No Arabic abstract
Heterogeneous and dynamic IoT environments require a lightweight, scalable, and trustworthy access control system for protection from unauthorized access and for automated detection of compromised nodes. Recent proposals in IoT access control systems have incorporated blockchain to overcome inherent issues in conventional access control schemes. However, the dynamic interaction of IoT networks remains uncaptured. Here, we develop a blockchain based Trust and Reputation System (TRS) for IoT access control, which progressively evaluates and calculates the trust and reputation score of each participating node to achieve a self-adaptive and trustworthy access control system. Trust and reputation are explicitly incorporated in the attribute-based access control policy, so that different nodes can be assigned to different access right levels, resulting in dynamic access control policies. We implement our proposed architecture in a private Ethereum blockchain comprised of a Docker container network. We benchmark our solution using various performance metrics to highlight its applicability for IoT contexts.
Fog computing is an emerging computing paradigm that has come into consideration for the deployment of IoT applications amongst researchers and technology industries over the last few years. Fog is highly distributed and consists of a wide number of autonomous end devices, which contribute to the processing. However, the variety of devices offered across different users are not audited. Hence, the security of Fog devices is a major concern in the Fog computing environment. Furthermore, mitigating and preventing those security measures is a research issue. Therefore, to provide the necessary security for Fog devices, we need to understand what the security concerns are with regards to Fog. All aspects of Fog security, which have not been covered by other literature works needs to be identified and need to be aggregate all issues in Fog security. It needs to be noted that computation devices consist of many ordinary users, and are not managed by any central entity or managing body. Therefore, trust and privacy is also a key challenge to gain market adoption for Fog. To provide the required trust and privacy, we need to also focus on authentication, threats and access control mechanisms as well as techniques in Fog computing. In this paper, we perform a survey and propose a taxonomy, which presents an overview of existing security concerns in the context of the Fog computing paradigm. We discuss the Blockchain-based solutions towards a secure Fog computing environment and presented various research challenges and directions for future research.
NuCypher KMS is a decentralized Key Management System (KMS) that addresses the limitations of using consensus networks to securely store and manipulate private, encrypted data. It provides encryption and cryptographic access controls, performed by a decentralized network, leveraging proxy re-encryption. Unlike centralized KMS as a service solutions, it doesnt require trusting a service provider. NuCypher KMS enables sharing of sensitive data for both decentralized and centralized applications, providing security infrastructure for applications from healthcare to identity management to decentralized content marketplaces. NuCypher KMS will be an essential part of decentralized applications, just as SSL/TLS is an essential part of every secure web application.
The ongoing digital transformation of the medical sector requires solutions that are convenient and efficient for all stakeholders while protecting patients sensitive data. One example involving both patients and health professionals that has already attracted design-oriented research are medical prescriptions. However, current implementations of electronic prescriptions typically create centralized data silos, leaving user data vulnerable to cybersecurity incidents and impeding interoperability. Research has also proposed decentralized solutions based on blockchain technology as an alternative, but privacy-related challenges have either been ignored or shifted to complex or yet non-standardized solutions so far. This paper presents a design and implementation of a system for the exchange of electronic prescriptions based on the combination of two blockchains and a digital wallet app. Our solution combines the bilateral, verifiable, and privacy-focused exchange of information between doctors, patients, and pharmacies based on a verifiable credential with a token-based, anonymized double-spending check. Our qualitative and quantitative evaluations suggest that this architecture can improve existing approaches to electronic prescription management by offering patients control over their data by design, a sufficient level of performance and scalability, and interoperability with emerging digital identity management solutions for users, businesses, and institutions.
In this paper, we propose a trust-centric privacy-preserving blockchain for dynamic spectrum access in IoT networks. To be specific, we propose a trust evaluation mechanism to evaluate the trustworthiness of sensing nodes and design a Proof-of-Trust (PoT) consensus mechanism to build a scalable blockchain with high transaction-per-second (TPS). Moreover, a privacy protection scheme is proposed to protect sensors real-time geolocatioin information when they upload sensing data to the blockchain. Two smart contracts are designed to make the whole procedure (spectrum sensing, spectrum auction, and spectrum allocation) run automatically. Simulation results demonstrate the expected computation cost of the PoT consensus algorithm for reliable sensing nodes is low, and the cooperative sensing performance is improved with the help of trust value evaluation mechanism.In addition, incentivization and security are also analyzed, which show that our design not only can encourage nodes participation, but also resist to many kinds of attacks which are frequently encountered in trust-based blockchain systems.
We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then we address the fact that not all participants in a trust management system can be trusted to assist in such monitoring, and show how many integrity constraints can be monitored in a conservative manner so that trusted participants detect and report if the system enters a policy state from which evolution in unmonitored portions of the policy could lead to a constraint violation.