No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Blockchain-Based Decentralized Authentication for Information-Centric 5G Networks
... The routing table is then stored on the blockchain, which ensures its integrity and tamper-evidence. In 2022, Muhammad Hassan et al. [17] proposed a blockchain-based authentication mechanism for Information-Centric 5G Networks (IC5GN). The authors argue that existing authentication mechanisms for IC5GN are centralized and vulnerable to attacks, such as identity theft and impersonation. ...
Content-Centric Networking (CCN) aims to meet the demand for content access and distribution by securing content rather than connections. However, content cached in CCN routers is vulnerable to malicious attacks and unauthorized access. Existing authentication and access control protocols often suffer from issues such as single points of failure and inadequate protection against sophisticated attacks. To address these security and integrity concerns, we propose a blockchain-based authentication protocol using soulbound tokens (SBTs). The protocol links the consumer to a secure crypto wallet, serving as a repository for authentication information. The content provider mints and distributes SBTs via blockchain, ensuring proof-of-authenticity and ownership. This blockchain-based approach eliminates single points of failure and provides a decentralized, tamper-proof method for authentication. Smart contracts for the protocol, developed in Solidity and deployed on a zk-EVM enabled blockchain, provide privacy-preserving authentication. Security analysis using AVISPA confirms the protocol’s robustness against various CCN threats, including denial-of-service and unauthorized access. Performance evaluation demonstrates the protocol’s computational efficiency and feasibility for CCN environments, maintaining low latency and resource usage while enhancing security.
... Data integrity and services rely upon the ability of IoT devices to authenticate users and devices [42]. Hassan et al. research Blockchain-based Decentralized Authentication Protocol (BDAP) [43]. Anonymous authentication using the minimum required attestation is considered a means to store anonymous data in the cloud, while decentralized authentication is used to secure data access [44]. ...
IoT edge computing is a network design model that captures and processes data at the network edge. The results are forwarded to a cloud service or, if additional processing is needed, a middle tier. By processing data at the edge and middle tier, edge networks achieve better load-balancing and improve performance; however, traditional edge network deployments represent a rigid participation model. Edge networks require physical access to an IoT device and often lock the device to a single edge network. These constraints make it difficult to construct the ideal network, as they reject IoT devices deployed at the network edge but not owned by the network administrator. Our goal is to remove these limitations by creating a network protocol that supports broader participation of IoT devices, cryptographically secures network data, and improves network performance by increasing captured data at the network edge. The protocol is named Snap to symbolize the ease of self assembly. Our experimental research focuses on temperature stability and the cycle efficiency of an HVAC system by utilizing a Snap network to combine two existing edge networks and increase the number of temperature measurement points. The additional measurement points improved the efficiency of the HVAC cycle strategy by increasing the square footage of measured building space. The additional temperature capture points supported an adjustment to the HVAC cycle strategy which resulted in reducing the disparity between the requested temperature and the resulting temperatures. Snap networks support a broader range of IoT sensors leading to increased measurement density, sample rate frequency, and coverage of the network edge.
This paper aims to point out the potential use, of Blockchain based decentralized computer networks in ISPs and how they promote a secure and private alternative to today’s centralized ISP networks.
BlockChain (BC) has attracted tremendous attention due to its immutable nature and the associated security and privacy benefits. BC has the potential to overcome security and privacy challenges of Internet of Things (IoT). However, BC is computationally expensive, has limited scalability and incurs significant bandwidth overheads and delays which are not suited to the IoT context. We propose a tiered Lightweight Scalable BC (LSB) that is optimized for IoT requirements. We explore LSB in a smart home setting as a representative example for broader IoT applications. Low resource devices in a smart home benefit from a centralized manager that establishes shared keys for communication and processes all incoming and outgoing requests. LSB achieves decentralization by forming an overlay network where high resource devices jointly manage a public BC that ensures end-to-end privacy and security. The overlay is organized as distinct clusters to reduce overheads and the cluster heads are responsible for managing the public BC. LSB incorporates several optimizations which include algorithms for lightweight consensus, distributed trust and throughput management. Qualitative arguments demonstrate that LSB is resilient to several security attacks. Extensive simulations show that LSB decreases packet overhead and delay and increases BC scalability compared to relevant baselines.
The fast-growing Internet traffic is increasingly becoming content-based and driven by mobile users, with users more interested in data rather than its source. This has precipitated the need for an information-centric Internet architecture. Research in information-centric networks (ICNs) have resulted in novel architectures, e.g., CCN/NDN, DONA, and PSIRP/PURSUIT; all agree on named data based addressing and pervasive caching as integral design components. With network-wide content caching, enforcement of content access control policies become non-trivial. Each caching node in the network needs to enforce access control policies with the help of the content provider. This becomes inefficient and prone to unbounded latencies especially during provider outages. In this paper, we propose an efficient access control framework for ICN, which allows legitimate users to access and use the cached content directly, and does not require verification/authentication by an online provider authentication server or the content serving router. This framework would help reduce the impact of system down-time from server outages and reduce delivery latency by leveraging caching while guaranteeing access only to legitimate users. Experimental/simulation results demonstrate the suitability of this scheme for all users, but particularly for mobile users, especially in terms of the security and latency overheads.
Information-Centric Networking (ICN) is a new net- working paradigm, which replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet, mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents origin. Content and client security are more intrinsic in the ICN paradigm versus the current host centric paradigm where they have been instrumented as an after-thought. By design, the ICN paradigm inherently supports several security and privacy features, such as provenance and identity privacy, which are still not effectively available in the host-centric paradigm. However, given its nascency, the ICN paradigm has several open security and privacy concerns, some that existed in the old paradigm, and some new and unique. In this article, we survey the existing literature in security and privacy research sub-space in ICN. More specifically, we explore three broad areas: security threats, privacy risks, and access control enforcement mechanisms.
We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In the broad area of security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In the broad area of privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN’s feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. In this broad area, we review existing access control mechanisms including encryption-based, attribute- based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.
In highly dense LTE networks, with the increased number of users requesting services in a cell, blocking will occur for some users. To deal with this, techniques for increasing the capacity of the cell must be adopted. Clustering nodes into small groups with low power will enable reusing the available frequency and thus expanding the capacity of the network. In this paper, clustering is implemented in a way to configure the nodes into groups each having one cluster-head (CH) that communicates directly with the Base Station (BS), while other nodes, called slaves, relay their communication through cluster- head nodes. The implementation of different clustering strategies that are adapted for the LTE environment is proposed. Two of the well-known clustering algorithms, namely K-means and the Hierarchical Agglomerative Clustering (HAC), are used for this purpose. Moreover, the use of selection strategy for configuring the nodes is also implemented and compared with the other two clustering techniques. A proper frequency allocation and power control scheme is implemented in order to avoid excessive interference and get valid clustering formations in all cases.
To profit of the high bandwidth and low cost of the IEEE 802.11 wireless local area network (WLAN) and to benefit of the large zone coverage of the 3G network, the third Generation Partnership Project (3GPP) has specified the interworking architecture for the 3G-WLAN and develops System Architecture Evolution (SAE)/ Long Term Evolution (LTE) architecture. This inter-working introduces a new challenge to ensure the security of both networks and to manage a secure and fast vertical handover (VH). The Extensible Authentication Protocol and Authentication Key Agreement (EAP-AKA) is the authentication mechanism adopted by the 3GPP for VH between the 3G and the WLAN. However, the EAP-AKA method suffers from several weaknesses, such as user identity showing, sequence number synchronization and additional bandwidth consumption. These expose legitimate user to risk and increase the authentication delay. In this paper we propose a new fast authentication method (EAP-FAKA) which delegates the user authentication to the WLAN on behalf of the 3G network. The new method is based on the Elliptic Curve Diffie-Hellman (ECDH) and symmetric cryptosystem. The proposed protocol achieves fast and mutual authentication with definition of a new key framework. The security properties of the new method are checked by using a formal verification (HLPSL) which has proved a high talent in finding potential attacks automatically in security protocols.
We consider a multi-cluster, multi-hop packet radio network architecture for wireless systems which can dynamically adapt itself with the changing network configurations. Due to the dynamic nature of the mobile nodes, their association and dissociation to and from clusters perturb the stability of the system, and hence a reconfiguration of the system is unavoidable. At the same time it is vital to keep the topology stable as long as possible. The clusterheads, which form a dominant set in the network, decide the topology and are responsible for its stability. In this paper, we propose a weighted clustering algorithm (WCA) which takes into consideration the ideal degree, transmission power, mobility and battery power of a mobile node. We try to keep the number of nodes in a cluster around a pre-defined threshold to facilitate the optimal operation of the medium access control (MAC) protocol. Our clusterhead election procedure is not periodic as in earlier research, but adapts based on the dynamism of the nodes. This on-demand execution of WCA aims to maintain the stability of the network, thus lowering the computation and communication costs associated with it. Simulation experiments are conducted to evaluate the performance of WCA in terms of the number of clusterheads, reaffiliation frequency and dominant set updates. Results show that the WCA performs better than the existing algorithms and is also tunable to different types of ad hoc networks.
The emerging Information-Centric Networking (ICN) paradigm is expected to facilitate content sharing among users. ICN will make it easy for users to appoint storage nodes, in various network locations, perhaps owned or controlled by them, where shared content can be stored and disseminated from. These storage nodes should be (somewhat) trusted since not only they have (some level of) access to user shared content, but they should also properly enforce access control. Traditional forms of encryption introduce significant overhead when it comes to sharing content with large and dynamic groups of users. To this end, proxy re-encryption provides a convenient solution. In this paper, we use Identity-Based Proxy Re-Encryption (IB-PRE) to provide confidentiality and access control for content items shared over ICN, realizing secure content distribution among dynamic sets of users. In contrast to similar IB-PRE based solutions, our design allows each user to generate the system parameters and the secret keys required by the underlay encryption scheme using their own \emph{Private Key Generator}, therefore, our approach does not suffer from the key escrow problem. Moreover, our design further relaxes the trust requirements on the storage nodes by preventing them from sharing usable content with unauthorized users. Finally, our scheme does not require out-of-band secret key distribution.
Named data networking (NDN) is a new paradigm for the future Internet wherein interest and data packets carry content names rather than the current IP paradigm of source and destination addresses. Security is built into NDN by embedding a public key signature in each data packet to enable verification of authenticity and integrity of the content. However, existing heavyweight signature generation and verification algorithms prevent universal integrity verification among NDN nodes, which may result in content pollution and denial of service attacks. Furthermore, caching and location-independent content access disables the capability of a content provider to control content access, e.g., who can cache a content and which end user or device can access it. We propose a lightweight integrity verification (LIVE) architecture, an extension to the NDN protocol, to address these two issues seamlessly. LIVE enables universal content signature verification in NDN with lightweight signature generation and verification algorithms. Furthermore, it allows a content provider to control content access in NDN nodes by selectively distributing integrity verification tokens to authorized nodes. We evaluate the effectiveness of LIVE with open source CCNx project. Our paper shows that LIVE only incurs average 10% delay in accessing contents. Compared with traditional public key signature schemes, the verification delay is reduced by over 20 times in LIVE.
Information is the building block of Information Centric Networks (ICNs). Access control policies limit information dissemination to authorized entities only. Defining access control policies in an ICN is a non-trivial task as an infor-mation item may exist in multiple copies dispersed in var-ious network locations, including caches and content repli-cation servers. In this paper we propose an access control enforcement delegation scheme which enables the purveyor of an information item to evaluate a request against an ac-cess control policy, without having access to the requestor credentials nor to the actual definition of the policy. Such an approach has multiple merits: it enables the interoper-ability of various stakeholders, it protects user identity and it can set the basis for a privacy preserving mechanism. An implementation of our scheme supports its feasibility.