The advancement in technology has led to increase in cyber‐attacks. Hackers have become more skilled at finding the loopholes in the system and can penetrate easily on to host network. The rate of cybercrimes is increasing exponentially with the growth of digital era. Phishing is considered as one of the top cybercrimes that has impacted the society at large. As per Kaspersky reports 2021, around 22% attacks were phishing attacks. This paper explores methods for detecting phishing uniform resource locator (URLs) by analyzing various features using Machine Learning techniques. Various data mining algorithms are used to learn data patterns that can identify and differentiate between benign and phishing websites using phishing website data set. The best results are shown by an XGBoost Model that provides more than 90% accuracy on the balanced class dataset.
{"title":"Phishing uniform resource locator detection using machine learning: A step towards secure system","authors":"Shilpa Mahajan","doi":"10.1002/spy2.311","DOIUrl":"https://doi.org/10.1002/spy2.311","url":null,"abstract":"The advancement in technology has led to increase in cyber‐attacks. Hackers have become more skilled at finding the loopholes in the system and can penetrate easily on to host network. The rate of cybercrimes is increasing exponentially with the growth of digital era. Phishing is considered as one of the top cybercrimes that has impacted the society at large. As per Kaspersky reports 2021, around 22% attacks were phishing attacks. This paper explores methods for detecting phishing uniform resource locator (URLs) by analyzing various features using Machine Learning techniques. Various data mining algorithms are used to learn data patterns that can identify and differentiate between benign and phishing websites using phishing website data set. The best results are shown by an XGBoost Model that provides more than 90% accuracy on the balanced class dataset.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42423570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Blockchain systems have seen vast growth due to the immense potential in developing secure applications for education, healthcare, and so forth. The healthcare system is extensively researched to provide convenience to human life. With the exponential growth in healthcare systems and devices, patient data security and privacy issues are becoming primary concerns. Blockchain is emerging as a solution to secure healthcare records, but it faces certain shortcomings like transaction time, execution time, gas cost consumption, bandwidth utilization, and so forth. The current article designed an extensive blockchain‐based healthcare system (MyEasyHealthcare) with reduced gas consumption, transaction cost, execution cost, and bandwidth utilization, along with enhanced security at three levels. At the first level, the professionals and patients get registered, which provides identity access management. Secondly, authorization is required for each registered entity by the owners. Lastly, the third level includes a doctor‐patient relationship where the hospital's owner assigns a patient to a particular doctor. The data is protected from the outer world and is preserved only between the doctor and the patient. Moreover, to include the majority of tasks for hospital management, the developed system incorporates a smart contract to record seven different parameters for patient diagnosis by a physician and 15 different parameters by a pathologist. The designed system is evaluated for the amount of gas consumed, transaction cost, execution cost, and bandwidth utilization by simulating/executing the written smart contract on InterPlanetary File System (IPFS) and Remix to check the feasibility of the developed system (MyEasyHealthcare) for the real world; the results testify the proposed system is useful in the real world.
{"title":"\u0000 MyEasyHealthcare\u0000 \u0000 : An efficient and secure three‐tier blockchain‐based healthcare system","authors":"Kanika Agrawal, Mayank Aggarwal, S. Tanwar","doi":"10.1002/spy2.314","DOIUrl":"https://doi.org/10.1002/spy2.314","url":null,"abstract":"Blockchain systems have seen vast growth due to the immense potential in developing secure applications for education, healthcare, and so forth. The healthcare system is extensively researched to provide convenience to human life. With the exponential growth in healthcare systems and devices, patient data security and privacy issues are becoming primary concerns. Blockchain is emerging as a solution to secure healthcare records, but it faces certain shortcomings like transaction time, execution time, gas cost consumption, bandwidth utilization, and so forth. The current article designed an extensive blockchain‐based healthcare system (MyEasyHealthcare) with reduced gas consumption, transaction cost, execution cost, and bandwidth utilization, along with enhanced security at three levels. At the first level, the professionals and patients get registered, which provides identity access management. Secondly, authorization is required for each registered entity by the owners. Lastly, the third level includes a doctor‐patient relationship where the hospital's owner assigns a patient to a particular doctor. The data is protected from the outer world and is preserved only between the doctor and the patient. Moreover, to include the majority of tasks for hospital management, the developed system incorporates a smart contract to record seven different parameters for patient diagnosis by a physician and 15 different parameters by a pathologist. The designed system is evaluated for the amount of gas consumed, transaction cost, execution cost, and bandwidth utilization by simulating/executing the written smart contract on InterPlanetary File System (IPFS) and Remix to check the feasibility of the developed system (MyEasyHealthcare) for the real world; the results testify the proposed system is useful in the real world.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44747064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Vector quantization (VQ) technique is widely used in digital image compression. Some reversible data hiding schemes have been proposed to embed secret data (eg, password, timestamp, and watermark) into a VQ index table. In real application scenarios, users usually train codebooks on their own data sets instead of using the public codebooks directly. Therefore, different from the conventional schemes, in this paper we propose a novel reversible data hiding scheme for VQ codebooks instead of VQ index tables. All permutation operation is adopted to a sorted codebook to find usable codewords and embeds secret data. Experimental results demonstrate that the embedding rates of our proposed scheme for different‐sized codebooks are appreciable. The embedded codebook can also be directly applied to decompress images.
{"title":"A novel reversible data hiding scheme for\u0000 VQ\u0000 codebooks","authors":"Xu Wang, Jui‐Chuan Liu, Chin-chen Chang","doi":"10.1002/spy2.315","DOIUrl":"https://doi.org/10.1002/spy2.315","url":null,"abstract":"Vector quantization (VQ) technique is widely used in digital image compression. Some reversible data hiding schemes have been proposed to embed secret data (eg, password, timestamp, and watermark) into a VQ index table. In real application scenarios, users usually train codebooks on their own data sets instead of using the public codebooks directly. Therefore, different from the conventional schemes, in this paper we propose a novel reversible data hiding scheme for VQ codebooks instead of VQ index tables. All permutation operation is adopted to a sorted codebook to find usable codewords and embeds secret data. Experimental results demonstrate that the embedding rates of our proposed scheme for different‐sized codebooks are appreciable. The embedded codebook can also be directly applied to decompress images.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41533623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Jumani, Jinglun Shi, A. Laghari, Zhihui Hu, Aftab ul Nabi, Huang Qian
Fog computing, also known as edge computing, is a decentralized computing architecture that brings computing and data storage closer to the users and devices that need it. It offers several advantages over traditional cloud computing, such as lower latency, improved reliability, and enhanced security. As the Internet of Things continues to grow, the demand for fog computing is also increasing, making it an important topic for research and development. However, the deployment of fog computing also brings new technical challenges and security risks. For example, fog nodes are often deployed in resource‐constrained environments and are exposed to potential security threats, such as malware and attacks on devices connected to the network. In addition, the decentralized nature of fog computing creates new challenges in terms of privacy, security, and data management. This survey aims to address these technical challenges and research gaps in the field of fog computing security. It provides an overview of the current state of fog computing and its security challenges, and identifies key areas for future research. The survey also highlights the importance of fog computing security and the need for continued investment in this area in order to fully realize the potential of this promising technology.
{"title":"Fog computing security: A review","authors":"A. Jumani, Jinglun Shi, A. Laghari, Zhihui Hu, Aftab ul Nabi, Huang Qian","doi":"10.1002/spy2.313","DOIUrl":"https://doi.org/10.1002/spy2.313","url":null,"abstract":"Fog computing, also known as edge computing, is a decentralized computing architecture that brings computing and data storage closer to the users and devices that need it. It offers several advantages over traditional cloud computing, such as lower latency, improved reliability, and enhanced security. As the Internet of Things continues to grow, the demand for fog computing is also increasing, making it an important topic for research and development. However, the deployment of fog computing also brings new technical challenges and security risks. For example, fog nodes are often deployed in resource‐constrained environments and are exposed to potential security threats, such as malware and attacks on devices connected to the network. In addition, the decentralized nature of fog computing creates new challenges in terms of privacy, security, and data management. This survey aims to address these technical challenges and research gaps in the field of fog computing security. It provides an overview of the current state of fog computing and its security challenges, and identifies key areas for future research. The survey also highlights the importance of fog computing security and the need for continued investment in this area in order to fully realize the potential of this promising technology.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48233013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Youssef F. Sallam, Samy Abd El-Nabi, W. El-shafai, HossamEl-din H. Ahmed, A. Saleeb, Nirmeen A. El-Bahnasawy, F. A. Abd El-Samie
The Internet offers humanity many distinctive and indispensable services, whether for individuals or for institutions and companies. This great role has attracted the Internet attackers to develop their mechanisms to capture and obtain the data by illegal methods. This growth in the number of cyber‐attacks made scientists in a real challenge, to find advanced methods to face this danger. Due to the shortcomings of traditional data security means such as firewalls, encryption, and so forth, the motivation became to develop alternative systems to detect smart attacks. Intrusion detection systems (IDSs) have made remarkable progress in cyber‐security. They monitor the traffic in real time and continuously to detect the network attacks, giving alerts to the network administrator. In this article, two IDSs are introduced based on principles of transfer learning (TL) with convolutional neural networks. Our systems are built using the visual geometry group (VGG19) and residual network with 152 layers (ResNet152). UNSW‐NB15 intrusion detection dataset is used to evaluate the models. The proposals achieve high levels of precision, recall, and F1_score as 99%, 99%, and 99%, respectively. These achievements prove the efficiency of the proposed models in capturing cyber‐attacks with low alert rates.
{"title":"Efficient implementation of image representation, visual geometry group with 19 layers and residual network with 152 layers for intrusion detection from UNSW‐NB15 dataset","authors":"Youssef F. Sallam, Samy Abd El-Nabi, W. El-shafai, HossamEl-din H. Ahmed, A. Saleeb, Nirmeen A. El-Bahnasawy, F. A. Abd El-Samie","doi":"10.1002/spy2.300","DOIUrl":"https://doi.org/10.1002/spy2.300","url":null,"abstract":"The Internet offers humanity many distinctive and indispensable services, whether for individuals or for institutions and companies. This great role has attracted the Internet attackers to develop their mechanisms to capture and obtain the data by illegal methods. This growth in the number of cyber‐attacks made scientists in a real challenge, to find advanced methods to face this danger. Due to the shortcomings of traditional data security means such as firewalls, encryption, and so forth, the motivation became to develop alternative systems to detect smart attacks. Intrusion detection systems (IDSs) have made remarkable progress in cyber‐security. They monitor the traffic in real time and continuously to detect the network attacks, giving alerts to the network administrator. In this article, two IDSs are introduced based on principles of transfer learning (TL) with convolutional neural networks. Our systems are built using the visual geometry group (VGG19) and residual network with 152 layers (ResNet152). UNSW‐NB15 intrusion detection dataset is used to evaluate the models. The proposals achieve high levels of precision, recall, and F1_score as 99%, 99%, and 99%, respectively. These achievements prove the efficiency of the proposed models in capturing cyber‐attacks with low alert rates.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49220190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pankaj Kumar, M. Wazid, D. P. Singh, Jaskaran Singh, A. Das, Youngho Park, Joel J. P. C. Rodrigues
Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI‐envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM‐CTH). The network and threat models of XAISM‐CTH are designed and discussed. The conducted security analysis proves the security of XAISM‐CTH against various potential attacks. XAISM‐CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM‐CTH has been provided to observe its impact on the performance of the system.
{"title":"Explainable artificial intelligence envisioned security mechanism for cyber threat hunting","authors":"Pankaj Kumar, M. Wazid, D. P. Singh, Jaskaran Singh, A. Das, Youngho Park, Joel J. P. C. Rodrigues","doi":"10.1002/spy2.312","DOIUrl":"https://doi.org/10.1002/spy2.312","url":null,"abstract":"Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI‐envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM‐CTH). The network and threat models of XAISM‐CTH are designed and discussed. The conducted security analysis proves the security of XAISM‐CTH against various potential attacks. XAISM‐CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM‐CTH has been provided to observe its impact on the performance of the system.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44134785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The most cutting‐edge innovation in recent times, cloud technology, changed the whole computer paradigm from less capable, specific, user‐isolated offline systems to potent multi‐server interactive systems. Despite being a huge benefit, controlling the security and accessibility of data stored in the cloud is a difficult task. Hence, this article presents a four‐phased security paradigm for securing data generated by internet of things (IoT) devices and transmitted to fog servers. In the article, we outline a comprehensive, cutting‐edge architecture for safeguarding and protecting the information that IoT devices produce and transmit to the cloud. The suggested architecture blends the advantages of an innovative mutual authentication algorithm, a novel key distribution algorithm, and a novel encryption hybrid algorithm for maximum effectiveness and increased security. The findings demonstrate that the suggested protocol outperforms previous techniques in terms of time and resource consumption and throughput. In contrast to previous protocols, the suggested approach reduces encrypting time by 28% and decryption time by about 32%, while the volume of encrypted messages produced stays consistent. There has also been a 28% increase in encryption throughput. Proposed work demonstrates minimal resource utilization, good performance and a higher level of security robustness.
{"title":"A cryptographic security framework for hybrid Cloud‐Internet of Things network","authors":"Sameer Farooq, Priyanka Chawla, Neeraj Kumar","doi":"10.1002/spy2.309","DOIUrl":"https://doi.org/10.1002/spy2.309","url":null,"abstract":"The most cutting‐edge innovation in recent times, cloud technology, changed the whole computer paradigm from less capable, specific, user‐isolated offline systems to potent multi‐server interactive systems. Despite being a huge benefit, controlling the security and accessibility of data stored in the cloud is a difficult task. Hence, this article presents a four‐phased security paradigm for securing data generated by internet of things (IoT) devices and transmitted to fog servers. In the article, we outline a comprehensive, cutting‐edge architecture for safeguarding and protecting the information that IoT devices produce and transmit to the cloud. The suggested architecture blends the advantages of an innovative mutual authentication algorithm, a novel key distribution algorithm, and a novel encryption hybrid algorithm for maximum effectiveness and increased security. The findings demonstrate that the suggested protocol outperforms previous techniques in terms of time and resource consumption and throughput. In contrast to previous protocols, the suggested approach reduces encrypting time by 28% and decryption time by about 32%, while the volume of encrypted messages produced stays consistent. There has also been a 28% increase in encryption throughput. Proposed work demonstrates minimal resource utilization, good performance and a higher level of security robustness.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42348068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Due to the rapid development of mobile communication and hardware technologies, several mobile‐based web applications have gained popularity among mobile users. Mobile users can utilize these devices to access numerous services over the Internet. To ensure secure communication, different key exchange and authentication (KEA) protocols are proposed and frequently used. However, due to the advent of quantum computers, numerous quantum‐safe KEA protocols are also developed using various complex mathematical problems in ideal lattices. As it is an emerging and developing area, we analyze the security of recently suggested ring learning with error based KEA protocols. The goal of this study is to gain a comprehensive understanding of quantum‐safe KEA mechanisms. For our study, we have considered Dharminder's LWE‐based KEA mechanism and Dharminder and Chandran's LWE‐based KEA mechanism. These protocols enable effective communication and provide a better means for safely transmitting messages between user and server. However, we have discovered that a fundamental security weakness in these methods makes them vulnerable to signal leakage attacks (SLA). Based on our analysis, we demonstrated security weakness against SLA and provide the road‐map for secure construction.
{"title":"On the security of ring learning with error‐based key exchange protocol against signal leakage attack","authors":"Komal Pursharthi, D. Mishra","doi":"10.1002/spy2.310","DOIUrl":"https://doi.org/10.1002/spy2.310","url":null,"abstract":"Due to the rapid development of mobile communication and hardware technologies, several mobile‐based web applications have gained popularity among mobile users. Mobile users can utilize these devices to access numerous services over the Internet. To ensure secure communication, different key exchange and authentication (KEA) protocols are proposed and frequently used. However, due to the advent of quantum computers, numerous quantum‐safe KEA protocols are also developed using various complex mathematical problems in ideal lattices. As it is an emerging and developing area, we analyze the security of recently suggested ring learning with error based KEA protocols. The goal of this study is to gain a comprehensive understanding of quantum‐safe KEA mechanisms. For our study, we have considered Dharminder's LWE‐based KEA mechanism and Dharminder and Chandran's LWE‐based KEA mechanism. These protocols enable effective communication and provide a better means for safely transmitting messages between user and server. However, we have discovered that a fundamental security weakness in these methods makes them vulnerable to signal leakage attacks (SLA). Based on our analysis, we demonstrated security weakness against SLA and provide the road‐map for secure construction.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44589855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Chandan Trivedi, U. P. Rao, Keyur Parmar, Pronaya Bhattacharya, S. Tanwar, Ravi Sharma
Recently, Internet‐of‐Things (IoT) based applications have shifted from centralized infrastructures to decentralized ecosystems, owing to user data's security and privacy limitations. The shift has opened new doors for intruders to launch distributed attacks in diverse IoT scenarios that jeopardize the application environments. Moreover, as heterogeneous and autonomous networks communicate, the attacks intensify, which justifies the requirement of trust as a key policy. Recently, blockchain‐based IoT solutions have been proposed that address trust limitations by maintaining data consistency, immutability, and chronology in IoT environments. However, IoT ecosystems are resource‐constrained and have low bandwidth and finite computing power of sensor nodes. Thus, the inclusion of blockchain requires an effective policy design regarding consensus and smart contract environments in heterogeneous IoT applications. Recent studies have presented blockchain as a potential solution in IoT, but an effective view of consensus and smart contract design to meet the end application requirements is an open problem. Motivated by the same, the survey presents the integration of suitable low‐powered consensus protocols and smart contract design to assess and validate the blockchain‐IoT ecosystems. We present blockchain‐IoT's emerging communication and security aspects with performance issues of consensus protocols, interoperability, and implementation platforms. A case study of a smart contract‐based blockchain‐driven ecosystem is presented with a comparative analysis of mining cost and latency, which shows its suitability in real‐world setups. We also highlight attacks on blockchain IoT, open issues, potential findings, and future directions. The survey intends to drive novel solutions for future consensus and safe, smart contract designs to support applicative IoT ecosystems.
{"title":"A transformative shift toward blockchain‐based IoT environments: Consensus, smart contracts, and future directions","authors":"Chandan Trivedi, U. P. Rao, Keyur Parmar, Pronaya Bhattacharya, S. Tanwar, Ravi Sharma","doi":"10.1002/spy2.308","DOIUrl":"https://doi.org/10.1002/spy2.308","url":null,"abstract":"Recently, Internet‐of‐Things (IoT) based applications have shifted from centralized infrastructures to decentralized ecosystems, owing to user data's security and privacy limitations. The shift has opened new doors for intruders to launch distributed attacks in diverse IoT scenarios that jeopardize the application environments. Moreover, as heterogeneous and autonomous networks communicate, the attacks intensify, which justifies the requirement of trust as a key policy. Recently, blockchain‐based IoT solutions have been proposed that address trust limitations by maintaining data consistency, immutability, and chronology in IoT environments. However, IoT ecosystems are resource‐constrained and have low bandwidth and finite computing power of sensor nodes. Thus, the inclusion of blockchain requires an effective policy design regarding consensus and smart contract environments in heterogeneous IoT applications. Recent studies have presented blockchain as a potential solution in IoT, but an effective view of consensus and smart contract design to meet the end application requirements is an open problem. Motivated by the same, the survey presents the integration of suitable low‐powered consensus protocols and smart contract design to assess and validate the blockchain‐IoT ecosystems. We present blockchain‐IoT's emerging communication and security aspects with performance issues of consensus protocols, interoperability, and implementation platforms. A case study of a smart contract‐based blockchain‐driven ecosystem is presented with a comparative analysis of mining cost and latency, which shows its suitability in real‐world setups. We also highlight attacks on blockchain IoT, open issues, potential findings, and future directions. The survey intends to drive novel solutions for future consensus and safe, smart contract designs to support applicative IoT ecosystems.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47548915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pimal Khanpara, Ishwa Shah, S. Tanwar, Amit Verma, Ravi Sharma
The widespread use of networked, intelligent, and adaptable devices in various domains, such as smart cities and home automation, climate control, manufacturing and logistics, healthcare, education, and agriculture, has been hastened by recent developments in hardware and software technologies. In all these application domains, the concept of the Internet of Things helps to achieve process automation and decrease labor costs. While IoT has been an established domain for quite a while, it has seen a lot of advances and challenges in different subdomains over the years. One such subdomain is IoT Forensics which involves digital forensics concerning IoT devices, networks, or clouds. In this process of obtaining substantial evidence from the devices, networks, or cloud, a large amount of data and operations on said data are involved. Hence, looking through IoT Forensics through the methodology dealing with data, known as data analytics, is essential. This paper presents an interpretation of IoT Forensics from the standpoint of data analytics. To explain the same in detail, the paper focuses on IoT Forensics, its methodologies, and how they relate to data analytics stages. Toward the end, the paper discusses current developments in IoT Forensics from the data analytics perspective, limitations observed in the existing technologies, adoption challenges, and possible future advancements.
{"title":"Toward the internet of things forensics: A data analytics perspective","authors":"Pimal Khanpara, Ishwa Shah, S. Tanwar, Amit Verma, Ravi Sharma","doi":"10.1002/spy2.306","DOIUrl":"https://doi.org/10.1002/spy2.306","url":null,"abstract":"The widespread use of networked, intelligent, and adaptable devices in various domains, such as smart cities and home automation, climate control, manufacturing and logistics, healthcare, education, and agriculture, has been hastened by recent developments in hardware and software technologies. In all these application domains, the concept of the Internet of Things helps to achieve process automation and decrease labor costs. While IoT has been an established domain for quite a while, it has seen a lot of advances and challenges in different subdomains over the years. One such subdomain is IoT Forensics which involves digital forensics concerning IoT devices, networks, or clouds. In this process of obtaining substantial evidence from the devices, networks, or cloud, a large amount of data and operations on said data are involved. Hence, looking through IoT Forensics through the methodology dealing with data, known as data analytics, is essential. This paper presents an interpretation of IoT Forensics from the standpoint of data analytics. To explain the same in detail, the paper focuses on IoT Forensics, its methodologies, and how they relate to data analytics stages. Toward the end, the paper discusses current developments in IoT Forensics from the data analytics perspective, limitations observed in the existing technologies, adoption challenges, and possible future advancements.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42496111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: