P4UIoT: Pay-Per-Piece Patch Update Delivery for IoT Using Gradual Release.

P 4 UIoT-pay-per-piece patch update delivery for IoT using gradual release-introduces a distributed framework for delivering patch updates to IoT devices. The framework facilitates distribution via peer-to-peer delivery networks and incentivizes the distribution operation. The peer-to-peer delivery network reduces load by delegating the patch distribution to the nodes of the network, thereby protecting against a single point of failure and reducing costs. Distributed file-sharing solutions currently available in the literature are limited to sharing popular files among peers. In contrast, the proposed protocol incentivizes peers to distribute patch updates, which might be relevant only to IoT devices, using a blockchain-based lightning network. A manufacturer/owner named vendor of the IoT device commits a bid on the blockchain, which can be publicly verified by the members of the network. The nodes, called distributors, interested in delivering the patch update, compete among each other to exchange a piece of patch update with cryptocurrency payment. The pay-per-piece payments protocol addresses the problem of misbehavior between IoT devices and distributors as either of them may try to take advantage of the other. The pay-per-piece protocol is a form of a gradual release of a commodity like a patch update, where the commodity can be divided into small pieces and exchanged between the sender and the receiver building trust at each step as the transactions progress into rounds. The permissionless nature of the framework enables the proposal to scale as it incentivizes the participation of individual distributors. Thus, compared to the previous solutions, the proposed framework can scale better without any overhead and with reduced costs. A combination of the Bitcoin lightning network for cryptocurrency incentives with the BitTorrent delivery network is used to present a prototype of the proposed framework. Finally, a financial and scalability evaluation of the proposed framework is presented.

Anonymity Preserving and Lightweight Multimedical Server Authentication Protocol for Telecare Medical Information System.

Electronic health systems, such as telecare medical information system (TMIS), allow patients to exchange their health information with a medical center/doctor for diagnosis in real time, and across borders. Given the sensitive nature of health information/medical data, ensuring the security of such systems is crucial. In this paper, we revisit Das et al.'s authentication protocol, which is designed to ensure patient anonymity and untraceability. Then, we demonstrate that the security claims are invalid, by showing how both security features (i.e., patient anonymity and untraceability) can be compromised. We also demonstrate that the protocol suffers from smartcard launch attacks. To mitigate such design flaws, we propose a new lightweight authentication protocol using the cryptographic hash function for TMIS. We then analyze the security of the proposed protocol using AVISPA and Scyther, two widely used formal specification tools. The performance analysis demonstrates that our protocol is more efficient than other competing protocols.

Blockchain and IoT Integration: A Systematic Survey.

The Internet of Things (IoT) refers to the interconnection of smart devices to collect data and make intelligent decisions. However, a lack of intrinsic security measures makes IoT vulnerable to privacy and security threats. With its "security by design," Blockchain (BC) can help in addressing major security requirements in IoT. BC capabilities like immutability, transparency, auditability, data encryption and operational resilience can help solve most architectural shortcomings of IoT. This article presents a comprehensive survey on BC and IoT integration. The objective of this paper is to analyze the current research trends on the usage of BC-related approaches and technologies in an IoT context. This paper presents the following novelties, with respect to related work: (i) it covers different application domains, organizing the available literature according to this categorization, (ii) it introduces two usage patterns, i.e., device manipulation and data management (open marketplace solution), and (iii) it reports on the development level of some of the presented solutions. We also analyze the main challenges faced by the research community in the smooth integration of BC and IoT, and point out the main open issues and future research directions. Last but not least, we also present a survey about novel uses of BC in the machine economy.