Robust RDH Technique using Sorting and IPVO-based Pairwise PEE for Secure Communication

Nowadays, Reversible Data Hiding (RDH) is used extensively in information sensitive communication domains to protect the integrity of hidden data and the cover medium. However, most of the recently proposed RDH methods lack robustness. Robust RDH methods are required to protect the hidden data from security attacks at the time of communication between the sender and receiver. In this paper, we propose a Robust RDH scheme using IPVO based pairwise embedding. The proposed scheme is designed to prevent unintentional modifications caused to the secret data by JPEG compression. The cover image is decomposed into two planes namely HSB plane and LSB plane. As JPEG compression most likely modifies the LSBs of the cover image during compression, it is best not to hide the secret data into LSB planes. So, the proposed method utilizes a pairwise embedding to embed secret data into HSB plane of the cover image. High fidelity improved pixel value ordering (IPVO) based pairwise embedding ensures that the embedding performance of the proposed method is improved.

Countermeasures against physical security attacks on ICs utilizing on-chip wideband ADCs

Cryptographic ICs on edge devices for internet-of-things (IoT) applications are exposed to an adversary and threatened by malicious side channel analysis. On-chip analog monitoring by sensor circuits embedded inside the chips is one of the possible countermeasures against such attacks. An on-chip monitor circuit consisting of a successive approximation register (SAR) analog-to-digital converter (ADC) and an input buffer acquires a wideband signal, which enables to detects an irregular noise due to an active fault injection and a passive side channel leakage analysis. In this paper, several countermeasures against security attacks utilizing wideband on-chip monitors are reviewed. Each technique is implemented on a prototype chip, and the measurement results prove they can effectively detect and diagnose the security attacks.

Lightweight and Anonymous Mutual Authentication Protocol for Edge IoT Nodes with Physical Unclonable Function

Internet of Things (IoT) has been widely used in many fields, bringing great convenience to people’s traditional work and life. IoT generates tremendous amounts of data at the edge of network. However, the security of data transmission is facing severe challenges. In particular, edge IoT nodes cannot run complex encryption operations due to their limited computing and storage resources. Therefore, edge IoT nodes are more susceptible to various security attacks. To this end, a lightweight mutual authentication and key agreement protocol is proposed to achieve the security of IoT nodes’ communication. The protocol uses the reverse fuzzy extractor to acclimatize to the noisy environment and introduces the supplementary subprotocol to enhance resistance to the desynchronization attack. It uses only lightweight cryptographic operations, such as hash function, XORs, and PUF. It only stores one pseudo-identity. The protocol is proven to be secure by rigid security analysis based on improved BAN logic. Performance analysis shows the proposed protocol has more comprehensive functions and incurs lower computation and communication cost when compared with similar protocols.

Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks

At present, the great progress made by the Internet of Things (IoT) has led to the emergence of the Internet of Drones (IoD). IoD is an extension of the IoT, which is used to control and manipulate drones entering the flight area. Now, the fifth-generation mobile communication technology (5G) has been introduced into the IoD; it can transmit ultra-high-definition data, make the drones respond to ground commands faster and provide more secure data transmission in the IoD. However, because the drones communicate on the public channel, they are vulnerable to security attacks; furthermore, drones can be easily captured by attackers. Therefore, to solve the security problem of the IoD, Hussain et al. recently proposed a three-party authentication protocol in an IoD environment. The protocol is applied to the supervision of smart cities and collects real-time data about the smart city through drones. However, we find that the protocol is vulnerable to drone capture attacks, privileged insider attacks and session key disclosure attacks. Based on the security of the above protocol, we designed an improved protocol. Through informal analysis, we proved that the protocol could resist known security attacks. In addition, we used the real-oracle random model and ProVerif tool to prove the security and effectiveness of the protocol. Finally, through comparison, we conclude that the protocol is secure compared with recent protocols.

Analysis of Security Attacks and Taxonomy in Underwater Wireless Sensor Networks

Underwater Wireless Sensor Networks (UWSN) have gained more attention from researchers in recent years due to their advancement in marine monitoring, deployment of various applications, and ocean surveillance. The UWSN is an attractive field for both researchers and the industrial side. Due to the harsh underwater environment, own capabilities, and open acoustic channel, it is also vulnerable to malicious attacks and threats. Attackers can easily take advantage of these characteristics to steal the data between the source and destination. Many review articles are addressed some of the security attacks and taxonomy of the Underwater Wireless Sensor Networks. In this study, we have briefly addressed the taxonomy of the UWSNs from the most recent research articles related to the well-known research databases. This paper also discussed the security threats on each layer of the Underwater Wireless sensor networks. This study will help the researchers design the routing protocols to cover the known security threats and help industries manufacture the devices to observe these threats and security issues.

IOT-BASED SMART ENVIRONMENTS: STATE OF THE ART, SECURITY THREATS AND SOLUTIONS

Smart environments provide many benefits to the users including comfort, convenience, energy efficiency, safety, automation, and service quality. The Internet of Things (IoT) has developed to become one of the widely used technologies in smart environments. Many security attacks and threats are generated by security flaws in IoT-based systems and devices, which may affect smart environments applications. As a result, security is one of the most important issues in any smart area or environment based on the IoT model. This paper presents an overview of smart environments based on IoT technology and highlights the main security issues and countermeasures in the four layers of smart environment IoT architecture. It also reviews some of the current solutions that ensure the security of information in smart environments applications.

Compressive sensing based secure data aggregation scheme for IoT based WSN applications

Compressive Sensing (CS) based data collection schemes are found to be effective in enhancing the data collection performance and lifetime of IoT based WSNs. However, they face major challenges related to key distribution and adversary attacks in hostile and complex network deployments. As a result, such schemes cannot effectively ensure the security of data. Towards the goal of providing high security and efficiency in data collection performance of IoT based WSNs, we propose a new security scheme that amalgamates the advantages of CS and Elliptic Curve Cryptography (ECC). We present an efficient algorithms to enhance the security and efficiency of CS based data collection in IoT-based WSNs. The proposed scheme operates in five main phases, namely Key Generation, CS-Key Exchange, Data Compression with CS Encryption, Data Aggregation and Encryption with ECC algorithm, and CS Key Re-generation. It considers the benefits of ECC as public key algorithm and CS as encryption and compression method to provide security as well as energy efficiency for cluster based WSNs. Also, it solves the CS- Encryption key distribution problem by introducing a new key sharing method that enables secure exchange of pseudo-random key between the BS and the nodes in a simple way. In addition, a new method is introduced to safeguard the CS scheme from potential security attacks. The efficiency of our proposed technique in terms of security, energy consumption and network lifetime is proved through simulation analysis.

ES-HAS: ECC-Based Secure Handover Authentication Scheme for Roaming Mobile User in Global Mobility Networks

The design and implementation of two-factor schemes designed for roaming mobile users for global mobility networks in smart cities requires attention to protect the scheme from various security attacks, such as the replay attack, impersonation attack, man-in-the-middle attack, password-guessing attack and stolen-smart-card attack. In addition to these attacks, the scheme should achieve user anonymity, unlinkability and perfect forward secrecy. In the roaming scenario, as mobile users are connected to the foreign network, mobile users must provide authentication details to the foreign network to which they are connected. The foreign network forwards the authentication messages received from the mobile users to their home network. The home network validates the authenticity of the mobile user. In the roaming scenario, all communication between the three entities is carried over an insecure channel. It is assumed that the adversary has the capabilities to intercept the messages transmitted over an insecure channel. Hence, the authentication scheme designed must be able to resist the above-mentioned security attacks and achieve the security goals. Our proposed scheme ES-HAS (elliptic curve-based secure handover authentication scheme) is a two-factor authentication scheme in which the mobile user possesses the password, and the smart card resists the above-mentioned security attacks. It also achieves the above-mentioned security goals. We also extended our two-factor authentication to a multi-factor authentication scheme using the fingerprint biometric technique. The formal security analysis using BAN logic and the formal security verification of the proposed scheme using the widely accepted AVISPA (automated validation of internet security protocols and applications) tool is presented in this article. In comparison with the related schemes, the proposed scheme is more efficient and robust. This makes the proposed scheme suitable for practical implementation.

A Strategy for Detection and Mitigation of DoS Attacks on Software-Defined Networks

Computer networks support applications in virtually every area of application and knowledge, and as such, they have widely distributed structures and are susceptible to security attacks in general.Software-Defined Networks (SDN), in turn, are a technological solution that has several advantages by separating the control plane from the data plane in the structuring of computer networks. Given this technological difference, software-defined networks are a network implementation paradigm used to mitigate network security attacks. In summary, the use of SDN to mitigate network attacks provides greater flexibility in implementing the attack strategy. However, the separation of control and data planes creates new points of vulnerability for the security of the network operation.The denial of service attack (DoS) of the type Syn-Flooding is one of the most common possible attacks. It can cause, concerning the network, the commitment to perform services and, concerning the operation of the SDN, the commitment in the bandwidth of the communication channel between the control planes and the data plane, the saturation of the ow table in the switch, and the increasing of the processing load in the controller.In general, the investigation about new strategies aimed at safety with SDN becomes necessary to improve security strategies for network attacks and maximize the reliability of SDN operation, allowing use in different application scenarios. This work presents a defense strategy against attacks of DoS Syn-Flooding using the SDN facilities of an integrated controller with an intrusion detection system (IDS).The proposed strategy aims to mitigate Syn-Flooding DoS attacks and the vulnerability arising from the use of SDN to mitigate attacks.