A Rabin Cryptosystem-Based Lightweight Authentication Protocol and Session Key-Generation Scheme for IoT Deployment

Handling unpredictable attack vulnerabilities in self-proclaiming secure algorithms in WSNs is an issue. Vulnerabilities provide loop holes for adversary to barge in the privacy of the network. Attacks performed by the attacker can be active or passive. Adversary may listen to the sensitive information and exploit its confidentiality which is passive, or adversary may modify sensitive information being transferred over a WSN in case of active attacks. As Internet of things has basically three layers, middle-ware layer, Application layer, perceptron layer, most of the attacks are observed to happen at the perceptron layer in case of both wireless sensor network and RFID Tag implication Layer. Both are a major part of the perceptron layer that consist a small part of the IoT. Some of the major attack vulnerabilities are exploited by executing the attacks through certain flaws in the protocol that are difficult to identify and almost complex to identify in complicated bigger protocols. As most of the sensors are resource constrained in terms of memory, battery power, processing power, bandwidth and due to which implementation of complex cryptosystem to keep the data being transferred secure is a challenging phase. The three main objectives studied in this scenario are setting up the system, registering user and the sensors via multiple gateways. Generating a common key which can be used for a particular interaction session among user, gateway and the sensor network. In this paper, we address one or more of these objectives for some of the fundamental problems in authentication and mutual authentication phase of the WSN in IoT deployment. We prevent the leakage of sensitive information using the rabin cryptosystem to avoid attacks like Man-in-the-middle attack, sensor session key leakage, all session hi-jacking attack and sniffing attacks in which data is analyzed maliciously by the adversary. We also compare and prove the security of our protocol using proverif protocol verifier tool.

Achieving Reconciliation between Privacy Preservation and Auditability in Zero-trust Cloud Storage using Intel SGX

Cloud storage allows for saving files at an off-site location that is accessible through the public internet. However, cloud storage suffers from a lack of trust since employees have physical and electronic access to almost all of the data, and zero-trust security is thus essential. This paper proposes an SGX-based file hosting scheme that gives full consideration to both privacy preservation and auditability to address the aforementioned concerns. We designed a secure key exchange protocol consisting of two phases: a key generation phase and a key verification phase. Theoretical analysis and experiments indicate that the protocol can resist man in-the-middle attacks, which has been unattainable in previous studies. The experimental results show that our scheme takes little time regardless of file size and achieves solid performance in handling concurrent requests; furthermore, it is innocuous for clients, and the memory usage is acceptable.

Medieval religious intellectual culture in the works of V.S. Soloviev

The article discusses the views of V.S. Solovyov on the medieval religious worldview. The main problem for historical and historical and philosophical thought at the end of the 19th century was the question of the degree of influence of Christian ideology on the perception of man in the Middle Ages. And since it was V.S. Soloviev who expressed doubts about the absolute significance of the Christian doctrine for the consciousness of medieval Western Europe, Byzantium and Russia, then his constructions are especially interesting. The author proceeds from the assumption that all his reflections can be characterized as Christian utopianism, however, it is presented in the space of liberal teachings of Russia in the second half of the 19th century. Attention is focused on the aspiration of V.S. Solovyov to solve problems through the completeness and purity of the ideal of Christianity. Therefore, the world-historical process itself appears as a condition for the functioning of this ideal. The key point for the Russian philosopher is the conviction that in the Middle Ages pagan elements persist and affect the consciousness of people under the guise of the Christian faith. And this leads to the antinomy of the order of life and the spirit of the Middle Ages. It is this moment that serves as the subject of this article.

Malware Detection Approaches and Analysis for the Internet of Medical Things Enabled Healthcare Systems

The advancement of information and communications technology has changed an IoMT-enabled healthcare system. The Internet of Medical Things (IoMT) is a subset of the Internet of Things (IoT) that focuses on smart healthcare (medical) device connectivity. While the Internet of Medical Things (IoMT) communication environment facilitates and supports our daily health activities, it also has drawbacks such as password guessing, replay, impersonation, remote hijacking, privileged insider, denial of service (DoS), and man-in-the-middle attacks, as well as malware attacks. Malware botnets cause assaults on the system's data and other resources, compromising its authenticity, availability, confidentiality and, integrity. In the event of such an attack, crucial IoMT communication data may be exposed, altered, or even unavailable to authorised users. As a result, malware protection for the IoMT environment becomes critical. In this paper, we provide several forms of malware attacks and their consequences. We also go through security, privacy, and different IoMT malware detection schemes

Hybrid Encryption for Messages’ Confidentiality in SOSE-Based IOT Service Systems

Internet of Things (IOT) is an essential paradigm where devices are interconnected into network. The operations of these devices can be through service-oriented software engineering (SOSE) principles for efficient service provision. SOSE is an important software development method for flexible, agile, loose-coupled, heterogeneous and interoperable applications. Despite all these benefits, its adoption for IOT services is slow due to security challenges. The security challenge of integration of IOT with service-oriented architecture (SOA) is man-in-the-middle attack on the messages exchanged. The transport layer security (TLS) creates a secured socket channel between the client and server. This is efficient in securing messages exchanged at the transport layer only. SOSE-based IOT systems needs an end-to-end security to handle its vulnerabilities. This integration enables interoperability of heterogeneous devices, but renders the system vulnerable to passive attacks. The confidentiality problem is hereby addressed by message level hybrid encryption. This is by encrypting the messages by AES for efficiency. However, to enable end-to-end security, the key sharing problem of advanced encryption standard (AES) is handled by RSA public key encryption. The results shows that this solution addressed data contents security and credentials security privacy issues. Furthermore, the solution enables end-to- end security of interaction in SOSE-based IOT systems.

A Deep Learning-Based Intrusion Detection System for MQTT Enabled IoT

A large number of smart devices in Internet of Things (IoT) environments communicate via different messaging protocols. Message Queuing Telemetry Transport (MQTT) is a widely used publish–subscribe-based protocol for the communication of sensor or event data. The publish–subscribe strategy makes it more attractive for intruders and thus increases the number of possible attacks over MQTT. In this paper, we proposed a Deep Neural Network (DNN) for intrusion detection in the MQTT-based protocol and also compared its performance with other traditional machine learning (ML) algorithms, such as a Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbour (kNN), Decision Tree (DT), Long Short-Term Memory (LSTM), and Gated Recurrent Units (GRUs). The performance is proved using two different publicly available datasets, including (1) MQTT-IoT-IDS2020 and (2) a dataset with three different types of attacks, such as Man in the Middle (MitM), Intrusion in the network, and Denial of Services (DoS). The MQTT-IoT-IDS2020 contains three abstract-level features, including Uni-Flow, Bi-Flow, and Packet-Flow. The results for the first dataset and binary classification show that the DNN-based model achieved 99.92%, 99.75%, and 94.94% accuracies for Uni-flow, Bi-flow, and Packet-flow, respectively. However, in the case of multi-label classification, these accuracies reduced to 97.08%, 98.12%, and 90.79%, respectively. On the other hand, the proposed DNN model attains the highest accuracy of 97.13% against LSTM and GRUs for the second dataset.

Unmanned Aerial Vehicle Design for Application in Cyber Security

In this paper a small copter size unmanned aerial Vehicle (UAV) has been designed as a platform for a flying computer station to carry out cyber-attacks (Jamming, Spoofing, Man in the Middle, etc.) on devices that utilize wireless technologies, WiFi in particular. A yagi-patch hybrid antenna designed for 2.4 GHz freely rotates on two axes, thus allowing the drone to perform attacks on low power devices up to ranges of 300 meters. The modular design of the UAV allows for quick swapping of modules depending on the specific wireless technology used by the target device.