With the fast development of industrial Internet of things (IIoT), a large amount of data is being generated continuously by different sources. Storing all the raw data in the IIoT devices locally is ...unwise considering that the end devices' energy and storage spaces are strictly limited. In addition, the devices are unreliable and vulnerable to many threats because the networks may be deployed in remote and unattended areas. In this paper, we discuss the emerging challenges in the aspects of data processing, secure data storage, efficient data retrieval and dynamic data collection in IIoT. Then, we design a flexible and economical framework to solve the problems above by integrating the fog computing and cloud computing. Based on the time latency requirements, the collected data are processed and stored by the edge server or the cloud server. Specifically, all the raw data are first preprocessed by the edge server and then the time-sensitive data (e.g., control information) are used and stored locally. The non-time-sensitive data (e.g., monitored data) are transmitted to the cloud server to support data retrieval and mining in the future. A series of experiments and simulation are conducted to evaluate the performance of our scheme. The results illustrate that the proposed framework can greatly improve the efficiency and security of data storage and retrieval in IIoT.
Crowd intelligence tries to gather, process, infer, and ascertain massive useful information by utilizing the intelligence of crowds or distributed computers, which has great potential in Industrial ...Internet of Things. A crowd-intelligence ecosystem involves three stakeholders, namely the platform, workers (e.g., individuals, sensors, or processors), and task publisher. The stakeholders have no mutual trust but interest conflict, which means bad cooperation of them. Due to lack of trust, transferring raw data (e.g., pictures or video clips) between publisher and workers requires the remote platform center to serve as a relay node, which implies network congestion. First, we use a reward-penalty model to align the incentives of stakeholders. Then the predefined rules are implemented using blockchain smart contract on many edge servers (ES) of the mobile edge computing network, which together function as a trustless hybrid human-machine crowd-intelligence platform. As ES are near to workers and publisher, network congestion can be effectively improved. Further, we proved the existence of the only one strong Nash equilibrium, which can maximize the interests of involved ES and make the ecosystem bigger. Theoretical analysis and experiments validate the proposed method, respectively.
Low-rate Denial of Service (LDoS) attack is a special DoS attack. The routing protocol is vulnerable to many types of attacks in a wireless sensor network (WSN), which is an important network type of ...the Internet of Things (IoT). The novel LDoS attack to the routing protocol is proposed to evaluate the security and trust mechanism in the WSN. In fact, the LDoS attack is difficult to be detected due to its small-signal characteristics, so it is a serious threat to the security and trust of the WSN. A Hilbert-Huang transform (HHT) time-frequency joint analysis approach is utilized to analyze the non-stationary small signal that is produced by the LDoS attack. However, false intrinsic mode function (IMF) components are the challenge problems to precisely detect the LDoS attack. Correlation coefficient and Kolmogorov-Smirnov (KS) test approaches are united to evaluate the trustworthy of IMF components and exclude the false IMF components. Hilbert-Huang transformation and trust evaluation approaches are combined to detect the novel LDoS attack in Zigbee WSN. CC2530 system-on-chip integrated with ZigBee protocol is utilized to build a wireless sensor node. Random routing REQuest (RREQ) flooding attack is used to implement the routing layer LDoS attack in Zigbee WSN. If the correlation coefficient value of IMF component relative to original traffic is more than 0.3 and the KS similarity probability value of the IMF component relative to the original traffic is more than 0.4, the IMF component is identified as high trust IMF components that will be used to detect LDoS attack. If the IMF component only satisfies one of the trust evaluation conditions, the IMF component is identified as low trust IMF component. Otherwise, the IMF component is the false IMF component. We have proposed a scalable LDoS attack detection architecture for both WSN and IoT. The experimental results demonstrate that the novel approach is highly effective to detect the LDoS attack in the ZigBee WSN.
Vehicular ad hoc networks (VANETs) are gaining more and more interest in intelligence transportation system research fields. They allow optimized traffic management due to improved vehicle resource ...usage and real-time information exchanges. However, being in an open environment introduces different security and privacy challenges. Attackers can sniff radio signals and forge the transmitted information leading to sensitive data leaking or compromising. This paper examines the preservation of privacy information in VANET communications. We use the Active Bundle (AB) for vehicle authentication and data preservation based on software-defined networks (SDNs). Our proposal benefits from the SDN infrastructure to guarantee fluent centralized management while using the AB guarantees data integrity and confidentiality throughout its entire lifecycle. Analytical studies and simulations show that our solution efficiently preserves VANET users' privacy with minimal effects on network transmission quality.
We propose a new architecture for on-demand media streaming centered around the peer-to-peer (P2P) paradigm. The key idea of the architecture is that peers
share some of their resources with the ...system. As peers contribute resources to the system, the overall system capacity increases and more clients can be served. The proposed architecture employs several novel techniques to: (1) use the
often-underutilized peers’ resources, which makes the proposed architecture both deployable and cost-effective, (2) aggregate contributions from multiple peers to serve a requesting peer so that supplying peers are not overloaded, (3) make a good use of peer heterogeneity by assigning relatively more work to the powerful peers, and (4) organize peers in a
network-aware fashion, such that nearby peers are grouped into a logical entity called a
cluster. The network-aware peer organization is validated by statistics collected and analyzed from real Internet data. The main benefit of the network-aware peer organization is that it allows to develop efficient searching (to locate nearby suppliers) and dispersion (to disseminate new files into the system) algorithms. We present network-aware searching and dispersion algorithms that result in: (i) fast dissemination of new media files, (ii) reduction of the load on the underlying network, and (iii) better streaming service.
We demonstrate the potential of the proposed architecture for a large-scale on-demand media streaming service through an extensive simulation study on large, Internet-like, topologies. Starting with a limited streaming capacity (hence, low cost), the simulation shows that the capacity rapidly increases and many clients can be served. This occurs for all studied arrival patterns, including constant rate arrivals, flash crowd arrivals, and Poisson arrivals. Furthermore, the simulation shows that a reasonable client-side initial buffering of 10–20 s is sufficient to ensure full quality playback even in the presence of peer failures.
This article presents a novel invisible robust watermarking scheme for embedding and extracting a digital watermark in an image. The novelty lies in determining a perceptually important subimage in ...the host image. Invisible insertion of the watermark is performed in the most significant region of the host image such that tampering of that portion with an intention to remove or destroy will degrade the esthetic quality and value of the image. One feature of the algorithm is that this subimage is used as a region of interest for the watermarking process and eliminates the chance of watermark removal. Another feature of the algorithm is the creation of a compound watermark using the input user watermark (logo) and attributes of the host image. This facilitates the homogeneous fusion of a watermark with the cover image, preserves the quality of the host image, and allows robust insertion-extraction. Watermark creation consists of two distinct phases. During the first phase, a statistical image is synthesized from a perceptually important subimage of the image. A compound watermark is created by embedding a watermark (logo) into the statistical synthetic image by using a visible watermarking technique. This compound watermark is invisibly embedded into the important block of the host image. The authentication process involves extraction of the perceptive logo as well statistical testing for two-layer evidence. Results of the experimentation using standard benchmarks demonstrates the robustness and efficacy of the proposed watermarking approach. Ownership proof could be established under various hostile attacks.
An adversary can deploy parasitic sensor nodes into wireless sensor networks to collect radio traffic distributions and trace back messages to their source nodes. Then, he can locate the monitored ...targets around the source nodes with a high probability. In this paper, a Source-location privacy Protection scheme based on Anonymity Cloud (SPAC) is proposed. We first design a light-weight <inline-formula> <tex-math notation="LaTeX">(\ {t},\ {n}) </tex-math></inline-formula>-threshold message sharing scheme and map the original message to a set of message shares which are shorter in length and can be processed and delivered with minimal energy consumption. Based on the shares, the source node constructs an anonymity cloud with an irregular shape around itself to protect its location privacy. Specifically, an anonymity cloud is a set of active nodes with similar radio actions and they are statistically indistinguishable from each other. The size of the cloud is controlled by the preset number of hops that the shares can walk in the cloud. At the border of the cloud, the fake source nodes independently send the shares to the sink node through proper routing algorithms. At last, the original message can be recovered by the sink node once at least <inline-formula> <tex-math notation="LaTeX">\ {t} </tex-math></inline-formula> shares are received. The simulation results demonstrate that the SPAC can strongly protect the source-location privacy in an efficient manner. Moreover, the message sharing mechanism of SPAC increases the confidentiality of network data and it also brings high tolerance for the failures of sensor nodes to the data transmission process.
Secure document storage and retrieval is one of the hottest research directions in cloud computing. Though many searchable encryption schemes have been proposed, few of them support efficient ...retrieval over the documents which are encrypted based on their attributes. In this paper, a hierarchical attribute-based encryption scheme is first designed for a document collection. A set of documents can be encrypted together if they share an integrated access structure. Compared with the ciphertext-policy attribute-based encryption schemes, both the ciphertext storage space and time costs of encryption/decryption are saved. Then, an index structure named attribute-based retrieval features (ARF) tree is constructed for the document collection based on the TF-IDF model and the documents' attributes. A depth-first search algorithm for the ARF tree is designed to improve the search efficiency which can be further improved by parallel computing. Except for the document collections, our scheme can be also applied to other datasets by modifying the ARF tree slightly. A thorough analysis and a series of experiments are performed to illustrate the security and efficiency of the proposed scheme.
In many scenarios, the locations of monitored targets need to be reported by source nodes, but should remain anonymous in wireless sensor networks. Source-location privacy protection is an important ...research topic. Many schemes have been designed based on different adversarial models. In this paper, a scheme named Source-location Privacy Full Protection (SPFP) is proposed. We consider a more practical adversarial model — a smart adversary — which is a combination of global and local models. To defend against the new adversary, first, we design a lightweight message sharing scheme that is based on congruence equations. Second, each message is mapped to a set of shares. The short lengths of the shares enable them to be processed and transmitted in an energy-efficient manner. The correctness and security of the scheme are proved in theorems. In addition, the proposed message sharing scheme can tolerate the unreliability of the sensor nodes and provides a more reliable data transmission mechanism for networks. Third, the source node constructs a cloud around itself based on the shares and dummy packages to hide its location. The radio actions of the nodes in the cloud are carefully arranged to conceal the real shares from the adversaries and render the nodes in the cloud statistically indistinguishable. Last, a random routing algorithm is seamlessly integrated into our scheme to deliver the real shares from the fake source nodes to the sink node, where the original message is reconstructed based on the received shares. The simulation results illustrate that our scheme can provide adequate protection of source-location privacy with a slight increase in energy consumption.
With the development of cloud computing, more and more data owners are motivated to outsource their documents to the cloud and share them with the authorized data users securely and flexibly. To ...protect data privacy, the documents are generally encrypted before being outsourced to the cloud and hence their searchability decreases. Though many privacy-preserving document search schemes have been proposed, they cannot reach a proper balance among functionality, flexibility, security and efficiency. In this paper, a new encrypted document retrieval system is designed and a proxy server is integrated into the system to alleviate data owner's workload and improve the whole system's security level. In this process, we consider a more practical and stronger threat model in which the cloud server can collude with a small number of data users. To support multiple document search patterns, we construct two AVL trees for the filenames and authors, and a Hierarchical Retrieval Features tree (HRF tree) for the document vectors. A depth-first search algorithm is designed for the HRF tree and the Enhanced Asymmetric Scalar-Product-Preserving Encryption (Enhanced ASPE) algorithm is utilized to encrypt the HRF tree. All the three index trees are linked with each other to efficiently support the search requests with multiple parameters. Theoretical analysis and simulation results illustrate the security and efficiency of the proposed framework.
PDF
