Secure Edge Services for Future Smart Environments

C773etukansi.fm Page 1 Monday, November 9, 2020 3:34 PM

C 773 OULU 2020 C 773

UNIVERSITY OF OULU P.O. Box 8000 FI-90014 UNIVERSITY OF OULU FINLAND ACTA UNIVERSITATISUNIVERSITATIS OULUENSISOULUENSIS ACTA UNIVERSITATIS OULUENSIS ACTAACTA

TECHNICATECHNICACC Tanesh Kumar a s Km r Kuma esh Tan University Lecturer Tuomo Glumoff SECURE EDGE SERVICES University Lecturer Santeri Palviainen FOR FUTURE SMART

Postdoctoral researcher Jani Peräntie ENVIRONMENTS

University Lecturer Anne Tuomisto

University Lecturer Veli-Matti Ulvinen

Planning Director Pertti Tikkanen

Professor Jari Juga

University Lecturer Anu Soikkeli

University Lecturer Santeri Palviainen UNIVERSITY OF OULU GRADUATE SCHOOL; UNIVERSITY OF OULU, FACULTY OF INFORMATION TECHNOLOGY AND ELECTRICAL ENGINEERING; Publications Editor Kirsti Nurkkala CENTRE FOR WIRELESS COMMUNICATIONS

ISBN 978-952-62-2797-9 (Paperback) ISBN 978-952-62-2798-6 (PDF) ISSN 0355-3213 (Print) ISSN 1796-2226 (Online)

ACTA UNIVERSITATIS OULUENSIS C Technica 773

TANESH KUMAR

SECURE EDGE SERVICES FOR FUTURE SMART ENVIRONMENTS

Academic dissertation to be presented with the assent of the Doctoral Training Committee of Information Technology and Electrical Engineering of the University of Oulu for public defence in the OP auditorium (L10), Linnanmaa, on 16 December 2020, at 12 noon

Supervised by Associate Professor Mika Ylianttila Assistant Professor Erkki Harjula

Reviewed by Professor Timo T. Hämäläinen Associate Professor Karl Anderson

Opponent Professor Pekka Toivanen

ISBN 978-952-62-2797-9 (Paperback) ISBN 978-952-62-2798-6 (PDF)

ISSN 0355-3213 (Printed) ISSN 1796-2226 (Online)

Cover Design Raimo Ahonen

PUNAMUSTA TAMPERE 2020 Kumar, Tanesh, Secure edge services for future smart environments. University of Oulu Graduate School; University of Oulu, Faculty of Information Technology and Electrical Engineering; Centre for Wireless Communications Acta Univ. Oul. C 773, 2020 University of Oulu, P.O. Box 8000, FI-90014 University of Oulu, Finland

Abstract The recent developments in communications technologies, such as Internet of Things (IoT) and 5G together with various enabling technologies, will lead us to the next major transition in terms of accessing digital services. For example, one of such transition is the availability of gadget-free services for the users from nearby smart environment and can be termed as ‘gadget-free hyperconnected world’. Similarly, Industry 4.0 is another major digital transformation that ensures the intelligence, digitization and automation in the various industrial applications. Such smart environment applications set strict requirements in terms of low-latency along with scalability, security and privacy. The edge computing is required if low-latency requirements exist, in order to avoid latency overhead from routing to a centralized (cloud) server. For the success of this vision, it is highly important to place suitable and strong security solutions in the edge-based smart environment to ensure the overall security. This thesis contributes to two different use cases from the context of smart environment, i) smart healthcare environment, ii) smart home construction and proposes novel contributions to improvement of security for edge based smart IoT applications. Firstly, biometrics-based anonymous and lightweight authentication schemes were developed for the single and multiple gadget-free users in smart IoT healthcare environment. The compliance of the security schemes is proven through performance evaluations and by analysing the security properties. Second, a conceptual security mechanism was formulated for three-tier IoT edge architectures to ensure secure smart node bootstrapping and user’s service accessibility mechanisms. The performance evaluation of the proposed IoT edge architecture is evaluated to assess the feasibility of the system. Finally, edge computing and blockchain integrated IIoT framework ‘BlockEdge’ is proposed for the smart home construction use case. The feasibility of the approach is verified by evaluating the performance and resource-efficiency of BlockEdge in terms of latency, power consumption and network load. Furthermore, this thesis also investigates the potential security requirements, challenges and their solutions for the BlockEdge based IIoT framework.

Keywords: authentication, biometrics, Blockchain, Edge Computing, Industrial IoT, security, smart environments

Kumar, Tanesh, Tulevaisuuden älykkäiden ympäristöjen turvalliset reunapalvelut. Oulun yliopiston tutkijakoulu; Oulun yliopisto, Tieto- ja sähkötekniikan tiedekunta; Centre for Wireless Communications Acta Univ. Oul. C 773, 2020 Oulun yliopisto, PL 8000, 90014 Oulun yliopisto

Tiivistelmä Viestintäteknologian viimeaikainen kehitys mm. esineiden internetin (IoT, Internet of Things) ja 5G teknologioiden alueella on johtamassa seuraavaan keskeiseen siirtymävaiheeseen digitaalis- ten palvelujen käytön kannalta. Esimerkkinä tästä on päätelaitteettomien (gadget free) palvelujen saatavuus älykkäissä ympäristöissä, jota voidaan myös kutsua päätelaitevapaaksi verkostoitu- neeksi ympäristöksi. Industry 4.0 on puolestaan toinen merkittävä muutosprosessi, jota toteute- taan lisätyn älykkyyden, digitalisoinnin ja automaation erilaisten teollisten sovellusten edesaut- tamana. Tällaiset älykkäiden ympäristöjen sovellukset edellyttävät matalaa viivettä, suurta skaa- lautuvuutta, tietoturvaa ja yksityisyydensuojaa. Reunalaskentaa tarvitaan mm. matalan viiveen vaatimusten täyttämiseen, mm. välttämällä tarpeetonta reititystä keskitettyihin (pilvi)palveli- miin. Tämän vision onnistumisen kannalta on erittäin tärkeää sijoittaa sopivia ja vahvoja tieto- turvaratkaisuja reunalaskentapohjaiseen älykkääseen ympäristöön kokonaisturvallisuuden var- mistamiseksi. Tässä väitöskirjatyössä on tutkittu kahta erilaista älykkäisiin ympäristöihin sijoittuvaa käyttö- tapausta i) älykästä terveydenhuoltoympäristöä ja ii) älykästä rakentamista, ja ehdotetaan miten reunapohjaisten älykkäiden IoT-sovellusten tietoturvaa voidaan parantaa tällaisissa ympäristöis- sä. Ensiksi työssä kehitettiin biometriikkaan perustuvat anonyymit ja kevyet todennusjärjestel- mät yhden ja usean päätelaitevapaan käyttäjän tarpeisiin älykkäiden IoT terveydenhuoltopalve- lujen mahdollistamiseksi. Tietoturvaratkaisujen soveltuvuus on todennettu arvioimalla turvalli- suusominaisuuksia ja järjestelmän suorituskykyä. Toiseksi, työssä on kehitetty tietoturvameka- nismi kolmitasoineen IoT reunalaskenta-arkkitehtuuriin, jolla voidaan mahdollistaa käyttäjän turvallinen liittyminen palveluihin. Ehdotetun IoT reunalaskenta-arkkitehtuurin suorituskykyä mitattiin järjestelmän käyttökelpoisuuden arvioimiseksi. Lopuksi reunalaskenta ja lohkoketjut on integroitu työssä esitettyyn "BlockEdge"-konseptiin teollisen internetin (IIoT) viitekehyksessä, jota voidaan hyödyntää mm. älykkään rakentamisen palvelujen rakentamisessa. Työssä arvioidaan ratkaisun käyttökelpoisuutta suorituskyvyn ja resurssitehokkuuden, viiveiden, energiakulutuksen sekä verkkoliikenteen suhteen. Lisäksi työs- sä arvioidaan kyseisten ratkaisujen tietoturvavaatimuksia, haasteita ja niiden ratkaisuja.

Asiasanat: biometriikka, lohkoketjut, reunalaskenta, teollinen laitteiden Internet, tietoturva, tunnistautuminen, älykkäät ympäristöt

Dedicated to my parents 8 Acknowledgements

The research work presented in this doctoral thesis has been carried out in the Networks and Systems Unit at the Centre for Wireless Communications (CWC-NS), University of Oulu, Finland. This thesis has been financially supported by Academy of Finland 6Genesis Flagship (grant 318927). The work was conducted as part of The Naked Approach, Towards Digital Paradise and Industrial Edge research projects. In addition, the thesis is also funded by the Finnish Funding Agency for Innovation (TEKES), Nokia Foundation, Riita and Jorma J. Takanen, HPY Foundation, KAUTE Foundation, and University of Oulu Graduate School (UniOGS). First of all, I would like to express my deepest gratitude to my primary supervisor, Associate Prof. Mika Ylianttila, for his kind guidance, support, continuous confidence and encouragement throughout my doctoral journey. My co-supervisor, Assistant Prof. Erkki Harjula also deserves my great appreciation for his continual support, fruitful discussions, and insightful guidance over the years. As a project manager, he always provided friendly and flexible research environment. I am deeply grateful to the Dr. Ijaz Ahmad for his invaluable suggestions and motivations during my doctoral studies. My special thanks to Tenager and Parisa for the great office days and memories. Many thanks to Prof. An Braeken for hosting my research visit and having great collaboration. I am very thankful to my present and past colleagues, Dr. Timo Koskela, Assistant Prof. Madhusanka Liyanage, Dr. Pawani Porambage, Ahsan, Jude, Vidhya, Johirul and Muneeb for the cheerful time and interesting discussions. I am grateful to the official reviewers, Prof. Timo T. Hämäläinen and Associate Prof. Karl Anderson for their valuable comments and to Prof. Pekka Toivanen for serving as the opponent in the doctoral defence. I am fortunate to have friends like Sagar, Attith and Rajinder in Oulu for always being around in good and tough times. My sister Nisha and Dileep Kumar brought back the nice family-like feeling in the Oulu. My brother Dr. Teerath also deserves my thanks for his support since the childhood. I am deeply grateful to my siblings, my parents and in-laws, all of whom provided endless support throughout different stages of my life. Finally, I convey my heartiest gratitude to my wife Sarooj for her unconditional love, patience, understanding in my tough times, and always being my absolute strength. Oulu, October 22, 2020 Tanesh Kumar

9 10 List of abbreviations

2FA Two-Factor Authentication 3FA Three-Factor Authentication 4G Fourth Generation 5G Fifth Generation AGE Authentication in Gadget-free Healthcare Environments AI Artificial Intelligence APc Central Access Points APs Access Points BLE Bluetooth Low Energy BlockEdge Blockchain-Edge BS Base Station CDVT/AD Cryptographic-protocol Development and Verification Tools with Attack Detection Tool CPS Cyber Physical System DAO Decentralized Autonomous Organization DoS Denial of Service ETSI European Telecommunications Standards Institute E2E End-to-End EC Edge Computing ECC Elliptic Curve Cryptography ECU Error Control Unit ENs End Nodes FaaS Function-as-a-Service FC Fog Computing ICT Information Communication and Technology ID Identification IdM Identity Management IDS Intrusion Detection Systems IIoT Industrial Internet of Things IoT Internet of Things IP Internet Protocol KeM Key Management MEC Mobile Edge Computing/Multi-access Edge Computing MFA Multi-Factor Authentication

11 MI Millions of Instructions per Task ML Machine Learning MS Medical Server NFV Network Functions Virtualization OS Operating System PDAs Personal Digital Assistants PIN Personal Identiﬁcation Number RAN Radio Access Network RC Registration Centre SDN Software Deﬁned Networking TMIS Telecare Medical Information System U User VMs Virtual Machines

12 List of original publications

This thesis is based on the following original publications of the author, which are referred to in the text by their Roman numerals (I–VI):

I Kumar T, Braeken A, Liyanage M Ylianttila M (2017) Identity privacy preserving biometric based authentication scheme for naked healthcare environment. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–7. II Kumar T, Braeken A, Jurcut AD, Liyanage M Ylianttila M (2019) AGE: authentication in gadget-free healthcare environments. Information Technology and Management, Vol: 21, pp. 95–114. III Kumar T, Porambage P, Ahmad I, Liyanage M, Harjula E Ylianttila M (2018) Securing gadget-free digital services. IEEE Computer 51(11): 66–77. IV Ejaz M, Kumar T, Ylianttila M Harjula E (2020) Performance and efﬁciency optimization of multi-layer iot edge architecture. In: 2020 2nd 6G Wireless Summit (6G SUMMIT), pp. 1–5. V Kumar T, Harjula E, Ejaz M, Manzoor A, Porambage P, Ahmad I, Liyanage M, Braeken A Ylianttila M (2020) BlockEdge: Blockchain-edge framework for industrial iot networks. IEEE Access 8: 154166–154185. VI Kumar T, Braeken A, Ramani V, Ahmad I, Harjula E Ylianttila M (2019) SEC-BlockEdge: Security threats in blockchain-edge based industrial iot networks. In: 2019 11th International Workshop on Resilient Networks Design and Modeling (RNDM), pp. 1–7.

13 14 Contents

Abstract Tiivistelmä Acknowledgements 9 List of abbreviations 11 List of original publications 13 Contents 15 1 Introduction 17 1.1 Background and motivation ...... 17 1.2 Objectives, scope and research problems ...... 19 1.3 Research methodology ...... 21 1.4 Contributions of the thesis ...... 23 1.5 Organization of the thesis ...... 24 2 Towards future smart environments: overview of the key technologies 27 2.1 Towards future smart environments ...... 27 2.2 Enabling technologies for future smart environment ...... 29 2.2.1 Internet of things ...... 29 2.2.2 Cloud and edge paradigm ...... 30 2.2.3 Blockchain ...... 32 2.3 Overview of IoT edge models ...... 33 2.3.1 Traditional cloud-IoT model ...... 33 2.3.2 Two-tier IoT-edge model ...... 34 2.3.3 Three-tier IoT-edge model ...... 35 2.3.4 Edge-Blockchain integrated IoT model ...... 35 2.4 Security overview for smart environment ...... 35 2.4.1 Two factor authentication for IoT ...... 36 2.4.2 Three factor authentication in IoT ...... 36 2.4.3 Authentication in MEC based IoT ...... 37 2.4.4 Privacy and trust management ...... 37 3 Research contributions 39 3.1 Lightweight authentication mechanism in smart environment ...... 39 3.2 Conceptual design of edge based secure services ...... 43 3.3 BlockEdge framework for smart applications ...... 48 4 Discussion 55 4.1 Summary of contributions ...... 55

15 4.2 Limitations and generalizability ...... 56 4.3 Future research directions ...... 57 4.3.1 Work with an immediate impact...... 57 4.3.2 Potential research areas with long-term goals ...... 57 5 Conclusions 61 List of original publications 75

16 1 Introduction

1.1 Background and motivation

The current digital world is already surrounded by the smart gadgets and hand-held devices. Their utilization has become vital in the number of critical daily life applications such as healthcare, banking, smart transportation, and smart manufacturing, among others [1], [2]. Another recent and popular trend is accessing the services with wearables devices. Wearables provide immense potential in various key applications, particularly in the domain of healthcare, such as ﬁtness tracking, and remote health monitoring of the patients and elderly persons [3], [4], [5]. However, the recent advancements in Internet of Things (IoT) and related enabling technologies are changing the perspectives and dimensions in the current way of accessing the services and pushing forward towards a new digital paradigm [6], [7], [8]. The future smart and hyperconnected society will be heavily dependent on the ubiquitously and uninterrupted availability of the services for the users [5,6]. The focus of services design/composition in the future smart environment will be shifted from the device-centric to the user-centric [9]. Thus, the new digital transition/transformation will be in the form of gadget-free services. This transformation in the current digital can also be known as the ’Gadget-Free World’ or the ’Naked World’[8]. The key idea behind the vision is that the users will be without hand-carry gadgets and all the desired services can be accessed through nearby smart surroundings. The needed capabilities, services/resources and user interfaces will be embedded in the environment and appear to the users when required and disappear when not needed [10], [11], [12]. In an ideal gadget-free environment, the user will interact with the smart surroundings and the services will be available through “natural” means only [13]. However, the complete success of this vision will require radical advancements and maturity in the various enabling technologies. For example, user interaction will take place directly and seamlessly with the smart environment and without using a screen like in the case of gadgets. Similarly, the traditional identiﬁcation and authentication mechanism (e.g. username and passwords based) will not be suitable for this vision, either [10]. Novel and enhanced solutions will be required for various key processes, such as service provisioning, security, privacy and trust, among others. With the current technologies, the complete vision gadget-free world may not be practical or realistic at this moment. However, the impact and advantage can already be experienced in the limited smart spaces in the form of smart and ambient environment. Therefore, it is highly important

17 to explore the various requirements, challenges and technological enablers that can further improve the development in the direction of such smart environments. Among others, ensuring security and privacy are key challenges in the future smart environments. For example, since the users in such environment will not carry gadgets to authenticate themselves in order to access a particular service, the secure authentication with the nearby intelligent surrounding is required to identify a valid user [8]. Therefore, the traditional two-factor based authentication mechanism would not be applicable to verify the valid user in the gadget-free environment because it requires gadgets with ability to text input and display [10]. Biometrics based user authentication can be seen as a potential candidate/approach to securely verify the valid user directly from the smart environment [11], [13], [14]. Efficient and lightweight authentication mechanisms like that are vital for the vision of future digital and hyperconnected society, e.g. for enabling the services in the smart cities. Along with security, it is highly important that the required services must be delivered to the respective users with minimum or no delay, especially in cases of the delay-critical applications [15]. Traditional cloud computing-based solutions were useful/effective in the case when the processes require higher resource-intensive capabilities and/or when real-time decision making is not needed [16], [17], [18]. However, applications such as smart healthcare and smart construction/manufacturing require real-time data processing and fast responses in service/resource delivery to execute various crucial processes, and thus, it is not feasible to all the processing and decision making at the centralized cloud [19], [20], [21]. To fulfill low-latency requirements, Mobile Edge Computing (MEC) emerges as a viable solution which brings some of the key resources/services and computation/processing from the cloud to the nearest base station and closer to the users/end- devices [22], [23]. Edge Computing (EC) can be seen as a similar concept that enables/triggers low-latency services by pushing the needed services/resources closer to the source of the data. However, edge node does not necessarily rely on the base station but instead it can be one powerful node/device that is placed near to the vicinity of user/end devices (access network) and is capable of providing secure, efficient and delay-critical services [24], [25]. Hence, edge paradigms overcome some of the key limitation faced by the cloud computing solutions, for example, by addressing the latency requirements for delay-critical applications, enhancing the security and privacy, and increasing data availability, among others [26]. In addition to this, the concept of extreme edge/mist computing is becoming very crucial for low-latency demanding applications that can perform some of the processing and decision making at the device/node itself [27], [28]. Mist computing performs some of the computations

18 locally near or at the device/sensors and reduces the load for the access/edge networks [29]. Blockchain emerges as a potential technology enabler for various smart IoT applications by providing key/crucial features, such as decentralization, immutability, distributed trust, authenticity, transparency, and accountability, among others [30], [31]. The concept of blockchain technology has initially started mainly in the domain of financial applications such as bitcoin and other cryptocurrencies [32]. But later, it has gained huge attention because of its valuable applicability in several key applications, such as healthcare, smart manufacturing, smart factories and supply chain management [33], [34]. The smart contract running at the blockchain networks ensures each transaction carried out in the network is with the mutual consensus/agreement of the involved entities. Moreover, Blockchain also ensure trusted data sharing and exchange among various entities in the network along with providing better solutions to security and privacy challenges in the current smart environments [35], [36], [37]. In order to exploit the maximum advantage from the two enabling technologies, i.e. Blockchain and Edge computing, research community has already started to efficiently integrate these two concepts for smart applications, e.g. IIoT applications and smart healthcare [38], [39]. Since IoT nodes are usually resource constrained, edge networks can offer needed additional resources/services to execute various processes and ensure the essential low-latency services [40]. In addition, edge can facilitate the blockchain in terms of providing necessary resources for the computations and storage. On the other hand, blockchain can provide authentication and trust features for various edge nodes in the network. In the nutshell, these two technologies complement each other well and need to be incorporated efficiently to fulfill various requirements for the current and future smart applications [41], [42].

1.2 Objectives, scope and research problems

The future smart and gadget-free society is expected/predicted to be a shared and connected ecosystem that will be comprised of heaps of heterogeneous sensors/devices, service providers, network operators, and several other network entities/elements. Among several security challenges, one of the key concerns is to authorize the legitimate users to access the services from the smart environment. The traditional authentication mechanisms for IoT applications are mainly based on two-factors, i.e, username and password. Such gadget-dependent authentication will not be suitable for the gadget-free users in the smart environment.

19 Biometrics-based authentication protocols can be seen as suitable solutions for such gadget-free smart surroundings. Recently, many studies have been carried out to explore three-factor authentication schemes that consider three level of identification, i.e. knowledge factor, ownership factor, and biometrics factor. However, most of these schemes are mainly dedicated to the remote-user authentication and involve some kind of the gadgets/devices in the process. However, the future hyperconnected applications require an efficient and secure authentication scheme that can authenticate users directly from the nearby smart environment without using hand-held gadgets. Thus, the first objective is to design a biometrics-based lightweight authentication mechanism for gadget-user and analyse the security and performance of the scheme (O1). Since the existing cloud-based solutions may not be optimal for the delay-critical IoT applications, the inclusion of Edge network in the traditional IoT architectures will play a vital role for providing services in the defined time. In addition to the edge networks, a significant amount of research is required to examine the potential of extreme edge or mist/local networks to enable some of the computations, processing and decision making near to the local devices/nodes. Therefore, it is highly important to identify what are the associated security requirements and threats at various layers in a three-tier architecture. Hence,the second objective of this thesis is to design a secure edge-based service accessibility mechanism along with performance evaluation of the three-tier IoT edge architecture (O2). The addition of blockchain with the edge based IoT network will bring several useful solutions to the challenges faced by current smart application such as providing low-latency services along with enhanced trust, authentication and access control mechanisms. However, the integration of edge and blockchain will make the overall IoT architecture much more complex. Recently, the research community is examining various optimal and efficient means to integrate both of these technologies to address some of the current shortcomings in the IoT applications, and at the same time, not compromising the performance of the overall network performance. Therefore, the final objective of this research is to design an efficient edge and blockchain integrated framework, to explore the key security requirements and challenges and to analyse the system performance when the blockchain is added to the network and when it is not included without compromising performance and efficiency (O3). Based on the above objectives, the thesis focuses on addressing the following three Research Questions (RQ). RQ1: How can a lightweight biometrics-based users authentication mechanism be formulated for optimally accessing the services in the future hyperconnected smart environment?

20 RQ2: How can an edge-based secure mechanism be designed for the secure service accessibility in the future smart environment? RQ3: How the integration of the edge and blockchain integration can provide beneﬁts for the future smart applications?

Fig. 1. The mapping of the original publications to the research questions.

In Fig. 1, the original publications and their relationships are mapped according to the three research questions. The RQ1 is addressed in Paper [I–II] by proposing biometrics authentication schemes and analysing their performance. Paper [III-IV] provided the solutions to the RQ2 by deﬁning the conceptual security mechanism for gadget-free services and corresponding performance analysis. The RQ3 is answered in [V-VI] by formulating the BlockEdge framework, identifying the key security challenges and analysing the performance evaluation.

1.3 Research methodology

The thesis explores the mechanism for ensuring secure user’s accessibility to various services in the edge-based future smart environments. The main goal of this thesis to utilize the recent enabling technologies to design an efﬁcient and enhanced security mechanism for the edge based smart and connected applications. In this direction, the work in this thesis is based on the two key use cases, i.e. smart and gadget-free

21 healthcare environment and smart home construction. To achieve this goal, the thesis identifies various security threats and the essential security requirements and proposes corresponding edge and blockchain based security solutions. Using the constructive research approach, the proposed mechanisms were evaluated and validated by the various simulations tools and analytical studies as follows. First, an anonymous and lightweight biometrics based on the single user’s authentication scheme in a smart healthcare environment was developed in Paper [1]. Since it is assumed that the majority of the sensors/devices available are resource-constrained, the developed scheme is lightweight and solely uses symmetric key-based operations. An empirical study was performed to estimate the protocol overhead in terms of communication and computation overhead and later compared with the existing available remote biometrics-based user authentication schemes. Paper [II] further extended the previous work by developing the authentication scheme for multiple users and at the multiple locations for the smart healthcare use case. The proposed scheme ’AGE’ was validated by the formal security verification through the Cryptographic-protocol Development and Verification Tools with Attack Detection (CDVT/AD) tool. Similar empirical analysis was carried out in this case as well and compared with the existing state-of-the-art authentication protocols. Second, a two-fold contribution is made to developing the secure access ability mechanism for edge-based services in the smart environment. First, various security threats vectors were identified at different tiers of the three-tier architecture in Paper [III], and then, a conceptual security mechanism is developed for a three-tier edge framework, i.e. a smart node bootstrapping and user accessibility mechanism. Then, paper [IV] further evaluates the performance and efficiency of the three-tier IoT edge model using iFogSim simulation tool. The performance of the various IoT models was compared in terms of latency, energy consumption and network utilization. Third, Paper [V] formulated a ’BlockEdge’ framework by combining the edge computing and blockchain technology for the smart home construction use case to ensure various key features, such as the low latency, decentralization, and improved security and trust, among other. The performance and efficiency of the proposed architecture was analysed through the iFogSim simulation tool and compared for both the cases, i.e, when the blockchain is included in the IIoT framework and when it is not added. And finally, various key security requirements, challenges and potential solutions related to BlockEdge framework are presented in Paper [VI] as well.

22 1.4 Contributions of the thesis

This thesis is based on the original publications [I–VI]. The main contributions of the thesis are listed below and are explained in more detail in Chapter 3:

1. Design of an efﬁcient lightweight biometrics authentication mechanism for the smart and hyperconnected environment. 2. Analysis of potential security vectors/solutions at various layers and the design of conceptual framework for securing the services in the smart environment. 3. Performance evaluation of three-tier IoT edge framework and its comparison with the existing IoT models. 4. Architectural framework and performance evaluation of Blockchain-Edge based IIoT network.

Paper [I] proposes an anonymous and privacy preserving biometrics-based single user lightweight authentication mechanism for the future smart healthcare environment. The author was the main contributor of the work and responsible for developing the idea, designing the authentication protocol and analyzing the performance evaluation of the protocol. Dr. Braeken provided her valuable inputs and comments on the protocol design and in forming the security analysis. Dr. Liyanage reviewed the paper and provided valuable feedback for the paper, and Associate Prof. Ylianttila was the supervisor. Paper [II] further extends the work initiated in the paper [I] by developing a new biometrics-based lightweight authentication scheme ’AGE’ for multiple users valid for multiple locations in the smart and gadget-less healthcare environment. The author was the main contributor of the work and the paper. Dr. Braeken further reviewed and improved the authentication protocol and provided security analysis of the scheme. Dr. Jurcut performed the formal security verification of the proposed protocol using CDVT /AD tool. Dr. Liyanage reviewed the paper and provided useful feedback for the paper, and Associate Prof. Ylianttila was the supervisor. Paper [III] proposes a conceptual security mechanism based on the three-tier IoT edge architecture for the gadget-free environment. The core aim of this work is to first identify the potential security threat vectors at various layers in the three-tier architecture and then presents a conceptual secure mechanism for smart object bootstrapping and secure user service accessibility in the gadget-free environment. The author was the main contributor of the work and the paper. Dr. Porambage provided contribution in finalizing the proposed security mechanism. Other co-authors provided their contributions in defining the threat vectors and provided valuable feedback for improvement of the article. Associate Prof. Ylianttila was the supervisor.

23 Paper [IV] presents performance and efficiency optimization of the three-tier IoT edge architecture. The main goal of this research is to analyze various key network performance metrics such as latency, power consumption and network usage for the presented three-tier IoT edge model and provides its comparison with the existing available IoT models. The author’s main contribution was the definition and analysis of the performance evaluations. The author also made a significant contribution to the writing of the paper. MSc. Muneeb Ejaz was the main author of the paper, Dr. Harjula participated in defining the scope of the work as well as in improving the performance evaluation and introduction sections. Dr. Harjula and Associate Prof. Ylianttila were the supervisors. Paper [V] proposes a framework "BlockEdge" that integrates the two enabling technologies, i.e. Blockchain and edge computing for the smart home construction use case. The paper also presents the workflow of the framework and identifies key technological requirements in the use case. Furthermore, the performance and efficiency evaluation are performed using iFogSim and a comparative analysis is carried out for two different cases, i.e. in the case when blockchain was included in the framework and the case when it was excluded. The author was the main contributor of the work and the paper. MSc. Muneeb Ejaz provided contributions in the performance evaluations of the framework. Dr. Harjula provided valuable suggestions and comments in the whole paper, especially in the performance evaluation and introduction sections. Other co-authors have participated in writing the related work section of the article. Associate Prof. Ylianttila was the supervisor. Paper [VI] investigates the potential security challenges in "BlockEdge" framework and studies the potential security solutions for those challenges. The paper also provides important insights into the key security requirements for this framework. The author was the main contributor of the work and the paper. Other co-authors have commented and provided valuable feedback for improvement of the article. Associate Prof. Ylianttila was the supervisor.

1.5 Organization of the thesis

The rest of the thesis is organized as follows: Chapter 2 presents an insight of the state-of-the-art of the relevant topics, including the vision of smart and gadget-free world, related enabling technologies such as IoT, Edge/Fog Computing and Blockchain, and various security considerations needed for smart environments. Chapter 3 elaborates and summarizes the main contributions of the thesis in the light of original research

24 publications. Chapter 4 discusses the limitations of the research, potential future extension of this work, and ﬁnally, Chapter 5 concludes the thesis.

25 26 2 Towards future smart environments: overview of the key technologies

2.1 Towards future smart environments

In the present world, gadgets are the most popular means to access the desired services. The current society is highly influenced by the use of gadgets/electronic devices in various key applications, such as online shopping, healthcare, banking, and other mobile-based services. However, this trend is changing gradually with the recent advancements in the wearable technology [3], [4]. Wearables allow the user to get similar services without carrying or using hand-held devices. The most vital use of the wearables at present can be seen in the domain of healthcare and fitness monitoring. However, the continuous evolution in information communication and technology (ICT) brought out the vision of the smart and ambient environment [43]. The main idea behind such environment is to ensure the availability of the required services ’everywhere’ and at ’any time’. The concept of ubiquitous and Pervasive computing further strengthens this vision by enabling every device to communicate and collaborate with each other and deliver the needed services [44]. Smart environments have significant applicability in various critical daily life applications. For example, in the existing literature, different efforts were made to design and implement the smart environment for several key domains such as healthcare monitoring [45], environment monitoring [46] and in the industrial applications. However, the rapid technological evolution predicts the next major transition in this direction is the ubiquitous availability of digital services without the need or carrying any gadgets or even the wearables. This transition is known as the gadget-free world or the "Naked world" where the users are able to receive the needed services from the nearby smart environment [8], [12]. This paradigm shift would likely be based on user-centric where services will appear to the users when needed and disappear when not required. Various needed services, resources, tools and intelligence will be embedded in the smart and digital surrounding. These digital services can be seen as "digital bubbles", that are established based on the needs and interaction of users with the environment at a certain time. This service bubble can follow the users as they move in the smart environment or they can be re-established to another location or whenever required [47], [11].

27 As shown in Fig. 2 (inspired/modiﬁed from [8]), the transition from gadget to gadget-free can be classiﬁed/categorized into three key phases: Bearables, Wearables and Nearables [11].

– Bearables are the current and the most well-known mode of accessing the digital services. It includes hand-held devices/gadgets with a proper display screen for user interaction such as smart phones, tablets, Personal Digital Assistants (PDAs) and laptops among others.

– Wearables are the latest and emerging trend that have great potential to replace the traditional hand-held gadgets to some extent for using digital services. Some popular examples of wearables are smart watches, smart clothes, smart shoes, and wrist/fitness band. Wearables technology is playing a significant role in various key applications such as fitness and healthcare, military and personal assistance.

– Nearables ensure the availability and delivery of digital services through the nearby smart surrounding. It provides the required services to the users without using gadgets or wearables. Instead, the intelligent and ambient environment offers the necessary/desired services to the users.

Fig. 2. Transition from bearables to nearables.

In order to ensure the complete success of this gadget-free vision, various novel and improved solutions are required for various communication technologies and maturity in the relevant enabling technologies. For example, unlike the gadgets, it does not possess the display screen to interact with and to request the desired services. Thus, the user’s interaction in the naked world would require novel solutions to ensure direct and

28 seamless interaction for getting digital services [48]. Moreover, during this transition from personal gadgets to no-gadgets, the data storage will move from local/device storage to the storage in the infrastructure, i.e. cloud and servers. With this vision, security and privacy risks are expected to rise. Since the context- aware services are provided to the users everywhere, the data will be generated in huge volumes. This provides wide scope to the adversaries to launch various attacks. Therefore, it is vital to place strong security solutions for the future gadget-free environment [10], [11]. For example, the traditional two-factor based authentication schemes will not be suitable because the gadgets will no longer be available with users. In this context, Biometrics based authentication will play a key role to ensure that only valid users are able to access the services in the smart environment. In addition, a novel mechanism will be required to provide privacy and anonymity of the user [13].

2.2 Enabling technologies for future smart environment

This section provides the overview of three important enabling technologies in the context of the future smart environment. These include; Internet of Things (IoT), Edge paradigms (cloud, edge, fog, and mist), and Blockchain.

2.2.1 Internet of things

IoT can be seen as a digital ecosystem that comprises of a massive number of sensors, actuators, communication and computing devices along with various networking and communication technologies collaborating together to create a smart platform which provides the needed services to the users. For example, the work in [49] surveyed a wide range of potential applications in the domain of IoT-based smart environment, e.g. smart cities, smart homes, smart grid, smart industry, and smart healthcare, among others. The concept was ﬁrst introduced by Kevin Ashton, about two decades ago (1999). Since then, IoT has become evolved and matured with the respect to the improvements in the relevant/supporting sensors and communication technologies. For example, authors in [50] categorized the evolution of IoT in ﬁve main periods/phases. Phase 1 was from the years before 2005, when the IoT was in its very beginning period; phase 2 was from 2005-2008 known as the device and connectivity period; phase 3 was from 2009-2011 and realised as the machine-to-machine period; phase 4 was the HCI period from 2012-2014; phase 5 was termed as the smart period, ranging from 2015 to the present time.

29 The future IoT-based smart environments will be more demanding in terms of strict latency needs, better process monitoring and traceability, lightweight security solutions, and the trusted computing environments. In order to fulfill the requirements of future smart environment, various key enabling technologies are required to be integrated into IoT based networks. For example, the work in [51], [52] presented edge/fog computing based IoT solutions for various smart applications to fulfill low-latency requirements. To enable trust, decentralization and monitoring functionalities in the smart environment applications, blockchain was utilized by different studies in the literature [53], [54]. Other than these two technologies, software defined networking (SDN), virtualization and many other technologies can be combined with IoT architecture to cope up with the different requirements [55], [56]. However, this thesis is focused on only two enabling technologies, i.e. edge computing and blockchain, which will be discussed further in the next sections.

2.2.2 Cloud and edge paradigm

– Cloud computing: Cloud data centers and servers are usually centrally-deployed that provide a platform for global accessible services [57]. The cloud computing is able to provide huge data processing, computations and storage capabilities and are suitable for the applications with delay-tolerant requirements. However, various critical applications such as healthcare, smart transpiration, and Industrial IoT require real-time data processing, decision making with rapid responses in terms of needed services/resources [58]. For example, in the case, when a healthcare IoT application is monitoring various health related parameters of a patient in critical condition, longer delays can occur due to the gathering of healthcare data from various sensors/devices/machines and sent to the cloud every time for the processing. Therefore, along with the cloud capabilities, it is required to explore solutions which may provide faster responses in the crucial processes/applications.

– Edge computing: Multi-access edge computing (MEC) or edge computing brings some of the computational resources from a centralized cloud near to the edge of the network. An Edge can consist of dedicated routers, base stations, switches or servers placed near to the end IoT sensors/devices and can also act as gateway to fog or cloud networks [59]. MEC was introduced by European Telecommunications Standards Institute (ETSI) to ensure the availability of services/resources to the nearest/assigned base stations at Radio Access Network (RAN) [60]. Edge computing provides some highly important features in the IoT-based smart environment, e.g. low-latency services, scalability, and improved privacy, among others. Fig. 3 (inspired/modiﬁed

30 from [59]) shows various comparisons of edge computing and its related computing paradigms. Edge networks are considered as the key technology enabler for massive-scale industrial applications. Recently, many studies have included edge in industrial/manufacturing- based applications to ensure secure execution of low-latency based phases [61], [62], [63]. Several researchers have explored the role and signiﬁcance of edge computing in enabling the smart spaces [64], [65], [66], [7]. This thesis further extends the concept of edge computing for gadget-free smart environment and designed a conceptual three-tier security mechanism.

Fig. 3. Comparison of edge computing and its related computing paradigms.

– Fog computing: Fog computing is considered as a similar concept as the edge computing that pushes the computation and resources closer to the end devices/users. However, the fog computing can also be considered as a bigger and richer umbrella of resources/services and an edge can be smaller subset/unit of the fog with limited

31 resources [67]. Fog computing have become vital in a number of smart environment based applications and presents various key features, such as low-latency, orchestration functionalities, faster data processing, and decision making [68]. Hence, fog computing together with other enabling technologies (edge, mist, blockchain) are efﬁciently utilized in this thesis to fulﬁll the desired requirements.

– Mist computing: The mist computing refers to the data processing/computations at the extreme edge of the network, i.e. the sensor, actuators and devices, which are able to do the required limited data pre-processing [28], [69]. Mist computing can reduce the network load of access network (i.e. edge/fog) by doing data processing locally, and improves the fault tolerance in the systems. Future smart environment will require interrupted delivery of the services with rapid data analytics and decision making [70], [71]. Thus, this thesis explores the efﬁcient utility of the mist/local computing and how it is useful for future smart applications.

2.2.3 Blockchain

Blockchain is yet another emerging technology enabler for future smart environments. Blockchain can be seen as a decentralized ledger that records every transaction made in the network. Blockchain provides several key features in the smart applications, such as distributed trust, immutability, tamper proof, accountability, and security, among others. Blockchain technology was initially introduced for the cryptocurrencies and in the ﬁnancial domain. However, it provided immense potential in terms of the its applicability in a number of key daily life applications such as healthcare, supply and chain management, manufacturing/construction industry, energy industry, insurance, agriculture and food, smart grids, smart transportation, and several other useful domains [72], [73], [74], [75], [76]. Blockchain works according to the agreement/instructions deﬁned in a smart contract. There are three different kinds of blockchain systems commonly used for the various applications depending upon the requirements, i.e. public blockchain, private blockchain and consortium blockchain [73]. The public blockchain can be seen as the permissionless, i.e. anyone is able to join the consensus process and is permitted to connect to the network. Some of the popular permissionless blockchain systems are Bitcoin and Ethereum. The private and permissioned blockchains allow only the authorized parties to join the consensus process, e.g. Hyperledger Fabric. The consortium blockchains are mainly developed in the context of business organizations to maintain the records of the various business transactions among different companies [77].

32 Several studies have been done regarding the integration of the blockchain technology into IoT based applications to address different issues and to fulﬁll the requirements of different applications [78], [79]. For example, various blockchain based trust mechanisms are proposed in the literature for IoT applications [80], [81], [82], [83]. In addition, various studies have been done on the secure monitoring and tracking feature of the blockchain in IoT [84], [85]. Moreover, the work in [86] surveyed the need and utility of blockchain for various smart environments applications. In this direction, this thesis provides contribution by integrating a blockchain into the edge-based IoT applications to address the requirements of the future smart environments.

2.3 Overview of IoT edge models

This section mainly elaborates three different available IoT models, i.e. i) Traditional Cloud-IoT model, ii) Two-tier IoT edge model, iii) Three-tier IoT edge model, as presented in Fig. 4 (adapted/modiﬁed from Publication IV and V). In addition, a brief overview is given in the context of Edge-blockchain integrated IoT models (iv). A detailed explanation is given below.

2.3.1 Traditional cloud-IoT model

This can be seen as the conventional IoT model that is comprised of three major layers, i.e. local layer, access layer, and core layer. Local layer can be considered as the device layer which includes a number of sensors, actuator and devices. Access layer in this model can only be considered as the gateway to the public internet (core layer). The core layer is considered as very resourceful and provides necessary data processing, computations, analysis and storage, e.g. in the form of cloud computing [87]. This IoT model has remained successful over the years in a number of IoT applications. However, many of the recent smart applications need lower-latency data processing, data analysis, decision making and required responses. In such situations, cloud-based IoT models would not be appropriate and will not create the desired results due to longer transitions and processing delays. In addition, the traditional cloud-IoT models also suffer from privacy issues as the data storage and processing is performed very far from users/end-devices. In this regard, to overcome the highlighted challenges and to fulﬁll the low-latency requirements, edge based IoT models have been introduced in the literature [88].

33 Fig. 4. Various IoT edge models.

2.3.2 Two-tier IoT-edge model

This IoT model introduces edge as the intermediate computational tier between the local (device) layer and the core layer. As the edge tier moves some of the functionalities/services from the cloud/data centers to the edge, this model ensures parts of the services/processes requiring low latency can be processed at the edge [87]. Together with 5G access network, the model can enable mission critical applications requiring low latency and the higher reliability. In addition, due to the decentralized computing model, it also improves the scalability of the system. As the data propagation in this model is restricted to the edge/access network, the security and privacy will also be enhanced. However, the current edge based IoT models have its own limitations in terms of the reliability of the access network. For example, there might be a situation when connection from the local layer to the access network may be lost or is interrupted in a critical application. In this case, it is crucial to perform some of the data processing and decision making at the local (device) layer itself. Furthermore, to restrict the propagation of some of the critical data outside the respective domain, it is highly important to implement certain logic and decision making locally [47], [89].

34 2.3.3 Three-tier IoT-edge model

The three-tier IoT edge model was introduced in [47] with a primary goal to condense the load of access/edge network by bringing some of the functionalities from edge network within the local IoT clusters. For example, based on the requirements, microservices/nanoservices can deployed at the local network with the needed hardware capabilities and resources. It allows some of the required data processing and decision making at the local networks (at extreme edge), which is vital in the case of delay-critical operations/processes. The primary reasons are to ensure operation in situations where access network is unreachable and reduce access network load, e.g. by data filtering. This model provides benefits in terms of improving the fault tolerance, i.e. as some of crucial computations and processing can be done at the local level, the dependency on the access/edge network will not be needed. Since the propagation of critical information is limited to the local network, the security and privacy of the smart application will be improved. The scalability of the system is also enhanced due to decentralized nature of the model. Thus, this model can be seen as more efficient by doing required data processing/management locally and reduces the load of access and core networks.

2.3.4 Edge-Blockchain integrated IoT model

In order to make the most of these two enabling technologies, various efforts have been made to combine them to achieve various key requirements such as low latency and trust. For example, authors in [90] presented a lightweight blockchain-edge framework, ’FogBus’, which is able to provide features such as authentication and encryption. In the context of smart cities, some studies have been done for integration of blockchain and edge [91]. However, none of these have considered the computations/processing at extreme edge (i.e. local network) in the network. This thesis integrates the edge and blockchain in the context of three-tier edge IoT model to address various key requirements, such as secure and trusted communication, low latency services/resources scalability and process/phase monitoring. Both public and private blockchain are used in the proposed framework at various layers to deal with different requirements [92], [93].

2.4 Security overview for smart environment

This section presents the different available security applications for IoT based smart environment. Furthermore, it will identify the gaps/shortcomings of existing security

35 solutions in the context of the future smart environments. Furthermore, it will also provide a brief hint of the potential security candidates for such environments.

2.4.1 Two factor authentication for IoT

Traditionally, due to the simplicity and ease of use, the singe-factor authentication scheme has been utilized by various individuals to authenticate the required object. For example, using a password or PIN code for a particular user ID, one can verify his/her authenticity [94]. However, the one-factor scheme was considered to be very weak, since it can very easily be compromised by knowing or guessing and spying the password, and it only required manual input for authentication. Thus, the need of multi-factor authentication (MFA) schemes arises in the computing environment, i.e. two factor authentication, three-factor authentication and so on. The two-factor authentication (2FA) scheme is based on two levels of identification, i.e. something that the user knows (knowledge factor), something that the user has, e.g. smart card, token, or mobile device (ownership factor) and something the user is (biometric/behavior factor) [95]. Two-factor authentication schemes are playing a vital role in providing secure authentication in various IoT based smart environments. For example, several works on two-factor authentication protocols were proposed in the context of securing various processes in various IoT based smart environments such as healthcare, industrial IoT, and smart transportation, among others [96]. However, with the recent advancements in various IoT based applications, the need of secure solutions has increased as the threat landscape is getting larger [97]. In addition to this, various studies have showed that the two two-factor authentication schemes can be inefficient or insecure for the critical IoT applications. Also, such protocols might not be well suited in the case of smart and gadget-free environment due to the assumption that the user will not carry any hand-held device in the environment. Efficient and strong biometrics-based authentications schemes will be vital in such cases.

2.4.2 Three factor authentication in IoT

Considering the security requirements of the current IoT applications, three-factor authentication (3FA) protocols can be seen as highly important to ensure that only legitimate entities will be able to access required resources. These authentication mechanisms are based on three levels of identiﬁcation, i.e. the knowledge factor, the ownership factor, and the biometrics factor [95]. Several studies have proposed three- factor based remote users authentication schemes for the Telecare Medical Information

36 System (TMIS) and for the remote healthcare services [98], [99]. Most of these solutions have used a password, a smart card/mobile and biometrics (e.g. ﬁngerprints). In the case of the complete gadget-free world, the user will be gadgetless and devices available/embedded in the environment are required to authenticate the user. Hence, biometrics can be seen as one of the potential candidates for providing authentication in such environment. In order to get a more reliable and accurate result, multi-factor biometrics-based authentication can be performed. The capturing devices present in the smart environment can authenticate the user by analyzing and processing various biometrics traits. For example, the work in [13] presented the requirements of the authentication in gadget-free world along with the evaluations of various biometrics traits.

2.4.3 Authentication in MEC based IoT

The advent of MEC technologies and its integration into 5G will enable massive scale IoT applications. The secure and efﬁcient authentication of user/end device with the MEC must be properly placed in order to ensure the protection against various threats at different tiers in the architecture [100]. For example, device identity attacks are critical in MEC based computing environments. Recently, some studies have been performed in this direction and provided strong cryptographic solutions from protecting identity attacks [101], [102], [103]. This thesis combines edge computing capabilities with the blockchain technology to ensure low latency, decentralized and trusted computing environment for future IoT applications. Blockchain can provide the authentication mechanism for various devices related to MEC.

2.4.4 Privacy and trust management

The user’s privacy has been considered as a signiﬁcant challenge in the case of cloud computing based IoT application. Cloud clients can access the user’s personal information and can share the data with third parties or other service providers without the consent of the users [104], [105]. The user has no idea where the data is actually placed and for what purpose it is used for. Although legislation has awaken (such as GDPR) to change this. However, the following of the legislation is difﬁcult to supervise. With the introduction of edge/fog computing, the user’s data privacy has improved. This is because the critical data can be restricted to the edge data centers at the access networks and the user can have control over it [106], [107].

37 In the case of gadget-based services, the users can interact with a suitable screen or display for accessing the desired services. However, the interaction in a gadget-free world will be direct and seamless with the environment. The key challenge for the user will be to access personal services in the public environment. The research in [48] studied the user’s privacy requirements in the gadget-free smart environment. Since the network architecture of future smart applications will be an integration of mist, edge/fog, and cloud, it is therefore highly important to formulate such privacy preserving framework that is suitable for critical applications. In this digital age, IoT is growing massively with the addition of a huge number of devices, service providers, third parties, network operators and other relevant stakeholders. Establishing trust among various network entities is a challenging task [108], [109]. Furthermore, with the advent of 5G and beyond systems, the size and scale of the application will be even larger. This requires a decentralized and distributed trust mechanism that must satisfy all the involved stakeholders. Therefore, together with the existing IoT trust models, it is highly important to explore various trust mechanisms, for example based on blockchain technology [110].

38 3 Research contributions

This chapter summarizes the contribution of the original publications in detail with respect to the three research question highlighted in section 1.2. The chapter is divided into three sections according to the three major contributions of the thesis. Section 3.1 proposes the efﬁcient and lightweight biometrics based-authentication mechanisms in the smart environment for single and multiple gadget-free users. Section 3.2 presents edge-based secure service accessibility mechanism for smart and hyperconnected environment. Finally, a blockchain and edge integrated framework for an industrial IoT use case is given in Section 3.3.

3.1 Lightweight authentication mechanism in smart environment

RQ1 deals with a secure authentication mechanism of the gadget-less users in the smart hyper-connected environment. They key aim of this research is that only valid users are able to acquire digital services from the nearby smart surroundings. Since the user is without a gadget in the environment, the traditional username and password based authentication protocols are, of course not be suitable in such cases, because it would not be feasible to input a username/password when the gadget-free user enters. Thus, a biometrics-based lightweight authentication protocol is proposed to achieve this very goal because it is seamless and effortless as the user moves across the smart surroundings. The contribution is based on Paper I and Paper II, that corresponds to the single user and multiple users authentication respectively. Paper 1 presents a biometrics-based lightweight authentication mechanism for a single user in a smart surrounding. A smart healthcare use case is taken as an example of a smart environment to demonstrate the protocol. The protocol is comprised of four key entities, i.e. the User (U), the Registration Center (RC), the Access Points (APs), and the medical sensors or End Nodes (ENs) offering the basic health care services as shown in Fig. 5 (adapted/modiﬁed from Publication I). RC is assumed to be a trusted entity and can be seen, for example, as the central administration of the hospital. The AP can be considered as a high computationally capable node and is able to fetch and process the biometrics features of the user and can retrieve the desired services from ENs to the user. Furthermore, the protocol is based on six key phases, i.e. the user’s registration, the installation of key material for APs and ENs, the capturing of biometric data of the user, the actual service request phase, and the corresponding response phase. The protocol initiates with the registration of the user’s biometrics characteristics with the RC (1).

39 Fig. 5. System model for single user authentication in smart healthcare.

Since RC is a trusted entity in the system, it generates the required key material and shares it with the AP and ENs. After the registration of the user and installation of key material for the APs (2) and ENs (3), the patient now can request a particular services through APs which will further process the request to the respective ENs available in the smart surroundings of the hospital. When a patient enters to the hospital, biometrics features are captured via the camera devices available at the AP (4). Upon receiving the request, AP computes the required values and compares them with the stored features in the database. AP verifies whether the request is valid and, on the success, the request message is sent to respective ENs (5). The particular EN further computes the values based on the request and authenticates the user on the successful verification of values and the required response is sent back to AP (6). The proposed scheme fulfills the desired security requirements and is able to resist to some of the well-known attacks, e.g. replay attacks, DoS attacks, and insider attacks. The performance analysis of the proposed protocol is evaluated in terms of communication and computation costs taken by two major phases of the scheme, i.e. Request phase and Answer phase. For the communication cost, the proposed schemes take 608 bits for the request phase and 448 bits for answer phase, a total of 1052 bits for both phases. On the other hand, the total computation cost for these two phases is 0.0253ms. The performance (costs) of the proposed authentication mechanism is compared with the existing remote biometrics-based schemes from the literature [111], [112], [113] and the results showed better performance with the proposed scheme. Since the protocol is lightweight and solely uses symmetric key-based operations, therefore the computation

40 and communications cost were low compared with the existing remote biometrics authentication schemes. Paper II further extends the idea of biometrics authentication for the multiple users/patients and at the multiple locations in the smart healthcare environment, and thus proposes a lightweight authentication scheme "AGE". For ease of understanding, a similar smart healthcare use case is considered for the design of this protocol. Five different entities are considered in the system, i.e. the User (U), the Registration Center (RC), the Access Points (APs), the Medical Sensors or End Nodes (ENs) offering health related services and the Medical Server (MS). There are multiple APs available at the different location of the hospital and a central AP (APc) is present at the entrance of the hospital responsible for capturing the biometrics credentials of each patient. The central AP further shares this information with the other APs available in the hospital.

Fig. 6. System model for multiple user authentication in smart healthcare.

The proposed AGE protocol comprises of seven different phases, as shown in Fig. 6 (adapted/modiﬁed from Publication II). The protocol starts by registration of the patients using their biometrics credentials with the RC (1). The installation of appropriate key material is performed for ENs and APs (2). Next, the patients/users request the needed medical services through the central AP (3). On the successful veriﬁcation of the patient,

41 the central AP in the next phase will notify other APs regarding the arrival of a valid patient within the hospital and the requested service (4). In the next phase, different APs at various locations activate their respective medical end nodes (5). In order to get the required services from the medical end nodes, the patient/users enter the pin code and can access the service on successful validation (6). Finally, after the delivering the service to the patients, ENs will inform the MS about the services via central AP (7). The security analysis of the scheme showed the proposed protocol can provide resistance against the most relevant threats such as DoS attacks, replay attacks, and insider attacks. In addition to this, the protocol is analysed through the formal security veriﬁcation technique using the CDVT/AD tool. This is an automated system tool that implements a modal logic of knowledge and an attack detection theory. The analysis shows that the proposed protocol satisﬁes the required security goals of the scheme, e.g. authentication, freshness, and session-key establishment. Finally, the performance evaluation of the proposed scheme is analysed in the context of the communication and computation costs for two key phases, i.e. request phase and answer phase. The communication cost for the response phase is 640 bits, and 800 bits for answer phase, i.e. total communication cost is 1440 bits. The combined computation cost for the two phases is 0.0273ms. According to the results, the proposed scheme performs better as compared with the existing remote user authentication schemes as shown in Table 1.

Table 1. Comparison of computation and communication cost with existing protocols (Adapted/Modiﬁed by permission from Publication II ©2019 Springer). Protocol Total computation cost (ms) Total Communication cost (bits) He [111] 13.417 3520 Baruah [112] 0.0299 960 Odelu [113] 17.847 2944 Shen [114] 13.395 2880 Chaudhry [115] 15.639 1664 Li [116] 13.402 3360 Kumari [117] 17.840 3240 Chandrakar [118] 20.089 1860 Reddy [119] 28.938 1440 Irshad [120] 18.639 1696 Han [121] 6.703 1216 Kumar [10] 0.0253 1052 Proposed scheme 0.0276 1440

42 3.2 Conceptual design of edge based secure services

The second research question deals with securing the digital services in the edge-based smart environment. For this purpose, Paper III proposes a conceptual security mechanism based on three-tier IoT edge architecture. Tier 1 corresponds to the local networks which is mainly comprised of various low power senors, actuators and devices. Tier 2, the edge tier, comprises of the access network and the computational nodes located at them, enabling the edge computing. The addition of edge tier in the traditional IoT architecture provides immense key features for the smart environments, such as availability of low latency based elastic resources and services, improved security and privacy. Tier 3 can be seen as the traditional cloud computing-based platform that can provide a globally available and accessible services along with required higher computational capabilities.

Fig. 7. Three-tier edge IoT architecture for smart environment.

Based on the three-tier IoT edge architecture, the paper identifies various potential security threats at different levels and divides/classifies them into seven major threats vectors, as show in Fig. 7 (adapted/modified from Publication III). Threat vectors can be represented by ’V’ as highlighted in Fig.7. For example, threat vector 1 (V1) corresponds to the various attacks on the nodes/sensors available at the local IoT clusters;

43 V2 presents the potential attacks on the available communication channels among the local IoT clusters; V3 provides the key vulnerabilities on the communications channel between local network and edge network; V4 highlights the attacks on the edge nodes/devices in the network; V5 shows the threats on the communication channel between two edge networks; V6 are the vulnerabilities on the communication channel between edge and global networks, and V7 presents the threats on the global networks (public cloud). Corresponding to these threats, the paper also brieﬂy discussed some of the potential solutions to each of these seven threat vectors. Next, a conceptual security mechanism is presented for the smart and gadget-free environment from two key perspectives i.e. secure smart object/node bootstrapping mechanism and user accessibility mechanism for accessing the digital services. A smart object bootstrapping mechanism ensures that only authorized nodes/objects are able to join the network and access the resources. The process starts when a smart object sends a joining request to the local network using its root identity. Root identity is a statically conﬁgured cryptographic material, which is embedded by the manufacturer in a bootstrapping mechanism. Using the root identity of a new smart object, the authentication and authorization mechanism is executed and upon the success, the smart node can be added to the local network. In the case authentication of smart object fails, the error message is sent to the error control unit (ECU). The ECU is responsible for error detection and control mechanism. The smart object bootstrapping mechanism is shown in Fig. 8.

Once the node bootstrapping is successfully performed, it generates additional cryptograpgic material that is known as the domain identity. The domain identity can be used in various tasks related to the deployment and management at the local

44 networks. After the bootstrapping, the smart object is required to register with the local network to make sure that it can be discovered by other smart objects in the network. For the registration purpose, the domain identity is utilized and upon successful authorization, the group key material is generated, which will be required for further secure communications in the network. The combined root and domain identities represent the complete identity of the smart object. In order to access high computational resources/services (from edge networks), the smart object is required to be connected with the edge tier. In that case, the complete identity of the smart node is sent to the edge layer through the local identity management (IdM). The authentication and authorization of the smart object is performed at the edge tier and the access to the required service is granted to the object in the case of successful authorization.

The paper also proposes a users service accessibility mechanism to ensure that only authorized users are able to access the desired digital services in the smart environment, as shown in Fig. 9. The proposed mechanism is threefold and the type of user access depends on the nature of the services requested by the user. For example, in the ﬁrst case, the user wants to receive only the basic services from the local networks and the connection to edge and global layers are not established. Thus, only lightweight

45 authentication is required with the local networks. The new user sends the service request to the nearby smart environment using biometrics features. The high capacity smart objects available in the surrounding fetch the biometrics credentials and process it further for the identification mechanism. Next, using the user identity, the user authentication and authorization processes are executed, and on the success, the requested services are enabled for the user. The ECU is reported in the case the authentication process failed. In the second case, the user secure accessibility to the edge services is needed in case the requested services are high computational/processing or not available at the local layer. This access mechanism follows the same steps as in the case of user accessibility for the local network services. After the authentication, if the requested services are not available at the local layer, the user identity is sent to the edge layer. The authentication and authorization process is executed at the edge tier and access is granted upon the successful verification. The session is created, and group keys are shared with key management (KeM) at the local tier. The domain identity is also created and shared with the local identity management (IdM) for further communications. In the final case, the user is required to access the services from the global layer. In this case, the access mechanism until local and edge layer will be the same as explained previously. Next, if the required services are not available at the edge, the user identity is forwarded to the global network and the requested access is granted on the successful authentication and authorization. Next, the performance and efficiency of the three-tier IoT edge architecture is evaluated and compared with the traditional IoT models. Altogether, there are three different IoT models presented in chapter 2 (Fig. 4). Model (a) is the traditional IoT cloud architecture, which is typically consists of three layers, i.e. local/device layer, access networks, and core/cloud networks, and the computation is made solely at the core/cloud layer. On the other hand, the model (b) includes edge computing as an intermediate tier in the conventional IoT model that is able to do some data processing near to the source of the data. This will ensure availability of low-latency services needed to execute real-time and mission-critical processes. And finally, (c) is the three-tier IoT edge model that allows some of the processing and data management tasks at the local network and reduces the load of at the access (edge) networks. The model ensures some of the critical decisions can be taken locally (on nodes) and improves failure tolerance along with enhanced security and privacy. The performance of these three IoT models is analyzed in terms of three-key network parameters, i.e. latency, power consumption and network usage. iFogSim is the simulation environment used for these evaluations. The end-to-end latency (milliseconds, ms) varies with respect to the complexity of the control algorithm

(millions of instructions per task, MI) when placed at different layers in the IoT models. According to the results, the end-to-end latency performs the best at the local-edge IoT model as compared with other two IoT models with less instructions, i.e, when complexity is below 1.0E4MI. When the complexity increases, i.e. between the 1.0E4MI and 6.0E5MI, the optimal location for application placement is the edge server, as highlighted in Fig. 10. On further increasing the complexity of the instruction above 6.0E5MI, the core layer is seen as the optimal place to run the algorithm. Thus, with the computationally light tasks, the network latencies dominate the end-to-end performance, whereas with the computationally intensive tasks, the processing time gets a more important factor.

47 The power consumption in the network is analysed with respect to processing/computations at different layers. When the computational application/algorithm is performed at the cloud server, the maximum power consumption can be seen at the core layer, i.e. 478W. The power consumption for edge and local layers are 219.3W and 22.3W respectively as shown in Fig 11. In case computations are performed at the edge layer, the power consumed by core (remaining mostly idle), edge and local are 150W, 397W, and 21.9, respectively. The core and edge layer nodes and network devices remained in idle mode consuming 150W and 112W, when all the computation is carried out at the local node. It can be observed from the results that the power consumption varies at a different layer. Overall observation is that with the given parameters, the further the computations is performed from the source of the data, the more power will be consumed. From the viewpoint of the network load, when the application is processed at the local node, the maximum network usage can be seen at the local layer as compared with other layers as highlighted in Fig.12. In case the application is processed at the edge layer, the network inflicts the load to both local and access layers and only control traffic takes place at the core layer. It is observed that the network load is inflicted on all the layers, when the processing is done at the cloud server.

3.3 BlockEdge framework for smart applications

The third and ﬁnal research question was about the integration of the blockchain and edge computing for the smart applications to address some of the key challenges,

48 such as low-latency services, secure and trusted computing environment, scalability and reliability. For this purpose, Paper V formulates a blockchain-edge integrated ’BlockEdge’ framework that combines the characteristics of both these enabling technologies. The proposed framework is formulated in the context of an industrial use case, i.e. execution of various phases of log-house process in the smart home construction use case. As shown in Fig. 13, the proposed framework is based on the three different parts, i.e. Local Network, Fog Network, and Global Network. Local network comprises of various clusters of IoT nodes managed by respective edge nodes. Thus, the local network can also be known as "IoT-Edge" network as it combines the capabilities of both IoT sensors and edge nodes to address the local service/resource requirements and to execute various local processes. In addition, permissioned blockchain is deployed at the local network to provide various features such as trusted data sharing, and process/product monitoring and management.

Furthermore, Fog networks can be seen as relatively richer in terms of resources and computational capabilities as compared with the local networks. A single fog network can be seen as a vast umbrella of resources/services and manages/supervises a number of assigned IoT-Edge nodes. A permissionless blockchain is running at the fog network to ensure that various stakeholders can share the required information with each other or can sell the available resources among themselves. The global network is the highest in terms of resources and manages the overall processes in the use case. It can be considered as a conventional cloud-based network which possesses heaps of resources

49 and can provide a globally available platform for various applications. Blockchain at the global network is responsible for supervising the overall transactions in the use case and provides a permanent record which can be tracked anytime in the process. The performance evaluation of the proposed BlockEdge is evaluated in the context of the latency, power consumption and network usage and compared with the different IoT models which do not include a blockchain. The main aim is to examine various network parameters from two perspectives, i.e. when the blockchain-edge is efﬁciently integrated into the IIoT use case and when only the edge/traditional IoT architecture is utilized without the blockchain for the use case. This evaluation is carried out using iFogSim simulation environment.

Since in the case of the proposed BlockEdge framework, only latency-critical requests are processed at the local network and all other requests are sent to a corresponding fog network, the latency is slightly better compared with the non-blockchain IoT models. The use of the blockchain in the BlockEdge framework at the local level is restricted only to the purpose of the required data sharing among various local entities/stakeholders and in some case authentication/registration of nodes. According to the results and as shown in the ﬁgure, when the complexity (MI) is below 2.02E5MI, the optimal location for the algorithm in both cases (with and without blockchain) is local network. However, the latency values in the case of BlockEdge are slightly better than those in the non-blockchain models. The optimal placements of the algorithms in both cases is fog networks when the complexity is between 2.02E5MI and 6.02E5MI, as shown in Fig. 14 and Fig. 15. It is observed that the power consumption results performed better with the non-blockchain models compared with the BlockEdge framework. This is because the BlockEdge requires additional power and network resources to run/process the

50 Fig. 15. End to end latency with non-blockchain models (Reprinted by permission from Publication V ©2020 IEEE). blockchain and this is not the case with non-blockchain models. When the processing/computations take place at the cloud, the power consumption at the core layer are 478W and 558W for the BlockEdge model and non-blockchain model, respectively, as show in Fig 16 and 17. It can be seen from the results that the proposed framework has taken 80W more power than the non-blockchain models due to the computation required for the blockchain.

The network usage in the BlockEdge framework is higher as compared with the non-blockchain models. The main reason is that the BlockEdge framework requires more network resources to run the blockchain, which is not in the case with the non-blockchain models. As seen in the ﬁgure, when the processing is performed at the local network, the network usage for the local layer in the BlockEdge model is 4.023 mb/s, which is

51 Fig. 17. Power consumption with non-blockchain models (Reprinted by permission from Publication V ©2020 IEEE). higher as compared with 3.48 mb/s at the local layer in the non-blockchain model, as highlighted in Fig. 18 and 19.

Furthermore, the research in Paper VI surveys the potential security threats in the BlockEdge framework and presents some suitable solutions. In order to analyze the threats, the framework can be seen from four key different parts, i.e. local layer, edge layer, global layer, and ledger layer. This paper also assumes the same use case, i.e. execution of various log-house construction phases in the smart home construction. Before identifying the threats, the paper first defines some of the key security requirements for the use case such as an efficient authentication mechanism which is required for different network entities to access various services/resources in the network. Another crucial requirement is to enable trusted computing environment

52 Fig. 19. Network usage with non-blockchain models (Reprinted by permission from Publica- tion V ©2020 IEEE). for various entities in the network. Moreover, data privacy and integrity requirements are also critical in the case of IIoT use case. At the local network, various security vulnerabilities can arise from the docker containers platform which is used for providing the required microservices locally. For example, images related, and host and operating system (OS) related threats are becoming common in the container environment [122], [123]. Images based threats can be resolved by periodic scanning of the images and by applying cryptographic operations to ensure that only trusted images should be registered. To address the OS related threats, it is highly important to deploy such management tools that ensure that only the legitimate entities can access to the platform. Adversaries can target the resource constrained local nodes/devices, e.g. nodes tampering, malicious code injection, side channel attack, fake node and physical damage [124]. In addition, the local network is prone to attacks which arise from the communication channels used in the local networks, such as threats for BLE, ZigBEE and WiFi [125], [126]. Therefore, it is required to place a strong key management solution to ensure resistance against various attacks at the local layer. Next, at the edge networks, adversaries can launch various attacks at the virtual machines (VMs). For example, DoS attacks can be injected through the malicious VMs [127]. This can be addressed by various ways, e.g. by hardening the hypervisor can ensure the system security and by the isolation of security characteristics and controlling the polices for virtual environments. Edge data centers and serves are an easy target point for the adversaries, e.g. rogue attacks and node/resource tampering [128]. In order to avoid/mitigate such vulnerabilities, lightweight authentication mechanisms as well as the Intrusion Detection Systems (IDS) are required. At the global networks,

53 virtualization-related vulnerabilities can also impact the network. In addition, various traditional cloud-based attacks are expected at the global networks, such as DoS/DDoS, lack of access control, web API attacks and privacy among others [129]. Finally, the paper identiﬁes some of the potential threats in the blockchain. There are various smart contract based vulnerabilities which can be launched in the context of writing the codes in the smart contract, e.g. multiple function attack and self destruct functions [130]. Furthermore, various attacks can target the blockchain node itself, e.g. adversaries can target a single node in the whole network by tampering with the user’s IP address. Sybil attack can block the communication between the nodes and adversaries can take the control over the whole network [131]. Moreover, blockchain is also vulnerable from Platform based Security Threats, e.g. Decentralized Autonomous Organization (DAO) attack is one of the popular threats in Ethereum and can be launched during the mining process. The 51% attacks is another well-known threat that can arise during the consensus mechanism among various nodes in the network [132], [133].

54 4 Discussion

This chapter summarizes and discusses the thesis. Section 4.1 summarizes the main results of the thesis. Section 4.2 reﬂects the potential limitations of thesis and generalizability, and ﬁnally, the future research directions are presented in Section 4.3.

4.1 Summary of contributions

Paper I provided biometrics-based lightweight authentication schemes in the smart healthcare environment for a single user. The user was not assumed to carry no-hand held device and authentication was performed through the devices present in the healthcare environment. Based on the security and performance analysis, the proposed scheme was efficient in terms of communication and computation costs and provided resilience to well-known security attacks. Paper II extended the previous research for the multiple users and for the multiple locations in the smart healthcare use case and a new authentication protocol ’AGE’ was developed. The formal security verification of the protocol was performed using CDVT/AD tool and it is able to resist various key security threats. In addition, the evaluation results in terms of the communication and computation costs provide improvements as compared with the existing work. Paper III analyzed the three-tier IoT edge architecture for gadget-free digital environment from the view point of the security and formulated a conceptual security mechanism. The study provides valuable analysis and categorization/classification of the various potential security threats in the three-tier architecture. In terms of results, Paper III proposed a conceptual smart node bootstrapping mechanism that ensures the secure addition/joining of the smart node in the network. In addition, a conceptual security mechanism was developed for the user’s service accessibility to make sure that only valid/authorized users are able to access the digital services. Paper IV evaluated the performance of the three-tier IoT edge architecture and according to the results, it provides better results in terms of latency, energy consumption and network utilization provided as compared with the existing IoT models. Paper V formulated the ’BlockEdge’ framework by integrating the features of the blockchain technology and edge computing to address some of the key challenges in the current smart applications. The paper assumed the use case of smart home construction, and in particular, various phases dedicated to Log-house related processes. The performance evaluation of the proposed BlockEdge was done and compared with the existing non-blockchain IoT models. The results demonstrate that the model can

55 slightly improve the latency of the network together with ensuring the trust and reliability of the system. However, the values for power consumption and network utilization increase as compared with the existing models due to the addition of a blockchain in the proposed framework. However, in contrast to the expectations, the increase was minimal, and in return, a blockchain provides more security, trust, decentralization and other features to the application. Paper VI defined some of the key security requirements for a blockchain and edge integrated framework. In addition, various security threats are identified at various levels of the BlockEdge framework and corresponding potential security solutions are presented. Overall, the contributions successfully address the research questions by: 1) proposing an efficient users authentication mechanism in gadget-free environment along with detailed security analysis (RQ1, Papers I, II), 2) introducing the conceptual security mechanisms for smart node joining and user service accessibility in the three-tier IoT edge (RQ2, Papers III, IV), and 3) formulating a edge-blockchain integrated framework and analysing the related security threats (RQ3, Paper V, VI).

4.2 Limitations and generalizability

Although the performance of the proposed biometrics-based authentication protocols is evaluated in terms of the communication and computation cost (i.e. in Papers I, II), their performance in terms of the time for capturing the biometrics characteristics in the smart environment was not considered. Moreover, the accuracy in terms of successful capturing/matching of the various biometrics traits was taken from the existing work. To get better results in terms of capturing time and accuracy of the biometrics, the real-world prototyping is needed with more extensive analysis of the measurements. The work in Paper III developed the conceptual mechanisms for the secure smart object bootstrapping and users’ services accessibility, and there was not any authentication scheme (in the cryptographic form) formulated to show the mathematical validity of the conceptual model. For this purpose, it is required to propose a lightweight protocol that is able to fulﬁll the security requirements and resilient to various threats in the smart environment. Moreover, since the proposed BlockEdge framework in Paper V does not include real-time prototyping as a proof of the concept, the values taken for the edge and blockchain processing during the performance evaluation are taken from the literature and according to the requirement of the selected industrial use case. To achieve more accurate results, it is required to conduct basic prototyping for this framework using some real-time deployment with blockchain and edge nodes.

56 4.3 Future research directions

The future research directions are discussed under two categories: Work with an immediate impact; Potential research areas with long-term goals.

4.3.1 Work with an immediate impact

The biometrics-based authentication schemes proposed in this thesis were from the context of smart healthcare use case (Papers I, II). However, this work can further be extended with other vital IoT use cases such as smart monitoring, smart transportation and others. These authentication schemes can further be enhanced by including a blockchain in the network. For example, a blockchain will provide improvements by enhancing the decentralization, security, accountability and trust of various entities/involved stakeholders available in the network. Another potential extension of this work can be done by formulating a lightweight authentication for three-tier IoT edge architecture (Paper III) for users and devices. Moreover, the future work will also include the design of security orchestration mechanism at the edge that is able to provide the dynamic security services to the local and edge IoT networks. This thesis proposed BlockEdge framework for IIoT use case and related security threats are identiﬁed. This work can be extended by designing an end-to-end security mechanism in the context of the BlockEdge framework. In addition, as the BlockEdge framework provides combined functionalities of blockchain and edge computing technologies to address the challenges in IIoT network, there are various key enabling technologies such as SDN and NFV which can be integrated into the framework to cover and address even a wider range of challenges/requirements in the current IIoT systems.

4.3.2 Potential research areas with long-term goals

Several new promising research areas are emerging in the domain of IoT and security which can be utilized in the context of this thesis. Some of them are discussed below:

Federated AI for enabling localized security management

Artiﬁcial Intelligence (AI) brings immense opportunities for the edge computing based future 5G and beyond smart applications. For example, the intelligence at the edge can be vital in providing dynamic and context-aware security measures for the local and edge networks [134], [135]. This will also enable the customized and situational-based

57 security approaches by sensing a particular context and accordingly providing the required degree/level of security services. In addition, one of the potential future research work will be to formulate federated AI/ML based privacy preserving algorithms able to take local security decisions in collaboration with the higher layers [136], [137]. On the other hand, Blockchain and AI can be seen as a good match for enabling the secure and trusted computing environment for the future wireless applications [138]. The integration of both technologies can ensure flexible, secure, intelligent, and dynamic resource management in the network. The BlockEdge framework proposed in this thesis can be further extended by introducing the intelligence at the edge networks. The integration of the edge intelligence and blockchain can bring additional benefits in terms of ensuring efficient and secure operations in a given application. For example, the deployment of AI algorithms at the edge networks will require training of a huge amount of the data. The blockchain, in this case, can verify the source of the data and can help in avoiding the information forgery. The edge can provide the efficient solutions to the scalability issues of blockchain operations by intelligently allocating the edge resources to the process and store blockchain information [139].

Decentralized trust mechanism for edge based massive IIoT applications

The future 5G and beyond systems are required to build novel trust management mechanisms for various involved entities and stakeholders in the number of IIoT applications. Blockchain is among the potential candidate for establishing a decentralized trust management framework [140]. For instance, the proposed BlockEdge framework can be extended for large-scale IIoT applications where heaps of network elements will be involved and work collaboratively to execute various critical phases, a stronger trust mechanism is required to be placed in such cases. Therefore, one of the potential future works based on this thesis work will be in context of building trust models [141].

FaaS security for edge networks

Function-as-a-service (FaaS), also sometime termed as Serverless computing, is an emerging research area in the domain of the cloud computing that is mainly based on the software architecture and divides/decomposes an application into various ’actions’ or ’functions’. This makes the application/services cost efﬁcient and easy to develop, manage, scale, and operate. Most of the current FaaS platforms are dedicated to clouds that does not provide/show the real ability and advantage of FaaS due to longer processing and response time and high network load. It will be more efﬁcient to utilize

58 FaaS capabilities where the data processing can be performed near to the source, similar to the case of edge computing [142], [143]. Therefore, in the future, the concept of FaaS can be applied to the BlockEdge framework to enable/deploy the dynamic security functions at the edges or extreme edges according to the need or based on changing the security situation.

Post-quantum cryptography for edge devices

Strong encryption/decryption measures are required to protect edge devices in case the sensitive data is either processed at the edge node, stored at the edges nodes for a longer period, and when transmitted to various other edge nodes for further processing. Since the technology is slowly moving towards the quantum computing where the computing and processing power will be immense in IoT networks, the traditional encryption techniques might not be suitable [144], [145]. In this context, one of the potential future works can be to explore the post-quantum cryptography (quantum resistant cryptography) based solutions for edge devices.

59 60 5 Conclusions

Security is one of the forefront challenges in the current IoT-based smart environment. For example, secure and lightweight authentication of the users is required in the smart environment to guarantee that the required digital services are accessed to by only authorized/valid entities in the network. Furthermore, edge based secure services in such an environment are crucial due to delay-critical requirements/demands of the various processes. In addition, it is vital to propose such security solutions that also take care of various other network features/factors, i.e. overall energy efficiency, scalability, appropriate network load and optimized cost. This thesis began with proposing an efficient and privacy preserving biometrics based lightweight authentication protocol for a single user in the smart healthcare scenario. The security and performance analysis of the proposed protocol confirmed efficiency of the scheme along with fulfilling the desired security requirements. Next, this thesis proposed another authentication protocol, ’AGE’, by extending the previous healthcare use case by assuming the case when multiple users want to access medical services in various locations of the hospital. The formal security verification of the scheme is performed using CDVT/AD tool and the result verified its validity for various well-known attacks. The performance evaluation of protocol showed improved results in terms of communication and computation cost. Next, the thesis analyzed the potential security threats for edge-based three-tier communication architecture for smart environment. Based on the identified threats, a conceptual secure node bootstrapping mechanism was developed that can ensure secure joining of a new smart node in the network. A conceptual user’s accessibility mechanism for accessing the digital services from the smart surrounding was also proposed. The performance results indicate improved latency, power consumption and network utilization for three-tier IoT-edge architecture compared with available IoT models. Finally, the thesis combined the concept of edge computing with blockchain and proposed ’BlockEdge’ framework to address some of the challenges faced by current Industrial IoT applications such as low latency services, process monitoring/tracking, security and trust among others. The performance of the BlockEdge framework was evaluated in terms of latency, energy consumption and network utilization and compared with the available non-blockchain IoT edge models. The latency was slightly improved for the proposed BlockEdge framework, but the energy consumption and network usage were increased as compared with the existing non-blockchain models due to the addition

61 of blockchain. Furthermore, the thesis explored various potential security threats at various levels in the BlockEdge framework and provide relevant security solutions. The thesis provides valuable insight into designing the lightweight authentication protocols for future smart and hyperconnected environment. It also proposes a conceptual security mechanism for securing the edge based services in the environment. In addition, it also explores the concept of blockchain and edge computing for providing enhanced security solutions along with addressing other critical requirements in the smart IoT applications. Despite the limitations, the framework proposed in this thesis can provide a basis for future-massive scale application (5G and beyond) with huge a number of network entities and requiring features such as decentralized trust, low-latency, scalability, and accountability, among others. The work performed in this thesis has huge potential in terms of extending it for various key technology enablers, e.g. AI/ML and SDN. For example, currently, most of the AI algorithms are deployed at the cloud servers instead of the edge (far from the source of the data/end-users) because it requires high computational capabilities to process the massive volume of data. The BlockEdge framework formulated in the thesis assumes the use of the blockchain near to the edge to fulfill several requirements for the smart environments. The blockchain technology can enable the efficient utilization of AI at/near the edge by ensuring the high quantity data sharing with strong blockchain based decentralized computational capabilities. In the future massive-scale IoT applications, it is crucial to place the intelligent security solutions to fulfill dynamic security requirements. There is a wide scope in terms of formulating the security orchestration and monitoring mechanisms based on the research presented in the thesis. For example, a blockchain can be vital at the edge network to track/monitor identities and provenance of all decisions related to the security. This would also ensure the trust management among various stakeholders in the IoT-based applications.

62 References

[1] A. Kamilaris and A. Pitsillides, “Mobile phone computing and the internet of things: A survey,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 885–898, 2016. [2] M. M. Baig, H. GholamHosseini, and M. J. Connolly, “Mobile healthcare applications: system design review, critical issues and challenges,” Australasian physical & engineering sciences in medicine, vol. 38, no. 1, pp. 23–38, 2015. [3] F. John Dian, R. Vahidnia, and A. Rahmati, “Wearables and the internet of things (iot), applications, opportunities, and challenges: A survey,” IEEE Access, vol. 8, pp. 69 200–69 211, 2020. [4] J. Li, Q. Ma, A. H. Chan, and S. Man, “Health monitoring through wearable technologies for older adults: Smart wearables acceptance model,” Applied ergonomics, vol. 75, pp. 162–169, 2019. [5] S. Seneviratne, Y. Hu, T. Nguyen, G. Lan, S. Khalifa, K. Thilakarathna, M. Hassan, and A. Seneviratne, “A survey of wearable devices and challenges,” IEEE Communications Surveys Tutorials, vol. 19, no. 4, pp. 2573–2620, 2017. [6] I. Yaqoob, L. U. Khan, S. M. A. Kazmi, M. Imran, N. Guizani, and C. S. Hong, “Autonomous driving cars in smart cities: Recent advances, requirements, and challenges,” IEEE Network, vol. 34, no. 1, pp. 174–181, 2020. [7] L. U. Khan, I. Yaqoob, N. H. Tran, S. M. A. Kazmi, T. N. Dang, and C. S. Hong, “Edge computing enabled smart cities: A comprehensive survey,” IEEE Internet of Things Journal, pp. 1–1, 2020. [8] I. Ahmad, T. Kumar, M. Liyanage, M. Ylianttila, T. Koskela, T. Braysy, A. Antto- nen, V. Pentikinen, J.-P. Soininen, and J. Huusko, “Towards gadget-free internet services: A roadmap of the naked world,” Telematics and Informatics, vol. 35, no. 1, pp. 82–92, 2018. [9] H. Xu and X. Geng, “People-centric service intelligence for smart cities,” Smart Cities, vol. 2, no. 2, pp. 135–152, 2019. [10] T. Kumar, A. Braeken, M. Liyanage, and M. Ylianttila, “Identity privacy preserving biometric based authentication scheme for naked healthcare environment,” in 2017 IEEE International Conference on Communications (ICC), 2017, pp. 1–7. [11] T. Kumar, A. Braeken, A. D. Jurcut, M. Liyanage, and M. Ylianttila, “Age: authentication in gadget-free healthcare environments,” Information Technology and Management, pp. 1–20, 2019.

63 [12] T. Kumar, P. Porambage, I. Ahmad, M. Liyanage, E. Harjula, and M. Ylianttila, “Securing gadget-free digital services,” Computer, vol. 51, no. 11, pp. 66–77, 2018. [13] K. Halunen, J. Häikiö, and V. Vallivaara, “Evaluation of user authentication methods in the gadget-free world,” Pervasive and Mobile Computing, vol. 40, pp. 220–241, 2017. [14] M. Liyanage, A. Braeken, and M. Ylianttila, “Gadget free authentication,” IoT Security: Advances in Authentication, pp. 143–157, 2020. [15] N. Hassan, S. Gillani, E. Ahmed, I. Yaqoob, and M. Imran, “The role of edge computing in internet of things,” IEEE Communications Magazine, vol. 56, no. 11, pp. 110–115, 2018. [16] Y. Sahni, J. Cao, S. Zhang, and L. Yang, “Edge mesh: A new paradigm to enable distributed intelligence in internet of things,” IEEE Access, vol. 5, pp. 16 441–16 458, 2017. [17] M. Satyanarayanan, “The emergence of edge computing,” Computer, vol. 50, no. 1, pp. 30–39, 2017. [18] W. Shi and S. Dustdar, “The promise of edge computing,” Computer, vol. 49, no. 5, pp. 78–81, 2016. [19] J. Pan and J. McElhannon, “Future edge cloud and edge computing for internet of things applications,” IEEE Internet of Things Journal, vol. 5, no. 1, pp. 439–449, 2018. [20] T. Qiu, J. Chi, X. Zhou, Z. Ning, M. Atiquzzaman, and D. O. Wu, “Edge computing in industrial internet of things: Architecture, advances and challenges,” IEEE Communications Surveys Tutorials, pp. 1–1, 2020. [21] L. Hu, Y. Miao, G. Wu, M. M. Hassan, and I. Humar, “irobot-factory: An intelligent robot factory based on cognitive manufacturing and edge computing,” Future Generation Computer Systems, vol. 90, pp. 569–577, 2019. [22] P. Porambage, J. Okwuibe, M. Liyanage, M. Ylianttila, and T. Taleb, “Sur- vey on multi-access edge computing for internet of things realization,” IEEE Communications Surveys Tutorials, vol. 20, no. 4, pp. 2961–2991, 2018. [23] Y. Mao, C. You, J. Zhang, K. Huang, and K. B. Letaief, “A survey on mobile edge computing: The communication perspective,” IEEE Communications Surveys Tutorials, vol. 19, no. 4, pp. 2322–2358, 2017. [24] Y. Ai, M. Peng, and K. Zhang, “Edge computing technologies for internet of things: a primer,” Digital Communications and Networks, vol. 4, no. 2, pp. 77–86, 2018.

64 [25] W. Z. Khan, E. Ahmed, S. Hakak, I. Yaqoob, and A. Ahmed, “Edge computing: A survey,” Future Generation Computer Systems, vol. 97, pp. 219–235, 2019. [26] C. Jiang, X. Cheng, H. Gao, X. Zhou, and J. Wan, “Toward computation offloading in edge computing: A survey,” IEEE Access, vol. 7, pp. 131 543–131 558, 2019. [27] E. M. Dogo, A. F. Salami, C. O. Aigbavboa, and T. Nkonyana, “Taking cloud computing to the extreme edge: A review of mist computing for smart cities and industry 4.0 in africa,” in Edge computing. Springer, 2019, pp. 107–132. [28] P. Galambos, “Cloud, fog, and mist computing: Advanced robot applications,” IEEE Systems, Man, and Cybernetics Magazine, vol. 6, no. 1, pp. 41–45, 2020. [29] J. S. Preden, K. Tammemäe, A. Jantsch, M. Leier, A. Riid, and E. Calis, “The benefits of self-awareness and attention in fog and mist computing,” Computer, vol. 48, no. 7, pp. 37–45, 2015. [30] X. Wang, X. Zha, W. Ni, R. P. Liu, Y. J. Guo, X. Niu, and K. Zheng, “Survey on blockchain for internet of things,” Computer Communications, vol. 136, pp. 10–29, 2019. [31] W. Viriyasitavat, L. D. Xu, Z. Bi, and D. Hoonsopon, “Blockchain technology for applications in internet of things—mapping from system design perspective,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8155–8168, 2019. [32] R. Beck, “Beyond bitcoin: The rise of blockchain world,” Computer, vol. 51, no. 2, pp. 54–58, 2018. [33] M. Tahir, M. H. Habaebi, M. Dabbagh, A. Mughees, A. Ahad, and K. I. Ahmed, “A review on application of blockchain in 5g and beyond networks: Taxonomy, field-trials, challenges and opportunities,” IEEE Access, vol. 8, pp. 115 876– 115 904, 2020. [34] J. Abou Jaoude and R. George Saade, “Blockchain applications – usage in different domains,” IEEE Access, vol. 7, pp. 45 360–45 381, 2019. [35] T. Salman, M. Zolanvari, A. Erbad, R. Jain, and M. Samaka, “Security services using blockchains: A state of the art survey,” IEEE Communications Surveys Tutorials, vol. 21, no. 1, pp. 858–880, 2019. [36] S. Shi, D. He, L. Li, N. Kumar, M. K. Khan, and K.-K. R. Choo, “Applications of blockchain in ensuring the security and privacy of electronic health record systems: A survey,” Computers & Security, p. 101966, 2020. [37] V. Ramani, T. Kumar, A. Bracken, M. Liyanage, and M. Ylianttila, “Secure and efficient data accessibility in blockchain based healthcare systems,” in 2018 IEEE Global Communications Conference (GLOBECOM), 2018.

65 [38] R. Yang, F. R. Yu, P. Si, Z. Yang, and Y. Zhang, “Integrated blockchain and edge computing systems: A survey, some research issues and challenges,” IEEE Communications Surveys Tutorials, vol. 21, no. 2, pp. 1508–1532, 2019. [39] M. A. Rahman, M. S. Hossain, G. Loukas, E. Hassanain, S. S. Rahman, M. F. Alhamid, and M. Guizani, “Blockchain-based mobile edge computing framework for secure therapy applications,” IEEE Access, vol. 6, pp. 72 469–72 478, 2018. [40] Z. Xiong, Y. Zhang, D. Niyato, P. Wang, and Z. Han, “When mobile blockchain meets edge computing,” IEEE Communications Magazine, vol. 56, no. 8, pp. 33–39, 2018. [41] S. Guo, X. Hu, S. Guo, X. Qiu, and F. Qi, “Blockchain meets edge computing: A distributed and trusted authentication system,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 1972–1983, 2019. [42] X. Xu, X. Zhang, H. Gao, Y. Xue, L. Qi, and W. Dou, “Become: Blockchain- enabled computation ofﬂoading for iot in mobile edge computing,” IEEE Trans- actions on Industrial Informatics, vol. 16, no. 6, pp. 4187–4195, 2019. [43] B. Dong, V. Prakash, F. Feng, and Z. O’Neill, “A review of smart building sensing system for better indoor environment control,” Energy and Buildings, vol. 199, pp. 29–46, 2019. [44] V. Meshram, V. Meshram, and K. Patil, “A survey on ubiquitous computing,” ICTACT Journal on Soft Computing, vol. 6, no. 2, pp. 1130–1135, 2016. [45] M. Tentori, L. Escobedo, and G. Balderas, “A smart environment for children with autism,” IEEE Pervasive Computing, vol. 14, no. 2, pp. 42–50, 2015. [46] A. Alshamsi, Y. Anwar, M. Almulla, M. Aldohoori, N. Hamad, and M. Awad, “Monitoring pollution: Applying iot to create a smart environment,” in 2017 Inter- national Conference on Electrical and Computing Technologies and Applications (ICECTA), 2017, pp. 1–4. [47] E. Harjula, P. Karhula, J. Islam, T. Leppänen, A. Manzoor, M. Liyanage, J. Chauhan, T. Kumar, I. Ahmad, and M. Ylianttila, “Decentralized iot edge nanoservice architecture for future gadget-free computing,” IEEE Access, vol. 7, pp. 119 856–119 872, 2019. [48] T. Kumar, M. Liyanage, A. Braeken, I. Ahmad, and M. Ylianttila, “From gadget to gadget-free hyperconnected world: Conceptual analysis of user privacy challenges,” in 2017 European Conference on Networks and Communications (EuCNC), 2017, pp. 1–6. [49] E. Ahmed, I. Yaqoob, A. Gani, M. Imran, and M. Guizani, “Internet-of-things- based smart environments: state of the art, taxonomy, and open research challenges,” IEEE Wireless Communications, vol. 23, no. 5, pp. 10–16, 2016.

66 [50] J. Chin, V. Callaghan, and S. B. Allouch, “The internet-of-things: Reﬂections on the past, present and future from a user-centered and smart environment perspective,” Journal of Ambient Intelligence and Smart Environments, vol. 11, no. 1, pp. 45–69, 2019. [51] Y. Nikoloudakis, S. Panagiotakis, E. Markakis, E. Pallis, G. Mastorakis, C. X. Mavromoustakis, and C. Dobre, “A fog-based emergency system for smart enhanced living environments,” IEEE Cloud Computing, vol. 3, no. 6, pp. 54–62, 2016. [52] F. Cicirelli, A. Guerrieri, G. Spezzano, A. Vinci, O. Briante, A. Iera, and G. Ruggeri, “Edge computing and social internet of things for large-scale smart environments development,” IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2557–2571, 2018. [53] O. Novo, “Blockchain meets iot: An architecture for scalable access management in iot,” IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1184–1195, 2018. [54] A. D. Dwivedi, G. Srivastava, S. Dhar, and R. Singh, “A decentralized privacy- preserving healthcare blockchain for iot,” Sensors, vol. 19, no. 2, p. 326, 2019. [55] Y. Liu, Y. Kuang, Y. Xiao, and G. Xu, “Sdn-based data transfer security for internet of things,” IEEE Internet of Things Journal, vol. 5, no. 1, pp. 257–268, 2017. [56] J. Li, J. Cai, F. Khan, A. U. Rehman, V. Balasubramaniam, J. Sun, and P. Venu, “A secured framework for sdn-based edge computing in iot-enabled healthcare system,” IEEE Access, vol. 8, pp. 135 479–135 490, 2020. [57] C. Stergiou, K. E. Psannis, B.-G. Kim, and B. Gupta, “Secure integration of iot and cloud computing,” Future Generation Computer Systems, vol. 78, pp. 964–975, 2018. [58] M. Gusev and S. Dustdar, “Going back to the roots—the evolution of edge computing, an iot perspective,” IEEE Internet Computing, vol. 22, no. 2, pp. 5–15, 2018. [59] A. Yousefpour, C. Fung, T. Nguyen, K. Kadiyala, F. Jalali, A. Niakanlahiji, J. Kong, and J. P. Jue, “All one needs to know about fog computing and related edge computing paradigms: A complete survey,” Journal of Systems Architecture, vol. 98, pp. 289–330, 2019. [60] F. Giust, X. Costa-Perez, and A. Reznik, “Multi-access edge computing: An overview of etsi mec isg,” IEEE 5G Tech Focus, vol. 1, no. 4, p. 4, 2017. [61] B. Chen, J. Wan, A. Celesti, D. Li, H. Abbas, and Q. Zhang, “Edge computing in iot-based manufacturing,” IEEE Communications Magazine, vol. 56, no. 9, pp. 103–109, 2018.

67 [62] X. Li, J. Wan, H. Dai, M. Imran, M. Xia, and A. Celesti, “A hybrid computing solution and resource scheduling strategy for edge computing in smart manufacturing,” IEEE Transactions on Industrial Informatics, vol. 15, no. 7, pp. 4225–4234, 2019. [63] P. Kochovski and V. Stankovski, “Supporting smart construction with dependable edge computing infrastructures and applications,” Automation in Construction, vol. 85, pp. 182–192, 2018. [64] Y. Jararweh, S. Otoum, and I. Al Ridhawi, “Trustworthy and sustainable smart city services at the edge,” Sustainable Cities and Society, p. 102394, 2020. [65] S. A. Hossain, M. A. Rahman, and M. A. Hossain, “Edge computing framework for enabling situation awareness in iot based smart city,” Journal of Parallel and Distributed Computing, vol. 122, pp. 226–237, 2018. [66] M. Gheisari, Q. Pham, M. Alazab, X. Zhang, C. Fernández-Campusano, and G. Srivastava, “Eca: An edge computing architecture for privacy-preserving in iot-based smart city,” IEEE Access, vol. 7, pp. 155 779–155 786, 2019. [67] Z. Zou, Y. Jin, P. Nevalainen, Y. Huan, J. Heikkonen, and T. Westerlund, “Edge and fog computing enabled ai for iot-an overview,” in 2019 IEEE International Conference on Artificial Intelligence Circuits and Systems (AICAS), 2019, pp. 51–56. [68] C. Mouradian, D. Naboulsi, S. Yangui, R. H. Glitho, M. J. Morrow, and P. A. Polakos, “A comprehensive survey on fog computing: State-of-the-art and research challenges,” IEEE Communications Surveys Tutorials, vol. 20, no. 1, pp. 416–464, 2018. [69] E. Rubio-Drosdov, D. D. Sánchez, F. Almenárez, and A. Marín, “A framework for efficient and scalable service offloading in the mist,” in 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), 2019, pp. 460–463. [70] M. Linaje, J. Berrocal, and A. Galan-Benitez, “Mist and edge storage: Fair storage distribution in sensor networks,” IEEE Access, vol. 7, pp. 123 860–123 876, 2019. [71] M. Asif-Ur-Rahman, F. Afsana, M. Mahmud, M. S. Kaiser, M. R. Ahmed, O. Kaiwartya, and A. James-Taylor, “Toward a heterogeneous mist, fog, and cloud-based framework for the internet of healthcare things,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4049–4062, 2019. [72] J. Al-Jaroodi and N. Mohamed, “Blockchain in industries: A survey,” IEEE Access, vol. 7, pp. 36 500–36 515, 2019. [73] M. S. Ali, M. Vecchio, M. Pincheira, K. Dolui, F. Antonelli, and M. H. Rehmani, “Applications of blockchains in the internet of things: A comprehensive survey,” IEEE Communications Surveys Tutorials, vol. 21, no. 2, pp. 1676–1717, 2019.

68 [74] A. A. Monrat, O. Schelén, and K. Andersson, “A survey of blockchain from the perspectives of applications, challenges, and opportunities,” IEEE Access, vol. 7, pp. 117 134–117 151, 2019. [75] T. Kumar, V. Ramani, I. Ahmad, A. Braeken, E. Harjula, and M. Ylianttila, “Blockchain utilization in healthcare: Key requirements and challenges,” in 2018 IEEE 20th International Conference on e-Health Networking, Applications and Services (Healthcom), 2018, pp. 1–7. [76] D. Di Francesco Maesa and P. Mori, “Blockchain 3.0 applications survey,” Journal of Parallel and Distributed Computing, vol. 138, pp. 99 – 114, 2020. [77] J. Xie, H. Tang, T. Huang, F. R. Yu, R. Xie, J. Liu, and Y. Liu, “A survey of blockchain technology applied to smart cities: Research issues and challenges,” IEEE Communications Surveys Tutorials, vol. 21, no. 3, pp. 2794–2830, 2019. [78] M. Wu, K. Wang, X. Cai, S. Guo, M. Guo, and C. Rong, “A comprehensive survey of blockchain: From theory to iot applications and beyond,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8114–8154, 2019. [79] H. Dai, Z. Zheng, and Y. Zhang, “Blockchain for internet of things: A survey,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8076–8094, 2019. [80] J. Chen, J. Wu, H. Liang, S. Mumtaz, J. Li, K. Konstantin, A. K. Bashir, and R. Nawaz, “Collaborative trust blockchain based unbiased control transfer mechanism for industrial automation,” IEEE Transactions on Industry Applications, vol. 56, no. 4, pp. 4478–4488, 2020. [81] Y. Zhang, X. Xu, A. Liu, Q. Lu, L. Xu, and F. Tao, “Blockchain-based trust mechanism for iot-based smart manufacturing system,” IEEE Transactions on Computational Social Systems, vol. 6, no. 6, pp. 1386–1394, 2019. [82] A. Lahbib, K. Toumi, A. Laouiti, A. Laube, and S. Martin, “Blockchain based trust management mechanism for iot,” in 2019 IEEE Wireless Communications and Networking Conference (WCNC), 2019, pp. 1–8. [83] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of trust: A decentralized blockchain-based authentication system for iot,” Computers & Security, vol. 78, pp. 126–142, 2018. [84] M. Humayun, N. Jhanjhi, B. Hamid, and G. Ahmed, “Emerging smart logistics and transportation using iot and blockchain,” IEEE Internet of Things Magazine, vol. 3, no. 2, pp. 58–62, 2020. [85] K. Košt’ál, P. Helebrandt, M. Belluš, M. Ries, and I. Kotuliak, “Management and monitoring of iot devices using blockchain,” Sensors, vol. 19, no. 4, p. 856, 2019. [86] A. Panarello, N. Tapas, G. Merlino, F. Longo, and A. Puliaﬁto, “Blockchain and iot integration: A systematic survey,” Sensors, vol. 18, no. 8, p. 2575, 2018.

69 [87] M. Ejaz, T. Kumar, M. Ylianttila, and E. Harjula, “Performance and efﬁciency optimization of multi-layer iot edge architecture,” in 2020 2nd 6G Wireless Summit (6G SUMMIT), 2020, pp. 1–5. [88] W. Yu, F. Liang, X. He, W. G. Hatcher, C. Lu, J. Lin, and X. Yang, “A survey on the edge computing for the internet of things,” IEEE Access, vol. 6, pp. 6900–6919, 2018. [89] J. Islam, E. Harjula, T. Kumar, P. Karhula, and M. Ylianttila, “Docker enabled virtualized nanoservices for local iot edge networks,” in 2019 IEEE Conference on Standards for Communications and Networking (CSCN), 2019, pp. 1–7. [90] S. Tuli, R. Mahmud, S. Tuli, and R. Buyya, “Fogbus: A blockchain-based lightweight framework for edge and fog computing,” Journal of Systems and Software, vol. 154, pp. 22–36, 2019. [91] Z. Khan, A. G. Abbasi, and Z. Pervez, “Blockchain and edge computing– based architecture for participatory smart city applications,” Concurrency and Computation: Practice and Experience, vol. 32, no. 12, p. e5566, 2020. [92] T. Kumar, E. Harjula, M. Ejaz, A. Manzoor, P. Porambage, I. Ahmad, M. Liyan- age, A. Braeken, and M. Ylianttila, “Blockedge: Blockchain-edge framework for industrial iot networks,” IEEE Access, vol. 8, pp. 154 166–154 185, 2020. [93] T. Kumar, A. Braeken, V. Ramani, I. Ahmad, E. Harjula, and M. Ylianttila, “Sec-blockedge: Security threats in blockchain-edge based industrial iot networks,” in 2019 11th International Workshop on Resilient Networks Design and Modeling (RNDM), 2019, pp. 1–7. [94] R. K. Konoth, V. van der Veen, and H. Bos, “How anywhere computing just killed your phone-based two-factor authentication,” in International Conference on Financial Cryptography and Data Security. Springer, 2016, pp. 405–421. [95] A. Ometov, S. Bezzateev, N. Mäkitalo, S. Andreev, T. Mikkonen, and Y. Kouch- eryavy, “Multi-factor authentication: A survey,” Cryptography, vol. 2, no. 1, p. 1, 2018. [96] W. Li and P. Wang, “Two-factor authentication in industrial internet-of-things: Attacks, evaluation and new construction,” Future Generation Computer Systems, vol. 101, pp. 694–708, 2019. [97] I. Ahmad, S. Shahabuddin, T. Kumar, J. Okwuibe, A. Gurtov, and M. Ylianttila, “Security for 5g and beyond,” IEEE Communications Surveys Tutorials, vol. 21, no. 4, pp. 3682–3722, 2019. [98] C.-L. Lei and Y.-H. Chuang, “Privacy protection for telecare medicine information systems with multiple servers using a biometric-based authenticated key agreement scheme,” IEEE Access, vol. 7, pp. 186 480–186 490, 2019.

70 [99] R. Madhusudhan and C. S. Nayak, “A robust authentication scheme for telecare medical information systems,” Multimedia Tools and Applications, vol. 78, no. 11, pp. 15 255–15 273, 2019. [100] J. Zhang, B. Chen, Y. Zhao, X. Cheng, and F. Hu, “Data security and privacy- preserving in edge computing paradigm: Survey and open issues,” IEEE Access, vol. 6, pp. 18 209–18 237, 2018. [101] Y. Li, Q. Cheng, X. Liu, and X. Li, “A secure anonymous identity-based scheme in new authentication architecture for mobile edge computing,” IEEE Systems Journal, pp. 1–12, 2020. [102] B. Deebak, F. Al-Turjman, and L. Mostarda, “Seamless secure anonymous authentication for cloud-based mobile edge computing,” Computers & Electrical Engineering, vol. 87, p. 106782, 2020. [103] H. Zhong, L. Pan, Q. Zhang, and J. Cui, “A new message authentication scheme for multiple devices in intelligent connected vehicles based on edge computing,” IEEE Access, vol. 7, pp. 108 211–108 222, 2019. [104] J. Zhou, Z. Cao, X. Dong, and A. V. Vasilakos, “Security and privacy for cloud- based iot: Challenges,” IEEE Communications Magazine, vol. 55, no. 1, pp. 26–33, 2017. [105] I. Ahmad, T. Kumar, M. Liyanage, J. Okwuibe, M. Ylianttila, and A. Gurtov, “5g security: Analysis of threats and solutions,” in 2017 IEEE Conference on Standards for Communications and Networking (CSCN), 2017, pp. 193–199. [106] K. Sha, T. A. Yang, W. Wei, and S. Davari, “A survey of edge computing-based designs for iot security,” Digital Communications and Networks, vol. 6, no. 2, pp. 195–202, 2020. [107] M. Liyanage, J. Salo, A. Braeken, T. Kumar, S. Seneviratne, and M. Ylianttila, “5g privacy: Scenarios and solutions,” in 2018 IEEE 5G World Forum (5GWF), 2018, pp. 197–203. [108] Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management for internet of things,” Journal of network and computer applications, vol. 42, pp. 120–134, 2014. [109] T. Kumar, M. Liyanage, I. Ahmad, A. Braeken, and M. Ylianttila, “User privacy, identity and trust in 5g,” A Comprehensive Guide to 5G Security, pp. 267–279, 2018. [110] Z. Yang, K. Yang, L. Lei, K. Zheng, and V. C. Leung, “Blockchain-based decentralized trust management in vehicular networks,” IEEE Internet of Things Journal, vol. 6, no. 2, pp. 1495–1505, 2018.

71 [111] D. He and D. Wang, “Robust biometrics-based authentication scheme for multi- server environment,” IEEE Systems Journal, vol. 9, no. 3, pp. 816–823, Sept 2015. [112] K. C. Baruah, S. Banerjee, M. P. Dutta, and C. T. Bhunia, “An improved biometric- based multi-server authentication scheme using smart card,” International Journal of Security and Its Applications, vol. 9, no. 1, pp. 397–408, 2015. [113] V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, Sept 2015. [114] H. Shen, C. Gao, D. He, and L. Wu, “New biometrics-based authentication scheme for multi-server environment in critical systems,” Journal of Ambient Intelligence and Humanized Computing, vol. 6, no. 6, pp. 825–834, 2015. [115] S. A. Chaudhry, M. T. Khan, M. K. Khan, and T. Shon, “A multiserver biometric authentication scheme for tmis using elliptic curve cryptography,” Journal of medical systems, vol. 40, no. 11, p. 230, 2016. [116] X. Li, K. Wang, J. Shen, S. Kumari, F. Wu, and Y. Hu, “An enhanced biometrics- based user authentication scheme for multi-server environments in critical systems,” Journal of Ambient Intelligence and Humanized Computing, vol. 7, no. 3, pp. 427–443, 2016. [117] S. Kumari, X. Li, F. Wu, A. K. Das, K.-K. R. Choo, and J. Shen, “Design of a provably secure biometrics-based multi-cloud-server authentication scheme,” Future Generation Computer Systems, vol. 68, pp. 320–330, 2017. [118] P. Chandrakar and H. Om, “A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ecc,” Computer Communications, 2017. [119] A. G. Reddy, E.-J. Yoon, A. K. Das, V. Odelu, and K.-Y. Yoo, “Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment,” IEEE Access, vol. 5, pp. 3622–3639, 2017. [120] A. Irshad, M. Sher, O. Nawaz, S. A. Chaudhry, I. Khan, and S. Kumari, “A secure and provable multi-server authenticated key agreement for tmis based on amin et al. scheme,” Multimedia Tools and Applications, vol. 76, no. 15, pp. 16 463–16 489, 2017. [121] L. Han, X. Tan, S. Wang, and X. Liang, “An efﬁcient and secure three-factor based authenticated key exchange scheme using elliptic curve cryptosystems,” Peer-to-Peer Networking and Applications, pp. 1–11, 2016. [122] T. Bui, “Analysis of docker security,” arXiv preprint arXiv:1501.02967, 2015.

72 [123] A. R. Manu, J. K. Patel, S. Akhtar, V. K. Agrawal, and K. N. B. S. Murthy, “Docker container security via heuristics-based multilateral security-conceptual and pragmatic study,” in 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT), 2016, pp. 1–14. [124] I. Andrea, C. Chrysostomou, and G. Hadjichristoﬁ, “Internet of things: Security vulnerabilities and challenges,” in 2015 IEEE Symposium on Computers and Communication (ISCC). IEEE, 2015, pp. 180–187. [125] K. Lounis and M. Zulkernine, “Attacks and defenses in short-range wireless technologies for iot,” IEEE Access, vol. 8, pp. 88 892–88 932, 2020. [126] S. Pallavi and V. A. Narayanan, “An overview of practical attacks on ble based iot devices and their security,” in 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS). IEEE, 2019, pp. 694–698. [127] R. Roman, J. Lopez, and M. Mambo, “Mobile edge computing, fog et al.: A survey and analysis of security threats and challenges,” Future Generation Computer Systems, vol. 78, pp. 680–698, 2018. [128] D. Puthal, S. Nepal, R. Ranjan, and J. Chen, “Threats to networking cloud and edge datacenters in the internet of things,” IEEE Cloud Computing, vol. 3, no. 3, pp. 64–71, 2016. [129] I. Ahmad, T. Kumar, M. Liyanage, J. Okwuibe, M. Ylianttila, and A. Gurtov, “Overview of 5g security challenges and solutions,” IEEE Communications Standards Magazine, vol. 2, no. 1, pp. 36–43, 2018. [130] S. Wang, L. Ouyang, Y. Yuan, X. Ni, X. Han, and F. Wang, “Blockchain-enabled smart contracts: Architecture, applications, and future trends,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 49, no. 11, pp. 2266–2277, 2019. [131] M. Conti, E. S. Kumar, C. Lal, and S. Ruj, “A survey on security and privacy issues of bitcoin,” IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 3416–3452, 2018. [132] J. Moubarak, E. Filiol, and M. Chamoun, “On blockchain security and relevant attacks,” in 2018 IEEE Middle East and North Africa Communications Conference (MENACOMM). IEEE, 2018, pp. 1–6. [133] S. Sayeed and H. Marco-Gisbert, “Assessing blockchain consensus and security mechanisms against the 51% attack,” Applied Sciences, vol. 9, no. 9, p. 1788, 2019. [134] I. Ahmad, S. Shahabuddin, T. Kumar, E. Harjula, M. Meisel, M. Juntti, T. Sauter, and M. Ylianttila, “Challenges of ai in wireless networks for iot,” arXiv preprint arXiv:2007.04705, 2020.

73 [135] P. Porambage, T. Kumar, M. Liyanage, J. Partala, L. Lovén, M. Ylianttila, and T. Seppänen, “Sec-edgeai: Ai for edge security vs security for edge ai,” The 1st 6G Wireless Summit,(Levi, Finland), 2019. [136] X. Wang, Y. Han, C. Wang, Q. Zhao, X. Chen, and M. Chen, “In-edge ai: Intelligentizing mobile edge computing, caching and communication by federated learning,” IEEE Network, vol. 33, no. 5, pp. 156–165, 2019. [137] W. Y. B. Lim, N. C. Luong, D. T. Hoang, Y. Jiao, Y.-C. Liang, Q. Yang, D. Niyato, and C. Miao, “Federated learning in mobile edge networks: A comprehensive survey,” IEEE Communications Surveys & Tutorials, 2020. [138] S. K. Singh, S. Rathore, and J. H. Park, “Blockiotintelligence: A blockchain- enabled intelligent iot architecture with artiﬁcial intelligence,” Future Generation Computer Systems, vol. 110, pp. 721–743, 2020. [139] K. Zhang, Y. Zhu, S. Maharjan, and Y. Zhang, “Edge intelligence and blockchain empowered 5g beyond for the industrial internet of things,” IEEE Network, vol. 33, no. 5, pp. 12–19, 2019. [140] T. Hardjono and N. Smith, “Decentralized trusted computing base for blockchain infrastructure security,” Frontiers in Blockchain, vol. 2, p. 24, 2019. [141] M. Ylianttila, R. Kantola, A. Gurtov, L. Mucchi, I. Oppermann, Z. Yan, T. H. Nguyen, F. Liu, T. Hewa, M. Liyanage et al., “6g white paper: Research challenges for trust, security and privacy,” arXiv preprint arXiv:2004.11665, 2020. [142] F. Alder, N. Asokan, A. Kurnikov, A. Paverd, and M. Steiner, “S-faas: Trustworthy and accountable function-as-a-service using intel sgx,” in Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, 2019, pp. 185–199. [143] P. Datta, P. Kumar, T. Morris, M. Grace, A. Rahmati, and A. Bates, “Valve: Securing function workﬂows on serverless computing platforms,” in Proceedings of The Web Conference 2020, 2020, pp. 939–950. [144] S. Ebrahimi, S. Bayat-Sarmadi, and H. Mosanaei-Boorani, “Post-quantum cryptoprocessors optimized for edge and resource-constrained devices in iot,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 5500–5507, 2019. [145] Z. Liu, K. R. Choo, and J. Grossschadl, “Securing edge devices in the post- quantum internet of things using lattice-based cryptography,” IEEE Communica- tions Magazine, vol. 56, no. 2, pp. 158–162, 2018.

74 List of original publications

I Kumar T, Braeken A, Liyanage M Ylianttila M (2017) Identity privacy preserving biometric based authentication scheme for naked healthcare environment. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–7. II Kumar T, Braeken A, Jurcut AD, Liyanage M Ylianttila M (2019) AGE: authentication in gadget-free healthcare environments. Information Technology and Management, Vol: 21, pp. 95–114. III Kumar T, Porambage P, Ahmad I, Liyanage M, Harjula E Ylianttila M (2018) Securing gadget-free digital services. IEEE Computer 51(11): 66–77. IV Ejaz M, Kumar T, Ylianttila M Harjula E (2020) Performance and efﬁciency optimization of multi-layer iot edge architecture. In: 2020 2nd 6G Wireless Summit (6G SUMMIT), pp. 1–5. V Kumar T, Harjula E, Ejaz M, Manzoor A, Porambage P, Ahmad I, Liyanage M, Braeken A Ylianttila M (2020) BlockEdge: Blockchain-edge framework for industrial iot networks. IEEE Access 8: 154166–154185. VI Kumar T, Braeken A, Ramani V, Ahmad I, Harjula E Ylianttila M (2019) SEC- BlockEdge: Security threats in blockchain-edge based industrial iot networks. In: 2019 11th International Workshop on Resilient Networks Design and Modeling (RNDM), pp. 1–7.

Reprinted with permission from IEEE (I, III, IV, V, VI), and Springer (II).

Original publications are not included in the electronic version of the dissertation.

C773etukansi.fm Page 2 Monday, November 9, 2020 3:34 PM

ACTA UNIVERSITATIS OULUENSIS SERIES C TECHNICA

757. Khan, Hamza (2020) Resource scheduling and cell association in 5G-V2X 758. Miettinen, Jyrki & Visuri, Ville-Valtteri & Fabritius, Timo (2020) Chromium-, copper-, molybdenum-, and nickel-containing thermodynamic descriptions of the Fe–Al– Cr–Cu–Mn–Mo–Ni–Si system for modeling the solidification of steels 759. Alasalmi, Tuomo (2020) Uncertainty of classification on limited data 760. Kinnunen, Hannu (2020) Studies for the development, validation, and application of wearable technology in the assessment of human health-related behavior 761. Abou Zaki, Nizar (2020) The role of agriculture expansion in water resources depletion in central Iran 762. Gyakwaa, Francis (2020) Application of Raman spectroscopy for the characterisation of synthetic non-metallic inclusions found in Al-killed calcium treated steels 763. Pandya, Abhinay (2020) Demographic inference and affect estimation of microbloggers 764. Eckhardt, Jenni (2020) Mobility as a Service for public-private partnership networks in the rural context 765. Apilo, Olli (2020) Energy efficiency analysis and improvements of MIMO cellular communications 766. Gogoi, Harshita (2020) Development of biosorbents for treatment of industrial effluents and urban runoffs 767. Saavalainen, Paula (2020) Sustainability assessment tool for the design of new chemical processes 768. Ferdinando, Hany (2020) Classification of ultra-short-term ECG samples: studies on events containing violence 769. Leinonen, Marko (2020) Over-the-air measurements, tolerances and multiradio interoperability on 5G mmW radio platform 770. Pakkala, Daniel (2020) On design and architecture of person-centric digital service provisioning: approach, fundamental concepts, principles and prototypes 771. Mustaniemi, Janne (2020) Computer vision methods for mobile imaging and 3D reconstruction 772. Khan, Uzair (2020) Challenges in using natural peatlands for treatment of mining- influenced water in a cold climate : Considerations for arsenic, antimony, nickel, nitrogen, and sulfate removal Book orders: Virtual book store http://verkkokauppa.juvenesprint.fi C773etukansi.fm Page 1 Monday, November 9, 2020 3:34 PM