BlockREV: Blockchain-Enabled Multi-Controller Rule Enforcement Verification in SDN

Compared with the classical structure with only one controller in software-defined networking (SDN), multi-controller topology structure in SDN provides a new type of cross-domain forwarding network architecture with multiple centralized controllers and distributed forwarding devices. However, when the network includes multiple domains, lack of trust among the controllers remains a challenge how to verify the correctness of cross-domain forwarding behaviors in different domains. In this paper, we propose a novel secure multi-controller rule enforcement verification (BlockREV) mechanism in SDN to guarantee the correctness of cross-domain forwarding. We first adopt blockchain technology to provide the immutability and privacy protection for forwarding behaviors. Furthermore, we present an address-based aggregate signature scheme with appropriate cryptographic primitives, which is provably secure in the random oracle model. Moreover, we design a verification algorithm based on hash values of forwarding paths to check the consistency of forwarding order. Finally, experimental results demonstrate that the proposed BlockREV mechanism is effective and suitable for multi-controller scenarios in SDN.

Provably Secure Authentication Approach for Data Security in Cloud Using Hashing, Encryption, and Chebyshev-Based Authentication

Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.

TC-PSLAP: Temporal Credential-Based Provably Secure and Lightweight Authentication Protocol for IoT-Enabled Drone Environments

In smart cities, common infrastructures are merged and integrated with various components of information communication and technology (ICT) to be coordinated and controlled. Drones (unmanned aerial vehicles) are amongst those components, and when coordinated with each other and with the environment, the drones form an Internet of Drones (IoD). The IoD provides real-time data to the users in smart cities by utilizing traditional cellular networks. However, the delicate data gathered by drones are subject to many security threats and give rise to numerous privacy and security issues. A robust and secure authentication scheme is required to allow drones and users to authenticate and establish a session key. In this article, we proposed a provably secure symmetric-key and temporal credential-based lightweight authentication protocol (TC-PSLAP) to secure the drone communication. We prove that the proposed scheme is provably secure formally through the automated verification tool AVISPA and Burrows–Abadi–Needham logic (BAN logic). Informal security analysis is also performed to depict that the proposed TC-PSLAP can resist known attacks.

Device Independence and the Quest towards Physical Limits of Privacy

There is a looming threat over current methods of data encryption through advances in quantum computation. Interestingly, this potential threat can be countered through the use of quantum resources such as coherent superposition, entanglement and inherent randomness. These, together with non-clonability of arbitrary quantum states, offer provably secure means of sharing encryption keys between two parties. This physically assured privacy is however provably secure only in theory but not in practice. Device independent approaches seek to provide physically assured privacy of devices of untrusted origin. The quest towards realization of such devices is predicated on conducting loop-hole-free Bell tests which require the use of certified quantum random number generators. The experimental apparatuses for conducting such tests themselves use non-ideal sources, detectors and optical components making such certification extremely difficult. This expository chapter presents a brief overview (not a review) of Device Independence and the conceptual and practical difficulties it entails.

Toward Uncensorable, Anonymous and Private Access Over Satoshi Blockchains

Providing unrestricted access to sensitive content such as news and software is difficult in the presence of adaptive and resourceful surveillance and censoring adversaries. In this paper we leverage the distributed and resilient nature of commercial Satoshi blockchains to develop the first provably secure, censorship resistant, cost-efficient storage system with anonymous and private access, built on top of commercial cryptocurrency transactions. We introduce max-rate transactions, a practical construct to persist data of arbitrary size entirely in a Satoshi blockchain. We leverage max-rate transactions to develop UWeb, a blockchain-based storage system that charges publishers to self-sustain its decentralized infrastructure. UWeb organizes blockchain-stored content for easy retrieval, and enables clients to store and access content with provable anonymity, privacy and censorship resistance properties. We present results from UWeb experiments with writing 268.21 MB of data into the live Litecoin blockchain, including 4.5 months of live-feed BBC articles, and 41 censorship resistant tools. The max-rate writing throughput (183 KB/s) and blockchain utilization (88%) exceed those of state-of-the-art solutions by 2-3 orders of magnitude and broke Litecoin’s record of the daily average block size. Our simulations with up to 3,000 concurrent UWeb writers confirm that UWeb does not impact the confirmation delays of financial transactions.

SPIDE: sybil-proof, incentivized data exchange

Decentralized, open-access blockchain systems opened up new, exciting possibilities—all without reliance on trusted third parties. Regardless of the employed consensus protocol, the overall security, decentralization and effectiveness of such systems, largely depend upon properly structured incentives. Indeed, as has been previously spotted by Babaiaff et al. Bitcoin-like systems, oftentimes lack some of these. Specifically, current blockchain-systems fail to incentivize one of their crucial aspects–the underlying data exchange. As we rationalize, proper incentivization of that layer could lead to lower transactions’ confirmation-times, improved finalization guarantees and at the same time to discouragement of malicious behaviours such as block-withholding attacks. Indeed, incentivization of the data-exchange layer allows the system to remain operational when all agents, including routing nodes, are assumed to be rational. In this work, while focusing on the problem of sybil-proof data exchange, we revisit previous approaches, showcasing their shortcomings and lay forward the first information exchange framework; with integrated routing and reward-function mechanics, provably secure in thwarting Sybil-nodes in 1-connected or eclipsed networks. The framework neither requires nor assumes any kind of constraints in regard to the network’s topology (i.e. the network is modelled as a random-connected graph) and rewards information propagators through a system-intrinsic virtual asset maintained by the decentralized state-machine. The proposal, while being storage and transmission efficient is suitable for rewarding not only consensus-related datagrams (both data-blocks and transactions) but consensus-extrinsic information as well, thus facilitating an universal sybil-proof data-exchange apparatus, provably valid under the assumption of existence of a data store whose property of non-malleability emerges as time approaches infinity. Our research was conducted under two scenarios—with round leader known and unknown in advance of each transactional round.