Revisited—The Subliminal Channel in Blockchain and Its Application to IoT Security

Although digital signature has been a fundamental technology for cryptosystems, it still draws considerable attention from both academia and industry due to the recent raising interest in blockchains. This article revisits the subliminal channel existing digital signature and reviews its abuse risk of the constructor’s private key. From a different perspective on the subliminal channel, we find the new concept named the chamber of secrets in blockchains. The found concept, whereby the secret is hidden and later recovered by the constructor from the common transactions in a blockchain, highlights a new way to encourage implementing various applications to benefit efficiency and security. Thus, the proposed scheme benefits from the following advantages: (1) avoiding the high maintenance cost of certificate chain of certificate authority, or public key infrastructure, and (2) seamlessly integrating with blockchains using the property of chamber of secrets. In order to easily understand the superiority of this new concept, a remote authentication scenario is taken as a paradigm of IoT to demonstrate that the further advantages are achieved: (1) avoiding high demand for storage space in IoT devices, and (2) avoiding maintaining a sensitive table in IoT server.

Download Full-text

MISPLACED PRIORITIES: THE UTAH DIGITAL SIGNATURE ACT AND LIABILITY ALLOCATION IN A PUBLIC KEY INFRASTRUCTURE

10.31228/osf.io/h2dj5 ◽

2017 ◽

Cited By ~ 1

Author(s):

C. Bradford Biddle

Keyword(s):

Digital Signature ◽

Legal Status ◽

Digital Signatures ◽

Public Key Infrastructure ◽

Public Key ◽

Public Key Encryption ◽

Electronic Documents ◽

Online Databases ◽

The Status ◽

Computer Based

On March 9, 1995, the Utah Digital Signature Act (the “Utah Act”) was signed into law.1 Complex and ambitious, the Utah Act is intended to promote the use of digital signatures on computer-based documents and to facilitate electronic commerce.2 The Utah Act implements an infrastructure in which computer users utilize “certification authorities,” online databases called repositories, and public-key encryption technology in order to “sign” electronic documents in a legally binding fashion. In addition to setting out a regulatory scheme designed to implement this infrastructure, the Utah Act provides certain digital signatures with legal status as valid signatures and addresses a variety of issues relating to the status of digitally-signed electronic documents in contract and evidence law.

Download Full-text

Blockchain as a CA: A Provably Secure Signcryption Scheme Leveraging Blockchains

Security and Communication Networks ◽

10.1155/2021/6637402 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Tzung-Her Chen ◽

Ting-Le Zhu ◽

Fuh-Gwo Jeng ◽

Chien-Lung Wang

Keyword(s):

Security Analysis ◽

Third Party ◽

Maintenance Cost ◽

Communication Overhead ◽

Operational Cost ◽

Computational Costs ◽

The Past ◽

Certificate Chain ◽

Signcryption Scheme ◽

Provably Secure

Although encryption and signatures have been two fundamental technologies for cryptosystems, they still receive considerable attention in academia due to the focus on reducing computational costs and communication overhead. In the past decade, applying certificateless signcryption schemes to solve the higher cost of maintaining the certificate chain issued by a certificate authority (CA) has been studied. With the recent increase in the interest in blockchains, signcryption is being revisited as a new possibility. The concepts of a blockchain as a CA and a transaction as a certificate proposed in this paper aim to use a blockchain without CAs or a trusted third party (TTP). The proposed provably secure signcryption scheme implements a designated recipient beforehand such that a sender can cryptographically facilitate the interoperation on the blockchain information with the designated recipient. Thus, the proposed scheme benefits from the following advantages: (1) it removes the high maintenance cost from involving CAs or a TTP, (2) it seamlessly integrates with blockchains, and (3) it provides confidential transactions. This paper also presents the theoretical security analysis and assesses the performance via the simulation results. Upon evaluating the operational cost in real currency based on Ethereum, the experimental results demonstrate that the proposed scheme only requires a small cost as a fee.

Download Full-text

Honeypots for Internet of Things Research: An Effective Mitigation Tool

10.20944/preprints202109.0461.v1 ◽

2021 ◽

Author(s):

Shen Xin En ◽

Liu Si Ling ◽

Fan Cheng Hao

Keyword(s):

Internet Of Things ◽

Operating Systems ◽

Network Resources ◽

Iot Security ◽

Frequent Use ◽

Attack Patterns ◽

Iot Devices

In recent years, due to their frequent use and widespread use, IoT (Internet of Things) devices have become an attractive target for hackers. As a result of their limited network resources and complex operating systems, they are vulnerable to attacks. Using a honeypot can, therefore, be a very effective way of detecting malicious requests and capturing samples of exploits. The purpose of this article is to introduce honeypots, the rise of IoT devices, and how they can be exploited by attackers. Various honeypot ecosystems will be investigated further for capturing and analyzing information from attacks against these IoT devices. As well as how to leverage proactive strategies in terms of IoT security, it will provide insights on the attack vectors present in most IoT systems, along with understanding attack patterns.

Download Full-text

Healthcare-Internet of Things and Its Components

Advances in Medical Technologies and Clinical Practice - Optimizing Health Monitoring Systems With Wireless Technology ◽

10.4018/978-1-5225-6067-8.ch018 ◽

2021 ◽

pp. 258-277

Author(s):

Aman Tyagi

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Communication Technologies ◽

The Internet ◽

Healthcare Resources ◽

Iot Security ◽

Global Epidemic ◽

Security Issues ◽

Analyse Data ◽

Iot Devices

Elderly population in the Asian countries is increasing at a very fast rate. Lack of healthcare resources and infrastructure in many countries makes the task of provding proper healthcare difficult. Internet of things (IoT) in healthcare can address the problem effectively. Patient care is possible at home using IoT devices. IoT devices are used to collect different types of data. Various algorithms may be used to analyse data. IoT devices are connected to the internet and all the data of the patients with various health reports are available online and hence security issues arise. IoT sensors, IoT communication technologies, IoT gadgets, components of IoT, IoT layers, cloud and fog computing, benefits of IoT, IoT-based algorithms, IoT security issues, and IoT challenges are discussed in the chapter. Nowadays global epidemic COVID19 has demolished the economy and health services of all the countries worldwide. Usefulness of IoT in COVID19-related issues is explained here.

Download Full-text

Investigating Brute Force Attack Patterns in IoT Network

Journal of Electrical and Computer Engineering ◽

10.1155/2019/4568368 ◽

2019 ◽

Vol 2019 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Deris Stiawan ◽

Mohd. Yazid Idris ◽

Reza Firsandaya Malik ◽

Siti Nurmaini ◽

Nizar Alsharif ◽

...

Keyword(s):

Brute Force ◽

File Transfer ◽

Iot Security ◽

Insider Attack ◽

Attack Pattern ◽

Internal Network ◽

Attack Patterns ◽

Iot Devices ◽

Set Up ◽

Brute Force Attack

Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may help the IoT system administrator to analyze any similar attacks. This paper investigates brute force attack (BFA) on the FTP server of the IoT network by using a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations. The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more the entire IoT security system. The experiments use the IoT network testbed that mimic the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation.

Download Full-text

Towards the Integration of Blockchain and IoT for Security Challenges in IoT

Transforming Businesses With Bitcoin Mining and Blockchain Applications - Advances in Finance, Accounting, and Economics ◽

10.4018/978-1-7998-0186-3.ch003 ◽

2020 ◽

pp. 45-67 ◽

Cited By ~ 1

Author(s):

K. Dinesh Kumar ◽

Venkata Rathnam T. ◽

Venkata Ramana R. ◽

M. Sudhakara ◽

Ravi Kumar Poluru

Keyword(s):

Internet Of Things ◽

Security Management ◽

Vital Role ◽

Management Systems ◽

Iot Security ◽

Communication Architecture ◽

Secure Systems ◽

Security Issues ◽

Blockchain Technology ◽

Iot Devices

Internet of things (IoT) technology plays a vital role in the current technologies because IoT develops a network by integrating different kinds of objects and sensors to create the communication among objects directly without human interaction. With the presence of internet of things technology in our daily comes smart thinking and various advantages. At the same time, secure systems have been a most important concern for the protection of information systems and networks. However, adopting traditional security management systems in the internet of things leads several issues due to the limited privacy and policies like privacy standards, protocol stacks, and authentication rules. Usually, IoT devices has limited network capacities, storage, and computing processors. So they are having more chances to attacks. Data security, privacy, and reliability are three main challenges in the IoT security domain. To address the solutions for the above issues, IoT technology has to provide advanced privacy and policies in this large incoming data source. Blockchain is one of the trending technologies in the privacy management to provide the security. So this chapter is focused on the blockchain technologies which can be able to solve several IoT security issues. This review mainly focused on the state-of-the-art IoT security issues and vulnerabilities by existing review works in the IoT security domains. The taxonomy is presented about security issues in the view of communication, architecture, and applications. Also presented are the challenges of IoT security management systems. The main aim of this chapter is to describe the importance of blockchain technology in IoT security systems. Finally, it highlights the future directions of blockchain technology roles in IoT systems, which can be helpful for further improvements.

Download Full-text

Security Assertion of IoT Devices Using Cloud of Things Perception

International Journal of Interdisciplinary Telecommunications and Networking ◽

10.4018/ijitn.2019100102 ◽

2019 ◽

Vol 11 (4) ◽

pp. 17-31

Author(s):

Mamata Rath ◽

Bibudhendu Pati

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Communication Systems ◽

Future Internet ◽

Computing Systems ◽

Iot Security ◽

Security Assurance ◽

Iot Applications ◽

The Future ◽

Iot Devices

Adoption of Internet of Things (IoT) and Cloud of Things (CoT) in the current developing technology era are expected to be more and more invasive, making them important mechanism of the future Internet-based communication systems. Cloud of Things and Internet of Things (IoT) are two emerging as well as diversified advanced domains that are diversified in current technological scenario. Paradigm where Cloud and IoT are merged together is foreseen as disruptive and as an enabler of a large number of application scenarios. Due to the adoption of the Cloud and IoT paradigm a number of applications are gaining important technical attention. In the future, it is going to be more complicated a setup to handle security in technology. Information till now will severely get changed and it will be very tough to keep up with varying technology. Organisations will have to repeatedly switch over to new skill-based technology with respect to higher expenditure. Latest tools, methods and enough expertise are highly essential to control threats and vulnerability to computing systems. Keeping in view the integration of Cloud computing and IoT in the new domain of Cloud of things, the said article provides an up-to-date eminence of Cloud-based IoT applications and Cloud of Things with a focus on their security and application-oriented challenges. These challenges are then synthesized in detail to present a technical survey on various issues related to IoT security, concerns, adopted mechanisms and their positive security assurance using Cloud of Things.

Download Full-text

IoT Security Configurability with Security-by-Contract

Sensors ◽

10.3390/s19194121 ◽

2019 ◽

Vol 19 (19) ◽

pp. 4121 ◽

Cited By ~ 6

Author(s):

Alberto Giaretta ◽

Nicola Dragoni ◽

Fabio Massacci

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Holistic Approach ◽

The Internet ◽

Iot Security ◽

Iot Devices ◽

Work First ◽

The Internet Of Things

Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.

Download Full-text

Performance evaluation and comparison of default and small private key rainbow digital signature scheme for IoT devices

Proceedings of the 25th Brazillian Symposium on Multimedia and the Web - WebMedia '19 ◽

10.1145/3323503.3360632 ◽

2019 ◽

Author(s):

Matheus da F. Dornelles ◽

Pedro Carlos da S. Lara ◽

Felipe da R. Henriques

Keyword(s):

Performance Evaluation ◽

Digital Signature ◽

Signature Scheme ◽

Private Key ◽

Performance Evaluation And Comparison ◽

Iot Devices ◽

Digital Signature Scheme

Download Full-text

A Host-Based Anomaly Detection Framework Using XGBoost and LSTM for IoT Devices

Wireless Communications and Mobile Computing ◽

10.1155/2020/8838571 ◽

2020 ◽

Vol 2020 ◽

pp. 1-13

Author(s):

Xiali Wang ◽

Xiang Lu

Keyword(s):

Anomaly Detection ◽

Detection System ◽

Gradient Boosting ◽

System Call ◽

Iot Security ◽

Extreme Gradient Boosting ◽

Ip Camera ◽

Iot Devices ◽

System Call Sequences ◽

Abnormal Behaviors

The Internet of Things (IoT) is rapidly spreading in various application scenarios through its salient features in ubiquitous device connections, ranging from agriculture and industry to transportation and other fields. As the increasing spread of IoT applications, IoT security is gradually becoming one of the most significant issues to guard IoT devices against various cybersecurity threats. Usually, IoT devices are the main components responsible for sensing, computing, and transmitting; in this case, how to efficiently protect the IoT device itself away from cyber attacks, like malware, virus, and worm, becomes the vital point in IoT security. This paper presents a brand new architecture of intrusion detection system (IDS) for IoT devices, which is designed to identify device- or host-oriented attacks in a lightweight manner in consideration of limited computation resources on IoT devices. To this end, in this paper, we propose a stacking model to couple the Extreme Gradient Boosting (XGBoost) model and the Long Short-Term Memory (LSTM) model together for the abnormal state analysis on the IoT devices. More specifically, we adopt the system call sequence as the indicators of abnormal behaviors. The collected system call sequences are firstly processed by the famous n-gram model, which is a common method used for host-based intrusion detections. Then, the proposed stacking model is used to identify abnormal behaviors hidden in the system call sequences. To evaluate the performance of the proposed model, we establish a real-setting IP camera system and place several typical IoT attacks on the victim IP camera. Extensive experimental evaluations show that the stacking model has outperformed other existing anomaly detection solutions, and we are able to achieve a 0.983 AUC score in real-world data. Numerical testing demonstrates that the XGBoost-LSTM stacking model has excellent performance, stability, and the ability of generalization.

Download Full-text