A survey of IoT security based on a layered architecture of sensing and data analysis

The Internet of Things (IoT) is leading today’s digital transformation. Relying on a combination of technologies, protocols, and devices such as wireless sensors and newly developed wearable and implanted sensors, IoT is changing every aspect of daily life, especially recent applications in digital healthcare. IoT incorporates various kinds of hardware, communication protocols, and services. This IoT diversity can be viewed as a double-edged sword that provides comfort to users but can lead also to a large number of security threats and attacks. In this survey paper, a new compacted and optimized architecture for IoT is proposed based on five layers. Likewise, we propose a new classification of security threats and attacks based on new IoT architecture. The IoT architecture involves a physical perception layer, a network and protocol layer, a transport layer, an application layer, and a data and cloud services layer. First, the physical sensing layer incorporates the basic hardware used by IoT. Second, we highlight the various network and protocol technologies employed by IoT, and review the security threats and solutions. Transport protocols are exhibited and the security threats against them are discussed while providing common solutions. Then, the application layer involves application protocols and lightweight encryption algorithms for IoT. Finally, in the data and cloud services layer, the main important security features of IoT cloud platforms are addressed, involving confidentiality, integrity, authorization, authentication, and encryption protocols. The paper is concluded by presenting the open research issues and future directions towards securing IoT, including the lack of standardized lightweight encryption algorithms, the use of machine-learning algorithms to enhance security and the related challenges, the use of Blockchain to address security challenges in IoT, and the implications of IoT deployment in 5G and beyond

Adjust or invest : what is the best option to green a supply chain?

Greening a supply chain can be achieved by considering several options. However, companies lack of clear guidelines to assess and compare these options. In this paper, we propose to use multiobjective optimization to assess operational adjustment and technology investment options in terms of cost and carbon emissions. Our study is based on a multiobjective formulation of the economic order quantity model called the sustainable order quantity model. The results show that both options may be effective to lower the impacts of logistics operations. We also provide analytical conditions under which an option outperforms the other one for two classical decision rules, i.e. the carbon cap and the carbon tax cases. The results allow deriving some interesting and potentially impacting practical insight

Constant-size threshold attribute based SignCryption for cloud applications

In this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving users’ privacy as the identifying information for satisfying the access control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the Computational Diffie Hellman Assumption (CDH) are hard

PHOABE : securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT

Attribute based encryption (ABE) is an encrypted access control mechanism that ensures efficient data sharing among dynamic group of users. Nevertheless, this encryption technique presents two main drawbacks, namely high decryption cost and publicly shared access policies, thus leading to possible users’ privacy leakage. In this paper, we introduce PHOABE, a Policy-Hidden Outsourced ABE scheme. Our construction presents several advantages. First, it is a multi-attribute authority ABE scheme. Second, the expensive computations for the ABE decryption process is partially delegated to a Semi Trusted Cloud Server. Third, users’ privacy is protected thanks to a hidden access policy. Fourth, PHOABE is proven to be selectively secure, verifiable and policy privacy preserving under the random oracle model. Five, estimation of the processing overhead proves its feasibility in IoT constrained environments

PAbAC : a privacy preserving attribute based framework for fine grained access control in clouds

Several existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. Moreover, to keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired. In addition, access control policies as well as users’ access patterns are also considered as sensitive information that should be protected from the cloud. In this paper, we propose PAbAC, a novel privacy preserving Attribute-based framework, that combines attribute-based encryption and attribute-based signature mechanisms for securely sharing outsourced data via the public cloud. Our proposal is multifold. First, it ensures fine-grained cryptographic access control enforced at the data owner’s side, while providing the desired expressiveness of the access control policies. Second, PAbAC preserves users’ privacy, while hiding any identifying information used to satisfy the access control. Third, PAbAC is proven to be highly scalable and efficient for sharing outsourced data in remote servers, at both the client and the cloud provider side

NORTH ATLANTIC OSCILLATION AND RAINFALL VARIABILITY ON THE SOUTHERN COAST OF THE MEDITERRANEAN

Regions of the south-western Mediterranean basin were the focus of many studies since they have experienced a series of climate changes. The contribution of the North Atlantic Oscillation in precipitations is required to be analyzed with the aim to understand the possible hydrological changes. In this way, an analysis of precipitations along the coast of central Maghreb (Morocco, Algeria and Tunisia) was carried. The present analysis was performed using (1) The graphical method of information processing and (2) wavelet transform technique. Results can be summarized as the following. Results show a high drought observed in all studied regions since the med-eighties and a return of the wet period since year 2003. Moreover, we demonstrate significant links of precipitations with the North Atlantic Oscillatio

Towards better understanding of the complex industrial systems: Case of production systems

Growth of the world population and the globalization of trade are the origins of the fourth industrial revolution, called “Industry 4.0”. What engineers call systems are becoming more and more complex as businesses strive to stay competitive and meet ever-changing demand. While automation and information digitization and transmission technologies are increasingly becoming major assets in modern industries, the changes they bring are having an impact on the management of occupational health and safety. The aim of this article is to provide an overview of the progress achieved in the understanding of complex systems and to test some of the published theory by comparing it to a case study. The major scientific databases were searched to retrieve the literature on complexity, and a large company in the steel products business was queried to determine how its complexity as perceived by its managerial staff compares to the theory of complex systems. Our main conclusion is that, based on the data gathered in the case study, the perception that the managerial staff has of the company corresponds closely to the current definition of complex systems as proposed by researchers. However, it remains to be determined whether this correspondence holds over the range of business sizes

State of the art and challenges for occupational health and safety performance evaluation tools

In industrialized nations, occupational health and safety (OHS) has been a growing concern in many businesses for at least two decades. Legislation, regulation, and standards have been developed in order to provide organizations with a framework for practicing accident and illness prevention and placing worker well-being at the center of production system design. However, the occurrence of several accidents continues to show that OHS performance evaluation is subject to interpretation. In this review of the literature, we outline the scope of current research on OHS status and performance evaluation and comment on the suitability of the instruments being proposed for field use. This study is based on a keyword-based bibliographical search in the largest scientific databases and OHS-related websites, which allowed us to identify 15 OHS performance evaluation tools. Our principal conclusion is that researchers in the field have shown little interest in generalizing the instruments of OHS performance evaluation and that none of the 15 tools examined is properly applicable to any real organization outside of the sector of activity, economic scale, and jurisdiction for which it was designed

Towards securing machine learning models against membership inference attacks

From fraud detection to speech recognition, including price prediction, Machine Learning (ML) applications are manifold and can significantly improve different areas. Nevertheless, machine learning models are vulnerable and are exposed to different security and privacy attacks. Hence, these issues should be addressed while using ML models to preserve the security and privacy of the data used. There is a need to secure ML models, especially in the training phase to preserve the privacy of the training datasets and to minimise the information leakage. In this paper, we present an overview of ML threats and vulnerabilities, and we highlight current progress in the research works proposing defence techniques against ML security and privacy attacks. The relevant background for the different attacks occurring in both the training and testing/inferring phases is introduced before presenting a detailed overview of Membership Inference Attacks (MIA) and the related countermeasures. In this paper, we introduce a countermeasure against membership inference attacks (MIA) on Conventional Neural Networks (CNN) based on dropout and L2 regularization. Through experimental analysis, we demonstrate that this defence technique can mitigate the risks of MIA attacks while ensuring an acceptable accuracy of the model. Indeed, using CNN model training on two datasets CIFAR-10 and CIFAR-100, we empirically verify the ability of our defence strategy to decrease the impact of MIA on our model and we compare results of five different classifiers. Moreover, we present a solution to achieve a trade-off between the performance of the model and the mitigation of MIA attack

Nuclear Alpha-Particle Condensates

The $\alpha$-particle condensate in nuclei is a novel state described by a product state of $\alpha$'s, all with their c.o.m. in the lowest 0S orbit. We demonstrate that a typical $\alpha$-particle condensate is the Hoyle state ($E_{x}=7.65$ MeV, $0^+_2$ state in $^{12}$C), which plays a crucial role for the synthesis of $^{12}$C in the universe. The influence of antisymmentrization in the Hoyle state on the bosonic character of the $\alpha$ particle is discussed in detail. It is shown to be weak. The bosonic aspects in the Hoyle state, therefore, are predominant. It is conjectured that $\alpha$-particle condensate states also exist in heavier $n\alpha$ nuclei, like $^{16}$O, $^{20}$Ne, etc. For instance the $0^+_6$ state of $^{16}$O at $E_{x}=15.1$ MeV is identified from a theoretical analysis as being a strong candidate of a $4\alpha$ condensate. The calculated small width (34 keV) of $0^+_6$, consistent with data, lends credit to the existence of heavier Hoyle-analogue states. In non-self-conjugated nuclei such as $^{11}$B and $^{13}$C, we discuss candidates for the product states of clusters, composed of $\alpha$'s, triton's, and neutrons etc. The relationship of $\alpha$-particle condensation in finite nuclei to quartetting in symmetric nuclear matter is investigated with the help of an in-medium modified four-nucleon equation. A nonlinear order parameter equation for quartet condensation is derived and solved for $\alpha$ particle condensation in infinite nuclear matter. The strong qualitative difference with the pairing case is pointed out.Comment: 71 pages, 41 figures, review article, to be published in "Cluster in Nuclei (Lecture Notes in Physics) - Vol.2 -", ed. by C. Beck, (Springer-Verlag, Berlin, 2011