Decentralized PKI Framework for Data Integrity in Spatial Crowdsourcing Drone Services
- URL: http://arxiv.org/abs/2407.00876v1
- Date: Mon, 1 Jul 2024 00:55:07 GMT
- Title: Decentralized PKI Framework for Data Integrity in Spatial Crowdsourcing Drone Services
- Authors: Junaid Akram, Ali Anaissi,
- Abstract summary: The paper presents D2XChain, a blockchain-based PKI framework designed for the Internet of Drone Things (IoDT)
By decentralizing the CA infrastructure, D2XChain eliminates this single point of failure, thereby enhancing the security and reliability of drone communications.
This innovative approach not only strengthens the defense of drone services against various security threats but also showcases its practical application through deployment on a private testbed.
- Score: 0.6284464997330884
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In the domain of spatial crowdsourcing drone services, which includes tasks like delivery, surveillance, and data collection, secure communication is paramount. The Public Key Infrastructure (PKI) ensures this by providing a system for digital certificates that authenticate the identities of entities involved, securing data and command transmissions between drones and their operators. However, the centralized trust model of traditional PKI, dependent on Certificate Authorities (CAs), presents a vulnerability due to its single point of failure, risking security breaches. To counteract this, the paper presents D2XChain, a blockchain-based PKI framework designed for the Internet of Drone Things (IoDT). By decentralizing the CA infrastructure, D2XChain eliminates this single point of failure, thereby enhancing the security and reliability of drone communications. Fully compatible with the X.509 standard, it integrates seamlessly with existing PKI systems, supporting all key operations such as certificate registration, validation, verification, and revocation in a distributed manner. This innovative approach not only strengthens the defense of drone services against various security threats but also showcases its practical application through deployment on a private Ethereum testbed, representing a significant advancement in addressing the unique security challenges of drone-based services and ensuring their trustworthy operation in critical tasks.
Related papers
- Securing Cross-Domain Internet of Drones: An RFF-PUF Allied Authenticated Key Exchange Protocol With Over-the-Air Enrollment [22.842391212425184]
Internet of Drones (IoD) is an emerging and crucial paradigm enabling advanced applications that require seamless, secure communication.<n>Access control and the transmission of sensitive data pose significant security challenges for IoD systems.<n>We propose a lightweight mutual authentication mechanism that integrates Radio Frequency Fingerprint (RFF) and Physical Unclonable Function (PUF) technologies for secure drone-to-drone (D2D) and drone-to-ground station server (D2G) communication.
arXiv Detail & Related papers (2025-12-26T02:04:24Z) - Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility [46.323590135279126]
BAID (Binding Agent ID) is a comprehensive identity infrastructure establishing verifiable user-code binding.<n>We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.
arXiv Detail & Related papers (2025-12-19T13:01:54Z) - Zero Trust-based Decentralized Identity Management System for Autonomous Vehicles [0.6131727058785479]
This paper presents a novel Zero Trust-based Decentralized Identity Management (D-IM) protocol for AVs.<n>By integrating the core principles of Zero Trust Architecture, "never trust, always verify", with the tamper resistant and decentralized nature of a blockchain network, our framework eliminates reliance on centralized authorities.<n>A comprehensive experimental evaluation, conducted across both urban and highway scenarios, validates the protocol's practicality.
arXiv Detail & Related papers (2025-09-29T22:42:51Z) - "Blockchain-Enabled Zero Trust Framework for Securing FinTech Ecosystems Against Insider Threats and Cyber Attacks" [0.6437284704257459]
Security mechanisms are insufficient against evolving threats like insider attacks, malware intrusions, and Advanced Persistent Threats (APTs)<n>This paper proposes a blockchain-integrated Zero Trust framework, adhering to the principle of "Never Trust, Always"<n>The framework uses smart contracts to enforce Multi Factor Authentication (MFA), Role-Based Access Control (RBAC), and Just-In-Time (JIT) access privileges.
arXiv Detail & Related papers (2025-07-26T15:21:04Z) - Base Station Certificate and Multi-Factor Authentication for Cellular Radio Control Communication Security [1.3142127084199051]
Current cellular networking remains vulnerable to malicious fake base stations.
We design a base station certificate (certifying the base station's public key and location) and a multi-factor authentication to secure the authenticity and message integrity of the base station control communications.
arXiv Detail & Related papers (2025-04-02T21:12:29Z) - Security Analysis of 5G NR Device-to-Device Sidelink Communications [7.044125601403848]
This paper presents the first comprehensive security analysis of NR V2X sidelink.
We identify vulnerabilities across critical procedures and demonstrate plausible attack.
We propose mitigation strategies to enhance the security of 5G sidelink communications.
arXiv Detail & Related papers (2025-02-23T16:55:32Z) - VMGuard: Reputation-Based Incentive Mechanism for Poisoning Attack Detection in Vehicular Metaverse [52.57251742991769]
vehicular Metaverse guard (VMGuard) protects vehicular Metaverse systems from data poisoning attacks.
VMGuard implements a reputation-based incentive mechanism to assess the trustworthiness of participating SIoT devices.
Our system ensures that reliable SIoT devices, previously missclassified, are not barred from participating in future rounds of the market.
arXiv Detail & Related papers (2024-12-05T17:08:20Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Securing UAV Communication: Authentication and Integrity [0.0]
We propose an authentication method to secure UAV data exchange over an insecure communication channel.
Our solution combines Diffie-Hellman key exchange and Hash-based Message Authentication Code (HMAC) within ROS communication channels.
Both drones successfully detected tampered keys, affirming our method's efficacy in protecting UAV communication.
arXiv Detail & Related papers (2024-10-06T22:36:06Z) - Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain.
We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z) - DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials [0.0]
This article presents DID Link, a novel authentication scheme for TLS 1.3.
It empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs.
A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger.
arXiv Detail & Related papers (2024-05-13T08:03:32Z) - Armored Core of PKI: Remove Signing Keys for CA via Efficient and Trusted Physical Certification [15.929562674471821]
We propose Armored Core, the first PKI security extension using the trusted binding of Physically Unclonable Function (PUF) for certificate operations.
It makes key exposure impossible by eliminating the digital signing keys in CA.
We integrate Armored Core into real-world PKI systems including Let's Encrypt Pebble and Certbot.
arXiv Detail & Related papers (2024-04-24T01:31:23Z) - ASOP: A Sovereign and Secure Device Onboarding Protocol for Cloud-based IoT Services [1.4732811715354452]
ASOP is a sovereign and secure protocol for IoT devices without blindly trusting the device manufacturer, supply chain, and cloud service provider.
Our zero-trust' and human-in-the-loop' approach guarantees that the device owner does not remain at the mercy of third-party infrastructures.
arXiv Detail & Related papers (2024-03-18T15:45:14Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard.
TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent.
This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z) - Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain.
The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
arXiv Detail & Related papers (2023-10-12T09:33:50Z) - Decentralized Zero-Trust Framework for Digital Twin-based 6G [8.01618424103984]
The article presents a new framework that integrates the zero-trust architecture in DT-enabled 6G networks.
Unlike conventional zero-trust solutions, the proposed framework adapts a decentralized mechanism to ensure the security, privacy and authenticity of both the physical devices and their DT counterparts.
The article also discusses current solutions and future outlooks, with challenges and some technology enablers.
arXiv Detail & Related papers (2023-02-06T20:13:19Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - Secure Byzantine-Robust Machine Learning [61.03711813598128]
We propose a secure two-server protocol that offers both input privacy and Byzantine-robustness.
In addition, this protocol is communication-efficient, fault-tolerant and enjoys local differential privacy.
arXiv Detail & Related papers (2020-06-08T16:55:15Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.