264 research outputs found
Secure and Efficient Privacy-preserving Authentication Scheme using Cuckoo Filter in Remote Patient Monitoring Network
With the ubiquitous advancement in smart medical devices and systems, the
potential of Remote Patient Monitoring (RPM) network is evolving in modern
healthcare systems. The medical professionals (doctors, nurses, or medical
experts) can access vitals and sensitive physiological information about the
patients and provide proper treatment to improve the quality of life through
the RPM network. However, the wireless nature of communication in the RPM
network makes it challenging to design an efficient mechanism for secure
communication. Many authentication schemes have been proposed in recent years
to ensure the security of the RPM network. Pseudonym, digital signature, and
Authenticated Key Exchange (AKE) protocols are used for the Internet of Medical
Things (IoMT) to develop secure authorization and privacy-preserving
communication. However, traditional authentication protocols face overhead
challenges due to maintaining a large set of key-pairs or pseudonyms results on
the hospital cloud server. In this research work, we identify this research gap
and propose a novel secure and efficient privacy-preserving authentication
scheme using cuckoo filters for the RPM network. The use of cuckoo filters in
our proposed scheme provides an efficient way for mutual anonymous
authentication and a secret shared key establishment process between medical
professionals and patients. Moreover, we identify the misbehaving sensor nodes
using a correlation-based anomaly detection model to establish secure
communication. The security analysis and formal security validation using SPAN
and AVISPA tools show the robustness of our proposed scheme against message
modification attacks, replay attacks, and man-in-the-middle attacks
Recent Developments on Security and Privacy of V2V & V2I Communications: A Literature Review
In the recent years Intelligent Transportation Systems and associated technologies have progressed significantly, including services based on wireless communications between vehicles (V2V) and infrastructure (V2I). In order to increase the trustworthiness of these communications, and convince drivers to adopt the new technologies, specific security and privacy requirements need to be addressed, using Vehicular Ad Hoc Networks (VANETs). To maintain VANET′s security and eliminate possible attacks, mechanisms are to be developed. In this paper, previous researches are reviewed aiming to provide information concerning matches between an attack and a solution in a VANET environment
Secure Authentication and Privacy-Preserving Techniques in Vehicular Ad-hoc NETworks (VANETs)
In the last decade, there has been growing interest in Vehicular Ad Hoc NETworks (VANETs). Today car manufacturers have already started to equip vehicles with sophisticated sensors that can provide many assistive features such as front collision avoidance, automatic lane tracking, partial autonomous driving, suggestive lane changing, and so on. Such technological advancements are enabling the adoption of VANETs not only to provide safer and more comfortable driving experience but also provide many other useful services to the driver as well as passengers of a vehicle. However, privacy, authentication and secure message dissemination are some of the main issues that need to be thoroughly addressed and solved for the widespread adoption/deployment of VANETs. Given the importance of these issues, researchers have spent a lot of effort in these areas over the last decade. We present an overview of the following issues that arise in VANETs: privacy, authentication, and secure message dissemination. Then we present a comprehensive review of various solutions proposed in the last 10 years which address these issues. Our survey sheds light on some open issues that need to be addressed in the future
Contributions to Securing Software Updates in IoT
The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate
Access Control Mechanisms in Named Data Networks:A Comprehensive Survey
Information-Centric Networking (ICN) has recently emerged as a prominent
candidate for the Future Internet Architecture (FIA) that addresses existing
issues with the host-centric communication model of the current TCP/IP-based
Internet. Named Data Networking (NDN) is one of the most recent and active ICN
architectures that provides a clean slate approach for Internet communication.
NDN provides intrinsic content security where security is directly provided to
the content instead of communication channel. Among other security aspects,
Access Control (AC) rules specify the privileges for the entities that can
access the content. In TCP/IP-based AC systems, due to the client-server
communication model, the servers control which client can access a particular
content. In contrast, ICN-based networks use content names to drive
communication and decouple the content from its original location. This
phenomenon leads to the loss of control over the content causing different
challenges for the realization of efficient AC mechanisms. To date,
considerable efforts have been made to develop various AC mechanisms in NDN. In
this paper, we provide a detailed and comprehensive survey of the AC mechanisms
in NDN. We follow a holistic approach towards AC in NDN where we first
summarize the ICN paradigm, describe the changes from channel-based security to
content-based security and highlight different cryptographic algorithms and
security protocols in NDN. We then classify the existing AC mechanisms into two
main categories: Encryption-based AC and Encryption-independent AC. Each
category has different classes based on the working principle of AC (e.g.,
Attribute-based AC, Name-based AC, Identity-based AC, etc). Finally, we present
the lessons learned from the existing AC mechanisms and identify the challenges
of NDN-based AC at large, highlighting future research directions for the
community.Comment: This paper has been accepted for publication by the ACM Computing
Surveys. The final version will be published by the AC
LiS: Lightweight Signature Schemes for continuous message authentication in cyber-physical systems
Agency for Science, Technology and Research (A*STAR) RIE 202
A Holistic Analysis of Internet of Things (IoT) Security : Principles, Practices, and New Perspectives
Peer reviewedPublisher PD
- …