Resource-limited Internet Of Things Research Articles

Enhanced Message Authentication Encryption Scheme Based on Physical-Layer Key Generation in Resource-Limited Internet of Things

Enhanced Message Authentication Encryption Scheme Based on Physical-Layer Key Generation in Resource-Limited Internet of Things

TL-ABKS: Traceable and lightweight attribute-based keyword search in edge–cloud assisted IoT environment

Edge–cloud coordination offers the chance to mitigate the enormous storage and processing load brought on by a massive increase in traffic at the network’s edge. Though this paradigm has benefits on a large scale, outsourcing the sensitive data from the smart devices deployed in an Internet of Things (IoT) application may lead to privacy leakage. With an attribute-based keyword search (ABKS), the search over ciphertext can be achieved; this reduces the risk of sensitive data explosion. However, ABKS has several issues, like huge computational overhead to perform multi-keyword searches and tracing malicious users. To address these issues and enhance the performance of ABKS, we propose a novel traceable and lightweight attribute-based keyword search technique in an Edge–cloud-assisted IoT, named TL-ABKS, using edge–cloud coordination. With TL-ABKS, it is possible to do effective multi-keyword searches and implement fine-grained access control. Further, TL-ABKS outsources the encryption and decryption computation to edge nodes to enable its usage to resource-limited IoT smart devices. In addition, TL-ABKS achieves tracing user identity who misuse their secret keys. TL-ABKS is secure against modified secret keys, chosen plaintext, and chosen keyword attacks. By comparing the proposed TL-ABKS with the current state-of-the-art schemes, and conducting a theoretical and experimental evaluation of its performance and credibility, TL-ABKS is efficient.

Blockchain-enabled data sharing for IoT: A lightweight, secure and searchable scheme

With the popularity of Internet of Things (IoT) applications, data sharing among IoT devices has become more frequent. Many researchers have proposed fine-grained access control schemes and searchable encryption algorithms to support privacy-preserving data sharing. But there still exist two challenges. First, the existing schemes are computationally intensive, making them unsuitable for resource-limited IoT terminals. Second, they rely on a central server to honestly conduct search operations, making them unable to tackle malicious servers. To this end, we propose a blockchain-enabled data-sharing scheme for IoT that supports lightweight, secure, and searchable data sharing. We design an outsourcing attribute-based encryption algorithm to alleviate the overhead of resource-limited IoT terminals, which reduces the local encryption and decryption to a constant level. Instead of relying on central servers, we leverage smart contract to execute ciphertext retrieval, ensuring the accuracy of search results. Formal security analysis demonstrates that the proposed scheme is chosen-plaintext secure under the DBDH assumption. Experimental simulation shows that it reduces the search time by at least 79.9%, the encryption and decryption complexities to both O(1).

Cost-Effective Signcryption for Securing IoT: A Novel Signcryption Algorithm Based on Hyperelliptic Curves

Security and efficiency remain a serious concern for Internet of Things (IoT) environments due to the resource-constrained nature and wireless communication. Traditional schemes are based on the main mathematical operations, including pairing, pairing-based scalar multiplication, bilinear pairing, exponential operations, elliptic curve scalar multiplication, and point multiplication operations. These traditional operands are cost-intensive and require high computing power and bandwidth overload, thus affecting efficiency. Due to the cost-intensive nature and high resource requirements, traditional approaches are not feasible and are unsuitable for resource-limited IoT devices. Furthermore, the lack of essential security attributes in traditional schemes, such as unforgeability, public verifiability, non-repudiation, forward secrecy, and resistance to denial-of-service attacks, puts data security at high risk. To overcome these challenges, we have introduced a novel signcryption algorithm based on hyperelliptic curve divisor multiplication, which is much faster than other traditional mathematical operations. Hence, the proposed methodology is based on a hyperelliptic curve, due to which it has enhanced security with smaller key sizes that reduce computational complexity by 38.16% and communication complexity by 62.5%, providing a well-balanced solution by utilizing few resources while meeting the security and efficiency requirements of resource-constrained devices. The proposed strategy also involves formal security validation, which provides confidence for the proposed methodology in practical implementations.

Security at the Edge for Resource-Limited IoT Devices.

The Internet of Things (IoT) is rapidly growing, with an estimated 14.4 billion active endpoints in 2022 and a forecast of approximately 30 billion connected devices by 2027. This proliferation of IoT devices has come with significant security challenges, including intrinsic security vulnerabilities, limited computing power, and the absence of timely security updates. Attacks leveraging such shortcomings could lead to severe consequences, including data breaches and potential disruptions to critical infrastructures. In response to these challenges, this research paper presents the IoT Proxy, a modular component designed to create a more resilient and secure IoT environment, especially in resource-limited scenarios. The core idea behind the IoT Proxy is to externalize security-related aspects of IoT devices by channeling their traffic through a secure network gateway equipped with different Virtual Network Security Functions (VNSFs). Our solution includes a Virtual Private Network (VPN) terminator and an Intrusion Prevention System (IPS) that uses a machine learning-based technique called oblivious authentication to identify connected devices. The IoT Proxy's modular, scalable, and externalized security approach creates a more resilient and secure IoT environment, especially for resource-limited IoT devices. The promising experimental results from laboratory testing demonstrate the suitability of IoT Proxy to secure real-world IoT ecosystems.

ALICA: A Multi-S-Box Lightweight Cryptographic Algorithm Based on Generalized Feistel Structure

With the development of science and technology, IoT devices have already become ubiquitous in the public eye. Through the perception layer, the collected data are displayed or transmitted to the server backend for analysis. Due to the increasing integration of IoT devices into people’s daily lives, privacy issues, such as data leaks, have received more attention. Most sensor nodes, such as temperature and pressure sensors in marine environments, have low computing power, storage capacity, and significant underlying heterogeneity, making it challenging to implement a standardized data security protection solution. Data security in the nodes is seriously challenged as a result. It is of great significance to design a lightweight block cipher for the Internet of Things (IoT) environment, which can ensure the security of node information. A new lightweight block cipher algorithm called ALICA is proposed in this paper, which is well-suited for the low computing power and heterogeneous device environment at the lower layers. A generalized Feistel structure and a linear structure with XOR and shift operations are used to achieve ease of software implementation. Two different S-boxes are used to create the nonlinear structure of the password, thereby enhancing the robust security of the cipher. In addition, the cipher adopts a design approach that prioritizes software efficiency while also considering hardware implementation efficiency. This makes it more suitable for low computing power, storage capacity, and resource-limited IoT sensor nodes at the lower layers.

Seamless Wireless Communication Platform for Internet of Things Applications

The rapid growth of the Internet of Things (IoT) devices resulted in the proliferation of wireless technologies to cater to their increasing data rate requirements and support multiple applications. However, such ever-increasing wireless technologies present numerous challenges such as incompatible wireless standards, increased energy consumption, and insecure communication. The traditional gateways proposed in the literature suffers from limitations such as computational complexity, resource requirements, increased cost, and device size. We vision an era of seamless wireless communication to alleviate the aforementioned challenges in IoT applications. through three inter-dependent functionalities namely detection and identification of wireless technologies, energy-efficient transmit power control, and secure end-to-end communication. To prove the concept, a new gateway is proposed to achieve these three functionalities with only physical layer measurements so that the different communication protocols in the higher layers can be avoided. Novel schemes are conceptualized for resource-limited seamless IoT applications. Moreover, the conceptual seamless IoT platform is validated through software-based computer simulation and software-defined radio-based testbed implementation. The preliminary analysis demonstrates that the proposed platform has great potential in advancing seamless IoT applications.

Fed-Inforce-Fusion: A federated reinforcement-based fusion model for security and privacy protection of IoMT networks against cyber-attacks

Internet of Medical Things (IoMT) has emerged as a combination of sensors, healthcare devices, and Internet of Things (IoT) to deliver better and intelligent healthcare services. However, security and privacy protection issues have hindered its wide integration resulting in lack of quality IoMT dataset. Federated Learning (FL) is an emerging distributed learning method that can be helpful for IoMT networks and smart healthcare systems (SHS) due to enhanced security and privacy. The use of intrusion detection systems (IDS) has become vital for contemporary critical networks to protect against evolving cyber-attacks. Existing security models are often challenging and computationally expensive to apply to resource-limited medical IoT devices. To this end, this research work proposes a privacy-preserving FL-based IDS model named Fed-Inforce-Fusion to identify cyber-attacks from IoMT networks. Specifically, the proposed Fed-Inforce-Fusion model uses reinforcement learning technique to learn the latent relationships of medical data. Next, a FL-based system is designed allowing distributed SHS nodes to collaboratively train a comprehensive IDS model in a privacy preserving manner. Then, a fusion/aggregation strategy is adopted to improve the performance of detection model and reduce communication overhead by allowing participating clients to involve in the federation process dynamically. Theoretical study and experiment analysis show that the proposed Fed-Inforce-Fusion is better and effective in detecting complex attack vectors in comparison to existing benchmark IDS methods. Thus, proposing its efficacy and suitability in real-world IoMT networks.

Optimizing Service Redeployment in Migration-Oriented IoT Networks

The Internet of Things (IoT) paradigm has established an effective platform to promote the collaboration of resource-limited and duty-cycle IoT nodes, in order to support relative complex service requests that can hardly be achieved by any single IoT node. The functionalities of IoT nodes are typically encapsulated into IoT services, and the satisfaction of service requests is implemented as IoT service composition. Generally, IoT nodes work in turn in terms of their pre-specific working cycles, and IoT network topology is constantly varied due to their active/sleeping behaviour switching, causing unscheduled response latency. IoT service composition instantiation should be dynamically adjusted and partially re-deployed on-demand for supporting request processing efficiently. To remedy this issue, this paper proposes a Migration-oriented Service re-Deployment (MSrD) mechanism by migrating certain IoT services from their hosted IoT nodes to neighboring ones, in order to support functionally continuous availability.We formulate this problem as a game-theoretic approach, which is reduced to a potential game, where a Nash equilibrium solution is searched for optimizing this service re-deployment game. Extensive experiments are conducted, and numerical results show that our MSrD mechanism is promising, compared with the state-of-art techniques, in achieving service re-deployment optimization with efficient energy consumption and timely response latency simultaneously.

Multi-Criteria Feature Selection Based Intrusion Detection for Internet of Things Big Data.

The rapid growth of the Internet of Things (IoT) and big data has raised security concerns. Protecting IoT big data from attacks is crucial. Detecting real-time network attacks efficiently is challenging, especially in the resource-limited IoT setting. To enhance IoT security, intrusion detection systems using traffic features have emerged. However, these face difficulties due to varied traffic feature formats, hindering fast and accurate detection model training. To tackle accuracy issues caused by irrelevant features, a new model, LVW-MECO (LVW enhanced with multiple evaluation criteria), is introduced. It uses the LVW (Las Vegas Wrapper) algorithm with multiple evaluation criteria to identify pertinent features from IoT network data, boosting intrusion detection precision. Experimental results confirm its efficacy in addressing IoT security problems. LVW-MECO enhances intrusion detection performance and safeguards IoT data integrity, promoting a more secure IoT environment.

LCDMA: Lightweight Cross-Domain Mutual Identity Authentication Scheme for Internet of Things

With the widespread popularity of mobile terminals in the Internet of things (IoT), the demand for cross-domain access of mobile terminals between different regions has also increased significantly. The nature of wireless communication media makes mobile terminals vulnerable to security threats in cross-domain access. Identity authentication is a prerequisite for secure data transmission in cross-domain, and it is also the first step to guarantee the credibility of data sources. Most existing authentication schemes are based on bilinear pairing or public key encryption and decryption with high computation overhead, which are not suitable for the resource-limited mobile IoT terminals. Moreover, these schemes have some security drawbacks and cannot meet the security requirements of cross-domain access. In this paper, we propose a lightweight cross-domain mutual identity authentication (LCDMA) for mobile IoT environment. LCDMA uses symmetric polynomial instead of high-complexity bilinear pairing in the traditional schemes. We theoretically analyze the security performance under the random oracle model. Our results show that LCDMA not only resists common attacks, but also preserves secure traceability while guaranteeing anonymity. Performance evaluation further demonstrates that our scheme has better performance in terms of computation and communication overhead, compared with other existing representative schemes.

A robust and efficient vector-based key management scheme for IoT networks

Information and communication security is a critical concern in the rapid growth of Internet of Things (IoT) networks that need to exchange sensitive data. Therefore, key management is essential to address such networks’ security problems. In this context, several existing research work focuses on key management solutions, which consider the resource-limitation of IoT devices. However, the weaknesses of these solutions are (1) the lack of protection for sensitive parameters during transmission, (2) security and performance metrics’ misbalancing, and (3) the vulnerability to node-compromising attacks. This paper presents a new key management scheme based on pre-distributed vectors to overcome these limits to secure key establishment, refresh, and revocation. Moreover, the network area is divided into subareas, which makes our solution lightweight, flexible, scalable, and resilient to multiple attacks while minimizing communications, computation, and storage overheads on IoT devices. We assess the proposed scheme by using (1) the BAN (Burrows Abadi Needham) formal verification logic, (2) the informal security to demonstrate its resilience against some known attacks, and (3) the performance analysis to prove its correctness. The obtained results show that the proposed scheme is more efficient than other schemes in terms of storage by saving more than 81.84%, communications by 100% during the group-wise key establishment, computation overheads by reducing the number of multiplication operations to 50%, and energy consumption by saving up to 99.99% during the group-wise key establishment phase. Moreover, the results show that our scheme is more resilient against node capture attacks by up to 96.43% during the initialization phase and by more than 9.89% after, making it suitable for use in resource-limited IoT networks.

Dual-Driven Resource Management for Sustainable Computing in the Blockchain-Supported Digital Twin IoT

Nowadays, emerging sixth-generation (6G) mobile networks, the Internet of Things (IoT), and mobile-edge computing (MEC) technologies have played significant roles in developing a sustainable computing network. In sustainable computing networks, with the increasing scale of data-driven applications, massive privacy-sensitive data are generated. How to effectively process such data on resource-limited IoT devices is challenging. Although edge intelligence (EI) is designed to maintain an appropriate level of ultradelay reliability, low-latency communication (URLLC), real-time data processing, and security and privacy are concerning. In this article, we propose a novel blockchain-supported hierarchical digital twin IoT (HDTIoT) framework, which combines the digital twin to edge network and adopts blockchain technology to achieve secure and reliable real-time computation. We first propose a data and knowledge dual-driven learning solution to ensure real-time interaction and efficient optimization between the physical and the digital worlds. To improve communication and computation efficiency with data and knowledge dual-driven learning, the optimization goal is to minimize the system delay and energy consumption and ensure system reliability and the learning accuracy of IoT devices. Moreover, we propose a proximal policy optimization (PPO)-based multiagent reinforcement learning (MARL) algorithm to solve the resource allocation (RA) problem. Experimental results show that the proposed RA scheme can improve the efficiency of the HDTIoT system, guarantee learning accuracy, reliability, and security, and make a balance between system delay and energy consumption.

TANTO: An Effective Trust-Based Unmanned Aerial Vehicle Computing System for the Internet of Things

Large number of Internet of Things (IoT) devices deployed on demand to monitor surroundings and offload computation-intensive tasks to edge servers, which favors low-latency IoT applications. However, some of them scatter in areas with limited or no available communication infrastructure (no-ACI), which rises a huge challenge for task offloading, due to when and which devices have tasks cannot be known in advance. In this article, a trust-based active notice task offloading (TANTO) scheme in the aerial computing system (ACS) assisted by the unmanned aerial vehicle (UAV) is proposed to provide trust and low-delay task offloading for resource-limited IoT devices in areas with no-ACI. The main innovations of TANTO in ACS are as follow: 1) a novel task offloading mechanism for IoT devices in networks with no-ACI is proposed, where devices broadcast task offloading notice, making it easy for UAV to know where tasks need to offload without aimless search, which can effectively reduce UAV’s flight distance and task completion delay at the same time; 2) a trust calculation and reasoning method is proposed to calculate network trust, and divide the network into grids with different trust values, which guides UAV through grids with higher trust to increase the task completion rate and reduce delay; and 3) an online UAV trajectory optimization algorithm is proposed to dynamically prioritize tasks with urgent deadline. A large number of experimental results show that TANTO has better performance than previous studies in terms of task completion rate, tasks’ average completion time, and UAV’s flight cost.

Homomorphic cryptosystem-based secure data processing model for edge-assisted IoT healthcare systems

The substantial acceptance of Internet-of-Things (IoT) in digital healthcare systems necessitates secure data processing before storing it on a cloud server. Since resource-limited IoT devices engender complexity in secure processing, edge computing technology is adopted. Edge-assisted IoT locates edge nodes in proximity to user devices enabling computation offloading and seamless interaction between IoT applications and cloud servers. Integration of these entities results in severe security and privacy issues due to large amount of sensitive information transmitted over vulnerable communication channels. As such, information protection and data integrity in edge-assisted IoT have become critical factors for improvement. Several data processing models have been proposed regarding the above-stated concerns. However, under a powerful adversarial scenario, traditional solutions lack in preserving robust security and privacy. This motivates us to address critical challenges of communication security and privacy-preserving computation offloading in edge-assisted IoT systems. In this article, we design a homomorphic cryptosystem-based secure data processing model (HC-SDPM), enabling secure data collection and aggregation offloading on edge nodes for our hypothesized edge-assisted IoT healthcare system. Paillier homomorphic encryption and certificateless linear homomorphic ID-based signatures are utilized to achieve end-to-end confidentiality and data integrity during transmission and aggregation. Moreover, HC-SDPM involves a semi-trusted authority to enable key-escrow resilience. The security analysis of HC-SDPM assures signatures unforgeability in the random oracle model under computational Diffie–Hellman assumptions. Compared with similar modeled schemes, HC-SDPM demonstrates a relative advantage in computational overhead, communication overhead, and storage complexity.

Proposal for Low-Layer Metadata Collection Technology to Enhance IoT Metadata Utilization

With the rapid spread of Internet of Things (IoT) services, the number of sensor devices has exploded, and the complexity of managing sensor devices has become a problem. To solve this problem, a metadata-based approach that uses the unique environmental information associated with each device for its management is being developed. This paper focuses on metadata collection for device management and control, and proposes a new collection method that uses low-layer communication while not modifying the existing protocol. Our proposal utilizes the extended area of the probe request (PRQ) frame of IEEE 802.11, which is a layer-2 protocol, to collect metadata. This makes it possible to achieve stable operation even on inexpensive and resource-limited IoT devices, and to realize metadata collection with low communication overhead and power consumption. It is shown to reduce the load on the central processing unit (CPU) and reduce power consumption compared to Internet Protocol (IP) -based metadata collection (layer-3 protocol and above). In addition, in terms of time sensitivity, the collection delay at the time of rising from deep sleep is reduced by 89.8% compared to IP-based techniques. Furthermore, as a benefit of low-layer collection, it enables periodic metadata collection in the background regardless of network connection above the IP layer. To demonstrate this benefit, an example of applying metadata collection to device management is prototyped and its feasibility is experimentally confirmed.

Blockchain-Based Decentralized Authentication Model for IoT-Based E-Learning and Educational Environments

In recent times, technology has advanced significantly and is currently being integrated into educational environments to facilitate distance learning and interaction between learners. Integrating the Internet of Things (IoT) into education can facilitate the teaching and learning process and expand the context in which students learn. Nevertheless, learning data is very sensitive and must be protected when transmitted over the network or stored in data centers. Moreover, the identity and the authenticity of interacting students, instructors, and staff need to be verified to mitigate the impact of attacks. However, most of the current security and authentication schemes are centralized, relying on trusted third-party cloud servers, to facilitate continuous secure communication. In addition, most of these schemes are resource-intensive; thus, security and efficiency issues arise when heterogeneous and resource-limited IoT devices are being used. In this paper, we propose a blockchain-based architecture that accurately identifies and authenticates learners and their IoT devices in a decentralized manner and prevents the unauthorized modification of stored learning records in a distributed university network. It allows students and instructors to easily migrate to and join multiple universities within the network using their identity without the need for user re-authentication. The proposed architecture was tested using a simulation tool, and measured to evaluate its performance. The simulation results demonstrate the ability of the proposed architecture to significantly increase the throughput of learning transactions (40%), reduce the communication overhead and response time (26%), improve authentication efficiency (27%), and reduce the IoT power consumption (35%) compared to the centralized authentication mechanisms. In addition, the security analysis proves the effectiveness of the proposed architecture in resisting various attacks and ensuring the security requirements of learning data in the university network.

Edge-Assisted Real-Time Instance Segmentation for Resource-Limited IoT Devices

Instance segmentation exploits the potential of Internet of Things (IoT) devices to perceive environmental semantic information and achieve complex interactions with the physical world. However, IoT devices usually have limited computing and storage resources and cannot afford the intensive computational costs of instance segmentation networks. This article proposes an edge-assisted instance segmentation method for resource-limited IoT devices; it selectively offloads some computation-intensive tasks from IoT devices to edge servers to accelerate the inference processes of instance segmentation networks. To reduce the communication cost caused by computation offloading, a data compression method is proposed to adaptively adjust the downsampling interval based on an attention mechanism. Considering the susceptibility of the computation offloading scheme to network conditions, an adaptive computation offloading strategy that can jointly optimize the offloading point and the data compression ratio is proposed so that the edge-assisted instance segmentation can meet the preset latency requirements while achieving maximal accuracy under volatile network conditions. Extensive experiments are conducted to verify the feasibility and efficiency of our method. The experimental results show that our method induces less latency than existing instance segmentation methods with a slight drop in accuracy.

Compact Learning Model for Dynamic Off-Chain Routing in Blockchain-Based IoT

Dynamic off-chain routing in payment channel network (PCN)-based Internet of Things (IoT) is attracting increasing research attention. However, there are two major issues in dynamic routing in PCN-based IoT with resource-limited devices. The first issue is how to achieve high long-term transaction efficiency in PCN with dynamic channel capacities. The second issue is how to achieve a lightweight routing algorithm deployed on IoT devices while achieving high transaction efficiency, i.e., successful payment amount and success ratio. Therefore, in this paper, we propose a compact deep reinforcement learning (DRL) algorithm to learn the joint dynamic and lightweight routing policy for maximizing long-term transaction efficiency. To obtain optimal performance in dynamic routing problems for off-chain systems, a proximal policy optimization algorithm is employed to create an actor–critic learning structure for training the teacher DRL model. To obtain a compact and efficient student DRL model, an adaptive pruning technique is utilized for pruning unnecessary parameters of networks in the teacher model adaptively without affecting its learning ability. Furthermore, knowledge distillation is leveraged to improve the performance of the student network. Thus, a compact and efficient student DRL model can be developed and implemented to maximize the long-term transaction efficiency in off-chain systems on resource-limited IoT devices. The simulation results demonstrate that the proposed DRL algorithm outperforms the other baseline algorithms in PCN transaction efficiency while requiring only 10% of the computation and storage resources compared with that of the original teacher model.

FedTor: An Anonymous Framework of Federated Learning in Internet of Things

With a large number of devices and a wealth of user data sets, the Internet of Things (IoT) has become a great host for federated learning (FL). At the same time, the massive amount of user data in IoT results in desperate demand for privacy preserving. The onion router (Tor) is a promising method to solve the privacy issue in IoT-based FL by user anonymity. However, IoT devices’ resource is too limited to execute the cryptographic operations in Tor. Moreover, network traffics in Tor can be easily controlled by malicious routers with a fake high self-reported bandwidth. In this article, taking advantage of the Tor, we will introduce an anonymous FL framework in IoT called FedTor. To decrease the cryptographic cost in conventional Tor, we propose a lightweight shared key generation scheme for resource-limited IoT devices. Furthermore, we use the difference between the self-reported bandwidth and the bandwidth observed from others to measure the reputation of onion routers. A reputation-based router selection (RBRS) scheme is then brought up to defend traffic control from malicious routers. We conducted extensive simulations to compare FedTor with related works. The results show that the RBRS scheme can decrease the malicious rate of onion routers and the lightweight shared key has a cost advantage over other schemes.