APSec1.0: Innovative Security Protocol Design with Formal Security Analysis for the Artificial Pancreas System

The Medical Internet-of-Things (MIoT) has developed revolutionary ways of delivering medical care to patients. An example system, showing increasing demand, is the artificial pancreas system that offers convenience and reliable support care to patients with Type 1 Diabetes. Despite the apparent benefits, the system cannot escape potential cyber threats that may worsen a patient’s condition. The security risks need immediate attention to ensure the privacy of the patient and preserve safe functionality. Motivated by this, we proposed a security protocol for the APS environment wherein support to essential security requirements is guaranteed, the security context negotiation is resource-friendly, and the protocol is resilient to emergencies. Accordingly, the security requirements and correctness of the design protocol were formally verified using BAN logic and AVISPA, and proved its feasibility through the emulation of APS in a controlled environment using commercial off-the-shelf devices. Moreover, the results of our performance analysis indicate that the proposed protocol is more efficient than the other existing works and standards

Blockchain-based Privacy Preservation Scheme for Misbehavior Detection in Lightweight IoMT Devices

The Internet of Medical Things (IoMT) has risen to prominence as a possible backbone in the health sector, with the ability to improve quality of life by broadening user experience while enabling crucial solutions such as near real-time remote di- agnostics. However, privacy and security problems remain largely unresolved in the safety area. Various rule-based methods have been considered to recognize aberrant behaviors in IoMT and have demonstrated high accuracy of misbehavior detection appropriate for lightweight IoT devices. However, most of these solutions have privacy concerns, especially when giving context during misbehavior analysis. Moreover, falsified or modified context generates a high percentage of false positives and, in some cases, causes a by-pass in misbehavior detection. Relying on the recent powerful consolidation of Blockchain and federated learning (FL), we propose an efficient privacy-preserving framework for secure mis- behavior detection in lightweight IoMT devices, particularly in the artificial pancreas system (APS). The proposed approach employs privacy-preserving bidirectional long-short term memory (BiLSTM) and augments the security through the integration of Blockchain technology based on Ethereum smart contract environment. Furthermore, the effectiveness of the proposed model is bench- marked empirically in terms of sustainable privacy preservation, commensurate incentive scheme with an untraceability feature, exhaustiveness, and the compact results of a variant neural network approach. As a result, the proposed model has a 99.93% recall rate, showing that it can detect virtually all possible malicious events in the targeted use case. Furthermore, given an initial ether value of 100, the solution's average gas consumption and Ether spent are 84,456.5 and 0.03157625, respectively.</p

Drone Secure Communication Protocol for Future Sensitive Applications in Military Zone

Unmanned Aerial Vehicle (UAV) plays a paramount role in various fields, such as military, aerospace, reconnaissance, agriculture, and many more. The development and implementation of these devices have become vital in terms of usability and reachability. Unfortunately, as they become widespread and their demand grows, they are becoming more and more vulnerable to several security attacks, including, but not limited to, jamming, information leakage, and spoofing. In order to cope with such attacks and security threats, a proper design of robust security protocols is indispensable. Although several pieces of research have been carried out with this regard, there are still research gaps, particularly concerning UAV-to-UAV secure communication, support for perfect forward secrecy, and provision of non-repudiation. Especially in a military scenario, it is essential to solve these gaps. In this paper, we studied the security prerequisites of the UAV communication protocol, specifically in the military setting. More importantly, a security protocol (with two sub-protocols), that serves in securing the communication between UAVs, and between a UAV and a Ground Control Station, is proposed. This protocol, apart from the common security requirements, achieves perfect forward secrecy and non-repudiation, which are essential to a secure military communication. The proposed protocol is formally and thoroughly verified by using the BAN-logic (Burrow-Abadi-Needham logic) and Scyther tool, followed by performance evaluation and implementation of the protocol on a real UAV. From the security and performance evaluation, it is indicated that the proposed protocol is superior compared to other related protocols while meeting confidentiality, integrity, mutual authentication, non-repudiation, perfect forward secrecy, perfect backward secrecy, response to DoS (Denial of Service) attacks, man-in-the-middle protection, and D2D (Drone-to-Drone) security

A Formally Verified Security Scheme for Inter-gNB-DU Handover in 5G Vehicle-to-Everything

Cellular technology has evolved over the decades for mobile network operators to accommodate the ever-growing demands of services for connecting Vehicle-to-Everything (V2X). The 5G infrastructure facilitates V2X communications, where a small-cell base station operating at ultra-high radio frequency with limited coverage becomes pervasive. These small-cell base stations in 5G-V2X must be strategically deployed near the consumers to realize several use cases. More recently, the architectural split solutions in Next Generation Radio Access Network (NG-RAN) are introduced, in which the gNB is divided into the distributed unit (gNB-DU) and control unit (gNB-CU). This functional split intends to improve scalability, performance, and network orchestration optimization. In this case, frequent user equipment (UE) handover between gNB-DUs is inevitable. However, the current 5G standard did not consider securing the path between these two entities. Hence, the NG-RAN could likely experience various security threats if the current handover procedure standard is employed without changes. Consequently, this paper introduces potential threats like resource depletion at NG-RAN caused by the useless execution of resource-demanding procedures to complete the transfer of attachment of UE to target gNB-DU. Another is UE being denied from accessing services caused by unsuccessful uplink and downlink synchronization during random access procedure execution, requiring establishing security and mutual authentication between the entities. Motivated by this, we proposed a security protocol composed of two phases, namely initial and handover. While the former phase assists in mutual authentication and key agreement between UE and serving gNB-DU, the latter secures UE&#x2019;s mobility in inter-gNB-DU handover. This protocol aims to preserve the existing quality of service and support essential security requirements, including confidentiality, integrity, mutual authentication, secure key exchange, and perfect forward secrecy. The security requirements are formally verified using BAN logic and Scyther, and the proposed protocol demonstrated lower handover latency than EAP-AKA&#x2019;, AKA, EAP-TLS, and EAP-IKEv2