Now showing 1 - 10 of 13
  • Publication
    AGE: authentication in gadget-free healthcare environments
    Mobile and sensor related technologies are significantly revolutionizing the medical healthcare sectors. In current healthcare systems, gadgets are the prominent way of acquiring medical services. However, the recent technological advancements in smart and ambient environments are offering users new ways to access the healthcare services without using any explicit gadgets. One of the key challenges in such gadget-free environments is performing secure user authentication with the intelligent surroundings. For example, a secure, efficient and user-friendly authentication mechanism is essential for elderly/disabled people or patients in critical conditions requiring medical services. Hence, modern authentication systems should be sophisticated enough to identify such patients without requiring their physical efforts or placing gadgets on them. This paper proposes an anonymous and privacy-preserving biometrics based authentication scheme for such gadget-free healthcare environment. We performed formal security verification of our proposed scheme using CDVT/AD tool and our results indicate that the proposed scheme is secure for such smart and gadget-free environments. We verify that the proposed scheme can resist against various well-known security attacks. Moreover, the proposed system showed better performance as compared with existing biometrics base remote user authentication schemes.
  • Publication
    Highly efficient key agreement for remote patient monitoring in MEC-enabled 5G networks
    (Springer, 2021-06-09) ;
    Remote patient monitoring is one of the cornerstones to enable Ambient Assisted Living. Here, a set of devices provide their corresponding input, which should be carefully aggregated and analysed to derive health-related conclusions. In the new Fifth-Generation (5G) networks, Internet of Things (IoT) devices communicate directly to the mobile network without any need of proxy devices. Moreover, 5G networks consist of Multi-access Edge Computing (MEC) nodes, which are taking the role of a mini-cloud, able to provide sufficient computation and storage capacity at the edge of the network. MEC IoT integration in 5G offers a lot of benefits such as high availability, high scalability, low backhaul bandwidth costs, low latency, local awareness and additional security and privacy. In this paper, we first detail the procedure on how to establish such remote monitoring in 5G networks. Next, we focus on the key agreement between IoT, MEC and registration center in order to guarantee mutual authentication, anonymity, and unlinkability properties. Taking into account the high heterogeneity of IoT devices that can contribute to an accurate image of the health status of a patient, it is of utmost importance to design a very lightweight scheme that allows even the smallest devices to participate. The proposed protocol is symmetric key based and thus highly efficient. Moreover, it is shown that the required security features are established and protection against the most of the well-known attacks is guaranteed.
      43Scopus© Citations 11
  • Publication
    ESSMAR: Edge Supportive Secure Mobile Augmented Reality Architecture for Healthcare
    The recent advances in mobile devices and wireless communication sector transformed Mobile Augmented Reality (MAR) from science fiction to reality. Among the other MAR use cases, the incorporation of this MAR technology in the healthcare sector can elevate the quality of diagnosis and treatment for the patients. However, due to the highly sensitive nature of the data available in this process, it is also highly vulnerable to all types of security threats. In this paper, an edge-based secure architecture is presented for a MAR healthcare application. Based on the ESSMAR architecture, a secure key management scheme is proposed for both the registration and authentication phases. Then the security of the proposed scheme is validated using formal and informal verification methods.
      360Scopus© Citations 2
  • Publication
    Blockchain based Proxy Re-Encryption Scheme for Secure IoT Data Sharing
    Data is central to the Internet of Things IoT ecosystem. Most of the current IoT systems are using centralized cloud-based data sharing systems. Involvement of such third-party service provider requires also trust from both sensor owner and sensor data user. Moreover, the fees need to be paid for their services. To tackle both the scalability and trust issues and to automatize the payments, this paper presents a blockchain based proxy re-encryption scheme. The system stores the IoT data in a distributed cloud after encryption. To share the collected IoT data, the system establishes runtime dynamic smart contracts between the sensor and the data user without the involvement of a trusted third party. It also uses an efficient proxy re-encryption scheme which allows that the data is only visible by the owner and the person present in the smart contract. The proposed system is implemented in an Ethereum based testbed to analyze the performance and security properties.
      758Scopus© Citations 92
  • Publication
    Fog Computing and Blockchain based Security Service Architecture for 5G Industrial IoT enabled Cloud Manufacturing
    Recent evolution of the Industrial Internet of Things (IIoT) empowers the classical manufacturing model with cloud computing integration for Industry 4.0. Cloud integration advances the capabilities of manufacturing systems with cloud-based controlling and real-time process monitoring which is renowned as Cloud Manufacturing(CM). However, cloud integration exposes the entire manufacturing ecosystem to a new set of security risks and increment in end-to-end latency. Moving security services towards the edge eradicates message routing latency towards the cloud and eliminates the central point of failure while leveraging the entire system performance. We propose a blockchain and fog computing enabled security service architecture that operates on fog nodes at the edge of manufacturing equipment clusters. The proposed service facilitates CM equipment authentication and Equipment-Cloud channel privacy protection while preserving anonymity and unlinkability over the blockchain. We implemented the proposed architecture with Hyperledger Fabric and compared the performance advantage over the state of art solutions.
      71Scopus© Citations 49
  • Publication
    Blockchain-based Automated Certificate Revocation for 5G IoT
    Internet of Things (IoT) is a key topic of interest in modern communication context with the evolution of 5G and beyond ecosystems. 5G will interconnects billions of IoT devices wirelessly. The wireless communication exposes the devices to massive security risks in different dimensions. The Public Key Infrastructure (PKI) is one of the promising solutions to eliminate security risks. It ensures the authentication and communication integrity by using public key certificates. However, the overhead of certificate storage is a significant problem for the resource constrained IoT devices. We propose an application of Elliptic Curve Qu Vanstone (ECQV) certificates, which are lightweight in size for the resource restricted IoT devices. Furthermore, we incorporate the blockchain based smart contracts to handle the certificate related operations. We utilize the smart contracts in the certificate issuance and developed a smart contract based threat scoring mechanism to automatically revoke the certificates. The lightweight nature of ECQV certificates enables the distributed ledger to store, update, and revoke the certificates. We evaluated the proposed solution in Hyperledger Fabric blockchain platform.
    Scopus© Citations 28  443
  • Publication
    Blockchain and Cyberphysical Systems
    The articles in this special section elaborates on the opportunities, challenges, and solutions to be offered by combining blockchain and cyberphysical systems for different application domains.
  • Publication
    Proxy re-encryption enabled secure and anonymous IoT data sharing platform based on blockchain
    Data is central to the Internet of Things (IoT) ecosystem. With billions of devices connected, most of the current IoT systems are using centralized cloud-based data sharing systems, which will be difficult to scale up to meet the demands of future IoT systems. The involvement of such a third-party service provider requires also trust from both the sensor owner and sensor data user. Moreover, fees need to be paid for their services. To tackle both the scalability and trust issues and to automatize the payments, this paper presents a blockchain-based marketplace for sharing of the IoT data. We also use a proxy re-encryption scheme for transferring the data securely and anonymously, from data producer to the consumer. The system stores the IoT data in cloud storage after encryption. To share the collected IoT data, the system establishes runtime dynamic smart contracts between the sensor and data consumer without the involvement of a trusted third-party. It also uses a very efficient proxy re-encryption scheme which allows that the data is only visible by the owner and the person present in the smart contract. This novel combination of smart contracts with proxy re-encryption provides an efficient, fast and secure platform for storing, trading and managing sensor data. The proposed system is implemented using off-the-shelf IoT sensors and computer devices. We also analyze the performance of our hybrid system by using the permission-less Ethereum blockchain and compare it to the IBM Hyperledger Fabric, a permissioned blockchain.
      393Scopus© Citations 77
  • Publication
    Novel 5G Authentication Protocol to Improve the Resistance Against Active Attacks and Malicious Serving Networks
    The security of mobile communication largely depends on the strength of the authentication key exchange protocol. The 3rd Generation Partnership Project (3GPP) Group has standardized the 5G AKA (Authentication and Key Agreement) protocol for the next generation of mobile communications. It has been recently shown that the current version of this protocol still contains several weaknesses regarding user localization, leakage of activity, active attackers, and in the presence of malicious serving networks, leading to potentially major security leaks. We propose a new version of the 5G AKA protocol to overcome all the currently identified weaknesses in the protocol. In the new protocol, we replace the sequence numbers with random numbers, making it possible to drastically reduce the number of required communication phases and steps in the protocol. The usage of random numbers for the 5G AKA protocol is possible since the current Universal Subscriber Identity Modules (USIMs) are now capable of performing randomized asymmetric encryption operations. Moreover, the proposed protocol provides two additional security features, i.e., post-compromise security and forward security, not present in the current 5G AKA protocol. Finally, we evaluate the performance, both computation and communication efficiency, of the proposed AKA protocol and show its improvements compared to the current 5G AKA protocol.
      396Scopus© Citations 63
  • Publication
    Privacy Protected Blockchain Based Architecture and Implementation for Sharing of Students’ Credentials
    Sharing of students’ credentials is a necessary and integral process of an education ecosystem that comprises various stakeholders like students, schools, companies, professors and the governmental authorities. As of today, all these stakeholders have to put-in an enormous amount of efforts to ensure the authenticity and privacy of students’ credentials. Despite these efforts, the process of sharing students’ credentials is complex, error-prone and not completely secure. Our aim is to leverage blockchain technology to mitigate the existing security-related issues concerning the sharing of students’ credentials. Thus, the paper proposes a tamper-proof, immutable, authentic, non-repudiable, privacy protected and easy to share blockchain-based architecture for secured sharing of students’ credentials. To increase the scalability, the proposed system uses a secure off-chain storage mechanism. The performance and viability of the proposed architecture is analyzed by using an Ethereum based prototypical implementation. The test results imply that requests can be executed within few seconds (without block-time) and the system has stability to process up to 1000 simultaneous requests.
    Scopus© Citations 46  81