A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

An Architecture Supporting Intelligent Mobile Healthcare Using Human-Computer Interaction HCI Principles

Recent advancements in the Internet of Things IoT and cloud computing have paved the way for mobile Healthcare (mHealthcare) services. A patient within the hospital is monitored by several devices. Moreover, upon leaving the hospital, the patient can be remotely monitored whether directly using body wearable sensors or using a smartphone equipped with sensors to monitor different user-health parameters. This raises potential challenges for intelligent monitoring of patient’s health. In this paper, an improved architecture for smart mHealthcare is proposed that is supported by HCI design principles. The HCI also provides the support for the User-Centric Design (UCD) for smart mHealthcare models. Furthermore, the HCI along with IoT`s (Internet of Things) 5-layered architecture has the potential of improving User Experience (UX) in mHealthcare design and help saving lives. The intelligent mHealthcare system is supported by the IoT sensing and communication layers and health care providers are supported by the application layer for the medical, behavioral, and health-related information. Health care providers and users are further supported by an intelligent layer performing critical situation assessment and performing a multi-modal communication using an intelligent assistant. The HCI design focuses on the ease-of-use, including user experience and safety, alarms, and error-resistant displays of the end-user, and improves user’s experience and user satisfaction.     

How to evaluate an Internet of Things system: Models,case studies,and real developments

The paper proposes the use of Node-RED, a flow-based programming tool targeted to Internet of Things (IoT), along with a series of case studies related to different IoT contexts, which demonstrate Node-RED's potentialities and outcomings toward the realization of well-structured IoT environments. The analyzed applications potentially include a wide range of domains, ranging from smart cities, smart buildings, smart homes/offices, smart retailing, to smart transportation, smart logistics, smart agriculture, smart health, military scenarios, and so on. The motivations behind the presented work are related to the fact that IoT application fields usually involve the same technologies and communication protocols, which are frequently adopted for totally different purposes. Issues such as systems' interoperabiliy, scalability, security and privacy naturally emerge, due to the huge amount of heterogeneous devices acting in the IoT environment itself and to the wireless nature of information transmissions. As a consequence, it is fundamental to dispose of adequate tools for supporting developers in design the network architecture and messages' exchange, in order to realize efficient and effective IoT network infrastructures.     

情景感知的物联网服务推荐方法研究

如何根据用户实时的情景高效地为其推荐最为合适的物联网服务,已经成为当前服务计算与物联网领域亟需解决的关键问题之一。针对这一问题,提出了一种基于情景感知的物联网服务推荐方法。首先基于改进的FolkRank算法生成当前用户可用的物联网服务列表;之后,依据用户当前关键的情景构建用户情景信息模型,根据用户的情景模型从服务列表中筛选出最能满足用户当前情景的物联网服务。实验结果表明,所提出的情景感知的物联网服务推荐方法是可行的与有效的。     

A design and implementation of a framework for games in IoT

Interconnection of the sensing and actuating devices providing the ability to share information across platform through a unified framework for enabling innovative applications. This is achieved by seamless ubiquitous sensing, data analytics and information representation as the unifying framework. Extending the current internet with interconnected objects and devices and their virtual representation has been a growing trend in recent years. Internet of Things (IoT) services are becoming a popular services. This will be supported challenges in a large of aspects such as smart health, green energy, smart home and personalized applications. So, the IoT plays more and more important issue in lifestyle through entertainment such as Games. As of yet, there has not been much research done on IoT environment games as a service. In this paper, we propose schemes of the design and implantation of IT convergence framework for games as a service of IoT. First of all, we discussed what to consider when design and implementation of IT convergence framework for games through contents using user’s mobile devices and various sensors in IoT environment and suggest related techniques. Then, we showed the possibility of games in the IoT environment by creating games and measuring the interactions of users in the IoT environment.     

A secure fog-based platform for SCADA-based IoT critical infrastructure

The rapid proliferation of Internet of things (IoT) devices, such as smart meters and water valves, into industrial critical infrastructures and control systems has put stringent performance and scalability requirements on modern Supervisory Control and Data Acquisition (SCADA) systems. While cloud computing has enabled modern SCADA systems to cope with the increasing amount of data generated by sensors, actuators, and control devices, there has been a growing interest recently to deploy edge data centers in fog architectures to secure low-latency and enhanced security for mission-critical data. However, fog security and privacy for SCADA-based IoT critical infrastructures remains an under-researched area. To address this challenge, this contribution proposes a novel security “toolbox” to reinforce the integrity, security, and privacy of SCADA-based IoT critical infrastructure at the fog layer. The toolbox incorporates a key feature: a cryptographic-based access approach to the cloud services using identity-based cryptography and signature schemes at the fog layer. We present the implementation details of a prototype for our proposed secure fog-based platform and provide performance evaluation results to demonstrate the appropriateness of the proposed platform in a real-world scenario. These results can pave the way toward the development of a more secure and trusted SCADA-based IoT critical infrastructure, which is essential to counter cyber threats against next-generation critical infrastructure and industrial control systems. The results from the experiments demonstrate a superior performance of the secure fog-based platform, which is around 2.8 seconds when adding five virtual machines (VMs), 3.2 seconds when adding 10 VMs, and 112 seconds when adding 1000 VMs, compared to the multilevel user access control platform.     

IoT智能设备安全威胁及防护技术综述

伴随着物联网的产生和发展,IoT智能设备越来越多地出现,其大规模普及的同时,也给用户个人资产安全与隐私保护带来了极大地冲击和挑战。本文围绕智能设备,基于智能设备终端、云服务端和用户控制终端三端系统架构,综述目前智能设备安全威胁的主要来源和技术攻击手段,并针对性地梳理已有防护技术和安全研究现状。然后,针对现有IoT智能设备安全防护体系缺失和安全设计不足的问题,本文讨论提出了全生命周期的IoT智能设备系统防护模型设计思路。     

Secured Cloud Communication Using Lightweight Hash Authentication with PUF

Internet-of-Things (IoT) is an awaited technology in real-world applications to process daily tasks using intelligent techniques. The main process of data in IoT involves communication, integration, and coordination with other real-world applications. The security of transferred, stored, and processed data in IoT is not ensured in many constraints. Internet-enabled smart devices are widely used among populations for all types of applications, thus increasing the popularity of IoT among widely used server technologies. Smart grid is used in this article with IoT to manage large data. A smart grid is a collection of numerous users in the network with the fastest response time. This article aims to provide high authentication to the smart grid, which constitutes secure communication in cloud-based IoT. Many IoT devices are deployed openly in all places. This open-access is vulnerable toward cloning attacks. Authentication is a significant process that provides strength while attacking. The security of the cloud and IoT must be computationally high. A lightweight authentication using hashing technique is proposed considering the aforementioned condition. The main factor of the authentication involves physically unclonable functions, which are utilized in improving the performance of the authentication. The proposed approach is evaluated with the existing techniques. Results show that the performance of the proposed algorithm provides high robust security.     

Automated discovery and integration of semantic urban data streams: The ACEIS middleware

With the growing popularity of Internet of Things (IoT) technologies and sensors deployment, more and more cities are leaning towards smart cities solutions that can leverage this rich source of streaming data to gather knowledge that can be used to solve domain-specific problems. A key challenge that needs to be faced in this respect is the ability to automatically discover and integrate heterogeneous sensor data streams on the fly for applications to use them. To provide a domain-independent platform and take full benefits from semantic technologies, in this paper we present an Automated Complex Event Implementation System (ACEIS), which serves as a middleware between sensor data streams and smart city applications. ACEIS not only automatically discovers and composes IoT streams in urban infrastructures for users’ requirements expressed as complex event requests, but also automatically generates stream queries in order to detect the requested complex events, bridging the gap between high-level application users and low-level information sources. We also demonstrate the use of ACEIS in a smart travel planner scenario using real-world sensor devices and datasets.     

基于智能合约的物联网访问控制系统

在物联网环境下,传统访问控制方法采用集中式的决策实体进行访问控制授权,容易出现单点故障和数据篡改等问题,造成用户隐私数据的丢失及设备被他人非法占用。利用区块链的去中心化、不可篡改及可编程的特性,将区块链技术和访问控制技术相结合,提出一种新的物联网访问控制系统,并为该系统设计一个依托于超级账本的访问控制策略模型FACP。每个物联网设备根据FACP设置访问控制策略,只有符合访问控制策略的用户才可使用该设备,同时系统将用户划分为资源拥有者和资源请求者,以便于更好地区分不同需求的用户。实验结果表明,该系统可为物联网设备提供细粒度与动态的访问控制,且具有较高的吞吐量与较低的延迟,能够保证物联网设备访问控制的安全性及可靠性。     

A survey on privacy issues and solutions for Voice-controlled Digital Assistants

With the development and increasing deployment of smart home devices, voice control supports comfortable end user interactions. However, potential end users may refuse to use Voice-controlled Digital Assistants (VCDAs) because of privacy concerns. To address these concerns, some manufacturers provide limited privacy-preserving mechanisms for end users; however, these mechanisms are seldom used. We herein provide an analysis of privacy threats resulting from the utilization of VCDAs. We further analyze how existing solutions address these threats considering the principles of the European General Data Protection Regulation (GDPR). Based on our analysis, we propose directions for future research and suggest countermeasures for better privacy protection.     

设备端基于深度学习的智能家居服务推荐框架

随着智能家居的普及,用户期望通过自然语言指令实现智能设备的控制,并希望获得个性化的智能家居服务。然而,现有的挑战包括智能设备的互操作性和对用户环境的全面理解。针对上述问题,提出一个支持设备端用户智能家居服务推荐个性化的框架。首先,构建智能家居的运行时知识图谱,用于反映特定智能家居中的上下文信息,并生成用例场景语句;其次,利用预先收集的通用场景下,用户的自然语言指令和对应的用例场景语句训练出通用推荐模型;最后,用户在设备端以自然语言管理智能家居设备和服务,并通过反馈微调通用模型的权重得到个人模型。在基本指令集、复述集、场景指令集三个数据集上的实验表明,用户的个人模型相比于词嵌入方法的准确率提升了6.5%~30%,与Sentence-BERT模型相比准确率提升了2.4%~25%,验证了设备端基于深度学习的智能家居服务框架具有较高的服务推荐准确率,能够有效地管理智能家居设备和服务。     

基于环境建模的物联网系统TAP规则生成方法

用户需求是物联网智能服务的根本驱动力，如IFTTT等很多物联网框架允许用户使用简单的触发-命令编程（TAP）规则进行编程，但它们描述的是设备调度程序，并不是用户服务需求.一些物联网系统提出采用面向目标的需求方法，支持服务目标的分解，但很难保证物联网不同服务间的一致性和服务部署的完整性.为了支持正确的“用户编程”并保证用户服务需求的一致性与完整性，本文提出了基于环境建模的TAP规则自动生成方法，在用户提供的服务需求基础上，根据环境模型自动推导出所需的系统行为，检测系统行为的一致性和完整性，并最终自动生成TAP规则，实现从用户服务需求到物联网设备调度的自动生成.本文构建了物联网应用场景的环境本体以建模环境，并定义了基于环境本体的服务需求的描述方法.另外，论文针对方法的准确性、效率、性能以及构建环境本体的时间开销在智能家居场景上进行了评估.结果表明，本文方法准确性、效率和性能超过可用阈值，且在需求达到一定数量后，构建环境本体花费的时间可忽略不计.     

An optimal cluster based security and resilience of smart home environments using hybrid soft computing techniques

Smart home is the main part of smart intelligent system here the remote users share the sensitive information through an insecure medium to access such smart devices, which becomes security issues. The recent user authentication protocols have used to solve those problems and provide secure communication. Consumer traffic increase the risk of illegal user as legal user and radio channels are extra vulnerable to listeners. For further security enhancement, we proposed an optimal cluster based remote user authentication (OCRUA) protocol for smart home environment using hybrid soft computing techniques. The first contribution of proposed protocol is to introduce squirrel induced butterfly optimization (SBO) algorithm for cluster formation, which groups the smart devices. Then, we compute the cluster head (CH) using the teacher learning based deep neural network (TL-DNN) based on multiple design constraints. The second contribution is to illustrate remote user authentication using optimal elliptic curve cryptography (OECC) which encrypts the sensitive information before forward to gateway. At long last, the concert of planned OCRUA protocol evaluates use different replication scenarios and shows the effectiveness over the existing state-of-art protocols.     

The Proactive and Preventive Privacy (3P) Framework for IoT Privacy by Design

The Problem

Internet of Things (IoT) is providing new services and insights by sensing contextual data but there are growing concerns of privacy risks from users that need immediate attention.

The Reason

The IoT devices and smart services can capture Personally Identifiable Information (PII) without user knowledge or consent. The IoT technology has not reached the desired level of maturity to standardize security and privacy requirements.

The Solution

IoT Privacy by Design is a user-centric approach for enabling privacy with security and safety as a ‘win-win’ positive outcome of IoT offerings, irrespective of business domain. The Proactive and Preventive Privacy (3P) Framework proposed in this paper should be adopted by the IoT stakeholders for building trust and confidence in end users about IoT devices and smart services.     

The yoking-proof-based authentication protocol for cloud-assisted wearable devices

Along with the development of IoT applications, wearable devices are becoming popular for monitoring user data to provide intelligent service support. The wearable devices confront severe security issues compared with traditional short-range communications. Due to the limitations of computation capabilities and communication resources, it brings more challenges to design security solutions for the resource-constrained wearable devices in IoT applications. In this work, a yoking-proof-based authentication protocol (YPAP) is proposed for cloud-assisted wearable devices. In the YPAP, a physical unclonable function and lightweight cryptographic operators are jointly applied to realize mutual authentication between a smart phone and two wearable devices, and yoking-proofs are established for the cloud server to perform simultaneous verification. Meanwhile, Rubin logic-based security formal analysis is performed to prove that the YPAP has theoretical design correctness. It indicates that the proposed YPAP is flexible for lightweight wearable devices in IoT applications.     

基于ARM和WIFI通信的智能开关控制器设计

针对新一代智能家居系统对于大量多功能、高精度自动化控制功能的需求,设计提出了一种基于ARM和WIFI通信的智能开关控制器。以WIFI无线通信技术为基础,用户通过使用Android智能手机或平板电脑等移动智能终端设备,借助设备上的客户端软件对被控设备如灯光照明系统等家居用电设备进行实时无线遥控。采用各种传感器模块对该控制器以及被控设备运行环境进行实时监测,用户可通过移动客户端软件查看了解相关情况。采用TFT液晶显示屏构建用户交互显示模块,对相关信息进行显示,方便用户的日常使用,增强用户的直观体验。通过实验测试,提出的基于ARM和WIFI通信的智能开关控制器达到了对被控设备的智能动态控制要求。该控制器具有结构简单、操作简便、响应迅速、控制功能多样化等优点,应用前景广泛。     

End-to-end security scheme for mobility enabled healthcare Internet of Things

We propose an end-to-end security scheme for mobility enabled healthcare Internet of Things (IoT). The proposed scheme consists of (i) a secure and efficient end-user authentication and authorization architecture based on the certificate based DTLS handshake, (ii) secure end-to-end communication based on session resumption, and (iii) robust mobility based on interconnected smart gateways. The smart gateways act as an intermediate processing layer (called fog layer) between IoT devices and sensors (device layer) and cloud services (cloud layer). In our scheme, the fog layer facilitates ubiquitous mobility without requiring any reconfiguration at the device layer. The scheme is demonstrated by simulation and a full hardware/software prototype. Based on our analysis, our scheme has the most extensive set of security features in comparison to related approaches found in literature. Energy-performance evaluation results show that compared to existing approaches, our scheme reduces the communication overhead by 26% and the communication latency between smart gateways and end users by 16%. In addition, our scheme is approximately 97% faster than certificate based and 10% faster than symmetric key based DTLS. Compared to our scheme, certificate based DTLS consumes about 2.2 times more RAM and 2.9 times more ROM resources. On the other hand, the RAM and ROM requirements of our scheme are almost as low as in symmetric key-based DTLS. Analysis of our implementation revealed that the handover latency caused by mobility is low and the handover process does not incur any processing or communication overhead on the sensors.     

Recommending items in pervasive scenarios: models and experimental analysis

In this paper, we propose and investigate the effectiveness of fully decentralized, collaborative filtering techniques. These are particularly interesting for use in pervasive systems of small devices with limited communication and computational capabilities. In particular, we assume that items are tagged with smart tags (such as passive RFIDs), storing aggregate information about the visiting patterns of users that interacted with them in the past. Users access and modify information stored in smart tags transparently, by smart reader devices that are already available on commercial mobile phones. Smart readers use private information about previous behavior of the user and aggregate information retrieved from smart tags to recommend new items that are more likely to meet user expectations. Note that we do not assume any transmission capabilities between smart tags: Information exchange among them is mediated by users’ collective and unpredictable navigation patterns. Our algorithms do not require any explicit interaction among users and can be easily and efficiently implemented. We analyze their theoretical behavior and assess their performance in practice, by simulation on both synthetic and real, publicly available data sets. We also compare the performance of our fully decentralized solutions with that of state-of-the-art centralized strategies.