Ruei-Hau Hsu

Donghyun Yu, Ruei-Hau Hsu, Jemin Lee

In-vehicle communications are not designed for message exchange between the vehicles and outside systems originally. Thus, the security design of message protection is insufficient. Moreover, the internal devices do not have enough resources to process the additional security operations. Nonetheless, due to the characteristic of the in-vehicle network in which messages are broadcast, secure message transmission to specific receivers must be ensured. With consideration of the facts aforementioned, this work addresses resource problems by offloading secure operations to high-performance devices, and uses attribute-based access control to ensure the confidentiality of messages from attackers and unauthorized users. In addition, we reconfigure existing access control based cryptography to address new vulnerabilities arising from the use of edge computing and attribute-based access control. Thus, this paper proposes an edge computing-based security protocol with fine-grained attribute-based encryption using a hash function, symmetric-based cryptography, and reconfigured cryptographic scheme. In addition, this work formally proves the reconfigured cryptographic scheme and security protocol, and evaluates the feasibility of the proposed security protocol in various aspects using the CANoe software.

Sungho Lee, Minsu Kim, Jemin Lee et al.

Recent advances in blockchain have led to a significant interest in developing blockchain-based applications. While data can be retained in blockchains, the stored values can be deleted or updated. From a user viewpoint that searches for the data, it is unclear whether the discovered data from the blockchain storage is relevant for real-time decision-making process for blockchain-based application. The data freshness issue serves as a critical factor especially in dynamic networks handling real-time information. In general, transactions to renew the data require additional processing time inside the blockchain network, which is called ledger-commitment latency. Due to this problem, some users may receive outdated data. As a result, it is important to investigate if blockchain is suitable for providing real-time data services. In this article, we first describe blockchain-enabled (BCE) networks with Hyperledger Fabric (HLF). Then, we define age of information (AoI) of BCE networks and investigate the influential factors in this AoI. Analysis and experiments are conducted to support our proposed framework. Lastly, we conclude by discussing some future challenges.

Chun-I Fan, Jheng-Jia Huang, Min-Zhe Zhong et al.

Due to the expectedly higher density of mobile devices and exhaust of radio resources, the fifth generation (5G) mobile networks introduce small cell concept in the radio access technologies, so-called Small Cell Networks (SCNs), to improve radio spectrum utilization. However, this increases the chance of handover due to smaller coverage of a micro base station, i.e., home eNodeB (HeNB) in 5G. Subsequently, the latency will increase as the costs of authenticated key exchange protocol, which ensures entity authentication and communication confidentiality for secure handover, also increase totally. Thus, this work presents a secure region-based handover scheme (ReHand) with user anonymity and fast revocation for SCNs in 5G. ReHand greatly reduces the communication costs when UEs roam between small cells within the region of a macro base station, i.e., eNB in 5G, and the computation costs due to the employment of symmetry-based cryptographic operations. Compared to the three elaborated related works, ReHand dramatically reduces the costs from 82.92% to 99.99%. Nevertheless, this work demonstrates the security of ReHand by theoretically formal proofs.

Ruei-Hau Hsu, Jemin Lee, Tony Q. S. Quek et al.

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards, resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, i.e., security agent, to simplify key management and offload the computational costs of security algorithms at IoT devices. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strength IoT security by edge computing.

Ruei-Hau Hsu, Jemin Lee, Tony Q. S. Quek et al.

Device-to-Device (D2D) communication is mainly launched by the transmission requirements between devices for specific applications such as Proximity Services in Long-Term Evolution Advanced (LTE-A) networks, and each application will form a group of devices for the network-covered and network-absent D2D communications. Although there are many privacy concerns in D2D communication, they have not been well-addressed in current communication standards. This work introduces network-covered and network-absent authenticated key exchange protocols for D2D communications to guarantee accountable group anonymity, end-to-end security to network operators, as well as traceability and revocability for accounting and management requirements. We formally prove the security of those protocols, and also develop an analytic model to evaluate the quality of authentication protocols by authentication success rate in D2D communications. Besides, we implement the proposed protocols on android mobile devices to evaluate the computation costs of the protocols. We also evaluate the authentication success rate by the proposed analytic model and prove the correctness of the analytic model via simulation. Those evaluations show that the proposed protocols are feasible to the performance requirements of D2D communications.