic voting authentication scheme, every polling station is responsible to support three different types of keys. These are global key, pairwise key, and individual key. The global keys are public keys shared with all polling stations in the voting network. The pairwise key can be used for communication with polling stations. Individual keys will be used for communication with the server. To ensure authentication of local broadcast, electronic voting authentication scheme uses one-way key chains in a well-organized way. The support of source authentication is a visible advantage of this scheme. We examine the authentication of electronic voting authentication scheme on numerous attack models. The measurement demonstrates that electronic voting authentication scheme is very operative in protecting against numerous elegant attacks such as wormhole attack, Sybil attack, and HELLO Flood attack. The proposed system is evaluated and the results demonstrate that the proposed system is practical and secure as compared to the direct recording electronic and manual systems

A Survey on Lightweight Entity Authentication with Strong PUFs

Physically unclonable functions (PUFs) exploit the unavoidable manufacturing variations of an integrated circuit (IC). Their input-output behavior serves as a unique IC \u27fingerprint\u27. Therefore, they have been envisioned as an IC authentication mechanism, in particular the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In this work, we review nineteen proposals in chronological order: from the original strong PUF proposal (2001) to the more complicated noise bifurcation and system of PUFs proposals (2014). The assessment is aided by a unied notation and a transparent framework of PUF protocol requirements

Towards Secure Identity-Based Cryptosystems for Cloud Computing

The convenience provided by cloud computing has led to an increasing trend of many business organizations, government agencies and individual customers to migrate their services and data into cloud environments. However, once clients’ data is migrated to the cloud, the overall security control will be immediately shifted from data owners to the hands of service providers. When data owners decide to use the cloud environment, they rely entirely on third parties to make decisions about their data and, therefore, the main challenge is how to guarantee that the data is accessible by data owners and authorized users only. Remote user authentication to cloud services is traditionally achieved using a combination of ID cards and passwords/PINs while public key infrastructure and symmetric key encryptions are still the most common techniques for enforcing data security despite the missing link between the identity of data owners and the cryptographic keys. Furthermore, the key management in terms of the generation, distribution, and storage are still open challenges to traditional public-key systems. Identity-Based Cryptosystems (IBCs) are new generations of public key encryptions that can potentially solve the problems associated with key distribution in public key infrastructure in addition to providing a clear link between encryption keys and the identities of data owners. In IBCs, the need for pre-distributed keys before any encryption/decryption will be illuminated, which gives a great deal of flexibility required in an environment such as the cloud. Fuzzy identity-based cryptosystems are promising extensions of IBCs that rely on biometric modalities in generating the encryption and decryption keys instead of traditional identities such as email addresses. This thesis argues that the adoption of fuzzy identity-based cryptosystems seems an ideal option to secure cloud computing after addressing a number of vulnerabilities related to user verification, key generation, and key validation stages. The thesis is mainly concerned with enhancing the security and the privacy of fuzzy identity-based cryptosystems by proposing a framework with multiple security layers. The main contributions of the thesis can be summarised as follows. 1. Improving user verification based on using a Challenge-Response Multifactor Biometric Authentication (CR-MFBA) in fuzzy identity-based cryptosystems that reduce the impacts of impersonators attacks. 2. Reducing the dominance of the “trusted authority” in traditional fuzzy identity-based cryptosystems by making the process of generating the decryption keys a cooperative process between the trusted authority server and data owners. This leads to shifting control over the stored encrypted data from the trusted authority to the data owners. 3. Proposing a key-validity method that relies on employing the Shamir Secret Sharing, which also contributes to giving data owners more control over their data. 4. Further improving the control of data owners in fuzzy identity-based cryptosystems by linking the decryption keys parameters with their biometric modalities. 5. Proposing a new asymmetric key exchange protocol based on utilizing the scheme of fuzzy identity-based cryptosystems to shared encrypted data stored on cloud computing

Design and Analysis of Lightweight Authentication Protocol for Securing IoD

The Internet-of-drones (IoD) environment is a layered network control architecture designed to maintain, coordinate, access, and control drones (or Unmanned Aerial vehicles UAVs) and facilitate drones' navigation services. The main entities in IoD are drones, ground station, and external user. Before operationalizing a drone in IoD, a control infrastructure is mandatory for securing its open network channel (Flying Ad Hoc Networks FANETs). An attacker can easily capture data from the available network channel and use it for their own purpose. Its protection is challenging, as it guarantees message integrity, non-repudiation, authenticity, and authorization amongst all the participants. Incredibly, without a robust authentication protocol, the task is sensitive and challenging one to solve. This research focus on the security of the communication path between drone and ground station and solving the noted vulnerabilities like stolen-verifier, privileged-insider attacks, and outdated-data-transmission/design flaws often reported in the current authentication protocols for IoD. We proposed a hash message authentication code/secure hash algorithmic (HMACSHA1) based robust, improved and lightweight authentication protocol for securing IoD. Its security has been verified formally using Random Oracle Model (ROM), ProVerif2.02 and informally using assumptions and pragmatic illustration. The performance evaluation proved that the proposed protocol is lightweight compared to prior protocols and recommended for implementation in the real-world IoD environment.Qatar University [IRCC-2021-010]