Octopus: A Secure and Anonymous DHT Lookup

Distributed Hash Table (DHT) lookup is a core technique in structured peer-to-peer (P2P) networks. Its decentralized nature introduces security and privacy vulnerabilities for applications built on top of them; we thus set out to design a lookup mechanism achieving both security and anonymity, heretofore an open problem. We present Octopus, a novel DHT lookup which provides strong guarantees for both security and anonymity. Octopus uses attacker identification mechanisms to discover and remove malicious nodes, severely limiting an adversary's ability to carry out active attacks, and splits lookup queries over separate anonymous paths and introduces dummy queries to achieve high levels of anonymity. We analyze the security of Octopus by developing an event-based simulator to show that the attacker discovery mechanisms can rapidly identify malicious nodes with low error rate. We calculate the anonymity of Octopus using probabilistic modeling and show that Octopus can achieve near-optimal anonymity. We evaluate Octopus's efficiency on Planetlab with 207 nodes and show that Octopus has reasonable lookup latency and manageable communication overhead

Security aspects and efforts towards secure Internet of things

Abstract—Internet of Things (IoT) consists of wired and wireless devices, typically supplied with minimum physical resources including limited computational and communication resources. Most of the devices are distinguished by their low bandwidth, short range, scarce memory capacity, limited processing capability and other attributes of inexpensive hardware. The resulting networks are more prone to traffic loss and other vulnerabilities. One of the potential networking challenges is to ensure the network communication among these deployed devices remains secure at less processing and communication overhead, and small packet size. The purpose of this paper is to highlight possible security attacks in Low Power and Lossy Networks (LLNs) as identifying pertinent security issues is an initial step to design the effective countermeasures. The IETF efforts in relevance to security implementation of this type of network are presented with focus on layer-2 and authentication mechanism at upper layer

Low complexity physical layer security approach for 5G internet of things

Fifth-generation (5G) massive machine-type communication (mMTC) is expected to support the cellular adaptation of internet of things (IoT) applications for massive connectivity. Due to the massive access nature, IoT is prone to high interception probability and the use of conventional cryptographic techniques in these scenarios is not practical considering the limited computational capabilities of the IoT devices and their power budget. This calls for a lightweight physical layer security scheme which will provide security without much computational overhead and/or strengthen the existing security measures. Here a shift based physical layer security approach is proposed which will provide a low complexity security without much changes in baseline orthogonal frequency division multiple access (OFDMA) architecture as per the low power requirements of IoT by systematically rearranging the subcarriers. While the scheme is compatible with most fast Fourier transform (FFT) based waveform contenders which are being proposed in 5G especially in mMTC and ultra-reliable low latency communication (URLLC), it can also add an additional layer of security at physical layer to enhanced mobile broadband (eMBB)

ESIA: An Efficient and Stable Identity Authentication for Internet of Vehicles

Decentralized, tamper-proof blockchain is regarded as a solution to a challenging authentication issue in the Internet of Vehicles (IoVs). However, the consensus time and communication overhead of blockchain increase significantly as the number of vehicles connected to the blockchain. To address this issue, vehicular fog computing has been introduced to improve efficiency. However, existing studies ignore several key factors such as the number of vehicles in the fog computing system, which can impact the consensus communication overhead. Meanwhile, there is no comprehensive study on the stability of vehicular fog composition. The vehicle movement will lead to dynamic changes in fog. If the composition of vehicular fog is unstable, the blockchain formed by this fog computing system will be unstable, which can affect the consensus efficiency. With the above considerations, we propose an efficient and stable identity authentication (ESIA) empowered by hierarchical blockchain and fog computing. By grouping vehicles efficiently, ESIA has low communication complexity and achieves high stability. Moreover, to enhance the consensus security of the hierarchical blockchain, the consensus process is from the bottom layer to the up layer (bottom-up), which we call B2UHChain. Through theoretical analysis and simulation verification, our scheme achieves the design goals of high efficiency and stability while significantly improving the IoV scalability to the power of 1.5 (^1.5) under similar security to a single-layer blockchain. In addition, ESIA has less communication and computation overhead, lower latency, and higher throughput than other baseline authentication schemes

MuON: Epidemic based mutual anonymity in unstructured P2P networks

A mutual anonymity system enables communication between a client and a service provider without revealing their identities. In general, the anonymity guarantees made by the protocol are enhanced when a large number of participants are recruited into the anonymity system. Peer-to-peer (P2P) systems are able to attract a large number of nodes and hence are highly suitable for anonymity systems. However, the churn (changes in system membership) within P2P networks, poses a significant challenge for low-bandwidth reliable anonymous communication in these networks. This paper presents MuON, a protocol to achieve mutual anonymity in unstructured P2P networks. MuON leverages epidemic-style data dissemination to deal with churn. Simulation results and security analysis indicate that MuON provides mutual anonymity in networks with high churn, while maintaining predictable latencies, high reliability, and low communication overhead

Access Authentication Via Blockchain in Space Information Network

These authors contributed equally to this work. Abstract Space Information Network (SIN) has significant benefits of providing communication anywhere at any time. This feature offers an innovative way for conventional wireless customers to access enhanced internet services by using SIN. However, SIN's characteristics, such as naked links and maximum signal latency, make it difficult to design efficient security and routing protocols, etc. Similarly, existing SIN authentication techniques can't satisfy all of the essentials for secure communication, such as privacy leaks or rising authentication latency. The article aims to develop a novel blockchain-based access authentication mechanism for SIN. The proposed scheme uses a blockchain application, which has offered anonymity to mobile users while considering the satellites' limited processing capacity. The proposed scheme uses a blockchain application, which offers anonymity to mobile users while considering the satellites' limited processing capacity. The SIN gains the likelihood of far greater computational capacity devices as technology evolves. Since authenticating in SIN, the technique comprises three entities: low Earth orbit, mobile user, and network control centre. The proposed mutual authentication mechanism avoids the requirement of a ground station, resulting in less latency and overhead during mobile user authentication. Finally, the new blockchain-based authentication approach is being evaluated with AVISPA, a formal security tool. The simulation and performance study results illustrate that the proposed technique delivers efficient security characteristics such as low authentication latency, minimal signal overhead and less computational cost with group authentication

Implementation and Performance Evaluation of Embedded IPsec in Microkernel OS

The rapid development of the embedded systems and the wide use of them in many sensitive fields require safeguarding their communications. Internet Protocol Security (IPsec) is widely used to solve network security problems by providing confidentiality and integrity for the communications in the network, but it introduces communication overhead. This overhead becomes a critical factor with embedded systems because of their low computing power and limited resources. In this research, we studied the overhead of using embedded IPsec in constrained resource systems, which run microkernel operating system (OS), in terms of the network latency and throughput. To conduct our experiment first, we ran the test with an unmodified network stack, and then we ran the same test with the modified network stack which contains the IPsec implementation. Later, we compared the results obtained from these two sets of experiments to examine the overhead. Our research demonstrated that the overhead imposed by IPsec protocols is small and well within the capabilities of even low cost microcontrollers such as the one used in the Raspberry Pi computer