Special Issue "Symmetry and Asymmetry Applications for Internet of Things Security and Privacy "

A special issue of Symmetry (ISSN 2073-8994).

Deadline for manuscript submissions: closed (15 March 2020).

Special Issue Editors

Dr. Weizhi Meng
Website
Guest Editor
Department of Applied Mathematics and Computer Science, Technical University of Denmark (DTU), Lyngby 2800, Denmark
Interests: cyber security; malware and vulnerability analysis; intrusion detection; biometric authentication and security; trust computation
Special Issues and Collections in MDPI journals
Dr. Georgios Kambourakis

Guest Editor

Special Issue Information

Dear Colleagues,

Nowadays, embedded systems have become an essential part of modern life. It is predicted that, in the near future, over 90% of computer applications will be embedded systems, and most of them will be small in size, with very low power consumption and high performance. Embedded systems is the keystone for the realization and deployment of a plethora of Internet of Things (IoT) products and applications for both consumer and industrial markets. In fact, the ability of “things” (along with sensors and actuators) to inter-operate within the existing Internet infrastructure paves the way toward the Internet of Everything (IoE), and gives momentum to modern technologies, including smart grids, smart homes, intelligent transportation, and smart cities.

However, IoT brings along major challenges regarding the security and privacy of the underlying systems and processes. For instance, certain IoT applications can be tightly linked to sensitive infrastructures and strategic services, such as the distribution of water and electricity. The array of challenges include ways to securing constrained objects, authenticate and authorize objects, manage object updates, secure communication, safeguard data privacy and integrity, detect and manage vulnerabilities, incidents, etc. These challenges are expected to worsen due to several reasons pertaining to a) the number of these “things”, which is expected to reach 30 billion objects by 2020, b) the unattended, complex, and often hostile environments in which these objects frequently operate, c) the complexity of the hardware/software IoT platforms and the communication processes involving both human-to-machine and machine-to-machine interactions, and d) the absence of standardization.

The goal of this special issue is to address the aforementioned challenges and foster the

dissemination of the latest technologies, solutions, case studies, and prototypes regarding IoT

security and privacy. Only high-quality articles describing previously unpublished, original, state-of-the-art research, and not currently under review by a conference or journal will be considered.

Dr. Weizhi Meng
Dr. Georgios Kambourakis
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Symmetry is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Post-quantum security for IoT
  • Secure design for IoT
  • Efficient implementation of cryptographic algorithms; Side-channel analysis for IoT devices
  • Security analysis and audit for IoT
  • Privacy and anonymization techniques in IoT
  • Trust management architectures
  • Lightweight security solutions
  • Survivability and performance modelling for IoT Encryption, authentication, availability assurance for IoT
  • Authentication and access control in IoT Identification and biometrics in IoT
  • Formal methods Symmetry technologies for IoT
  • Asymmetry technologies for IoT Intrusion detection and prevention techniques for IoT

Published Papers (22 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Open AccessArticle
A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment
Symmetry 2020, 12(1), 150; https://doi.org/10.3390/sym12010150 - 10 Jan 2020
Abstract
The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime [...] Read more.
The integration of Internet of things (IoT) and cloud computing technology has made our life more convenient in recent years. Cooperating with cloud computing, Internet of things can provide more efficient and practical services. People can accept IoT services via cloud servers anytime and anywhere in the IoT-based cloud computing environment. However, plenty of possible network attacks threaten the security of users and cloud servers. To implement effective access control and secure communication in the IoT-based cloud computing environment, identity authentication is essential. In 2016, He et al. put forward an anonymous authentication scheme, which is based on asymmetric cryptography. It is claimed that their scheme is capable of withstanding all kinds of known attacks and has good performance. However, their scheme has serious security weaknesses according to our cryptanalysis. The scheme is vulnerable to insider attack and DoS attack. For overcoming these weaknesses, we present an improved authentication and key agreement scheme for IoT-based cloud computing environment. The automated security verification (ProVerif), BAN-logic verification, and informal security analysis were performed. The results show that our proposed scheme is secure and can effectively resist all kinds of known attacks. Furthermore, compared with the original scheme in terms of security features and performance, our proposed scheme is feasible. Full article
Show Figures

Figure 1

Open AccessArticle
Towards an Efficient Privacy-Preserving Decision Tree Evaluation Service in the Internet of Things
Symmetry 2020, 12(1), 103; https://doi.org/10.3390/sym12010103 - 06 Jan 2020
Cited by 1
Abstract
With the fast development of the Internet of Things (IoT) technology, normal people and organizations can produce massive data every day. Due to a lack of data mining expertise and computation resources, most of them choose to use data mining services. Unfortunately, directly [...] Read more.
With the fast development of the Internet of Things (IoT) technology, normal people and organizations can produce massive data every day. Due to a lack of data mining expertise and computation resources, most of them choose to use data mining services. Unfortunately, directly sending query data to the cloud may violate their privacy. In this work, we mainly consider designing a scheme that enables the cloud to provide an efficient privacy-preserving decision tree evaluation service for resource-constrained clients in the IoT. To design such a scheme, a new secure comparison protocol based on additive secret sharing technology is proposed in a two-cloud model. Then we introduce our privacy-preserving decision tree evaluation scheme which is designed by the secret sharing technology and additively homomorphic cryptosystem. In this scheme, the cloud learns nothing of the query data and classification results, and the client has no idea of the tree. Moreover, this scheme also supports offline users. Theoretical analyses and experimental results show that our scheme is very efficient. Compared with the state-of-art work, both the communication and computational overheads of the newly designed scheme are smaller when dealing with deep but sparse trees. Full article
Show Figures

Figure 1

Open AccessArticle
Internet of Things Meets Vehicles: Sheltering In-Vehicle Network through Lightweight Machine Learning
Symmetry 2019, 11(11), 1388; https://doi.org/10.3390/sym11111388 - 08 Nov 2019
Cited by 1
Abstract
An internet of vehicles allows intelligent automobiles to interchange messages with other cars, traffic management departments, and data analysis companies about vehicle identification, accident detection, and danger warnings. The implementation of these features requires Internet of Things system support. Smart cars are generally [...] Read more.
An internet of vehicles allows intelligent automobiles to interchange messages with other cars, traffic management departments, and data analysis companies about vehicle identification, accident detection, and danger warnings. The implementation of these features requires Internet of Things system support. Smart cars are generally equipped with many (hundreds or even thousands of) sensors and microcomputers so that drivers gain more information about travel. The connection between the in-vehicle network and the Internet can be leveraged by the attackers in a malicious manner and thus increases the number of ways the in-vehicle network can now be targeted. Protecting increasingly intelligent vehicle systems becomes more difficult, especially because a network of many different devices makes the system more vulnerable than ever before. The paper assumes a generic threat model in which attackers can access the controller area network (CAN) bus via common access points (e.g., Bluetooth, OBD-II, Wi-Fi, physical access, and cellular communication, etc). A machine learning based simplified attention (SIMATT)-security control unit (SECCU) symmetry framework is proposed towards a novel and lightweight anomaly detecting mechanism for the in-vehicle network. For this framework, we propose two new models, SECCU and SIMATT, and obtain state-of-the-art anomaly detecting performance when fusing the former to the latter. Regardless of the training phase or the detection phase, we strive to minimize the computational cost and thereby obtain a lightweight anomaly detection method. In particular, the SECCU model has only one layer of 500 computing cells and the SIMATT model has been improved to reduce its computational costs. Through substantial experiment comparisons (with various classical algorithms, such as LSTM, GRU, GIDS, RNN, or their variations), it is demonstrated that the SIMATT-SECCU framework achieves an almost optimal accuracy and recall rate. Full article
Show Figures

Figure 1

Open AccessArticle
A Lightweight and Provable Secured Certificateless Signcryption Approach for Crowdsourced IIoT Applications
Symmetry 2019, 11(11), 1386; https://doi.org/10.3390/sym11111386 - 08 Nov 2019
Cited by 1
Abstract
Industrial Internet of Things (IIoT) is a new type of Internet of Things (IoT), which enables sensors to merge with several smart devices to monitor machine status, environment, and collect data from industrial devices. On the other hand, cloud computing provides a good [...] Read more.
Industrial Internet of Things (IIoT) is a new type of Internet of Things (IoT), which enables sensors to merge with several smart devices to monitor machine status, environment, and collect data from industrial devices. On the other hand, cloud computing provides a good platform for storing crowdsourced data of IIoT. Due to the semi-trusted nature of cloud computing and communication through open channels, the IIoT environment needs security services such as confidentiality and authenticity. One such solution is provided by the identity-based signcryption. Unfortunately, the identity-based signcryption approach suffers from the key escrow problem. Certificateless signcryption is the alternative of identity-based signcryption that can resolve the key escrow problem. Here, we propose a lightweight certificateless signcryption approach for crowdsourced IIoT applications with the intention of enhancing security and decreasing the computational cost and communication overhead. The security and efficiency of the proposed approach are based on the hyper elliptic curve cryptosystem. The hyper elliptic curve is the advance version of the elliptic curve having small parameters and key size of 80 bits as compared to the elliptic curve which has 160-bits key size. Further, we validate the security requirements of our approach through automated validation of Internet security protocols and applications (AVISPA) tool with the help of high level protocol specification language (HLPSL). Moreover, our lightweight and secured scheme will attract low resource devices and will become a perk in the environment of IIoT. Full article
Show Figures

Figure 1

Open AccessArticle
Security-Oriented Architecture for Managing IoT Deployments
Symmetry 2019, 11(10), 1315; https://doi.org/10.3390/sym11101315 - 19 Oct 2019
Abstract
Assuring security and privacy is one of the key issues affecting the Internet of Things (IoT), mostly due to its distributed nature. Therefore, for the IoT to thrive, this problem needs to be tackled and solved. This paper describes a security-oriented architecture for [...] Read more.
Assuring security and privacy is one of the key issues affecting the Internet of Things (IoT), mostly due to its distributed nature. Therefore, for the IoT to thrive, this problem needs to be tackled and solved. This paper describes a security-oriented architecture for managing IoT deployments. Our main goal was to deal with a fine-grained control in the access to IoT data and devices, to prevent devices from being manipulated by attackers and to avoid information leaking from IoT devices to unauthorized recipients. The access control is split: the management of authentication and access control policies is centered on special components (Authentication, Authorization, and Accounting Controllers), which can be distributed or centralized, and the actual enforcement of access control decisions happens on the entities that stay in the path to the IoT devices (Gateways and Device Drivers). The authentication in the entire system uses asymmetric cryptography and pre-distributed unique identifiers derived from public keys; no Public Key Infrastructure (PKI) is used. A Kerberos-like ticket-based approach is used to establish secure sessions. Full article
Show Figures

Figure 1

Open AccessArticle
A Novel Lattice-Based CP-ABPRE Scheme for Cloud Sharing
Symmetry 2019, 11(10), 1262; https://doi.org/10.3390/sym11101262 - 09 Oct 2019
Cited by 1
Abstract
The ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme supports access control and can transform a ciphertext under an access policy to a ciphertext under another access policy without decrypting the ciphertexts, which is flexible and efficient for cloud sharing. The existing CP-ABPRE schemes are [...] Read more.
The ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme supports access control and can transform a ciphertext under an access policy to a ciphertext under another access policy without decrypting the ciphertexts, which is flexible and efficient for cloud sharing. The existing CP-ABPRE schemes are constructed by bilinear pairing or multi-linear maps which are fragile when the post-quantum future comes. This paper presents an efficient unidirectional single-hop CP-ABPRE scheme with small public parameters from a lattice. For the transformation between two access structures, they are required to be disjoint. This paper uses the trapdoor sampling technique to generate the decryption key and the re-encryption key in constructing the scheme, and uses the decompose vectors technique to produce the re-encrypted ciphertexts in order to control their noise. Finally, we extended the scheme to a unidirectional single-hop CP-ABPRE scheme with keyword search for searching the encrypted data. Both schemes were proved secure under the learning with errors assumption, which is widely believed to be secure in quantum computer attacks. To the best of our knowledge, our scheme is the first CP-ABPRE scheme based on the learning with errors assumption. Full article
Show Figures

Graphical abstract

Open AccessArticle
Conceptualizing Distrust Model with Balance Theory and Multi-Faceted Model for Mitigating False Reviews in Location-Based Services (LBS)
Symmetry 2019, 11(9), 1118; https://doi.org/10.3390/sym11091118 - 04 Sep 2019
Cited by 1
Abstract
Location-based services (LBS) use real-time geo-data from a smartphone to provide information, entertainment or surveillance information. However, the reputations of LBS application have raised some privacy and security issues such as location tracked by third parties and creation of fake reviews and events [...] Read more.
Location-based services (LBS) use real-time geo-data from a smartphone to provide information, entertainment or surveillance information. However, the reputations of LBS application have raised some privacy and security issues such as location tracked by third parties and creation of fake reviews and events through Sybil attack. Fake events on LBS such as congestion, accidents or police activity affect routes users and fake reviews caused nuisances and decreases trust towards this technology. The current trust model in LBS is single faceted and not personalized. The concept of both trust and distrust are essential criteria of any trust management model to measure the reliability of LBS applications. This paper explores the relationship between trust models and the distrust concept in LBS. By deriving a representation of the multi-faceted model and balance theory conceptualized in a MiniLBS prototype, trust in this technology is quantified. By adopting matrix factorization and probability algorithms on the survey results, the relationship between distrust and trust is further examined and tested. The result obtained from the experiment was nearly zero, the smallest one was 3.0253 × 10−95, and the largest value was only 4.967 × 10−43. The results show that distrust is not a negation of trust. Another crucial finding suggests that balance theory within distrust in the LBS trust model can enhance the trust management model in LBS and indirectly cater issues rise from fake event problem. Full article
Show Figures

Figure 1

Open AccessArticle
Smart Contract-Based Pool Hopping Attack Prevention for Blockchain Networks
Symmetry 2019, 11(7), 941; https://doi.org/10.3390/sym11070941 - 19 Jul 2019
Cited by 7
Abstract
Pool hopping attack is the result of miners leaving the pool when it offers fewer financial rewards and joining back when the rewards of mining yield higher rewards in blockchain networks. This act of leaving and rejoining the pool only during the good [...] Read more.
Pool hopping attack is the result of miners leaving the pool when it offers fewer financial rewards and joining back when the rewards of mining yield higher rewards in blockchain networks. This act of leaving and rejoining the pool only during the good times results in the miner receiving more rewards than the computational power they contribute. Miners exiting the pool deprive it of its collective hash power, which leaves the pool unable to mine the block successfully. This results in its competitors mining the block before they can finish mining. Existing research shows pool hopping resistant measures and detection strategies; however, they do not offer any robust preventive solution to discourage miners from leaving the mining pool. To prevent pool hopping attacks, a smart contract-based pool hopping attack prevention model is proposed. The main objective of our research is maintaining the symmetrical relationship between the miners by requiring them all to continually contribute their computational power to successfully mine a block. We implement a ledger containing records of all miners, in the form of a miner certificate, which tracks the history of the miner’s earlier behavior. The certificate enables a pool manager to better initiate terms of the smart contract, which safeguards the interests of existing mining pool members. The model prevents frequent mine hoppers from pool hopping as they submit coins in the form of an escrow and risk losing them if they abandon the pool before completing mining of the block. The key critical factors that every pool hopping attack prevention solution must address and a study of comparative analysis with existing solutions are presented in the paper. Full article
Show Figures

Figure 1

Open AccessArticle
Efficient Hierarchical Identity-Based Encryption System for Internet of Things Infrastructure
Symmetry 2019, 11(7), 913; https://doi.org/10.3390/sym11070913 - 13 Jul 2019
Abstract
Security is a main concern for the Internet of Things (IoT) infrastructure as large volumes of data are collected and processed in the systems. Due to the limited resources of interconnected sensors and devices in the IoT systems, efficiency is one of the [...] Read more.
Security is a main concern for the Internet of Things (IoT) infrastructure as large volumes of data are collected and processed in the systems. Due to the limited resources of interconnected sensors and devices in the IoT systems, efficiency is one of the key considerations when deploying security solutions (e.g., symmetric/asymmetric encryption, authentication, etc.) in IoT. In this paper, we present an efficient Hierarchical Identity-Based Encryption (HIBE) system with short parameters for protecting data confidentiality in distributed IoT infrastructure. Our proposed HIBE system has the public parameters, private key, and ciphertext, each consisting of a constant number of group elements. We prove the full security of the HIBE system in the standard model using the dual system encryption technique. We also implement the proposed scheme and compare the performance with the original Lewko–Waters HIBE. To the best of our knowledge, our construction is the first HIBE system that achieves both full security in the standard model and short parameters in terms of the public parameters, private key, and ciphertext. Full article
Show Figures

Figure 1

Open AccessArticle
Improved Sparse Coding Algorithm with Device-Free Localization Technique for Intrusion Detection and Monitoring
Symmetry 2019, 11(5), 637; https://doi.org/10.3390/sym11050637 - 06 May 2019
Cited by 3
Abstract
Device-free localization (DFL) locates target in a wireless sensors network (WSN) without equipping with wireless devices or tags, which is an emerging technology in the fields of intrusion detection and monitoring. In order to achieve an accurate result of DFL, the conventional works [...] Read more.
Device-free localization (DFL) locates target in a wireless sensors network (WSN) without equipping with wireless devices or tags, which is an emerging technology in the fields of intrusion detection and monitoring. In order to achieve an accurate result of DFL, the conventional works adopt l 1 norm as a regularizer to take the full potential of sparsity for locating targets. Contrasting to the previous works, we exploit the l 2 , 1 norm as the regularizer and devise an efficient optimization method with a proximal operator-based scheme, which leads the proposed improved-sparse-coding algorithm with proximal operator (ISCPO). Compared with the state-of-the-art methods that adopt l 1 norm as the regularizer, the proposed algorithm can improve the joint sparsity of sparse solution. Experimental results on our real testbeds of indoor DFL show that, in scenarios of living room and corridor, the proposed approach can achieve high localization accuracies of about 100% and 90%, respectively. In addition, the proposed ISCPO algorithm outperforms the compared state-of-the-art methods and has a more robust performance in challenged environments for target localization. Full article
Show Figures

Figure 1

Open AccessArticle
QoS Enabled Layered Based Clustering for Reactive Flooding in the Internet of Things
Symmetry 2019, 11(5), 634; https://doi.org/10.3390/sym11050634 - 05 May 2019
Cited by 1
Abstract
The Internet of Things has gained substantial attention over the last few years, because of connecting daily things in a wide range of application and domains. A large number of sensors require bandwidth and network resources to give-and-take queries among a heterogeneous IoT [...] Read more.
The Internet of Things has gained substantial attention over the last few years, because of connecting daily things in a wide range of application and domains. A large number of sensors require bandwidth and network resources to give-and-take queries among a heterogeneous IoT network. Network flooding is a key questioning strategy for successful exchange of queries. However, the risk of the original flooding is prone to unwanted and redundant network queries which may lead to heavy network traffic. Redundant, unwanted, and flooded queries are major causes of inefficient utilization of resources. IoT devices consume more energy and high computational time. More queries leads to consumption of more bandwidth, cost, and miserable QoS. Current existing approaches focused primarily on how to speed up the basic routing for IoT devices. However, solutions for flooding are not being addressed. In this paper, we propose a cluster-based flooding (CBF) as an interoperable solution for network and sensor layer devices which is also capable minimizing the energy consumption, cost, network flooding, identifying, and eliminating of redundant flooding queries using query control mechanisms. The proposed CBF divides the network into different clusters, local queries for information are proactively maintained by the intralayer cluster (IALC), while the interlayer cluster (IELC) is responsible for reactively obtain the routing queries to the destinations outside the cluster. CBF is a hybrid approach, having the potential to be more efficient against traditional schemes in term of query traffic generation. However, in the absence of appropriate redundant query detection and termination techniques, the CBF may generate more control traffic compared to the standard flooding techniques. In this research work, we used Cooja simulator to evaluate the performance of the proposed CBF. According to the simulation results the proposed technique has superiority in term of traffic delay, QoS/throughput, and energy consumption, under various performance metrics compared with traditional flooding and state of the art. Full article
Show Figures

Figure 1

Open AccessArticle
An Efficient Source Location Privacy Protection Algorithm Based on Circular Trap for Wireless Sensor Networks
Symmetry 2019, 11(5), 632; https://doi.org/10.3390/sym11050632 - 05 May 2019
Abstract
With the aim of addressing the problem of high overhead and unstable performance of the existing Source Location Privacy (SLP) protection algorithms, this paper proposes an efficient algorithm based on Circular Trap (CT) which integrates the routing layer and MAC layer protocol to [...] Read more.
With the aim of addressing the problem of high overhead and unstable performance of the existing Source Location Privacy (SLP) protection algorithms, this paper proposes an efficient algorithm based on Circular Trap (CT) which integrates the routing layer and MAC layer protocol to provide SLP protection for WSNs. This algorithm allocates time slots for each node in the network by using Time Division Multiple Access (TDMA) technology, so that data loss caused by channel collisions can be avoided. At the same time, a circular trap route is formed to induce an attacker to first detect the packets from the nodes on the circular route, thereby moving away from the real route and protecting the SLP. The experimental results demonstrate that the CT algorithm can prevent the attacker from tracking the source location by 20% to 50% compared to the existing cross-layer SLP-aware algorithm. Full article
Show Figures

Figure 1

Open AccessArticle
Intrusion Detection Based on Device-Free Localization in the Era of IoT
Symmetry 2019, 11(5), 630; https://doi.org/10.3390/sym11050630 - 05 May 2019
Cited by 3
Abstract
Device-free localization (DFL) locates targets without being equipped with the attached devices, which is of great significance for intrusion detection or monitoring in the era of the Internet-of-Things (IoT). Aiming at solving the problems of low accuracy and low robustness in DFL approaches, [...] Read more.
Device-free localization (DFL) locates targets without being equipped with the attached devices, which is of great significance for intrusion detection or monitoring in the era of the Internet-of-Things (IoT). Aiming at solving the problems of low accuracy and low robustness in DFL approaches, in this paper, we first treat the RSS signal as an RSS-image matrix and conduct a process of eliminating the background to dig out the variation component with distinguished features. Then, we make use of these feature-rich images by formulating DFL as an image classification problem. Furthermore, a deep convolutional neural network (CNN) is designed to extract features automatically for classification. The localization performance of the proposed background elimination-based CNN (BE-CNN) scheme is validated with a real-world dataset of outdoor DFL. In addition, we also validate the robust performance of the proposal by conducting numerical experiments with different levels of noise. Experimental results demonstrate that the proposed scheme has an obvious advantage in terms of improving localization accuracy and robustness for DFL. Particularly, the BE-CNN can maintain the highest localization accuracy of 100%, even in noisy conditions when the SNR is over −5 dB. The BE-based methods can outperform all the corresponding raw data-based methods in terms of the localization accuracy. In addition, the proposed method can outperform the comparison methods, deep neural network with autoencoder, K-nearest-neighbor (KNN), support vector machines (SVM), etc., in terms of the localization accuracy and robustness. Full article
Show Figures

Figure 1

Open AccessArticle
Quantum-Resistant Identity-Based Signature with Message Recovery and Proxy Delegation
Symmetry 2019, 11(2), 272; https://doi.org/10.3390/sym11020272 - 20 Feb 2019
Abstract
Digital signature with proxy delegation, which is a secure ownership enforcement tool, allows an original signer to delegate signature rights to a third party called proxy, so that the proxy can sign messages on behalf of the original signer. Many real-world applications make [...] Read more.
Digital signature with proxy delegation, which is a secure ownership enforcement tool, allows an original signer to delegate signature rights to a third party called proxy, so that the proxy can sign messages on behalf of the original signer. Many real-world applications make use of this secure mechanism, e.g., digital property transfer. A traditional digital signature mechanism is required to bind a message and its signature together for verification. This may yield extra cost in bandwidth while the sizes of message and signature are relatively huge. Message recovery signature, enabling to reduce the cost of bandwidth, embeds a message into the corresponding signature; therefore, only the signature will be transmitted to the verifier and the message can further be recovered from the signature. In this paper, we, for the first time, propose a novel digital signature scheme in the identity-based context with proxy delegation and message recovery features and, more importantly, our scheme is quantum resistant, in a particular lattice-based signature. Our scheme achieves delegation information and signature existential unforgeability against adaptive chosen warrant and identity. Compared with the seminal lattice-based message recovery signature, our scheme is independent from public key infrastructure, realizes delegation transfer of signature rights, and compresses signature length ulteriorly. To the best of our knowledge, this paper is the first of its type. Full article
Show Figures

Figure 1

Open AccessArticle
MoSa: A Modeling and Sentiment Analysis System for Mobile Application Big Data
Symmetry 2019, 11(1), 115; https://doi.org/10.3390/sym11010115 - 19 Jan 2019
Cited by 2
Abstract
The development of mobile internet has led to a massive amount of data being generated from mobile devices daily, which has become a source for analyzing human behavior and trends in public sentiment. In this paper, we build a system called MoSa (Mobile [...] Read more.
The development of mobile internet has led to a massive amount of data being generated from mobile devices daily, which has become a source for analyzing human behavior and trends in public sentiment. In this paper, we build a system called MoSa (Mobile Sentiment analysis) to analyze this data. In this system, sentiment analysis is used to analyze news comments on the THAAD (Terminal High Altitude Area Defense) event from Toutiao by employing algorithms to calculate the sentiment value of the comment. This paper is based on HowNet; after the comparison of different sentiment dictionaries, we discover that the method proposed in this paper, which use a mixed sentiment dictionary, has a higher accuracy rate in its analysis of comment sentiment tendency. We then statistically analyze the relevant attributes of the comments and their sentiment values and discover that the standard deviation of the comments’ sentiment value can quickly reflect sentiment changes among the public. Besides that, we also derive some special models from the data that can reflect some specific characteristics. We find that the intrinsic characteristics of situational awareness have implicit symmetry. By using our system, people can obtain some practical results to guide interaction design in applications including mobile Internet, social networks, and blockchain based crowdsourcing. Full article
Show Figures

Figure 1

Open AccessArticle
A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment
Symmetry 2019, 11(1), 78; https://doi.org/10.3390/sym11010078 - 11 Jan 2019
Cited by 2
Abstract
Distributed Denial of Service (DDoS) has developed multiple variants, one of which is Distributed Reflective Denial of Service (DRDoS). With the increasing number of Internet of Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack [...] Read more.
Distributed Denial of Service (DDoS) has developed multiple variants, one of which is Distributed Reflective Denial of Service (DRDoS). With the increasing number of Internet of Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. The existing DDoS detection methods cannot be generalized in DRDoS early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flows. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on the deep forest, which consists of 1 extreme gradient boost (XGBoost) forest estimator, 2 random forest estimators, and 2 extra random forest estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the traffic identified in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flows, and dramatically mitigate the damage of a DRDoS attack. Full article
Show Figures

Figure 1

Open AccessArticle
Developing Secure IoT Services: A Security-Oriented Review of IoT Platforms
Symmetry 2018, 10(12), 669; https://doi.org/10.3390/sym10120669 - 27 Nov 2018
Cited by 2
Abstract
Undoubtedly, the adoption of the Internet of Things (IoT) paradigm has impacted on our every-day life, surrounding us with smart objects. Thus, the potentialities of this new market attracted the industry, so that many enterprises developed their own IoT platforms aiming at helping [...] Read more.
Undoubtedly, the adoption of the Internet of Things (IoT) paradigm has impacted on our every-day life, surrounding us with smart objects. Thus, the potentialities of this new market attracted the industry, so that many enterprises developed their own IoT platforms aiming at helping IoT services’ developers. In the multitude of possible platforms, selecting the most suitable to implement a specific service is not straightforward, especially from a security perspective. This paper analyzes some of the most prominent proposals in the IoT platforms market-place, performing an in-depth security comparison using five common criteria. These criteria are detailed in sub-criteria, so that they can be used as a baseline for the development of a secure IoT service. Leveraging the knowledge gathered from our in-depth study, both researchers and developers may select the IoT platform which best fits their needs. Additionally, an IoT service for monitoring commercial flights is implemented in two previously analyzed IoT platforms, giving an adequate detail level to represent a solid guideline for future IoT developers. Full article
Show Figures

Figure 1

Open AccessFeature PaperArticle
IoT Application-Layer Protocol Vulnerability Detection using Reverse Engineering
Symmetry 2018, 10(11), 561; https://doi.org/10.3390/sym10110561 - 01 Nov 2018
Cited by 2
Abstract
Fuzzing is regarded as the most promising method for protocol vulnerabilities discovering in network security of Internet of Things (IoT). However, one fatal drawback of existing fuzzing methods is that a huge number of test files are required to maintain a high test [...] Read more.
Fuzzing is regarded as the most promising method for protocol vulnerabilities discovering in network security of Internet of Things (IoT). However, one fatal drawback of existing fuzzing methods is that a huge number of test files are required to maintain a high test coverage. In this paper, a novel method based on protocol reverse engineering is proposed to reduce the amount of test files for fuzzing. The proposed method uses techniques in the field of protocol reverse engineering to identify message formats of IoT application-layer protocol and create test files by generating messages with error fields according to message formats. The protocol message treated as a sequence of bytes is assumed to obey a statistic process with change-points indicating the boundaries of message fields. Then, a multi-change-point detection procedure is introduced to identify change-points of byte sequences according to their statistic properties and divide them into segments according to their change-points. The message segments are further processed via a position-based occurrence probability test analysis to identify keyword fields, data fields and uncertain fields. Finally, a message generation procedure with mutation operation on message fields is applied to construct test files for fuzzing test. The results show that the proposed method can effectively find out the message fields and significantly reduce the amount of test files for fuzzing test. Full article
Show Figures

Figure 1

Open AccessArticle
Authentication with What You See and Remember in the Internet of Things
Symmetry 2018, 10(11), 537; https://doi.org/10.3390/sym10110537 - 23 Oct 2018
Cited by 2
Abstract
The Internet-of-Things (IoT) is an emerging paradigm seamlessly integrating a great number of smart objects ubiquitously connected to the Internet. With the rise in interest in the IoT, industry and academia have introduced a variety of authentication technologies to deal with security challenges. [...] Read more.
The Internet-of-Things (IoT) is an emerging paradigm seamlessly integrating a great number of smart objects ubiquitously connected to the Internet. With the rise in interest in the IoT, industry and academia have introduced a variety of authentication technologies to deal with security challenges. Authentication in IoT involves not only shifting intelligent access control down to the end smart objects, but also user identification and verification. In this paper, we build an authentication system based on brainwave reactions to a chain of events. Brainwaves, as external signals of a functioning brain, provide a glimpse into how we think and react. However, seen another way, we could reasonably expect that a given action or event could be linked back to its corresponding brainwave reaction. Recently, commercial products in the form of wearable brainwave headsets have appeared on the market, opening up the possibility of exploiting brainwaves for various purposes and making this more feasible. In the proposed system, we use a commercially available brainwave headset to collect brainwave data from participants for use in the proposed authentication system. After the brainwave data collection process, we apply a machine learning-based approach to extract features from brainwaves to serve as authentication tokens in the system and support the authentication system itself. Full article
Show Figures

Figure 1

Open AccessArticle
Intersection Traffic Prediction Using Decision Tree Models
Symmetry 2018, 10(9), 386; https://doi.org/10.3390/sym10090386 - 07 Sep 2018
Cited by 6
Abstract
Traffic prediction is a critical task for intelligent transportation systems (ITS). Prediction at intersections is challenging as it involves various participants, such as vehicles, cyclists, and pedestrians. In this paper, we propose a novel approach for the accurate intersection traffic prediction by introducing [...] Read more.
Traffic prediction is a critical task for intelligent transportation systems (ITS). Prediction at intersections is challenging as it involves various participants, such as vehicles, cyclists, and pedestrians. In this paper, we propose a novel approach for the accurate intersection traffic prediction by introducing extra data sources other than road traffic volume data into the prediction model. In particular, we take advantage of the data collected from the reports of road accidents and roadworks happening near the intersections. In addition, we investigate two types of learning schemes, namely batch learning and online learning. Three popular ensemble decision tree models are used in the batch learning scheme, including Gradient Boosting Regression Trees (GBRT), Random Forest (RF) and Extreme Gradient Boosting Trees (XGBoost), while the Fast Incremental Model Trees with Drift Detection (FIMT-DD) model is adopted for the online learning scheme. The proposed approach is evaluated using public data sets released by the Victorian Government of Australia. The results indicate that the accuracy of intersection traffic prediction can be improved by incorporating nearby accidents and roadworks information. Full article
Show Figures

Figure 1

Open AccessArticle
False Data Injection Attack Based on Hyperplane Migration of Support Vector Machine in Transmission Network of the Smart Grid
Symmetry 2018, 10(5), 165; https://doi.org/10.3390/sym10050165 - 15 May 2018
Cited by 1
Abstract
The smart grid is a key piece of infrastructure and its security has attracted widespread attention. The false data injection (FDI) attack is one of the important research issues in the field of smart grid security. Because this kind of attack has a [...] Read more.
The smart grid is a key piece of infrastructure and its security has attracted widespread attention. The false data injection (FDI) attack is one of the important research issues in the field of smart grid security. Because this kind of attack has a great impact on the safe and stable operation of the smart grid, many effective detection methods have been proposed, such as an FDI detector based on the support vector machine (SVM). In this paper, we first analyze the problem existing in the detector based on SVM. Then, we propose a new attack method to reduce the detection effect of the FDI detector based on SVM and give a proof. The core of the method is that the FDI detector based on SVM cannot detect the attack vectors which are specially constructed and can replace the attack vectors into the training set when it is updated. Therefore, the training set is changed and then the next training result will be affected. With the increase of the number of the attack vectors which are injected into the positive space, the hyperplane moves to the side of the negative space, and the detection effect of the FDI detector based on SVM is reduced. Finally, we analyze the impact of different data injection modes for training results. Simulation experiments show that this attack method can impact the effectiveness of the FDI detector based on SVM. Full article
Show Figures

Figure 1

Review

Jump to: Research

Open AccessReview
A State-of-the-Art Review on the Security of Mainstream IoT Wireless PAN Protocol Stacks
Symmetry 2020, 12(4), 579; https://doi.org/10.3390/sym12040579 - 06 Apr 2020
Abstract
Protocol stacks specifically designed for the Internet of Things (IoT) have become commonplace. At the same time, security and privacy concerns regarding IoT technologies are also attracting significant attention given the risks that are inherently associated with the respective devices and their numerous [...] Read more.
Protocol stacks specifically designed for the Internet of Things (IoT) have become commonplace. At the same time, security and privacy concerns regarding IoT technologies are also attracting significant attention given the risks that are inherently associated with the respective devices and their numerous applications, ranging from healthcare, smart homes, and cities, to intelligent transportation systems and industrial automation. Considering the still heterogeneous nature of the majority of IoT protocols, a major concern is to find common references for investigating and analyzing their security and privacy threats. To this end, and on top of the current literature, this work provides a comprehensive, vis-à-vis comparison of the security aspects of the thus far most widespread IoT Wireless Personal Area Network (WPAN) protocols, namely BLE, Z-Wave, ZigBee, Thread, and EnOcean. A succinct but exhaustive review of the relevant literature from 2013 up to now is offered as a side contribution. Full article
Show Figures

Figure 1

Back to TopTop