The Internet of Things (IoT) is currently seeing tremendous growth due to new technologies and big data. Research in the field of IoT security is an emerging topic. IoT networks are becoming more vulnerable to new assaults as a result of the growth in devices and the production of massive data. In order to recognize the attacks, an intrusion detection system is required. In this work, we suggested a Deep Learning (DL) model for intrusion detection to categorize various attacks in the dataset. We used a filter-based approach to pick out the most important aspects and limit the number of features, and we built two different deep-learning models for intrusion detection. For model training and testing, we used two publicly accessible datasets, NSL-KDD and UNSW-NB 15. First, we applied the dataset on the Deep neural network (DNN) model and then the same dataset on Convolution Neural Network (CNN) model. For both datasets, the DL model had a better accuracy rate. Because DL models are opaque and challenging to comprehend, we applied the idea of explainable Artificial Intelligence (AI) to provide a model explanation. To increase confidence in the DNN model, we applied the explainable AI (XAI) Local Interpretable Model-agnostic Explanations (LIME ) method, and for better understanding, we also applied Shapley Additive Explanations (SHAP).

Apart from creating a billion-dollar worth of cryptocurrency ecosystem, Bitcoin revolutionized the whole domain of cryptocurrencies, and it largely influenced many other application areas (e.g., healthcare, supply-chain management, real estate) with its underlying technologies such as blockchain, consensus algorithms, and decentralized data management. Due to the reasons mentioned above, Bitcoin has attracted massive attention from the research community. Since its launch in 2009, the Bitcoin market capital has grown significantly, and it is now worth approximately 887 billion dollars. This huge and rapid growth is one of the key motivations for malicious entities to identify and exploit weaknesses to disrupt its normal functionality for financial reasons, and the same is also a reason for the researchers to discover and provide patches or solutions for the identified security- and privacy-related vulnerabilities in the system. Most of these security and privacy threats are on the critical underlying technologies of Bitcoin; thus, they are also valid for other Bitcoin-like cryptocurrencies. This chapter starts with an overview of the Bitcoin system by explaining the working methodology and interactions between its various building blocks. In the process, we conclude Bitcoin’s fundamental features and underlying structures and provide insights at the core of the Bitcoin protocol and its networking infrastructure. We also discuss the significant security and privacy threats to the Bitcoin system and the countermeasures proposed in the state of the art.

Lawful evidence management by law enforcement agencies during the Digital Forensics (DF) investigation is of supreme importance since it convicts suspects of crimes. Therefore, a secure and efficient evidence management system should have certain features such as tamper-resistant, traceability, auditability, privacy preservation, and fine-grained access control. Unfortunately, the state-of-the-art DF is facing new challenges due to the recent technological advancements in various areas, such as the Internet of Things (IoT), Cyber-Physical Systems (CPS), communication technologies, and cloud computing, which are heavily being used in our daily lives. These technologies are also the primary sources for evidence extraction in most crimes. Hence, forensic experts need novel tools and methodologies to keep pace with these new technologies. The inherent properties of blockchain, such as transparency, immutability, secure anonymity, and auditability, make it a suitable solution to address DF’s new challenges. To this end, we provide a compact survey on state-of-the-art blockchain-based DF investigation techniques along with their advantages and disadvantages. We will discuss all critical issues and challenges involved in forensic investigations and evidence management systems, focusing on security and privacy challenges. Moreover, blockchain-based solutions that target specific service areas such as IoT and cloud computing forensics will be discussed in detail due to their usage in many application domains. Finally, we will present the challenges that existing blockchain-based forensics solutions face, along with possible ways of addressing them.

IoT has gained immense popularity recently with advancements in technologies and big data. IoT network is dynamically increasing with the addition of devices, and the big data is generated within the network, making the network vulnerable to attacks. Thus, network security is essential, and an intrusion detection system is needed. In this paper, we proposed a deep learning-based model for detecting intrusions or attacks in IoT networks. We constructed a DNN model, applied a filter method for feature reduction, and tuned the model with different parameters. We also compared the performance of DNN with other machine learning techniques in terms of accuracy, and the proposed DNN model with weight decay of 0.0001 and dropout rate of 0.01 achieved an accuracy of 0.993, and the reduced loss on the NSL-KDD dataset having five classes. DL models are a black box and hard to understand, so we explained the model predictions using LIME.

In the era of the Internet of Communication Technologies (ICT), the Internet is becoming more popular and widely used across the world. Radio Frequency IDentification (RFID) has become a prominent technology in healthcare systems for identifying tagged objects. The RFID tags are attached to the billions of different healthcare devices or things in several associated applications. However, RFID tags’ security and privacy are regarded as the two biggest concerns. An adversary might eavesdrop, tamper, or even intercept the transmitted messages in RFID systems. Also, the privacy of the users (patients, doctors, and nurses) may breach. In past years, numerous ultralightweight RFID authentication schemes have been proposed in the healthcare sector. However, all these schemes were pointed out as insecure under several known security attacks namely, replay, impersonation, full-disclosure, and de-synchronization attacks. Keeping in view such security flaws, we present an efficient and reliable ultralightweight RFID authentication scheme (ER²AS) for healthcare systems to enhance patients’ medication safety. The scheme employs bitwise XOR, circular left–right rotations, and our proposed ultralighweight reformation operation to achieve higher-level security. The security and privacy evaluations demonstrate that ER²AS scheme resists several known security attacks. The performance analysis also demonstrates that it incurs lower computation and storage overhead on the RFID tags, thus making it practical to be implemented in real-time healthcare environments.

In recent years, the use of Software Defined Networking (SDN) has increased due to various network management requirements. Using SDN in computer network applications has brought several benefits to users, including lower operational costs, better hardware management, flexibility, and centralized network deployment. On the other hand, the Internet of Things (IoT) is another rapidly growing technology. Distributed and dynamic infrastructures are two critical characteristics of IoT. These characteristics lead to some challenges while using SDN in IoT in terms of security and privacy. In this paper, we address security and privacy issues and solutions for SDN-based IoT systems. We analyze the techniques used for defense in previous works to achieve an acceptable level of security and privacy protection in SDN-based IoT systems. In the data plane, SDN-based IoT papers have considered hashing and encryption techniques, in the control plane, certificate authority and access control have been analyzed, and in the application plane, attack detection, and authentication have been discussed. We also provide a statistical analysis of the existing work. This analysis shows that researchers have focused on certain areas more than others in recent years. The final analysis also highlights issues that previous researchers have ignored.

Internet of Things (IoT) applications are growing in popularity for being widely used in many real-world services. In an IoT ecosystem, many devices are connected with each other via internet, making IoT networks more vulnerable to various types of cyber attacks, thus a major concern in its deployment is network security and user privacy. To protect IoT networks against various attacks, an efficient and practical Intrusion Detection System (IDS) could be an effective solution. In this paper, a novel anomaly-based IDS system for IoT networks is proposed using Deep Learning technique. Particularly, a filter-based feature selection Deep Neural Network (DNN) model where highly correlated features are dropped has been presented. Further, the model is tuned with various parameters and hyper parameters. The UNSW-NB15 dataset comprising of four attack classes is utilized for this purpose. The proposed model achieved an accuracy of 84%. Generative Adversarial Networks (GANs) were used to generate synthetic data of minority attacks to resolve class imbalance issues in the dataset and achieved 91% accuracy with balanced class dataset.

Many regions are in urgent need of facial masks for slowing down the spread of COVID-19. To fight the pandemic, people are contributing masks through donation systems. Most existing systems are built on a centralized architecture which is prone to the single point of failure and lack of transparency. Blockchain-based solutions neglect fundamental privacy concerns (<italic>donation privacy</italic>) and security attacks (<italic>collusion attack, stealing attack</italic>). Moreover, current auditing solutions are not designed to achieve donation privacy, thus not appropriate in our context. In this work, we design a decentralized, anonymous, and secure auditing framework <italic>Astraea</italic> based on private smart contracts for donation systems. Specifically, we integrate a Distribute Smart Contract (DiSC) with an SGX Enclave to distribute donations, prove the integrity of donation number (intention) and donation sum while preserving donation privacy. With DiSC, we design a Donation Smart Contract to refund deposits and defend against the stealing attack the collusion attack from malicious collector and transponder. We formally define and prove the privacy and security of Astraea by using security reduction. We build a prototype of Astraea to conduct extensive performance analysis. Experimental results demonstrate that Astraea is practically efficient in terms of both computation and communication.

With the rapid technological advancement in the Internet of Things (IoT) and Internet of Vehicles (IoV), we witness exponential growth of Connected and Autonomous Vehicles (CAVs). However, these integrations of IoV with other technologies make the IoV network and its interaction between different network components highly complex. Therefore, ensuring the correct functioning of the firmware and software running on these next-generation vehicles becomes an essential requirement. A feasible method to address the aforementioned security issues is Remote Attestation (RA). However, the advancement in the attackers' approaches and the increased complexity, large network size, and vehicle mobility allow the attacks to bypass these security solutions, making RA less effective. In this paper, we propose LHASIoV, an attestation and healing protocol for IoV. LHASIoV has many features such as competent-wise (treats different entities of the system differently), geographical location-aware (traces forensics of security breaches and eases healing compromised vehicles), gradual healing (via slicing the healing software) of compromised vehicles, and resistance to single-point-of-failure. We provide proof-of-concept implementation and formal operational and security analysis for LHASIoV. To show its practical feasibility and effectiveness, we provide performance analysis by implementing it on the Omnetpp simulator. The simulation results show that for an IoV system that has 100 vehicles moving with a speed range of 15-25 mph, LHASIoV needed only 5.27 seconds to complete the vehicle's attestation. For this number of vehicles and compared to the existing protocols, LHASIoV reduced the communication and storage costs on average by 54.46% and 43.92%, respectively.

Internet of Medical Thing (IoMT) is an emerging technology in healthcare that can be used to realize a wide variety of medical applications. It improves people’s quality of life and makes it easier to care for the sick individuals in an efficient and safe manner. To do this, IoMT leverages the capabilities of some new technologies including IoT, Artificial Intelligence, cloud computing, computer networks and medicine. Combining these technologies to monitor the patient’s health conditions in real-time or semi-real-time is a critical challenge in IoMT. In this regard, one of the most crucial components of IoMT are network communication protocols that should provide a fast and reliable communication path between a connected biosensor to a patient and cloud computing environment. In this paper, we propose EQRSRL as an efficient routing mechanism for different types of IoMT applications. The aim of EQRSRL is to provide a reasonable level of Quality of Service (QoS) for IoMT traffics. To achieve this goal, it categorizes the network traffic into three classes and treats them differently concerning their QoS requirements. Moreover, EQRSRL divides the network environment into multiple zones to decrease the number of message exchange between the nodes. In order to compute optimal paths between the nodes, it considers QoS and energy metrics, and makes use of a reinforcement learning approach in path computation process. Simulation results show that the implementation of EQRSRL in IoMT is practical and leads to improvement of 82% in average energy consumption, 25% in end-to-end delay and 7% packet delivery ration in compared to the state-of-the-art routing techniques.

Security and privacy issues have become a major hindrance to the broad adoption of Ride-Hailing Services (RHSs). In this article, we introduce a new collusion attack initiated by the Ride-Hailing Service Provider (RHSP) and a driver that could easily link the real riders and their anonymous requests (credentials). Besides this attack, existing work requires heavy computations to execute user matching, and it is challenging for riders to verify matching results. Meanwhile, a malicious driver may cancel an assigned ride order due to its short distance. To address these issues, we present a RHS system named Nereus to support collusion resistance, efficiency, verifiability, and accountability. First, we integrate a smart contract into a Software Guard Extensions (SGX) enclave to establish a private smart contract for collusion resistance. We use a Bloom filter to achieve efficient matching. Second, we leverage privacy-preserving range query and Merkle proofs to make matching results verifiable. Meanwhile, we adopt short group signatures to provide anonymous authentication and deposit commitments to hold the runaway driver accountable. We formally state and prove the security and privacy of Nereus. We build a prototype based on Ethereum and SGX to conduct extensive performance analysis in regard to gas costs, computational costs, and communication overhead. Experimental results show that Nereus significantly improves over existing schemes in terms of computational costs.

Continuously generated volumes of health data make healthcare a data-intensive domain. This data needs to be collected, stored, and shared among different healthcare actors for various purposes, such as reporting, analysis, collaborative research, and personalized healthcare services. However, the existing data storage and exchange solutions in the healthcare domain exhibit several challenges related to e.g., data security, patient privacy, and interoperability. Recently, the industry and research community turned its focus to the possible use of blockchain technology to solve some of these challenges in the healthcare domain. The blockchain technology along with the support from smart contracts is considered a salient facilitator for secure and efficient health data sharing. This is due to its unique features, such as decentralization, trustlessness, immutability, traceability, and transparency. In this paper, we provide a comprehensive survey of the state-of-the-art efforts that envision the use of blockchain-based solutions in the healthcare domain. To this end, we introduce a systematic framework for classifying and analyzing such systems. The framework consists of classification in several dimensions: interactions between healthcare entities, functional components of healthcare storage systems, challenges in the healthcare domain that can be overcome by using the blockchain technology, and benefits for healthcare storage systems derived from the fundamental features of the technology. When analyzing over 40 systems and solutions proposed in the state-of-the-art, we perform their rigorous placement by identifying the exact scope of each solution and mapping it to the above taxonomies of interactions, functional components, challenges, and benefits. We additionally provide an extensive discussion of compliance with privacy-related regulations of General Data Protection Regulation (GDPR) in EU, and Health Insurance Portability and Accountability Act (HIPAA). Following the results of the analysis, we have outlined a number of important research gaps and future directions yet to be addressed.

Traffic monitoring services collect traffic reports and respond to users' traffic queries. However, the reports and queries may reveal the user's identity and location. Although different anonymization techniques have been applied to protect user privacy, a new security threat arises, namely, n-by-1 jamming attack, in which an anonymous contributing driver impersonates n drivers and uploads n normal reports by using n reporting devices. Such an attack will mislead the traffic monitoring service provider and further degrade the service quality. Existing traffic monitoring services do not support customized queries, and private information retrieval techniques cannot be applied directly in traffic monitoring. We formally define the new attack and propose a traffic monitoring scheme TraJ to defend the attack and achieve user-defined location privacy. Specifically, we bridge anonymous contributing drivers without disclosing their speed set by using private set intersection. Each RSU collects time traffic reports and structures a weighted proximity graph to filter out malicious colluding drivers. We design a user-defined privacy-preserving query method by encoding complex road network. We leverage the uploading phase from private aggregation to collect traffic conditions and allow requesting drivers to dynamically and privately query traffic conditions. We provide a formal analysis of TraJ to prove its privacy and security properties. We also construct a prototype based on a real-world dataset and Android smartphones to demonstrate its feasibility and efficiency. A formal analysis demonstrates the privacy and security properties. Extensive experiments illustrate the performance and defense efficacy.

Nowadays, the number of Distributed Denial of Service (DDoS) attacks is growing rapidly. The aim of these type of attacks is to make the prominent and critical services unavailable for legitimate users. HTTP flooding is one of the most common DDoS attacks and because of its implementation in application layer, it is difficult to detect and prevent by the current defense mechanisms. This attack not only makes the web servers unavailable, but consumes the computational resources of the network equipment and congests communication links. Recently, the advent of Software Defined Networking (SDN) paradigm has enabled the network providers to detect and mitigate application layer DDoS attacks such as HTTP flooding. In this paper, we propose a defense mechanism named HTTPScout which leverages the benefits of SDN together with Machine Learning (ML) techniques to detect and mitigate HTTP flooding attack. HTTPScout is implemented as a security module in RYU controller and monitors the behavior of HTTP traffic flows. Upon detecting a malicious flow, it blocks the source of the attack at the edge switch and preserves the network resources from the adversarial effects of the attack. Simulation results confirm that HTTPScout brings a significant improvement of 64% in bandwidth consumption and 80% in the number of forwarding rules compared to normal SDN.

As blockchain technology is gaining popularity in industry and society, solutions for Verification and Validation (V&V) of blockchain-based software applications (BC-Apps) have started gaining equal attention. To ensure that BC-Apps are properly developed before deployment, it is paramount to apply systematic V&V to verify their functional and non-functional requirements. While existing research aims at addressing the challenges of engineering BC-Apps by providing testing techniques and tools, blockchain-based software development is still an emerging research discipline, and therefore, best practices and tools for the V&V of BC-Apps are not yet sufficiently developed. In this paper, we provide a comprehensive survey on V&V solutions for BC-Apps. Specifically, using a layered approach, we synthesize V&V tools and techniques addressing different components at various layers of the BC-App stack, as well as across the whole stack. Next, we provide a discussion on the challenges associated with BC-App V&V, and summarize a set of future research directions based on the challenges and gaps identified in existing research work. Our study aims to highlight the importance of BC-App V&V and pave the way for a disciplined, testable, and verifiable BC development.

Shortest distance queries over large-scale graphs bring great benefits to various applications, i.e., save planning time and travelling expenses. To protect the sensitive nodes and edges in the graph, a user outsources an encrypted graph to an untrusted server without losing the query ability. However, no prior work has considered the user requirement of the shortest path with k unsorted nodes. In particular, we are concerned with how to securely find the shortest path by passing k nodes that do not have a fixed traverse order. To solve the problems, we propose Gespun (stands for Graph encryption for shortest path queries with k unordered nodes). It includes an oracle encryption scheme that is provably secure against the semi-honest server. Specifically, we compute the shortest paths and distances for all nodes locally to obtain path-distance oracles. We transform the shortest paths to a sequence of secure codes by using a pseudo-random permutation to protect the structure privacy. We encrypt the shortest distance by using additively homomorphic encryption. Second, we pack the oracles in link-list nodes and store them in an array-based dictionary after another permutation. Next, we construct a search graph to compute the shortest path while guaranteeing that the path passes the required k nodes. We formally prove that Gespun is adaptively semantically-secure in the random oracle. We implement a prototype of Gespun and evaluate its performance. Experiments results demonstrate that Gespun is efficient, e.g., a query over 6301 nodes, 20777 edges, and 5 unsorted nodes only needs 483 ms to get queried results. We believe that our research problem span new research that soon promotes a new line of graph encryption schemes.

Location-Based Services (LBSs) depend on a Service Provider (SP) to store data owners’ geospatial data and to process data users’ queries. For example, a Yelp user queries the SP to retrieve the k nearest Starbucks by submitting her/his current location. It is well-acknowledged that location privacy is vital to users and several prominent Secure k Nearest Neighbor (SkNN) query processing schemes are proposed. We observe that no prior work addresses the requirement of repetitive query after index update and its privacy issue, i.e., how to match a data item from the cloud repetitively in an oblivious and unlinkable manner. Meanwhile, a malicious SP may skip some data items and recommend others due to unfair competition. In this work, we formally define the repetitive query and its privacy objectives and present an Repetitive, Oblivious, and Unlinkable SkNN scheme ROU. Specifically, we design a multi-level structure to organize locations to further improve search efficiency. Second, we integrate data item identity into the framework of existing SkNN query processing. Data owners encrypt their data item identity and location information into a secure index, and data users encrypt a customized identity range of a previously retrieved data item and location information into a token. Next, the SP uses the token to query the secure index to find the specific data item via privacy-preserving range querying. We formally prove the privacy of ROU in the random oracle model. We build a prototype based on a server to evaluate the performance with a real-world dataset. Experimental results show that ROU is efficient and practical in terms of computational cost, communication overhead, and result verification.

Ride-Hailing Service (RHS) has drawn plenty of attention as it provides transportation convenience for riders and financial incentives for drivers. Despite these benefits, riders risk the exposure of sensitive location data during ride requesting to an untrusted Ride-Hailing Service Provider (RHSP). Our motivation arises from repetitive matching, i.e., the same driver is repetitively assigned to the same rider. Meanwhile, we introduce a driver exclusion function to protect riders' location privacy. Existing work on privacy-preserving RHS overlooks this function. While Secure k Nearest Neighbor (SkNN) facilitates efficient matching, the state-of-the-art neglects a collusion attack. To solve this problem, we formally define repetitive matching and strong location privacy, and propose Mnemosyne: privacy-preserving ride matching with collusion-resistant driver exclusion. We extend the simple integration of equality checking and item exclusion to a dynamic integration. We concatenate each prefix of an acceptable identity range to each location code when generating a ride request, i.e., secure mix index. We process each prefix of the driver identity to generate a ride response, i.e., a mix token. We build an indistinguishable Bloom-filter as an index to query the token. When matching riders with drivers, the colluding parties cannot distinguish identity prefixes from location codes. We build a prototype of Mnemosyne based on servers, smartphones, and a real-world dataset. Experimental results demonstrate that Mnemosyne outperforms existing work regarding strong location privacy and computational costs.