Lightweight identity based online/offline signature scheme for wireless sensor networks

Data security is one of the issues during data exchange between two sensor nodes in wireless sensor networks (WSN). While information flows across naturally exposed communication channels, cybercriminals may access sensitive information. Multiple traditional reliable encryption methods like RSA encryption-decryption and Diffie–Hellman key exchange face a crisis of computational resources due to limited storage, low computational ability, and insufficient power in lightweight WSNs. The complexity of these security mechanisms reduces the network lifespan, and an online/offline strategy is one way to overcome this problem. This study proposed an improved identity-based online/offline signature scheme using Elliptic Curve Cryptography (ECC) encryption. The lightweight calculations were conducted during the online phase, and in the offline phase, the encryption, point multiplication, and other heavy measures were pre-processed using powerful devices. The proposed scheme uniquely combined the Inverse Collusion Attack Algorithm (CAA) with lightweight ECC to generate secure identitybased signatures. The suggested scheme was analyzed for security and success probability under Random Oracle Model (ROM). The analysis concluded that the generated signatures were immune to even the worst Chosen Message Attack. The most important, resource-effective, and extensively used on-demand function was the verification of the signatures. The low-cost verification algorithm of the scheme saved a significant number of valued resources and increased the overall network’s lifespan. The results for encryption/decryption time, computation difficulty, and key generation time for various data sizes showed the proposed solution was ideal for lightweight devices as it accelerated data transmission speed and consumed the least resources. The hybrid method obtained an average of 66.77% less time consumption and up to 12% lower computational cost than previous schemes like the dynamic IDB-ECC two-factor authentication key exchange protocol, lightweight IBE scheme (IDB-Lite), and Korean certification-based signature standard using the ECC. The proposed scheme had a smaller key size and signature size of 160 bits. Overall, the energy consumption was also reduced to 0.53 mJ for 1312 bits of offline storage. The hybrid framework of identity-based signatures, online/offline phases, ECC, CAA, and low-cost algorithms enhances overall performance by having less complexity, time, and memory consumption. Thus, the proposed hybrid scheme is ideally suited for a lightweight WSN

Safe Routing Approach by Identifying and Subsequently Eliminating the Attacks in MANET

Wireless networks that are decentralized and communicate without using existing infrastructure are known as mobile ad-hoc networks. The most common sorts of threats and attacks can affect MANETs. Therefore, it is advised to utilize intrusion detection, which controls the system to detect additional security issues. Monitoring is essential to avoid attacks and provide extra protection against unauthorized access. Although the current solutions have been designed to defeat the attack nodes, they still require additional hardware, have considerable delivery delays, do not offer high throughput or packet delivery ratios, or do not do so without using more energy. The capability of a mobile node to forward packets, which is dependent on the platform's life quality, may be impacted by the absence of the network node power source. We developed the Safe Routing Approach (SRA), which uses behaviour analysis to track and monitor attackers who discard packets during the route discovery process. The attacking node recognition system is made for irregular routing node detection to protect the controller network's usual properties from becoming recognized as an attack node. The suggested method examines the nearby attack nodes and conceals the trusted node in the routing pathway. The path is instantly assigned after the initial discovery of trust nodes based on each node's strength value. It extends the network's life span and reduces packet loss. In terms of Packet Delivery Ratio (PDR), energy consumption, network performance, and detection of attack nodes, the suggested approach is contrasted with AIS, ZIDS, and Improved AODV. The findings demonstrate that the recommended strategy performs superior in terms of PDR, residual energy, and network throughput

Selected Papers from the First International Symposium on Future ICT (Future-ICT 2019) in Conjunction with 4th International Symposium on Mobile Internet Security (MobiSec 2019)

The International Symposium on Future ICT (Future-ICT 2019) in conjunction with the 4th International Symposium on Mobile Internet Security (MobiSec 2019) was held on 17–19 October 2019 in Taichung, Taiwan. The symposium provided academic and industry professionals an opportunity to discuss the latest issues and progress in advancing smart applications based on future ICT and its relative security. The symposium aimed to publish high-quality papers strictly related to the various theories and practical applications concerning advanced smart applications, future ICT, and related communications and networks. It was expected that the symposium and its publications would be a trigger for further related research and technology improvements in this field

A review of the state of the art in privacy and security in the eHealth cloud

The proliferation and usefulness of cloud computing in eHealth demands high levels of security and privacy for health records. However, eHealth clouds pose serious security and privacy concerns for sensitive health data. Therefore, practical and effective methods for security and privacy management are essential to preserve the privacy and security of the data. To review the current research directions in security and privacy in eHealth clouds, this study has analysed and summarized the state of the art technologies and approaches reported in security and privacy in the eHealth cloud. An extensive review covering 132 studies from several peer-reviewed databases such as IEEE Xplore was conducted. The relevant studies were reviewed and summarized in terms of their benefits and risks. This study also compares several research works in the domain of data security requirements. This paper will provide eHealth stakeholders and researchers with extensive knowledge and information on current research trends in the areas of privacy and security

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications

Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis.This work was financially supported by the European commission through ECSEL-JU 2018 program under the COMP4DRONES project (grant agreement N∘ 826610), with national financing from France, Spain, Italy, Netherlands, Austria, Czech, Belgium and Latvia. It was also partially supported by the Ayudas Cervera para Centros Tecnológicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) under the project EGIDA (CER-20191012), and in part by the Department of Economic Development and Competitiveness of the Basque Government through the project TRUSTIND—Creating Trust in the Industrial Digital Transformation (KK-2020/00054)

Enabling Data Confidentiality with Public Blockchains

Blockchain technology is apt to facilitate the automation of multi-party cooperations among various players in a decentralized setting, especially in cases where trust among participants is limited. Transactions are stored in a ledger, a replica of which is retained by every node of the blockchain network. The operations saved thereby are thus publicly accessible. While this aspect enhances transparency, reliability, and persistence, it hinders the utilization of public blockchains for process automation as it violates typical confidentiality requirements in corporate settings. To overcome this issue, we propose our approach named Multi-Authority Approach to Transaction Systems for Interoperating Applications (MARTSIA). Based on Multi-Authority Attribute-Based Encryption (MA-ABE), MARTSIA enables read-access control over shared data at the level of message parts. User-defined policies determine whether an actor can interpret the publicly stored information or not, depending on the actor's attributes declared by a consortium of certifiers. Still, all nodes in the blockchain network can attest to the publication of the (encrypted) data. We provide a formal analysis of the security guarantees of MARTSIA, and illustrate the proof-of-concept implementation over multiple blockchain platforms. To demonstrate its interoperability, we showcase its usage in ensemble with a state-of-the-art blockchain-based engine for multi-party process execution, and three real-world decentralized applications in the context of NFT markets, supply chain, and retail.Comment: arXiv admin note: substantial text overlap with arXiv:2303.1797

Sécurité collaborative pour l internet des objets

Cette thèse aborde des nouveaux défis de sécurité dans l'Internet des Objets (IdO). La transition actuelle de l'Internet classique vers l'Internet des Objets conduit à de nombreux changements dans les modèles de communications sous-jacents. La nature hétérogène des communications de l IdO et le déséquilibre entre les capacités des entités communicantes qui le constituent rendent difficile l'établissement de connexions sécurisées de bout en bout. Contrairement aux nœuds de l Internet traditionnel, la plupart des composants de l'Internet des Objets sont en effet caractérisés par de faibles capacités en termes d'énergie et de puissance calcul. Par conséquent, ils ne sont pas en mesure de supporter des systèmes de sécurité complexes. En particulier, la mise en place d'un canal de communication sécurisé de bout en bout nécessite l établissement d'une clé secrète commune entre les deux nœuds souhaitant communiquer, qui sera négociée en s'appuyant sur un protocole d'échange de clés tels que le Transport Layer Security (TLS) Handshake ou l Internet Key Exchange (IKE). Or, une utilisation directe de ces protocoles pour établir des connexions sécurisées entre deux entités de l IdO peut être difficile en raison de l'écart technologique entre celles-ci et des incohérences qui en résultent sur le plan des primitives cryptographiques supportées. Le sujet de l'adaptation des protocoles de sécurité existants pour répondre à ces nouveaux défis a récemment été soulevé dans la communauté scientifique. Cependant, les premières solutions proposées n'ont pas réussi à répondre aux besoins des nœuds à ressources limitées. Dans cette thèse, nous proposons de nouvelles approches collaboratives pour l'établissement de clés, dans le but de réduire les exigences des protocoles de sécurité existants, afin que ceux-ci puissent être mis en œuvre par des nœuds à ressources limitées. Nous avons particulièrement retenu les protocoles TLS Handshake, IKE et HIP BEX comme les meilleurs candidats correspondant aux exigences de sécurité de bout en bout pour l'IdO. Puis nous les avons modifiés de sorte que le nœud contraint en énergie puisse déléguer les opérations cryptographiques couteuses à un ensemble de nœuds au voisinage, tirant ainsi avantage de l'hétérogénéité spatiale qui caractérise l IdO. Nous avons entrepris des vérifications formelles de sécurité et des analyses de performance qui prouvent la sureté et l'efficacité énergétique des protocoles collaboratifs proposés. Dans une deuxième partie, nous avons porté notre attention sur une classe d attaques internes que la collaboration entre les nœuds peut induire et que les mécanismes cryptographiques classiques, tels que la signature et le chiffrement, s'avèrent impuissants à contrer. Cela nous a amené à introduire la notion de confiance au sein d'un groupe collaboratif. Le niveau de fiabilité d'un nœud est évalué par un mécanisme de sécurité dédié, connu sous le nom de système de gestion de confiance. Ce système est lui aussi instancié sur une base collaborative, dans laquelle plusieurs nœuds partagent leurs témoignages respectifs au sujet de la fiabilité des autres nœuds. En nous appuyant sur une analyse approfondie des systèmes de gestion de confiance existants et des contraintes de l IoD, nous avons conçu un système de gestion de confiance efficace pour nos protocoles collaboratifs. Cette efficacité a été évaluée en tenant compte de la façon dont le système de gestion de la confiance répond aux exigences spécifiques à nos approches proposées pour l'établissement de clés dans le contexte de l'IdO. Les résultats des analyses de performance que nous avons menées démontrent le bon fonctionnement du système proposé et une efficacité accrue par rapport à la littératureThis thesis addresses new security challenges in the Internet of Things (IoT). The current transition from legacy Internet to Internet of Things leads to multiple changes in its communication paradigms. Wireless sensor networks (WSNs) initiated this transition by introducing unattended wireless topologies, mostly made of resource constrained nodes, in which radio spectrum therefore ceased to be the only resource worthy of optimization. Today's Machine to Machine (M2M) and Internet of Things architectures further accentuated this trend, not only by involving wider architectures but also by adding heterogeneity, resource capabilities inconstancy and autonomy to once uniform and deterministic systems. The heterogeneous nature of IoT communications and imbalance in resources capabilities between IoT entities make it challenging to provide the required end-to-end secured connections. Unlike Internet servers, most of IoT components are characterized by low capabilities in terms of both energy and computing resources, and thus, are unable to support complex security schemes. The setup of a secure end-to-end communication channel requires the establishment of a common secret key between both peers, which would be negotiated relying on standard security key exchange protocols such as Transport Layer Security (TLS) Handshake or Internet Key Exchange (IKE). Nevertheless, a direct use of existing key establishment protocols to initiate connections between two IoT entities may be impractical because of the technological gap between them and the resulting inconsistencies in their cryptographic primitives. The issue of adapting existing security protocols to fulfil these new challenges has recently been raised in the international research community but the first proposed solutions failed to satisfy the needs of resource-constrained nodes. In this thesis, we propose novel collaborative approaches for key establishment designed to reduce the requirements of existing security protocols, in order to be supported by resource-constrained devices. We particularly retained TLS handshake, Internet key Exchange and HIP BEX protocols as the best keying candidates fitting the end-to-end security requirements of the IoT. Then we redesigned them so that the constrained peer may delegate its heavy cryptographic load to less constrained nodes in neighbourhood exploiting the spatial heterogeneity of IoT nodes. Formal security verifications and performance analyses were also conducted to ensure the security effectiveness and energy efficiency of our collaborative protocols. However, allowing collaboration between nodes may open the way to a new class of threats, known as internal attacks that conventional cryptographic mechanisms fail to deal with. This introduces the concept of trustworthiness within a collaborative group. The trustworthiness level of a node has to be assessed by a dedicated security mechanism known as a trust management system. This system aims to track nodes behaviours to detect untrustworthy elements and select reliable ones for collaborative services assistance. In turn, a trust management system is instantiated on a collaborative basis, wherein multiple nodes share their evidences about one another's trustworthiness. Based on an extensive analysis of prior trust management systems, we have identified a set of best practices that provided us guidance to design an effective trust management system for our collaborative keying protocols. This effectiveness was assessed by considering how the trust management system could fulfil specific requirements of our proposed approaches for key establishment in the context of the IoT. Performance analysis results show the proper functioning and effectiveness of the proposed system as compared with its counterparts that exist in the literatureEVRY-INT (912282302) / SudocSudocFranceF

VANET SECURITY FRAMEWORK FOR LOW LATENCY SAFETY APPLICATIONS

Vehicular Ad hoc Network (VANET) is a communication network for vehicles on the road. The concept of VANET is to create communication between vehicles, such as one vehicle is able to inform another vehicle about the road conditions. Communication is possible by vehicle to vehicle (V2V) and vehicle to road side unit (V2R). Presently, VANET technology is surrounded with security challenges and it is essentially important for VANET to successfully implement a security measure according to the safety applications requirements. Many researchers have proposed a number of solutions to counter security attacks and also to improve certain aspects of security i.e. authentication, privacy, and non-repudiation. The current most suitable security scheme for VANET is an Elliptic Curve Digital Signature Algorithm (ECDSA) asymmetric security mechanism. ECDSA is small in key size but it provides the same level of security as the large key sized scheme. However ECDSA is associated with high computational cost, thus lacking applicability in life-critical safety messaging. Due to that reason, alternative security schemes have been proposed, such as symmetric methods which provide faster communication, but at the expense of reduced security. Hence, hybrid and hardware based solutions have been proposed by researchers to mitigate the issue. However, these solutions still do not satisfy the existing safety applications standard or have larger message size due to increased message drop ratio. In this thesis, a security framework is presented; one that uses both standard asymmetric PKI and symmetric cryptography for faster and secured safety message exchange. The proposed framework is expected to improve the security mechanism in VANET by developing trust relationship among the neighboring nodes, hence forming trusted groups. The trust is established via Trusted Platform Module (TPM) and group communication. In this study, the proposed framework methods are simulated using two propagation models, i.e. two ray ground model and Nakagami model for VANET environment (802.11p). In this simulation, two traffic scenarios such as highway and urban are established. The outcome of both simulation scenarios is analyzed to identify the performance of the proposed methods in terms of latency (End-to-End Delay and Processing Delay). Also, the proposed V2V protocol for a framework is validated using a software in order to establish trust among vehicles

Security in 5G-Enabled Internet of Things Communication: Issues: Challenges, and Future Research Roadmap

5G mobile communication systems promote the mobile network to not only interconnect people, but also interconnect and control the machine and other devices. 5G-enabled Internet of Things (IoT) communication environment supports a wide-variety of applications, such as remote surgery, self-driving car, virtual reality, flying IoT drones, security and surveillance and many more. These applications help and assist the routine works of the community. In such communication environment, all the devices and users communicate through the Internet. Therefore, this communication agonizes from different types of security and privacy issues. It is also vulnerable to different types of possible attacks (for example, replay, impersonation, password reckoning, physical device stealing, session key computation, privileged-insider, malware, man-in-the-middle, malicious routing, and so on). It is then very crucial to protect the infrastructure of 5G-enabled IoT communication environment against these attacks. This necessitates the researchers working in this domain to propose various types of security protocols under different types of categories, like key management, user authentication/device authentication, access control/user access control and intrusion detection. In this survey paper, the details of various system models (i.e., network model and threat model) required for 5G-enabled IoT communication environment are provided. The details of security requirements and attacks possible in this communication environment are further added. The different types of security protocols are also provided. The analysis and comparison of the existing security protocols in 5G-enabled IoT communication environment are conducted. Some of the future research challenges and directions in the security of 5G-enabled IoT environment are displayed. The motivation of this work is to bring the details of different types of security protocols in 5G-enabled IoT under one roof so that the future researchers will be benefited with the conducted work