Your search keyword '"Access Control"' showing total 5,590 results

1. Indirect Revocable KP-ABE With Revocation Undoing Resistance

Author

Marco Rasori, Shucheng Yu, Gianluca Dini, and Pericle Perazzo

Subjects

Information Systems and Management, Revocation, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Access control, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Undo, Computer security, computer.software_genre, Encryption, Computer Science Applications, Hardware and Architecture, Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, Cloud storage

Abstract

Lately, many cloud-based applications proposed Attribute-Based Encryption (ABE) as an all-in-one solution for achieving confidentiality and access control. Within this paradigm, data producers store the encrypted data on a semi-trusted cloud server, and users, holding decryption keys issued by a key authority, can decrypt data according to some access control policy. To be used in practical cases, any ABE scheme should implement a key revocation mechanism which assures that a compromised decryption key cannot be used anymore to decrypt data. Yu et al. (INFOCOM 2010) introduced an ABE scheme with revocation capabilities that enjoys several unique advantages, such as reactivity and efficiency. In the scheme, the cloud server is entitled to update keys and ciphertexts in order to achieve revocation. Unfortunately, the cloud server retains the power to undo the revocation of a key (revocation undoing attack) so endangering confidentiality. In this paper, we propose a revocable ABE scheme that still ensures the advantages of Yu et al.'s scheme, but it also resists to the revocation undoing attack. We formally prove the security of our scheme and show through simulations that the user experiences a slightly higher computational cost with respect to Yu et al.'s scheme.

Published

2022

2. A Flexible Enhanced Throughput and Reduced Overhead (FETRO) MAC Protocol for ETSI SmartBAN

Author

Muhammad Mahtab Alam, Rida Khan, and Mohsen Guizani

Subjects

Computer Networks and Communications, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Frame (networking), 020206 networking & telecommunications, Throughput, Access control, 02 engineering and technology, Energy consumption, Transmission (telecommunications), PHY, Sensor node, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Electrical and Electronic Engineering, business, Software, Computer network

Abstract

Smart body area networks (SmartBAN) is an emerging wireless body area networks (WBAN) standard proposed by the European Telecommunications Standards Institute (ETSI). This paper first examines the potential of SmartBAN medium access control (MAC) layer with scheduled access to support a myriad of WBAN applications, having diverse data rate requirements. Extra scheduled access slots can be allocated to high date rate sensor nodes for managing their data rate requirements. High data rate sensor nodes can also be re-assigned to use the available time slots of low data rate sensor nodes in Inter-Beacon Interval (IBI) by the central hub. But these two schemes incorporate different physical (PHY) and MAC layer overheads related to frame transmission, frame acknowledgement and slot re-assignment. This redundant overhead transmission results in high overhead energy consumption and reduced effective throughput. Therefore, an innovative and flexible enhanced throughput and reduced overhead (FETRO) MAC protocol for scheduled access is proposed in this article. In the proposed scheme, the sensor node data rate requirements are considered while assigning the scheduled access slot duration by allowing minimal changes in the base-line standard implementation. This infers the provision of scheduled access slots with variable slot durations within an IBI. We also evaluate the existing techniques of extra slot allocation and slot re-assignment in SmartBAN as well as the proposed FETRO MAC protocol with variable slot length. The proposed FETRO MAC scheme results in optimizing both the overall throughput and normalized overhead energy consumption per kilo bits per second (Kbps). Additionally, the impact of various WBAN channel models over these throughput management approaches is also investigated. The proposed FETRO MAC protocol with variable slot duration gives an average reduction of 65.5% and 59.16%, respectively, in the hub and nodes normalized overhead energy consumption per Kbps outcomes, as compared to the de-facto SmartBAN MAC scheduling strategies.

Published

2022

3. Fast and Secure Data Accessing by Using DNA Computing for the Cloud Environment

Author

Suyel Namasudra

Subjects

Information Systems and Management, Computer Networks and Communications, business.industry, Computer science, Data security, 020206 networking & telecommunications, Cryptography, Cloud computing, Access control, 02 engineering and technology, Encryption, Computer Science Applications, law.invention, Data modeling, Data access, Hardware and Architecture, DNA computing, law, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Computer network

Abstract

In a cloud environment, traditional approaches are used to encrypt any data by using 0 and 1 that increase data security issues because of the presence of numerous malicious users and hackers over the internet. Deoxyribonucleic Acid (DNA) computing can be one of the best solutions to improve data security in which data are encrypted using the DNA bases: Thymine (T), Guanine (G), Cytosine (C) and Adenine (A). Along with data security, access control is another major issue of a cloud environment as the searching time of the owner of any data, the system overheard and the accessing time of a file or data are high during data access. A novel DNA computing based secure and fast Access Control Model (ACM) is proposed in this paper to solve all these major problems. In the proposed scheme, the Cloud Service Provider (CSP) keeps a table or list for fast data accessing. Here, a 1024-bit DNA computing based random key is generated by using the user's secret information, and the same key is utilized for data encryption. Theoretical analysis along with many experimental results prove the efficiency and effectiveness of the proposed access control model over some well-known existing models.

Published

2022

4. Secure and practical access control mechanism for WSN with node privacy

Author

Ajaz Hussain Mir and Ummer Iqbal

Subjects

General Computer Science, business.industry, Computer science, Node (networking), 020206 networking & telecommunications, Functional requirement, Access control, 02 engineering and technology, Internet security, Secure communication, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Elliptic curve cryptography, business, Wireless sensor network, Computer network

Abstract

An access control mechanism plays a critical role in new node deployment within a resource-constrained Wireless Sensor Networks. The deployment of a new node is inevitable either due to the outage of power or nodes getting compromised due to the adversary’s attacks. The access control scheme prevents malicious node deployment and also allows a new node to establish a shared key with its neighbors for secure communication. Besides having low communication and computational overheads, an access control mechanism must suffice to specific security and functional requirements for their practical implementations. In this paper, a provable and practical access control scheme based on Elliptical Curve Cryptography (ECC) has been presented. The proposed access control scheme supports node privacy while addressing all other major functional and security requirements. The formal validation of the proposed scheme has been carried out using automated validation of internet security protocols and applications (AVISPA) and Scyther tools. A comparative study of the proposed scheme with the existing schemes has been carried out on various security and functional requirements suggesting a better trade-off. Finally, practical experimentation on TinyOS and MICAz motes has been carried out to provide detailed energy analysis and test-bed implementation of the proposed scheme.

Published

2022

5. LIKC: A liberty of encryption and decryption through imploration from K-cloud servers

Author

Satyananda Champati Rai, Kasturi Dhal, and Prasant Kumar Pattnaik

Subjects

General Computer Science, business.industry, Computer science, 020206 networking & telecommunications, Cloud computing, Access control, 02 engineering and technology, Python (programming language), Encryption, computer.software_genre, Proxy server, Outsourcing, Data sharing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Mobile device, computer.programming_language, Computer network

Abstract

The technological advancement in the field of IoT and cloud computing along with the use of handheld gadgets generate huge amount of data. To process and share these data with fine-grained access control while maintaining confidentiality using cloud servers is a challenging task. Individuals as well as the organizations apprehend to use public cloud to share their private data due to security issues. Ciphertext-policy-attribute-based-encryption(CPABE) achieves one-to-many encryption with data confidentiality and fine-grained access control. Due to the computational intensive operations of encryption and decryption the performance of CPABE as a solution in resource-constraint environment is not encouraging enough. Some of the existing models use the resources of cloud servers to carry out outsourced computation either with compromised security or with communication-overhead. To reduce the computational time of encryption and decryption we propose a scheme LIKC which incorporates the outsourcing mechanism using a proxy server. With the imploration the computation time get reduced without compromising the security. It also supports attribute-revocation to support flexible data sharing. The proposed model is implemented using python charm crypto. The output reveals that LIKC is able to produce promising results in comparison to the data sharing models for this study.

Published

2022

6. RSA based encryption approach for preserving confidentiality of big data

Author

Alka Agrawal, Kanika Sharma, Shail Kumar Dinkar, Raees Ahmad Khan, and Dhirendra Pandey

Subjects

General Computer Science, business.industry, Computer science, Big data, 020206 networking & telecommunications, Access control, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Outsourcing, Data exchange, Server, Scalability, 0202 electrical engineering, electronic engineering, information engineering, ComputingMilieux_COMPUTERSANDSOCIETY, 020201 artificial intelligence & image processing, business, Key management, computer

Abstract

Sensitive Health Information (SHI) is a developing patient-centric model of medical data exchange, which is frequently outsourced to be stored at third party servers. Though, there have been various privacy issues as SHI could be disclosed to the unauthorised and third parties. This is a promising method to encrypt the SHI before outsourcing to assure the patients’ control over access to their own SHI. However, challenges like scalability in key management and flexible access have remained the most significant issues toward achieving fine-grained, cryptographically data access control. In this paper, the authors proposed a novel patient-centric system model for access control to SHIs stored in semi-honest servers. For fine-grained and scalable access control for SHIs, authors have proposed an encryption technique which is an improvement over RSA techniques to encrypt every patient’s SHI file. To different from previous works in secure data transmission, the authors focus on the data owner and divide users into several domains in SHI, which greatly decrease the key management complexity for data owners and users. Comprehensive analytical and experimental results are presented which reflect the efficiency of the proposed approach.

Published

2022

7. Sanitizable Access Control System for Secure Cloud Storage Against Malicious Data Publishers

Author

Jianchang Lai, Robert H. Deng, Peng Jiang, Guomin Yang, Willy Susilo, and Fuchun Guo

Subjects

business.industry, Computer science, Information technology, 020206 networking & telecommunications, 020207 software engineering, Plaintext, Cloud computing, Access control, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Server, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business, computer, Cloud storage

Abstract

Cloud computing is considered as one of the most prominent paradigms in the information technology industry, since it can significantly reduce the costs of hardware and software resources in computing infrastructure. At the first sight, by merely storing the shared data as plaintext in the cloud storage and protect them using an appropriate access control would be a nice solution. Therefore, encryption is mandatory, and the shared data will need to be stored as a ciphertext using an appropriate access control. However, in practice, some of these employees may be malicious and may want to deviate from the required sharing policy. The existing protection in the literature has been explored to allow only legitimate recipients to decrypt the contents stored in the cloud storage, but unfortunately, no existing work deals with issues raised due to the presence of malicious data publishers. In this work, we present a new direction of research that can cope with the presence of malicious data publishers. We resolve the aforementioned problem by proposing the notion of Sanitizable Access Control System (SACS) to solve the aforementioned problem.

Published

2022

8. Efficient IoT Management With Resilience to Unauthorized Access to Cloud Storage

Author

Junbeom Hur, Changhee Hahn, Hyunsoo Kwon, and Jongkil Kim

Subjects

Security analysis, Computer Networks and Communications, business.industry, Computer science, Data management, Cloud computing, Access control, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Computer Science Applications, Data access, Hardware and Architecture, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, business, Cloud storage, computer, Software, Information Systems

Abstract

Cloud-based Internet of Things (IoT) management services are a promising means of ingesting data from globally dispersed devices. In this setting, it is important to regulate access to data managed by potentially untrusted cloud servers. Attribute-based encryption (ABE) is a highly effective tool for access control. However, applying ABE to IoT environments shows limitations in the following three aspects: First, the demands for storage resources increase in proportion to the complexity of the access control policies. Second, the computation cost of ABE is onerous for resource-limited devices. Lastly, ABE alone is intractable to prevent illegal key-sharing which leads to unauthorized access to data. In this paper, we propose an efficient and secure cloud-based IoT data management scheme using ABE. First, we remove the storage-side dependency on the complexity of the access control policies. Second, a substantial part of computationally intensive operations is securely outsourced to the cloud servers. Lastly, unauthorized access to data via illegal key-sharing is strictly forbidden. Our security analysis and experimental results show the security and practicability of the proposed scheme.

Published

2022

9. Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT

Author

Xinyi Huang, Jiguo Li, Yichen Zhang, Geong Sen Poh, Debang Wang, and Jianting Ning

Subjects

Information privacy, Computer Networks and Communications, business.industry, Computer science, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Access control, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Construct (python library), Encryption, Computer security, computer.software_genre, Computer Science Applications, System model, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Attribute-based encryption, business, computer, Software, Information Systems

Abstract

The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this work, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is very much suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform by using ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

Published

2022

10. Access Control Protocol for Battlefield Surveillance in Drone-Assisted IoT Environment

Author

M. Shamim Hossain, Md. Jalil Piran, Basudeb Bera, Sahil Garg, and Ashok Kumar Das

Subjects

Security analysis, Cryptographic primitive, Computer Networks and Communications, business.industry, Computer science, 020208 electrical & electronic engineering, Testbed, 020206 networking & telecommunications, Access control, Eavesdropping, 02 engineering and technology, Adversary, Computer security, computer.software_genre, Drone, Computer Science Applications, Hardware and Architecture, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, business, Replay attack, computer, Information Systems

Abstract

Surveillance drones, called as unmanned aerial vehicles (UAV), are aircrafts that are utilized to collect video recordings, still images, or live video of the targets, such as vehicles, people or specific areas. Particularly in battlefield surveillance, there is high possibility of eavesdropping, inserting, modifying or deleting the messages during communications among the deployed drones and ground station server (GSS). This leads to launch several potential attacks by an adversary, such as main-in-middle, impersonation, drones hijacking, replay attacks, etc. Moreover, anonymity and untarcebility are two crucial security properties that need to be maintained in battlefield surveillance communication environment. To deal with such a crucial security problem, we propose a new access control protocol for battlefield surveillance in drone-assisted Internet of Things (IoT) environment, called ACPBS-IoT. Through the detailed security analysis using formal and informal (non-mathematical), and also the formal security verification under automated software simulation tool, we show the proposed ACPBS-IoT can resist several potential attacks needed in battlefield surveillance scenario. Furthermore, the testbed experiments for various cryptographic primitives have been performed for measuring the execution time. Finally, a detailed comparative study on communication and computational overheads, and security as well as functionality features reveals that the proposed ACPBS-IoT provides superior security and more functionality features, and better or comparable overheads than other existing competing access control schemes.

Published

2022

11. Toward Architectural and Protocol-Level Foundation for End-to-End Trustworthiness in Cloud/Fog Computing

Author

Houbing Song, Ziyi Su, Yong Peng, Zhihan Lv, Jingwei Miao, Frédérique Biennier, Service Oriented Computing (SOC), Laboratoire d'InfoRmatique en Image et Systèmes d'information (LIRIS), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École Centrale de Lyon (ECL), Université de Lyon-Université Lumière - Lyon 2 (UL2)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Université Lumière - Lyon 2 (UL2), China Information Technology Security Evaluation Center, Security and Optimization for Networked Globe Laboratory (West Virginia University Institute of Technology) (SONG Lab), Distribution, Recherche d'Information et Mobilité (DRIM), and Jilin Science Technology Devel-opment Project, 20140520074JH

Subjects

Information Systems and Management, Dataflow, Business process, Computer science, Distributed computing, Cloud/Fog Computing, Access control, Cloud computing, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Attribute-based access control, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 0202 electrical engineering, electronic engineering, information engineering, Edge computing, Cloud computing security, end-to-end trustworthiness, business.industry, [INFO.INFO-WB]Computer Science [cs]/Web, Context, Computational modeling, 020206 networking & telecommunications, Collaboration, Data derivation, Data aggregator, Security Service Level Agreement, 020201 artificial intelligence & image processing, business, computer, Information Systems

Abstract

International audience; With Cloud/Fog Computing being a paradigm combination of IoT context and Edge Computing extended with Cloud/Fog, business process in it involves dataflows among multilayers and multi-nodes, possibly provided by multi-organizations. Achieving end-to-end trustworthiness over the whole dataflow in such a Cloud/Fog Computing context is a challenging issue, nonetheless a necessary pre-condition for a successful business process on intra-/inter- organizational level. This paper investigates technical conundrums related to this target and proposes a policy-based approach for trustworthiness governance. An architectural layout is proposed with according modules, by carrying out two methodologies. One resides in tracing data derivation and maintaining security-level over the whole dataflow, handling data aggregation with several protocols. The other is to express data owner trustworthiness requirements with an enhanced attribute-based access control policy model and to evaluate data accessing nodes’ trustworthiness-related properties. Experiments show that processing time per attribute pair drops as the scales of policies increase, suggesting good scaling property of the system.

Published

2022

12. Server-Aided Fine-Grained Access Control Mechanism with Robust Revocation in Cloud Computing

Author

Zishuai Song, Shuzhou Sun, Hui Ma, Gaosheng Tan, and Rui Zhang

Subjects

Information Systems and Management, Revocation, Computer Networks and Communications, Computer science, business.industry, Distributed computing, 020206 networking & telecommunications, Cloud computing, Access control, 02 engineering and technology, Encryption, Computer Science Applications, Hardware and Architecture, restrict, Robustness (computer science), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, business, Cloud storage

Abstract

As an innovative technique for cloud storage services, attribute based encryption (ABE) enables fine-grained access control over encrypted data in many cloud computing applications. However, there exist two main drawbacks that restrict the development of ABE. One is that most of the existing user revocation mechanisms cannot achieve high efficiency, immediacy and robustness simultaneously. Another is that the decryption of ABE contains expensive pairing operations which often grow with the complexity of access policy. In this work, we propose a practical server-aided revocable fine-grained access control mechanism with the help of cloud's storage, computing and management capabilities, which not only achieves efficient fine-grained attribute based access control, but also actualizes immediate and robust user revocation. Moreover, most of the complicated operations in decryption are outsourced to the public cloud server, leaving one exponentiation for the users. At last, we implement our proposed mechanism with Charm framework. The benchmark results demonstrate the high efficiency and practicality of our proposed mechanism.

Published

2022

13. Lightweight and Expressive Fine-Grained Access Control for Healthcare Internet-of-Things

Author

Yinghui Zhang, Shengmin Xu, Robert H. Deng, Yingjiu Li, Xiangyang Luo, and Ximeng Liu

Subjects

Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Access control, Cloud computing, Cryptography, 02 engineering and technology, Computer security model, Encryption, Computer security, computer.software_genre, Computer Science Applications, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, Software, Secure channel, Edge computing, Information Systems

Abstract

Healthcare Internet-of-Things (IoT) is an emerging paradigm that enables embedded devices to monitor patients' vital signals and allows these data to be aggregated and outsourced to the cloud. The cloud enables authorized users to store and share data to enjoy on-demand services. Nevertheless, it also causes many security concerns because of the untrusted network environment, dishonest cloud service providers and resource-limited devices. To preserve patients' privacy, existing solutions usually apply cryptographic tools to offer access controls. However, fine-grained access control among authorized users is still a challenge, especially for lightweight and resource-limited end-devices. In this paper, we propose a novel healthcare IoT system fusing advantages of attribute-based encryption, cloud and edge computing, which provides an efficient, flexible, secure fine-grained access control mechanism with data verification in healthcare IoT network without any secure channel and enables data users to enjoy the lightweight decryption. We also define the formal security models and present security proofs for our proposed scheme. The extensive comparison and experimental simulation demonstrate that our scheme has better performance than existing solutions.

Published

2022

14. ComFlex: Composable and Flexible Resource Management for the IoT

Author

Hanjun Kim, Bongjun Kim, Seungbin Song, Gyeongmin Lee, and Seonyeong Heo

Subjects

Scheme (programming language), Service (systems architecture), Computer Networks and Communications, Computer science, business.industry, Distributed computing, 020206 networking & telecommunications, Access control, 02 engineering and technology, computer.software_genre, Computer Science Applications, Resource (project management), Hardware and Architecture, Home automation, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Resource management, Compiler, business, computer, Information Systems, computer.programming_language

Abstract

The Internet of Things (IoT) enables new services, such as smart home and smart healthcare integrating various resources of networked devices. However, managing IoT resources is very challenging because a device may have multiple different resources and the service accesses subsets of the resources in multiple devices. To simplify the resource management, the existing IoT frameworks provide resource models and protocols for manufacturers and programmers, but their access granularity is too coarse grained causing overprivilege problems, or too fine grained causing management overheads. To avoid the overprivilege problems without the management overheads, this work proposes a new composable and flexible resource management scheme and implements its prototype compiler-runtime framework called ComFlex. The ComFlex compiler allows manufacturers to register their devices as composition of fine-grained resources by inheriting the existing interfaces of the resources, and programmers to define their own access granularity as a virtual resource that consists of the fine-grained resources of multiple devices. The ComFlex runtime supports fine-grained access control without additional overheads by mapping the fine-grained resources of the virtual resource into physical resources of different devices. To evaluate the ComFlex framework, this work implements 52 resources on 14 devices and six IoT services with ComFlex and an existing fine-grained resource management scheme. Compared to the existing scheme, the ComFlex framework supports the IoT services with 40.2% fewer lines of code and 80.9% less discovery time, without any overprivilege problem and response time delay.

Published

2021

15. Blockchain-Enhanced Data Sharing With Traceable and Direct Revocation in IIoT

Author

Keping Yu, Hekun Yang, Liang Tan, Moayad Aloqaily, and Yaser Jararweh

Subjects

Authentication, Revocation list, Blockchain, Revocation, business.industry, Computer science, 020208 electrical & electronic engineering, Access control, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Computer Science Applications, System administrator, Public-key cryptography, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business, computer, Information Systems

Abstract

The industrial Internet of Things (IIoT) supports recent developments in data management and information services, as well as services for smart factories. Nowadays, many mature IIoT cloud platforms are available to serve smart factories. However, due to the semicredibility nature of the IIoT cloud platforms, how to achieve secure storage, access control, information update and deletion for smart factory data, as well as the tracking and revocation of malicious users has become an urgent problem. To solve these problems, in this article, a blockchain-enhanced security access control scheme that supports traceability and revocability has been proposed in IIoT for smart factories. The blockchain first performs unified identity authentication, and stores all public keys, user attribute sets, and revocation list. The system administrator then generates system parameters and issues private keys to users. The domain administrator is responsible for formulating domain security and privacy-protection policies, and performing encryption operations. If the attributes meet the access policies and the user's ID is not in the revocation list, they can obtain the intermediate decryption parameters from the edge/cloud servers. Malicious users can be tracked and revoked during all stages if needed, which ensures the system security under the Decisional Bilinear Diffie–Hellman (DBDH) assumption and can resist multiple attacks. The evaluation has shown that the size of the public/private keys is smaller compared to other schemes, and the overhead time is less for public key generation, data encryption, and data decryption stages.

Published

2021

16. A blockchain-based preserving and sharing system for medical data privacy

Author

Hua Yu, Chen Zeng, Bingtao Wang, and Xu Weidong

Subjects

Information privacy, Blockchain, Computer Networks and Communications, business.industry, Computer science, Data management, 020206 networking & telecommunications, Access control, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, System model, Data sharing, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Information system, 020201 artificial intelligence & image processing, business, computer, Software

Abstract

With the rapid development of information and network technology, hospital information systems (HIS) has also become a hot research area. However, data could be subjected to the threat of security attacks, leakage, tampering, and forgery during medical data transmissions, data storage, and sharing based on public networks and cloud environments. The immutability, decentralization and anonymity of the blockchain provided new ways for solving the aforementioned problems. This paper proposes a complete medical information system model based on blockchain technology, to realize the goal of safe storage and sharing of medical data. A data collection system based on Internet of Things (IoT) was also developed that can simultaneously collect data from different types of non-invasive medical instruments to realize real-time collection of patient health record during surgery (SHR). This system designed an anonymous medical data sharing scheme based on cloud servers and proxy re-encryption algorithm to improve the security of private medical data sharing. The system was implemented based on the permissioned blockchain architecture Hyperledger Fabric, and a dual-channel Fabric deployment architecture and medical chaincode were designed for data management and access control. We also carried out computing overhead test, performance test and safety evaluation on the system, and the test results meet the requirements of actual medical production environment. The research work of this paper provides means for remote diagnosis and treatment, data mining and other practical applications based on the medical data on the blockchain.

Published

2021

17. Capability-based IoT access control using blockchain

Author

Yue Liu, He Zhang, Qinghua Lu, Hugo O'Connor, Kim-Kwang Raymond Choo, Qiang Qu, and Shiping Chen

Subjects

Internet of things, Architecture design, Computer Networks and Communications, Service delivery framework, business.industry, Computer science, 020206 networking & telecommunications, Access control, Information technology, 02 engineering and technology, T58.5-58.64, Identity management, Identifier, Blockchain, 020210 optoelectronics & photonics, Hardware and Architecture, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Identity (object-oriented programming), Architecture, business, Capability-based access control, Protocol (object-oriented programming), Computer network

Abstract

Internet of Things (IoT) devices facilitate intelligent service delivery in a broad range of settings, such as smart offices, homes and cities. However, the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures. There are known security and privacy limitations with such schemes and architectures, such as the single-point failure or surveillance (e.g., device tracking). Hence, in this paper, we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices. Then, we propose a protocol to provide a systematic view of system interactions, to improve security. We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case. Our evaluation results show that the proposed solution is feasible, secure, and scalable.

Published

2021

18. Fair multi-owner search over encrypted data with forward and backward privacy in cloud-assisted Internet of Things

Author

Aniseh Najafi, Majid Bayat, and Hamid Haj Seyyed Javadi

Subjects

Scheme (programming language), Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, Cloud computing, Access control, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Information sensitivity, Data retrieval, Hardware and Architecture, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Software, Standard model (cryptography), computer.programming_language

Abstract

The trend towards the Internet of Things (IoT) technology promises the growth of home and organizational automation in the world. Due to the large amount of IoT data stored in the semi-trust cloud server, the IoT is vulnerable to cyberattacks. Therefore, the privacy violation of outsourced data is an obstacle to efficient IoT data storage. Searchable encryption is a promising solution for secure storage and selective data retrieval. However, achieving desired privacy, performance, and attributes such as dynamics, access control, scalability, and fair arbitration is still a challenge in searchable encryption schemes. In this paper, we propose a fair and dynamic multi-owner searchable encryption scheme wherein dynamics does not leak the sensitive information. In the proposed scheme, the verifiability and fair arbitration, respectively, prevent the malicious cloud servers and malicious users from having any motivation to disrupt the accuracy of the exchanged data. Generating a single trapdoor corresponding to the conjunctive keyword query, a client can search over all documents stored in the cloud, the owner of which has allowed the client to access. We also prove that our scheme is secure against the keyword guessing attack in the standard model. Finally, evaluating the performance of the proposed scheme on a real dataset, we demonstrate its efficiency as well.

Published

2021

19. ProFact: A Provenance-Based Analytics Framework for Access Control Policies

Author

Amani Abu Jabal, Elisa Bertino, Christopher Williams, Seraphin Calo, Christian Makaya, Maryam Davari, and Dinesh C. Verma

Subjects

Structure (mathematical logic), Information Systems and Management, Process management, Computer Networks and Communications, business.industry, Computer science, Information sharing, media_common.quotation_subject, 010401 analytical chemistry, Access control, Context (language use), 02 engineering and technology, Policy analysis, 01 natural sciences, 0104 chemical sciences, Computer Science Applications, Tree structure, Hardware and Architecture, Analytics, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Quality (business), business, media_common

Abstract

Policy-based access control systems are crucial for secure information sharing in collaborative applications. However, policy management needs to be flexible in order to adapt to different environments and be able to support policy evolution. However, when dealing with large sets of evolving policies, it is critical that policies meet certain policy quality requirements. Policy sets must be complete, free of inconsistencies, and relevant. In this paper, we propose a framework to analyze policies to determine whether they meet such requirements. Our framework uses provenance techniques to collect comprehensive data about actions which were either triggered due to a network context or a user (i.e., a human or a device) action. The framework includes two approaches for policy analysis: structure-based and classification-based. For the structure-based approach, we designed tree structures to organize and assess the policy set efficiently. For the classification-based approach, we employed the classification techniques to learn the characteristics of policies and predict their quality. In addition, the framework includes the policy evolution module which mainly consists of recommendation and re-evaluation services for policy changes which both aim at fulfilling the policy quality requirements. The analysis framework has been implemented and experimental results from the prototype are reported.

Published

2021

20. Smart Collaborative Balancing for Dependable Network Components in Cyber-Physical Systems

Author

Ilsun You, Fei Song, Haowei Zhang, Zhengyang Ai, and Shiyong Li

Subjects

Channel allocation schemes, Computer science, business.industry, Distributed computing, 020208 electrical & electronic engineering, Cyber-physical system, Access control, 02 engineering and technology, Computer Science Applications, Bandwidth allocation, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, Dependability, The Internet, Orchestration (computing), Electrical and Electronic Engineering, business, Software-defined networking, Information Systems

Abstract

The evolution of cyber–physical system (CPS) benefits from substantial supports of many cutting-edge technologies. However, as a significant medium to bridge virtual and reality parts, the dependability of various network components is facing unprecedented challenges and threats. In this article, we propose a smart collaborative balancing (SCB) scheme to dynamically adjust the orchestration of network functions and efficiently optimize the workflow patterns. First, mathematical models of bandwidth allocation for multiuser with appropriate probability distribution are established. Matrix operations are utilized to solve the relevant issues based on individual congestion windows. Invasion defense mechanisms are also provided and discussed. Second, specific procedures of collaboration among different network components are presented. The capabilities of CPS, in terms of bandwidth allocation and invasion defense, are guaranteed via novel queueing policies and access control mechanisms. Third, we build a comprehensive prototype including multiple domains and users for validations. Experimental results in two scenarios illustrate that SCB not only supports service reliability of end hosts with different priorities, but also resists malicious attacks which are targeting the corresponding terminals inside domains. Compared to the benchmarks in software defined networks and traditional Internet, our scheme performs better in both available resource management and abnormal flow recognition aspects.

Published

2021

21. PAASH: A privacy-preserving authentication and fine-grained access control of outsourced data for secure smart health in smart cities

Author

Ismaila Adeniyi Kamil and Sunday Oyinlola Ogundoyin

Subjects

Authentication, Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, Context (language use), Access control, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Theoretical Computer Science, Smart grid, Artificial Intelligence, Hardware and Architecture, Home automation, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Semantic security, computer, Software

Abstract

Very recently, a number of intelligent applications have evolved in smart cities such as smart grid, smart parking, smart waste management, smart manufacturing, smart home, and smart health, making our cities more smarter. In the context of smart health, smart devices are employed to collect and transmit biomedical information to a medical server, allowing medical practitioners to give better and improved healthcare services. However, considering the sensitive nature of the medical data, any illegal access may have devastating effects on the patient's health condition. A lightweight privacy-preserving authentication and fine-grained access control scheme for smart health known as PAASH is proposed. In PAASH, a new ultraefficient certificateless signature scheme with compact aggregation is developed to achieve source authentication and data integrity. To achieve efficient user authorization and data confidentiality, a privacy-preserving access control technique using the developed aggregate signature and ciphertext-policy attribute-based encryption (CP-ABE) is implemented. An analysis of PAASH reveals that it can provide desirable privacy and security measures in smart health. Moreover, the formal security demonstrated in the random oracle model (ROM) shows that PAASH is semantically secure under the intractability of the Discrete Logarithm Problem (DLP). The performance evaluation shows that PAASH is par excellence practically suitable for smart health.

Published

2021

22. A blockchain-empowered AAA scheme in the large-scale HetNet

Author

Xin Qi, Keping Yu, Wenjuan Li, Na Shi, and Liang Tan

Subjects

Scheme (programming language), Blockchain, Computer Networks and Communications, Computer science, Access control, 02 engineering and technology, Information technology, Permission, Domain (software engineering), 020210 optoelectronics & photonics, Transaction, HetNet, 0202 electrical engineering, electronic engineering, information engineering, AAA, computer.programming_language, Authentication, business.industry, 020206 networking & telecommunications, T58.5-58.64, Privacy preserving, Hardware and Architecture, business, computer, Database transaction, Heterogeneous network, Computer network

Abstract

A Large-Scale Heterogeneous Network (LS-HetNet) integrates different networks into one uniform network system to provide seamless one-world network coverage. In LS-HetNet, various devices use different technologies to access heterogeneous networks and generate a large amount of data. For dealing with a large number of access requirements, these data are usually stored in the HetNet Domain Management Server (HDMS) of the current domain, and HDMS uses a centralized Authentication/Authorization/Auditing (AAA) scheme to protect the data. However, this centralized method easily causes the data to be modified or disclosed. To address this issue, we propose a blockchain-empowered AAA scheme for accessing data of LS-HetNet. Firstly, the account address of the blockchain is used as the identity authentication, and the access control permission of data is redesigned and stored on the blockchain, then processes of AAA are redefined. Finally, the experimental model on Ethereum private chain is built, and the results show that the scheme is not only secure but also decentral, without tampering and trustworthiness.

Published

2021

23. An Intelligent Edge-Chain-Enabled Access Control Mechanism for IoV

Author

Di Zhang, Man Xiao, Fan Bai, Jianli Pan, Yuanni Liu, and Shanzhi Chen

Subjects

Sequence, Computer Networks and Communications, business.industry, Computer science, 020302 automobile design & engineering, 020206 networking & telecommunications, Access control, 02 engineering and technology, Computer Science Applications, Mechanism (engineering), Mode (computer interface), 0203 mechanical engineering, Hardware and Architecture, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Leverage (statistics), Confidentiality, Enhanced Data Rates for GSM Evolution, business, Internet of Things, Information Systems, Computer network

Abstract

The current security method of Internet-of-Vehicles (IoV) systems is rare, which makes it vulnerable to various attacks. The malicious and unauthorized nodes can easily invade the IoV systems to destroy the integrity, availability, and confidentiality of information resources shared among vehicles. Indeed, access control mechanism can remedy this. However, as a static method, it cannot timely response to these attacks. To solve this problem, we propose an intelligent edge-chain-enabled access control framework with vehicle nodes and roadside units (RSUs) in this study. In our scenario, vehicle nodes act as lightweight nodes, whereas RUSs serve as full and edge nodes to provide access control services. Considering the low accuracy of risk prediction due to limited training sets, we leverage a generative adversarial networks (GANs) to convert the risk prediction to a sequence generation. Moreover, aiming at the problems of gradient disappearance and mode collapse existed in the original GANs, we devise a Wasserstein combined GANs (WCGANs). Simulation results demonstrate that WCGAN has higher prediction accuracy than the original GANs. Additionally, it can also improve the accuracy of access control of risk prediction-based access control (RPBAC) model.

Published

2021

24. A synchronous duty-cycled reservation based MAC protocol for underwater wireless sensor networks

Author

Alak Roy and Nityananda Sarma

Subjects

Computer Networks and Communications, Computer science, Access control, 02 engineering and technology, Information technology, Acoustic communication, Scheduling (computing), MAC protocol, 020210 optoelectronics & photonics, 0202 electrical engineering, electronic engineering, information engineering, Queueing theory, business.industry, Underwater wireless sensor networks, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Reservation, 020206 networking & telecommunications, Propagation delay, Reliability, T58.5-58.64, Throughput, Energy efficiency, Hardware and Architecture, business, Wireless sensor network, Data transmission, Efficient energy use, Computer network

Abstract

To design an energy-efficient Medium Access Control (MAC) protocol for the Underwater Wireless Sensor Networks (UWSNs) is an urgent research issue since depleted batteries cannot be recharged or replaced in the underwater environment. Moreover, the underwater acoustic channels are affected by hindrances such as long propagation delay and limited bandwidth, which appear in the design of the MAC protocol for the UWSNs. The available MAC protocols for the terrestrial wireless sensor networks exhibit low performance in energy efficiency, throughput and reliability in the UWSNs, and cannot be used in the UWSNs directly because of their unique characteristics. This paper proposes a synchronous duty-cycled reservation-based MAC protocol named Ordered Contention MAC (OCMAC) protocol. The basic mechanism of this protocol is to schedule data transmission by transmitters through the scheduling of Ready To Send (RTS) frames. The protocol eliminates the possible collision during data transmission and improves communication efficiency. The paper analyzes the performance in energy efficiency, throughput and reliability of the protocol by modeling the queuing behavior of OCMAC with a Markov Chain process. Furthermore, the analytical model is validated through a simulation study. The analysis results demonstrated that while providing good throughput and reliability, OCMAC can achieve energy saving.

Published

2021

25. A CP-ABE scheme based on multi-authority in hybrid clouds for mobile devices

Author

Haibo Hong, Mande Xie, Jun Shao, and Yingying Ruan

Subjects

Scheme (programming language), Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Context (language use), Cloud computing, Access control, 02 engineering and technology, Encryption, Hardware and Architecture, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Mobile device, computer, Software, Access structure, Computer network, computer.programming_language

Abstract

With the rapid development of cloud computing, the ensuing security issues have become increasingly prominent. In this context, attribute-based encryption (ABE) has gradually attracted widespread attentions due to its unique attribute matching mechanism. At the same time, mobile devices have put forward higher requirements for the design and deployment of ABE schemes. Therefore, in this paper, we propose an original hybrid cloud multi-authority ciphertext-policy attribute-based encryption (HCMACP-ABE) scheme. Specifically, we utilize the LSSS (Linear Secret-Sharing Schemes) access structure to realize secure access control, while the private cloud is responsible for maintaining the user’s authorization list and verifying the user. Finally, we prove that our proposal achieves IND-CCA secure and is efficient in a mobile hybrid cloud environment.

Published

2021

26. A novel approach of privacy-preserving data sharing system through data-tagging with role-based access control

Author

Shubha Puthran, Tanvi Garg, Prathamesh Churi, Ambika Pawar, and Navid Kagalwalla

Subjects

020203 distributed computing, business.industry, Computer science, Mechanical Engineering, Access control, 02 engineering and technology, Geotechnical Engineering and Engineering Geology, Computer security, computer.software_genre, Privacy preserving, Data sharing, Mechanics of Materials, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, Electrical and Electronic Engineering, business, computer, Civil and Structural Engineering

Abstract

Purpose This paper aims to design a secure and seamless system that ensures quick sharing of health-care data to improve the privacy of sensitive health-care data, the efficiency of health-care infrastructure, effective treatment given to patients and encourage the development of new health-care technologies by researchers. These objectives are achieved through the proposed system, a “privacy-aware data tagging system using role-based access control for health-care data.” Design/methodology/approach Health-care data must be stored and shared in such a manner that the privacy of the patient is maintained. The method proposed, uses data tags to classify health-care data into various color codes which signify the sensitivity of data. It makes use of the ARX tool to anonymize raw health-care data and uses role-based access control as a means of ensuring only authenticated persons can access the data. Findings The system integrates the tagging and anonymizing of health-care data coupled with robust access control policies into one architecture. The paper discusses the proposed architecture, describes the algorithm used to tag health-care data, analyzes the metrics of the anonymized data against various attacks and devises a mathematical model for role-based access control. Originality/value The paper integrates three disparate topics – data tagging, anonymization and role-based access policies into one seamless architecture. Codifying health-care data into different tags based on International Classification of Diseases 10th Revision (ICD-10) codes and applying varying levels of anonymization for each data tag along with role-based access policies is unique to the system and also ensures the usability of data for research.

Published

2021

27. A unified blockchain-based platform for global e-waste management

Author

Raju Halder, Arnab Mukherjee, and Swagatika Sahoo

Subjects

Blockchain, Smart contract, Computer Networks and Communications, business.industry, Computer science, Supply chain, 020206 networking & telecommunications, Access control, 02 engineering and technology, 010501 environmental sciences, 01 natural sciences, Risk analysis (engineering), Obsolescence, Management system, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Solidity, business, 0105 earth and related environmental sciences, Information Systems

Abstract

Purpose The rapid technological growth, changes in consumer demands, products’ built-in obsolescence, presence of more non-repairable parts, shorter lifespan, etc., lead to the generation of e-waste at an unprecedented rate. Although a number of research proposals and business products to manage e-waste exist in the literature, they lack in many aspects such as incomplete coverage of product’s life cycle, access control, payment channels (in few cases), incentive mechanisms, scalability issues, and missing experimental validation. The purpose of this paper is to introduce a novel blockchain-based e-waste management system aiming to mitigate the above-mentioned downsides and limitations of the existing proposals. Design/methodology/approach This paper proposes a robust and reliable e-waste management system by leveraging the power of blockchain technology, which captures the complete life cycle of e-products commencing from their manufacturing as new products to their disposal as e-waste and their recycling back into raw materials. Findings While the use of blockchain technology increases accountability, transparency and trust in the system, the proposal overcomes various challenges and limitations of the existing systems by providing seamless interactions among various agencies. Originality/value This paper presents a prototype implementation of the system as a proof-of-concept using solidity on the Ethereum platform and this paper performs experimental evaluations to demonstrate its feasibility and effective performance in terms of execution gas cost and transaction throughput.

Published

2021

28. Flexible, decentralised access control for smart buildings with smart contracts

Author

Omid Ardakanian, Kalvin Eng, Leepakshi Bindra, and Eleni Stroulia

Subjects

FOS: Computer and information sciences, Architectural engineering, Computer Science - Cryptography and Security, business.industry, Computer science, 020209 energy, Visitor pattern, Computational Mechanics, 020206 networking & telecommunications, Access control, 02 engineering and technology, Ontology (information science), Computer Graphics and Computer-Aided Design, Computer Science - Distributed, Parallel, and Cluster Computing, 11. Sustainability, 0202 electrical engineering, electronic engineering, information engineering, Distributed, Parallel, and Cluster Computing (cs.DC), Computer Vision and Pattern Recognition, business, Cryptography and Security (cs.CR), Building automation

Abstract

Large commercial buildings are complex cyber-physical systems containing expensive and critical equipment that ensure the safety and comfort of their numerous occupants. Yet occupant and visitor access to spaces and equipment within these buildings are still managed through unsystematic, inefficient, and human-intensive processes. As a standard practice, long-term building occupants are given access privileges to rooms and equipment based on their organizational roles, while visitors have to be escorted by their hosts. This approach is conservative and inflexible. In this paper, we describe a methodology that can flexibly and securely manage building access privileges for long-term occupants and short-term visitors alike, taking into account the risk associated with accessing each space within the building. Our methodology relies on blockchain smart contracts to describe, grant, audit, and revoke fine-grained permissions for building occupants and visitors, in a decentralized fashion. The smart contracts are specified through a process that leverages the information compiled from Brick and BOT models of the building. We illustrate the proposed method through a typical application scenario in the context of a real office building and argue that it can greatly reduce the administration overhead, while, at the same time, providing fine-grained, auditable access control., Comment: 26 pages

Published

2021

29. Fortified-Chain: A Blockchain-Based Framework for Security and Privacy-Assured Internet of Medical Things With Effective Access Control

Author

Ashok Kumar Pradhan, Venkataramana Badarla, Bhaskara S. Egala, and Saraju P. Mohanty

Subjects

Authentication, Blockchain, Computer Networks and Communications, Computer science, business.industry, Cost effectiveness, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Access control, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Computer Science Applications, Data sharing, Hardware and Architecture, Signal Processing, Distributed data store, 0202 electrical engineering, electronic engineering, information engineering, The Internet, business, computer, Information Systems, Anonymity

Abstract

The rapid developments in the Internet of Medical Things (IoMT) help the smart healthcare systems to deliver more sophisticated real-time services. At the same time, IoMT also raises many privacy and security issues. Also, the heterogeneous nature of these devices makes it challenging to develop a common security standard solution. Furthermore, the existing cloud-centric IoMT healthcare systems depend on cloud computing for electrical health records (EHR) and medical services, which is not suggestible for a decentralized IoMT healthcare systems. In this article, we have proposed a blockchain-based novel architecture that provides a decentralized EHR and smart-contract-based service automation without compromising with the system security and privacy. In this architecture, we have introduced the hybrid computing paradigm with the blockchain-based distributed data storage system to overcome blockchain-based cloud-centric IoMT healthcare system drawbacks, such as high latency, high storage cost, and single point of failure. A decentralized selective ring-based access control mechanism is introduced along with device authentication and patient records anonymity algorithms to improve the proposed system’s security capabilities. We have evaluated the latency and cost effectiveness of data sharing on the proposed system using Blockchain. Also, we conducted a logical system analysis, which reveals that our architecture-based security and privacy mechanisms are capable of fulfilling the requirements of decentralized IoMT smart healthcare systems. Experimental analysis proves that our fortified-chain-based H-CPS needs insignificant storage and has a response time in the order of milliseconds as compared to traditional centralized H-CPS while providing decentralized automated access control, security, and privacy.

Published

2021

30. DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Author

Jonathan Loo, Ed Kamya Kiyemba Edris, Mahdi Aiash, and Seeling, Patrick

Subjects

formal methods, Computer science, data sharing, applied pi calculus, Access control, 02 engineering and technology, 0203 mechanical engineering, network services, federated identity, ProVerif, 0202 electrical engineering, electronic engineering, information engineering, Information-security, business.industry, security protocol, 020302 automobile design & engineering, 020206 networking & telecommunications, Provisioning, General Medicine, Information security, Cryptographic protocol, Service provider, Data sharing, Cellular network, authorization, Distributed-computing, Federated identity, business, 5G, data caching, Computer-networking, Computer network

Abstract

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Published

2021

31. A Novel User Collusion-Resistant Decentralized Multi-Authority Attribute-Based Encryption Scheme Using the Deposit on a Blockchain

Author

Kyung Hyune Rhee, Donghyun Kim, Zhipeng Cai, and Si-Wan Noh

Subjects

Technology, Article Subject, Exploit, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, Access control, TK5101-6720, 02 engineering and technology, Encryption, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Flexibility (engineering), 021110 strategic, defence & security studies, business.industry, 020206 networking & telecommunications, Data sharing, Identifier, Collusion, Telecommunication, Attribute-based encryption, business, computer, Information Systems

Abstract

Recently, the concept of a decentralized data marketplace is getting much attention to exchange user data. Multi-authority attribute-based encryption (ABE), which can provide flexibility and user-centric access control, is previously widely used in decentralized data sharing applications and also becoming a foundation to build decentralized data trading applications. It is known that users in a multi-authority ABE system can collude by sharing their secret information for malicious purposes. To address this issue, the collusion-resistant multi-authority ABE model was introduced in which a unique global identifier (GID) is issued by the central authority (CA) to each user. Unfortunately, such approach cannot be used directly to build a decentralized data marketplace as (a) such intervention of the CA is directly against the main motivation of the decentralized trading platform and, mostly importantly, (b) the CA can exploit its full knowledge on users’ GID to launch various attacks against users. Motivated by these observations, this paper introduces a novel user collusion-resistant decentralized multi-authority ABE scheme for privacy preserving data trading systems. In the existing multi-authority ABE systems, users utilize his/her GID that is solely assigned by the CA to generate his/her secret keys throughout the collaboration with authorities and a user can compute multi-authority keys by combining the secret keys (stem from the same GID) in various ways. In the proposed system, the CA only has a partial knowledge of users’ GIDs, and thus, users’ privacy can be protected. On the other hand, we set the user’s own partial GID as a secret which can be used to withdraw his/her deposit to discourage any possible collusion among users.

Published

2021

32. Secure Data Group Sharing and Dissemination with Attribute and Time Conditions in Public Cloud

Author

Yixiang Yang, Jingyi Fu, and Qinlong Huang

Subjects

Information Systems and Management, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, Access control, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Computer Science Applications, Public-key cryptography, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Data Protection Act 1998, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, Dissemination

Abstract

Cloud computing has become increasingly popular among users and businesses around the world. Although cryptographic techniques can provide data protection for users in public cloud, several issues also remain problematic, such as secure data group dissemination and fine-grained access control of time-sensitive data. In this paper, we propose an identity-based data group sharing and dissemination scheme in public cloud, in which data owner could broadcast encrypted data to a group of receivers at one time by specifying these receivers’ identities in a convenient and secure way. In order to achieve secure and flexible data group dissemination, we adopt attribute-based and timed-release conditional proxy re-encryption to guarantee that only data disseminators whose attributes satisfy the access policy of encrypted data can disseminate it to other groups after the releasing time by delegating a re-encryption key to cloud server. The re-encryption conditions are associated with attributes and releasing time, which allows data owner to enforce fine-grained and timed-release access control over disseminated ciphertexts. The theoretical analysis and experimental results show our proposed scheme makes a tradeoff between computational overhead and expressive dissemination conditions.

Published

2021

33. Secure crowd-sensing protocol for fog-based vehicular cloud

Author

Lewis Nkenyereye, S. M. Riazul Islam, Anand Nayyar, Mohammad Abdullah-Al-Wadud, Muhammad Bilal, and Atif Alamri

Subjects

Authentication, Vehicular ad hoc network, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Access control, Cloud computing, 02 engineering and technology, Encryption, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Enhanced Data Rates for GSM Evolution, business, Protocol (object-oriented programming), Software, Computer network

Abstract

The new paradigm of fog computing was extended from conventional cloud computing to provide computing and storage capabilities at the edge of the network. Applied to vehicular networks, fog-enabled vehicular computing is expected to become a core feature that can accelerate a multitude of services including crowd-sensing. Accordingly, the security and privacy of vehicles joining the crowd-sensing system have become important issues for cyber defense and smart policing. In addition, to satisfy the demand of crowd-sensing data users, fine-grained access control is required. In this paper, we propose a secure and privacy-preserving crowd-sensing scheme for fog-enabled vehicular computing. The proposed architecture is made by a double layer of fog nodes that is used to generate crowd-sensing tasks for vehicles, then collect, aggregate and analyze the data based on user specifications. To ensure data confidentiality and fined-grained access control, we make use of ciphertext-policy attribute-based encryption with access update policy (CP-ABE-UP), which is a well-known one-to-many encryption technique. The policy update algorithm allows the fog nodes to outsource the crowd-sensing data to other fog nodes or to data users directly. We also adopted the ID-based signature tied to pseudonymous techniques to guarantee the authentication and privacy-preservation of the entities in the system. From the upper fog layer to the data user, we show that an information-centric networking (ICN) approach can be applied to maximize the network resources and enhance the security by avoiding unauthorized and unauthenticated data owners. The security analysis confirms that our approach is secure against known attacks, whereas the simulation results show its efficiency in terms of communication with little computational overhead.

Published

2021

34. Fine-Grained Frequency Reuse in Centralized Small Cell Networks

Author

Tao Guo and Alberto Suarez

Subjects

Computer Networks and Communications, Computer science, business.industry, Distributed computing, 020206 networking & telecommunications, Access control, Throughput, 02 engineering and technology, Frequency allocation, 0202 electrical engineering, electronic engineering, information engineering, Resource allocation, Resource management, Enhanced Data Rates for GSM Evolution, Small cell, Electrical and Electronic Engineering, business, Software, 5G

Abstract

Interference management for Small Cell (SC) networks has drawn great attention from both academia and industry due to its importance in Long-Term Evolution (LTE) and emerging 5G networks. Although various approaches have been proposed in the literature, many of them face practical limitations such as showing gains only in specific scenarios, relying on ideal fronthaul, or becoming computationally intractable as the network size increases. In this paper, a novel framework is proposed for interference management in centralized SC networks by jointly utilizing graph theory and optimization theory. It extends the classic center-edge frequency reuse schemes into a more fine-grained scale, thus capturing the complex interference relationships in SC networks. The cell-level resource partition can be semi-statically updated according to the traffic dynamics while existing Medium Access Control (MAC) schedulers can be used for subframe-level resource allocation, not requiring fiber fronthaul. LTE system-level simulation results show that the proposed scheme can significantly improve both cell edge and mean user throughput with practical complexity.

Published

2021

35. Efficient Policy-Hiding and Large Universe Attribute-Based Encryption With Public Traceability for Internet of Medical Things

Author

Zeng, Peng, Zhang, Zhiting, Lu, Rongxing, and Choo, Kim-Kwang Raymond

Subjects

Security analysis, Cryptographic primitive, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Access control, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Computer Science Applications, Hardware and Architecture, Signal Processing, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, The Internet, Attribute-based encryption, business, computer, Information Systems

Abstract

Modern day medical systems are closely integrated and interconnected with other systems, such as those comprising Internet-of-Medical Things (IoMT) devices that facilitate remote healthcare services, say during pandemics (e.g., COVID-19). Attribute-based encryption (ABE) is a promising cryptographic primitive to support fine-grained access control in the ciphertext environment; in other words, ABE can potentially be used to ensure data confidentiality and user privacy in the IoMT ecosystem. In this article, we propose an efficient partially-policy-hidden and large universe ABE scheme with public traceability to construct a practical IoMT system (hereafter referred to as PTIoMT). The system is designed to achieve the following features: 1) the access policy is partially hidden: only nonsensitive attribute labels/names are displayed, while sensitive attribute values are hidden in the encrypted electronic health records (EHRs); 2) the number of the attributes is independent of the public parameters and, thus, can be arbitrarily large; 3) any user who discloses the decryption key can be efficiently tracked; and 4) fewer bilinear pairing operations are required during the decryption process. The security analysis and performance evaluation demonstrate the security and efficiency of PTIoMT.

Published

2021

36. Resilient Desynchronization for Decentralized Medium Access Control

Author

Daniel Silvestre, Carlos Silvestre, and Joao P. Hespanha

Subjects

0209 industrial biotechnology, Control and Optimization, Computer science, business.industry, Node (networking), Distributed computing, SIGNAL (programming language), 020206 networking & telecommunications, Access control, 02 engineering and technology, Residual, Telecommunications network, 020901 industrial engineering & automation, Control and Systems Engineering, Distributed algorithm, 0202 electrical engineering, electronic engineering, information engineering, Isolation (database systems), business, Wireless sensor network

Abstract

In Wireless Sensor Networks (WSNs), equally spaced timing for Medium Access Control (MAC) is fundamental to guarantee throughput maximization from all nodes. This motivated the so called desynchronization problem and its solution based on the fast Nesterov method. In this letter, we tackle the problem of constructing centralized and distributed versions of the optimal fixed-parameter Nesterov that are resilient to attacks to a subset of nodes. By showing a relationship between the variance of the attacker signal and how further away a node is, we are able to present a distributed algorithm that has minimal added complexity and performs the detection and isolation of the faulty node. Simulations are provided illustrating the successful detection and highlighting that without a correction mechanism (dependent on additional assumptions), there is a residual error that is not eliminated.

Published

2021

37. Using Conditional Random Fields to Optimize a Self-Adaptive Bell–LaPadula Model in Control Systems

Author

Zhuo Tang, Neal N. Xiong, Jin Wang, and Li Yang

Subjects

Conditional random field, Computer science, Feature vector, 0211 other engineering and technologies, Feature selection, Access control, 02 engineering and technology, Viterbi algorithm, computer.software_genre, Data modeling, symbols.namesake, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, 021110 strategic, defence & security studies, business.industry, Bell–LaPadula model, Computer Science Applications, Human-Computer Interaction, Control and Systems Engineering, Test set, symbols, 020201 artificial intelligence & image processing, Data mining, business, computer, Software

Abstract

Once defined, the access control policies and regulations would never be changed in a running and state transition process. However, it will give attackers the possibility of discovering vulnerabilities in the system, and the control systems lack the ability of dynamic perception of security state and risk, causing the systems to be exposed to risks. In this article, a dynamic Bell–LaPadula (BLP) model is proposed. The conditional random field (CRF) is introduced into the BLP model to optimize the rules. First, the model formalizes the security attributes, states of system, transition rules, and constraint models on the basis of the state transition of CRFs. After the historical system access logs are processed as the original dataset, a feature selection method is proposed to extract the requests and current states as feature vectors. Second, this article presents a rules training algorithm based on L-BFGS to implement the study and training of datasets, and then marks the logs in the test set through Viterbi algorithm automatically. On the base of these, a rule generation algorithm is proposed to dynamically adjust the access control rules based on the current security status and events of the system. Third, the security of CRFs-BLP is proved by theoretical analysis. Finally, the validity and accuracy of the model are verified by estimating the value of the precision, recall, and $F1$ -score. As the system threats are shown to be decreased obviously from these experiments, this dynamic model can decrease the vulnerabilities and risk effectively.

Published

2021

38. Methods for assessing the efficiency of access control subsystems at informatization facilities of internal affairs bodies and aspects of their improvement

Author

S. V. Efimov, V. V. Konobeevskikh, and A. V. Batskikh

Subjects

access control subsystem, Service (systems architecture), Technology, efficiency indicator, Computer science, Control (management), 030508 substance abuse, Access control, 02 engineering and technology, efficiency quantification, 03 medical and health sciences, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Informatization, Security level, Disadvantage, information security system, business.industry, Information security, Risk analysis (engineering), Information and Communications Technology, automated system, 0305 other medical science, business, unauthorized access

Abstract

Objective. The purpose of the article is to analyse the existing methodology used to assess the efficiency of automated information security systems by studying open literature sources, international and industry standards of the Russian Federation on information security of automated systems, guidelines and orders of the Federal Service for Technical and Expert Control of Russia, as well as departmental orders, instructions and regulations on information security at informatization facilities of internal affairs bodies. The analysis results in identifying the advantages and disadvantages of the specified methodology, as well as the possibilities of its use when conducting a quantitative assessment of the efficiency of access control subsystems of information security systems at the informatization facilities of internal affairs bodies. Methods. To achieve this goal, the method for system analysis of approaches used to assess the efficiency of information security tools and systems has been applied. Results. The paper presents results of analysing the main approaches used to assess the efficiency of tools and systems for information security of automated systems. The paper determines the relationship between the efficiency indicator of access control subsystems of information security systems and the main disadvantage of their use in protected automated systems of internal affairs bodies. The paper substantiates main directions of improving the existing methodology, proposes methods and indicators for quantifying the efficiency of access control subsystems (including those modified on the basis of using new information and communication technologies) of information security systems in protected automated systems of internal affairs bodies. Conclusion. The results obtained can be used to quantify the security level of existing automated systems and those being developed at informatization facilities of internal affairs bodies.

Published

2021

39. A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture

Author

Jie Zhao, Dongqing Liu, Siyuan Qiao, Minzhao Lyu, Chen Baozhan, Chen Haotian, Huimin Lu, Yunkai Zhai, and Xiaobing Shi

Subjects

Authentication, Computer Networks and Communications, business.industry, Computer science, Concurrency, Big data, Access control, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Security awareness, Computer Science Applications, Hardware and Architecture, 020204 information systems, Signal Processing, Health care, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Isolation (database systems), business, computer, Information Systems

Abstract

The key features of 5G network (i.e., high bandwidth, low latency, and high concurrency) along with the capability of supporting big data platforms with high mobility make it valuable in coping with emerging medical needs, such as COVID-19 and future healthcare challenges. However, enforcing the security aspect of a 5G-based smart healthcare system that hosts critical data and services is becoming more urgent and critical. Passive security mechanisms (e.g., data encryption and isolation) used in legacy medical platforms cannot provide sufficient protection for a healthcare system that is deployed in a distributed manner and fail to meet the need for data/service sharing across "cloud-edge-terminal" in the 5G era. In this article, we propose a security awareness and protection system that leverages zero-trust architecture for a 5G-based smart medical platform. Driven by the four key dimensions of 5G smart healthcare including "subject" (i.e., users, terminals, and applications), "object" (i.e., data, platforms, and services), "behavior," and "environment," our system constructs trustable dynamic access control models and achieves real-time network security situational awareness, continuous identity authentication, analysis of access behavior, and fine-grained access control. The proposed security system is implemented and tested thoroughly at industrial-grade, which proves that it satisfies the needs of active defense and end-to-end security enforcement of data, users, and services involved in a 5G-based smart medical system.

Published

2021

40. Outsourced Decentralized Multi-Authority Attribute Based Signature and Its Application in IoT

Author

Jiameng Sun, Ye Su, Jing Qin, Jixin Ma, and Jiankun Hu

Subjects

QA75, 020203 distributed computing, Security analysis, Information privacy, Authentication, Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, Access control, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Computer Science Applications, Outsourcing, Digital signature, Hardware and Architecture, Server, 0202 electrical engineering, electronic engineering, information engineering, business, computer, Software, Information Systems

Abstract

IoT devices often collect data and store the data in the cloud for sharing and further processing. A natural solution for secure access is directly using the device owner?s identity as the private key to generate a signature for data authentication. However this will simultaneously expose this identity. Attribute based signature (ABS), which takes the signer?s attributes instead of his/her identity as the private key, can realize data authentication while preserving the signer?s identity privacy. In ABS, there are multiple authorities that issue different private keys for signers based on their various attributes, and a central authority is usually established to manage all these attribute authorities. However, one security concern is that if the central authority is compromised, the whole system will be broken. In this paper, we present an outsourced decentralized multi-authority attribute based signature (ODMA-ABS) scheme. The proposed ODMAABS achieves attribute privacy and stronger authority-corruption resistance than existing multi-authority attribute based signature schemes. In addition, the overhead to generate a signature is further reduced by outsourcing expensive computation to a signing cloud server. We provide extensive security analysis and experimental simulation of the proposed scheme. We also propose an access control scheme that is based on ODMA-ABS.

Published

2021

41. A Common Method of Share Authentication in Image Secret Sharing

Author

Yuliang Lu, Xinpeng Zhang, Ching-Nung Yang, Xuehu Yan, and Shudong Wang

Subjects

Authentication, business.industry, Computer science, Access control, Cloud computing, 02 engineering and technology, Encryption, Secret sharing, Electronic mail, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, business, Digital watermarking, Block (data storage), Computer network

Abstract

Because of the importance of digital images and their extensive application to digital watermarking, block chain, access control, identity authentication, distributive storage in the cloud and so on, image secret sharing (ISS) is attracting ever-increasing attention. Share authentication is an important issue in its practical application. However, most ISS schemes with share authentication ability require a dealer to participate in the authentication (namely, dealer participatory authentication). In this paper, we design an ISS for a $(k,n)$ -threshold with separate share authentication abilities of both dealer participatory authentication and dealer nonparticipatory authentication. The advantages of polynomial-based ISS and visual secret sharing (VSS) are skillfully fused to achieve these two authentication abilities without sending a share by using a screening operation. In addition, the designed scheme has the characteristics of low decryption (authentication) complexity, lossless decryption and no pixel expansion. Experiments and theoretical analyses are performed to show the effectiveness of the designed scheme.

Published

2021

42. Proposal and Performance Evaluation of Information Diffusion Technique with Novel Virtual-Cell-Based Wi-Fi Direct

Author

Nei Kato, Tohn Furutani, Hiroki Nishiyama, and Yuichi Kawamoto

Subjects

Computer science, business.industry, Wi-Fi Direct, Distributed computing, 0211 other engineering and technologies, 020206 networking & telecommunications, Access control, 02 engineering and technology, Construct (python library), Computer Science Applications, Scheduling (computing), law.invention, Human-Computer Interaction, Spread spectrum, Information and Communications Technology, law, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Wi-Fi, business, Mobile device, 021101 geological & geomatics engineering, Information Systems

Abstract

Wi-Fi Direct (WFD) has attracted much attention in recent years as a device-to-device communication technology that enables the sharing and diffusion of information in disaster areas that lack existing communication infrastructures. In WFD, mobile devices such as smartphones and tablets establish communication groups (a wireless local area network (WLAN)), and transmit and/or receive data by Wi-Fi among devices autonomously. However, WFD is not effective for spreading data throughout a wide range because it randomly selects communication partners and needs to wait uselessly for random lengths of time to maintain access control. Thus, we propose a novel and efficient information diffusion method exploiting WFD and delay-tolerant networking (DTN). This method involves a unique virtual cell design based on device locations and enables efficient information diffusion without interference by assigning communication times to the virtual cells. As there is no deterministic means of evaluating multihop communication exploiting WFD and a mathematical model is needed to quantitatively indicate the performance of our method, we further construct a performance evaluation model using the reaction–diffusion model, which is a partial differential equation used to mathematically describe the spread of epidemic diseases. The effectiveness of this proposed diffusion method is evaluated exploiting the constructed model.

Published

2021

43. A Blockchain-Based Medical Data Sharing Mechanism with Attribute-Based Access Control and Privacy Protection

Author

Linghang Meng, Yingwen Chen, Huan Zhou, and Guangtao Xue

Subjects

Technology, Security analysis, Article Subject, 020205 medical informatics, Smart contract, Computer Networks and Communications, Computer science, Cloud computing, Access control, TK5101-6720, 02 engineering and technology, Computer security, computer.software_genre, Encryption, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Tamper resistance, business.industry, 020206 networking & telecommunications, Trusted third party, Data sharing, Telecommunication, business, computer, Information Systems

Abstract

The rapid development of wearable sensors and the 5G network empowers traditional medical treatment with the ability to collect patients’ information remotely for monitoring and diagnosing purposes. Meanwhile, the health-related mobile apps and devices also generate a large amount of medical data, which is critical for promoting disease research and diagnosis. However, medical data is too sensitive to share, which is also a common issue for IoT (Internet of Things) data. The traditional centralized cloud-based medical data sharing schemes have to rely on a single trusted third party. Therefore, the schemes suffer from single-point failure and lack of privacy protection and access control for the data. Blockchain is an emerging technique to provide an approach for managing data in a decentralized manner. Especially, the blockchain-based smart contract technique enables the programmability for participants to access the data. All the interactions are authenticated and recorded by the other participants of the blockchain network, which is tamper resistant. In this paper, we leverage the K-anonymity and searchable encryption techniques and propose a blockchain-based privacy-preserving scheme for medical data sharing among medical institutions and data users. To be specific, the consortium blockchain, Hyperledger Fabric, is adopted to allow data users to search for encrypted medical data records. The smart contract, i.e., the chaincode, implements the attribute-based access control mechanisms to guarantee that the data can only be accessed by the user with proper attributes. The K-anonymity and searchable encryption ensure that the medical data is shared without privacy leaking, i.e., figuring out an individual patient from queries. We implement a prototype system using the chaincode of Hyperledger Fabric. From the functional perspective, security analysis shows that the proposed scheme satisfies security goals and precedes others. From the performance perspective, we conduct experiments by simulating different numbers of medical institutions. The experimental results demonstrate that the scalability and performance of our scheme are practical.

Published

2021

44. A Blockchain-empowered Access Control Framework for Smart Devices in Green Internet of Things

Author

Keping Yu, Moayad Aloqaily, Liang Tan, Na Shi, and Yaser Jararweh

Subjects

Resource (biology), Blockchain, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Access control, Environmental pollution, 02 engineering and technology, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Internet of Things, computer

Abstract

Green Internet of things (GIoT) generally refers to a new generation of Internet of things design concept. It can save energy and reduce emissions, reduce environmental pollution, waste of resources, and harm to human body and environment, in which green smart device (GSD) is a basic unit of GIoT for saving energy. With the access of a large number of heterogeneous bottom-layer GSDs in GIoT, user access and control of GSDs have become more and more complicated. Since there is no unified GSD management system, users need to operate different GIoT applications and access different GIoT cloud platforms when accessing and controlling these heterogeneous GSDs. This fragmented GSD management model not only increases the complexity of user access and control for heterogeneous GSDs, but also reduces the scalability of GSDs applications. To address this issue, this article presents a blockchain-empowered general GSD access control framework, which provides users with a unified GSD management platform. First, based on the World Wide Web Consortium (W3C) decentralized identifiers (DIDs) standard, users and GSD are issued visual identity ( VID ). Then, we extended the GSD-DIDs protocol to authenticate devices and users. Finally, based on the characteristics of decentralization and non-tampering of blockchain, a unified access control system for GSD was designed, including the registration, granting, and revoking of access rights. We implement and test on the Raspberry Pi device and the FISCO-BCOS alliance chain. The experimental results prove that the framework provides a unified and feasible way for users to achieve decentralized, lightweight, and fine-grained access control of GSDs. The solution reduces the complexity of accessing and controlling GSDs, enhances the scalability of GSD applications, as well as guarantees the credibility and immutability of permission data and identity data during access.

Published

2021

45. MAC for Machine-Type Communications in Industrial IoT—Part II: Scheduling and Numerical Results

Author

Xu Li, Xuemin Shen, Weihua Zhuang, Jie Gao, and Mushu Li

Subjects

Job shop scheduling, Artificial neural network, Computer Networks and Communications, Computer science, business.industry, Network packet, Quality of service, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, 020302 automobile design & engineering, Access control, 02 engineering and technology, Computer Science Applications, Scheduling (computing), 0203 mechanical engineering, Hardware and Architecture, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Granularity, Internet of Things, business, Information Systems, Computer network

Abstract

In the second part of this article, we develop a centralized packet transmission scheduling scheme to pair with the protocol designed in Part I and complete our medium access control (MAC) design for machine-type communications in the industrial Internet of Things. For the networking scenario, fine-grained scheduling that attends to each device becomes necessary, given stringent Quality-of-Service (QoS) requirements and diversified service types, but prohibitively complex for a large number of devices. To address this challenge, we propose a scheduling solution in two steps. First, we develop algorithms for device assignment based on the analytical results from Part I, when parameters of the proposed protocol are given. Then, we train a deep neural network for assisting in the determination of the protocol parameters. The two-step approach ensures the accuracy and granularity necessary for satisfying the QoS requirements and avoids excessive complexity from handling a large number of devices. Integrating the distributed coordination in the protocol design from Part I and the centralized scheduling from this part, the proposed MAC protocol achieves high performance, demonstrated through extensive simulations. For example, the results show that the proposed MAC can support 1000 devices under an aggregated traffic load of 3000 packets per second with a single channel and achieve < 0.5 ms average delay and < 1% average collision probability among 50 high priority devices.

Published

2021

46. MAC for Machine-Type Communications in Industrial IoT—Part I: Protocol Design and Analysis

Author

Mushu Li, Weihua Zhuang, Xu Li, Xuemin Shen, and Jie Gao

Subjects

Structure (mathematical logic), Computer Networks and Communications, business.industry, Computer science, Quality of service, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Access control, 02 engineering and technology, Computer Science Applications, Scheduling (computing), Hardware and Architecture, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Industrial Internet, business, Protocol (object-oriented programming), Information Systems, Communication channel, Computer network

Abstract

In this two-part paper, we propose a novel medium access control (MAC) protocol for machine-type communications in the Industrial Internet of Things. The considered use case features a limited geographical area and a massive number of devices with sporadic data traffic and different priority types. We target supporting the devices while satisfying their Quality-of-Service (QoS) requirements with a single access point and a single channel, which necessitates a customized design that can significantly improve the MAC performance. In Part I of this paper, we present the MAC protocol that comprises a new slot structure, corresponding channel access procedure, and mechanisms for supporting high device density and providing differentiated QoS. A key idea behind this protocol is sensing-based distributed coordination for significantly improving channel utilization. To characterize the proposed protocol, we analyze its delay performance based on the packet arrival rates of devices. The analytical results provide insights and lay the groundwork for the fine-grained scheduling with QoS guarantee as presented in Part II.

Published

2021

47. Thorough Performance Evaluation & Analysis of the 6TiSCH Minimal Scheduling Function (MSF)

Author

Remous-Aris Koutsiamanis, Georgios Z. Papadopoulos, Bruno Quoitin, David Hauweele, University of Mons [Belgium] (UMONS), Software Stack for Massively Geo-Distributed Infrastructures (STACK), Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire des Sciences du Numérique de Nantes (LS2N), IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Nantes - UFR des Sciences et des Techniques (UN UFR ST), Université de Nantes (UN)-Université de Nantes (UN)-École Centrale de Nantes (ECN)-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Université de Nantes (UN)-Université de Nantes (UN)-École Centrale de Nantes (ECN)-Centre National de la Recherche Scientifique (CNRS), Département Automatique, Productique et Informatique (IMT Atlantique - DAPI), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD), Objets communicants pour l'Internet du futur (OCIF), RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES (IRISA-D2), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes 1 (UR1), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Software Stack for Massively Geo-Distributed Infrastructures (LS2N - équipe STACK), Université de Nantes - UFR des Sciences et des Techniques (UN UFR ST), Université de Nantes (UN)-Université de Nantes (UN)-École Centrale de Nantes (ECN)-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES (IRISA-D2), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), and Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)

Subjects

Schedule, Computer science, Reliability (computer networking), Distributed computing, Access control, 02 engineering and technology, Theoretical Computer Science, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Convergence (routing), 0202 electrical engineering, electronic engineering, information engineering, computer.programming_language, Network packet, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Python (programming language), Hardware and Architecture, Control and Systems Engineering, Modeling and Simulation, Signal Processing, 020201 artificial intelligence & image processing, business, computer, Wireless sensor network, Information Systems, Communication channel

Abstract

International audience; IEEE Std 802.15.4-2015 Time Slotted Channel Hopping (TSCH) is the de facto Medium Access Control (MAC) mechanism for industrial applications. It renders communications more resilient to interference by spreading them over the time (time-slotted) and the frequency (channel-hopping) domains. The 6TiSCH architecture bases itself on this new MAC layer to enable high reliability communication in Wireless Sensor Networks (WSNs). In particular, it manages the construction of a distributed communication schedule that continuously adapts to changes in the network. In this paper, we first provide a thorough description of the 6TiSCH architecture, the 6TiSCH Operation Sublayer (6top), and the Minimal Scheduling Function (MSF). We then study its behavior and reactivity from low to high traffic rates by employing the Python-based 6TiSCH simulator. Our performance evaluation results demonstrate that the convergence pattern of MSF is the root cause of the majority of packet losses observed in the network. We also show that MSF is prone to over-provisioning of the network resources, especially in the case of varying traffic load. We propose a mathematical model to predict the convergence pattern of MSF. Finally we investigate the impact of varying parameters on the behavior of the scheduling function.

Published

2021

48. One enhanced secure access scheme for outsourced data

Author

Gan Tan, Jiaxu Liu, Wei Liang, Kuan-Ching Li, Yongkai Fan, Mingdong Tang, and Xia Lei

Subjects

Information Systems and Management, Computer science, Cloud computing, Access control, 02 engineering and technology, computer.software_genre, Computer security, Encryption, Theoretical Computer Science, Outsourcing, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), Authentication, business.industry, 05 social sciences, 050301 education, Trusted Computing, Computer Science Applications, Data access, Control and Systems Engineering, Malware, 020201 artificial intelligence & image processing, business, 0503 education, computer, Software

Abstract

The popularity of apps makes smart phones rapidly become the most widespread form of communication. Due to the impact of resource constraints in mobile phones, users prefer to outsource data from the local device to the cloud. Access control of outsourced data drives the researches for protecting sensitive data from all the possibly malicious software access or from cloud service provider misbehavior. The unexpected attacks from the local device or the cloud that are trying to breach the data access policy imposed by data owner has resulted in inadequate current access control solutions. Therefore, this paper proposes one access control scheme for Android devices to avoid authentication bypass attacks from both sides. Attribute-Based Encryption is used to design one app-level fine-grained data access for the purpose of data confidentiality in the local side. Moreover, Trusted Execution Environment is employed as a trusted computing environment which provides essential security services to protect encrypted data from unwanted access by cloud service providers or unauthorized apps from the local side. Finally, a prototype system is implemented and the performance is evaluated by the various operations used in the scheme. The experimental results show that the enhanced secure access model is flexible, efficient and secure for outsourcing data to the cloud.

Published

2021

49. Power Saving and Secure Text Input for Commodity Smart Watches

Author

Xinyu Zhang, Chen Wenqiang, Lu Wang, Kaishun Wu, Chen Lin, Yandao Huang, and Rukhsana Ruby

Subjects

Authentication, Biometrics, Computer Networks and Communications, business.industry, Computer science, Real-time computing, Wearable computer, 020206 networking & telecommunications, Access control, 02 engineering and technology, Smartwatch, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Mobile payment, Electrical and Electronic Engineering, business, Software, Wearable technology

Abstract

Smart wristband has become a dominant device in the wearable ecosystem, providing versatile functions such as fitness tracking, mobile payment, and transport ticketing. However, the small form-factor, low-profile hardware interfaces and computational resources limit their capabilities in security checking. Many wristband devices have recently witnessed alarming vulnerabilities, e.g., personal data leakage and payment fraud, due to the lack of authentication and access control. To fill this gap, we propose a secure text pin input system, namely Taprint, which extends a virtual number pad on the back of a user's hand. Taprint builds on the key observation that the hand “landmarks”, especially finger knuckles, bear unique vibration characteristics when being tapped by the user herself. It thus uses the tapping vibrometry as biometrics to authenticate the user, while distinguishing the tapping locations. Taprint reuses the inertial measurement unit in the wristband, “overclocks” its sampling rate with the cubic spline interpolation to extrapolate fine-grained features, and further refines the features to enhance the uniqueness and reliability. Extensive experiments on 128 users demonstrate that Taprint achieves a high accuracy (96 percent) of keystrokes recognition. It can authenticate users, even through a single-tap, at extremely low error rate (2.2 percent), and under various practical usage disturbances.

Published

2021

50. An IoT-Applicable Access Control Model Under Double-Layer Blockchain

Author

Huimei Wang, Ming Xian, Ziyuan Li, Jialu Hao, and Jian Liu

Subjects

Blockchain, Smart contract, Computer science, business.industry, 020206 networking & telecommunications, Access control, Cryptography, 02 engineering and technology, Secret sharing, Server, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, business, Edge computing, Computer network

Abstract

Access control in Internet of Things (IoT) systems has long been facing with single-point-of-failure, collusion and other security issues. Deploying most of the access control procedures on blockchain makes it more trustworthy. However, the miscellaneous transaction data on the public blockchain incurs an extra burden on computing and communication overhead, which hinders its application for IoT devices. Additionally, the demands of rapid response in industrial IoT scenarios (e.g., edge computing scenarios) is hardly realized under a public blockchain. In this brief, we propose an IoT-applicable access control model under an original double-layer blockchain architecture, in which the mortgage/registration and control processes can be disaggregated. Depending on this architecture, the communication overhead for IoT devices is reduced and a rapid response is achieved. With linear secret sharing scheme, attribute-based access policies for resource objects are established to ensure fine-grained access control. We further implement a smart contract prototype on Ethereum and Fisco Bcos. Extensive experiments and numerical analysis demonstrate the feasibility of our proposed model.

Published

2021