Designing secure blockchain-based access control scheme in IoT-enabled Internet of Drones deployment

The Internet of Drones (IoD) is widely used in a wide range of applications from military to civilian applications from the past years. However, during communication either with the control room/ground station server(s) or moving access points in the sky, security and privacy is one the crucial issues which needs to be tackled efficiently. In this direction, blokchain technology can be one of the viable solutions due to the immutability and traceability of various transactions and decentralized nature. In this paper, we provide in-depth challenges and issues of applicability of blokchain in 5G-based Internet of Things (IoT)-enabled IoD environment. We propose and analyze a new blokchain based secure framework for data management among IoD communication entities. The proposed scheme has ability to resist several potential attacks that are essential in IoT-enabled IoD environment. A detailed comparative analysis exhibits that the proposed scheme offers better security and functionality requirements, and also provides less communication and computation overheads as compared to other related schemes.

Blockchain-Envisioned Secure Data Delivery and Collection Scheme for 5G-Based IoT-Enabled Internet of Drones Environment

For secure communication between any two neighboring sensing devices on the Internet of Things (IoT) environment, it is essential to design a secure device access control and key agreement protocol, in which the two phases, namely, “node authentication” and “key agreement” are involved. While the node authentication allows two sensing devices to authenticate each other using their own pre-loaded secret credentials in memory, the key agreement phase permits to establish a secret key between them if the mutual authentication is successful. In this paper, we propose a new certificate-based “lightweight access control and key agreement protocol in the IoT environment, called LACKA-IoT,” that utilizes the elliptic curve cryptography (ECC) along with the “collision-resistant one-way cryptographic hash function.” Through a detailed security analysis using the formal security under the “Real-Or-Random (ROR) model,” informal (non-mathematical) security analysis, and formal security verification using the broadly used “Automated Validation of Internet Security Protocols and Applications (AVISPA)” tool, we show that the LACKA-IoT can protect various known attacks that are needed for a secure device access control mechanism in the IoT. Furthermore, through a comparative study of the LACKA-IoT and other relevant schemes, we show that there is a better tradeoff among the security and functionality features and communication and computational costs of the LACKA-IoT as compared to other schemes. Finally, the “practical demonstration using the NS2 simulation” has been carried out on the LACKA-IoT to measure various network parameters.

/pdf/provably-secure-ecc-based-device-access-control-and-key-4zim3xc007.pdf

Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment

User access control is a crucial requirement in any Internet of Things (IoT) deployment, as it allows one to provide authorization, authentication, and revocation of a registered legitimate user to access real-time information and/or service directly from the IoT devices. To complement the existing literature, we design a new three-factor certificateless-signcryption-based user access control for the IoT environment (CSUAC-IoT). Specifically, in our scheme, a user $U$ ’s password, personal biometrics, and mobile device are used as the three authentication factors. By executing the login and access control phase of CSUAC-IoT, a registered user $(U)$ and a designated smart device $(S_{i})$ can authorize and authenticate mutually via the trusted gateway node (GN) in a particular cell of the IoT environment. In our setting, the environment is partitioned into disjoint cells, and each cell will contain a certain number of IoT devices along with a GN. With the established session key between $U$ and $S_{i}$ , both entities can then communicate securely. In addition, CSUAC-IoT supports new IoT devices deployment, user revocation, and password/biometric update functionality features. We prove the security of CSUAC-IoT under the real-or-random (ROR) model, and demonstrate that it can resist several common attacks found in a typical IoT environment using the AVISPA tool. A comparative analysis also reveals that CSUAC-IoT achieves better tradeoff for security and functionality, and computational and communication costs, in comparison to five other competing approaches.

Certificateless-Signcryption-Based Three-Factor User Access Control Scheme for IoT Environment

Among other security concerns, the reliable device to device direct communication is an important research aspect in sensor cloud system application of Internet of things (IoT). The access control mechanism can ensure the reliability through secure communication among two IoT devices without mediation of intermediate agent. Mainly, it requires twofold strategy involving the authentication of each other and session key establishment. Quite recently, in 2019, Das et al. proposed a certificate based lightweight access control and key agreement scheme for IoT devices (LACKA-IoT) to ensure smooth and secure access control and claimed LACKA-IoT to withstand the several attacks. Specifically, it is claimed that LACKA-IoT can resist device impersonation and man in middle attacks. However, the proof in this article refutes their claim and it is shown here, that LACKA-IoT is insecure against both device impersonation and man in middle attacks. An adversary just by using public parameters and by listening the communication channel can impersonate any device. Moreover, the same can also launch successful man in middle attack using public parameters and listened messages from public channel. An improved protocol iLACKA-IoT is then proposed in the paper. The iLACKA-IoT provides resistance against various types of threats and provides the required level of security, for evidence both formal validation through random or real (ROR) model as well as the informal validation through discussion on attack resilience is provided. The iLACKA-IoT is not only better in security but also provides performance efficiency as compared with LACKA-IoT and related schemes.

/pdf/a-secure-and-reliable-device-access-control-scheme-for-iot-1dmvzflnri.pdf

A Secure and Reliable Device Access Control Scheme for IoT Based Sensor Cloud Systems

Nowadays wireless sensor network (WSN) is increasingly being used in the Internet of Things (IoT) for data collection, and design of an access control scheme that allows an Internet user as part of IoT to access the WSN becomes a hot topic. A lot of access control schemes have been proposed for the WSNs in the context of the IoT. Nevertheless, almost all of these schemes assume that communication nodes in different network domains share common system parameters, which is not suitable for cross-domain IoT environment in practical situations. To solve this shortcoming, we propose a more secure and efficient access control scheme for wireless sensor networks in the cross-domain context of the Internet of Things, which allows an Internet user in a certificateless cryptography (CLC) environment to communicate with a sensor node in an identity-based cryptography (IBC) environment with different system parameters. Moreover, our proposed scheme achieves known session-specific temporary information security (KSSTIS) that most of access control schemes cannot satisfy. Performance analysis is given to show that our scheme is well suited for wireless sensor networks in the cross-domain context of the IoT.

/pdf/secure-and-efficient-access-control-scheme-for-wireless-3gr8ugeni5.pdf

Secure and Efficient Access Control Scheme for Wireless Sensor Networks in the Cross-Domain Context of the IoT

The communication model of Internet of Things IOT application has some shortcomings in user privacy protection and information security. To solve these shortcomings, we define the formal models of certificateless online/offline signcryption and propose a concrete certificateless online/offline signcryption scheme for IOT environment. Compared with the existing identity-based online/offline signcryption schemes that do not require the plaintext and the receiver's identity in the offline phase, our scheme has the great advantage of the offline computation cost, offline storage, ciphertext length, and receiver computation cost. Moreover, our scheme achieves known session-specific temporary information security, public verifiability with confidentiality and no key escrow problem. Copyright © 2013 John Wiley & Sons, Ltd.

A security communication model based on certificateless online/offline signcryption for Internet of Things

With the rapid development of the Internet of Things (IoT), vehicular ad hoc networks (VANETs) have gradually become a research hotspot. A number of Conditional Privacy-preserving Authentication (CPPA) schemes have been proposed to protect the security and privacy of the VANETs communication. However, most of them can only provide one function between signature and signcryption, making it difficult to meet the needs of complex application scenarios. Moreover, the majority of CPPA schemes allow a Trusted Authority (TA) to expose the malicious message's sender, but they can hardly prove the authenticity of the tracking result. Therefore, we propose a new CPPA protocol to solve these problems. In our protocol, generalized ring signcryption is introduced to provide ring signature mode and ring signcryption mode in one algorithm to satisfy the different security requirements in complex application scenarios. A convenient public verification algorithm is designed to make the tracking result provable and more credible. Furthermore, we prove that our protocol achieves confidentiality, unforgeability, and Known Session-Specific Temporary Information Security (KSSTIS). We also introduce pseudonyms in our protocol to resist the ring selection attack. The performance analysis shows that our protocol has at least 61.84% improvement in computational cost compared with several similar schemes.

An Efficient Conditional Privacy-Preserving Authentication Protocol Based on Generalized Ring Signcryption for VANETs

The rapid development of wireless sensors has accelerated the popularity of wireless body area network (WBAN). WBAN use multiple sensors to collect the patient’s body data, and the data is transferred to the medical cloud for processing and analyzing. In order to protect the data in the medical cloud, some heterogeneous signcryption schemes that support equality test have been proposed. However, we observe that these schemes use the same cryptographic parameters in different cryptographic systems. In addition, most of these schemes cannot resist the replay attack (RRA) or know session temporary key attack (RKSTKA). To deal with these problems, this paper presents a cross domain heterogeneous signcryption scheme with equality test (CDSCET) for WBAN. In CDSCET, the ciphertexts are from certificateless cryptographic system to public key infrastructure, where two different cryptosystems use different cryptographic parameters. CDSCET can realize confidentiality, integrity, authentication, RRA and RKSTKA. Moreover, compared with three latest schemes, CDSCET has reduced the total computation cost by at least 56.46%. 

/pdf/cross-domain-heterogeneous-signcryption-scheme-with-equality-1bjixfqd.pdf

Cross Domain Heterogeneous Signcryption Scheme with Equality Test for WBAN

The Wireless body area network (WBAN) is a network composed of sensors communicating through wireless technology, these sensors can capture and encrypt the physiological data of the human body and transmit it to a remote cloud server for use by authorized users. However, how to retrieve and obtain the encrypted data has become a problem that must be solved. Nowadays, searchable encryption with keywords (SEK) is a widely used technology to solve this problem. Nevertheless, there are some problems that need to be noted. First, SEK is vulnerable to keyword guessing attack (KGA) and inside keyword guessing attack (IKGA). Second, since the sender and receiver are likely to work under different cryptosystems, the designed scheme should satisfy heterogeneity. Third, the communication parties in heterogeneous domain usually use different cryptographic system parameters, achieving cross-domain authentication between these communication parties can greatly improve the practicability of the scheme. To address these issues, we put forward a new searchable signcryption scheme for WBAN. Under the complexity of computational assumptions, the proposed scheme is proved to simultaneously achieve ciphertext indistinguishability, trapdoor indistinguishability, ciphertext unforgeability and the resistance of KGA and IKGA in the random oracle model (ROM). Further, our scheme allows the WBAN sensors in the certificateless public key cryptography (CLC) environment and the receivers in the public key infrastructure (PKI) environment to realize cross-domain authentication and heterogeneous communication. Compared to the five existing schemes, the total computation cost of our scheme is reduced by at least 59.99%. 

https://www.researchsquare.com/article/rs-1647848/latest.pdf

Ming Luo

Papers

Secure and Efficient Access Control Scheme for Wireless Sensor Networks in the Cross-Domain Context of the IoT

A security communication model based on certificateless online/offline signcryption for Internet of Things

An Efficient Conditional Privacy-Preserving Authentication Protocol Based on Generalized Ring Signcryption for VANETs

Cross Domain Heterogeneous Signcryption Scheme with Equality Test for WBAN

Cross-domain heterogeneous signcryption with keyword search for wireless body area network