k-Anonymous Query Scheme on the Internet of Things: a Zero Trust Architecture

The paper investigates query-anonymity in Internet of things (IoT) formed by a sensor cloud, where the sensor nodes provide services of sensing and are subject to user queries of sensing data. Due to the heterogeneity and multi-carrier natures of the sensor cloud, user privacy could be impaired when the queries have to go through nodes of a third party. Thus, the paper firstly introduces a novel query k-anonymity scheme that countermeasures such a privacy threat. Based on the proposed k-anonymity scheme, the trade-offs between the achieved query-anonymity and various performance measures including, communication-cost, return-on-investment metric, path-length, and location anonymity metrics, are analyzed. By adopting a hybrid approach that takes into account the average and worst-case analysis, our evaluation results show that most of the obtained bounds on various performance anonymity trade-offs can be expressed precisely in terms of the offered level-of-anonymity k and network diameter d.

Download Full-text

DPSelect: A Differential Privacy Based Guard Relay Selection Algorithm for Tor

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2019-0025 ◽

2019 ◽

Vol 2019 (2) ◽

pp. 166-186

Author(s):

Hans Hanley ◽

Yixin Sun ◽

Sameer Wagh ◽

Prateek Mittal

Keyword(s):

Differential Privacy ◽

Monte Carlo Sampling ◽

Path Selection ◽

Worst Case Analysis ◽

User Privacy ◽

Worst Case ◽

Average Case ◽

Minimal Impact ◽

Trade Offs ◽

And Performance

Abstract Recent work has shown that Tor is vulnerable to attacks that manipulate inter-domain routing to compromise user privacy. Proposed solutions such as Counter-RAPTOR [29] attempt to ameliorate this issue by favoring Tor entry relays that have high resilience to these attacks. However, because these defenses bias Tor path selection on the identity of the client, they invariably leak probabilistic information about client identities. In this work, we make the following contributions. First, we identify a novel means to quantify privacy leakage in guard selection algorithms using the metric of Max-Divergence. Max-Divergence ensures that probabilistic privacy loss is within strict bounds while also providing composability over time. Second, we utilize Max-Divergence and multiple notions of entropy to understand privacy loss in the worst-case for Counter-RAPTOR. Our worst-case analysis provides a fresh perspective to the field, as prior work such as Counter-RAPTOR only analyzed average case-privacy loss. Third, we propose modifications to Counter-RAPTOR that incorporate worst-case Max-Divergence in its design. Specifically, we utilize the exponential mechanism (a mechanism for differential privacy) to guarantee a worst-case bound on Max-Divergence/privacy loss. For the quality function used in the exponential mechanism, we show that a Monte-Carlo sampling-based method for stochastic optimization can be used to improve multi-dimensional trade-offs between security, privacy, and performance. Finally, we demonstrate that compared to Counter-RAPTOR, our approach achieves an 83% decrease in Max-Divergence after one guard selection and a 245% increase in worst-case Shannon entropy after 5 guard selections. Notably, experimental evaluations using the Shadow emulator shows that our approach provides these privacy benefits with minimal impact on system performance.

Download Full-text

Securing the Internet of Things: A Worst-Case Analysis of Trade-Off between Query-Anonymity and Communication-Cost

2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA) ◽

10.1109/aina.2017.76 ◽

2017 ◽

Author(s):

Kadhim Hayawi ◽

Pin-Han Ho ◽

Sujith Samuel Mathew ◽

Limei Peng

Keyword(s):

Internet Of Things ◽

Case Analysis ◽

Communication Cost ◽

Worst Case Analysis ◽

The Internet ◽

Worst Case ◽

Trade Off ◽

The Internet Of Things

Download Full-text

An access control model for the Internet of Things based on zero-knowledge token and blockchain

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-021-01986-4 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Lihua Song ◽

Xinran Ju ◽

Zongke Zhu ◽

Mengchen Li

Keyword(s):

Internet Of Things ◽

Access Control ◽

Single Point ◽

Control Model ◽

Third Party ◽

Security Level ◽

Zero Knowledge ◽

Access Control Model ◽

Test Analysis ◽

Zero Knowledge Proof

AbstractInformation security has become a hot topic in Internet of Things (IoT), and traditional centralized access control models are faced with threats such as single point failure, internal attack, and central leak. In this paper, we propose a model to improve the access control security of the IoT, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deploy attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration. Secondly, encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids attribute ownership exposure problem. Besides, the use of smart contracts solves the problem of low computing efficiency of IoT devices and the waste of blockchain computing power resources. Finally, a prototype of IoT access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.

Download Full-text

Taking a Deep Dive Into The Batteryless Internet of Things With Shepherd

GetMobile Mobile Computing and Communications ◽

10.1145/3447853.3447855 ◽

2021 ◽

Vol 24 (3) ◽

pp. 5-8

Author(s):

Kai Geissdoerfer ◽

Mikołaj Chwalisz ◽

Marco Zimmerling

Keyword(s):

Energy Storage ◽

Internet Of Things ◽

Sensor Nodes ◽

Energy Availability ◽

Deep Dive ◽

Temporal Fluctuations ◽

Temporal Characteristics ◽

Challenges And Opportunities ◽

Spatio Temporal

Collaboration of batteryless devices is essential to their success in replacing traditional battery-based systems. Without significant energy storage, spatio-temporal fluctuations of ambient energy availability become critical for the correct functioning of these systems. We present Shepherd, a testbed for the batteryless Internet of Things (IoT) that can record and reproduce spatio-temporal characteristics of real energy environments to obtain insights into the challenges and opportunities of operating groups of batteryless sensor nodes.

Download Full-text

A Hesitant Fuzzy Combined Compromise Solution Framework-Based on Discrimination Measure for Ranking Sustainable Third-Party Reverse Logistic Providers

Sustainability ◽

10.3390/su13042064 ◽

2021 ◽

Vol 13 (4) ◽

pp. 2064

Author(s):

Arunodaya Raj Mishra ◽

Pratibha Rani ◽

Raghunathan Krishankumar ◽

Edmundas Kazimieras Zavadskas ◽

Fausto Cavallaro ◽

...

Keyword(s):

Reverse Logistics ◽

Hybrid Approach ◽

Third Party ◽

Illustrative Case ◽

Primary Concern ◽

Compromise Solution ◽

Fuzzy Environment ◽

Criteria Weights ◽

Reverse Logistic ◽

Illustrative Case Study

Customers’ pressure, social responsibility, and government regulations have motivated the enterprises to consider the reverse logistics (RL) in their operations. Recently, companies frequently outsource their RL practices to third-party reverse logistics providers (3PRLPs) to concentrate on their primary concern and diminish costs. However, to select the suitable 3PRLP candidate requires a multi-criteria decision making (MCDM) process involving uncertainty owing to the presence of many associated aspects. In order to choose the most appropriate sustainable 3PRLP (S3PRLP), we introduce a hybrid approach based on the classical Combined Compromise Solution (CoCoSo) method and propose a discrimination measure within the context of hesitant fuzzy sets (HFSs). This approach offers a new process based on the discrimination measure for evaluating the criteria weights. The efficiency and practicability of the present approach are numerically demonstrated by solving an illustrative case study of S3PRLPs selection under a hesitant fuzzy environment. Moreover, sensitivity and comparative studies are presented to highlight the robustness and strength of the introduced methodology. The result of this work concludes that the introduced methodology can recommend a more feasible performance when facing with determinate and inconsistent knowledge and qualitative data.

Download Full-text

User Privacy and the Evolution of Third-Party Tracking Mechanisms on the World Wide Web

SSRN Electronic Journal ◽

10.2139/ssrn.2005252 ◽

2010 ◽

Cited By ~ 3

Author(s):

Sonal Mittal

Keyword(s):

World Wide Web ◽

World Wide ◽

Third Party ◽

User Privacy ◽

The World

Download Full-text

Wideband Rectangular Foldable and Non-foldable Antenna for Internet of Things Applications

International Journal of Antennas and Propagation ◽

10.1155/2019/2125713 ◽

2019 ◽

Vol 2019 ◽

pp. 1-5 ◽

Cited By ~ 1

Author(s):

Steve W. Y. Mung ◽

Cheuk Yin Cheung ◽

Ka Ming Wu ◽

Joseph S. M. Yuen

Keyword(s):

Internet Of Things ◽

Printed Circuit Board ◽

Circuit Board ◽

Design Parameters ◽

Multiple Frequency ◽

Wireless Applications ◽

Printed Circuit ◽

Iot Applications ◽

Trade Offs ◽

The Cost

This article presents a simple wideband rectangular antenna in foldable and non-foldable (printed circuit board (PCB)) structures for Internet of Things (IoT) applications. Both are simple structures with two similar rectangular metal planes which cover multiple frequency bands such as GPS, WCDMA/LTE, and 2.4 GHz industrial, scientific, and medical (ISM) bands. This wideband antenna is suitable to integrate into the short- and long-range wireless applications such as the short-range 2.4 GHz ISM band and standard cellular bands. This lowers the overall size of the product as well as the cost in the applications. In this article, the configuration and operation principle are presented as well as its trade-offs on the design parameters. Simulated and experimental results of foldable and non-foldable (PCB) structures show that the antenna is suited for IoT applications.

Download Full-text

Lattice-based remote user authentication from reusable fuzzy signature

Journal of Computer Security ◽

10.3233/jcs-191370 ◽

2021 ◽

pp. 1-26

Author(s):

Yangguang Tian ◽

Yingjiu Li ◽

Robert H. Deng ◽

Binanda Sengupta ◽

Guomin Yang

Keyword(s):

Communication Channel ◽

User Authentication ◽

Third Party ◽

Quantum Computers ◽

User Privacy ◽

Remote User Authentication ◽

Security Models ◽

Authentication Server ◽

New Construction ◽

Remote User

In this paper, we introduce a new construction of reusable fuzzy signature based remote user authentication that is secure against quantum computers. We investigate the reusability of fuzzy signature, and we prove that the fuzzy signature schemes provide biometrics reusability (aka. reusable fuzzy signature). We define formal security models for the proposed construction, and we prove that it achieves user authenticity and user privacy. The proposed construction ensures: 1) a user’s biometrics can be securely reused in remote user authentication; 2) a third party having access to the communication channel between a user and the authentication server cannot identify the user.

Download Full-text