Secure and efficient reactive video surveillance for patient monitoring

Video surveillance is widely deployed for many kinds of monitoring applications in healthcare and assisted living systems. Security and privacy are two promising factors that align the quality and validity of video surveillance systems with the caliber of patient monitoring applications. In this paper, we propose a symmetric key-based security framework for the reactive video surveillance of patients based on the inputs coming from data measured by a wireless body area network attached to the human body. Only authenticated patients are able to activate the video cameras, whereas the patient and authorized people can consult the video data. User and location privacy are at each moment guaranteed for the patient. A tradeoff between security and quality of service is defined in order to ensure that the surveillance system gets activated even in emergency situations. In addition, the solution includes resistance against tampering with the device on the patient’s side.Peer reviewe

AKAASH: A realizable authentication, key agreement, and secure handover approach for controller-pilot data link communications

Controller-Pilot Data Link Communications (CPDLC) are rapidly replacing voice-based Air Traffic Control (ATC) communications worldwide. Being digital, CPDLC is highly resilient and bandwidth efficient, which makes it the best choice for traffic-congested airports. Although CPDLC initially seems to be a perfect solution for modern-day ATC operations, it suffers from serious security issues. For instance, eavesdropping, spoofing, man-in-the-middle, message replay, impersonation attacks, etc. Cyber attacks on the aviation communication network could be hazardous, leading to fatal aircraft incidents and causing damage to individuals, service providers, and the aviation industry. Therefore, we propose a new security model called AKAASH, enabling several paramount security services, such as efficient and robust mutual authentication, key establishment, and a secure handover approach for the CPDLC-enabled aviation communication network. We implement the approach on hardware to examine the practicality of the proposed approach and verify its computational and communication efficiency and efficacy. We investigate the robustness of AKAASH through formal (proverif) and informal security analysis. The analysis reveals that the AKAASH adheres to the CPDLC standards and can easily integrate into the CPDLC framework.Funding: Trafikverket, Sweden; Luftfartsverket, Sweden under Automation Program II; Wallenberg AI, Autonomous Systems and Software Program (WASP), SwedenThis work was supported by Trafikverket, Sweden and Luftfartsverket, Sweden under Automation Program II. This work was also partially supported by the Wallenberg AI, Autonomous Systems and Software Program (WASP), Sweden

Group key establishment for enabling secure multicast communication in wireless sensor networks deployed for IoT applications

Wireless sensor networks (WSNs) are a prominent fundamental technology of the Internet of Things (IoTs). Rather than device-to-device communications, group communications in the form of broadcasting and multicasting incur efficient message deliveries among resource-constrained sensor nodes in the IoT-enabled WSNs. Secure and efficient key management is in many cases used to protect the authenticity, integrity, and confidentiality of multicast messages. This paper develops two group key establishment protocols for secure multicast communications among the resource-constrained devices in IoT. Major deployment conditions and requirements of each protocol are described in terms of the specific IoT application scenarios. Furthermore, the applicability of the two protocols is analyzed and justified by a comprehensive analysis of the performance, scalability, and security of the protocols proposed

CHIP:collaborative host identity protocol with efficient key establishment for constrained devices in internet of things

Abstract The Internet of Things (IoT) is the next evolutionary paradigm of networking technologies that interconnects almost all the smart objects and intelligent sensors related to human activities, machineries, and environment. IoT technologies and Internet Protocol connectivity enable wide ranges of network devices to communicate irrespective of their resource capabilities and local networks. In order to provide seamless connectivity and interoperability, it is notable to maintain secure end-to-end (E2E) communication links in IoT. However, device constraints and the dynamic link creations make it challenging to use pre-shared keys for every secure E2E communication scenario in IoT. Variants of Host Identity Protocol (HIP) are adopted for constructing dynamic and secure E2E connections among the heterogeneous network devices with imbalanced resource profiles and less or no previous knowledge about each other. We propose a solution called collaborative HIP (CHIP) with an efficient key establishment component for the high resource-constrained devices in IoT. CHIP delegates the expensive cryptographic operations to the resource rich devices in the local networks. Finally, by providing quantitative performance evaluation and descriptive security analysis, we demonstrate the applicability of the key establishment in CHIP for the constrained IoT devices rather than the existing HIP variants

Anonymous secure framework in connected smart home environments

Abstract The smart home is an environment, where heterogeneous electronic devices and appliances are networked together to provide smart services in a ubiquitous manner to the individuals. As the homes become smarter, more complex, and technology dependent, the need for an adequate security mechanism with minimum individual’s intervention is growing. The recent serious security attacks have shown how the Internet-enabled smart homes can be turned into very dangerous spots for various ill intentions, and thus lead the privacy concerns for the individuals. For instance, an eavesdropper is able to derive the identity of a particular device/appliance via public channels that can be used to infer in the life pattern of an individual within the home area network. This paper proposes an anonymous secure framework (ASF) in connected smart home environments, using solely lightweight operations. The proposed framework in this paper provides efficient authentication and key agreement, and enables devices (identity and data) anonymity and unlinkability. One-time session key progression regularly renews the session key for the smart devices and dilutes the risk of using a compromised session key in the ASF. It is demonstrated that computation complexity of the proposed framework is low as compared with the existing schemes, while security has been significantly improved

Secure communication channel architecture for Software Defined Mobile Networks

Abstract A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, flexibility, and scalability of today’s telecommunication networks. However, SDMN features such as centralized controlling, network programmability, and virtualization introduce new security challenges to telecommunication networks. In this article, we present security challenges related to SDMN communication channels (i.e., control and data channel) and propose a novel secure communication channel architecture based on Host Identity Protocol (HIP). IPsec tunneling and security gateways are widely utilized in present-day mobile networks to secure backhaul communication channels. However, the utilization of legacy IPsec mechanisms in SDMNs is challenging due to limitations such as distributed control, lack of visibility, and limited scalability. The proposed architecture also utilizes IPsec tunnels to secure the SDMN communication channels by eliminating these limitations. The proposed architecture is implemented in a testbed and we analyzed its security features. The performance penalty of security due to the proposed security mechanisms is measured on both control and data channels