Collaborative Mutual Identity Establishment (CMIE) for the future internet

2015 ◽  
Vol 11 (4) ◽  
pp. 398-417 ◽  
Author(s):  
Nancy Ambritta P ◽  
Poonam N. Railkar ◽  
Parikshit N. Mahalle
Keyword(s):  
Comparative Analysis ◽  
Digital Signature ◽  
Mutual Authentication ◽  
Future Internet ◽  
Signature Verification ◽  
Forward Secrecy ◽  
Replay Attack ◽  
Content Type ◽  
Security Issues ◽  
Mutual Identity

Purpose – This paper aims at providing a comparative analysis of the existing protocols that address the security issues in the Future Internet (FI) and also to introduce a Collaborative Mutual Identity Establishment (CMIE) scheme which adopts the elliptical curve cryptography (ECC), to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as denial-of-service (DoS) and replay attack. Design/methodology/approach – This paper provides a comparative analysis of the existing protocols that address the security issues in the FI and also provides a CMIE scheme, by adopting the ECC and digital signature verification mechanism, to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as DoS and replay attack. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI. Further, the algorithm is evaluated against Automated Validation of Internet Security Protocols and Application (AVISPA) tool to verify the security solutions that the CMIE scheme has claimed to address to have been effectively achieved in reality. Findings – The algorithm is evaluated against AVISPA tool to verify the security solutions that the CMIE scheme has claimed to address and proved to have been effectively achieved in reality. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI. Research limitations/implications – Considering the Internet of Things (IoT) scenario, another important aspect that is the device-to-location (D2L) aspect has not been considered in this protocol. Major focus of the protocol is centered around the device-to-device (D2D) and device-to-server (D2S) scenarios. Also, IoT basically works upon a confluence of hundreds for protocols that support the achievement of various factors in the IoT, for example Data Distribution Service, Message Queue Telemetry Transport, Extensible Messaging and Presence Protocol, Constrained Application Protocol (CoAP) and so on. Interoperability of the proposed CMIE algorithm with the existing protocols has to be considered to establish a complete model that fits the FI. Further, each request for mutual authentication requires a querying of the database and a computation at each of the participating entities side for verification which could take considerable amount of time. However, for applications that require firm authentication for maintaining and ensuring secure interactions between entities prior to access control and initiation of actual transfer of sensitive information, the negligible difference in computation time can be ignored for the greater benefit that comes with stronger security. Other factors such as quality of service (QoS) (i.e. flexibility of data delivery, resource usage and timing), key management and distribution also need to be considered. However, the user still has the responsibility to choose the required protocol that suits one’s application and serves the purpose. Originality/value – The originality of the work lies in adopting the ECC and digital signature verification mechanism to develop a new scheme that ensures mutual authentication between participating entities in the FI based upon certain user information such as identities. ECC provides efficiency in terms of key size generated and security against main-in-middle attack. The proposed scheme provides secured interactions between devices/entities in the FI.

A Multi-layer Security approach for DDoS detection in Internet of Things

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
A.B. Feroz Khan ◽  
Anandharaj G
Keyword(s):  
Key Management ◽  
Research Work ◽  
Computational Cost ◽  
Smart Devices ◽  
Replay Attack ◽  
Content Type ◽  
Computational Costs ◽  
Security Issues ◽  
Jamming Attack ◽  
Ddos Detection

PurposeThe purpose of the paper is to analyze the layer wise security issues in IoT and to obtain the effective security mechanism for jamming attack .Design/methodology/approachIn this study, the authors proposed a multi layer security approach for the detection of DDoS in IoT environment, which protects the smart devices from DDoS, this scheme also reduces the computational cost in the network under mobility condition.FindingsEven though many works have been done for the security of wireless sensor network (WSN), all works have focused on encryption which depends on the key management strategy. In this study, the authors proposed a multilayer approach to analyze the layer wise security issues and also proposed a threshold-based countermeasure (TBC) for replay attack in each layer.Originality/valueThe results indicate that the proposed algorithm lowers the computational costs and energy consumption than in modern schemes. Also, the proposed research work improves the scalability of sensor networks using the TBC.

A puncturable attribute-based data sharing scheme for the Internet of Medical Robotic Things

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Sultan Basudan
Keyword(s):  
Data Sharing ◽  
Mutual Authentication ◽  
The Internet ◽  
Security Model ◽  
Secret Key ◽  
Forward Secrecy ◽  
Content Type ◽  
Sensing Data ◽  
Sharing Scheme ◽  
Security Proof

PurposeIn line with the fast development of information technology, the Internet of Medical Robotic Things (IoMRT) is gaining more ground in health care. Sharing patients' information effectively and securely can improve sensing data usage and confidentiality. Nevertheless, current IoMRT data sharing schemes are lacking in terms of supporting efficient forward secrecy; when secret key for a robotic nurse as a data requester is compromised, all the historically shared data with this robotic nurse will be leaked.Design/methodology/approachThe presented paper suggests an efficient puncturable attribute-based data sharing scheme enabling guaranteed firm security and versatile access control over health sensing data in IoMRT. This scheme integrates attribute-based and puncturable encryption to avail a shared secret key for data sharing that can be encrypted by an access structure over the Data Requester (DR) attributes. Additionally, the establishment of the shared key and the mutual authentication is simultaneously done between the cloud servers and DRs.FindingsThe proposed scheme can achieve forward secrecy by adopting the bloom filter technique that efficiently helps the updating of a private key with no need for the key distributor to reissue the key. The security proof illustrates that this scheme adheres to the security model. Besides, the performance evaluation expresses the feasibility of the suggested scheme.Originality/valueThe main goal of designing a puncture algorithm is to devise an updated key from the ciphertext and a secret key, allowing the decryption of all ciphertexts except the one that has been punctured on. This research illustrates the first effort to develop a puncturable attribute-based encryption scheme to achieve efficient finegrained data sharing in IoMRT.

scholarly journals DSSAM: digitally signed secure acknowledgement method for mobile ad hoc network

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Ashutosh Srivastava ◽  
Sachin Kumar Gupta ◽  
Mohd Najim ◽  
Nitesh Sahu ◽  
Geetika Aggarwal ◽  
...  
Keyword(s):  
Digital Signature ◽  
Intrusion Detection System ◽  
Ad Hoc Network ◽  
Ad Hoc ◽  
Mobile Ad Hoc Network ◽  
Detection System ◽  
Source Routing ◽  
Security Issues ◽  
Dynamic Source ◽  
Mobile Ad Hoc

AbstractMobile ad hoc network (MANET) is an infrastructure-less, self-motivated, arbitrary, self-configuring, rapidly changing, multi-hop network that is self-possessing wireless bandwidth-conscious links without centrally managed router support. In such a network, wireless media is easy to snoop. It is firm to the surety to access any node, easier to insertion of bad elements or attackers for malicious activities in the network. Therefore, security issues become one of the significant considerations for such kind of networks. The deployment of an effective intrusion detection system is important in order to provide protection against various attacks. In this paper, a Digitally Signed Secure Acknowledgement Method (DSSAM) with the use of the RSA digital signature has been proposed and simulated. Three different parameters are considered, namely secure acknowledgment, node authentication, and packet authentication for study. This article observes the DSSAM performance and compares it with two existing standard methods, namely Watchdog and 2-ACK under standard Dynamic Source Routing (DSR) routing environment. In the end, it is noticed that the rate of detection of malicious behaviour is better in the case of the proposed method. However, associated overheads are high. A trade-off between performance and overhead has been considered.

scholarly journals Drone Secure Communication Protocol for Future Sensitive Applications in Military Zone

Sensors ◽  
2021 ◽  
Vol 21 (6) ◽  
pp. 2057
Author(s):  
Yongho Ko ◽  
Jiyoon Kim ◽  
Daniel Gerbi Duguma ◽  
Philip Virgil Astillo ◽  
Ilsun You ◽  
...  
Keyword(s):  
Performance Evaluation ◽  
Secure Communication ◽  
Communication Protocol ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Information Leakage ◽  
Security Protocol ◽  
Security Requirements ◽  
Forward Secrecy ◽  
Perfect Forward Secrecy

Unmanned Aerial Vehicle (UAV) plays a paramount role in various fields, such as military, aerospace, reconnaissance, agriculture, and many more. The development and implementation of these devices have become vital in terms of usability and reachability. Unfortunately, as they become widespread and their demand grows, they are becoming more and more vulnerable to several security attacks, including, but not limited to, jamming, information leakage, and spoofing. In order to cope with such attacks and security threats, a proper design of robust security protocols is indispensable. Although several pieces of research have been carried out with this regard, there are still research gaps, particularly concerning UAV-to-UAV secure communication, support for perfect forward secrecy, and provision of non-repudiation. Especially in a military scenario, it is essential to solve these gaps. In this paper, we studied the security prerequisites of the UAV communication protocol, specifically in the military setting. More importantly, a security protocol (with two sub-protocols), that serves in securing the communication between UAVs, and between a UAV and a Ground Control Station, is proposed. This protocol, apart from the common security requirements, achieves perfect forward secrecy and non-repudiation, which are essential to a secure military communication. The proposed protocol is formally and thoroughly verified by using the BAN-logic (Burrow-Abadi-Needham logic) and Scyther tool, followed by performance evaluation and implementation of the protocol on a real UAV. From the security and performance evaluation, it is indicated that the proposed protocol is superior compared to other related protocols while meeting confidentiality, integrity, mutual authentication, non-repudiation, perfect forward secrecy, perfect backward secrecy, response to DoS (Denial of Service) attacks, man-in-the-middle protection, and D2D (Drone-to-Drone) security.

Food security in Papua New Guinea: the need to go beyond “business case CSR”

2016 ◽  
Vol 12 (3) ◽  
pp. 523-534 ◽  
Author(s):  
Fernanda de Paiva Duarte ◽  
Benedict Young Imbun
Keyword(s):  
Food Security ◽  
Papua New Guinea ◽  
New Guinea ◽  
Business Case ◽  
Community Relations ◽  
Design Data ◽  
Content Type ◽  
Security Issues ◽  
Level Of Satisfaction ◽  
Corporate Social

Purpose The purpose of this paper is to canvass the views of villagers from a remote region of Papua New Guinea (PNG) on food security issues in their community and their level of satisfaction with food security initiatives provided by the extractive company that operated on their land. Design/methodology/approach Qualitative design: data gathered through 14 semi-structured, face-to-face interviews and a discussion forum with 20 villagers from Pawa. Purposive sampling. Snow-balling method of recruitment. Findings Food security was identified as a growing concern among the villagers, who also expressed dissatisfaction with the food security projects offered through the corporate social responsibility (CSR) program offered by the company operating on their land. Communication problems between company and community and lack of trust were evident. Research limitations/implications Possibility of self-selection bias among participants. The perspective of the company was under-represented. Practical implications The study highlights the need for CSR practitioners to be mindful of the importance of effective communication with local communities. Social Implications The study reveals the importance of meaningful dialogue between company and host communities, which can lead to a more efficient allocation of resources and empowerment of host communities. Originality/value The study bridges a research gap in the field of CSR in developing countries because food security, as a CSR issue in PNG communities, is under-researched. The study contributes to a better understanding of company –community relations in PNG and how these relations can be improved through a more normative approach to CSR. It also highlights the importance of empowering host communities through meaningful dialogue.

Benchmarking the practices of flexibility with maturity models and frameworks of organizational capabilities

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Sanjai Kumar Shukla ◽  
Sushil
Keyword(s):  
Information Technology ◽  
Comparative Analysis ◽  
Business Environment ◽  
Organizational Capabilities ◽  
Maturity Model ◽  
Human Capabilities ◽  
Maturity Models ◽  
Content Type ◽  
Wide Range ◽  
Flexibility Maturity

PurposeOrganizational capabilities are crucial to achieve the objectives. A plethora of maturity models is available to guide organizational capabilities that create a perplexing situation about what stuff to improve and what to leave. Therefore, a unified maturity model addressing a wide range of capabilities is a necessity. This paper establishes that a flexibility maturity model is an unified model containing the operational, strategic and human capabilities.Design/methodology/approachThis paper does a comparative analysis/benchmarking studies of different maturity models/frameworks widely used in the information technology (IT) sector with respect to the flexibility maturity model to establish its comprehensiveness and application in the organization to handle multiple goals.FindingsThis study confirms that the flexibility maturity model has the crucial elements of all the maturity models. If the organizations use the flexibility maturity model, they can avoid the burden of complying with multiple ones and become objective-driven rather than compliance-driven.Research limitations/implicationsThe maturity models used in information technology sectors are used. This work will inspire other maturity models to adopt flexibility phenomena.Practical implicationsThe comparative analysis will give confidence in application of flexibility framework. The business environment and strategic options across organizations are inherently different that the flexibility maturity model well handles.Social implicationsA choice is put to an organization to see the comparison tables produced in this paper and choose the right framework according to the prevailing business situation.Originality/valueThis is the first study that makes a conclusion based on comparative benchmarking of existing maturity models.

Users’ attitude on perceived security of enterprise systems mobility: an empirical study

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Ramaraj Palanisamy ◽  
Yang Wu
Keyword(s):  
Cloud Computing ◽  
Best Practices ◽  
Empirical Study ◽  
Mobile Systems ◽  
Mobile Technologies ◽  
Content Type ◽  
Security Issues ◽  
Study Results ◽  
Perceived Security ◽  
High Level

Purpose This study/ paper aims to empirically examine the user attitude on perceived security of enterprise systems (ES) mobility. Organizations are adopting mobile technologies for various business applications including ES to increase the flexibility and to gain sustainable competitive advantage. At the same time, end-users are exposed to security issues when using mobile technologies. The ES have seen breaches and malicious intrusions thereby more sophisticated recreational and commercial cybercrimes have been witnessed. ES have seen data breaches and malicious intrusions leading to more sophisticated cybercrimes. Considering the significance of security in ES mobility, the research questions in this study are: What are the security issues of ES mobility? What are the influences of users’ attitude towards those security issues? What is the impact of users’ attitude towards security issues on perceived security of ES mobility? Design/methodology/approach These questions are addressed by empirically testing a security model of mobile ES by collecting data from users of ES mobile systems. Hypotheses were evolved and tested by data collected through a survey questionnaire. The questionnaire survey was administered to 331 users from Chinese small and medium-sized enterprises (SME). The data was statistically analysed by tools such as correlation, factor analysis, regression and the study built a structural equation model (SEM) to examine the interactions between the variables. Findings The study results have identified the following security issues: users’ attitude towards mobile device security issues; users’ attitude towards wireless network security issues; users’ attitude towards cloud computing security issues; users’ attitude towards application-level security issues; users’ attitude towards data (access) level security issues; and users’ attitude towards enterprise-level security issues. Research limitations/implications The study results are based on a sample of users from Chinese SMEs. The findings may lack generalizability. Therefore, researchers are encouraged to examine the model in a different context. The issues requiring further investigation are the role of gender and type of device on perceived security of ES mobile systems. Practical implications The results show that the key security issues are related to a mobile device, wireless network, cloud computing, applications, data and enterprise. By understanding these issues and the best practices, organizations can maintain a high level of security of their mobile ES. Social implications Apart from understanding the best practices and the key issues, the authors suggest management and end-users to work collaboratively to achieve a high level of security of the mobile ES. Originality/value This is an empirical study conducted from the users’ perspective for validating the set of research hypotheses related to key security issues on the perceived security of mobile ES.

Factors affecting transaction costs in megaprojects: a qualitative comparative analysis

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Dedong Wang ◽  
Hui Li ◽  
Yongqiang Lu
Keyword(s):  
Comparative Analysis ◽  
Transaction Costs ◽  
Qualitative Comparative Analysis ◽  
Asset Specificity ◽  
Necessary Condition ◽  
Content Type ◽  
Factors Affecting ◽  
Relational Contract ◽  
Factors Influencing ◽  
Project Costs

PurposeThe purpose of this study is to examine the factors influencing the transaction costs (TCs) in megaprojects to provide a basis for controlling project costs.Design/methodology/approachThis study selects six factors influencing the TCs in megaprojects from the perspective of TC theory and relational contract theory (RCT) through literature review. On the basis of crisp-set qualitative comparative analysis (QCA), this study tests combined factors influencing the TCs and the interaction between them.FindingsResults show that in megaprojects, TCs are affected by combination factors. The combination of asset specificity, uncertainty, transaction frequency and trust and the combination of asset specificity, reputation and trust will control TCs in certain situations. In the configuration leading to high project TCs, the combination of environmental and behavioral uncertainties is a necessary condition.Originality/valueThis paper fills up the research gap in the field of megaproject TCs, and researchers can focus on this field in the future.

Sign in / Sign up

Export Citation Format

Share Document