PrivStream: A privacy-preserving inference framework on IoT streaming data at the edge

Edge computing combining with artificial intelligence (AI) has enabled the timely processing and analysis of streaming data produced by IoT intelligent applications. However, it causes privacy risk due to the data exchanges between local devices and untrusted edge servers. The powerful analytical capability of AI further exacerbates the risks because it can even infer private information from insensitive data. In this paper, we propose a privacy-preserving IoT streaming data analytical framework based on edge computing, called PrivStream, to prevent the untrusted edge server from making sensitive inferences from the IoT streaming data. It utilizes a well-designed deep learning model to filter the sensitive information and combines with differential privacy to protect against the untrusted edge server. The noise is also injected into the framework in the training phase to increase the robustness of PrivStream to differential privacy noise. Taking into account the dynamic and real-time characteristics of streaming data, we realize PrivStream with two types of models to process data segment with fixed length and variable length, respectively, and implement it on a distributed streaming platform to achieve real-time streaming data transmission. We theoretically prove that Privstream satisfies $\epsilon$-differential privacy and experimentally demonstrate that PrivStream has better performance than the state-of-the-art and has acceptable computation and storage overheads.     

Secure and privacy-preserving crowdsensing using smart contracts: Issues and solutions

The advent of Blockchain and smart contracts is empowering many technologies and systems to automate commerce and facilitate the exchange, tracking and the provision of goods, data and services in a reliable and auditable way. Crowdsensing systems is one type of systems that have been receiving a lot of attention in the past few years. In crowdsensing systems consumer devices such as mobile phones and Internet of Things devices are used to deploy wide-scale sensor networks. We identify some of the major security and privacy issues associated with the development of crowdsensing systems based on smart contracts and Blockchain. We also explore possible solutions that can address major security concerns with these systems.     

A survey on privacy issues and solutions for Voice-controlled Digital Assistants

With the development and increasing deployment of smart home devices, voice control supports comfortable end user interactions. However, potential end users may refuse to use Voice-controlled Digital Assistants (VCDAs) because of privacy concerns. To address these concerns, some manufacturers provide limited privacy-preserving mechanisms for end users; however, these mechanisms are seldom used. We herein provide an analysis of privacy threats resulting from the utilization of VCDAs. We further analyze how existing solutions address these threats considering the principles of the European General Data Protection Regulation (GDPR). Based on our analysis, we propose directions for future research and suggest countermeasures for better privacy protection.     

面向物联网的大数据预警信息高速处理规则引擎

传统的信息资料主要以文本形式存在,目录结构复杂,报文种类和文件数量繁多,资料的查询和使用过程繁琐,已不适应物联网环境下信息监测预警、业务资料的统计分析以及灾害评估等工作的需要.论文以物联网应用为基础,提出了大数据预警信息高速处理规则引擎(REoHIWI),实现了对预警信息的业务逻辑和业务数据分离,将通常作为变更主体的业务逻辑从混乱的代码当中提取出来,作为一个独立维护的部分.同时,文章分析了规则引擎的外部工作流程和内部工作机制,并从结构的角度对规则引擎逻辑与数据分离的工作原理和实现方法进行了描述.     

基于物联网感知层的节点连通算法

随着物联网（IoT）中设备的种类和数目增多,产生的数据量激增,海量数据不但加重网络负载,同时影响物联网的传输和处理速度。而一些处理上比较简单的实时数据,在感知层设备获取之后直接进行数据融合,不但能够节省大量带宽,还能降低处理所需时间,提高实时性。基于这种思想,提出感知层节点连通算法,使感知层设备协同进行数据处理工作。实验证明：感知层节点连通算法能够实现节点之间的连通,实现在感知层设备之间交换信息,协同工作,降低网络负载,提高实时性的目的。     

面向医疗行业物联网：概念、架构及关键技术研究

从物联网在医疗行业中的应用现状着手,分析了现有的面向医疗行业物联网的概念,并从狭义和广义角度对其进行剖析。借鉴物联网的现有体系架构,针对面向医疗行业物联网的特点,分析了医疗物联网体系架构设计时应考虑的领域业务范畴和体系架构模型标准,并对面向医疗行业物联网的关键技术进行归纳,分析其在医疗领域应用的场合,最后指出未来智慧医疗的发展方向。     

基于文件分时索引的大规模流量实时IoT终端识别算法

随着5G时代的来临,诸如工业区,校园网等开放性园区网络中存在大量的物联网(Internet of Things,IoT)终端,IoT终端由于其数据流量巨大,伪造IoT终端进行网络攻击的问题日益严重.现有IoT终端识别技术在面对海量数据时计算资源的成本逐渐提高.针对以上问题,提出了基于文件分时索引的大规模流量实时IoT终...     

基于BIM与IoT数据的交互方法

为解决传统设备管理中物联网(IoT)动态数据的优化存储和高效调用,对物联网动态数据的存储和调用做深入研究,提出一个基于IoT数据的数据存储框架,有效存储大量物联网数据,集成结构化和非结构化数据。进一步结合BIM数字化技术开发一个面向建筑设备管理云平台,对如何使BIM数据和设备动态数据进行业务交互做详细的交互设计。以某净水厂泵房设备管理为案例,充分验证该研究方法的实用性和价值所在,优化传统设备管理方式的同时,提高了管理界面的友好交互性,使管理变得更加高效便捷。     

A secure fog-based platform for SCADA-based IoT critical infrastructure

The rapid proliferation of Internet of things (IoT) devices, such as smart meters and water valves, into industrial critical infrastructures and control systems has put stringent performance and scalability requirements on modern Supervisory Control and Data Acquisition (SCADA) systems. While cloud computing has enabled modern SCADA systems to cope with the increasing amount of data generated by sensors, actuators, and control devices, there has been a growing interest recently to deploy edge data centers in fog architectures to secure low-latency and enhanced security for mission-critical data. However, fog security and privacy for SCADA-based IoT critical infrastructures remains an under-researched area. To address this challenge, this contribution proposes a novel security “toolbox” to reinforce the integrity, security, and privacy of SCADA-based IoT critical infrastructure at the fog layer. The toolbox incorporates a key feature: a cryptographic-based access approach to the cloud services using identity-based cryptography and signature schemes at the fog layer. We present the implementation details of a prototype for our proposed secure fog-based platform and provide performance evaluation results to demonstrate the appropriateness of the proposed platform in a real-world scenario. These results can pave the way toward the development of a more secure and trusted SCADA-based IoT critical infrastructure, which is essential to counter cyber threats against next-generation critical infrastructure and industrial control systems. The results from the experiments demonstrate a superior performance of the secure fog-based platform, which is around 2.8 seconds when adding five virtual machines (VMs), 3.2 seconds when adding 10 VMs, and 112 seconds when adding 1000 VMs, compared to the multilevel user access control platform.     

EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusion

Android has stood at a predominant position in mobile operating systems for many years. However, its popularity and openness make it a desirable target of malicious attackers. There is an increasing need for mobile malware detection. Existing analysis methods fall into two categories, i.e., static analysis and dynamic analysis. The dynamic analysis is more effective and timely than the static one, but it incurs a high computational overhead, thus cannot be deployed in resource-constrained mobile devices. Existing studies solve this issue by outsourcing malware detection to the cloud. However, the privacy of mobile app runtime data uploaded to the cloud is not well preserved during both detection model training and malware detection. Numerous efforts have been made to preserve privacy with cryptography, which suffers from high computational overhead and low flexibility. To address these issues, in this paper, we propose an Intel SGX-empowered mobile malware detection scheme called EPMDroid. We also design a probabilistic data structure based on cuckoo filters, named CuckooTable, to effectively fuse features for detection and achieve high space efficiency. We conduct both theoretical analysis and real-world data based tests on EPMDroid performance. Experimental results show that EPMDroid can speed up malware detection by up to 43.8 times and save memory space by up to 3.7 times with the same accuracy, as compared to a baseline method.     

高效物联网虚假数据融合结果检测机制

数据融合(data fusion)是物联网数据传输和处理的关键步骤之一,在传输过程中提前汇总和处理中间数据,仅将逐层融合的结果发送到应用层,有效降低了中间节点的功耗和负载.然而,在这一过程中,各节点没有保存被融合数据,因此,无法发现和定位针对数据融合结果的数据伪造或篡改攻击.为了杜绝这一安全隐患,提出一种高效的物联网数据融合安全检验机制,通过对数据融合过程建模,发现并刻画被输入数据和融合结果之间的联系,并利用这一模型发现异常的数据融合结果,杜绝恶意数据融合,优化物联网传输安全.首先,在节点/网络的输入端和输出端分别进行数据收集,构建了基于被融合数据的特征压缩摘要机制,提升了数据收集效率并优化了节点资源消耗;其次,提出了基于概率图概率模型的数据融合模型,描述被融合数据和融合结果的时空域关系,并基于这一模型高效检测异常数据融合结果.实验结果表明：所提出的方法能够高效、准确地发现恶意数据融合操作,优化物联网传输安全.     

Wearable IoT data stream traceability in a distributed health information system

With the soaring interest in the Internet of Things (IoT), some healthcare providers are facilitating remote care delivery through the use of wearable devices. These devices are employed for continuous streaming of personal medical data (e.g., vitals, medications, allergies, etc.) into healthcare information systems for the purposes of health monitoring and efficient diagnosis. However, a challenge from the perspective of the physicians is the inability to reliably determine which data belongs to who in real-time. This challenge emanates from the fact that healthcare facilities have numerous users who own multiple devices; thereby creating an N x M data source heterogeneity and complexities for the streaming process. As part of this research, we seek to streamline the process by proposing a wearable IoT data streaming architecture that offers traceability of data routes from the originating source to the health information system. To overcome the complexities of mapping and matching device data to users, we put forward an enhanced Petri Nets service model that aids with a transparent data trace route generation, tracking and the possible detection of medical data compromises. The results from several empirical evaluations conducted in a real-world wearable IoT ecosystem prove that: 1) the proposed system’s choice of Petri Net is best suited for linkability, unlinkability, and transparency of the medical IoT data traceability, 2) under peak load conditions, the IoT architecture exhibits high scalability, and 3) distributed health information system threats such as denial of service, man-in-the-middle, spoofing, and masking can be effectively detected.     

天基物联多码率QC-LDPC码构造方法研究

针对天基物联场景中的小数据传输进行多码率QC-LDPC码研究,结合5G标准中LDPC码校验矩阵的设计方法与DVB-S2X标准中不同码率条件下编码长度不变的特性,探索适用于卫星通信中针对短码在固定编码长度条件下实现多码率QC-LDPC码的设计方案,并进行仿真验证;其中,校验矩阵是通过基于代数法的QC-LDPC码的叠加构造方法进行设计,结合缩短与扩展操作来构造具有固定编码长度且能实现多码率的循环移位矩阵,该矩阵同时保持了5G LDPC编码标准中的类Raptor结构;最后通过所设计方案与IEEE802.11n标准进行误比特率仿真对比,根据仿真结果显示,所设计方案与IEEE802.11n标准性能相差较小,且误比特率能到10-7,达到了预期的效果。     

A survey on data provenance in IoT

Internet of Things (IoT), as a typical representation of cyberization, enables the interconnection of physical things and the Internet, which provides intelligent and advanced services for industrial production and human lives. However, it also brings new challenges to IoT applications due to heterogeneity, complexity and dynamic nature of IoT. Especially, it is difficult to determine the sources of specified data, which is vulnerable to inserted attacks raised by different parties during data transmission and processing. In order to solve these issues, data provenance is introduced, which records data origins and the history of data generation and processing, thus possible to track the sources and reasons of any problems. Though some related researches have been proposed, the literature still lacks a comprehensive survey on data provenance in IoT. In this paper, we first propose a number of design requirements of data provenance in IoT by analyzing the features of IoT data and applications. Then, we provide a deep-insight review on existing schemes of IoT data provenance and employ the requirements to discuss their pros and cons. Finally, we summarize a number of open issues to direct future research.

     

重构图视角下超级账本在物联网的应用研究综述

在部署基于区块链的物联网应用中,出现了缺少细粒度隐私保护、事务处理效率低、高延迟、灵活性和动态性不足等方面的技术阻碍。为进一步推进区块链技术在物联网的普及和应用落地,致力于企业级标准的区块链技术的超级账本引起了研究界的广泛关注。然而在当前的研究中,缺少针对基于超级账本的物联网的客观综述。旨在以独特的视角回顾超级账本在物联网领域的研究。为展示更直观的差异和提供技术融合流程,提出了重构图的分析方法。重构是将文献中核心设计和原架构图融合,重新构造可以展示文献核心思想图的过程。这种方法旨在将文献的核心思想可视化。最后,从低功耗共识算法、智能交易验证、链上链下混合存储和自定义激励机制四个方向对超级账本在物联网的未来研究进行展望和总结。     

A privacy-preserving aggregation scheme based on immunological negative surveys for smart meters

The smart meter is a basic device of the smart grid, which improves the efficiency of the power grid and brings a lot of convenience for the industry and people’s daily life. However, real-time power consumption data contain some sensitive information, and could disclose the privacy of users. As an immunological technique, the negative survey is proposed to preserve the privacy of static data. In this paper, firstly, we demonstrate that traditional negative survey might disclose the privacy of users when it is used to collect time-series data. Secondly, we propose an improved negative survey method for collecting the time-series data. Thirdly, for the first time, we apply the negative survey to preserving the privacy of the power consumption data aggregated from smart meters. Theoretical analysis and experimental results demonstrate that the method proposed in this paper could aggregate the power consumption data while preserving the privacy of users. Compared with existing techniques, our method is simple and efficient, and does not need a trusted third party. Moreover, it could tolerate the failure of some users and resist differential attack.     

LPPTE: A lightweight privacy-preserving trust evaluation scheme for facilitating distributed data fusion in cooperative vehicular safety applications

Vehicular networks have tremendous potential to improve road safety, traffic efficiency, and driving comfort, where cooperative vehicular safety applications are a significant branch. In cooperative vehicular safety applications, through the distributed data fusion for large amounts of data from multiple nearby vehicles, each vehicle can intelligently perceive the surrounding conditions beyond the capability of its own onboard sensors. Trust evaluation and privacy preservation are two primary concerns for facilitating the distributed data fusion in cooperative vehicular safety applications. They have conflicting requirements and a good balance between them is urgently needed. Meanwhile, the computation, communication, and storage overheads will all influence the applicability of a candidate scheme. In this paper, we propose a Lightweight Privacy-Preserving Trust Evaluation (LPPTE) scheme which can primely balance the trust evaluation and privacy preservation with low overheads for facilitating the distributed data fusion in cooperative vehicular safety applications. Furthermore, we provide exhaustive theoretical analysis and simulation evaluation for the LPPTE scheme, and the results demonstrate that the LPPTE scheme can obviously improve the accuracy of fusion results and is significantly superior to the state-of-the-art schemes in multiple aspects.     

Detecting Vulnerability on IoT Device Firmware: A Survey

Internet of things (IoT) devices make up 30%of all network-connected endpoints,introducing vulnerabilities and novel attacks that make many companies as primary targets for cybercriminals.To address this increasing threat surface,every organization deploying IoT devices needs to consider security risks to ensure those devices are secure and trusted.Among all the solutions for security risks,firmware security analysis is essential to fix software bugs,patch vulnerabilities,or add new security fea...     

A framework of pavement management system based on IoT and big data

With the expansion of urban road network, the importance of road maintenance is increasing, which guarantee the operation efficiency of transportation infrastructure. Compare to road construction, road maintenance is more sophisticated. Even though invested a lot of manpower and financial resources, management departments are troubled by insufficient and lagging road maintenance. The development and widely application of technologies including IoT, Big Data and Artificial Intelligence(AI) in various industries offer possible solutions to this issue. However, how to utilize these technologies is a challenge for related administration department because of their weak technical force. To address the problem, a pavement management system(PMC) is developed in this research. Combined with IoT and big data, the PMS provide an overall management structure of road maintenance. Composed of three subsections: Pavement detection and 3D modeling, Data analysis and Decision support, the PMS offer an automated and intelligent solution to related administrative departments and firms. Besides, two road maintenance related firms, one is a road maintenance company and the other is a technical firm that offer smart solutions to road maintenance, are selected as cases to illustrate how PMS are applied to support the daily operations and road maintenance.