Now showing 1 - 9 of 9
  • Publication
    Proxy re-encryption enabled secure and anonymous IoT data sharing platform based on blockchain
    Data is central to the Internet of Things (IoT) ecosystem. With billions of devices connected, most of the current IoT systems are using centralized cloud-based data sharing systems, which will be difficult to scale up to meet the demands of future IoT systems. The involvement of such a third-party service provider requires also trust from both the sensor owner and sensor data user. Moreover, fees need to be paid for their services. To tackle both the scalability and trust issues and to automatize the payments, this paper presents a blockchain-based marketplace for sharing of the IoT data. We also use a proxy re-encryption scheme for transferring the data securely and anonymously, from data producer to the consumer. The system stores the IoT data in cloud storage after encryption. To share the collected IoT data, the system establishes runtime dynamic smart contracts between the sensor and data consumer without the involvement of a trusted third-party. It also uses a very efficient proxy re-encryption scheme which allows that the data is only visible by the owner and the person present in the smart contract. This novel combination of smart contracts with proxy re-encryption provides an efficient, fast and secure platform for storing, trading and managing sensor data. The proposed system is implemented using off-the-shelf IoT sensors and computer devices. We also analyze the performance of our hybrid system by using the permission-less Ethereum blockchain and compare it to the IBM Hyperledger Fabric, a permissioned blockchain.
    Scopus© Citations 68  357
  • Publication
    Novel 5G Authentication Protocol to Improve the Resistance Against Active Attacks and Malicious Serving Networks
    The security of mobile communication largely depends on the strength of the authentication key exchange protocol. The 3rd Generation Partnership Project (3GPP) Group has standardized the 5G AKA (Authentication and Key Agreement) protocol for the next generation of mobile communications. It has been recently shown that the current version of this protocol still contains several weaknesses regarding user localization, leakage of activity, active attackers, and in the presence of malicious serving networks, leading to potentially major security leaks. We propose a new version of the 5G AKA protocol to overcome all the currently identified weaknesses in the protocol. In the new protocol, we replace the sequence numbers with random numbers, making it possible to drastically reduce the number of required communication phases and steps in the protocol. The usage of random numbers for the 5G AKA protocol is possible since the current Universal Subscriber Identity Modules (USIMs) are now capable of performing randomized asymmetric encryption operations. Moreover, the proposed protocol provides two additional security features, i.e., post-compromise security and forward security, not present in the current 5G AKA protocol. Finally, we evaluate the performance, both computation and communication efficiency, of the proposed AKA protocol and show its improvements compared to the current 5G AKA protocol.
    Scopus© Citations 62  345
  • Publication
    Privacy Protected Blockchain Based Architecture and Implementation for Sharing of Students’ Credentials
    Sharing of students’ credentials is a necessary and integral process of an education ecosystem that comprises various stakeholders like students, schools, companies, professors and the governmental authorities. As of today, all these stakeholders have to put-in an enormous amount of efforts to ensure the authenticity and privacy of students’ credentials. Despite these efforts, the process of sharing students’ credentials is complex, error-prone and not completely secure. Our aim is to leverage blockchain technology to mitigate the existing security-related issues concerning the sharing of students’ credentials. Thus, the paper proposes a tamper-proof, immutable, authentic, non-repudiable, privacy protected and easy to share blockchain-based architecture for secured sharing of students’ credentials. To increase the scalability, the proposed system uses a secure off-chain storage mechanism. The performance and viability of the proposed architecture is analyzed by using an Ethereum based prototypical implementation. The test results imply that requests can be executed within few seconds (without block-time) and the system has stability to process up to 1000 simultaneous requests.
    Scopus© Citations 37  67
  • Publication
    Fog Computing and Blockchain based Security Service Architecture for 5G Industrial IoT enabled Cloud Manufacturing
    Recent evolution of the Industrial Internet of Things (IIoT) empowers the classical manufacturing model with cloud computing integration for Industry 4.0. Cloud integration advances the capabilities of manufacturing systems with cloud-based controlling and real-time process monitoring which is renowned as Cloud Manufacturing(CM). However, cloud integration exposes the entire manufacturing ecosystem to a new set of security risks and increment in end-to-end latency. Moving security services towards the edge eradicates message routing latency towards the cloud and eliminates the central point of failure while leveraging the entire system performance. We propose a blockchain and fog computing enabled security service architecture that operates on fog nodes at the edge of manufacturing equipment clusters. The proposed service facilitates CM equipment authentication and Equipment-Cloud channel privacy protection while preserving anonymity and unlinkability over the blockchain. We implemented the proposed architecture with Hyperledger Fabric and compared the performance advantage over the state of art solutions.
      22Scopus© Citations 32
  • Publication
    AGE: authentication in gadget-free healthcare environments
    Mobile and sensor related technologies are significantly revolutionizing the medical healthcare sectors. In current healthcare systems, gadgets are the prominent way of acquiring medical services. However, the recent technological advancements in smart and ambient environments are offering users new ways to access the healthcare services without using any explicit gadgets. One of the key challenges in such gadget-free environments is performing secure user authentication with the intelligent surroundings. For example, a secure, efficient and user-friendly authentication mechanism is essential for elderly/disabled people or patients in critical conditions requiring medical services. Hence, modern authentication systems should be sophisticated enough to identify such patients without requiring their physical efforts or placing gadgets on them. This paper proposes an anonymous and privacy-preserving biometrics based authentication scheme for such gadget-free healthcare environment. We performed formal security verification of our proposed scheme using CDVT/AD tool and our results indicate that the proposed scheme is secure for such smart and gadget-free environments. We verify that the proposed scheme can resist against various well-known security attacks. Moreover, the proposed system showed better performance as compared with existing biometrics base remote user authentication schemes.
  • Publication
    Blockchain based Proxy Re-Encryption Scheme for Secure IoT Data Sharing
    Data is central to the Internet of Things IoT ecosystem. Most of the current IoT systems are using centralized cloud-based data sharing systems. Involvement of such third-party service provider requires also trust from both sensor owner and sensor data user. Moreover, the fees need to be paid for their services. To tackle both the scalability and trust issues and to automatize the payments, this paper presents a blockchain based proxy re-encryption scheme. The system stores the IoT data in a distributed cloud after encryption. To share the collected IoT data, the system establishes runtime dynamic smart contracts between the sensor and the data user without the involvement of a trusted third party. It also uses an efficient proxy re-encryption scheme which allows that the data is only visible by the owner and the person present in the smart contract. The proposed system is implemented in an Ethereum based testbed to analyze the performance and security properties.
    Scopus© Citations 87  682
  • Publication
    Multi-Access Edge Computing and Blockchain-based Secure Telehealth System Connected with 5G and IoT
    There is a global hype in the development of digital healthcare infrastructure to cater the massive elderly population and infectious diseases. The digital facilitation is expected to ensure the patient privacy, scalability, and data integrity on the sensitive life critical healthcare data, while aligning to the global healthcare data protection standards. The patient data sharing to third parties such as research institutions and universities is also concerned as a significant contribution to the society to sharpen the research and investigations. The emergence of 5G communication technologies eradicates the borders between patients, hospital and other institutions with high end service standards. In patients' perspective, healthcare service delivery through the digital medium is beneficial in terms of time, costs, and risks. In this paper, we propose a novel Multi-access Edge Computing(MEC) and blockchain based service architecture utilizing the lightweight ECQV (Elliptic Curve Qu-Vanstone) certificates for the realtime data privacy, integrity, and authentication between IoT, MEC, and cloud. We further attached storage offloading capability to the blockchain to ensure scalability with a massive number of connected medical devices to the cloud. We introduced a rewarding scheme to the patients and hospitals through the blockchain to encourage data sharing. The access control is handled through the smart contracts. We evaluated the proposed system in a near realistic implementation using Hyperledger Fabric blockchain platform with Raspberry Pi devices to simulate the activity of the medical sensors.
    Scopus© Citations 24  575
  • Publication
    ESSMAR: Edge Supportive Secure Mobile Augmented Reality Architecture for Healthcare
    The recent advances in mobile devices and wireless communication sector transformed Mobile Augmented Reality (MAR) from science fiction to reality. Among the other MAR use cases, the incorporation of this MAR technology in the healthcare sector can elevate the quality of diagnosis and treatment for the patients. However, due to the highly sensitive nature of the data available in this process, it is also highly vulnerable to all types of security threats. In this paper, an edge-based secure architecture is presented for a MAR healthcare application. Based on the ESSMAR architecture, a secure key management scheme is proposed for both the registration and authentication phases. Then the security of the proposed scheme is validated using formal and informal verification methods.
    Scopus© Citations 2  308
  • Publication
    Anonymous Lightweight Proxy Based Key Agreement for IoT (ALPKA)
    The Internet of Things (IoT) technologies interconnect a broad range of network devices, differing in terms of size, weight, functionality, and resource capabilities. The main challenge is to establish the required security features in the most constrained devices, even if they are unknown to each other and do not share common pre-distributed key material. As a consequence, there is a high need for scalable and lightweight key establishment protocols. In this paper, we propose a key agreement protocol between two IoT devices without prior trust relation, using solely symmetric key based operations, by relying on a server or proxy based approach. This proxy is responsible for the verification of the authentication and the key agreement between the IoT devices, without being capable of deriving the established session key. We propose two versions. The first version does not require interactive input from the key distribution center to the proxy, but is not resistant if a compromised user and proxy are collaborating. The second version on the other hand is collision resistant, but needs an interactive key distribution center. In addition, we add the interesting features of anonymity and unlinkability of the sender and receiver in both protocol versions. The security properties of the proposed protocol are verified by using formal verification techniques.
    Scopus© Citations 14  486