We design a new blockchain-based access control protocol in IoT-enabled smart-grid system, called DBACP-IoTSG. Through the proposed DBACP-IoTSG, the data is securely brought to the service providers from their respective smart meters (SMs). The peer-to-peer (P2P) network is formed by the participating service providers, where the peer nodes are responsible for creating the blocks from the gathered data securely from their corresponding SMs and adding them into the blockchain after validation of the blocks using the voting-based consensus algorithm. In our work, the blockchain is considered as private because the data collected from the consumers of the SMs are private and confidential. By the formal security analysis under the random oracle model, nonmathematical security analysis and software-based formal security verification, DBACP-IoTSG is shown to be resistant against various attacks. We carry out the experimental results of various cryptographic primitives that are needed for comparative analysis using the widely used multiprecision integer and rational arithmetic cryptographic library (MIRACL). A detailed comparative study reveals that DBACP-IoTSG supports more functionality features and provides better security apart from its low communication and computation costs as compared to recently proposed relevant schemes. In addition, the blockchain implementation of DBACP-IoTSG has been performed to measure computational time needed for the varied number of blocks addition and also the varied number of transactions per block in the blockchain.
Internet of things (IoT) facilitates billions of devices to be enabled with network connectivity to collect and exchange real-time information for providing intelligent services. Thus, IoT allows connected devices to be controlled and accessed remotely in the presence of adequate network infrastructure. Unfortunately, traditional network technologies such as enterprise networks and classic timeout-based transport protocols are not capable of handling such requirements of IoT in an efficient, scalable, seamless, and cost-effective manner. Besides, the advent of software-defined networking (SDN) introduces features that allow the network operators and users to control and access the network devices remotely, while leveraging the global view of the network. In this respect, we provide a comprehensive survey of different SDN-based technologies, which are useful to fulfill the requirements of IoT, from different networking aspects – edge, access, core, and data center networking. In these areas, the utility of SDN-based technologies is discussed, while presenting different challenges and requirements of the same in the context of IoT applications. We present a synthesized overview of the current state of IoT development. We also highlight some of the future research directions and open research issues based on the limitations of the existing SDN-based technologies.
Internet of Things (IoT) related applications have emerged as an important field for both engineers and researchers, reflecting the magnitude and impact of data-related problems to be solved in contemporary business organizations especially in cloud computing. This paper first provides a functional framework that identifies the acquisition, management, processing and mining areas of IoT big data, and several associated technical modules are defined and described in terms of their key characteristics and capabilities. Then current research in IoT application is analyzed, moreover, the challenges and opportunities associated with IoT big data research are identified. We also report a study of critical IoT application publications and research topics based on related academic and industry publications. Finally, some open issues and some typical examples are given under the proposed IoT-related research framework
Machine learning, particularly the neural network, is extensively exploited in dizzying applications. In order to reduce the burden of computing for resource-constrained clients, a large number of historical private datasets are required to be outsourced to the semi-trusted or malicious cloud for model training and evaluation. To achieve privacy preservation, most of the existing work either exploited the technique of public key fully homomorphic encryption (FHE) resulting in considerable computational cost and ciphertext expansion, or secure multiparty computation (SMC) requiring multiple rounds of interactions between user and cloud. To address these issues, in this paper, a lightweight privacy-preserving model training and evaluation scheme LPTE for discretized neural networks is proposed. Firstly, we put forward an efficient single key fully homomorphic data encapsulation mechanism (SFH-DEM) without exploiting public key FHE. Based on SFH-DEM, a series of atomic calculations over the encrypted domain including multivariate polynomial, nonlinear activation function, gradient function and maximum operations are devised as building blocks. Furthermore, a lightweight privacy-preserving model training and evaluation scheme LPTE for discretized neural networks is proposed, which can also be extended to convolutional neural network. Finally, we give the formal security proofs for dataset privacy, model training privacy and model evaluation privacy under the semi-honest environment and implement the experiment on real dataset MNIST for recognizing handwritten numbers in discretized neural network to demonstrate the high efficiency and accuracy of our proposed LPTE.
As society has progressed through periods of evolutionand revolution, technology has played a key role as anenabler. In the same manner that mechanical machines of the1800’s drove the industrial revolution, now digitalized machinesare driving another industrial revolution. With the recognitionof a fourth industrial revolution the Industry 4.0 initiative wasfounded in Germany in 2011. One of the drivers of Industry4.0 is the Industrial Internet of Things. The Internet of Thingsis a natural step as computing ubiquity and interconnectednessbecome more widely present. Add to this intelligence, delegationand human orientation and the result is software intensiveengineering at almost all layers (excluding the physical andhuman layers). Software development is a competency in communications,information systems, computer science, softwareand computer systems engineering and electrical and electronicengineering. Software solutions are becoming more distributed,not only over processes, but over heterogeneous computing platformsand business domains. These platforms could be physicallyseparated over large distances, or highly mobile platforms withvarying security requirements. All these requirements introducecomplexity on a scale previously unseen in the software industry.
In the Industrial Internet of Things there is a clear need for a high level of interoperability between independently developedsystems, often from different vendors. Traditional methods of interoperability including protocol gateways and adapters, are often usedat the network layer. Recent work on application interoperability has emphasized the use of middleware or protocol proxy/gateway.However, middleware tends to move the interoperability problem rather than solving it, and there are scalability issues with increasingthe number of proxies; re-configuration effort, and required bandwidth and processing overheads.This paper proposes a secure, on-demand and transparent protocol translator for the Industrial Internet of Things. Targeting thechallenge of interoperability between IP-based communication protocols, the paper analyses current solutions and develops a set ofrequirements to be met by IoT protocol interoperability. The proposed protocol translator is not a middleware, it is a SOA-basedparticipant, it is used on-demand when needed, it does not introduce design time dependencies, it operates transparently, it supportslow-latency, and it is secured through the use of Arrowhead authorization and authentication.
In the emerging Industrial IoT era, Machine-to-Machine (M2M) communication technology is considered as a key underlying technology for building Industrial IoT environments where devices (e.g., sensors, actuators, gateways) are enabled to exchange information with each other in an autonomous way without human intervention. However, most of the existing M2M protocols that can be also used in the Industrial IoT domain provide security mechanisms based on asymmetric cryptography resulting in high computational cost. As a consequence, the resource-constrained IoT devices are not able to support them appropriately and thus, many security issues arise for the Industrial IoT environment. Therefore, lightweight security mechanisms are required for M2M communications in Industrial IoT in order to reach its full potential. As a step towards this direction, in this paper, we propose a lightweight authentication mechanism, based only on hash and XOR operations, for M2M communications in Industrial IoT environment. The proposed mechanism is characterized by low computational cost, communication and storage overhead, while achieving mutual authentication, session key agreement, device’s identity confidentiality, and resistance against the following attacks: replay attack, man-in-the-middle attack, impersonation attack, and modification attack.
Due to the widespread popularity of Internet-enabled devices, Industrial Internet of Things (IIoT) becomes popular in recent years. However, as the smart devices share the information with each other using an open channel, i.e., Internet, so security and privacy of the shared information remains a paramount concern. There exist some solutions in the literature for preserving security and privacy in IIoT environment. However, due to their heavy computation and communication overheads, these solutions may not be applicable to wide category of applications in IIoT environment. Hence, in this paper, we propose a new Biometric-based Privacy Preserving User Authentication (BP2UA) scheme for cloud-based IIoT deployment. BP2UA consists of strong authentication between users and smart devices using pre-established key agreement between smart devices and the gateway node. The formal security analysis of BP2UA using the well-known ROR model is provided to prove its session key security. Moreover, an informal security analysis of BP2UA is also given to show its robustness against various types of known attacks. The computation and communication costs of BP2UA in comparison to the other existing schemes of its category demonstrate its effectiveness in the IIoT environment. Finally, the practical demonstration of BP2UA is also done using the NS2 simulation.
The Industrial Internet of Things (IIoT) is considered to be one of the most promising revolutionary technologies to increase productivity. With the refined development of manufacturing, the entire manufacturing process is split up into several areas of IoT production. Devices from different domains cooperate to perform the same task, which cause security problems in interacted communication among them. Existing authentication methods cause heavy key management overhead or rely on a trusted third party. It is imperative to protect privacy and ensure the credibility of the device during device interaction. This paper proposes a federated hierarchical trust interaction scheme (FHTI) for the cross-domain industrial IoT. It builds a low-privacy network platform through blockchain and protects the data privacy of the IIoT. A hierarchical trust mechanism based on federated detection is designed to realize the unified trust evaluation of cross-domain devices. A trusted cross-domain method based on device trust value is designed to ensure the security and trustworthiness of cross-domain devices. The simulation results show that the FHTI scheme can improve the speed of identity authentication and the detection accuracy of malicious devices.
A device-to-device (D2D) assisted cellular network is pervasive to support ubiquitous healthcare applications, since it is expected to bring the significant benefits of improving user throughput, extending the battery life of mobiles, etc. However, D2D and cellular communications in the same network may cause cross-tier interference (CTI) to each other. Also a critical issue of using D2D assisted cellular networks under a healthcare scenario is the electromagnetic interference (EMI) caused by RF transmission, and a high level of EMI may lead to a critical malfunction of medical equipments. In consideration of CTI and EMI, we study the problem of optimizing individual channel rates of the mobile users in different priorities (different levels of emergency) within the Internet of vehicles for mobile health, and propose an algorithm of controlling the transmit power to solve the above-mentioned problem under a gametheoretical framework. Numerical results show that the proposed algorithm can converge linearly to the optimum, while ensuring an allowable level of EMI on medical equipments.
Today's research on Quality of Experience (QoE) mainly addresses multimedia services. With the introduction of the Internet of Things (IoT), there is a need for new ways of evaluating the QoE. Emerging IoT services, such as autonomous vehicles (AVs), are more complex and involve additional quality requirements, such as those related to machine-to-machine communication that enables self-driving. In fully autonomous cases, it is the intelligent machines operating the vehicles. Thus, it is not clear how intelligent machines will impact end-user QoE, but also how end users can alter and affect a self-driving vehicle. This article argues for a paradigm shift in the QoE area to cover the relationship between humans and intelligent machines. We introduce the term Quality of IoT-experience (QoIoT) within the context of AV, where the quality evaluation, besides end users, considers quantifying the perspectives of intelligent machines with objective metrics. Hence, we propose a novel architecture that considers Quality of Data (QoD), Quality of Network (QoN), and Quality of Context (QoC) to determine the overall QoIoT in the context of AVs. Finally, we present a case study to illustrate the use of QoIoT.
The Internet of Things (IoT) enables interaction from real-world physical objects using sensors to the virtual world of computers and the Internet. The use of service-oriented architecture (SOA) is one step in the creation of basic and complex interactions between several sensors and actuators. However, the use of SOA-enabled technologies alone does not meet all requirements of how sensor and actuator systems could be integrated to create distributed monitoring and control applications. The centralized, traditional method of communication in wireless sensor networks via a gateway presents drawbacks that have to be addressed; device-to-cloud communication adds higher latency and higher power consumption and is less robust than the device-to-device (D2D) communication approach. Moreover, all these characteristics reduce the scalability of the network, thus limiting the use of IoT in the industry. In this article, the proposed method utilizes the arrowhead framework orchestration system to generate service composition within a (wireless) network formed by IoT devices. The aim is to achieve efficient D2D service invocation to reduce the drawbacks of today's widely used device-to-cloud approach. The method in this article performs efficient service composition for industrial IoT, including mapping SOA service composition in very small resource-constrained devices using the arrowhead orchestration. The results presented in this article at the service level can increase performance and robustness in fog computing on resource-constrained devices.
Sleep is an essential activity that affects an individual’s health and ability to perform Activities of Daily Living (ADL). Inadequate sleep reduces cognitive capacity and leads to health-related issues such as cardiovascular diseases. Sleep disorders are more prevalent in older adults. Therefore, it is essential to recognize sleep patterns and support older adults and their caregivers. In our study, we collect data in real-world unconstrained and non-intrusive environments. This paper presents a novel sleep activity recognition method using motion sensors for recognizing nighttime and daytime sleep, which can further enable the development of insightful healthcare applications. The research objectives are to evaluate the application of using Multi-Armed Bandit methods to (i) learn normal sleep patterns, (ii) evaluate sleep quality, and (iii) detect anomalies in sleep activity for 11 elderly participants living in single-resident smart homes. We evaluate the performance of Thompson Sampling, Random Selection, and Upper Confidence Bound MAB methods. Thompson Sampling outperformed the other two methods. Our findings show most elderly participants slept between 6 and 8 hours with 85% sleep efficiency and up to 3 awakenings per night.
Secure access of the real-time data from the IoT smart devices (e.g., vehicles) by a legitimate external party (user) is an important security service for Big Data collection in Internet of Things (IoT)-based Intelligent Transportation System (ITS). To deal with this important issue, we design a new three-factor user authentication scheme, called UAP-BCIoT, which relies on Elliptic Curve Cryptography (ECC). The mutual authentication between the user and an IoT device happens via the semi-trusted Cloud-Gateway (CG) node in UAP-BCIoT. UAP-BCIoT supports several functionality features needed for IoT-based ITS environment including IoT smart device credential validation and Big Data analytics. A detailed security analysis is conducted based on the defined threat model to show that UAP-BCIoT is resilient against many known attacks. A thorough comparative study reveals that UAP-BCIoT supports better security, offers various functionality attributes, and also provides similar costs in communication as well computation as compared to other relevant schemes Finally, the practical demonstration of the proposed UAP-BCIoT is also provided to measure its impact on the network performance parameters.
Recently, network function virtualization (NFV) has been proposed to solve the dilemma faced by traditional networks and to improve network performance through hardware and software decoupling. The deployment of the service function chain (SFC) is a key technology that affects the performance of virtual network function (VNF). The key issue in the deployment of SFCs is proposing effective algorithms to achieve efficient use of resources. In this paper, we propose a service function chain deployment optimization (SFCDO) algorithm based on a breadth-first search (BFS). The algorithm first uses a BFS based algorithm to find the shortest path between the source node and the destination node. Then, based on the shortest path, the path with the fewest hops is preferentially chosen to implement the SFC deployment. Finally, we compare the performances with the greedy and simulated annealing (G-SA) algorithm. The experiment results show that the proposed algorithm is optimized in terms of end-to-end delay and bandwidth resource consumption. In addition, we also consider the load rate of the nodes to achieve network load balancing.
The efficient deployment of virtual network functions (VNFs) for network service provisioning is key for achieving network function virtualization (NFV); however, most existing studies address only offline or one-off deployments of service function chains (SFCs) while neglecting the dynamic (i.e., online) deployment and expansion requirements. In particular, many methods of energy/resource cost reduction are achieved by merging VNFs. However, the energy waste and device wear for large-scale collections of servers (e.g., cloud networks and data centers) caused by sporadic request updating are ignored. To solve these problems, we propose an energy-aware routing and adaptive delayed shutdown (EAR-ADS) algorithm for dynamic SFC deployment, which includes the following features. 1) Energy-aware routing (EAR): By considering a practical deployment environment, a flexible solution is developed based on reusing open servers and selecting paths with the aims of balancing energy and resources and minimizing the total cost. 2) Adaptive delayed shutdown (ADS): The delayed shutdown time of the servers can be flexibly adjusted in accordance with the usage of each device in each time slot, thus eliminating the no-load wait time of the servers and frequent on/off switching. Therefore, EAR-ADS can achieve dual energy savings by both decreasing the number of open servers and reducing the idle/switching energy consumption of these servers. Simulation results show that EAR-ADS not only minimizes the cost of energy and resources but also achieves an excellent success rate and stability. Moreover, EAR-ADS is efficient compared with an improved Markov algorithm (SAMA), reducing the average deployment time by more than a factor of 40.
Many Cyber-Physical Systems are today semiautonomous and powerful enough to perform advanced tasks on their own. This means they can also act as representatives of people or devices that have given them an order. However, traditional access control policies and delegation models do not meet industrial requirements such as support for letting autonomous CPS devices act on their own with certified credentials under the sub authorization by subcontractors, without the need for a separate account per device. In this paper, we analyze and compare power of attorney, proxy signature by warrant, and OAuth to identify the strengths and challenges of each. Based on the comparison, we propose an OAuth grant type based on the power of attorney and inspired by the concept of proxy signature by warrant. Power of Attorney is a generic and self-contained document that a principal signs and directs to an agent, thereby providing it the power to execute actions on behalf of the principal for a predefined time, even if it is offline. One key advantage of the power of attorney is that it can support effective sub-granting on several levels to support industrial scenarios where resource owners bring in authorized contractors that can in their turn authorize and bring in several devices without incurring management overhead to the resource owner. A proof-of-concept and performance evaluation of the proposed model is presented using an industrial use-case scenario with multi-level authorization.
A counterfeit drug is a medication or pharmaceutical product which is manufactured and made available on the market to deceptively represent its origin, authenticity and effectiveness, etc., and causes serious threats to the health of a patient. Counterfeited medicines have an adverse effect on the public health and cause revenue loss to the legitimate manufacturing organizations. In this paper, we propose a new authentication scheme for medicine anti-counterfeiting system in the Internet of Things environment which is used for checking the authenticity of pharmaceutical products (dosage forms). The proposed scheme utilizes the near field communication (NFC) and is suitable for mobile environment, which also provides efficient NFC update phase. The security analysis using the widely accepted real-or-random model proves that the proposed scheme provides the session key security. The proposed scheme also protects other known attacks which are analyzed informally. Furthermore, the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool shows that the proposed scheme is secure. The scheme is efficient with respect to computation and communication costs, and also it provides additional functionality features when compared to other existing schemes. Finally, for demonstration of the practicality of the scheme, we evaluate it using the broadly accepted NS2 simulation
The Internet of Drones (IoD) provides a coordinated access to Unmanned Aerial Vehicles (UAVs) that are referred as drones. The on-going miniaturization of sensors, actuators, and processors with ubiquitous wireless connectivity makes drones to be used in a wide range of applications ranging from military to civilian. Since most of the applications involved in the IoD are real-time based, the users are generally interested in accessing real-time information from drones belonging to a particular fly zone. This happens if we allow users to directly access real-time data from flying drones inside IoD environment and not from the server. This is a serious security breach which may deteriorate performance of any implemented solution in this IoD environment. To address this important issue in IoD, we propose a novel lightweight user authentication scheme in which a user in the IoD environment needs to access data directly from a drone provided that the user is authorized to access the data from that drone. The formal security verification using the broadly-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool along with informal security analysis show that our scheme is secure against several known attacks. The performance comparison demonstrates that our scheme is efficient with respect to various parameters, and it provides better security as compared to those for the related existing schemes. Finally, the practical demonstration of our scheme is done using the widely-accepted NS2 simulation.
The Industrial Internet of Things (IIoT) accommodates a huge number of heterogeneous devices to bring vast services under a distributed computing scenarios. Most productive services in IIoT are closely related to production control and require distributed network support with low delay. However, the resource reservation based on gross traffic prediction ignores the importance of productive services and treats them as ordinary services, so it is difficult to provide stable low delay support for large amounts of productive service requests. For many productions, unexpected communication delays are unacceptable, and the delay may lead to serious production accidents causing great losses, especially when the productive service is security related. In this article, we propose a brain-like productive service provisioning scheme with federated learning (BrainIoT) for IIoT. The BrainIoT scheme is composed of three algorithms, including industrial knowledge graph-based relation mining, federated learning-based service prediction, and globally optimized resource reservation. BrainIoT combines production information into network optimization, and utilizes the interfactory and intrafactory relations to enhance the accuracy of service prediction. The globally optimized resource reservation algorithm suitably reserves resources for predicted services considering various resources. The numerical results show that the BrainIoT scheme utilizes interfactory relation and intrafactory relation to make an accurate service prediction, which achieves 96% accuracy, and improves the quality of service.