Prabhat Kumar,Randhir Kumar,Govind P. Gupta,Rakesh Tripathi,Gautam Srivastava

DOI: https://doi.org/10.1109/tii.2022.3142030

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:The industrial Internet of Things (IIoT) is a fast-growing network of Internet-connected sensing and actuating devices aimed to enhance manufacturing and industrial operations. This interconnection generates a high volume of data over the IIoT network and raises serious security (e.g., the rapid evolution of hacking techniques), privacy (e.g., adversaries performing data poisoning and inference attacks), and scalability issues. To mitigate the aforementioned challenges, this article presents, a new privacy-preserved threat intelligence framework (P2TIF) to protect confidential information and to identify cyber-threats in IIoT environments. There are two major elements in the proposed P2TIF framework. First, a scalable blockchain module that enables secure communication of IIoT data and prevents data poisoning attacks. Second, a deep learning module that transforms actual data into a new format and protects data from inference attacks using a deep variational autoencoder (DVAE) technique. The encoded data are then employed by a threat detection system using attention-based deep gated recurrent neural network (A-DGRNN) to recognize malicious patterns in IIoT environments. The proposed framework is validated using two different network data sources, i.e., ToN-IoT and IoT-Botnet. Security analysis and experimental results revealed the high efficiency and scalability of the proposed P2TIF framework.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Minjun Deng,Kai Zhang,Pengfei Wu,Mi Wen,Jianting Ning

DOI: https://doi.org/10.1109/tcc.2023.3293134

IF: 5.697

2023-01-01

IEEE Transactions on Cloud Computing

Abstract:Secure outsourced middleboxes are deployed in network function virtualization services that detect malicious activities on communications, which provides privacy-preserving deep packet inspection (DPI) over encrypted traffic. To boost filtering efficiency of packets, the two-layer middlebox architecture has been adopted in recent DPI systems. Nevertheless, state-of-the-art solutions based on two-layer architecture mainly suffer from two limitations: i) cannot support dynamic rule addition; ii) failed to inspect discontinuous token for rule matching. To address these limitations, this work proposes an efficient, dynamic and continuous DPI (DCDPI) system in secure outsourced middleboxes. To achieve dynamic rule addition with forward privacy, we refine a data structure called virtual binary tree (VBTree) and further introduce a variant of VBTree for DCDPI, termed VBTree+. VBTree+ supports two new desirable features: i) taking the rule action information into consideration; ii) achieving both rule identifier and rule action hiding. By introducing a token continuity check mechanism, DCDPI can effectively identify discontinuous tokens and categorize continuous tokens into one group. The extensive experiment over the real dataset and rule set confirms the practicality and efficiency of DCDPI. Compared to state-of-the-art works with same setting, DCDPI is 18% $\sim$ 110% more efficient for a connection establishment between gateway/client and server.

Muhammad Kashif,Kubra Kalkan

DOI: https://doi.org/10.1007/s12083-024-01858-w

IF: 3.488

2024-12-07

Peer-to-Peer Networking and Applications

Abstract:The Internet of Things (IoT) has enabled the collection of vast amounts of data that can be used to improve various aspects of our lives. However, the astronomical volume of data generated by these IoT devices has raised significant concerns pertaining to privacy preservation. The amalgamation of the Internet of Things (IoT) with blockchain technology has engendered a promising solution for securing and managing IoT data, but it is still susceptible to privacy breaches. Recently, differential privacy (DP) has been proposed as a promising technique to alleviate these issues. In this paper, we design and propound a complete end-to-end blockchain-based architecture by implementing differential privacy at the stream level generated by IoT devices by deploying Laplace noise and Gaussian noise utilizing low complex cryptography mechanism and fast convergence consensus protocol to surmount the privacy preservation issues in IoT based blockchain network. Our novel DP-based framework introduces the concept of privacy levels as low, medium, and high as set by the data owner and also analyzes the impact of different parameters on the effectiveness of the approach and provides recommendations for tuning them. The workflow of our proposed framework consists of three phases: Data generation phase, Data Sharing phase, and Data Analysis phase. During the Data generation phase, the data owner will first determine the desired level of privacy protection (low, medium, high) and set the privacy budget (epsilon) and sensitivity (delta) of the data. Based on the budget value, the privacy module will generate noise from either Laplace or Gaussian distribution as requested by the data owner. The Data Sharing phase is mainly responsible for transmitting and processing the transactions inside the blockchain network. This is followed by the data analysis phase, which will check for the budget value and the amount of noise added to the data before the noisy data is handed over to the end user. We demonstrate the efficacy of our approach through multiple experimental evaluations and simulation results evince that our approach attains high levels of privacy preservation while upholding data utility and blockchain consistency. Overall, our proposed framework provides a promising solution to the privacy challenges in IoT-based blockchain systems, offering adjustable privacy levels to accommodate different privacy requirements. This DP-based approach and the adjustable privacy levels ensure alignment with the growing regulatory requirements for data privacy, such as GDPR, demonstrating compliance with these regulations and building trust with customers.

computer science, information systems,telecommunications

Weiming Tong,Luyao Yang,Zhongwei Li,Jinxiao Zhao,Feng Pan,Liguo Tan

DOI: https://doi.org/10.1109/iccsie61360.2024.10698294

2024-01-01

Abstract:With the rapid development of the Industrial Internet of Things, a vast amount of data generates, collects, and processes, playing a crucial role in industrial production and operations. Addressing issues of privacy leakage, identity forgery, and data security during data transmission in IIoT, this paper proposes a data security transmission and privacy protection scheme based on blockchain technology. The scheme employs zero-knowledge proof algorithms for identity authentication of terminal devices to ensure the privacy of device information is not compromised, effectively preventing identity forgery and attacks. Additionally, it uses attribute-based encryption to secure the data's confidentiality. To ensure efficient data storage and the security of encryption keys, the scheme utilizes IPFS for on-chain querying and off-chain storage of data. The security of the proposed scheme is analyzed theoretically, and its computational overhead is evaluated experimentally. The results show that this scheme has lower computational overhead compared to other schemes, while significantly enhancing security and reliability.

Keping Yu,Liang Tan,Moayad Aloqaily,Hekun Yang,Yaser Jararweh

DOI: https://doi.org/10.1109/tii.2021.3049141

IF: 12.3

2021-11-01

IEEE Transactions on Industrial Informatics

Abstract:The industrial Internet of Things (IIoT) supports recent developments in data management and information services, as well as services for smart factories. Nowadays, many mature IIoT cloud platforms are available to serve smart factories. However, due to the semicredibility nature of the IIoT cloud platforms, how to achieve secure storage, access control, information update and deletion for smart factory data, as well as the tracking and revocation of malicious users has become an urgent problem. To solve these problems, in this article, a blockchain-enhanced security access control scheme that supports traceability and revocability has been proposed in IIoT for smart factories. The blockchain first performs unified identity authentication, and stores all public keys, user attribute sets, and revocation list. The system administrator then generates system parameters and issues private keys to users. The domain administrator is responsible for formulating domain security and privacy-protection policies, and performing encryption operations. If the attributes meet the access policies and the user's ID is not in the revocation list, they can obtain the intermediate decryption parameters from the edge/cloud servers. Malicious users can be tracked and revoked during all stages if needed, which ensures the system security under the Decisional Bilinear Diffie–Hellman (DBDH) assumption and can resist multiple attacks. The evaluation has shown that the size of the public/private keys is smaller compared to other schemes, and the overhead time is less for public key generation, data encryption, and data decryption stages.

Fatemeh Stodt,Mohammed B. M. Kamel,Christoph Reich,Fabrice Theoleyre,Peter Ligeti

DOI: https://doi.org/10.1109/access.2024.3366492

IF: 3.9

2024-02-28

IEEE Access

Abstract:In the rapidly evolving realm of the Industrial Internet of Things (IIoT), securing shop floor operations, especially in audit processes, is of critical importance. This paper confronts the challenge of ensuring data integrity and trust in IIoT systems by leveraging the capabilities of blockchain technology. The unique characteristics of blockchain, such as its immutable and decentralized ledger, establish a solid and transparent foundation for verifying shop floor transactions and activities. We introduce a privacy-centric approach, meticulously designed to comply with stringent data privacy regulations. This method allows auditors to authenticate both IIoT data and devices, ensuring confidentiality and adhering to regulatory standards. Our practical implementation strategy, tailored for shop floor environments, not only enhances the security of device and data integrity but also showcases robustness against specific adversarial threats, including network intrusion, data tampering, and unauthorized access. The findings indicate that our approach not only strengthens security protocols but also integrates effortlessly with existing IIoT infrastructures. It presents an efficient, scalable solution that elevates the safety and reliability of IIoT ecosystems, making it a significant step forward in the quest for secure and compliant industrial operations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yue Wang,Tingyu Che,Xiaohu Zhao,Tao Zhou,Kai Zhang,Xiaofei Hu

DOI: https://doi.org/10.3390/s22093426

2022-04-30

Abstract:Due to the competitive relationship among different smart factories, equipment manufacturers cannot integrate the private information of all smart factories to train the intelligent manufacturing equipment fault prediction model and improve the accuracy of intelligent manufacturing equipment fault detection. The use of a low fault recognition rate model for smart factories will cause additional losses for them. In this work, we propose a blockchain-based privacy information security sharing scheme in Industrial Internet of Things (IIoT) to solve the sharing problem of private information in smart factories. Firstly, we abstract smart factories as edge nodes and build decentralized, distributed trusted blockchain networks based on Ethereum clients on simulated edge devices and propose an Intelligent Elliptic Curve Digital Signature Algorithm (IECDSA) to guarantee the ownership of shared information by edge nodes. Secondly, we propose the Reputation-based Delegated Proof of Stake (RDPoS) consensus algorithm to improve the security and reliability of the Delegated Proof of Stake (DPoS) consensus algorithm. Furthermore, we design and implement an incentive mechanism based on information attributes to increase the motivation of edge nodes to share information. Finally, the proposed solution is simulated. Through theoretical and simulation experiments, it is proved that the blockchain-based privacy information security sharing scheme in IIoT can improve the enthusiasm of edge nodes to share information on the premise of ensuring the security of information sharing.

Jianting Ning,Geong Sen Poh,Jia-Chng Loh,Jason Chia,Ee-Chien Chang

DOI: https://doi.org/10.1145/3319535.3354204

2019-01-01

Abstract:Network middleboxes perform deep packet inspection (DPI) to detect anomalies and suspicious activities in network traffic. However, increasingly these traffic are encrypted and middleboxes can no longer make sense of them. A recent proposal by Sherry et al. (SIGCOMM 2015), named BlindBox, enables the middlebox to perform inspection in a privacy-preserving manner. BlindBox deploys garbled circuit to generate encrypted rules for the purpose of inspecting the encrypted traffic directly. However, the setup latency (which could be 97s on a ruleset of 3,000 as reported) and overhead size incurred by garbled circuit are high. Since communication can only be commenced after the encrypted rules being generated, such delay is intolerable in many real-time applications. In this work, we present PrivDPI, which reduces the setup delay while retaining similar privacy guarantee. Compared to BlindBox, for a ruleset of 3,000, our encrypted rule generation is 288x faster and requires 290,227x smaller overhead for the first session, and is even 1,036x faster and requires 3424,505x smaller overhead over 20 consecutive sessions. The performance gain is based on a new technique for generating encrypted rules as well as the idea of reusing intermediate results generated in previous sessions across subsequent sessions. This is in contrast to Blindbox which performs encrypted rule generation from scratch for every session. Nevertheless, PrivDPI is 6x slower in generating the encrypted traffic tokens, yet in our implementation, the token encryption rate of PrivDPI is more than 17,271 per second which is sufficient for many real-time applications. Moreover, the intermediate values generated in each session can be reused across subsequent sessions for repeated tokens, which could further speedup token encryption. Overall, our experiment shows that PrivDPI is practical and especially suitable for connections with short flows.

Zheng Zhang,Liang Huang,Renzhong Tang,Tao Peng,Lihang Guo,Xingwei Xiang

DOI: https://doi.org/10.1109/case48305.2020.9216817

2020-01-01

Abstract:Industrial Internet of Things (IIoT) is regarded as a promising transformation technology for manufacturing industry. We expect the information flow through along the process of material flow, gauging and collective devices feed IIoT platform with essential data. AI and big data analytical techniques can then be used to process the data to support a series of decision-making. Users at both managerial and operational levels can take actions accordingly, which significantly improve management efficiency in one organization, enhance supply chain coordination, and attract investment, etc. Powerful as bigdata and AI technology, they cannot operate without data. In centralized, third-party-managed IIoT platform, few manufactures are willing to share their critical data. This study extends IIoT framework with blockchain technology to provide a solution for trustless data sharing. The solution embeds encrypted ledger to avoid credential data tampering, employs m- in-n-out smart contracts to secure data exchange, and utilizes consensus mechanism to improve cyber security. The proposed framework integrates blockchain with IIoT to operate the entire industrial data exchange in a decentralized network, namely Industrial Blockchain of Things (IBoT).

Ruonan Li,Yang Qin,Canhui Wang,Mengya Li,Xiaowen Chu

DOI: https://doi.org/10.1109/tii.2022.3210216

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) technology is widely used in modern industrial fields like transportation, but data security remains a major challenge. The blockchain-based access control mechanism can address the data security issue by preventing unauthorized devices from accessing limited IIoT resources. However, most existing blockchain-based access control mechanism for IIoT still has scalability and privacy issues. To deal with the above-mentioned problems, we propose a new scalable and secure strategy for the blockchain-based access control framework for IIoT via sharding, which consists of two components. First, the network sharding scheme based on the access frequency set (N2SAF) is designed to 1) improve the scalability of our proposed strategy by transaction sharding to reduce the storage pressure on nodes, and 2) increase the transaction processing speed on a three-layer architecture based on cloud-edge-device in IIoT. Second, the privacy protection scheme based on a Bloom filter (P2BF) is designed to deal with the privacy leakage problem caused by anonymous address clustering. Simulation results show that our proposed strategy improves the scalability of the system compared to existing methods while ensuring the security of the shard network, especially in large-scale IIoT environments.

Suneetha, G.

DOI: https://doi.org/10.1007/s12083-024-01857-x

IF: 3.488

2024-12-05

Peer-to-Peer Networking and Applications

Abstract:The Industrial Internet of Things (IIoT) is a collection of interconnected smart sensors and actuators with industrial software tools and applications. By gathering and evaluating industrial data in real time, IIoT seeks to improve manufacturing and industrial processes. However, a number of security risks might affect IIoT networks due to their heterogeneous and homogeneous characteristics. Data transmission over an unsecure communication channel leaves the possibility of malicious activity and communication between various entities being accessed by hackers. Thus, protecting the privacy and security of data transferred via IIoT networks is crucial. Motivated by the aforementioned challenges, this paper introduces a deep-learning-based blockchain architecture for IIoT network security. Initially, the industrial devices are registered in the IIoT, and after that, a unique identification (ID) is created for each device presented in the IIoT. For that, the security algorithm named Secure Hash Algorithm-256 (SHA-256) is used to generate unique keys for each device. After that, the Deep Neural Network (DNN) algorithm is developed to perform the encryption and decryption processes for each data record of the IIoT device. After encryption, the secured data of each IIoT device is stored in different blocks for further data communication. Finally, Enhanced Bidirectional Long-Term Memory (EBLSTM) is developed to validate whether the data presented inside the block is valid or not. The TON_IoT dataset is utilized in this research to perform the validation process, and the performance is evaluated through different performance parameters. The results show that the proposed method accomplishes 123tps throughput for a 4.5MB block size with 800 transactions and accomplishes 0.4% authentication accuracy.

computer science, information systems,telecommunications

Mikail Mohammed Salim,Alowonou Kowovi Comivi,Tojimurotov Nurbek,Heejae Park,Jong Hyuk Park

DOI: https://doi.org/10.3390/s22166133

2022-08-16

Abstract:Resource constraints in the Industrial Internet of Things (IIoT) result in brute-force attacks, transforming them into a botnet to launch Distributed Denial of Service Attacks. The delayed detection of botnet formation presents challenges in controlling the spread of malicious scripts in other devices and increases the probability of a high-volume cyberattack. In this paper, we propose a secure Blockchain-enabled Digital Framework for the early detection of Bot formation in a Smart Factory environment. A Digital Twin (DT) is designed for a group of devices on the edge layer to collect device data and inspect packet headers using Deep Learning for connections with external unique IP addresses with open connections. Data are synchronized between the DT and a Packet Auditor (PA) for detecting corrupt device data transmission. Smart Contracts authenticate the DT and PA, ensuring malicious nodes do not participate in data synchronization. Botnet spread is prevented using DT certificate revocation. A comparative analysis of the proposed framework with existing studies demonstrates that the synchronization of data between the DT and PA ensures data integrity for the Botnet detection model training. Data privacy is maintained by inspecting only Packet headers, thereby not requiring the decryption of encrypted data.

Keping Yu,Liang Tan,Caixia Yang,Kim-Kwang Raymond Choo,Ali Kashif Bashir,Joel J. P. C. Rodrigues,Takuro Sato

DOI: https://doi.org/10.1109/jiot.2021.3125190

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT), a typical Internet of Things (IoT) application, integrates the global industrial system with other advanced computing, analysis, and sensing technologies through Internet connectivity. Due to the limited storage and computing capacity of edge and IIoT devices, data sensed and collected by these devices are usually stored in the cloud. Encryption is commonly used to ensure privacy and confidentiality of IIoT data. However, the key used for data encryption and decryption is usually directly stored and managed by users or third-party organizations, which has security and privacy implications. To address this potential security and privacy risk, we propose a Shamir threshold cryptography scheme for IIoT data protection using blockchain: STCChain. Specifically, in our solution, the edge gateway uses a symmetric key to encrypt the data uploaded by the IoT device and stores it in the cloud. The symmetric key is protected by a private key generated by the edge gateway. To prevent the loss of the private key and privacy leakage, we use a Shamir secret sharing algorithm to divide the private key, encrypt it, and publish it on the blockchain. We implement a prototype of STCChain using Xuperchain, and the results show that STCChain can effectively prevent attackers from stealing data as well as ensuring the security of the encryption key.

computer science, information systems,telecommunications,engineering, electrical & electronic

Han Bao,Youjian Zhao,Xiaoping Zhang,Gaoyuan Wang,Jinrong Duan,Renrui Tian,Jiaping Men,Mengyu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3279849

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Artificial Intelligence of Things (AIoT) applications have advanced rapidly. However, most of them are inherently vulnerable to security threats and may be the source of spoofing attacks, and meanwhile, in AIoT systems, the transfer of real-time data from terminals and the cloud strains network bandwidth. To defend against attacks, save network forwarding resources, and relieve authentication pressure on the receiver end, it is essential to verify the source identity of AIoT terminals on the forwarding path. In this article, we propose PDIV, a probabilistic and distributed identity validation solution for AIoT applications. In the framework of PDIV, honest forwarders can verify the authenticity of the source identity of packets with a certain probability and filter spoofed packets to prevent them from spreading, reduce end-to-end network latency, and increase throughput as much as possible. Additionally, PDIV, a blockchain-based system that uses Merkle Patricia Trie (MPT) on the blockchain, makes it practical and efficient to realize distributed storage and verification of identity information. Moreover, we theorize about the tradeoff between PDIV network performance and detection effectiveness, as well as how PDIV enables defenses against different attacks, such as spoofing and Distributed Denial-of-Service attacks. Furthermore, we implement PDIV on network simulator version 3 (NS3) and evaluate its performance. The simulation results demonstrate that PDIV can prevent the spread of spoofed packets effectively and PDIV works better than currently available blockchain-based public-key infrastructure (PKI) approaches in terms of network latency.

Yuhan Yang,Jing Wu,Chengnian Long,Wei Liang,Yi-Bing Lin

DOI: https://doi.org/10.1109/tii.2022.3177630

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the rapid increase of the industrial data and the development of the industrial Internet of Things (IIoT) paradigm, the efficiency and the quality of service of the emerging applications have been improved. However, the contradiction between data sharing and privacy preserving is still an obstacle in the IIoT. To this end, in this article, we propose a privacy-preserving and publicly auditable multiparty computation scheme for industrial data sharing and computing, which avoids privacy leakage and computation misbehavior by separating the data ownership, data use, and data verification. Using the blockchain technology, a transparent management platform is provided to recognize and trace the illegal data and computation behavior. Moreover, we integrate the noninteractive zero-knowledge proof in the multiparty interaction mechanism, wherein the verification of data consistency and computation validity is executed publicly on the blockchain. Finally, we implement experiment to evaluate the performance of the computation latency, communication overhead and the influence of encryption parameter, and the numerical results illustrate the efficiency and feasibility of our scheme.

Weiming Tong,Luyao Yang,Zhongwei Li,Xianji Jin,Liguo Tan

DOI: https://doi.org/10.3390/s24031035

IF: 3.9

2024-02-06

Sensors

Abstract:To address the complexities, inflexibility, and security concerns in traditional data sharing models of the Industrial Internet of Things (IIoT), we propose a blockchain-based data sharing and privacy protection (BBDSPP) scheme for IIoT. Initially, we characterize and assign values to attributes, and employ a weighted threshold secret sharing scheme to refine the data sharing approach. This enables flexible combinations of permissions, ensuring the adaptability of data sharing. Subsequently, based on non-interactive zero-knowledge proof technology, we design a lightweight identity proof protocol using attribute values. This protocol pre-verifies the identity of data accessors, ensuring that only legitimate terminal members can access data within the system, while also protecting the privacy of the members. Finally, we utilize the InterPlanetary File System (IPFS) to store encrypted shared resources, effectively addressing the issue of low storage efficiency in traditional blockchain systems. Theoretical analysis and testing of the computational overhead of our scheme demonstrate that, while ensuring performance, our scheme has the smallest total computational load compared to the other five schemes. Experimental results indicate that our scheme effectively addresses the shortcomings of existing solutions in areas such as identity authentication, privacy protection, and flexible combination of permissions, demonstrating a good performance and strong feasibility.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shan Jiang,Jiannong Cao,Hanqing Wu,Kongyang Chen,Xiulong Liu

DOI: https://doi.org/10.1016/j.ins.2023.03.121

IF: 8.1

2023-03-29

Information Sciences

Abstract:Recent years have witnessed the development and adoption of blockchain technology in intelligent transportation systems (ITS) because of its authenticity and traceability. However, increasing ITS devices impose grand challenges in privacy-preserving and efficient data sharing. Recent research has demonstrated that integrating searchable symmetric encryption in blockchain enables privacy-preserving data sharing among ITS devices. However, existing solutions focus only on single-keyword searches over encrypted ITS data on the blockchain and suffer from privacy and efficiency issues when extended to multi-keyword scenarios. This work proposes a bloom filter-based multi-keyword search protocol for ITS data with enhanced efficiency and privacy preservation. We design a bloom filter to select a low-frequency keyword from the multiple keywords input by the ITS data owner. The low-frequency keyword can filter out a large portion of the ITS data from the search result, thus significantly reducing the computational cost. Furthermore, each identifier-keyword pair is attached with a pseudorandom tag that enables the completion of a search operation in only one round. In this manner, privacy is preserved because there are no intermediate rounds and results. In addition to the multi-keyword search protocol, we specify the addition and deletion protocols to enable dynamic updates of data records. We conducted a comprehensive performance evaluation of the protocols. The experimental results indicate that the proposed multi-keyword search protocol saves 14.67% query time and 59.96% financial cost.

computer science, information systems

Jie Li,Jinshu Su,Xiaofeng Wang,Hao Sun,Shuhui Chen

DOI: https://doi.org/10.1007/978-3-319-69471-9_9

2017-01-01

Abstract:Hardware-based middleboxes are ubiquitous in computer networks, which usually incur high deployment and management expenses. A recently arsing trend aims to address those problems by outsourcing the functions of traditional hardware-based middleboxes to high volume servers in a cloud. This technology is promising but still faces a few challenges. First, the widely adopted data encryption techniques contradict with payload inspection needs of some middleboxes such as DPI and IDS devices. Second, the inspection rules of middleboxes may be commercial properties, thus the middlebox providers want to keep their rules confidential under third-party cloud environments, and this creates hindrances for the cloud to perform outsourced middlebox functions. Third, performance of the outsourced middlebox is an inevitable issue that needs deliberate consideration. In this paper, we propose a cloud-based DPI middlebox implementation which performs payload inspection over encrypted traffic while preserving the privacy of both communication data and inspection rules. Our design employs a modified reversible sketch structure which is used for efficient error-free membership testing, and we utilize unkeyed one-way hash functions instead of complex cryptographic protocols to achieve the privacy preservation requirements. CloudDPI supports a wide range of real-world inspection rules, we conduct evaluations on ClamAV rule set and the experiment results demonstrate the effectiveness of our proposal.

Shancang Li,Tao Qin,Geyong Min

DOI: https://doi.org/10.1109/tcss.2019.2927431

2019-01-01

IEEE Transactions on Computational Social Systems

Abstract:The decentralized nature of blockchain technologies can well match the needs of integrity and provenances of evidences collecting in digital forensics (DF) across jurisdictional borders. In this paper, a novel blockchain-based DF investigation framework in the Internet of Things (IoT) and social systems environment is proposed, which can provide proof of existence and privacy preservation for evidence items examination. To implement such features, we present a block-enabled forensics framework for IoT, namely, IoT forensic chain (IoTFC), which can offer forensic investigation with good authenticity, immutability, traceability, resilience, and distributed trust between evidential entitles as well as examiners. The IoTFC can deliver a guarantee of traceability and track provenance of evidence items. Details of evidence identification, preservation, analysis, and presentation will be recorded in chains of block. The IoTFC can increase trust of both evidence items and examiners by providing transparency of the audit train. The use case demonstrated the effectiveness of the proposed method.

Xiaokang Wang,Laurence T. Yang,Dongdong Huo,Lei Ren,M. Jamal Deen

DOI: https://doi.org/10.1109/jiot.2024.3364528

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT), is the comprehensive interconnection systems of computational, networking and physical devices with the important goal of providing proactive and personalized services efficiently. The foundation of such services is big data integration and processing among various devices, which brings important challenges including data fusion, transferring and sharing of computational results. On the other hand, decentralized blockchain platforms provide novel technologies for reliable IoT data integration and processing. In addition, to facilitate decentralization and distribution of IoT big data, tensor-train (TT), as a tensor decomposition method, can play a vital role. Therefore, in this paper, a tensor-train-based permissioned-private (P2) blockchain is proposed to realize the organization, integration, sharing and applications of IoT data for intelligent IoT services. To demonstrate the performance of the proposed method, case studies with IoT data are carried out on permissioned-private chain platform to measure its performance.

computer science, information systems,telecommunications,engineering, electrical & electronic