Internet of Things (IoT) allows billions of physical objects to be connected to collect and exchange data for offering various applications, such as environmental monitoring, infrastructure management, and home automation. On the other hand, IoT has unsupported features (e.g., low latency, location awareness, and geographic distribution) that are critical for some IoT applications, including smart traffic lights, home energy management and augmented reality. To support these features, fog computing is integrated into IoT to extend computing, storage and networking resources to the network edge. Unfortunately, it is confronted with various security and privacy risks, which raise serious concerns towards users. In this survey, we review the architecture and features of fog computing and study critical roles of fog nodes, including real-time services, transient storage, data dissemination and decentralized computation. We also examine fog-assisted IoT applications based on different roles of fog nodes. Then, we present security and privacy threats towards IoT applications and discuss the security and privacy requirements in fog computing. Further, we demonstrate potential challenges to secure fog computing and review the state-of-the-art solutions used to address security and privacy issues in fog computing for IoT applications. Finally, by defining several open research issues, it is expected to draw more attention and efforts into this new architecture.

Securing Fog Computing for Internet of Things Applications: Challenges and Solutions

The smart metering and communication methods used in smart grid are being extensively studied owing to widespread applications of smart grid. Although the monitoring and control processes are widely used in industrial systems, the energy management requirements at both service supplier and consumer side for individuals promoted the evolution of smart grid. In this paper, it is aimed to disclose in a clear and clean way that what smart grid is and what kind of communication methods are used. All components of a smart grid are introduced in a logical way to facilitate the understanding, and communication methods are presented regarding to their improvements, advantages, and lacking feature. The developing generation, transmission, distribution and customer appliances are surveyed in terms of smart grid integration. The communication technologies are introduced as wireline and wireless classification where the key features are also tabulated. The security requirements of hardware and software in a smart grid are presented according to their cyber and physical structures.

A survey on smart metering and smart grid communication

Private information retrieval (PIR) schemes allow a user to retrieve the ith bit of an n-bit data string x, replicated in k?2 databases (in the information-theoretic setting) or in k?1 databases (in the computational setting), while keeping the value of i private. The main cost measure for such a scheme is its communication complexity. In this paper we introduce a model of symmetrically-private information retrieval (SPIR), where the privacy of the data, as well as the privacy of the user, is guaranteed. That is, in every invocation of a SPIR protocol, the user learns only a single physical bit of x and no other information about the data. Previously known PIR schemes severely fail to meet this goal. We show how to transform PIR schemes into SPIR schemes (with information-theoretic privacy), paying a constant factor in communication complexity. To this end, we introduce and utilize a new cryptographic primitive, called conditional disclosure of secrets, which we believe may be a useful building block for the design of other cryptographic protocols. In particular, we get a k-database SPIR scheme of complexity O(n1/(2k?1)) for every constant k?2 and an O(logn)-database SPIR scheme of complexity O(log2n·loglogn). All our schemes require only a single round of interaction, and are resilient to any dishonest behavior of the user. These results also yield the first implementation of a distributed version of (n1)-OT (1-out-of-n oblivious transfer) with information-theoretic security and sublinear communication complexity.

Protecting Data Privacy in Private Information Retrieval Schemes.

The smart grid is arguably one of the most complex cyber-physical systems (CPS). Complex security challenges have been revealed in both the physical and the cyber parts of the smart grid, and an integrative analysis on the cyber-physical (CP) security is emerging. This paper provides a comprehensive and systematic review of the critical attack threats and defence strategies in the smart grid. We start this survey with an overview of the smart grid security from the CP perspective, and then focuses on prominent CP attack schemes with significant impact on the smart grid operation and corresponding defense solutions. With an in-depth review of the attacks and defences, we then discuss the opportunities and challenges along the smart grid CP security. We hope this paper raises awareness of the CP attack threats and defence strategies in complex CPS-based infrastructures such as the smart grid and inspires research effort toward the development of secure and resilient CP infrastructures.

Cyber-physical attacks and defences in the smart grid: a survey

Review: The role of communication systems in smart grids: Architectures, technical solutions and research challenges

To secure the network communication for the smart grid, it is important that a secure key management scheme is needed. The focus of this paper is on the secure key distribution for the smart grid. In this paper, we first overview the key management scheme recently proposed by Wu-Zhou and show it is vulnerable to the man-in-the-middle attack. Then we propose a new key distribution protocol and demonstrate it is secure and efficient for smart grid network. Applying traditional PKI to the smart grid requires significant work and maintenance of the public key. By using Kerberos to smart grid may lose authentication from the third party due to power outages. Therefore, we propose a scheme for a smart grid using a trusted third party which not only has no issue on key revocation, but also the third party can be easily duplicated in case power outages occur.

Secure Key Distribution for the Smart Grid

Cloud computing has become prevalent due to its nature of massive storage and vast computing capabilities. Ensuring a secure data sharing is critical to cloud applications. Recently, a number of identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the problem. However, the IB-BPRE requires a cloud user (Alice) who wants to share data with a bunch of other users (e.g., colleagues) to participate the group shared key renewal process because Alice's private key is a prerequisite for shared key generation. This, however, does not leverage the benefit of cloud computing and causes the inconvenience for cloud users. Therefore, a novel security notion named revocable identity-based broadcast proxy re-encryption (RIB-BPRE) is presented to address the issue of key revocation in this work. In a RIB-BPRE scheme, a proxy can revoke a set of delegates, designated by the delegator, from the re-encryption key. The performance evaluation reveals that the proposed scheme is efficient and practical.

Revocable Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds

The emergence of cloud infrastructure has significantly reduced the costs of hardware and software resources in computing infrastructure. To ensure security, the data is usually encrypted before it's outsourced to the cloud. Unlike searching and sharing the plain data, it is challenging to search and share the data after encryption. Nevertheless, it is a critical task for the cloud service provider as the users expect the cloud to conduct a quick search and return the result without losing data confidentiality. To overcome these problems, we propose a ciphertext-policy attribute-based mechanism with keyword search and data sharing (CPAB-KSDS) for encrypted cloud data. The proposed solution not only supports attribute-based keyword search but also enables attribute-based data sharing at the same time, which is in contrast to the existing solutions that only support either one of two features. Additionally, the keyword in our scheme can be updated during the sharing phase without interacting with the PKG. In this article, we describe the notion of CPAB-KSDS as well as its security model. Besides, we propose a concrete scheme and prove that it is against chosen ciphertext attack and chosen keyword attack secure in the random oracle model. Finally, the proposed construction is demonstrated practical and efficient in the performance and property comparison.

Secure Keyword Search and Data Sharing Mechanism for Cloud Computing

Cloud computing enables enterprises and individu-1 als to outsource and share their data. This way, cloud computing 2 eliminates the heavy workload of local information infrastruc-3 ture. Attribute-based encryption has become a promising solution 4 for encrypted data access control in clouds due to the ability 5 to achieve one-to-many encrypted data sharing. Revocation is a 6 critical requirement for encrypted data access control systems. 7 After outsourcing the encrypted attribute-based ciphertext to the 8 cloud, the data owner may want to revoke some recipients that 9 were authorized previously, which means that the outsourced 10 attribute-based ciphertext needs to be updated to a new one 11 that is under the revoked policy. The integrity issue arises when 12 the revocation is executed. When a new ciphertext with the 13 revoked access policy is generated by the cloud server, the data 14 recipient cannot be sure that the newly generated ciphertext 15 guarantees to be decrypted to the same plaintext as the originally 16 encrypted data, since the cloud server is provided by a third 17 party, which is not fully trusted. In this paper, we consider 18 a new security requirement for the revocable attribute-based 19 encryption schemes: integrity. We introduce a formal definition 20 and security model for the revocable attribute-based encryption 21 with data integrity protection (RABE-DI). Then, we propose 22 a concrete RABE-DI scheme and prove its confidentiality and 23 integrity under the defined security model. Finally, we present 24 an implementation result and provide performance evaluation 25 which shows that our scheme is efficient and practical. 26

Revocable Attribute-Based Encryption with Data Integrity in Clouds

To manage outsourced encrypted data sharing in clouds, attribute-based proxy re-encryption (ABPRE) has become an elegant primitive. In ABPRE, a cloud server can transform an original recipient's ciphertext to a new one of a shared user's. As the transformation is computation consuming, a malicious cloud server may return an incorrect re-encrypted ciphertext to save its computation resources. Moreover, a shared user may accuse the cloud server of returning an incorrect re-encrypted ciphertext to refuse to pay the cost of using the cloud service. However, existing ABPRE schemes do not support a mechanism to achieve verifiability and fairness. In this paper, a novel verifiable and fair attribute-based proxy re-encryption (VF-ABPRE) scheme is introduced to support verifiability and fairness. The verifiability enables a shared user to verify whether the re-encrypted ciphertext returned by the server is correct and the fairness ensures a cloud server escape from malicious accusation if it has indeed conducted the re-encryption operation honestly. Additionally, we conduct a performance experiment to show the efficiency and practicality of the new VF-ABPRE scheme.

Jinyue Xia

Papers

Secure Key Distribution for the Smart Grid

Revocable Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds

Secure Keyword Search and Data Sharing Mechanism for Cloud Computing

Revocable Attribute-Based Encryption with Data Integrity in Clouds

A Verifiable and Fair Attribute-based Proxy Re-encryption Scheme for Data Sharing in Clouds