With the development of Internet-of-Things (IoT) technology, various types of information, such as social resources and physical resources, are deeply integrated for different comprehensive applications. Social networking, car networking, medical services, video surveillance, and other forms of the IoT information service model gradually change people’s daily lives. Facing the vast amounts of IoT information data, the IoT search technology is used to quickly find accurate information to meet the real-time search needs of users. However, IoT search requires using a large amount of user private information, such as personal health information, location information, and social relations information, to provide personalized services. Employing private information from users will encounter security problems if an effective access control mechanism is missing during the IoT search process. An access control mechanism can effectively monitor the access activities of resources and ensure that authorized users access information resources under legitimate conditions. This survey examines the growing literature on access control for an IoT search. Problems and challenges of access control mechanisms are analyzed to facilitate the adoption of access control solutions in real-life settings. This article aims to provide theoretical, methodological, and technical guidance for IoT search access control mechanisms in large-scale dynamic heterogeneous environments. Based on a literature review, we also analyzed the future development direction of access control in the age of IoT.

A Survey on Access Control in the Age of Internet of Things

Critical infrastructure systems are vital to underpin the functioning of a society and economy. Due to the ever-increasing number of Internet-connected Internet-of-Things (IoT)/Industrial IoT (IIoT), and the high volume of data generated and collected, security and scalability are becoming burning concerns for critical infrastructures in industry 4.0. The blockchain technology is essentially a distributed and secure ledger that records all the transactions into a hierarchically expanding chain of blocks. Edge computing brings the cloud capabilities closer to the computation tasks. The convergence of blockchain and edge computing paradigms can overcome the existing security and scalability issues. In this article, we first introduce the IoT/IIoT critical infrastructure in industry 4.0, and then we briefly present the blockchain and edge computing paradigms. After that, we show how the convergence of these two paradigms can enable secure and scalable critical infrastructures. Then, we provide a survey on the state of the art for security and privacy and scalability of IoT/IIoT critical infrastructures. A list of potential research challenges and open issues in this area is also provided, which can be used as useful resources to guide future research.

/pdf/convergence-of-blockchain-and-edge-computing-for-secure-and-4q1unwc8u4.pdf

Convergence of Blockchain and Edge Computing for Secure and Scalable IIoT Critical Infrastructures in Industry 4.0

In order to ensure the basic security of wireless sensor networks (WSNs), a block encryption algorithm based on chaotic substitution box (S-box) is proposed. In this paper, we generated a new S-box based on the compound chaotic map, sinusoidal chaotic map, Baker map, and linear congruence generator. In addition, the limited computing power and communication capability of WSN are also considered in this paper. The method of generating round subkeys and F function is constructed based on the S-box. The extensive security and performance tests show that the proposed encryption algorithm has high security and low resource consumption which is suitable for WSN.

/pdf/a-novel-block-encryption-algorithm-based-on-chaotic-s-box-16fayu54m8.pdf

A Novel Block Encryption Algorithm Based on Chaotic S-Box for Wireless Sensor Network

A blockchain-empowered AAA scheme in the large-scale HetNet

Cyber-Physical-Social System (CPSS) big data is specified as the global historical data which is usually stored in cloud, the local real-time data which is usually stored in the fog-edge server (FeS) of the mobile terminal devices or sensors, and the social data which is usually stored in the social data server (SdS), moreover adopts a centralized access control mechanism to offer users' access strategy which can easily cause CPSS big data to be tampered with and to be leaked. Therefore, a blockchain-based access control scheme called BacCPSS for CPSS big data is proposed. In BacCPSS, account address of the node in blockchain is used as the identity to access CPSS big data, the access control permission for CPSS big data is redefined and stored in blockchain, and processes of authorization, authorization revocation, access control and audit in BacCPSS are designed, and then a lightweight symmetric encryption algorithm is used to achieve privacy-preserving. Finally, a credible experimental model on EOS and Aliyun cloud is built. Results show that BacCPSS is feasible and effective, and can achieve secure access in CPSS while protecting privacy.

/pdf/a-blockchain-based-access-control-framework-for-cyber-42mfphgbio.pdf

A Blockchain-Based Access Control Framework for Cyber-Physical-Social System Big Data

Since network storage services achieve widespread adoption, security and performance issues are becoming primary concerns, affecting the scalability of storage systems Countermeasures like data auditing mechanisms and deduplication techniques are widely studied However, the existing data auditing mechanism with deduplication cannot solve the problems such as high cost and reliance on trusted third parties in traditional approaches, and it also faces the problem of repeated auditing of data shared by multiple-tenant This article proposes a blockchain-based deduplicatable data auditing mechanism We first design a client-side data deduplication scheme based on bilinear-pair techniques to reduce the burden on users and service providers On this basis, we achieve a trustworthy and efficient data auditing mechanism that helps to check data integrity by using both the blockchain technique and bilinear pairing cryptosystem The blockchain system is used to record the behaviors of entities in both data outsourcing and auditing processes so that the corresponding immutable records can be used to not only ensure the credibility of audit results but also help to monitor unreliable third-party auditors Finally, theoretical analysis and experiments reveal the effectiveness and performance of our scheme

A Blockchain-Enabled Deduplicatable Data Auditing Mechanism for Network Storage Services

The emergence of 5 G technology contributes to create more open and efficient eco-systems for various vertical industries. Especially, it significantly improves the capabilities of the vertical industries focusing on content-sharing services like mobile telemedicine, etc. However, cyber threats such as information leakage or piracy are more likely to occur in an open 5 G networks. So tracking information leakage in 5 G environments has become a daunting task. The existing tracing and accountability schemes have nonnegligible limitations in practice due to the dependence on a Trusted Third Party (TTP) or being encumbered with the significant overhead. Fortunately, the blockchain helps to mitigate these problems. In this paper, we propose a blockchain-enabled accountability mechanism against information leakage in the content-sharing services of the vertical industry services. For any information converted to vector form, we use the blockchain technology to ensure that service providers and clients can securely and fairly generate and share watermarked content. Besides, the homomorphic encryption is introduced to avoid the disclosure of the watermarking content, which guarantees the subsequent TTP-free arbitration. Finally, we theoretically analyze the security of the scheme and verify its performance.

Blockchain-Enabled Accountability Mechanism Against Information Leakage in Vertical Industry Services

Owing to the rapid progress of network researching, attribute‐based access control (ABAC) has attracted more and more attention due to its appreciable expressiveness, flexibility, and scalability. Unfortunately, collecting user attributes is necessary to complete the standard ABAC decision process, which increases the risk of privacy disclosure. This problem increases public doubts about ABAC and hinders its popularization. In this paper, a privacy‐protected and efficient attribute‐based access control (EPABAC) scheme is proposed to prevent the privacy leakage of access subject in the decision‐making process of ABAC by introducing a novel hash‐based binary search tree. The analyses and experimental evaluations show that the EPABAC achieves user privacy protection in the decision‐making process with acceptable additional computing overhead.

An efficient privacy‐enhanced attribute‐based access control mechanism

Attribute-based access control (ABAC) is a maturing authorization technique with outstanding expressiveness and scalability, which shows its overwhelmingly competitive advantage, especially in complicated dynamic environments. Unfortunately, the absence of a flexible exceptional approval mechanism in ABAC impairs the resource usability and business time efficiency in current practice, which could limit its growth. In this paper, we propose a feasible fuzzy-extended ABAC (FBAC) technique to improve the flexibility in urgent exceptional authorizations and thereby improving the resource usability and business timeliness. We use the fuzzy assessment mechanism to evaluate the policy-matching degrees of the requests that do not comply with policies, so that the system can make special approval decisions accordingly to achieve unattended exceptional authorizations. We also designed an auxiliary credit mechanism accompanied by periodic credit adjustment auditing to regulate expediential authorizations for mitigating risks. Theoretical analyses and experimental evaluations show that the FBAC approach enhances resource immediacy and usability with controllable risk.

/pdf/a-feasible-fuzzy-extended-attribute-based-access-control-z6ogw4o5cn.pdf

A Feasible Fuzzy-Extended Attribute-Based Access Control Technique

The emerging attribute-based access control (ABAC) mechanism is an expressive, flexible, and manageable authorization technique that is particularly suitable for current distributed, inconstant and complex service-oriented scenarios. Unfortunately, the inevitable disclosure of attributes that carry sensitive information bring significant risks to users’ privacy, which obstructs the further development and popularization of the ABAC severely. In this paper, we propose an effective privacy-preserving ABAC (P-ABAC) scheme to defend against privacy leakage risks of users’ attributes. In the P-ABAC approach, the necessary sensitive attributes are securely handled on the service requester side by using the homomorphic encryption method for privacy protection. And meanwhile, the service provider is still able to make accurate access decisions according to the received attribute ciphertext and pre-set policies with the help of the homomorphic encryption-based secure multi-party computation techniques, while learning no privacy information. The theoretical analysis proves that our model contributes to making an efficient and effective ABAC model with the enhanced privacy-protection feature.

Quanrun Zeng

Papers

A Blockchain-Enabled Deduplicatable Data Auditing Mechanism for Network Storage Services

Blockchain-Enabled Accountability Mechanism Against Information Leakage in Vertical Industry Services

An efficient privacy‐enhanced attribute‐based access control mechanism

A Feasible Fuzzy-Extended Attribute-Based Access Control Technique

A Privacy-Preserving Attribute-Based Access Control Scheme