Blockchain-assisted Undisclosed IIoT Vulnerabilities Trusted Sharing Protection with Dynamic Token

by   Jingyu Feng, et al.

With the large-scale deployment of industrial internet of things (IIoT) devices, the number of vulnerabilities that threaten IIoT security is also growing dramatically, including a mass of undisclosed IIoT vulnerabilities that lack mitigation measures. Coordination Vulnerabilities Disclosure (CVD) is one of the most popular vulnerabilities sharing solutions, in which some security workers (SWs) can develop undisclosed vulnerabilities patches together. However, CVD assumes that sharing participants (SWs) are all honest, and thus offering chances for dishonest SWs to leak undisclosed IIoT vulnerabilities. To combat such threats, we propose an Undisclosed IIoT Vulnerabilities Trusted Sharing Protection (UIV-TSP) scheme with dynamic token. In this article, a dynamic token is an implicit access credential for an SW to acquire an undisclosed vulnerability information, which is only held by the system and constantly updated as the SW access. Meanwhile, the latest updated token can be stealthily sneaked into the acquired information as the traceability token. Once the undisclosed vulnerability information leaves the SW host, the embedded self-destruct program will be automatically triggered to prevent leaks since the destination MAC address in the traceability token has changed. To quickly distinguish dishonest SWs, trust mechanism is adopted to evaluate the trust value of SWs. Moreover, we design a blockchain-assisted continuous logs storage method to achieve the tamper-proofing of dynamic token and the transparency of undisclosed IIoT vulnerabilities sharing. The simulation results indicate that our proposed scheme is resilient to suppress dishonest SWs and protect the IoT undisclosed vulnerabilities effectively.


BlendCAC: A BLockchain-ENabled Decentralized Capability-based Access Control for IoTs

The prevalence of Internet of Things (IoTs) allows heterogeneous embedde...

An Anonymous Trust-Marking Scheme on Blockchain Systems

During the Coincheck incident, which recorded the largest damages in cry...

Blockchain Security by Design Framework for Trust and Adoption in IoT Environment

With the recent advances of IoT (Internet of Things) new and more robust...

Detecting Network Security Vulnerabilities and Proactive Strategies to Mitigate Potential Threats

In multi-tier network systems, custom applications, Web services and pla...

Adversarial Machine Learning and Cybersecurity: Risks, Challenges, and Legal Implications

In July 2022, the Center for Security and Emerging Technology (CSET) at ...


Research on optical TEMPEST has moved forward since 2002 when the first ...

Towards 5G Zero Trusted Air Interface Architecture

5G is destined to be supporting large deployment of Industrial IoT (IIoT...

Please sign up or login with your details

Forgot password? Click here to reset