A Review of Lightweight Security and Privacy for Resource-Constrained IoT Devices

The widespread and growing interest in the Internet of Things(IoT)may be attributed to its usefulness in many different fields.Physical settings are probed for data,which is then transferred via linked networks.There are several hurdles to overcome when putting IoT into practice,from managing server infrastructure to coordinating the use of tiny sensors.When it comes to deploying IoT,everyone agrees that security is the biggest issue.This is due to the fact that a large number of IoT devices exist in the physicalworld and thatmany of themhave constrained resources such as electricity,memory,processing power,and square footage.This research intends to analyse resource-constrained IoT devices,including RFID tags,sensors,and smart cards,and the issues involved with protecting them in such restricted circumstances.Using lightweight cryptography,the information sent between these gadgets may be secured.In order to provide a holistic picture,this research evaluates and contrasts well-known algorithms based on their implementation cost,hardware/software efficiency,and attack resistance features.We also emphasised how essential lightweight encryption is for striking a good cost-to-performance-to-security ratio.

Big Data Security and Privacy： A Review

While Big Data gradually become a hot topic of research and business and has been everywhere used in many industries, Big Data security and privacy has been increasingly concerned. However, there is an obvious contradiction between Big Data security and privacy and the widespread use of Big Data. In this paper, we firstly reviewed the enormous benefits and challenges of security and privacy in Big Data. Then, we present some possible methods and techniques to ensure Big Data security and privacy.

Review on Identity-Based Batch Verification Schemes for Security and Privacy in VANETs

The study of vehicular ad-hoc networks(VANETs)has received significant attention among academia;even so,its security and privacy still become a central issue that is wide-open to discuss.The authentication schemes deployed in VANETs have a substantial impact on its security and privacy.Many researchers have proposed a variety of schemes related to the information verification and efficiency improvement in VANETs.In recent years,many papers have proposed identity-based batch verification(IBV)schemes in regard to diminishing overhead in the message verification process in VANETs.This survey begins with providing background information about VANETs and clarifying its security and privacy,as well as performance requirements that must be satisfied.After presenting an outlook of some relevant surveys of VANETs,a brief review of some IBV schemes published in recent years is conferred.The detailed approach of each scheme,with a comprehensive comparison between them,has been provided afterward.Finally,we summarize those recent studies and possible future improvements.

ZTE Communications Special Issue on Security and Privacy in Communications

Modern communication allows billions of objects in the physical world as well as virtual environments to exchange data with each other in an autonomous way so as to create smart environments. However, modern communication also introduces new challenges for the security of systems and processes and the privacy of individuals. There is an increasing demand for development of new security and privacy approaches to guarantee the security, privacy, integ- rity, and availability of resources in modern communication.

A Blind Batch Encryption and Public Ledger-Based Protocol for Sharing Sensitive Data

For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved.Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester.We prove that our protocol is semanticallly secure,blind,and secure against oblivious requesters and malicious file keepers.We also provide security analysis in the context of four typical attacks.

A Survey on Sensor-and Communication-Based Issues of Autonomous UAVs

The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader thanever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack ofimplemented securitymeasures and raise new security and safety concerns. For instance, the issue of implausible ortampered UAV sensor measurements is barely addressed in the current research literature and thus, requires moreattention from the research community. The goal of this survey is to extensively review state-of-the-art literatureregarding common sensor- and communication-based vulnerabilities, existing threats, and active or passive cyberattacksagainst UAVs, as well as shed light on the research gaps in the literature. In this work, we describe theUnmanned Aerial System (UAS) architecture to point out the origination sources for security and safety issues.Weevaluate the coverage and completeness of each related research work in a comprehensive comparison table as wellas classify the threats, vulnerabilities and cyber-attacks into sensor-based and communication-based categories.Additionally, for each individual cyber-attack, we describe existing countermeasures or detectionmechanisms andprovide a list of requirements to ensureUAV’s security and safety.We also address the problem of implausible sensormeasurements and introduce the idea of a plausibility check for sensor data. By doing so, we discover additionalmeasures to improve security and safety and report on a research niche that is not well represented in the currentresearch literature.

Fine-Tuning Cyber Security Defenses: Evaluating Supervised Machine Learning Classifiers for Windows Malware Detection

Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malware detection.However,there remains a need for comprehensive studies that compare the performance of different classifiers specifically for Windows malware detection.Addressing this gap can provide valuable insights for enhancing cybersecurity strategies.While numerous studies have explored malware detection using machine learning techniques,there is a lack of systematic comparison of supervised classifiers for Windows malware detection.Understanding the relative effectiveness of these classifiers can inform the selection of optimal detection methods and improve overall security measures.This study aims to bridge the research gap by conducting a comparative analysis of supervised machine learning classifiers for detecting malware on Windows systems.The objectives include Investigating the performance of various classifiers,such as Gaussian Naïve Bayes,K Nearest Neighbors(KNN),Stochastic Gradient Descent Classifier(SGDC),and Decision Tree,in detecting Windows malware.Evaluating the accuracy,efficiency,and suitability of each classifier for real-world malware detection scenarios.Identifying the strengths and limitations of different classifiers to provide insights for cybersecurity practitioners and researchers.Offering recommendations for selecting the most effective classifier for Windows malware detection based on empirical evidence.The study employs a structured methodology consisting of several phases:exploratory data analysis,data preprocessing,model training,and evaluation.Exploratory data analysis involves understanding the dataset’s characteristics and identifying preprocessing requirements.Data preprocessing includes cleaning,feature encoding,dimensionality reduction,and optimization to prepare the data for training.Model training utilizes various supervised classifiers,and their performance is evaluated using metrics such as accuracy,precision,recall,and F1 score.The study’s outcomes comprise a comparative analysis of supervised machine learning classifiers for Windows malware detection.Results reveal the effectiveness and efficiency of each classifier in detecting different types of malware.Additionally,insights into their strengths and limitations provide practical guidance for enhancing cybersecurity defenses.Overall,this research contributes to advancing malware detection techniques and bolstering the security posture of Windows systems against evolving cyber threats.

A 5G Perspective of an SDN-Based Privacy-Preserving Scheme for IoT Networks

The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as technology advances, and its use expands. As a consequence, boosting the capacity of these networks has garnered widespread attention. As a result, 5G, the next phase of cellular networks, is expected to be a game-changer, bringing with it faster data transmission rates, more capacity, improved service quality, and reduced latency. However, 5G networks continue to confront difficulties in establishing pervasive and dependable connections amongst high-speed IoT devices. Thus, to address the shortcomings in current recommendations, we present a unified architecture based on software-defined networks (SDNs) that provides 5G-enabled devices that must have complete secrecy. Through SDN, the architecture streamlines network administration while optimizing network communications. A mutual authentication protocol using elliptic curve cryptography is introduced for mutual authentication across certificate authorities and clustered heads in IoT network deployments based on IoT. Again, a dimensionality reduction intrusion detection mechanism is introduced to decrease computational cost and identify possible network breaches. However, to leverage the method’s potential, the initial module's security is reviewed. The second module is evaluated and compared to modern models.

Directed Acyclic Graph Blockchain for Secure Spectrum Sharing and Energy Trading in Power IoT

Peer-to-peer(P2P)spectrum sharing and energy trading are promising solutions to locally satisfy spectrum and energy demands in power Internet of Things(IoT).However,implementation of largescale P2P spectrum sharing and energy trading confronts security and privacy challenges.In this paper,we exploit consortium blockchain and Directed Acyclic Graph(DAG)to propose a new secure and distributed spectrum sharing and energy trading framework in power IoT,named spectrum-energy chain,where a set of local aggregators(LAGs)cooperatively confirm the identity of the power devices by utilizing consortium blockchain,so as to form a main chain.Then,the local power devices verify spectrum and energy micro-transactions simultaneously but asynchronously to form local spectrum tangle and local energy tangle,respectively.Moreover,an iterative double auction based micro transactions scheme is designed to solve the spectrum and energy pricing and the amount of shared spectrum and energy among power devices.Security analysis and numerical results illustrate that the developed spectrum-energy chain and the designed iterative double auction based microtransactions scheme are secure and efficient for spectrum sharing and energy trading in power IoT.

COVID-19 pandemic and the cyberthreat landscape:Research challenges and opportunities

Although cyber technologies benefit our society,there are also some related cybersecurity risks.For example,cybercriminals may exploit vulnerabilities in people,processes,and technologies during trying times,such as the ongoing COVID-19 pandemic,to identify opportunities that target vulnerable individuals,organizations(e.g.,medical facilities),and systems.In this paper,we examine the various cyberthreats associated with the COVID-19 pandemic.We also determine the attack vectors and surfaces of cyberthreats.Finally,we will discuss and analyze the insights and suggestions generated by different cyberattacks against individuals,organizations,and systems.

Federated Learning for 6G Communications:Challenges,Methods,and Future Directions

As the 5G communication networks are being widely deployed worldwide,both industry and academia have started to move beyond 5G and explore 6G communications.It is generally believed that 6G will be established on ubiquitous Artificial Intelligence(AI)to achieve data-driven Machine Learning(ML)solutions in heterogeneous and massive-scale networks.However,traditional ML techniques require centralized data collection and processing by a central server,which is becoming a bottleneck of large-scale implementation in daily life due to significantly increasing privacy concerns.Federated learning,as an emerging distributed AI approach with privacy preservation nature,is particularly attractive for various wireless applications,especially being treated as one of the vital solutions to achieve ubiquitous AI in 6G.In this article,we first introduce the integration of 6G and federated learning and provide potential federated learning applications for 6G.We then describe key technical challenges,the corresponding federated learning methods,and open problems for future research on federated learning in the context of 6G communications.

NVM Storage in IoT Devices:Opportunities and Challenges

Edge storage stores the data directly at the data collection point,and does not need to transmit the collected data to the storage central server through the network.It is a critical technology that supports applications such as edge computing and 5G network applications,with lower network communication overhead,lower interaction delay and lower bandwidth cost.However,with the explosion of data and higher real-time requirements,the traditional Internet of Things(IoT)storage architecture cannot meet the requirements of low latency and large capacity.Non-volatile memory(NVM)presents new possibilities regarding this aspect.This paper classifies the different storage architectures based on NVM and compares the system goals,architectures,features,and limitations to explore new research opportunities.Moreover,the existing solutions to reduce the write latency and energy consumption and increase the lifetime of NVM IoT storage devices are analyzed.Furthermore,we discuss the security and privacy issues of IoT devices and compare the mainstream solutions.Finally,we present the opportunities and challenges of building IoT storage systems based on NVM.

Security challenges and defense approaches for blockchain-based services from a full-stack architecture perspective

As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.

Route Planning for Autonomous Transmission of Large Sport Utility Vehicle

The autonomous driving aims at ensuring the vehicle to effectively sense the environment and use proper strategies to navigate the vehicle without the interventions of humans.Hence,there exist a prediction of the background scenes and that leads to discontinuity between the predicted and planned outputs.An optimal prediction engine is required that suitably reads the background objects and make optimal decisions.In this paper,the author(s)develop an autonomous model for vehicle driving using ensemble model for large Sport Utility Vehicles(SUVs)that uses three different modules involving(a)recognition model,(b)planning model and(c)prediction model.The study develops a direct realization method for an autonomous vehicle driving.The direct realization method is designed as a behavioral model that incorporates three different modules to ensure optimal autonomous driving.The behavioral model includes recognition,planning and prediction modules that regulates the input trajectory processing of input video datasets.A deep learning algorithm is used in the proposed approach that helps in the classification of known or unknown objects along the line of sight.This model is compared with conventional deep learning classifiers in terms of recall rate and root mean square error(RMSE)to estimate its efficacy.Simulation results on different traffic environment shows that the Ensemble Convolutional Network Reinforcement Learning(E-CNN-RL)offers increased accuracy of 95.45%,reduced RMSE and increased recall rate than existing Ensemble Convolutional Neural Networks(CNN)and Ensemble Stacked CNN.

Intrusion Detection in the Internet of Things Using Fusion of GRU-LSTM Deep Learning Model

Cybersecurity threats are increasing rapidly as hackers use advanced techniques.As a result,cybersecurity has now a significant factor in protecting organizational limits.Intrusion detection systems(IDSs)are used in networks to flag serious issues during network management,including identifying malicious traffic,which is a challenge.It remains an open contest over how to learn features in IDS since current approaches use deep learning methods.Hybrid learning,which combines swarm intelligence and evolution,is gaining attention for further improvement against cyber threats.In this study,we employed a PSO-GA(fusion of particle swarm optimization(PSO)and genetic algorithm(GA))for feature selection on the CICIDS-2017 dataset.To achieve better accuracy,we proposed a hybrid model called LSTM-GRU of deep learning that fused the GRU(gated recurrent unit)and LSTM(long short-term memory).The results show considerable improvement,detecting several network attacks with 98.86%accuracy.A comparative study with other current methods confirms the efficacy of our proposed IDS scheme.

Evicting and filling attack for linking multiple network addresses of Bitcoin nodes

Bitcoin is a decentralized P2P cryptocurrency.It supports users to use pseudonyms instead of network addresses to send and receive transactions at the data layer,hiding users'real network identities.Traditional transaction tracing attack cuts through the network layer to directly associate each transaction with the network address that issued it,thus revealing the sender's network identity.But this attack can be mitigated by Bitcoin's network layer privacy protections.Since Bitcoin protects the unlinkability of Bitcoin addresses and there may be a many-to-one relation-ship between addresses and nodes,transactions sent from the same node via different addresses are seen as com-ing from different nodes because attackers can only use addresses as node identifiers.In this paper,we proposed the evicting and flling attack to expose the correlations between addresses and cluster transactions sent from different addresses of the same node.The attack exploited the unisolation of Bitcoin's incoming connection processing mecha-nism.In particular,an attacker can utilize the shared connection pool and deterministic connection eviction strategy to infer the correlation between incoming and evicting connections,as well as the correlation between releasing and flling connections.Based on inferred results,different addresses of the same node with these connections can be linked together,whether they are of the same or different network types.We designed a multi-step attack procedure,and set reasonable attack parameters through analyzing the factors that affect the attack effciency and accuracy.We mounted this attack on both our self-run nodes and multi-address nodes in real Bitcoin network,achieving an aver-age accuracy of 96.9% and 82%,respectively.Furthermore,we found that the attack is also applicable to Zcash,Litecoin,Dogecoin,Bitcoin Cash,and Dash.We analyzed the cost of network-wide attacks,the application scenario,and proposed countermeasures of this attack.

Study on RFID Authentication Protocol Theory

Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology.To date,researchers have proposed many RFID authentication protocols.However,these protocols have many flaws due to lack of theoretical support in designing these protocols.In this work,first we present the security and privacy requirements in RFID authentication protocols.Then we examine related works and point out problems in designing RFID authentication protocols.To solve these problems,we propose and briefly prove three theorems.We also give necessary examples for better understanding these theorems with concrete protocols.At last,we give our suggestions on designing secure and private authentication protocols.The security and privacy requirements,theorems,and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.

MIA-UNet:Multi-Scale Iterative Aggregation U-Network for Retinal Vessel Segmentation

As an important part of the new generation of information technology,the Internet of Things(IoT)has been widely concerned and regarded as an enabling technology of the next generation of health care system.The fundus photography equipment is connected to the cloud platform through the IoT,so as to realize the realtime uploading of fundus images and the rapid issuance of diagnostic suggestions by artificial intelligence.At the same time,important security and privacy issues have emerged.The data uploaded to the cloud platform involves more personal attributes,health status and medical application data of patients.Once leaked,abused or improperly disclosed,personal information security will be violated.Therefore,it is important to address the security and privacy issues of massive medical and healthcare equipment connecting to the infrastructure of IoT healthcare and health systems.To meet this challenge,we propose MIA-UNet,a multi-scale iterative aggregation U-network,which aims to achieve accurate and efficient retinal vessel segmentation for ophthalmic auxiliary diagnosis while ensuring that the network has low computational complexity to adapt to mobile terminals.In this way,users do not need to upload the data to the cloud platform,and can analyze and process the fundus images on their own mobile terminals,thus eliminating the leakage of personal information.Specifically,the interconnection between encoder and decoder,as well as the internal connection between decoder subnetworks in classic U-Net are redefined and redesigned.Furthermore,we propose a hybrid loss function to smooth the gradient and deal with the imbalance between foreground and background.Compared with the UNet,the segmentation performance of the proposed network is significantly improved on the premise that the number of parameters is only increased by 2%.When applied to three publicly available datasets:DRIVE,STARE and CHASE DB1,the proposed network achieves the accuracy/F1-score of 96.33%/84.34%,97.12%/83.17%and 97.06%/84.10%,respectively.The experimental results show that the MIA-UNet is superior to the state-of-the-art methods.

Towards Securing Machine Learning Models Against Membership Inference Attacks

From fraud detection to speech recognition,including price prediction,Machine Learning(ML)applications are manifold and can significantly improve different areas.Nevertheless,machine learning models are vulnerable and are exposed to different security and privacy attacks.Hence,these issues should be addressed while using ML models to preserve the security and privacy of the data used.There is a need to secure ML models,especially in the training phase to preserve the privacy of the training datasets and to minimise the information leakage.In this paper,we present an overview of ML threats and vulnerabilities,and we highlight current progress in the research works proposing defence techniques againstML security and privacy attacks.The relevant background for the different attacks occurring in both the training and testing/inferring phases is introduced before presenting a detailed overview of Membership Inference Attacks(MIA)and the related countermeasures.In this paper,we introduce a countermeasure against membership inference attacks(MIA)on Conventional Neural Networks(CNN)based on dropout and L2 regularization.Through experimental analysis,we demonstrate that this defence technique can mitigate the risks of MIA attacks while ensuring an acceptable accuracy of the model.Indeed,using CNN model training on two datasets CIFAR-10 and CIFAR-100,we empirically verify the ability of our defence strategy to decrease the impact of MIA on our model and we compare results of five different classifiers.Moreover,we present a solution to achieve a trade-off between the performance of themodel and the mitigation of MIA attack.

OTS Scheme Based Secure Architecture for Energy-Efficient IoT in Edge Infrastructure

For the past few decades,the Internet of Things(IoT)has been one of the main pillars wielding significant impact on various advanced industrial applications,including smart energy,smart manufacturing,and others.These applications are related to industrial plants,automation,and e-healthcare fields.IoT applications have several issues related to developing,planning,and managing the system.Therefore,IoT is transforming into G-IoT(Green Internet of Things),which realizes energy efficiency.It provides high power efficiency,enhances communication and networking.Nonetheless,this paradigm did not resolve all smart applications’challenges in edge infrastructure,such as communication bandwidth,centralization,security,and privacy.In this paper,we propose the OTS Scheme based Secure Architecture for Energy-Efficient IoT in Edge Infrastructure to resolve these challenges.An OTS-based Blockchain-enabled distributed network is used at the fog layer for security and privacy.We evaluated our proposed architecture’s performance quantitatively as well as security and privacy.We conducted a comparative analysis with existing studies with different measures,including computing cost time and communication cost.As a result of the evaluation,our proposed architecture showed better performance.