Abstract-In wireless sensor networks, adversaries can make use of traffic information to locate the monitored objects, e.g., to hunt endangered animals or kill soldiers. In this paper, we first define a hotspot phenomenon that causes an obvious inconsistency in the network traffic pattern due to a large volume of packets originating from a small area. Second, we develop a realistic adversary model, assuming that the adversary can monitor the network traffic in multiple areas, rather than the entire network or only one area. Using this model, we introduce a novel attack called Hotspot-Locating where the adversary uses traffic analysis techniques to locate hotspots. Finally, we propose a cloud-based scheme for efficiently protecting source nodes' location privacy against HotspotLocating attack by creating a cloud with an irregular shape of fake traffic, to counteract the inconsistency in the traffic pattern and camouflage the source node in the nodes forming the cloud. To reduce the energy cost, clouds are active only during data transmission and the intersection of clouds creates a larger merged cloud, to reduce the number of fake packets and also boost privacy preservation. Simulation and analytical results demonstrate that our scheme can provide stronger privacy protection than routing-based schemes and requires much less energy than global-adversary-based schemes.
Ride-sharing is a service that enables drivers to share their trips with other riders, contributing to appealing benefits of shared travel cost and improved access to transportation. However, the majority of existing ride-sharing services rely on a central third party, which make them subject to a single point of failure and privacy disclosure concerns by both internal and external attackers. Moreover, they are vulnerable to distributed denial of service (DDoS) and Sybil attacks due to malicious users involvement. Besides, high service fees should be paid to the ride-sharing service provider. In this paper, we propose a decentralized ride-sharing service based on public Blockchain, named B-Ride. B-Ride enables drivers to propose ride-sharing services without relying on a trusted third party. Both riders and drivers can find rides match while preserving their trip data, including pick-up/drop-off location, departure/arrival date and travel price. However, under the anonymity of the public blockchain, a malicious user may submit multiple ride requests or offers, while not committing to any of them, in order to discover better offer or to make the system unreliable. B-Ride solves this problem by introducing a time-locked deposit protocol for a ride-sharing by leveraging smart contract and zero-knowledge set membership proof. In a nutshell, both a driver and a rider have to show their good willing and commitment by sending a deposit to the blockchain. Later, a driver has to prove to the blockchain on the agreed departure time that he has arrived at the pick-up location. To preserve rider/driver privacy by hiding the exact pick-up location, the proof is performed using zero-knowledge set membership proof. Moreover, to ensure fair service payment, a pay-as-you-derive methodology is introduced based on the elasped distance of the driver and rider. In addition, we introduce a reputation-based trust model to rate drivers based on their past trips without involving any third-parties to allow riders to select them based on their history on the system. Finally, we implement our protocol and deploy it in a test net of Ethereum. The experiment results show the applicability of our protocol atop the existing real-world blockchain.
In advanced metering infrastructure (AMI) networks, smart meters installed at the consumer side should report fine-grained power consumption readings (every few minutes) to the system operator for billing, real-time load monitoring, and energy management. On the other hand, the AMI networks are vulnerable to cyber-attacks where malicious consumers report false (low) electricity consumption to reduce their bills in an illegal way. Therefore, it is imperative to develop schemes to accurately identify the consumers that steal electricity by reporting false electricity usage. Most of the existing schemes rely on machine learning for electricity theft detection using the consumers' fine-grained power consumption meter readings. However, this fine-grained data that is used for electricity theft detection, load monitoring, and billing can also be misused to infer sensitive information regarding the consumers such as whether they are on travel, the appliances they use, and so on. In this paper, we propose an efficient and privacy-preserving electricity theft detection scheme for the AMI network and we refer to it as PPETD. Our scheme allows system operators to identify the electricity thefts, monitor the loads, and compute electricity bills efficiently using masked fine-grained meter readings without violating the consumers' privacy. The PPETD uses secret sharing to allow the consumers to send masked readings to the system operator such that these readings can be aggregated for the purpose of monitoring and billing. In addition, secure two-party protocols using arithmetic and binary circuits are executed by the system operator and each consumer to evaluate a generalized convolutional-neural network model on the reported masked fine-grained power consumption readings for the purpose of electricity theft detection. An extensive analysis of real datasets is performed to evaluate the security and the performance of the PPETD. Our results confirm that our scheme is accurate in detecting fraudulent consumers with privacy preservation and acceptable communication and computation overhead.INDEX TERMS Privacy preservation, machine learning, electricity theft detection, dynamic billing, secure multi-party computation. I. INTRODUCTIONElectricity theft is a serious problem in the existing power grid, which causes great economic loss. Many countries experience a considerable amount of electricity theft. In the UnitedThe associate editor coordinating the review of this manuscript and approving it for publication was Mehedi Masud.
Recently, Autonomous Vehicles (AVs) have gained extensive attention from both academia and industry. AVs are a complex system composed of many subsystems, making them a typical target for attackers. Therefore, the firmware of the different subsystems needs to be updated to the latest version by the manufacturer to fix bugs and introduce new features, e.g., using security patches. In this paper, we propose a distributed firmware update scheme for the AVs' subsystems, leveraging blockchain and smart contract technology. A consortium blockchain made of different AVs manufacturers is used to ensure the authenticity and integrity of firmware updates. Instead of depending on centralized third parties to distribute the new updates, we enable AVs, namely distributors, to participate in the distribution process and we take advantage of their mobility to guarantee high availability and fast delivery of the updates. To incentivize AVs to distribute the updates, a reward system is established that maintains a credit reputation for each distributor account in the blockchain. A zero-knowledge proof protocol is used to exchange the update in return for a proof of distribution in a trustless environment. Moreover, we use attribute-based encryption (ABE) scheme to ensure that only authorized AVs will be able to download and use a new update. Our analysis indicates that the additional cryptography primitives and exchanged transactions do not affect the operation of the AVs network. Also, our security analysis demonstrates that our scheme is efficient and secure against different attacks.
Abstract-In multihop cellular networks, the mobile nodes usually relay others' packets for enhancing the network performance and deployment. However, selfish nodes usually do not cooperate but make use of the cooperative nodes to relay their packets, which has a negative effect on the network fairness and performance. In this paper, we propose a fair and efficient incentive mechanism to stimulate the node cooperation. Our mechanism applies a fair charging policy by charging the source and destination nodes when both of them benefit from the communication. To implement this charging policy efficiently, hashing operations are used in the ACK packets to reduce the number of public-key-cryptography operations. Moreover, reducing the overhead of the payment checks is essential for the efficient implementation of the incentive mechanism due to the large number of payment transactions. Instead of generating a check per message, a small-size check can be generated per route, and a check submission scheme is proposed to reduce the number of submitted checks and protect against collusion attacks. Extensive analysis and simulations demonstrate that our mechanism can secure the payment and significantly reduce the checks' overhead, and the fair charging policy can be implemented almost computationally free by using hashing operations.
In Advanced Metering Infrastructure (AMI) networks, smart meters should send fine-grained power consumption readings to electric utilities to perform real-time monitoring and energy management. However, these readings can leak sensitive information about consumers' activities. Various privacypreserving schemes for collecting fine-grained readings have been proposed for AMI networks. These schemes aggregate individual readings and send an aggregated reading to the utility, but they extensively use asymmetric-key cryptography which involves large computation/communication overhead. Furthermore, they do not address End-to-End (E2E) data integrity, authenticity, and computing electricity bills based on dynamic prices. In this paper, we propose EPIC, an efficient and privacy-preserving data collection scheme with E2E data integrity verification for AMI networks. Using efficient cryptographic operations, each meter should send a masked reading to the utility such that all the masks are canceled after aggregating all meters' masked readings, and thus the utility can only obtain an aggregated reading to preserve consumers' privacy. The utility can verify the aggregated reading integrity without accessing the individual readings to preserve privacy. It can also identify the attackers and compute electricity bills efficiently by using the fine-grained readings without violating privacy. Furthermore, EPIC can resist collusion attacks in which the utility colludes with a relay node to extract the meters' readings. A formal proof, probabilistic analysis are used to evaluate the security of EPIC, and ns-3 is used to implement EPIC and evaluate the network performance. In addition, we compare EPIC to existing data collection schemes in terms of overhead and security/privacy features.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.