Blockchain-assisted Undisclosed IIoT Vulnerabilities Trusted Sharing Protection with Dynamic Token

03/16/2021
by   Jingyu Feng, et al.
0

With the large-scale deployment of industrial internet of things (IIoT) devices, the number of vulnerabilities that threaten IIoT security is also growing dramatically, including a mass of undisclosed IIoT vulnerabilities that lack mitigation measures. Coordination Vulnerabilities Disclosure (CVD) is one of the most popular vulnerabilities sharing solutions, in which some security workers (SWs) can develop undisclosed vulnerabilities patches together. However, CVD assumes that sharing participants (SWs) are all honest, and thus offering chances for dishonest SWs to leak undisclosed IIoT vulnerabilities. To combat such threats, we propose an Undisclosed IIoT Vulnerabilities Trusted Sharing Protection (UIV-TSP) scheme with dynamic token. In this article, a dynamic token is an implicit access credential for an SW to acquire an undisclosed vulnerability information, which is only held by the system and constantly updated as the SW access. Meanwhile, the latest updated token can be stealthily sneaked into the acquired information as the traceability token. Once the undisclosed vulnerability information leaves the SW host, the embedded self-destruct program will be automatically triggered to prevent leaks since the destination MAC address in the traceability token has changed. To quickly distinguish dishonest SWs, trust mechanism is adopted to evaluate the trust value of SWs. Moreover, we design a blockchain-assisted continuous logs storage method to achieve the tamper-proofing of dynamic token and the transparency of undisclosed IIoT vulnerabilities sharing. The simulation results indicate that our proposed scheme is resilient to suppress dishonest SWs and protect the IoT undisclosed vulnerabilities effectively.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

04/24/2018

BlendCAC: A BLockchain-ENabled Decentralized Capability-based Access Control for IoTs

The prevalence of Internet of Things (IoTs) allows heterogeneous embedde...
10/01/2020

An Anonymous Trust-Marking Scheme on Blockchain Systems

During the Coincheck incident, which recorded the largest damages in cry...
09/20/2021

Blockchain Security by Design Framework for Trust and Adoption in IoT Environment

With the recent advances of IoT (Internet of Things) new and more robust...
10/22/2019

Blockchain Methods for Trusted Avionics Systems

Blockchain is a popular method to ensure security for trusted systems. T...
08/22/2018

Optical TEMPEST

Research on optical TEMPEST has moved forward since 2002 when the first ...
09/24/2019

Ethical Hacking for IoT Security: A First Look into Bug Bounty Programs and Responsible Disclosure

The security of the Internet of Things (IoT) has attracted much attentio...
06/11/2019

Sharing of vulnerability information among companies -- a survey of Swedish companies

Software products are rarely developed from scratch and vulnerabilities ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.