Reconfigurable Security: Edge Computing-based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication

Robust estimation of bacterial cell count from optical density

Optical density (OD) is widely used to estimate the density of cells in liquid culture, but cannot be compared between instruments without a standardized calibration protocol and is challenging to relate to actual cell count. We address this with an interlaboratory study comparing three simple, low-cost, and highly accessible OD calibration protocols across 244 laboratories, applied to eight strains of constitutive GFP-expressing E. coli. Based on our results, we recommend calibrating OD to estimated cell count using serial dilution of silica microspheres, which produces highly precise calibration (95.5% of residuals <1.2-fold), is easily assessed for quality control, also assesses instrument effective linear range, and can be combined with fluorescence calibration to obtain units of Molecules of Equivalent Fluorescein (MEFL) per cell, allowing direct comparison and data fusion with flow cytometry measurements: in our study, fluorescence per cell measurements showed only a 1.07-fold mean difference between plate reader and flow cytometry data

IN-VEHICLE COMMUNICATION SYSTEM BASED ON EDGE COMPUTING USING ATTRIBUTE-BASED ACCESS CONTROL AND METHOD THEREOF

본 발명은 속성 기반 접근 제어를 이용하는 엣지 컴퓨팅 기반의 차량-내 통신 시스템 및 그 방법에 관한 것으로서, 일실시예에 따른 차량-내 통신 시스템은 메시지(message)에 대한 암호문을 생성하고, 암호문에 대한 셔플(shuffle) 연산을 수행하여 셔플된 암호문을 생성하는 송신-ECU와, 셔플된 암호문에 대한 부분 복호화(partial decryption) 연산을 수행하여 부분 복호화된 암호문을 생성하는 보안 에이전트 및 부분 복호화된 암호문에 대한 복호화 연산을 수행하여 메시지를 획득하는 수신-ECU를 포함할 수 있다

EC-SVC: Secure CAN Bus In-Vehicle Communications with Fine-grained Access Control Based on Edge Computing

In-vehicle communications are not designed for message exchange between the vehicles and outside systems originally. Thus, the security design of message protection is insufficient. Moreover, the internal devices do not have enough resources to process the additional security operations. Nonetheless, due to the characteristic of the in-vehicle network in which messages are broadcast, secure message transmission to specific receivers must be ensured. With consideration of the facts aforementioned, this work addresses resource problems by offloading secure operations to high-performance devices, and uses attribute-based access control to ensure the confidentiality of messages from attackers and unauthorized users. In addition, we reconfigure existing access control based cryptography to address new vulnerabilities arising from the use of edge computing and attribute-based access control. Thus, this paper proposes an edge computing-based security protocol with fine-grained attribute-based encryption using a hash function, symmetric-based cryptography, and reconfigured cryptographic scheme. In addition, this work formally proves the reconfigured cryptographic scheme and security protocol, and evaluates the feasibility of the proposed security protocol in various aspects using the CANoe software. IEEETRU

Interdomain Identity-Based Key Agreement Schemes

In order to simplify key management, two-party and three-party key agreement schemes based on user identities have been proposed recently. Multiparty (including more than three parties) key agreement protocols, which also are called conference key schemes, can be applied to distributed systems and wireless environments, such as ad hoc networks, for the purpose of multiparty secure communication. However, it is hard to extend two- or three-party schemes to multiparty ones with the guarantee of efficiency and security. In addition to the above two properties, interdomain environments should also be considered in key agreement systems due to diversified network domains. However, only few identity-based multiparty conference key agreement schemes for single domain environments and none for interdomain environments were proposed in the literature and they did not satisfy all of the security attributes such as forward secrecy and withstanding impersonation. In this paper, we will propose a novel efficient single domain identity-based multiparty conference key scheme and extend it to an interdomain one. Finally, we prove that the proposed schemes satisfy the required security attributes via formal methods

Anonymous Communications for Secure Device-to-Device Aided Fog Computing

In this article, we introduce the concept of device-to-device (D2D) communication-aided fog computing, which enables devices proximate to one other help each other obtain faster authentication without involving any centralized server. We also propose a novel security architecture for D2D-aided fog computing. Finally, we introduce three anonymous authentication protocols for dealing with three communication scenarios. These protocols use the lightweight cryptographic primitives (e.g., one-way hash function and exclusive-or operations) to support even resource-limited Internet of Things (IoT) devices. © 2012 IEEE.1