Abstract: The rapid developments of the Internet of Things (IoT) and smart mobile devices in recent years have been dramatically incentivizing the advancement of edge computing. On the one hand, edge computing has provided a great assistance for lightweight devices to accomplish complicated tasks in an efficient way; on the other hand, its hasty development leads to the neglection of security threats to a large extent in edge computing platforms and their enabled applications. In this paper, we provide a comprehensive survey on the most influential and basic attacks as well as the corresponding defense mechanisms that have edge computing specific characteristics and can be practically applied to real-world edge computing systems. More specifically, we focus on the following four types of attacks that account for 82% of the edge computing attacks recently reported by Statista: distributed denial of service attacks, side-channel attacks, malware injection attacks, and authentication and authorization attacks. We also analyze the root causes of these attacks, present the status quo and grand challenges in edge computing security, and propose future research directions.

Abstract: This paper surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy and access control list, data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area.

Abstract: The Internet of Things (IoT) is the ability to provide everyday devices with a way of identification and another way for communication with each other. The spectrum of IoT application domains is very large including smart homes, smart cities, wearables, e-health, etc. Consequently, tens and even hundreds of billions of devices will be connected. Such devices will have smart capabilities to collect, analyze and even make decisions without any human interaction. Security is a supreme requirement in such circumstances, and in particular authentication is of high interest given the damage that could happen from a malicious unauthenticated device in an IoT system. This paper gives a near complete and up-to-date view of the IoT authentication field. It provides a summary of a large range of authentication protocols proposed in the literature. Using a multi-criteria classification previously introduced in our work, it compares and evaluates the proposed authentication protocols, showing their strengths and weaknesses, which constitutes a fundamental first step for researchers and developers addressing this domain.

Abstract: Device authentication is an essential security feature for Internet of Things (IoT). Many IoT devices are deployed in the open and public places, which makes them vulnerable to physical and cloning attacks. Therefore, any authentication protocol designed for IoT devices should be robust even in cases when an IoT device is captured by an adversary. Moreover, many of the IoT devices have limited storage and computational capabilities. Hence, it is desirable that the security solutions for IoT devices should be computationally efficient. To address all these requirements, in this paper, we present a lightweight and privacy-preserving two-factor authentication scheme for IoT devices, where physically uncloneable functions have been considered as one of the authentication factors. Security and performance analysis show that our proposed scheme is not only robust against several attacks, but also very efficient in terms of computational efficiently.

Abstract: The Internet of Drones (IoD) provides a coordinated access to unmanned aerial vehicles that are referred as drones. The on-going miniaturization of sensors, actuators, and processors with ubiquitous wireless connectivity makes drones to be used in a wide range of applications ranging from military to civilian. Since most of the applications involved in the IoD are real-time based, the users are generally interested in accessing real-time information from drones belonging to a particular fly zone. This happens if we allow users to directly access real-time data from flying drones inside IoD environment and not from the server. This is a serious security breach which may deteriorate performance of any implemented solution in this IoD environment. To address this important issue in IoD, we propose a novel lightweight user authentication scheme in which a user in the IoD environment needs to access data directly from a drone provided that the user is authorized to access the data from that drone. The formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool along with informal security analysis show that our scheme is secure against several known attacks. The performance comparison demonstrates that our scheme is efficient with respect to various parameters, and it provides better security as compared to those for the related existing schemes. Finally, the practical demonstration of our scheme is done using the widely accepted NS2 simulation.

Abstract: In the emerging industrial Internet of Things (IIoT) era, machine-to-machine (M2M) communication technology is considered as a key underlying technology for building IIoT environments, where devices (e.g., sensors, actuators, and gateways) are enabled to exchange information with each other in an autonomous way without human intervention. However, most of the existing M2M protocols that can be also used in the IIoT domain provide security mechanisms based on asymmetric cryptography resulting in high computational cost. As a consequence, the resource-constrained IoT devices are not able to support them appropriately and thus, many security issues arise for the IIoT environment. Therefore, lightweight security mechanisms are required for M2M communications in IIoT in order to reach its full potential. As a step toward this direction, in this paper, we propose a lightweight authentication mechanism, based only on hash and XOR operations, for M2M communications in IIoT environment. The proposed mechanism is characterized by low computational cost, communication, and storage overhead, while achieving mutual authentication, session key agreement, device’s identity confidentiality, and resistance against the following attacks: replay attack, man-in-the-middle attack, impersonation attack, and modification attack.

Abstract: An Internet of Vehicles (IoV) allows forming a self-organized network and broadcasting messages for the vehicles on roads. However, as the data are transmitted in an insecure network, it is essential to use an authentication mechanism to protect the privacy of vehicle users. Recently, Ying et al. proposed an authentication protocol for IoV and claimed that the protocol could resist various attacks. Unfortunately, we discovered that their protocol suffered from an offline identity guessing attack, location spoofing attack, and replay attack, and consumed a considerable amount of time for authentication. To resolve these shortcomings, we propose an improved protocol. In addition, we provide a formal proof to the proposed protocol to demonstrate that our protocol is indeed secure. Compared with previous methods, the proposed protocol performs better in terms of security and performance.

Abstract: Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry.

Abstract: Industrial wireless sensor network (IWSN) is an emerging class of a generalized WSN having constraints of energy consumption, coverage, connectivity, and security. However, security and privacy is one of the major challenges in IWSN as the nodes are connected to Internet and usually located in an unattended environment with minimum human interventions. In IWSN, there is a fundamental requirement for a user to access the real-time information directly from the designated sensor nodes. This task demands to have a user authentication protocol. To satisfy this requirement, this paper proposes a lightweight and privacy-preserving mutual user authentication protocol in which only the user with a trusted device has the right to access the IWSN. Therefore, in the proposed scheme, we considered the physical layer security of the sensor nodes. We show that the proposed scheme ensures security even if a sensor node is captured by an adversary. The proposed protocol uses the lightweight cryptographic primitives, such as one way cryptographic hash function, physically unclonable function, and bitwise exclusive operations. Security and performance analysis shows that the proposed scheme is secure, and is efficient for the resource-constrained sensing devices in IWSN.

Abstract: Traditional authentication in radio-frequency (RF) systems enable secure data communication within a network through techniques such as digital signatures and hash-based message authentication codes (HMAC), which suffer from key-recovery attacks. State-of-the-art Internet of Things networks such as Nest also use open authentication (OAuth 2.0) protocols that are vulnerable to cross-site-recovery forgery (CSRF), which shows that these techniques may not prevent an adversary from copying or modeling the secret IDs or encryption keys using invasive, side channel, learning or software attacks. Physical unclonable functions (PUFs), on the other hand, can exploit manufacturing process variations to uniquely identify silicon chips which makes a PUF-based system extremely robust and secure at low cost, as it is practically impossible to replicate the same silicon characteristics across dies. Taking inspiration from human communication, which utilizes inherent variations in the voice signatures to identify a certain speaker, we present RF-PUF: a deep neural network-based framework that allows real-time authentication of wireless nodes, using the effects of inherent process variation on RF properties of the wireless transmitters (Tx), detected through in-situ machine learning at the receiver (Rx) end. The proposed method utilizes the already-existing asymmetric RF communication framework and does not require any additional circuitry for PUF generation or feature extraction. The burden of device identification is completely shifted to the gateway Rx, similar to the operation of a human listener’s brain. Simulation results involving the process variations in a standard 65-nm technology node, and features such as local oscillator offset and ${I}$ – ${Q}$ imbalance detected with a neural network having 50 neurons in the hidden layer indicate that the framework can distinguish up to 4800 Tx(s) with an accuracy of 99.9% [≈99% for 10000 Tx(s)] under varying channel conditions, and without the need for traditional preambles. The proposed scheme can be used as a stand-alone security feature, or as a part of traditional multifactor authentication.

Abstract: A user (external party) is interested in accessing the real-time data from some designated drones of a particular fly zone in the Internet of Drones (IoD) deployment. However, to provide this facility, the user needs to be authenticated by an accessed remote drone and vice-versa. After successful authentication both parties can establish a secret session key for the secure communication. To handle this important problem in IoD environment, we design a novel temporal credential based anonymous lightweight user authentication mechanism for IoD environment, called TCALAS. A detailed security analysis using formal security under the broadly applied real-or-random (ROR) model, formal security verification under the broadly used software verification tool, known as automated validation of internet security protocols and applications, and also informal security analysis reveal that TCALAS has the capability to resist various known attacks against passive/active adversary. In addition, a detailed comparative study has been conducted for TCALAS and other related schemes, and the study also reveals that TCALAS provides better security and functionality features, and lower costs in both computation and communication as compared to existing schemes.

Abstract: In a research community, data sharing is an essential step to gain maximum knowledge from the prior work. Existing data sharing platforms depend on trusted third party (TTP). Due to the involvement of TTP, such systems lack trust, transparency, security, and immutability. To overcome these issues, this paper proposed a blockchain-based secure data sharing platform by leveraging the benefits of interplanetary file system (IPFS). A meta data is uploaded to IPFS server by owner and then divided into n secret shares. The proposed scheme achieves security and access control by executing the access roles written in smart contract by owner. Users are first authenticated through RSA signatures and then submit the requested amount as a price of digital content. After the successful delivery of data, the user is encouraged to register the reviews about data. These reviews are validated through Watson analyzer to filter out the fake reviews. The customers registering valid reviews are given incentives. In this way, maximum reviews are submitted against every file. In this scenario, decentralized storage, Ethereum blockchain, encryption, and incentive mechanism are combined. To implement the proposed scenario, smart contracts are written in solidity and deployed on local Ethereum test network. The proposed scheme achieves transparency, security, access control, authenticity of owner, and quality of data. In simulation results, an analysis is performed on gas consumption and actual cost required in terms of USD, so that a good price estimate can be done while deploying the implemented scenario in real set-up. Moreover, computational time for different encryption schemes are plotted to represent the performance of implemented scheme, which is shamir secret sharing (SSS). Results show that SSS shows the least computational time as compared to advanced encryption standard (AES) 128 and 256.

Abstract: The convergence of cloud computing and Internet of Things (IoT) is partially due to the pragmatic need for delivering extended services to a broader user base in diverse situations. However, cloud computing has its limitation for applications requiring low-latency and high mobility, particularly in adversarial settings (e.g. battlefields). To some extent, such limitations can be mitigated in a fog computing paradigm since the latter bridges the gap between remote cloud data center and the end devices (via some fog nodes). However, fog nodes are often deployed in remote and unprotected places. This necessitates the design of security solutions for a fog-based environment. In this paper, we investigate the fog-driven IoT healthcare system, focusing only on authentication and key agreement. Specifically, we propose a three-party authenticated key agreement protocol from bilinear pairings. We introduce the security model and present the formal security proof, as well as security analysis against common attacks. We then evaluate its performance, in terms of communication and computation costs.

Abstract: As modern vehicles and distributed fog services advance apace, vehicular fog services (VFSs) are being expected to span across multiple geo-distributed datacenters, which inevitably leads to cross-datacenter authentication. Traditional cross-datacenter authentication models are not suitable for the scenario of high-speed moving vehicles accessing VFS, because these models either ignored user privacy or ignored the delay requirement of driving vehicles. This paper proposes a blockchain-assisted lightweight anonymous authentication (BLA) mechanism for distributed VFS, which is provisioned to driving vehicles. BLA can achieve the following advantages: 1) realizing a flexible cross-datacenter authentication, in which a vehicle can decide whether to be reauthenticated or not when it enters a new vehicular fog datacenter; 2) achieving anonymity, and granting vehicle users the responsibility of preserving their privacy; 3) it is lightweight by achieving noninteractivity between vehicles and service managers (SMs), and eliminating the communication between SMs in the authentication process, which significantly reduces the communication delay; and 4) resisting the attack that the database governed by one center is tampered with. BLA achieves these advantages by effectively combining modern cryptographical technology and blockchain technology. These security features are demonstrated by carrying out security analysis. Meanwhile, extensive simulations are conducted to validate the efficiency and practicality of BLA.

Abstract: Internet of Vehicles (IoV) is an intelligent application of Internet of Things (IoT) in smart transportation that takes intelligent commitments to the passengers to improve traffic safety and efficiency, and generate a more enjoyable driving and riding environment. Fog cloud-based IoV is another variant of mobile cloud computing where vehicular cloud and Internet can co-operate in more effective way in IoV. However, more increasing dependence on wireless communication, control, and computing technology makes IoV more dangerous to prospective attacks. For secure communication among vehicles, road-side units, fog and cloud servers, we design a secure authenticated key management protocol in fog computing-based IoV deployment, called AKM-IoV. In the designed AKM-IoV, after mutual authentication between communicating entities in IoV they establish session keys for secure communications. AKM-IoV is tested for its security analysis using the formal security analysis under the widely accepted real-or-random (ROR) model, informal, and formal security verification using the broadly accepted automated validation of Internet security protocols and applications (AVISPAs) tool. The practical demonstration of AKM-IoV is shown using the NS2 simulation. In addition, a detailed comparative study is conducted to show the efficiency and functionality and security features supported by AKM-IoV as compared to other existing recent protocols.

Abstract: Cloud computing is a term which is employed to explain different concepts of computing that includes several PCs linked through a real time network of communication such as internet. Cloud computing is a developing paradigm which has in the recent times attracted lot of researchers because of its capability to decrease the costs related with computing. Due to the rapid growth of cloud computing techniques the rapid raise of services of cloud became outstanding. In today’s world data security is a challenging problem. The essential issue related with cloud computing is the security of cloud and the proper cloud implementation over the network. In cloud the models of security namely confidentiality, authentication, accessibility, data recovery and data integrity. It includes services of cloud, model of deployment, security problems and barriers in cloud computing. Nowadays, enhancing security of data in cloud has become a major concern and the solution for this is to apply appropriate encryption techniques while storing the data in the cloud. This study proposes a hybrid algorithm to enhance security of cloud data using encryption algorithm. The main purpose of using encryption algorithms is to secure or store huge amount of information in cloud. This study combines homographic encryption and blowfish encryption to enhance cloud security. It can be concluded that if the security issues are resolved then the future will be the solutions for cloud storage for small as well as large firms.

Abstract: With the progress in wireless communication technology and the increasing number of vehicles, vehicular ad hoc networks (VANETs) have become essential for improving road conditions and enhancing driving experience. The core of the VANETs is the communication between different vehicles, and the security of the communication is based on message authentication. Several schemes have been designed to enhance the efficiency of message authentication. However, these schemes have the disadvantage of redundant authentication, i.e., repeated authentication of the same message, and fail to seek invalid messages from the batch of messages. To solve these problems, this paper introduces a novel edge-computing concept into the message-authentication process of VANETs. In our scheme, the roadside unit can efficiently authenticate messages from nearby vehicles and broadcast the authentication results to the vehicles within its communication range, thereby reducing redundant authentication and enhancing the efficiency of the entire system. The security analysis results show that the proposed scheme satisfies the security requirements of the VANETs. The performance analysis results show that the proposed scheme can not only work well in an ideal environment where the attacker is absent but also capable of quickly identifying valid and invalid messages even if the VANET is attacked.

Abstract: In this paper, we present a robust and secure watermarking approach using transform domain techniques for tele-health applications. The patient report/identity is embedding into the host medical image for the purpose of authentication, annotation and identification. For better confidentiality, we apply the chaos based encryption algorithm on watermarked image in a less complex manner. Experimental results clearly indicated that the proposed technique is highly robust and sufficient secure for various forms of attacks without any significant distortions between watermarked and cover image. Further, the performance evaluation of our method is found better to existing state-of-the-art watermarking techniques under consideration. Furthermore, quality analysis of the watermarked image is estimated by subjective measure which is beneficial in quality driven healthcare industry.

Abstract: The privacy-preserving authentication is considered as the first line of defense against the attacks in addition to preserving the identity privacy of the vehicles in the vehicular ad hoc networks (VANETs). However, the existing authentication schemes suffer from drawbacks such as nontransparency of the trusted authorities (TAs), heavy workload to revoke certificates, and high computation overhead to authenticate identities and messages. In this paper, we propose a blockchain-based privacy-preserving authentication (BPPA) scheme for VANETs. In BPPA, all the certificates and transactions are recorded permanently and immutably in the blockchain to make the activities of the semi-TAs transparent and verifiable. However, it remains a challenge how to use such blockchain effectively for authentication in real driving scenarios (e.g., high speed or large amount of messages during congestion). With a novel data structure named the Merkle Patricia tree (MPT), we extend the conventional blockchain structure to provide a distributed authentication scheme without the revocation list. To achieve conditional privacy, we allow a vehicle to use multiple certificates. The linkability between the certificates and real identity is encrypted and stored in the blockchain and can only be revealed in case of disputes. We evaluate the validity and performance of BPPA on the Hyperledger Fabric (HLF) platform for each entity. The experimental results show that the distributed authentication can be processed by individual vehicles within 1 ms, which meets the real-time requirement and is much more efficient, in terms of the processing time and storage requirement, than existing approaches.

Abstract: The access security of wireless devices is a serious challenge in present wireless network security. Radio frequency (RF) fingerprint recognition technology as an important non-password authentication technology attracts more and more attention, because of its full use of radio frequency characteristics that cannot be imitated to achieve certification. In this paper, a RF fingerprint identification method based on dimensional reduction and machine learning is proposed as a component of intrusion detection for resolving authentication security issues. We compare three kinds of dimensional reduction methods, which are the traditional PCA, RPCA and KPCA. And we take random forests, support vector machine, artificial neural network and grey correlation analysis into consideration to make decisions on the dimensional reduction data. Finally, we obtain the recognition system with the best performance. Using a combination of RPCA and random forests, we achieve 90% classification accuracy is achieved at SNR $$\ge $$ 10 dB when reduced dimension is 76. The proposed method improves wireless device authentication and improves security protection due to the introduction of RF fingerprinting.

Abstract: As a prominent early instance of the Internet of Things in the smart grid, the advanced metering infrastructure (AMI) provides real-time information from smart meters to both grid operators and customers, exploiting the full potential of demand response. However, the newly collected information without security protection can be maliciously altered and result in huge loss. In this paper, we propose an energy theft detection scheme with energy privacy preservation in the smart grid. Especially, we use combined convolutional neural networks (CNNs) to detect abnormal behavior of the metering data from a long-period pattern observation. In addition, we employ Paillier algorithm to protect the energy privacy. In other words, the users’ energy data are securely protected in the transmission and the data disclosure is minimized. Our security analysis demonstrates that in our scheme data privacy and authentication are both achieved. Experimental results illustrate that our modified CNN model can effectively detect abnormal behaviors at an accuracy up to 92.67%.

Abstract: Emerging technologies rapidly change the essential qualities of modern societies in terms of smart environments. To utilize the surrounding environment data, tiny sensing devices and smart gateways are highly involved. It has been used to collect and analyze the real-time data remotely in all Industrial Internet of Things (IIoT). Since the IIoT environment gathers and transmits the data over insecure public networks, a promising solution known as authentication and key agreement (AKA) is preferred to prevent illegal access. In the medical industry, the Internet of Medical Things (IoM) has become an expert application system. It is used to gather and analyze the physiological parameters of patients. To practically examine the medical sensor-nodes, which are imbedded in the patient’s body. It would in turn sense the patient medical information using smart portable devices. Since the patient information is so sensitive to reveal other than a medical professional, the security protection and privacy of medical data are becoming a challenging issue of the IoM. Thus, an anonymity-based user authentication protocol is preferred to resolve the privacy preservation issues in the IoM. In this paper, a Secure and Anonymous Biometric Based User Authentication Scheme (SAB-UAS) is proposed to ensure secure communication in healthcare applications. This paper also proves that an adversary cannot impersonate as a legitimate user to illegally access or revoke the smart handheld card. A formal analysis based on the random-oracle model and resource analysis is provided to show security and resource efficiencies in medical application systems. In addition, the proposed scheme takes a part of the performance analysis to show that it has high-security features to build smart healthcare application systems in the IoM. To this end, experimental analysis has been conducted for the analysis of network parameters using NS3 simulator. The collected results have shown superiority in terms of the packet delivery ratio, end-to-end delay, throughput rates, and routing overhead for the proposed SAB-UAS in comparison to other existing protocols.

Abstract: The maturity of cloud computing, the Internet of Things technology, and intelligent transportation system has promoted the rapid development of vehicular ad-hoc networks (VANETs). To keep pace with real-world demands (mobility, low latency, etc.) in a practical VANETs deployment, there have been attempts to integrate fog computing with VANETs. To facilitate secure interaction in fog-based VANETs, we design a new authenticated key agreement protocol without bilinear pairing. This protocol achieves mutual authentication, generates a securely agreed session key for secret communication, and supports privacy protection. We also give a strict formal security proof and demonstrate how the proposed protocol meets the security requirements in the fog-based VANETs. We then evaluate the efficiency of the proposed protocol, and it shows the practicality of the protocol.

Abstract: A low-complexity, yet secure framework is proposed for protecting the IoT and for achieving both authentication and secure communication. In particular, the slight random difference among transceivers is extracted for creating a unique radio frequency fingerprint and for ascertaining the unique user identity. The wireless channel between any two users is a perfect source of randomness and can be exploited as cryptographic keys. This can be applied to the physical layer of the communications protocol stack. This article reviews these protocols and shows how they can be integrated to provide a complete IoT security framework. We conclude by outlining the future challenges in applying these compelling physical layer security techniques to the IoT.

Abstract: Virtual personal assistants (VPA) (e.g., Amazon Alexa and Google Assistant) today mostly rely on the voice channel to communicate with their users, which however is known to be vulnerable, lacking proper authentication (from the user to the VPA). A new authentication challenge, from the VPA service to the user, has emerged with the rapid growth of the VPA ecosystem, which allows a third party to publish a function (called skill) for the service and therefore can be exploited to spread malicious skills to a large audience during their interactions with smart speakers like Amazon Echo and Google Home. In this paper, we report a study that concludes such remote, large-scale attacks are indeed realistic. We discovered two new attacks: voice squatting in which the adversary exploits the way a skill is invoked (e.g., ``open capital one''), using a malicious skill with a similarly pronounced name (e.g., ``capital won'') or a paraphrased name (e.g., ``capital one please'') to hijack the voice command meant for a legitimate skill (e.g., ``capital one''), and voice masquerading in which a malicious skill impersonates the VPA service or a legitimate skill during the user's conversation with the service to steal her personal information. These attacks aim at the way VPAs work or the user's misconceptions about their functionalities, and are found to pose a realistic threat by our experiments (including user studies and real-world deployments) on Amazon Echo and Google Home. The significance of our findings has already been acknowledged by Amazon and Google, and further evidenced by the risky skills found on Alexa and Google markets by the new squatting detector we built. We further developed a technique that automatically captures an ongoing masquerading attack and demonstrated its efficacy.

Abstract: 5G mobile networks provide additional benefits in terms of lower latency, higher data rates, and more coverage, in comparison to 4G networks, and they are also coming close to standardization. For example, 5G has a new level of data transfer and processing speed that assures users are not disconnected when they move from one cell to another; thus, supporting faster connection. However, it comes with its own technical challenges relating to resource management, authentication handover and user privacy protection. In 5G, the frequent displacement of the users among the cells as a result of repeated authentication handovers often lead to a delay, contradicting the 5G objectives. In this paper, we propose a new authentication approach that utilizes blockchain and software defined networking (SDN) techniques to remove the re-authentication in repeated handover among heterogeneous cells. The proposed approach is designed to assure the low delay, appropriate for the 5G network in which users can be replaced with the least delay among heterogeneous cells using their public and private keys provided by the devised blockchain component while protecting their privacy. In our comparison between Proof-of-Work (POW)-based and network-based models, the delay of our authentication handover was shown to be less than 1ms. Also, our approach demonstrated less signaling overhead and energy consumption compared to peer models.