Evaluating a Blockchain-based Method for Industrial IoT Data Confidentiality: Proof of Concept

Evaluating a Blockchain-based Method for Industrial IoT Data Confidentiality: Proof of Concept Utilizing the Internet of Things in the industry has led to an event called IIoT (Industrial Internet of Things) due to make smart cities, communication routes, smart grids, etc. IIoT deals with various sensors, devices scattered on the edges, and cloud servers by […]

secure gateway-trusted virtual domain

Edge Centric IoT Security

Edge Centric IoT Security Part 1 Security is an important concept that could be examined from different angles. Although we expect IoT applications to have strong system security protections, securing IoT systems is still a challenge. As I studied before, There are some points of view to check out IoT security challenges such as User-Centric, […]

اینترنت اشیای صنعتی-IIoT

اینترنت اشیای صنعتی- (IIoT) به زبان ساده!؟

Identify the IIoT (Industrial IoT) با پیشرفت مرزهای تکنولوژی؛ به نظر میرسد مرزهای نیازهای انسان هم جابجا شده است.یعنی ظاهرا نیازهای ما پتانسیل ان را دارند که بطور واقع بینانه ای وابسته به تکنولوژی باشند! به همین دلیل اتصال دستگاه های ریز و درشت به همدیگر -در یک حوزه و برای یک هدف خاص-با کمک […]

محل تحلیل داده ها در لبه شبکه بهتر نیست؟!

Data Analysis In Edge-Side در این نوشته میخواهم بصورت اجمالی درمورد سرنوشت داده ای که از سنسور خارج می شود صحبت کنم. اینکه داده پس از جذب توسط حسگرها وانتقال دقیقا چه مراحلی را طی می کند؟! در واقع باید روشن شود که مفهوم تحلیل داده ها در لبه شبکه ؛ یعنی چه. در مطلبی […]

پدافند سایبری CyberSecurity with criminal law

امـروزه فـنآوری اطـلاعات ایجاد ارزشهای جدیدی را در جامعه باعث میشود، که حمایت از آنها نیازمند ضمانت اجراهای کیفری است .اما طـبق اصول کلی حاکم بر سیاست جنایی، همواره پیشگیری و ارائه ی راهکارهای غیرکیفری موثرتر و سودمندتر از مـبارزه و مجازات است .پیشگیری در جرایم سایبری، زمانی ثمربخش خواهدبود، که الگوهای پیشگیری سایبری به […]

Lottery Algorithm in Cloud Computing

Cloud computing as a pattern for distributed computing, are composed of large shrimp ask combined resources with the goal of resource sharing as a service, on the internet. Such resources as in memory, processor and services are always worth and more efficient use of these, is endless challenge Hence the scheduling of tasks in cloud […]

Lottery Algorithm in Cloud Computing

Cloud computing as a pattern for distributed computing, are composed of large shrimp ask combined resources with the goal of resource sharing as a service, on the internet. Such resources as in memory, processor and services are always worth and more efficient use of these, is endless challenge Hence the scheduling of tasks in cloud […]

داده های کلان در شبکه های اجتماعی Big Data: Social Media

Big Data: Social Media in Attendance or Betrayal Fast development of smart devices and application encouraging more people to profit of mobile application. Despite the advantages of mobile application in different domain, participating in social networking and sharing personal information with unknown members bring privacy and security risk which most users are unaware about them. […]

اعتمادسازی در گره های حسگر بی سیم Trust in WSN

An old-fashion study about trust in wireless sensor networks and offer a new resolve to management the battery energy of nodes When we hear about universal communications and technologies promotion, unconsciously, distant borders and how confidence in this type of communication challenges the minds. The challenge of its kind in recent years, has been creating […]

  • ADS300*250

Evaluating a Blockchain-based Method for Industrial IoT Data Confidentiality: Proof of Concept

Evaluating a Blockchain-based Method for Industrial IoT Data Confidentiality: Proof of Concept

Utilizing the Internet of Things in the industry has led to an event called IIoT (Industrial Internet of Things) due to make smart cities, communication routes, smart grids, etc. IIoT deals with various sensors, devices scattered on the edges, and cloud servers by identified standards and protocols in decentralized networks. Besides all benefits the IIoT has carried out, the data stream’s security and privacy remain a debatable subject of this technology. There are many solutions to overcome security issues and confidentiality breaches, but some do not completely consider the purpose. Factors like speed, integrity, security, and power consumption must be considered, and of course, the cost factor is a significant role in achieving the goal. The purpose of this article is to introduce a new scheme evolved from Blockchain methodology to overcome privacy and data confidentiality challenges.

How TBLOCK works?

Structure of sensor datagram
Algorithm for metadata cycle

When the sensor switches on, a new round of data chunks is running. Three Algorithms present phases of this scheme as following. New_Round() means each round for data absorption which here is configured for 1 minute. Coincidence with data generation, the hash value of generation time with SHA-family cryptography methods, is created, then the datagram is formed () and hash values are transferred to modules within the ledger ().

An appropriate blockchain platform for IoT and industrial IoT, for instance, the BFT-based private blockchains according to potential performance and security of data (and user) is suitable for the IoT environment. Totally, private blockchains offer more security and better performance than public blockchains which permission not involved them. In this regard, Hyperledger-Fabric use endorsement policies to define which peers need to execute TXs. In this way, a given chain code can be kept private from peers that are not part of endorsement policy

An IoT-centric consensus protocol must have the capability to sustain maximum possible faulty nodes. Moreover, the IoT systems are vulnerable to physical or cyber attacks, the most important consideration to lessen the effect of faulty nodes is to carry out integrity check of validator nodes so any dishonest node makes contribution on related process. Besides that, the issue of scalability concerning the management of ever-increasing blockchain size on IoT devices can be addressed by various blockchain architectures. For example, sidechain and treechain blockchain. As[23] states a sidechain is a decentralized p2p network which stores sensor data on an off-chain network of private nodes in the form of DHT, in this model the blockchain contains the pointers to data and not all the nodes replicate all TXs.

Big Concern: How to provide security to Industrial IoT data streams

The expanded application of Internet of Things(IoT) has brought development of Industry 4.0 up. The big streams of IIoT are main cause of implementing data-driven strategies. and what makes reliable such those networks? as soon as we see “Reliable” word, something blinks on audiences mind related the methods for carrying out the privacy and security.

Fog-computing-in-Industrial-IoT
https://www.researchgate.net/figure/Fog-computing-in-Industrial-IoT_fig3_326359269

Security on decentralized IIoT

Software solution paradigm :

As the matter of fact, the user mode solutions for handling the security , are primarily located on our thought . may be somebody says it’s better to bring the security of streams into user side. For example by the guard softwares or applications embedded on IoT boards which we call them SENSOR. let’s speech clearly. It is now essential for business to consider production infrastructure in their IT security strategies. Meanwhile, there are completely new attack vectors introduced by connecting machinery that must be monitored and protected by IT administrators. some vendors suggest software components which offers proven methods to secure data stream communications. But these scenarios mainly act better on centralized networks which there are some hosts to manage end-user’s data. But what about decentralized network and their generated big data? Does the software solution or end-user solution sufficient? Definitely not! It’s obvious we face huge amount of data generated by sensors which are inclined to be transfer some where with including enough power and ability. Therefore, what kind of approaches would be apply in security matters?! Undoubtedly only one method such as secure Tunnel nor data monitoring tools in one side will not be the best way.

Secure Channel paradigm:

How about the path of data streams? As we all know, the main concern of all networks( Data_Centric one), is how to provide safe communication channel. Cheifly on decentralized networks whose there is not main peer for data management except the nodes themselves. Thus one way to bring reliability is using cryptography algorithms. All connections between the end devices and the IIoT remote gateway or the central IIoT gateway and the IIoT remote gateway are encrypted with advanced algorithms (for example using Suite B cryptography). For additional security, all machine certificates can be managed centrally in a public key infrastructure (PKI). This ensures unique authentication for all end devices. Each time a connection is established, certificates are validated against Certification Authority (CA) revocation lists (online or offline).

Edge Components paradigm:

As the earlier posts, IoT and IIoT include Edge solutions which provide more convenience data processing mechanisms. Some principals such as device centric solutions, edge-based security orchestration , etc. albeit, as the Edge involves number of components then there would be main concerns on how to make secure relations. The DLT (Distributed Hash Table) which based on blockchain method, is asserted to this challenge. Another certain way is using strong protocols such as IPFS. This is HTML-based solution for securing decentralized WEB but in some ways industry owners whom wants to implement IIoT, would carry out this protocol.

Data Priority paradigm:

After all possible methods we can speak about, I want to allude to new paradigm related the mentioned issue. Do the priority of data play a role ? I mean If there would some components for leveraging the data priority, then we can say security issues would be overwhelm. In such a way that higher priority data is stored in the IoT components with certain methods. because that is not cost effective nor time consuming to manage all absorbed data in one way.

Conclusion !

at last but not least, Integrity, confidentiality, and privacy are three big concerns should be take over by Industry 4.0 owners. The big data streams could be handle by machine learning methods in which the Priority has a main role and I want to write more in deep about data priority soon.

Edge Centric IoT Security

Part 2

In the previous post(part 1), I explained what the strength and weakness of Data-Centric Security at IoT architecture. Now I’m going to inspect the “Edge” capability on the security point of view. An intelligent factor may be more involved in designing a security architecture with edge centrality.

There are 4 sections for Edge-Centric architecture: end devices – users – cloud and finally the edge. As I mentioned before the Users are dealing with IoT apps that aim for a comfortable life that they actually rely on instead of just getting the service they want. Technology is lined up for them from the server or service edge. The End Devices are embedded in the physical part that senses the environment but can not perform heavy computational tasks. The Cloud has unlimited resources but is too far away and sometimes doesn’t cost-effective in real-time applications but at the moment this is the responsibility of the Cloud, definitely, there would better choice if we can bring the Edge in this architecture.

Constraints cause changes

The relationship between Cloud and Edge can be dependent (in collaboration) or independent (all responsibility lies with the edge). Collaboratively, the cloud performs dl based on Big data, and the learned model can be used by the edge to provide better services to end-users. Independently, the edge will do many tasks as storing, computing, and so on. Edge-centric design and architecture seem to be optimal (in terms of security) because compared to End Devices:
1. The edge layer has more resources, so security computational operations such as homomorphic encryption, attributed-based access control, etc. occur in the edge layer. 2-The edge layer is physically closer to the end device, which is useful in real-time security design demands.

3. The Edge layer collects and stores data. So compared to the end device, it is a better place to make security decisions. for instance, with the Big data the edge layer detects unauthorized interference more efficiently. 4- Considering the maintenance costs, resource constraints, and sheer numbers of end devices, it isn’t cost-effective to deploying firewall on end devices but should be implemented on the edge.

Edge Centric IoT Security

Edge Centric IoT Security

Part 1

Security is an important concept that could be examined from different angles. Although we expect IoT applications to have strong system security protections, securing IoT systems is still a challenge. As I studied before, There are some points of view to check out IoT security challenges such as User-Centric, Edge-Centric, Device-Centric. In this article, I’m going to investigate Edge-Centric IoT security.

There are many factors to overcome IoT security challenges such as recourse limitation and not enough secure design. In organization’s point of view there must be some secure mechanisms including advanced security algorithms which are following:

1-Attributed-base Access Control 2-Group Signature Authentication 3-Homomorphic Cryptography 4-Public Key-based solutions

IoT Devices Capability for Security Orchestration

These solutions demand ultra computing power and more memory space for devices to doing tasks and most of the time these aren’t suitable and capable of IoT end devices such as smart cameras, smart lockers, etc. in the contrast the cloud has unlimited resources but the cause of distance from end devices, providing the QoS for IoT end devices isn’t effective thus recently the edge-Centric security for IoT has been emphasized. This is a novel paradigm that improves IoT performance and would provide security solutions for end devices.

Edge Centric Architect of IoT

based on an article I have recently studied(Kewei Sha et.al ,”A Survey of edge computing-based designs for IoT security), The Edge-Centric IoT architecture contains four major parts: the cloud, the IoT end device, the edge and users. Users are the same IoT applications which lead us to easier life based on cloud/edge side services are provided to them. The end devices are embedded in physical section sense the world but they are not able to do powerful computing. The cloud has unlimited resources but are far from end devices thus are not cost effective for real-time applications. The edge if is the main center of IoT technology, the cost effective issue become lighter.

Design IoT Security based on Edge

The comprehensive design solutions in the edge layer include 3 parts: 1-User-Centric 2-Device-Centric 3-End-to-End security.

User-Centric: If IoT user got satisfied, It’s done 🙂 This is a known rule for being a success on IoT. By thousands of IoT connected devices on the internet scale, IoT applications take a chance to provide user access to a lot of resources with the terminals such as PCs, smartphones, and smart TVs. The most interesting property of IoT applications is pervasive availability to the resources. but in the security objective, two things must be considered. First: the user always may not use a secure and reliable device and second, ordinary users do not have efficient knowledge about security management.

Therefore the management of security for each user is not a bad idea and has some outcomes. 1-Design of personal security architecture 2-Virtualized security on the edge network. as the this link presents, when an individual user wants to access resources from different devices, first is connected to a Trusted Virtual Domain(TVD) in edge-side. then TVD handles secure access to IoT resources.

User-Centric edge-based IoT security architecture

I’ll talk more on the next post.

چالش امنیتی اینترنت اشیا IoT Security Solution

چالش امنیت اینترنت اشیا

در نوشته قبلی در مورد اینترنت اشیا صحبت کردم ، مثالهایی از اینترنت اشیا در ابعاد وسیع که عموما آنرا IIoT (industrial IoT) می نامند را ارائه کردم و در این پست قصد دارم خیلی خلاصه وار در مورد چالش های امنیتی اینترنت اشیا (IoT security solution)صحبت کنم.

مسايل امنیتی در تمامی حوزه های تکنولوژی چالش هایی بحث برانگیز دارند و بالطبع در اینترنت اشیا هم می توان درمورد آنها بسیار نظر داد و خلق ایده کرد. از دیدگاه بسیاری از شرکت های فعال در حوزه اینترنت اشیا، امنیت می تواند شامل مواردی از این دست باشد:

-security must be managed in IoT
لازمه حفظ امنیت در اینترنت اشیا
https://www.netsparker.com

راه حل های چالش های امنیت در اینترنت اشیا؛ پیش پاافتاده ولی کارساز! simple IoT security solutions

۱-امنیت دستگاه ها :

سنسورها ممکن است موردحمله قرار بگیرند چه از نظر فیزیکی چه از نظر اطلاعاتی . برای این منظور می توان راه حلی ساده مانند اختصاص دادن شماره شناسایی(ID) به هر سنسور/ دستگاه و تعیین رمز ورود هش شده (Hashing)را پیشنهاد کرد. در اینصورت مهاجم حتی اگر بطور فیزیکی هم سنسور را مورد حمله قرار دهد برای خواندن اطلاعات راه سختی در پیش دارد. ضمن اینکه در دستکاری راه دور (Remote Access Breach) باز هم شکستن قفل هش فرایندی زمانگیر و پرزحمت است.

راه حل پیشنهادی دوم؛ حفظ داده ها از طریق ذخیره سازی آنها در عنصری امن و مقاوم در برابر دستکاری است که شرکت Thales -فعال در حوزه اینترنت اشیا-صراحتا آن را در کاربردهای حساس IoT مانند مراقبت های بهداشتی(Health-care)، شبکه های هوشمند برق(Smart Grid) و در حوزه خودرو استفاده می کند.

Cyber Security Analysis Experts

Everything that happens in virtual life makes affect our real-life, or maybe it’s reverse. anyway, we know the huge effects of the internet as a virtual and real aspect of life. in this post I’d not to talk about the internet and virtual life, other media have spoken much more before but I’m going to mention an important aspect of the internet which makes affect on our life, it is security analysis and all accidents within related it which we call cyber.

You know there may be vulnerabilities in each device, the organization even or on methods which may cause irreparable accidents therefore a person or a security group is needed to decrease breaches and threats. Let’s talk briefly about the types of breaches that may be occurring.

Cyber Security Vulnerability in Example

Consider you have signed up on the website of your financial account, you have permission to check out your financial cycle, money transferring, your credit cards, and paying the bills. you didn’t control your account by email or phone messages while you were on vacation. the first day after the vacation you can’t sign in to your account and after informing the bank about the flow and they will check and the result is that your account is being used by someone else in a remote place. This can easily happen in today’s internet-based world, and the reason is that many times the malicious thoughts are not behind the scenes and may cause of insecure password!

Insecure Password or No-password accounts/ Insecure URL / Insecure communication channel like public WiFi / not Safe browsers, applications,.etc are some of the undeniable vulnerabilities. there are so many factors related to cyber security I should discuss them may be on another post, here I must clarify some job positions in the field of security.

Cyber Security Related Tasks

1-Cyber security Analyst

Someone who manages a team to guide and evaluate the abilities, activities and logs mentioned. A person who, like team members, is expected to collect, analysis, process, and publish cyber security alerts. In relation to network monitoring, he is responsible for implementing security policies and implementing a plan to deal with potential threats.

2-Security Assurance

Analyzes gaps between existing regulations and controls. His duties include analyzing risk assessment, creating and collecting required documents, configuring reports, and managing user accounts.

3-Application Security

Test applications within an organization and highlight any vulnerabilities. The software life cycle, becomes more accurate and examines the organization’s feedback to improve the overall security of the system. He/She examines penetration testing methods by specific standards and explores vulnerabilities in client applications and standard applications.

4-Security Management

A security manager helps create and review security policy documents, provides more training on security awareness (among other training resources). Creates and offers news articles, communication emails, and deployment of security products. Provides tart continuity and improvement methods and researches overall security upgrades in enterprise networks.

5-Network Management

Network management includes participation in the development and creation of computer networks with regard to general security, integration, and management of networks in relation to switches, routers, firewalls, and other network entities in terms of security and responding to security alerts related to the network, including Identify the implementation, review, creation, and determination of information security requirements.

main resource of this article is www.cyberinternacademy.com