Your search keyword '"Access Control"' showing total 7,665 results

1. A Privacy Risk Assessment Scheme for Fog Nodes in Access Control System

Author

Fu Xiao, Wu Jiayu, Ke Changbo, Yunfei Meng, and Zhiqiu Huang

Subjects

Scheme (programming language), Computer science, business.industry, Access control, Electrical and Electronic Engineering, Safety, Risk, Reliability and Quality, Risk assessment, business, computer, computer.programming_language, Computer network

Published

2022

2. SeUpdate: Secure Encrypted Data Update for Multi-User Environments

Author

Yuting Xiao, Jiabei Wang, Jianhao Li, Hui Ma, and Rui Zhang

Subjects

Scheme (programming language), Data processing, Computer science, business.industry, Access control, Computer security model, Permission, Multi-user, Encryption, Symmetric-key algorithm, Electrical and Electronic Engineering, business, computer, Computer network, computer.programming_language

Abstract

Searchable Symmetric Encryption (SSE) is a key tool for secure data processing. To date, most of the SSEs were studied alone, while an SSE supporting update operations over encrypted data remained a challenging problem due to various statistical attacks and multi-user environments. In this paper, we propose SeUpdate, the first SSE scheme that simultaneously achieves keyword search and controlled update over encrypted data, with flexible read (search) and write (update) access control policies among multiple users. In SeUpdate, users do not need to share secret keys and a single query enables one to efficiently search all his authorized data. We formally define a security model, and prove our scheme have both forward and backward security. We note that the write permission of an SSE is realized for the first time. We further extend the basic scheme with dynamic access policy update and support of a large number of files. We also implement SeUpdate and some related work. The theoretical and experimental analyses demonstrate our scheme and its extension are practical and efficient.

Published

2022

3. Traceable and Controllable Encrypted Cloud Image Search in Multi-User Settings

Author

Jianfeng Ma, Yinbin Miao, Yingying Li, Kim-Kwang Raymond Choo, Ximeng Liu, Yue Wang, and Tengfei Yang

Subjects

Security analysis, Computer Networks and Communications, business.industry, Computer science, Cloud computing, Access control, Watermark, Encryption, Computer Science Applications, Hardware and Architecture, Key (cryptography), Overhead (computing), business, Image retrieval, Software, Information Systems, Computer network

Abstract

With the advent of cloud computing, explosively increasing images are gradually outsourced to the cloud server for costs saving and feasibility. For security and privacy concerns, images (e.g., medical diagnosis, personal photos) should be encrypted before being outsourced. However, traditional encrypted image retrieval techniques still suffer from costly access control and low search accuracy. To solve these challenging issues, in this paper, we first propose a Controllable encrypted cloud image Search scheme in Multi-user settings (namely CSM) by using the polynomial-based access strategy and proxy re-encryption technique. CSM achieves efficient access control and avoids heavy communication overhead caused by key transmission. Then, we improve the basic CSM to achieve malicious search user Tracing (namely TCSM) by utilizing the watermark technique, which can further prevent search users from illegally redistributing retrieved images to unauthorized search users. Our formal security analysis proves that our CSM (or TCSM) can guarantee the privacy of images, indexes, and search queries. Our empirical experiments using real-world datasets demonstrate the efficiency and high accuracy of our CSM (or TCSM) in practice.

Published

2022

4. An Efficient Privacy-Aware Authentication Scheme With Hierarchical Access Control for Mobile Cloud Computing Services

Author

Mingxing He, Tu Peng, Zhicai Liu, Fagen Li, and Ling Xiong

Subjects

Authentication, Computer Networks and Communications, business.industry, Computer science, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Access control, Cloud computing, Mutual authentication, Computer Science Applications, Mobile cloud computing, Random oracle, Public-key cryptography, Hardware and Architecture, business, Access control list, Software, Information Systems, Computer network

Abstract

In the last few years, mobile cloud computing (MCC) gains a huge development because of the popularity of mobile applications and cloud computing. User authentication and access control are two indispensable security components in the MCC environment. To the best of our knowledge, they are generally designed in different procedures. Access control can be executed after the authentication completes successfully. In order to improve efficiency, this paper constructs an integrated scheme of authentication and hierarchical access control using self-certified public key cryptography (SCPKC) and the Chinese remainder theorem (CRT) for MCC environment. The proposed scheme can achieve mutual authentication while determining the access rights of mobile users without storing any access control list in the MCC service provider side. Besides, we also give a dynamic adding or deletion of MCC service provider to efficiently address potential changes in the hierarchy. The security of our proposed scheme is proved by the random oracle model. Compared with recently related multi-server authentication schemes for the MCC environment, the proposed scheme not only adds a new function of hierarchical access control but also has better computation and communication efficiencies. Therefore, the proposed scheme is more suitable for real-life MCC applications.

Published

2022

5. IoT-Proctor: A Secure and Lightweight Device Patching Framework for Mitigating Malware Spread in IoT Networks

Author

Biplab Sikdar, Uzair Javaid, and Muhammad Naveed Aman

Subjects

Security analysis, 021103 operations research, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, Access control, 02 engineering and technology, computer.software_genre, Logic model, Time cost, Computer Science Applications, Reduction (complexity), Control and Systems Engineering, Malware, Electrical and Electronic Engineering, business, Internet of Things, computer, Access control list, Information Systems, Computer network

Abstract

Traditional malware propagation control schemes do not prevent device-to-device (D2D) malware spread, have high time cost, and may result in low probability of detecting compromised devices. Moreover, the unprecedented scale and heterogeneity of Internet of Things (IoT) devices make these schemes inapplicable to IoT networks. Therefore, to rectify these issues, this article presents a secure patching framework for IoT with different network isolation levels to efficiently mitigate and control malware propagation. It uses remote attestation to detect compromised devices with a high probability and identify the origin of malicious activities. It also proposes virtual patching of devices via physical unclonable functions (PUFs) to contain the malware spread. The isolation levels are based on the susceptible, exposed, infected, and resistant (SEIR) model that act as an access control list to quantify device operation and mitigate D2D malware spread. We present a security analysis based on the access control logic model. A performance evaluation with a comparative analysis is also discussed using the SEIR model. These analyses confirm the reduction in patching time and superior performance of our framework, i.e., with 10% of initially infected devices, IoT-Proctor had a reduction rate of malware five times faster than the existing techniques.

Published

2022

6. Data Access Control in Cloud Computing: Flexible and Receiver Extendable

Author

Peng Jiang, Jianchang Lai, Fuchun Guo, Xinyi Huang, Willy Susilo, and Futai Zhang

Subjects

Information Systems and Management, Computer Networks and Communications, business.industry, Computer science, Access control, Cloud computing, Cryptography, Encryption, Computer Science Applications, Set (abstract data type), Hardware and Architecture, Ciphertext, Cryptosystem, business, Broadcast encryption, Computer network

Abstract

Broadcast encryption provides a promising technique of data access control for specified users in cloud computing. A data uploader can generate a ciphertext for a set of chosen users such that only the intended users are able to learn the data content. However, with the rapidly increasing of collaboration between users, it is desired to extend the receiver set to grant the decryption right for more users. The existing broadcast encryption systems cannot be capable for this scenario. In this paper, we first take this problem into consideration and give a solution. We take the merits of identity-based cryptosystem and propose a notion of EIBBE: a flexible data access control with receiver extendable for cloud computing based on broadcast encryption. It allows the authorized receiver to extend the receiver set S stated in the ciphertext by adding a new receiver set $S'$ without re-encryption. Both the users in S and $S'$ can obtain the data successfully. The maximum number of extended receivers is determined by the data uploader. We then give a concrete construction of EIBBE and provide a rigorous security analysis of our proposed scheme. Finally, we demonstrate the scheme's efficiency and feasibility.

Published

2022

7. A Flexible Enhanced Throughput and Reduced Overhead (FETRO) MAC Protocol for ETSI SmartBAN

Author

Muhammad Mahtab Alam, Rida Khan, and Mohsen Guizani

Subjects

Computer Networks and Communications, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Frame (networking), 020206 networking & telecommunications, Throughput, Access control, 02 engineering and technology, Energy consumption, Transmission (telecommunications), PHY, Sensor node, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Electrical and Electronic Engineering, business, Software, Computer network

Abstract

Smart body area networks (SmartBAN) is an emerging wireless body area networks (WBAN) standard proposed by the European Telecommunications Standards Institute (ETSI). This paper first examines the potential of SmartBAN medium access control (MAC) layer with scheduled access to support a myriad of WBAN applications, having diverse data rate requirements. Extra scheduled access slots can be allocated to high date rate sensor nodes for managing their data rate requirements. High data rate sensor nodes can also be re-assigned to use the available time slots of low data rate sensor nodes in Inter-Beacon Interval (IBI) by the central hub. But these two schemes incorporate different physical (PHY) and MAC layer overheads related to frame transmission, frame acknowledgement and slot re-assignment. This redundant overhead transmission results in high overhead energy consumption and reduced effective throughput. Therefore, an innovative and flexible enhanced throughput and reduced overhead (FETRO) MAC protocol for scheduled access is proposed in this article. In the proposed scheme, the sensor node data rate requirements are considered while assigning the scheduled access slot duration by allowing minimal changes in the base-line standard implementation. This infers the provision of scheduled access slots with variable slot durations within an IBI. We also evaluate the existing techniques of extra slot allocation and slot re-assignment in SmartBAN as well as the proposed FETRO MAC protocol with variable slot length. The proposed FETRO MAC scheme results in optimizing both the overall throughput and normalized overhead energy consumption per kilo bits per second (Kbps). Additionally, the impact of various WBAN channel models over these throughput management approaches is also investigated. The proposed FETRO MAC protocol with variable slot duration gives an average reduction of 65.5% and 59.16%, respectively, in the hub and nodes normalized overhead energy consumption per Kbps outcomes, as compared to the de-facto SmartBAN MAC scheduling strategies.

Published

2022

8. A Fine-Grained Access Control and Security Approach for Intelligent Vehicular Transport in 6G Communication System

Author

Brij B. Gupta, Imran Razzak, Akshat Gaurav, Miltiadis D. Lytras, and Zhili Zhou

Subjects

Routing protocol, Authentication, Vehicular ad hoc network, Computer science, business.industry, Network packet, Mechanical Engineering, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Access control, Communications system, Encryption, Computer Science Applications, Automotive Engineering, business, Intelligent transportation system, Computer network

Abstract

The area of intelligent transport systems (ITS) is attracting growing attention because of the integration of the smart IoT with vehicles that improve user safety and overall travel experience. Vehicular ad hoc network (VANET) is the part of ITS; that deals with the routing protocols and security of smart vehicles. However, due to the rapid increase in the number of smart vehicles, the existing network technology's resources unable to handle the traffic load. It expects that the 6G communication system has the ability to fulfill the requirements of VANETs. Only a few studies explore this area, but they also overlooked the security aspect of VANETs in 6G communications networks. In this paper, we present an approach to address authentication and security issues for vehicles in VANET. By authenticating cars in the VANET and identifying various cyber assaults such as DDoS, our method significantly contributes to the intelligent transport communication network. Our approach uses the concepts of identity-based encryption to provide access control to the vehicles and deep learning-based techniques for filtering malicious packets. Our identity-based encryption technique is IND-sID-CCA secure, and a state-of-the-art deep learning algorithm detects malicious packets with an accuracy of 99.72%. These results emphasize the validity of our proposed approach for VANETs in 6G communication systems.

Published

2022

9. Fast and Secure Data Accessing by Using DNA Computing for the Cloud Environment

Author

Suyel Namasudra

Subjects

Information Systems and Management, Computer Networks and Communications, business.industry, Computer science, Data security, 020206 networking & telecommunications, Cryptography, Cloud computing, Access control, 02 engineering and technology, Encryption, Computer Science Applications, law.invention, Data modeling, Data access, Hardware and Architecture, DNA computing, law, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Computer network

Abstract

In a cloud environment, traditional approaches are used to encrypt any data by using 0 and 1 that increase data security issues because of the presence of numerous malicious users and hackers over the internet. Deoxyribonucleic Acid (DNA) computing can be one of the best solutions to improve data security in which data are encrypted using the DNA bases: Thymine (T), Guanine (G), Cytosine (C) and Adenine (A). Along with data security, access control is another major issue of a cloud environment as the searching time of the owner of any data, the system overheard and the accessing time of a file or data are high during data access. A novel DNA computing based secure and fast Access Control Model (ACM) is proposed in this paper to solve all these major problems. In the proposed scheme, the Cloud Service Provider (CSP) keeps a table or list for fast data accessing. Here, a 1024-bit DNA computing based random key is generated by using the user's secret information, and the same key is utilized for data encryption. Theoretical analysis along with many experimental results prove the efficiency and effectiveness of the proposed access control model over some well-known existing models.

Published

2022

10. A Privacy-Preserving and Untraceable Group Data Sharing Scheme in Cloud Computing

Author

Jian Shen, Pandi Vijayakumar, Huijie Yang, and Neeraj Kumar

Subjects

Data sharing, Information privacy, Data access, business.industry, Computer science, Ciphertext, Obfuscation, Access control, Cloud computing, Electrical and Electronic Engineering, business, Key exchange, Computer network

Abstract

With the development of cloud computing, the great amount of storage data requires safe and efficient data sharing. In multiparty storage data sharing, first, the confidentiality of shared data is ensured to achieve data privacy preservation. Second, the security of stored data is ensured. That is, when stored shared data are subject to frequent access operations, the server's address sequence or access mode is hidden. Therefore, determining how to ensure the untraceability of stored data or efficient hide the data access mode in sharing stored data is a challenge. By leveraging proxy re-encryption and oblivious random access memory (ORAM), a privacy-preserving and untraceable scheme is proposed to support multiple users in sharing data in cloud computing. On the one hand, group members and proxies use the key exchange phase to obtain keys and resist multiparty collusion if necessary. The ciphertext obtained according to the proxy re-encryption phase enables group members to implement access control and store data, thereby completing secure data sharing. On the other hand, this paper realizes data untraceability and a hidden data access mode through a one-way circular linked table in a binary tree (OLTB) and obfuscation operation.

Published

2022

11. Time-Controlled Hierarchical Multikeyword Search Over Encrypted Data in Cloud-Assisted IoT

Author

Robert H. Deng, Ximeng Liu, Yinbin Miao, Xiangdong Meng, Tong Liu, Hongwei Li, and Kim-Kwang Raymond Choo

Subjects

Scheme (programming language), Security analysis, Computer Networks and Communications, Computer science, business.industry, Cloud computing, Access control, Encryption, Computer Science Applications, Public-key cryptography, Tree (data structure), Hardware and Architecture, Signal Processing, Ciphertext, business, computer, Information Systems, computer.programming_language, Computer network

Abstract

Internet of Things (IoT) devices and systems are becoming increasingly commonplace, and as such systems scale up, so do the computational and storage requirements. Hence, one recent trend is to outsource data from IoT devices to remote systems. To facilitate both ciphertext retrieval and data confidentiality in the outsourced data, a number of searchable encryption approaches have been proposed in the literature. However, due to limited keyword space, a number of searchable encryption schemes are vulnerable to keyword guessing attacks (KGA). In addition, existing searchable encryption approaches generally do not consider the hierarchical structure in which users at different levels require varying access privileges. Furthermore, existing searchable encryption schemes seldom provide time-controlled access control. Therefore, in this paper we propose a time-controlled hierarchical multi-keyword search by using a double-server architecture to mitigate KGA. In our approach, we also build a public key tree to support different access permissions for hierarchical users. Formal security analysis shows that our scheme is secure, and extensive experiments demonstrate that our scheme is practical.

Published

2022

12. Burn After Reading: Adaptively Secure Puncturable Identity-Based Proxy Re-Encryption Scheme for Securing Group Message

Author

Zetong Zhao, Lili Wang, Zhida Zhou, Hu Xiong, Xin Huang, and Saru Kumari

Subjects

Delegation, Computer Networks and Communications, Computer science, business.industry, computer.internet_protocol, media_common.quotation_subject, Access control, Certificate Management Protocol, Proxy re-encryption, Computer Science Applications, Public-key cryptography, Hardware and Architecture, Forward secrecy, Signal Processing, Ciphertext, Overhead (computing), business, computer, Information Systems, media_common, Computer network

Abstract

Puncturable proxy re-encryption (PPRE) is envisioned to provide secure access control delegation and fine-grained forward security for asynchronous group messaging systems. Nevertheless, the existing PPRE scheme not only suffers from the burden of certificate management, but also merely achieves selective security based on the non-standard assumption. In this paper, a puncturable identity-based proxy re-encryption (P-IB-PRE) scheme is proposed to efficiently protect the security and privacy of the group message. The proposed scheme introduces a message server as the proxy to transform ciphertext for each participant in the group, thus the heavy computation overhead is delegated to the message server with abundant resources. Most importantly, our scheme enables the recipient to revoke its private key’s decryption capability of the specific messages without affecting other messages. Moreover, the identity-based mechanism eliminates the burden of certificate management as well as improves efficiency. The proposed scheme achieves adaptive security under the standard Decisional Bilinear Diffie-Hellman (DBDH) assumption. Eventually, theoretical and experimental analysis demonstrate that the proposed scheme has an excellent performance in efficiency and practicality.

Published

2022

13. Secure and practical access control mechanism for WSN with node privacy

Author

Ajaz Hussain Mir and Ummer Iqbal

Subjects

General Computer Science, business.industry, Computer science, Node (networking), 020206 networking & telecommunications, Functional requirement, Access control, 02 engineering and technology, Internet security, Secure communication, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Elliptic curve cryptography, business, Wireless sensor network, Computer network

Abstract

An access control mechanism plays a critical role in new node deployment within a resource-constrained Wireless Sensor Networks. The deployment of a new node is inevitable either due to the outage of power or nodes getting compromised due to the adversary’s attacks. The access control scheme prevents malicious node deployment and also allows a new node to establish a shared key with its neighbors for secure communication. Besides having low communication and computational overheads, an access control mechanism must suffice to specific security and functional requirements for their practical implementations. In this paper, a provable and practical access control scheme based on Elliptical Curve Cryptography (ECC) has been presented. The proposed access control scheme supports node privacy while addressing all other major functional and security requirements. The formal validation of the proposed scheme has been carried out using automated validation of internet security protocols and applications (AVISPA) and Scyther tools. A comparative study of the proposed scheme with the existing schemes has been carried out on various security and functional requirements suggesting a better trade-off. Finally, practical experimentation on TinyOS and MICAz motes has been carried out to provide detailed energy analysis and test-bed implementation of the proposed scheme.

Published

2022

14. LIKC: A liberty of encryption and decryption through imploration from K-cloud servers

Author

Satyananda Champati Rai, Kasturi Dhal, and Prasant Kumar Pattnaik

Subjects

General Computer Science, business.industry, Computer science, 020206 networking & telecommunications, Cloud computing, Access control, 02 engineering and technology, Python (programming language), Encryption, computer.software_genre, Proxy server, Outsourcing, Data sharing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Mobile device, computer.programming_language, Computer network

Abstract

The technological advancement in the field of IoT and cloud computing along with the use of handheld gadgets generate huge amount of data. To process and share these data with fine-grained access control while maintaining confidentiality using cloud servers is a challenging task. Individuals as well as the organizations apprehend to use public cloud to share their private data due to security issues. Ciphertext-policy-attribute-based-encryption(CPABE) achieves one-to-many encryption with data confidentiality and fine-grained access control. Due to the computational intensive operations of encryption and decryption the performance of CPABE as a solution in resource-constraint environment is not encouraging enough. Some of the existing models use the resources of cloud servers to carry out outsourced computation either with compromised security or with communication-overhead. To reduce the computational time of encryption and decryption we propose a scheme LIKC which incorporates the outsourcing mechanism using a proxy server. With the imploration the computation time get reduced without compromising the security. It also supports attribute-revocation to support flexible data sharing. The proposed model is implemented using python charm crypto. The output reveals that LIKC is able to produce promising results in comparison to the data sharing models for this study.

Published

2022

15. A Robust Access Control Protocol for the Smart Grid Systems

Author

Abd Ullah Khan, Neeraj Kumar, Muhammad Tanveer, Alamgir Naushad, and Shehzad Ashraf Chaudhry

Subjects

Authenticated encryption, Cryptographic primitive, Computer Networks and Communications, Computer science, business.industry, Hash function, Cryptography, Access control, Computer Science Applications, Random oracle, Hardware and Architecture, Signal Processing, Session key, Elliptic curve cryptography, business, Information Systems, Computer network

Abstract

Lightweight Cryptography (LWC) based Authenticated Encryption with Associative Data (AEAD) cryptographic primitives require fewer computational and energy resources than conventional cryptographic primitives as a single operation of an AEAD scheme provides confidentiality, integrity, and authenticity of data. This feature of AEAD schemes helps design an Access Control (AC) protocol to be leveraged for enhancing the security of resource-constrained IoT-enabled Smart Grid (SG) system with low computational overhead and fewer cryptographic operations. This paper presents a novel and robust AC protocol called RACP-SG, which aims to enhance the security of resource-constrained IoT-enabled SG systems. RACP-SG employs an LWC-based AEAD scheme, ASCON and the hash function, ASCON-hash, along with elliptic curve cryptography to accomplish the AC phase. Besides, RACP-SG enables a Smart Meter (SM) and a Service Provider (SEP) to mutually authenticate each other and establish a session key while communicating across the public communication channel. By using the session key, the SM can securely transfer the gathered data to the SEP. We verify the security of the session key using the widely accepted random oracle model. Moreover, we conduct Scyther-based and informal security analyses to demonstrate that RACP-SG is protected against various covert security risks, such as replay, impersonation, and de-synchronization attacks. Besides, we present a comparative study to illustrate that RACP-SG renders superior security features while reducing energy, storage, communication, and computational overheads compared to the state-of-the-art.

Published

2022

16. Smart Contract-Based Access Control Through Off-Chain Signature and On-Chain Evaluation

Author

Wenjuan Tang, Shuai Yuan, Cheng Huang, Jialu Hao, and Yang Zhang

Subjects

Chain (algebraic topology), Smart contract, business.industry, Computer science, Access control, Electrical and Electronic Engineering, business, Signature (logic), Computer network

Published

2022

17. Multiple access control scheme for EHRs combining edge computing with smart contracts

Author

Kunchang Li, Yifan Yang, Zhiwei Wu, Runhua Shi, and Shuhao Wang

Subjects

Scheme (programming language), Smart contract, Transmission delay, Revocation, Computer Networks and Communications, business.industry, Computer science, Access control, Encryption, Hardware and Architecture, Order (business), business, computer, Software, Edge computing, Computer network, computer.programming_language

Abstract

To make up the insufficient computing power of remote medical devices and solve the transmission delay problem, edge computing has been widely studied in academic community. The application of edge computing in E-health makes it more convenient for medical providers to view the patient’electronic health records (EHRs), which not only improves the work efficiency of medical providers, but also provides patients with more personalized treatments. However,there are some security problems in the E-health system, such as EHRs leakage or tampering. Therefore, attribute-based encryption (CP-ABE) is widely used in the access control of EHRS. In order to reduce the computing cost of resource-constrained devices and achieve more flexible fine-grained access control, this paper proposes an effective ABE scheme that outsources part of the computing load to the fog nodes, which safely shares data with lower overheads. It also supports users revocation and attribute revocation. In addition, we combine smart contract and blockchain to share more fine-grained EHRs. The security proof and experimental results show that our scheme has higher efficiency to protect the patients’ EHRs privacy.

Published

2022

18. Secure User Authentication Leveraging Keystroke Dynamics via Wi-Fi Sensing

Author

Zhi Liu, Yu Gu, Zulie Pan, Mianxiong Dong, Fan Shi, Yantong Wang, Meng Wang, and Zhihao Hu

Subjects

Authentication, Spoofing attack, Exploit, business.industry, Computer science, Feature extraction, Access control, Keystroke logging, Computer Science Applications, Keystroke dynamics, Control and Systems Engineering, Electrical and Electronic Engineering, business, Information Systems, Computer network, Communication channel

Abstract

User authentication plays a critical role in access control of a man-machine system, where the knowledge factor like a Personal Identification Number (PIN) constitutes the most widely-used authentication element. However, knowledge factors are usually vulnerable to the spoofing attack. Recently, the inheritance factor like fingerprints emerges as an efficient alternative resilient to malicious users, but it normally requires special equipment. To this end, we propose WiPass, a device-free authentication system only leveraging the pervasive WiFi infrastructure to explore keystroke dynamics (manner and rhythm of keystrokes) captured by the Channel State Information (CSI) to recognize legitimate users while rejecting spoofers. However, it remains an open challenge to characterize the behavioral features hidden in the human subtle motions like keystrokes. Therefore, we build a signal enhancement model using Ricean distribution to amplify user keystroke dymanics and a hybrid learning model for user authentication, which consists of two parts, i.e., CNN-based feature extraction and SVM-based classification. The former relies on visualizing the channel responses into time-series images to learn the behavioral features of keystrokes in energy and spectrum domains, while the latter exploits such behavioral features for user authentication. We prototype WiPass on the low-cost off-the-shelf WiFi devices and verify its performance. Empirical results show that WiPass achieves on average 92.1% authentication accuracy, 5.9% false accept rate, and 6.3% false reject rate in three real environments.

Published

2022

19. An intelligent hybrid MAC protocol for a sensor-based personalized healthcare system

Author

Tian Wang, Xiong Li, Jinsong Gui, Linbo Deng, and Jiawei Tan

Subjects

Computer Networks and Communications, business.industry, Computer science, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Access control, Beacon, Hardware and Architecture, Sensor node, State (computer science), business, Protocol (object-oriented programming), Energy (signal processing), Communication channel, Computer network

Abstract

Sensors based on personalized healthcare systems have been widely used in the medical field. However, energy limitations have greatly hindered the further development of medical sensors. For the traditional Medium Access Control (MAC) protocol, the duration of low-power listening is fixed because it ignores that the available energy of sensors is different in some situations, which leads to a high delay and low energy utilization. In this paper, a Maximum Listening Length MAC (MLL-MAC) protocol is proposed to fully utilize the energy in the sensor-based systems. The MLL-MAC protocol is an improvement of the Receiver-Initiated (RI) MAC protocol. The main advance is that the sensor node performs the following additional operations: (1) The sender sends a beacon when it wakes up and sends data, thus establishing a communication link with the receiver in the listening state; (2) The receiver keeps listening as long as possible to reduce the delay when it wakes up and listens to the channel, which is different from the previous strategy in which the node turns into a sleep state immediately without receiving data. Furthermore, the sensor node can dynamically determine whether to send beacons and prolong listening duration according to its available energy level. The MLL-MAC protocol is evaluated through theoretical analysis and experimental results. The results show that, compared with the RI-MAC protocol, the MLL-MAC protocol can reduce the average end-to-end delay by 41.4%, and improve the energy utilization by 15.1%.

Published

2022

20. A Consortium Blockchain-Based Access Control Framework With Dynamic Orderer Node Selection for 5G-Enabled Industrial IoT

Author

Yuming Feng, Xiapu Luo, Weizhe Zhang, and Bin Zhang

Subjects

business.industry, Computer science, Node (networking), Testbed, Access control, Throughput, Computer Science Applications, Control and Systems Engineering, Robustness (computer science), Electrical and Electronic Engineering, business, Byzantine fault tolerance, 5G, Information Systems, Computer network, Communication channel

Abstract

5G-enabled Industrial Internet of Things (IIoT) deployment will bring more severe security and privacy challenges, which puts forward higher requirements for access control. Blockchain-based access control method has become a promising security technology, but it still faces high latency in consensus process and weak adaptability to dynamic changes in network environment. This paper proposes a novel access control framework for 5G-enabled IIoT based on consortium blockchain. We design three types of chaincodes for the framework named Policy Management Chaincode (PMC), Access Control Chaincode (ACC) and Credit Evaluation Chaincode (CEC). The PMC and ACC are deployed on the same data channel to implement the management of access control policies and the authorization of access. The CEC deployed on another channel is used to add behavior records collected from IIoT devices and calculate the credit value of IIoT domain. Specifically, we design a two-step credit-based Raft consensus mechanism, which can select the orderer nodes dynamically to achieve fast and reliable consensus based on historical behavior records stored in the ledger. Furthermore, we implement the proposed framework on a real-world testbed and compare it with the framework based on Practical Byzantine Fault Tolerance (PBFT) consensus. The experiment results show that our proposed framework can maintain lower consensus cost time with 100ms level and achieves 4 to 5 times throughput with lower hardware resource consumption and communication consumption. Besides, our design also improves the security and robustness of the access control process.

Published

2022

21. Decentralized Attribute-Based Server-Aid Signature in the Internet of Things

Author

Jiguo Li, Yichen Zhang, Jinguang Han, Huaqun Wang, Chengdong Liu, and Chen Yu

Subjects

Scheme (programming language), Authentication, Exponentiation, Computer Networks and Communications, business.industry, Computer science, Access control, Signature (logic), Computer Science Applications, Set (abstract data type), Hardware and Architecture, Order (business), Signal Processing, business, computer, Information Systems, Computer network, Anonymity, computer.programming_language

Abstract

Devices of Internet of Things (IoT) play a significant role in people’s daily life. A large scale of data is generated, collected, and analyzed in these devices, which inevitably faces secure authentication and access control problem. Attribute-based signature (ABS), where a signer signs a message over a set of attributes, plays an elegant tool for privacy-preserving access control and data authentication. In multi-authority ABS scheme, multiple authorities distribute users’ private keys over their different attributes and these attribute authorities are managed by a central authority. Nevertheless, the whole ABS system can be broken if the central authority is compromised. Besides, multi-authority ABS scheme needs a lot of pairing and exponentiation operations in the verification and signature algorithms. Therefore, it is very expensive for resource-limited devices (e.g. sensors in IoT) to utilize the ABS scheme. In order to solve above problems, we present a decentralized attribute based server-aid signature (DABSAS) scheme. In the DABSAS scheme, a server can help users execute heavy computation in the signature and verification algorithms. The proposed scheme provides anonymity and unforgeability. In addition, our scheme mitigates the burden of signature and verification phase. The proposed scheme is proved secure under the well-known computational co-Diffie-Hellman (co-CDH) assumption. Compared with the existing schemes, the presented DABSAS scheme is efficient.

Published

2022

22. Delegated Anonymous Credentials With Revocation Capability for IoT Service Chains (DANCIS)

Author

Sandeep Kiran Pinjala, S. Sree Vivek, and Krishna M. Sivalingam

Subjects

Service (systems architecture), Revocation, Computer Networks and Communications, business.industry, Computer science, Access control, Credential, Automation, Computer Science Applications, Hardware and Architecture, Signal Processing, Systems architecture, Identity (object-oriented programming), Architecture, business, Information Systems, Computer network

Abstract

This paper deals with providing privacy-preserving access control in Internet of Things (IoT) systems. Here, a user/IoT device requests access to services provided by other IoT devices and multiple requests are combined to a request-specific service chain. An anonymous delegated credential based system architecture is proposed, where the requester’s identity is not exposed to the services. The paper presents the proposed architecture’s various components including the security aspects. Various options for implementing the architecture on resource-full and resource-constrained services are presented. A prototype of the proposed architecture is then implemented using Linux-based containers to emulate the services. Two representative systems, namely, a small-scale home automation system using a short service chain and a large-scale industrial automation system using a long service chain are considered. Timing measurements from the implementation are presented to demonstrate that the architecture is feasible and can be adapted for practical use in large-scale IoT systems.

Published

2022

23. Revocable Attribute-Based Data Storage in Mobile Clouds

Author

Hua Deng, Hui Yin, Qianhong Wu, Zhenyu Guan, and Zheng Qin

Subjects

Information Systems and Management, Revocation, Computer Networks and Communications, business.industry, Computer science, Data security, Access control, Cloud computing, Encryption, Computer Science Applications, Upload, Hardware and Architecture, Data Protection Act 1998, business, Cloud storage, Computer network

Abstract

It is becoming fashionable for people to access data outsourced to clouds with mobile devices. To protect data security and privacy, attribute-based encryption (ABE) has been widely used in cloud storage systems. However, one of the main efficiency drawbacks of ABE is the high computation overheads at mobile devices during user revocation and file access. To address this issue, we propose a revocable attribute-based data storage (RADS) scheme equipped with several attracting features. First, our RADS scheme achieves a fine-grained access control mechanism, by which file owners do not need to explicitly specify authorized visitors to their outsourced files. Second, our RADS scheme allows mobile users to authorize the cloud service provider (CSP) to share costly computations in file access, without exposing the file content. Third, our RADS scheme offloads the operations of access-credential update and file re-encryption during revocation process to CSP, leaving all non-revoked users undisturbed. The revocation of RADS achieves a strong data protection, i.e., revoked users can access neither newly uploaded files nor old ones. The security and efficiency of the RADS scheme are validated via both analysis and experimental results.

Published

2022

24. Security-Aware Information Dissemination With Fine-Grained Access Control in Cooperative Multi-RSU of VANETs

Author

Yingjie Xia, Xuejiao Liu, and Wei Chen

Subjects

Computer science, business.industry, Wireless ad hoc network, Mechanical Engineering, Information Dissemination, Access control, Encryption, Computer Science Applications, Broadcasting (networking), Complete information, Automotive Engineering, Communications protocol, business, Dissemination, Computer network

Abstract

Securing information dissemination is extremely important for various vehicular ad hoc networks (VANETs) applications. However, most of the applications require disseminating the critical information only to the authorized vehicles through V2I (Vehicle to Infrastructure) communications. Moreover, V2I communications usually suffer from incomplete information to vehicles in one RSU's transmission range. Therefore, it is an even challenging task that how to ensure reliable dissemination of encrypted data to the recipient vehicles in multi-RSU settings. We propose a security-aware information dissemination scheme with fine-grained access control in cooperative multi-RSU of VANETs. Our proposed scheme uses ciphertext-policy attribute-based encryption (CP-ABE) to ensure confidential communication in a broadcasting way, which ensures that only the vehicles that satisfy the access control policy can have the ability to access the information; and we employ proxy re-encryption in the communication protocol to make sure the moving vehicles in high-speed can get the whole encrypted information. Performance analysis shows that our scheme can enable fine-grained access control for the broadcasted information, and make sure the vehicles receive reliable information in the whole disseminating process. And our scheme is applicable and efficient in various scenarios of information dissemination, especially in cooperative multi-RSU of VANETs.

Published

2022

25. Blockchain-Enabled Data-Sharing Scheme for Consumer IoT Applications

Author

Hujie Yu, Linghang Meng, Zhimin Duan, Chen Yingwen, and Bowen Hu

Subjects

business.industry, Computer science, Cloud computing, Access control, Network layer, Encryption, Computer Science Applications, Human-Computer Interaction, Data sharing, Data access, Hardware and Architecture, Enhanced Data Rates for GSM Evolution, Electrical and Electronic Engineering, business, Edge computing, Computer network

Abstract

A staggering number of consumer Internet of things devices are being deployed in various application scenarios, and massive data will be generated per day. How to achieve a secure and efficient data sharing scheme for the consumer IoT applications is a huge challenge for us. The traditional cloud-based IoT has the dilemma of prolonged communication delay and privacy leakage. With the application of 5G technology, edge computing can effectively alleviate these problems. However, it can not meet the higher security requirements for the data sources' authenticity and information reliability. By combining the blockchain and smart contracts technology, this article proposes a distributed, efficient and secure data sharing scheme centered on consumer IoT devices. This architecture consists of four layers: IoT devices layer, edge storage layer, blockchain network layer and application services layer. We design smart contracts based on the attributed based access control (ABAC) and the searchable encryption algorithm, including Device Retrieval Contract (DRC), Policy Management Contract (PMC) and Authorization Verification Contract (AVC). Through the implementation of simulated experiments, we prove that our proposed architecture can satisfy the large-scale data access requests and bring a tolerable level of communication overhead.

Published

2022

26. Self-Verifiable Attribute-Based Keyword Search Scheme for Distributed Data Storage in Fog Computing With Fast Decryption

Author

Xiong Li, Weijia Jia, Ke Gu, and Wen Bin Zhang

Subjects

Edge device, Computer Networks and Communications, business.industry, Computer science, Access control, Cloud computing, Encryption, Server, Distributed data store, Computer data storage, Verifiable secret sharing, Electrical and Electronic Engineering, business, Computer network

Abstract

Presently many searchable encryption schemes have been proposed for cloud and fog computing, which use fog nodes (or fog servers) to partly undertake some computational tasks. However, these related schemes still retain cloud servers to undertake most computational tasks, which result in large communication costs between edge devices and cloud servers. Therefore, in this paper we propose a self-verifiable attribute-based keyword search scheme for distributed data storage (SV-KSDS) in full fog computing, where each decryption operation on the data required by a user must meet the negotiated decryption rule between fog servers. Our SV-KSDS scheme first provides attribute-based distributed data storage among fog servers through the (w,σ) threshold secret-sharing scheme, where fog servers can provide self-verifiable keyword search and data decryption for terminal users. Compared with the data storage in cloud computing, our scheme extends it to the distributed structure while providing fine-grained access control for distributed data storage through attribute-based encryption. The access control policy of our scheme is constructed on linear secret-sharing scheme, whose security is reduced to the decisional bilinear Diffie-Hellman assumption against chosen-keyword attack and the decisional q-parallel bilinear Diffie-Hellman assumption against chosen-plaintext attack in the standard model. Based on theoretical analysis and practical testing, our SV-KSDS scheme generates less computation and communication costs, which further unloads some computational tasks from terminal users to fog servers so as to reduce computing costs of terminal users.

Published

2022

27. Unbounded and Efficient Revocable Attribute-Based Encryption With Adaptive Security for Cloud-Assisted Internet of Things

Author

Hu Xiong, Xin Huang, Shui Yu, Minghao Yang, and Lili Wang

Subjects

Revocation, Computer Networks and Communications, Computer science, business.industry, Decision Linear assumption, Initialization, Cloud computing, Access control, Encryption, Computer Science Applications, Hardware and Architecture, Signal Processing, Attribute-based encryption, business, Information Systems, Computer network, Access structure

Abstract

Existing attribute-based encryption schemes with revocation to secure the cloud-assisted internet of things (IoTs) raise challenges such as eliminating the need for predefined public parameters in system initialization, performing the encryption and decryption operations efficiently and achieving adaptive security under standard security assumption. In this paper, we addresses these challenges by proposing an unbounded and efficient revocable attribute-based encryption scheme with adaptive security for cloud-assisted IoTs. Distinct from the previous approaches in this field, our scheme not only efficiently realizes access control over encrypted data in a fine-grained and revocable way, but also is proved to be adaptively secure under standard decision linear assumption. Meanwhile, the parameters don’t need to be pre-defined in the system initialization and thus our scheme satisfies the unbounded property. Moreover, the monotonic span program (MSP) is elegantly utilized as the access structure to reduce the number of bilinear pairing and exponentiation operations for encryption and decryption. Theoretical performance analysis and experiment evaluation disclose that our proposed scheme owns outstanding feasibility, efficiency, and effectiveness.

Published

2022

28. Lattice-based public key searchable encryption with fine-grained access control for edge computing

Author

Peng Wang, Biwen Chen, Tao Xiang, and Zhongming Wang

Subjects

Computer Networks and Communications, business.industry, Computer science, Data security, Access control, Plaintext, Cloud computing, Encryption, Public-key cryptography, Hardware and Architecture, business, Software, Learning with errors, Edge computing, Computer network

Abstract

As a bridge between cloud computing platforms and the Internet of Things (IoT) devices, edge computing provides various on-demand data services to reduce latency and network congestion. To ensure data security in edge computing, sensitive data should be encrypted before being outsourced to edge servers. Public key encryption with keyword search (PEKS) can provide search service for encrypted data. Nevertheless, most existing PEKS schemes are susceptible to quantum attacks because their security assumptions are based on traditional hardness assumptions. Moreover, many lattice-based PEKS schemes only apply to the single-user scenario, limiting the range of applications. In this paper, we present an efficient lattice-based public key searchable encryption with fine-grained access control for edge computing. Our scheme achieves post-quantum security and highly flexible access control policies for multi-user applications, by utilizing the learning with errors (LWE) assumption and subset predicate encryption. The security proof illustrates that our proposed scheme is secure under chosen plaintext attacks and chosen keyword attacks. Finally, extensive experiments on real-world datasets illustrate that our encryption algorithm is faster than existing approaches.

Published

2022

29. Multi-Channel Opportunistic Access for Heterogeneous Networks Based on Deep Reinforcement Learning

Author

Xiaowen Ye, Liqun Fu, and Yiding Yu

Subjects

business.industry, Computer science, Network packet, Applied Mathematics, Node (networking), Access control, Computer Science Applications, Recurrent neural network, Reinforcement learning, Wireless, Electrical and Electronic Engineering, business, Random access, Heterogeneous network, Computer network

Abstract

This paper investigates a new medium access control (MAC) protocol for multi-channel heterogeneous networks (HetNets) based on deep reinforcement learning (DRL), referred to as multi-channel deep-reinforcement learning multiple access (MC-DLMA). Specifically, we consider a HetNet where different radio networks adopt different MAC protocols to transmit data packets to a common access point on different wireless channels. Three key challenges for the MC-DLMA node are (i) no environmental knowledge is known in advance; (ii) the channels in HetNets are allocated to nodes using different MAC protocols; (iii) the capacities of different channels may be different. The main goal of MC-DLMA is to find an optimal access policy to transmit on those pre-allocated channels and expedite more efficient spectrum utilization. Due to the complex temporal correlation of spectrum states in HetNets, the traditional DRL technique, e.g., original deep Q-network (DQN) algorithm, is no longer applicable to our problem. In our MC-DLMA design, an advanced class of recurrent neural network, termed as Gated Recurrent Unit (GRU), is embedded into the original DQN technique to aggregate observations over time and reason the underlying temporal feature in multi-channel HetNets. Furthermore, we analytically give the optimal spectrum access patterns and derive the optimal throughputs in various HetNet scenarios. With judicious definitions of the state, action, and reward function in the parlance of the DRL framework, simulation results show that MC-DLMA can (i) find the optimal spectrum access strategies in various HetNets, (ii) outperform the random access policy, the whittle index policy, and the original DQN, (iii) perform cooperative transmission in a fully distributed manner in the presence of multiple agents, and (iv) adapt well to the environmental changes.

Published

2022

30. A Practical and Efficient Bidirectional Access Control Scheme for Cloud-Edge Data Sharing

Author

Geyong Min, Bei Li, Yan Xu, Jie Cui, Hong Zhong, and Lu Liu

Subjects

business.industry, Computer science, Cloud computing, Access control, Cryptography, Encryption, Data sharing, Computational Theory and Mathematics, Hardware and Architecture, Server, Signal Processing, Enhanced Data Rates for GSM Evolution, business, Edge computing, Computer network

Abstract

The cloud computing paradigm provides numerous tempting advantages, enabling users to store and share their data conveniently. However, users are naturally resistant to directly outsourcing their data to the cloud since the data often contain sensitive information. Although several fine-grained access control schemes for cloud-data sharing have been proposed, most of them focus on the access control of the encrypted data (e.g., restricting the decryption capabilities of the receivers). Distinct from the existing work, this article aims to address this challenging problem by developing a more practical bidirectional fine-grained access control scheme that can restrict the capabilities of both senders and receivers. To this end, we systematically investigate the access control for cloud data sharing. Inspired by the access control encryption (ACE), we propose a novel data sharing framework that combines the cloud side and the edge side. The edge server is located in the middle of all the communications, checking and preventing illegal communications according to the predefined access policy. Next, we develop an efficient access control algorithm by exploiting the attribute-based encryption and proxy re-encryption for the proposed framework. The experimental results show that our scheme exhibits superior performance in the encryption and decryption compared to the prior work.

Published

2022

31. MAC Protocols for IEEE 802.11ah-Based Internet of Things: A Survey

Author

Ferdous A. Barbhuiya, Nurzaman Ahmed, Md. Iftekhar Hussain, and Debashis De

Subjects

Protocol (science), Standardization, Computer Networks and Communications, Computer science, business.industry, Provisioning, Access control, Computer Science Applications, Identification (information), Hardware and Architecture, Problem domain, Signal Processing, Scalability, business, Information Systems, IEEE 802.11ah, Computer network

Abstract

The IEEE 802.11ah, also known as WiFi HaLow, is a scalable solution for medium-range communication in Internet of Things (IoT). While provisioning support for the IoT and Machine-to-Machine (M2M) communication, IEEE 802.11ah leverages various innovative Medium Access Control (MAC) layer concepts such as Restricted Access Window (RAW), hierarchical Association IDentification (AID), Traffic Indication Map (TIM) Segmentation etc. This paper presents a survey on various MAC protocols for IEEE 802.11ah. While discussing the essential features of IEEE 802.11ah, this survey points out various issues and limitations of such MAC protocols. Although there are some surveys available for MAC protocols of IEEE 802.11ah, they do not include a large number of schemes that have been recently proposed to solve different standardization and implementation-based issues. This paper individually surveys issues and challenges in the different problem domains of IEEE 802.11ah MAC protocol and analyzes the recently proposed solutions. Moreover, this paper identifies various factors for further improvement of these protocols. Compared to other relevant surveys, this paper emphasizes the issues and challenges to enable researchers to easily identify the problem domain.

Published

2022

32. An Access Control Scheme Using Heterogeneous Signcryption for IoT Environments

Author

Muhammad Asghar Khan, Hira Zahid, Fahad Algarni, and Insaf Ullah

Subjects

Scheme (programming language), business.industry, Computer science, Access control, Computer Science Applications, Biomaterials, Mechanics of Materials, Modeling and Simulation, Electrical and Electronic Engineering, business, Internet of Things, computer, Computer network, computer.programming_language, Signcryption

Published

2022

33. Scalable, Confidential and Survivable Software Updates

Author

Federico Magnanini, Luca Ferretti, and Michele Colajanni

Subjects

transparency, Authentication, survivability, business.industry, Computer science, Software updates, Survivability, Access control, Context (language use), proprietary software, Encryption, Software, Computational Theory and Mathematics, Hardware and Architecture, High availability, Signal Processing, Single point of failure, business, Computer network

Abstract

Software update systems must guarantee high availability, integrity and security even in presence of cyber attacks. We propose the first survivable software update framework for the secure distribution of confidential updates that is based on a distributed infrastructure with no single points of failure. Previous works guarantee either survivability or confidentiality of software updates but do not ensure both properties. Our proposal is based on an original application of a multi-authority attribute-based encryption scheme in the context of decentralized access control management that avoids single-point-of-vulnerability. We describe the original framework, propose the protocols to implement it, and demonstrate its feasibility through a security and performance evaluation.

Published

2022

34. Efficient and Secure Attribute-Based Access Control With Identical Sub-Policies Frequently Used in Cloud Storage

Author

Peilin Hong, Jianan Hong, David S. L. Wei, Na Gai, Nenghai Yu, and Kaiping Xue

Subjects

business.industry, Computer science, Overhead (computing), Access control, Cryptography, Plaintext, Electrical and Electronic Engineering, business, Semantic security, Encryption, Secret sharing, Cloud storage, Computer network

Abstract

Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this paper, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

Published

2022

35. An efficient fine-grained data access control system with a bounded service number

Author

Xin Liu, Hao Wang, Bo Zhang, and Bin Zhang

Subjects

Scheme (programming language), Information Systems and Management, Revocation, Computer science, business.industry, Access control, Cloud computing, Encryption, Computer Science Applications, Theoretical Computer Science, Data sharing, Artificial Intelligence, Control and Systems Engineering, Ciphertext, Verifiable secret sharing, business, computer, Software, Computer network, computer.programming_language

Abstract

In a data access control system oriented toward the cloud storage environment, a data owner defines attribute-based access control policies for data files to realize fine-grained data sharing. However, the existing schemes have defects in user execution efficiency and user privacy protection, and they do not consider the problems of user revocation and attribute updates. To this end, we propose a ciphertext policy attribute-based encryption method with verifiable outsourced decryption; this requires a user to complete decryption with the help of a server, but the results of the outsourced decryption can be verified independently. With this new encryption scheme and the technique of k-times anonymous authentication, a new fine-grained data access control system was constructed; this system allows a server to provide users with outsourced decryption services, and users’ computation cost is independent of the size of the underlying access control policy. Moreover, the number of outsourced decryption requests is limited. In addition, the new system supports user revocation and attribute updates and it is provably secure under formal proofs. An efficiency analysis shows that it can be compared with other similar systems in terms of performance, despite the addition of several practical properties.

Published

2022

36. A Collateral Sensor Data Sharing Framework for Decentralized Healthcare Systems

Author

Krishna Prasad Satamraju, Shafi Shahsavar Mirza, Zia Ur Rahman, Aime Lay-Ekuakille, and Sala Surekha

Subjects

MQTT, Computer science, business.industry, Access control, Application layer, Data sharing, Packet loss, Scalability, The Internet, Electrical and Electronic Engineering, business, Instrumentation, Database transaction, Computer network

Abstract

Healthcare is one of the largest domains across the globe both in terms of employment and income generation. It is continuously evolving and exploiting new technological dimensions to incorporate innovations for providing universal health coverage. Sharing of data collected by various sensors deployed at the patient’s end is a growing solicitude in healthcare as the privacy of the personal healthcare data is of paramount importance. In this paper, a blockchain based healthcare framework is proposed to address the problems related to the sensor-based patient vital body parameters collection, monitoring, secured data storage and sharing among different stakeholders. This framework uses Internet of Medical Things (IoMT) devices interfaced with MAX30205 (human body temperature), and a blood pressure including heart-rate measuring device to collect the patient vital parameters. A Markov state chain is modeled to monitor the patient medical states through various phases during the treatment and monitoring process. Application layer protocols MQTT, CoAP, and AMQP are evaluated for latency and packet loss during data transfers. Ethereum permissioned blockchain is used to deploy the proposed model. Smart contracts provide access control only to the authorized users. A comparative analysis is provided in the end to highlight the merits of the proposed model over the existing similar methods. Due to the parallelism and use of blockchain, the system reports 80% improvement in terms of nodes and transaction scalability compared to the existing systems.

Published

2021

37. STREAM: Medium Access Control With Station Presence Awareness in Crowded Networks

Author

Paa Kwesi Esubonteng and Roberto Rojas-Cessa

Subjects

Service (systems architecture), Computer Networks and Communications, business.industry, Computer science, Wireless network, Quality of service, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Markov process, Throughput, Access control, Computer Science Applications, symbols.namesake, IEEE 802.11, Control and Systems Engineering, symbols, Electrical and Electronic Engineering, business, Information Systems, Computer network, Communication channel

Abstract

In this article, we propose a medium access control (MAC) scheme, called STation pREsence-Aware MAC (STREAM), that offers equal contention opportunities to the stations in a network. STREAM is designed to preserve its performance in crowded and high-traffic networks. The scheme improves channel access, utilization, and service fairness of stations. STREAM detects collided transmissions or idle events in the network to estimate the number of active stations. STREAM sets the contention period as a function of the number of stations in the network. As a result, the number of contention opportunities is enlarged and the access to the transmission channel in the network is improved. In this way, STREAM overcomes the performance degradation of IEEE 802.11 under heavy traffic and crowded networks. We analyze the throughput of STREAM, fairness of service, and the probability that a station experiences collisions as a function of the number of stations in the network. We also present performance evaluations and comparisons with IEEE 802.11 and other high-performing schemes. We extend the application of STREAM on traffic with different priorities and quality of service. Our evaluations show that STREAM outperforms IEEE 802.11 and the compared schemes. We show that STREAM is an ideal candidate as a fallback mechanism for IEEE 802.11 under overwhelming conditions.

Published

2021

38. SILedger: A Blockchain and ABE-based Access Control for Applications in SDN-IoT Networks

Author

Mohsen Guizani, Wei Ren, Hong Luo, and Yan Sun

Subjects

Security analysis, Blockchain, Computer Networks and Communications, business.industry, Computer science, Access control, Permission, Encryption, Security token, Scalability, Electrical and Electronic Engineering, business, Software-defined networking, Computer network

Abstract

The Software Defined Network in Internet of Things (SDN-IoT) is enjoying growing popularity due to its flexibility, automaticity and programmability. However, there still lack proper permission management on SDN-IoT applications (SIApps), especially when the SIApp’s required northbound interfaces are located in multiple heterogeneous controllers without mutual trust. Existing access control methods are usually based on centralized models, proprietary controllers, trusting conditions or manual operation. It can incur unnecessary performance degradation and poor scalability. To solve this problem, this paper proposes the SIApps’ ledger (SILedger), an open, trusted, and decentralized access control mechanism based on blockchain and attribute-based encryption (ABE). It can not only support effective authorization of SIApps in heterogeneous and untrusted SDN-IoT control domains, but also record all interactions between SIApps and resources, and thus facilitate SIApps’ further charging, analysis and audit. The main idea is that the SIApps are authorized using access tokens encrypted by ABE, and these tokens are seen as the currency of blockchain to be distributed. Specifically, we re-design blockchain transaction, token encryption, token initialization and token update schemes to achieve cross-domain, fine-grained and flexible SIApps’ permission management. In order to mitigate the delay and complexity problem of blockchain and ABE, we devise the access control framework that separates authorization from call process of SIApps. Finally, we perform security analysis and implement a FISCO-BCOS-based prototype for SILedger. The experimental results show that it can provide effective access control for SIApps with negligible overheads.

Published

2021

39. A decentralized framework for device authentication and data security in the next generation internet of medical things

Author

B. Malarkodi and Krishna Prasad Satamraju

Subjects

Authentication, Cryptographic primitive, Computer Networks and Communications, business.industry, Computer science, Data integrity, Authentication protocol, Data security, Access control, Cryptography, business, Computer network, Vulnerability (computing)

Abstract

Internet of Things (IoT) applications have gained a huge momentum and have spanned across all domains adding innovations to the prevailing solutions. The IoT networks generate enormous data comprising meteorological information, patient critical body parameters, finance, logistics, location of a tracking object, etc. Security for sensitive data,such as patient body critical parameters from an attached monitoring device, streaming over IoT networks is vital and is a need of the hour. Data integrity and user (or device) authentication are crucial for building a trust-worthy communication network among the peers in IoT networks. Most networks still employ specific software encryption algorithms that provide considerable data security. But quantum computing has proved the vulnerability of computationally vigorous cryptographic algorithms. A decentralized and scalable framework for device authentication and data security is proposed in this paper based on blockchain platform and Physical Unclonable Functions (PUFs). An authentication protocol is developed using PUF-based cryptographic primitives. The PUF-based keys are hard to replicate and almost impossible to predict because of the randomness in the physical design and complex mathematical modeling of the system. Lightweight Smart contracts are used to facilitate role-based access control. Data privacy is preserved by storing the sensitive data off-chain. As a proof of concept, an IoT-based healthcare system based on Ethereum permissioned blockchain is developed using the proposed framework. The​ designed PUF exhibits 48.46% uniqueness and 2.38% reliability. A comparative analysis with existing similar models shows that the proposed approach is feasible and provides a scalable solution for device authentication and data security in resource-limited medical IoT networks.

Published

2021

40. ECC-based lightweight authentication and access control scheme for IoT E-healthcare

Author

Qiao Yan, Hailong Yao, Caihui Lan, Zhibin Zhang, and Xingbing Fu

Subjects

Authentication, Security analysis, Computer science, business.industry, Physical unclonable function, Data security, Access control, Theoretical Computer Science, Secure communication, Body area network, Key (cryptography), Geometry and Topology, business, Software, Computer network

Abstract

The E-healthcare system has a complex architecture, diverse business types, and sensitive data security. To meet the secure communication and access control requirements in the user-medical server, user-patient, patient-medical server and other scenarios in the E-healthcare system, secure and efficient authenticated key agreement and access authorization scheme need to be studied. However, the existing multi-server solutions do not consider the authentication requirements of the Wireless Body Area Network(WBAN), and are not suitable for user-patient, patient-medical server scenarios; most of the existing WBAN authentication scheme are single-server type, which are difficult to meet the requirements of multi-server applications; the study of user-patient real-time scenarios has not received due attention. This work first reveals the structural flaws and security vulnerabilities of the existing typical schemes, and then proposes an authentication and access control architecture suitable for multiple scenarios of the E-healthcare system with separate management and business, and designs a novel ECC-based multi-factor remote authentication and access control scheme for E-healthcare using physically uncloneable function (PUF) and hash. Security analysis and efficiency analysis show that the new scheme has achieved improved functionality and higher security while maintaining low computational and communication overhead.

Published

2021

41. BFR-SE: A Blockchain-Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine-Grained Access Control in Cloud Environment

Author

Shoushan Luo, Hongmin Gao, Zhaofeng Ma, Yanping Xu, and Xiaodan Yan

Subjects

Scheme (programming language), Technology, Blockchain, Article Subject, Computer Networks and Communications, Computer science, business.industry, Access control, Cloud computing, TK5101-6720, Bloom filter, Service provider, Encryption, Telecommunication, Overhead (computing), Electrical and Electronic Engineering, business, computer, Information Systems, computer.programming_language, Computer network

Abstract

Due to capacity limitations, large amounts of data generated by IoT devices are often stored on cloud servers. These data are usually encrypted to prevent the disclosure, which significantly affects the availability of this data. Searchable encryption (SE) allows a party to store his data created by his IoT devices or mobile in encryption on the cloud server to protect his privacy while retaining his ability to search for data. However, the general SE techniques are all pay-then-use. The searchable encryption service providers (SESP) are considered curious but honest, making it unfair and unreliable. To address these problems, we combined ciphertext-policy attribute-based encryption, Bloom filter, and blockchain to propose a blockchain-based fair and reliable searchable encryption scheme (BFR-SE) in this paper. In BFR-SE, we constructed an attribute-based searchable encryption model that can provide fine-grained access control. The data owner stores the indices on SESP and stores some additional auxiliary information on the blockchain. After a data user initiates a request, SESP must return the correct and integral search results before the deadline. Otherwise, the data user can send an arbitration request, and the blockchain will make a ruling. The blockchain will only perform arbitrations based on auxiliary information when disputes arise, saving the computing resources on-chain. We analyzed the security and privacy of BFR-SE and simulated our scheme on the EOS blockchain, which proves that BFR-SE is feasible. Meanwhile, we provided a thorough analysis of storage and computing overhead, proving that BFR-SE is practical and has good performance.

Published

2021

42. A Review of MAC Layer for Wireless Body Area Network

Author

Manjot Kaur, Rohit Bajaj, and Navneet Kaur

Subjects

Computer science, business.industry, Reliability (computer networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Biomedical Engineering, Time division multiple access, Access control, General Medicine, Human health, Aloha, Body area network, Layer (object-oriented design), business, Computer network

Abstract

The Wireless Body Area Network (WBAN), which comprises of a set of tiny, invasive/non-invasive, light-weight, high-energy-efficient biosensors that monitor human health for early diagnosis and therapy, has lately received a lot of interest from researchers. As present and rising tendencies in communications included with the tendencies in microelectronics and embedded system technologies the existing tech- niques of IEEE 802.15.4 and IEEE 802.15.6 standards are explored in WBANs. As a consequence, discussed the challenges of MAC layer in WBAN. Secondly, different multiple access techniques along with TDMA, CSMA/CA, Slotted Aloha and Hybrid are explored in terms of design goals. In literature, a number of Medium Access Control (MAC) protocols for WBANs have been suggested for addressing the partic- ular challenges associated with reliability, delay, collision and energy within the new research area. The design of MAC protocols is primarily based on multiple access techniques. Finally the general parameters of some popular MAC protocols are highlighted as performance metrics of WBANs.

Published

2021

43. Design of the Wireless Network Hierarchy System of Intelligent City Industrial Data Management Based on SDN Network Architecture

Author

Jianmin Hu and Wenken Tan

Subjects

Network architecture, Science (General), Article Subject, Computer Networks and Communications, Wireless network, Gateway (telecommunications), business.industry, Computer science, Data management, Access control, Q1-390, Smart city, Management system, T1-995, business, Protocol (object-oriented programming), Technology (General), Information Systems, Computer network

Abstract

With the rapid development of the industrial Internet of Things and the comprehensive popularization of mobile intelligent devices, the construction of smart city and economic development of wireless network demand are increasingly high. SDN has the advantages of control separation, programmable interface, and centralized control logic. Therefore, integrating this technical concept into the smart city data management WLAN network not only can effectively solve the problems existing in the previous wireless network operation but also provide more functions according to different user needs. In this case, the traditional WLAN network is of low cost and is simple to operate, but it cannot guarantee network compatibility and performance. From a practical perspective, further network compatibility and security are a key part of industrial IoT applications. This paper designs the network architecture of smart city industrial IoT based on SDN, summarizes the access control requirements and research status of industrial IoT, and puts forward the access control requirements and objectives of industrial IoT based on SDN. The characteristics of the industrial Internet of Things are regularly associated with data resources. In the framework of SDN industrial Internet of Things, gateway protocol is simplified and topology discovery algorithm is designed. The access control policy is configured on the gateway. The access control rule can be dynamically adjusted in real time. An SDN-based intelligent city industrial Internet of Things access control function test platform was built, and the system was simulated. The proposed method is compared with other methods in terms of extension protocol and channel allocation algorithm. Experimental results verify the feasibility of the proposed scheme. Finally, on the basis of performance analysis, the practical significance of the design of a smart city wireless network hierarchical data management system based on SDN industrial Internet of Things architecture is expounded.

Published

2021

44. A Blockchain-Based CP-ABE Scheme with Partially Hidden Access Structures

Author

Yang Ba, Xuexian Hu, Zenghang Hao, Xincheng Yan, Chen Yue, and Xuewei Li

Subjects

Science (General), Article Subject, Computer Networks and Communications, Computer science, business.industry, Big data, Access control, Encryption, Data sharing, Q1-390, Data integrity, Ciphertext, Key (cryptography), T1-995, business, Technology (General), Information Systems, Access structure, Computer network

Abstract

Data sharing has become a key technology to break down data silos in the big data era. Ciphertext-policy attribute-based encryption (CP-ABE) is widely used in secure data-sharing schemes to realize flexible and fine-grained access control. However, in traditional CP-ABE schemes, the access structure is directly shared along with the ciphertext, potentially leading to users’ private information leakage. Outsourcing data to a centralized third party can easily result in privacy leakage and single-point bottlenecks, and the lack of transparency in data storage and sharing casts doubts whether users’ data are safe. To address these issues, we propose a blockchain-based CP-ABE scheme with partially hidden access structures (BCP-ABE-PHAS) to achieve fine-grained access control while ensuring user privacy. First, we propose an efficient CP-ABE scheme with partially hidden access structures, where the ciphertext size is constant. To assist data decryption, we design a garbled Bloom filter to help users quickly locate the position of wildcards in the access structure. Then, to improve storage efficiency and system scalability, we propose a data storage scheme that combines blockchain technology and the interplanetary file system, ensuring data integrity. Finally, we employ smart contracts for a transparent data storage and sharing process without third-party participation. Security analysis and performance evaluation show that the proposed BCP-ABE-PHAS scheme can preserve policy privacy with efficient storage and low computational overhead.

Published

2021

45. Analysis of Security-Based Access Control Models for Cloud Computing

Author

Nanhay Singh and Sandeep Choudhary

Subjects

Human-Computer Interaction, Computer Networks and Communications, business.industry, Computer science, Cloud computing, Access control, business, Computer Science Applications, Computer network

Abstract

Access control has become the most necessary requirement to limit unauthorized and privileged access to information systems in cloud computing. Access control models counter the additional security challenges like rules, domain names, job allocation, multi hosting and separation of tasks. This paper classifies the conventional and modern access control models which has been utilized to restrain these access flaws by employing a variety of practices and methodologies. It examine the frequent security threats to information confidentiality, integrity, data accessibility and their approach used for cloud solutions. This paper proposed a priority based task scheduling access control (PbTAC) model to secure and scheduled access of resources & services rendered to cloud user. PbTAC model will ensure the job allocation, tasks scheduling and security of information through its rule policies during transmission between parties. It also help in reducing system overhead by minimize the computation and less storage cost.

Published

2021

46. Mutual Authentication Scheme for the Device-to-Server Communication in the Internet of Medical Things

Author

Fazlullah Khan, Jiangfeng Sun, Junxia Li, Mohammad Dahman Alshehri, Ryan Alturki, and Mohammad Wedyan

Subjects

Authentication, Computer Networks and Communications, business.industry, Computer science, 0805 Distributed Computing, 1005 Communications Technologies, Access control, Mutual authentication, Encryption, Computer Science Applications, Secure communication, Hardware and Architecture, Server, Signal Processing, The Internet, business, Mobile device, Information Systems, Computer network

Abstract

Internet of Medical Things (IoMT) is an application-specific extension of the generalized Internet of Things (IoT) to ensure reliable communication among devices $C_{i}$ , designed for the medical industry. However, a challenging issue associated with these networks, i.e., IoMT and IoT, is to ensure the authenticity of both source and destination modules and further guarantee the integrity of the multimodal data in the emergencies such as the COVID-19 pandemic. Various mechanisms for device authentication have been presented in the literature to resolve both devices and data’s authenticity, integrity, and privacy. Still, authentication of mobile device-to-server (in both homogeneous and heterogeneous IoMT) is not explicitly addressed for the black-hole attack. In this article, a device-to-server and vice versa mutual authentication scheme are presented to ensure secure communication sessions among numerous mobile devices $C_{i}$ and server $S_{j}$ in the operational IoMT. The proposed scheme is a hybrid of medium access control (MAC) and enhanced on-demand vector (EAODV)-enabled routing schemes. In the proposed scheme, an offline phase is introduced to complete the registration process of member devices with the concerned server module. It blocks every possible entry of the potential intruder devices $A_{k}$ in the operational IoMT. A mobile device $C_{i}$ interested in initiating a communication session with a particular server $S_{j}$ is needed to pass the mutual authentication process. As a result, only registered devices $C_{i}$ are allowed to communicate. Additionally, a reliable encryption and decryption scheme is used to ensure data reliability during these communication sessions. Simulation results verify the exceptional performance of the proposed mutual authentication scheme in terms of authenticity, security, and integrity of both devices and data in the operational IoMT.

Published

2021

47. Association Control for User Centric Millimeter Wave Communication Systems

Author

Siyoung Choi, Saewoong Bahk, and Jin-Ghoo Choi

Subjects

Optimization problem, Computer Networks and Communications, Computer science, business.industry, Aerospace Engineering, Access control, Communications system, Load management, Base station, User equipment, Automotive Engineering, Wireless, Electrical and Electronic Engineering, business, Computer network, Data transmission

Abstract

Millimeter wave (mmWave) communication enables ultra-high rate data transmission in wireless environments, but its performance depends on blockages between the transmitter and receiver significantly. To overcome the blockage problem, we consider two approaches: multi-connectivity and network densification. The multi-connectivity opens up a new paradigm for user centric communication, where each user autonomously chooses multiple base stations (BSs) to attain high quality services. The network densification allows network operators to deploy many BSs in a limited area, thereby providing qualified communication services to users. In this paper, we study user equipment (UE) association control in user centric mmWave communication environments. When a UE arrives, the network provides the UE with information on the resource status of adjacent BSs, and the UE generates a set of candidate BSs. For access control, we formulate two optimization problems that aim to minimize peak load and sum load, respectively. They are non-convex and combinatorial, so their computational complexity grows exponentially with the problem size. As a solution, we develop an access pricing and peak load limit control scheme. Through numerical experiments, we investigate its impact on the performance of mmWave communication systems. The results show that our proposed scheme successfully provides high quality services to users and allocates the network load fairly over the network.

Published

2021

48. Capability-based IoT access control using blockchain

Author

Yue Liu, He Zhang, Qinghua Lu, Hugo O'Connor, Kim-Kwang Raymond Choo, Qiang Qu, and Shiping Chen

Subjects

Internet of things, Architecture design, Computer Networks and Communications, Service delivery framework, business.industry, Computer science, 020206 networking & telecommunications, Access control, Information technology, 02 engineering and technology, T58.5-58.64, Identity management, Identifier, Blockchain, 020210 optoelectronics & photonics, Hardware and Architecture, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Identity (object-oriented programming), Architecture, business, Capability-based access control, Protocol (object-oriented programming), Computer network

Abstract

Internet of Things (IoT) devices facilitate intelligent service delivery in a broad range of settings, such as smart offices, homes and cities. However, the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures. There are known security and privacy limitations with such schemes and architectures, such as the single-point failure or surveillance (e.g., device tracking). Hence, in this paper, we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices. Then, we propose a protocol to provide a systematic view of system interactions, to improve security. We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case. Our evaluation results show that the proposed solution is feasible, secure, and scalable.

Published

2021

49. DiLSe: Lattice-Based Secure and Dependable Data Dissemination Scheme for Social Internet of Vehicles

Author

Neeraj Kumar, Abderrahim Benslimane, Rajat Chaudhary, Amuleen Gulati, Mohammad S. Obaidat, and Gagangeet Singh Aujla

Subjects

021110 strategic, defence & security studies, business.industry, Computer science, Deep learning, 0211 other engineering and technologies, Cryptography, Access control, Fault tolerance, 02 engineering and technology, Network congestion, Secure communication, The Internet, Artificial intelligence, Electrical and Electronic Engineering, business, Dissemination, Computer network

Abstract

With the evolution of the Internet of Vehicles (IoV), there has been an overwhelming increase in the number of connected vehicles in recent times. Due to this reason, massive amounts of data generated by connected vehicles makes traditional host-centric approach inevitable in IoV ecosystem. Moreover, the existing TCP/IP based congestion control mechanisms cannot be directly applied in IoV environment as there is a requirement of content sharing among vehicles with reduced delay and high throughput. So, in this article, 1 1. This article is an extended version of paper entitled “Deep Learning-based Content Centric Data Dissemination Scheme for Internet of Vehicles“ published in IEEE ICC, 20-24 May 2018, Kansas City, USA DiLSe: A Lattice-based Secure and Dependable Data Dissemination Scheme for Social Internet of Vehicles is designed, which works in three modules. The first module, i.e., deep learning based content centric data dissemination scheme, works in three phases. 1) In the first phase, the connection probability of vehicles is computed to identify stable and reliable connections using Weiner process model. 2) In the second phase, a convolutional neural network based scheme is presented for estimating the social relationship score among vehicle-to-vehicle pair. 3) In the third phase, a content centric data dissemination scheme is presented. However, the mobility of vehicles in IoV ecosystem gives them the liberty to move in/out of the network without IP assignment. This makes it necessary to replicate the content at each node for providing fault tolerance. So, in the second module, a data replication scheme for fault tolerance in IoV network is designed, which is followed by an access control mechanism for read/right access for network content in third module. Finally, in the last module, a crucial lattice-based exchange and authentication scheme using blockchain is also designed for handling secure communication in IoV ecosystem. The proposed scheme is evaluated on a highway topology using extensive simulations. The results obtained prove the efficacy of the proposed scheme concerning various performance metrics.

Published

2021

50. A fine-grained anonymous handover authentication protocol based on consortium blockchain for wireless networks

Author

Bin Zhang, Siqi Lu, Guangsong Li, and Wei Chen

Subjects

Scheme (programming language), Authentication, Computer Networks and Communications, Computer science, business.industry, Wireless network, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Access control, Theoretical Computer Science, Handover, Artificial Intelligence, Hardware and Architecture, SAFER, Cellular network, business, computer, Protocol (object-oriented programming), Software, computer.programming_language, Computer network

Abstract

Given the ubiquitous nature of wireless networks in today's society, protecting users' information and identity during handover authentication is paramount. Mobile network operators hope to implement a more flexible and fine-grained authentication to provide better and safer services. In this paper, we propose a new multi-attribute authority attribute-based signature (MA-ABS) scheme that has a constant-size signature. More specifically, we propose an anonymous handover authentication protocol that uses MA-ABS and consortium blockchain. This new protocol not only has fine-grained access control, but it protects the user's privacy and ensures an efficient and private handover.

Published

2021