With the rapid development of unmanned aerial vehicles (UAVs), often referred to as drones, their security issues are attracting more and more attention. Due to open-access communication environments, UAVs may raise security concerns, including authentication threats as well as the leakage of location and other sensitive data to unauthorized entities. Elliptic curve cryptography (ECC) is widely favored in authentication protocol design due to its security and performance. However, we found it still has the following two problems: inflexibility and a lack of backward security. This paper proposes an ECC-based identity authentication protocol LAPEC for UAVs. LAPEC can guarantee the backward secrecy of session keys and is more flexible to use. The time cost of LAPEC was analyzed, and its overhead did not increase too much when compared with other authentication methods.

As the threats to the Internet of Things (IoT) continue to increase, access control is widely used in various IoT information systems. However, due to the shortcomings of IoT devices such as low computing power, it is impossible to use high-performance methods to control user access. Although the emergence of the blockchain provides another way of thinking for access control, the implementation based on the blockchain requires the device to complete the proof of work (PoW) and requires the device to have high computing power. At the same time, most access control schemes existing today are intended for users to use alone, which cannot be applied to the field of multi-user coordinated access. Therefore, this paper proposes a multi-user collaborative access control scheme based on a new hash chain, which uses the identity information of multiple users as the seed value to construct the hash chain, and uses the hash chain as the PoW of the blockchain. An efficiency analysis showed that this method requires only a small amount of hash value calculation and can be applied to IoT systems with low computing power. The security analysis shows that the scheme can resist a variety of attack methods and has high security.

The internet of things (IoT) has recently received much attention due to its revolutionary potential. The internet of things facilitates data interchange in a large number of possible applications, including smart transportation, smart health, smart buildings, and so on. As a result, these application domains can be grouped to form smart life. In response to the IoT's rapid growth, cybercriminals and security professionals are racing to keep up. Billions of connected devices can exchange sensitive information with each other. As a result, securing IoT and protecting users' privacy is a huge concern. A session for communication in a network is established by authenticating and validating the device's identity and checking whether it is a legal device. The IoT technology can be used for various applications only if challenges related to IoT security can be overcome.

Today, cloud storage services increased the popular for data storage in the cloud and retrieve from any location without any time limitations. One of the most important demands required in cloud is secured data transmission in un-trusted cloud applications. Particularly, secure and efficient multiparty communications in Untrusted Cloud Environments (UCE) attract widespread attentions. The equipment used in UCE have the particularity of being heterogeneous and UCE communication environment are asynchronous networks in which multiple users cannot transmit their messages simultaneously. How to ensure secure communication between these heterogeneous intelligent devices is a major challenge for multiparty communication applied in UCE. In such an asynchronous environment, the asynchronous transmission can cause security problems in cryptographic functions. Therefore, how to implement rational secret sharing (RSS) in an asynchronous model of the UCE networks has become a burning research topic. The RSS refers to finding a solution composed of strategies to encourage players in the secret reconstruction to act honestly even players are rational to act for their own interest. If each player plays the game for the best response to the best response of other players, the game is in Nash equilibrium. The objective of an RSS is to achieve the Nash equilibrium state corresponding to the global optima. In this paper, we propose an information-theoretic secure RSS in asynchronous model for UCE. Our design uses Petersen’s VSS to allow every player to divide his share into multiple pieces for other players. Then, shares can be revealed asynchronously. If any player acts maliciously, his share can be recovered by other players. This feature can encourage players to act honestly since any malicious action (i.e., either revealing a fake share or refusing to release one) is useless. Our scheme is practically valuable for secure group-oriented applications in UCE.

We present a detailed survey of the Zero Trust (ZT) security paradigm which has a growing number of advocates in the critical infrastructure risk management space. The article employs a descriptive approach to present the fundamental tenets of ZT and provides a review of numerous potential options available for successful realization of this paradigm. We describe the role of authentication and access control in Zero Trust Architectures (ZTA) and present an in-depth discussion of state-of-the-art techniques for authentication and access control in different scenarios. Furthermore, we comprehensively discuss the conventional approaches to encryption, micro-segmentation, and security automation available for instantiating a ZTA. The article also details various challenges associated with contemporary authentication mechanisms, access control schemes, trust and risk computation techniques, micro-segmentation approaches, and Software-Defined Perimeter, that can impact the implementation of ZT in its true sense. Based upon our analysis, we finally pinpoint the potential future research directions for successful realization of ZT in critical infrastructures.

Aiming at the problems of poor uniqueness and high resource consumption of slice after the implementation of Arbiter physical unclonable function (Arbiter PUF) on field programmable gate array (FPGA), a new improved scheme of switch component structure is proposed. The switch component structure of the improved scheme adopts the parallel-connected mode to improve the uniqueness of the circuit, which avoids the cross-connected mode unable to achieve symmetrical layout on FPGA. At the same time, the improved scheme uses lookup tables to construct the structure of programmable delay line (PDL) with a multiplexer (MUX), which can reduce the internal resource consumption of slice while receiving the same 64-bit challenges. The improved scheme was tested on FPGA boards, the uniqueness and steadiness of different switch component schemes are compared and analyzed, and the feasibility of the improved scheme is verified. The results show that in the generation of Arbiter PUF, compared with the conventional scheme, the improved scheme reduces the resource consumption and improves the uniqueness by 22.2%; Compared with the MUX + MUX scheme, the improved scheme saves 50% of resource consumption while maintaining good uniqueness.

Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy.

The connectivity and intelligence of Internet of Things (IoT) equipment offer improved services, but several technical challenges have emerged in recent years that hinder the widespread application of IoT, e.g., security and safety. Cyber-security and privacy countermeasures are widely used in IoT equipment, and many studies have been conducted. However, an important aspect that is often overlooked in security literature is IoT equipment’s physical security and safety, namely, preventing IoT equipment from vandalism and theft. Therefore, this article provides an overview of IoT equipment’s physical security and safety to draw attention to new research opportunities in this area. Afterward, we discuss, among other aspects, antitheft and antivandalism schemes along with circuit and system design, additional sensing devices, biometry and behavior analysis, and tracking methods. Besides, we summarize the artificial intelligence solutions for the physical security and safety of IoT equipment. Finally, we conclude with four future research opportunities.

Within vehicles, the Controller Area Network (CAN) allows efficient communication between the electronic control units (ECUs) responsible for controlling the various subsystems. The CAN protocol was not designed to include much support for secure communication. The fact that so many critical systems can be accessed through an insecure communication network presents a major security concern. Adding security features to CAN is difficult due to the limited resources available to the individual ECUs and the costs that would be associated with adding the necessary hardware to support any additional security operations without overly degrading the performance of standard communication. Replacing the protocol is another option, but it is subject to many of the same problems. The lack of security becomes even more concerning as vehicles continue to adopt smart features. Smart vehicles have a multitude of communication interfaces an attacker could exploit to gain access to the networks. In this work, we propose a security framework that is based on physically unclonable functions (PUFs) and lightweight cryptography (LWC). The framework does not require any modification to the standard CAN protocol while also minimizing the amount of additional message overhead required for its operation. The improvements in our proposed framework result in major reduction in the number of CAN frames that must be sent during operation. For a system with 20 ECUs, for example, our proposed framework only requires 6.5% of the number of CAN frames that is required by the existing approach to successfully authenticate every ECU.

The number of global Internet of Things devices has increased rapidly and has a wide range of application markets. Access authentication methods for massive heterogeneous IoT devices are complicated, and central servers and trusted platforms cannot take effective measures against tampered devices. Analyzing the problems and challenges faced by IoT devices, this paper proposes a unified authentication scheme for IoT blockchain devices based on PUF. The PUF model is used to authenticate IoT devices, and the model parameters are decomposed into various parts and stored in each node in the blockchain. The homomorphic hash function is used to aggregate the partial authentication response values generated by the distribution in the invisible case to complete the authentication of the device information. It solves the complex and diverse problems of device authentication schemes and realizes the credibility and security of devices data sources and devices information storage stability. Finally, the functional analysis confirmed that the scheme is practical and executable.

Fog computing and the Internet of Things (IoT) played a crucial role in storing data in the third-party server. Fog computing provides various resources to collect data by managing data security. However, intermediate attacks and data sharing create enormous security challenges like data privacy, confidentiality, authentication, and integrity issues. Various researchers introduce several cryptographic techniques; security is still significant while sharing data in the distributed environment. Therefore, in this paper, Code-Based Encryption with the Energy Consumption Routing Protocol (CBE-ECR) has been proposed for managing data security and data transmission protocols using keyed-hash message authentication. Initially, the data have been analyzed, and the distributed cluster head is selected, and the stochastically distributed energy clustering protocol is utilized for making the data transmission. Code-driven cryptography relies on the severity of code theory issues such as disorder demodulation and vibration required to learn equivalence. These crypto-systems are based on error codes to build a single-way function. The encryption technique minimizes intermediate attacks, and the data have protected all means of transmission. In addition to data security management, the introduced CBE-ECR reduces unauthorized access and manages the network lifetime successfully, leading to the effective data management of 96.17% and less energy consumption of 21.11% than other popular methods.The effectiveness of the system is compared to the traditional clustering techniques.

A Physical Unclonable Function (PUF) provides a physical device a unique output for a given input, which can be regarded as the device’s digital fingerprint. Thus, PUFs can provide unique identities for billions of connected devices in Internet of Things (IoT) architectures. Plenty of PUF based authenticated key exchange (AKE) protocols have been proposed. However, most of them are designed for the authentication between an IoT node and the specific server/verifier, whom the IoT node registered with. Only a few of them are designed for the authentication between IoT nodes, and all these protocols need verifiers or explicit Challenge-Response Pairs (CRPs). In this paper, we propose the first PUF based AKE protocol for IoT without verifiers and explicit CRPs, which IoT nodes can freely authenticate each other and create a session key on their own without the help of any server or verifier. We compare the proposed protocol with 27 relevant PUF based AKE protocols to show the superiority, and analyze the computational cost of each entity in the proposed protocol to show the efficiency. We define the adversarial model of a PUF based AKE protocol for IoT and formally prove the security of the proposed protocol in random oracle model. The security of the proposed protocol is based on the Elliptic Curve Discrete Logarithm (ECDL), Elliptic Curve Computational Diffie-Hellman (ECCDH), and Decisional Bilinear Diffie-Hellman (DBDH) assumptions.

With the development of Internet of Things (IoT) technologies, more and more smart devices are connected to the Internet. Since these devices were designed for better connections with each other, very limited security mechanisms have been considered. It would be costly to develop separate security mechanisms for the diverse behaviors in different devices. Given new and changing devices and attacks, it would be helpful if the characteristics of diverse device types could be dynamically learned for better protection. In this paper, we propose a machine learning approach to device type identification through network traffic analysis for anomaly detection in IoT. Firstly, the characteristics of different device types are learned from their generated network packets using supervised learning methods. Secondly, by learning important features from selected device types, we further compare the effects of unsupervised learning methods including One-class SVM, Isolation forest, and autoencoders for dimensionality reduction. Finally, we evaluate the performance of anomaly detection by transfer learning with autoencoders. In our experiments on real data in the target factory, the best performance of device type identification can be achieved by XGBoost with an accuracy of 97.6%. When adopting autoencoders for learning features from the network packets in Modbus TCP protocol, the best F1 score of 98.36% can be achieved. Comparable performance of anomaly detection can be achieved when using autoencoders for transfer learning from the reference dataset in the literature to our target site. This shows the potential of the proposed approach for automatic anomaly detection in smart factories. Further investigation is needed to verify the proposed approach using different types of devices in different IoT environments.

With the development of Industrial Internet of Things (IIoT) technologies, there are more and more diverse smart devices and sensors connected in smart factories. Since these devices are only designed for connection with each other, they usually have very limited security mechanism. Also, due to the diverse behaviors for different devices, it would be difficult to design individual security mechanism manually. To detect potential threats on these devices, machine learning methods might be helpful to learn the diverse behaviors from their generated packets for identifying device types. In this paper, we propose a machine learning approach to automatic device identification and anomaly detection through network traffic analysis. First, we utilize both unsupervised and supervised learning for identifying different types of IoT devices. Second, based on the model learned from device identification module, we conduct feature selection to improve classification performance for anomaly detection. In our experiments on real data in a smart factory, the performance of device identification using supervised learning outperforms that of unsupervised learning. The best performance can be obtained for XGBoost with the best accuracy of 97.6% and micro-averaging F1 score of 97.6%. Also, in the emulated attacks on real devices, gradient boosted decision trees were found useful in anomaly detection, which gives an accuracy of 99.997% with the F1 score of 99.995%. This shows the potential of the proposed approach for anomaly detection in smart factories. Further investigation is needed to verify the proposed approach using more types of devices and network attacks.

Smart speakers, such as Alexa and Google Home, support daily activities in smart home environments. Even though voice commands enable friction-less interactions, existing financial transaction authorization mechanisms hinder usability. A non-invasive authorization by leveraging presence and light sensors’ data is proposed in order to replace invasive procedure through smartphone notification. The Coloured Petri Net model was created for synthetic data generation, and one month data were collected in test bed with real users. Random Forest machine learning models were used for smart home behavior information retrieval. The LSTM prediction model was evaluated while using test bed data, and an open dataset from CASAS. The proposed authorization mechanism is based on Physical Unclonable Function usage as a random number generator seed in a Challenge Response protocol. The simulations indicate that the proposed scheme with specialized autonomous device could halve the total response time for low value financial transactions triggered by voice, from 7.3 to 3.5 s in a non-invasive manner, maintaining authorization security.

The proliferation of the Internet of Things (IoT) caused new application needs to emerge as rapid response ability is missing in the current IoT end-devices. Therefore, Fog Computing has been proposed to be an edge component for the IoT networks as a remedy to this problem. In recent times, cyber-attacks are on the rise, especially towards infrastructure-less networks, such as IoT. Many botnet attack variants (Mirai, Torii, etc.) have shown that the tiny microdevices at the lower spectrum of the network are becoming a valued participant of a botnet, for further executing more sophisticated attacks against infrastructural networks. As such, the fog devices also need to be secured against cyber-attacks, not only software-wise, but also from hardware alterations and manipulations. Hence, this article first highlights the importance and benefits of fog computing for IoT networks, then investigates the means of providing hardware security to these devices with an enriched literature review, including but not limited to Hardware Security Module, Physically Unclonable Function, System on a Chip, and Tamper Resistant Memory.