The continual growth of the use of technological appliances during the COVID-19 pandemic has resulted in a massive volume of data flow on the Internet,as many employees have transitioned to working from home.Furthermo...The continual growth of the use of technological appliances during the COVID-19 pandemic has resulted in a massive volume of data flow on the Internet,as many employees have transitioned to working from home.Furthermore,with the increase in the adoption of encrypted data transmission by many people who tend to use a Virtual Private Network(VPN)or Tor Browser(dark web)to keep their data privacy and hidden,network traffic encryption is rapidly becoming a universal approach.This affects and complicates the quality of service(QoS),traffic monitoring,and network security provided by Internet Service Providers(ISPs),particularly for analysis and anomaly detection approaches based on the network traffic’s nature.The method of categorizing encrypted traffic is one of the most challenging issues introduced by a VPN as a way to bypass censorship as well as gain access to geo-locked services.Therefore,an efficient approach is especially needed that enables the identification of encrypted network traffic data to extract and select valuable features which improve the quality of service and network management as well as to oversee the overall performance.In this paper,the classification of network traffic data in terms of VPN and non-VPN traffic is studied based on the efficiency of time-based features extracted from network packets.Therefore,this paper suggests two machine learning models that categorize network traffic into encrypted and non-encrypted traffic.The proposed models utilize statistical features(SF),Pearson Correlation(PC),and a Genetic Algorithm(GA),preprocessing the traffic samples into net flow traffic to accomplish the experiment’s objectives.The GA-based method utilizes a stochastic method based on natural genetics and biological evolution to extract essential features.The PC-based method performs well in removing different features of network traffic.With a microsecond perpacket prediction time,the best model achieved an accuracy of more than 95.02 percent in the most demanding traffic classification task,a drop in accuracy of only 2.37 percent in comparison to the entire statistical-based machine learning approach.This is extremely promising for the development of real-time traffic analyzers.展开更多
Wireless medical sensor networks(WMSNs)play a significant role in increasing the availability of remote healthcare systems.The vital and physiological data of the patient can be collected using the WMSN via sensor nod...Wireless medical sensor networks(WMSNs)play a significant role in increasing the availability of remote healthcare systems.The vital and physiological data of the patient can be collected using the WMSN via sensor nodes that are placed on his/her body and then transmitted remotely to a healthcare professional for proper diagnosis.The protection of the patient’s privacy and their data from unauthorized access is a major concern in such systems.Therefore,an authentication scheme with a high level of security is one of the most effective mechanisms by which to address these security concerns.Many authentication schemes for remote patient monitoring have been proposed recently.However,the majority of these schemes are extremely vulnerable to attacks and are unsuitable for practical use.This paper proposes a secure three-factor authentication scheme for a patient-monitoring healthcare system that operates remotely using a WMSN.The proposed authentication scheme is formally verified using the Burrows,Abadi and Needham’s(BAN)logic model and an automatic cryptographic protocol verifier(ProVerif)tool.We show that our authentication scheme can prevent relevant types of security breaches in a practical context according to the discussed possible attack scenarios.Comparisons of the security and performance are carried out with recently proposed authentication schemes.The results of the analysis show that the proposed authentication scheme is secure and practical for use,with reasonable storage space,computation,and communication efficiency.展开更多
The healthcare internet of things(IoT)system has dramatically reshaped this important industry sector.This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable conne...The healthcare internet of things(IoT)system has dramatically reshaped this important industry sector.This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable connection of patients and healthcare providers.The goal is the remote monitoring of a patient’s physiological data by physicians.Moreover,this system can reduce the number and expenses of healthcare centers,make up for the shortage of healthcare centers in remote areas,enable consultation with expert physicians around the world,and increase the health awareness of communities.The major challenges that affect the rapid deployment and widespread acceptance of such a system are the weaknesses in the authentication process,which should maintain the privacy of patients,and the integrity of remote medical instructions.Current research results indicate the need of a flexible authentication scheme.This study proposes a scheme with enhanced security for healthcare IoT systems,called an end-to-end authentication scheme for healthcare IoT systems,that is,an E2EA.The proposed scheme supports security services such as a strong and flexible authentication process,simultaneous anonymity of the patient and physician,and perfect forward secrecy services.A security analysis based on formal and informal methods demonstrates that the proposed scheme can resist numerous security-related attacks.A comparison with related authentication schemes shows that the proposed scheme is efficient in terms of communication,computation,and storage,and therefore cannot only offer attractive security services but can reasonably be applied to healthcare IoT systems.展开更多
The healthcare IoT system is considered to be a significant and modern medical system.There is broad consensus that these systems will play a vital role in the achievement of economic growth in numerous growth countri...The healthcare IoT system is considered to be a significant and modern medical system.There is broad consensus that these systems will play a vital role in the achievement of economic growth in numerous growth countries.Among the major challenges preventing the fast and widespread adoption of such systems is the failure to maintain the data privacy of patients and the integrity of remote clinical diagnostics.Recently,the author proposed an end-to-end authentication scheme for healthcare IoT systems(E2EA),to provide a mutual authentication with a high data rate between the communication nodes of the healthcare IoT systems.Although the E2EA authentication scheme supports numerous attractive security services to resist various types of attack,there is an ambiguous view of the impact of the desynchronization attack on the E2EA authentication scheme.In general,the performance of the authentication scheme is considered a critical issue when evaluating the applicability of such schemes,along with the security services that can be achieved.Therefore,this paper discusses how the E2EA authentication scheme can resist the desynchronization attack through all possible attack scenarios.Additionally,the effect of the desynchronization attack on the E2EA scheme performance is analyzed in terms of its computation and communication costs,based on a comparison with the recently related authentication schemes that can prevent such attack.Moreover,this research paper finds that the E2EA authentication scheme can not only prevent the desynchronization attack,but also offers a low cost in terms of computations and communications,and can maintain consistency and synchronization between the communication nodes of the healthcare IoT systems during the next authentication sessions.展开更多
文摘The continual growth of the use of technological appliances during the COVID-19 pandemic has resulted in a massive volume of data flow on the Internet,as many employees have transitioned to working from home.Furthermore,with the increase in the adoption of encrypted data transmission by many people who tend to use a Virtual Private Network(VPN)or Tor Browser(dark web)to keep their data privacy and hidden,network traffic encryption is rapidly becoming a universal approach.This affects and complicates the quality of service(QoS),traffic monitoring,and network security provided by Internet Service Providers(ISPs),particularly for analysis and anomaly detection approaches based on the network traffic’s nature.The method of categorizing encrypted traffic is one of the most challenging issues introduced by a VPN as a way to bypass censorship as well as gain access to geo-locked services.Therefore,an efficient approach is especially needed that enables the identification of encrypted network traffic data to extract and select valuable features which improve the quality of service and network management as well as to oversee the overall performance.In this paper,the classification of network traffic data in terms of VPN and non-VPN traffic is studied based on the efficiency of time-based features extracted from network packets.Therefore,this paper suggests two machine learning models that categorize network traffic into encrypted and non-encrypted traffic.The proposed models utilize statistical features(SF),Pearson Correlation(PC),and a Genetic Algorithm(GA),preprocessing the traffic samples into net flow traffic to accomplish the experiment’s objectives.The GA-based method utilizes a stochastic method based on natural genetics and biological evolution to extract essential features.The PC-based method performs well in removing different features of network traffic.With a microsecond perpacket prediction time,the best model achieved an accuracy of more than 95.02 percent in the most demanding traffic classification task,a drop in accuracy of only 2.37 percent in comparison to the entire statistical-based machine learning approach.This is extremely promising for the development of real-time traffic analyzers.
基金the Deanship of Graduate Studies at Jouf University for funding and supporting this research through the initiative of DGS,Graduate Students Research Support(GSR)at Jouf University,Saudi Arabia.
文摘Wireless medical sensor networks(WMSNs)play a significant role in increasing the availability of remote healthcare systems.The vital and physiological data of the patient can be collected using the WMSN via sensor nodes that are placed on his/her body and then transmitted remotely to a healthcare professional for proper diagnosis.The protection of the patient’s privacy and their data from unauthorized access is a major concern in such systems.Therefore,an authentication scheme with a high level of security is one of the most effective mechanisms by which to address these security concerns.Many authentication schemes for remote patient monitoring have been proposed recently.However,the majority of these schemes are extremely vulnerable to attacks and are unsuitable for practical use.This paper proposes a secure three-factor authentication scheme for a patient-monitoring healthcare system that operates remotely using a WMSN.The proposed authentication scheme is formally verified using the Burrows,Abadi and Needham’s(BAN)logic model and an automatic cryptographic protocol verifier(ProVerif)tool.We show that our authentication scheme can prevent relevant types of security breaches in a practical context according to the discussed possible attack scenarios.Comparisons of the security and performance are carried out with recently proposed authentication schemes.The results of the analysis show that the proposed authentication scheme is secure and practical for use,with reasonable storage space,computation,and communication efficiency.
文摘The healthcare internet of things(IoT)system has dramatically reshaped this important industry sector.This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable connection of patients and healthcare providers.The goal is the remote monitoring of a patient’s physiological data by physicians.Moreover,this system can reduce the number and expenses of healthcare centers,make up for the shortage of healthcare centers in remote areas,enable consultation with expert physicians around the world,and increase the health awareness of communities.The major challenges that affect the rapid deployment and widespread acceptance of such a system are the weaknesses in the authentication process,which should maintain the privacy of patients,and the integrity of remote medical instructions.Current research results indicate the need of a flexible authentication scheme.This study proposes a scheme with enhanced security for healthcare IoT systems,called an end-to-end authentication scheme for healthcare IoT systems,that is,an E2EA.The proposed scheme supports security services such as a strong and flexible authentication process,simultaneous anonymity of the patient and physician,and perfect forward secrecy services.A security analysis based on formal and informal methods demonstrates that the proposed scheme can resist numerous security-related attacks.A comparison with related authentication schemes shows that the proposed scheme is efficient in terms of communication,computation,and storage,and therefore cannot only offer attractive security services but can reasonably be applied to healthcare IoT systems.
文摘The healthcare IoT system is considered to be a significant and modern medical system.There is broad consensus that these systems will play a vital role in the achievement of economic growth in numerous growth countries.Among the major challenges preventing the fast and widespread adoption of such systems is the failure to maintain the data privacy of patients and the integrity of remote clinical diagnostics.Recently,the author proposed an end-to-end authentication scheme for healthcare IoT systems(E2EA),to provide a mutual authentication with a high data rate between the communication nodes of the healthcare IoT systems.Although the E2EA authentication scheme supports numerous attractive security services to resist various types of attack,there is an ambiguous view of the impact of the desynchronization attack on the E2EA authentication scheme.In general,the performance of the authentication scheme is considered a critical issue when evaluating the applicability of such schemes,along with the security services that can be achieved.Therefore,this paper discusses how the E2EA authentication scheme can resist the desynchronization attack through all possible attack scenarios.Additionally,the effect of the desynchronization attack on the E2EA scheme performance is analyzed in terms of its computation and communication costs,based on a comparison with the recently related authentication schemes that can prevent such attack.Moreover,this research paper finds that the E2EA authentication scheme can not only prevent the desynchronization attack,but also offers a low cost in terms of computations and communications,and can maintain consistency and synchronization between the communication nodes of the healthcare IoT systems during the next authentication sessions.
