Secure lightweight protocols for medical device monitoring

In the present days, the health care costs are sky-rocketing and most developed nations, including EU and US, are struggling to keep the costs under control. One of the areas is related to monitoring and control of medical appliances embedded to human bodies, such as insulin pumps as heart pacers. Fortunately, recent technology advances make it possible to monitor the medical appliances remotely, greatly decreasing the need for personal doctor visits. Naturally, remote wireless monitoring of such crucial appliances poses several formidable technological challenges including security of data communication, device authentication, attack resistance, and seamless connectivity. A remote monitoring protocol must be executed in a resource-constrained environment with energy efficiency. The recently proposed Diet Exchange for Host Identity Protocol (HIP) could solve most of security issues of remote appliance monitoring. However, it has to be developed to run in an embedded device environment; its security properties must be triple-checked against the stringent requirements; potential privacy issues must be addressed; protocol messages and cryptographic mechanisms must be adopted to wireless sensor standards. Although bearing high risks of provable security and patient faith, remote monitoring of health appliances could create breakthroughs in healthcare cost reduction and bring great benefits of individuals and the society

PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications

Wireless sensor Networks (WSNs) deployed in distributed Internet of Things (IoT) applications should be integrated into the Internet. According to the distributed architecture, sensor nodes measure data, process, exchange information, and perform collaboratively with other sensor nodes and end-users, which can be internal or external to the network. In order to maintain the trustworthy connectivity and the accessibility of distributed IoT, it is important to establish secure links for end-to-end communication with a strong pervasive authentication mechanism. However, due to the resource constraints and heterogeneous characteristics of the devices, traditional authentication and key management schemes are not effective for such applications. This paper proposes a pervasive lightweight authentication and keying mechanism for WSNs in distributed IoT applications, in which the sensor nodes can establish secured links with peer sensor nodes and end-users. The established authentication scheme PAuthKey is based on implicit certificates and it provides application level end-to-end security. A comprehensive description for the scenario based behavior of the protocol is presented. With the performance evaluation and the security analysis, it is justified that the proposed scheme is viable to deploy in the resource constrained WSNs

How DoS attacks can be mounted on Network Slice Broker and can they be mitigated using blockchain?

The 2021 32nd Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (IEEE PIMRC 2021),Virtual Event, 13-16 September 2021Several recent works talk about the potential use of network slice brokering mechanism to facilitate the resource allocation of network slicing in next generation networks. This involves network tenants on the one hand and resource/infrastructure providers on the other hand. However, the potential downside of deploying Network Slice Broker (NSB) is that it can be victimized by DoS (Denial of Service) attack. Thus, the aim of this work is three fold. First, to present the possible ways in which DoS/DDoS attacks can be mounted on NSB and their adverse effects. Second, to propose and implement initial blockchain-based solution named as Security Service Blockchain (SSB) to prevent DoS attacks on NSB. Third, to enumerate the challenges and future research directions to effectively utilize blockchain for mitigating DoS/DDoS attacks on NSB. To evaluate the performance the proposed SSB framework is implemented using Hyperledger Fabric. The results manifest that the latency impact of the legitimate slice creation over scaled up malicious traffic remains minimal with the use of SSB framework. The integration of SSB with NSB results in gaining several fold reduction in latency under DoS attack scenario.European Commission Horizon 20206Genesis Flagship5GEA

Integration of ICN and MEC in 5G and beyond networks : mutual benefits, use cases, challenges, standardization, and future research

Multi-access Edge Computing (MEC) is a novel edge computing paradigm that moves cloudbased processing and storage capabilities closer to mobile users by implementing server resources in the access nodes. MEC helps fulfill the stringent requirements of 5G and beyond networks to offer anytimeanywhere connectivity for many devices with ultra-low delay and huge bandwidths. Information-Centric Networking (ICN) is another prominent network technology that builds on a content-centric network architecture to overcome host-centric routing/operation shortcomings and to realize efficient pervasive and ubiquitous networking. It is envisaged to be employed in Future Internet including Beyond 5G (B5G) networks. The consolidation of ICN with MEC technology offers new opportunities to realize that vision and serve advanced use cases. However, various integration challenges are yet to be addressed to enable the wide-scale co-deployment of ICN with MEC in future networks. In this paper, we discuss and elaborate on ICN MEC integration to provide a comprehensive survey with a forward-looking perspective for B5G networks. In that regard, we deduce lessons learned from related works (for both 5G and B5G networks). We present ongoing standardization activities to highlight practical implications of such efforts. Moreover, we render key B5G use cases and highlight the role for ICN MEC integration for addressing their requirements. Finally, we layout research challenges and identify potential research directions. For this last contribution, we also provide a mapping of the latter to ICN integration challenges and use cases

Security and privacy issues of physical objects in the IoT: Challenges and opportunities

In the Internet of Things (IoT), security and privacy issues of physical objects are crucial to the related applications. In order to clarify the complicated security and privacy issues, the life cycle of a physical object is divided into three stages of pre-working, in-working, and post-working. On this basis, a physical object-based security architecture for the IoT is put forward. According to the security architecture, security and privacy requirements and related protecting technologies for physical objects in different working stages are analyzed in detail. Considering the development of IoT technologies, potential security and privacy challenges that IoT objects may face in the pervasive computing environment are summarized. At the same time, possible directions for dealing with these challenges are also pointed out

Efficient location privacy algorithm for Internet of Things (IoT) services and applications

© 2016 Elsevier Ltd. Location-based Services (LBS) have become a very important area for research with the rapid development of Internet of Things (IoT) technology and the ubiquitous use of smartphones and social networks in our daily lives. Although users can enjoy a lot of flexibility and conveniences from the LBS with IoT, they may also lose their privacy. Untrusted or malicious LBS servers with all users' information can track users in various ways or release personal data to third parties. In this work, we first analyze the current dummy-location selection (DLS) algorithm-an efficient location privacy preservation approach and design an attack algorithm for DLS (ADLS) for test emerging IoT security. For efficiently preserving user's location privacy, we propose a novel dummy location privacy-preserving (DLP) algorithm by considering both computational costs and various privacy requirements of different users. Extensive simulation experiments have been carried out to evaluate the efficiency of the proposed schemes. Evaluation results show that the ADLS algorithm has a high probability of identifying the user's real location out from chosen dummy locations in the DLS algorithm. Our proposed DLP algorithm has clear advantages over the DLS algorithm in term of lower probability of revealing the user's real location and improved computational cost and efficiency (i.e., time, speed, accuracy, and complexity) while preserve the same privacy level as DLS algorithm

Privacy enhancing technologies (PETs) for connected vehicles in smart cities

This is an accepted manuscript of an article published by Wiley in Transactions on Emerging Telecommunications Technologies, available online: https://doi.org/10.1002/ett.4173 The accepted version of the publication may differ from the final published version.Many Experts believe that the Internet of Things (IoT) is a new revolution in technology that has brought many benefits for our organizations, businesses, and industries. However, information security and privacy protection are important challenges particularly for smart vehicles in smart cities that have attracted the attention of experts in this domain. Privacy Enhancing Technologies (PETs) endeavor to mitigate the risk of privacy invasions, but the literature lacks a thorough review of the approaches and techniques that support individuals' privacy in the connection between smart vehicles and smart cities. This gap has stimulated us to conduct this research with the main goal of reviewing recent privacy-enhancing technologies, approaches, taxonomy, challenges, and solutions on the application of PETs for smart vehicles in smart cities. The significant aspect of this study originates from the inclusion of data-oriented and process-oriented privacy protection. This research also identifies limitations of existing PETs, complementary technologies, and potential research directions.Published onlin

Lightweight authentication and key management of wireless sensor networks for Internet of things

Abstract The concept of the Internet of Things (IoT) is driven by advancements of the Internet with the interconnection of heterogeneous smart objects using different networking and communication technologies. Among many underlying networking technologies for the IoT, Wireless Sensor Network (WSN) technology has become an integral building block. IoT enabled sensor networks provide a wide range of application areas such as smart homes, connected healthcare, smart cities and various solutions for the manufacturing industry. The integration of WSNs in IoT will also create new security challenges for establishing secure channels between low power sensor nodes and Internet hosts. This will lead to many challenges in designing new key establishment and authentication protocols and redefining the existing ones. This dissertation addresses how to integrate lightweight key management and authentication solutions in the resource constrained sensor networks deployed in IoT domains. Firstly, this thesis elaborates how to exploit the implicit certificates to initiate secure End-to-End (E2E) communication channels between the resource constrained sensor nodes in IoT networks. Implicit certificates are used for authentication and key establishment purposes. The compliance of the security schemes is proven through performance evaluations and by discussing the security properties. Secondly, this dissertation presents the design of two lightweight group key establishment protocols for securing group communications between resource-constrained IoT devices. Finally, the thesis explores promising approaches on how to tailor the existing security protocols in accordance with IoT device and network characteristics. In particular, variants of Host Identity Protocol (HIP) are adopted for constructing dynamic and secure E2E connections between the heterogeneous network devices with imbalanced resource profiles and less or no previous knowledge about each other. A solutions called Collaborative HIP (CHIP) is proposed with an efficient key establishment component for the high resource-constrained devices on the IoT. The applicability of the keying mechanism is demonstrated with the implementation and the performance measurements results.Tiivistelmä Esineiden internet (IoT) on viime aikoina yleistynyt konsepti älykkäiden objektien (smart objects) liittämiseksi internetiin käyttämällä erilaisia verkko- ja kommunikaatioteknologioita. Olennaisimpia esineiden internetin pohjalla toimivia teknologioita ovat langattomat sensoriverkot (WSN), jotka ovat esineiden internetin perusrakennuspalikoita. Esineiden internetiin kytketyt langattomat sensoriverkot mahdollistavat laajan joukon erilaisia sovelluksia, kuten älykodit, etäterveydenhuollon, älykkäät kaupungit sekä älykkäät teollisuuden sovellukset. Langattomien sensoriverkkojen ja esineiden internetin yhdistäminen tuo mukanaan myös tietoturvaan liittyviä haasteita, sillä laskentateholtaan yleensä heikot anturit ja toimilaitteet eivät kykene kovin vaativiin tietoturvaoperaatioihin, joihin lukeutuvat mm. tietoturva-avaimen muodostus ja käyttäjäntunnistus. Tässä väitöskirjassa pyritään vastaamaan haasteeseen käyttämällä kevyitä avaimenmuodostus- ja käyttäjäntunnistusratkaisuja esineiden internetiin kytketyissä resurssirajoitetuissa sensoriverkoissa. Väitöstutkimuksessa keskitytään aluksi implisiittisten sertifikaattien käyttöön tietoturvallisten end-to-end-kommunikaatiokanavien alustamisessa resurssirajoitettujen sensori- ja muiden IoT-laitteiden välillä. Implisiittisiä sertifikaatteja käytetään käyttäjäntunnistuksessa sekä avaimenmuodostuksessa. Kehitettyjen ratkaisujen soveltuvuus tarkoitukseen osoitetaan suorituskykymittauksilla sekä vertaamalla niiden tietoturvaomi- naisuuksia. Seuraavaksi väitöskirjassa esitellään kaksi kevyttä ryhmäavaimenmuodostus- protokollaa tietoturvalliseen ryhmäkommunikaatioon resurssirajoitettujen IoT-laitteiden välillä. Lopuksi väitöskirjassa tarkastellaan lupaavia lähestymistapoja olemassa olevien tietoturvaprotokollien räätäläintiin IoT-laitteiden ja -verkkojen ominaisuuksille sopiviksi. Erityistä huomiota kiinnitetään Host Identity -protokollan (HIP) eri versioiden käyttöön dynaamisten ja tietoturvallisten end-to-end-yhteyksien luomiseen toisilleen ennestään tuntemattomien erityyppisten IoT-laitteiden välillä, joiden laitteistoresurssiprofiilit voivat olla hyvin erilaiset. Väitöskirjan keskeinen tulos on väitöskirjatyössä kehitetty Colla- borative HIP (CHIP) -protokolla, joka on resurssitehokas avaimenmuodostusteknologia resurssirajoitetuille IoT-laitteille. Kehitetyn teknologian soveltuvuutta tarkoitukseensa demonstroidaan prototyyppitoteutuksella tehtyjen suorituskykymittausten avulla