WO2021094821A1 - System and method for securing sensor data in internet of things (iot) network - Google Patents

System and method for securing sensor data in internet of things (iot) network Download PDF

Info

Publication number
WO2021094821A1
WO2021094821A1 PCT/IB2019/060998 IB2019060998W WO2021094821A1 WO 2021094821 A1 WO2021094821 A1 WO 2021094821A1 IB 2019060998 W IB2019060998 W IB 2019060998W WO 2021094821 A1 WO2021094821 A1 WO 2021094821A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
image data
user
block
unit
Prior art date
Application number
PCT/IB2019/060998
Other languages
French (fr)
Inventor
P.M. Siva RAJA
K. Ramanan
Original Assignee
Raja P M Siva
Ramanan K
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Raja P M Siva, Ramanan K filed Critical Raja P M Siva
Publication of WO2021094821A1 publication Critical patent/WO2021094821A1/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0423Input/output
    • G05B19/0425Safety, monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/38Services specially adapted for particular environments, situations or purposes for collecting sensor information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25428Field device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the present disclosure generally relates to Internet of Things (loT) environments. More particularly, the present disclosure relates to a system for securing sensor data in an loT environment, a method for securing sensor data in an loT environment.
  • LoT Internet of Things
  • loT systems have evolved as systems of interrelated physical objects equipped with computing, sensing and networking capabilities enabling the objects to collect and exchange data without requiring human-to-human or human-to-computer interaction.
  • An loT system allows physical objects to be sensed and controlled autonomously, enabling for a more direct integration of the physical world into computer-based systems.
  • “Things” in the sense of loT may refer to a wide variety of objects, such as, e.g., persons with heart monitor implants, animals with biochip transponders, automobiles with built-in sensors, or any other natural or man-made objects that can be assigned a unique identifier, typically an IP address, and that can be provided with the ability to transfer data over a network.
  • An loT system typically comprises sensors and actuators that provide and receive data from a cloud through gateways or data aggregators.
  • the loT design combines three layers. They are layer for perception, layer for network management and application layer.
  • the observation layer additional name for perception layer is the least layer of the ordinary design of loT. This least layer's principle obligation is to gather valuable data/information from things or nature.
  • the network layer's fundamental duty is to help and secure information transmission between the third layer and recognition layer of loT engineering.
  • This layer predominantly gathers data and conveys to the observation layer toward a few applications and servers.
  • this layer is a union of web and correspondence based systems.
  • the application layer is concerned as a best layer of regular loT design. This layer gives the customized based administrations as specified by client significant necessities.
  • This present layer's fundamental obligation is to interface the real hole between the clients and applications.
  • This loT layer joins the business to achieve the ideal state smart applications with arrangements such as the calamity checking, well-being observing, transposition, fortune, medicinal and natural condition, and took care of worldwide administration pertinent to all important applications so image played a vital role in loT applications.
  • the processing of the image is performed on a plaintext of the gathered data, thereby opening security holes enabling hackers that gain access to the relevant computing systems to manipulate the control of the objects, to get knowledge of the reported data (confidentiality) and/or to silently compromise a precious database by injecting corrupted data (integrity) in the loT environment.
  • the principal object of the embodiments herein is to overcome the drawbacks in the prior art and provide a system and method for securing sensor data in an Internet of things (loT) network and/or loT environment.
  • LoT Internet of things
  • Another object of the embodiments herein is to secure the input image by utilizing the dual offbeat shielding that includes a crypto based steganography.
  • the embodiments herein provide a system for securing sensor data in an Internet of things ( I oT) network and/or loT environment.
  • the system includes a data collection unit configured to obtain the sensor data collected by one or more data sources associated with one or more loT devices connected to the loT network.
  • the system includes an image processing unit configured to convert the obtained sensor data into image data, and analyze the image data to extract data relevant to a user of the one or more loT devices.
  • the image processing unit is configured to classify the image data using a classification unit.
  • the classification unit is configured to identify the data relevant to the user from the image data using a Deep Belief Network (DPN) adapted with a data wrapper mechanism, where the DPN adapted with the data wrapper mechanism utilizes a historical data associated with the user and determine that the data relevant to the user meets data relevancy threshold criteria.
  • the system includes an encryption unit configured to encrypt the image data, in response to the classification of the image data, using a cryptography based encryption.
  • the system includes a steganography unit configured to generate one or more stego images comprising the encrypted image data hidden into a cover image using a steganography mechanism.
  • the system includes an embedding unit configured to generate an embedded image data comprising the encrypted image data and the one or more stego images.
  • the system includes a transmission unit configured to transmit the embedded image data to a cloud storage.
  • the system includes an authentication unit configured to authenticate the embedded image data stored in the cloud storage.
  • the embodiments herein provide a method for securing sensor data in an Internet of things (loT) network and/or loT environment.
  • the method includes obtaining the sensor data collected by one or more data sources associated with one or more loT devices connected to the loT network. Further, the method includes converting the obtained sensor data into image data, and analyze the image data to extract data relevant to a user of the one or more loT devices.
  • LoT Internet of things
  • the image data is analyzed by classifying the image data, where classifying the image data includes identifying the data relevant to the user from the image data using a Deep Belief Network (DPN) adapted with a data wrapper mechanism, where the DPN adapted with the data wrapper mechanism utilizes a historical data associated with the user, and determine that the data relevant to the user meets data relevancy threshold criteria.
  • the method includes encrypting the image data, in response to the classifying the image data, using a cryptography based encryption. Additionally, the method includes generating one or more stego images including the encrypted image data hidden into a cover image using a steganography mechanism. Additionally, the method includes generating an embedded image data including the encrypted image data and the one or more stego images. Additionally, the method includes transmitting the embedded image data to a cloud storage. Additionally, the method includes authenticating the embedded image data stored in the cloud storage.
  • DPN Deep Belief Network
  • FIG. 1 is an illustrative system for processing sensor data produced and one or more IOT devices operating in an I nternet-of-Things (IOT) sensing environment;
  • IOT I nternet-of-Things
  • FIG. 2 is a simplified block diagram of at least one embodiment of an environment that may be established by an IOT compute device of the system of FIG. 1 ;
  • FIG. 3 illustrates a process flow diagram for the crypto based steganography mechanism, according to an embodiment as disclosed herein;
  • FIG. 4 illustrates a process flow diagram for generating the stego image using the steganography mechanism as detailed herein, according to the embodiment as disclosed herein;
  • FIG. 5 is a flow diagram illustrating a method for providing the security for securing sensor data in an Internet of things (loT) environment, according to an embodiment as disclosed herein.
  • LoT Internet of things
  • an illustrative system 100 for anonymizing sensor data produced and one or more IOT devices 104 operating in an I nternet-of-Things (IOT) sensing environment 106 the IOT devices 104 are configured to collect sensor data that may include user's personal identifiable characteristics (e.g., user's voice, image, expression, or the like) and transmit the sensor data to an IOT computing device 102 through an IOT network 110.
  • the IOT computing device 102 is configured to monitor and control communication between one or more IOT devices 104 and one or more remote servers 108.
  • the IOT computing device 102 is configured to process the sensor data, provide encryption to the sensor data and transmit the sensor data to the remote servers 108 in order to avail the corresponding services associated with the sensor data.
  • the analyzed sensor data is transmitted to a corresponding remote service, which is performed by one or more of the remote servers 108, to be further analyzed and stored for the remote service to provide corresponding services to IOT sensor/IOT device(s) 104.
  • the IOT computing device 102 may be embodied as any type of gateway, router, switch, or other compute device capable performing the functions described herein.
  • the IOT compute device 102 may be embodied as a router or other type of networked peripheral device that has its own IP address that is recognizable by devices on both the IOT network 110 and the network 112.
  • the illustrative IOT computing device 102 includes a data processing unit 120, an input/output (“I/O”) subsystem 126, a data storage 128, and a communication subsystem 130.
  • the IOT computing device 102 may further include one or more local sensors 132, and/or one or more peripheral devices 134.
  • the IOT computing device 102 may include other or additional components, such as those commonly found in a typical computing device (e.g., various input/output devices and/or other components), in other embodiments. Additionally, in some embodiments, one or more of the illustrative components may be incorporated in, or otherwise form a portion of, another component. For example, the memory 124, or portions thereof, may be incorporated in the processor 122 in some embodiments.
  • the data processing unit 120 may be embodied as any type of device or collection of devices capable of performing various compute functions as described below.
  • the data processing unit 120 may be embodied as a single device such as an integrated circuit, an embedded system, a field-programmable-array (FPGA, a system-on-a-chip (SOC), or other integrated system or device.
  • the data processing unit 120 includes or is embodied as the processor 122 and memory 124.
  • the processor 122 may be embodied as any type of processor capable of performing the functions described herein.
  • the processor 122 may be embodied as a single or multi-core processor(s) , digital signal processor, microcontroller, or other processor or processing/controlling circuit.
  • the memory 124 may be embodied as any type of volatile or non-volatile memory or data storage capable of performing the functions described herein.
  • the memory 124 may store various data and software used during operation of the IOT compute device 102 such as operating systems, applications, programs, libraries, and drivers.
  • the memory 124 is communicatively coupled to the processor 122 via the I/O subsystem 126, which may be embodied as circuitry and/or components to facilitate input/output operations with the processor 122, the memory 124, and other components of the IOT compute device 102.
  • the I/O subsystem 126 may be embodied as, or otherwise include, memory controller hubs, input/output control hubs, firmware devices, communication links (i.e., point-to-point links, bus links, wires, cables, light guides, printed circuit board traces, etc.) and/or other components and subsystems to facilitate the input/output operations.
  • the I/O subsystem 126 may be incorporated, along with the processor 122, the memory 124, and other components of the IOT compute device 102, into the data processing unit 120.
  • the data storage 128 may be embodied as any type of device or devices configured for short-term or long-term storage of data such as, for example, memory devices and circuits, memory cards, hard disk drives, solid-state drives, or other data storage devices.
  • the IOT computing device 102 may store sensor data received from IOT devices 104 of the IOT sensing environment 106, security settings associated with IOT sensor devices 104 or sensor data and historical data contextually associated the user of the one or more IOT devices 104.
  • the communication subsystem 130 may be embodied as any type of communication circuit, device, or collection thereof, capable of enabling communications between the IOT computing device 102and other devices of the system 100 (e.g., the IOT sensor devices 104 via the IOT network 110 or the remote servers 108 via the network 112). To do so, the communication subsystem 130 may be configured to use any one or more communication technologies (e.g., wireless or wired communications) and associated protocols (e.g., Ethernet, Bluetooth® , Wi-Fi® , WiMAX, cellular such as 2G, 3G, 4G, LTE, 5G, etc.) to effect such communication.
  • communication technologies e.g., wireless or wired communications
  • associated protocols e.g., Ethernet, Bluetooth® , Wi-Fi® , WiMAX, cellular such as 2G, 3G, 4G, LTE, 5G, etc.
  • the local sensors 132 may be similar to the IOT sensor devices 104 and may be embodied as any type of sensor capable of capturing sensor data that may include personal identifiable characteristics of the user, such as the user's voice, user's image, image of the surrounding of the user, background audio, user's activity history, user's preferences, and so forth.
  • the local sensors 132 may be embodied as any type of audio capture device capable of capturing audio local to the IOT compute device 102.
  • the audio sensor may include, or otherwise embodied as, a microphone that captures a user's voice.
  • the local sensors 132 may be embodied as any type of image capture device capable of capturing images local to the IOT compute device 102.
  • the image sensor may include, or otherwise embodied as, a camera or a video camera that captures a user's image or gesture. It should be appreciated that the collected sensor data may be stored in the data storage 128 of the IOT compute device 102.
  • the peripheral devices 132 may include any number of additional peripheral or interface devices, such as other input/output devices, storage devices, and so forth.
  • the particular devices included in the peripheral devices 132 may depend on, for example, the type and/or configuration of the IOT compute device 102, the IOT sensor devices 104, and/or the remote service.
  • Each IOT sensor device 104 may be embodied as any device capable of capturing sensor data that may include personal identifiable characteristics of a user. As discussed above, such sensor data may include data that can directly identify the user such as the user's voice, image, location, address, and/or the like and/or other data that may be used to identify characteristics of the user such as an image of the user's surrounding, background audio, user's activity history, user's preferences, and/or the like. Each IOT sensor device 104 may be embodied as an individual sensor or sensor device capable of capturing such sensor data. For example, one or more IOT sensor devices 104 may be embodied as a microphone, camera, or other sensor.
  • each IOT sensor device may be embodied as a “smart” device that includes a sensor capable of capturing such sensor data.
  • one or more IOT sensor devices 104 may be embodied as a smart consumer electronic device, a smart home appliance, a security camera device, a smart audio device, a smart home automation device, a smartphone, a tablet computer, a laptop computer, a notebook, desktop computer, and/or other smart compute device.
  • the IOT sensor device 104 is configured to collect sensor data based on the sensor(s) included in the IOT sensor device 104.
  • the IOT sensor device 104 may include an audio sensor that may be embodied as any type of audio capture device capable of capturing audio local to the IOT sensor device 104.
  • the audio sensor may include, or otherwise embodied as, a microphone that captures a user's voice.
  • the IOT sensor device 104 may include an image sensor that may be embodied as any type of image capture device capable of capturing image local to the IOT sensor device 104.
  • the image sensor may include, or otherwise embodied as, a camera or a video camera that captures a user's image or gesture.
  • Each IOT sensor device 104 is configured to transmit the collected sensor data to the IOT computing device 102 via the IOT network 110.
  • the IOT network 110 may be embodied as any type of local network capable of facilitating communications between the IOT sensor device 104 and the IOT compute device 102.
  • the IOT network 110 may be embodied as, or otherwise include, a wireless or wired local area network (LAN), a wireless or wired wide area network (WAN), a personal network, a Bluethooth® network, or other local network.
  • LAN local area network
  • WAN wide area network
  • the IOT computing device 102 is configured to transmit the sensor data and/or the analyzed sensor data to a remote service (e.g., a cloud service) provided by one or more of the remote servers 108.
  • a remote service e.g., a cloud service
  • the IOT compute device 102 may communicate with the one or more remote servers 108 via the network 112 to transmit the sensor data produced by the IOT sensor device 104 or the analyzed sensor data (i.e., image data) converted from the sensor data by the IOT compute device 102 as discussed in more detailed below.
  • the remote server 108 may analyze and store the received sensor data and provide various services based on such analysis, such as voice-activated services, gesture-based services, and/or any other service based on the sensor/synthetic data provided by the IOT compute device 102.
  • the remote server 108 may be embodied as any type of computation or computer device capable of performing the functions described herein including, without limitation, a computer, a multiprocessor system, a rack-mounted server, a blade server, a laptop computer, a notebook computer, a tablet computer, a wearable computing device, a network appliance, a web appliance, a distributed computing system, a processor-based system, and/or a consumer electronic device. It should be appreciated that the remote server 108 may be embodied as a single compute device or a collection of distributed compute devices and may include components, such as a processor and memory, similar to the IOT compute device 102, the description of which is not repeated herein for clarity of the description.
  • the remote server 108 can be a cloud storage to store the sensor data and further to identify the services to be provided to the user in relation to the sensor data.
  • the remote server 108 can be interchangeably used as the cloud storage 108.
  • the network 112 may be embodied as any type of network capable of facilitating communications between the IOT computing device 102and the remote servers 108.
  • the network 112 may be embodied as, or otherwise include, a wired or wireless local area network (LAN), a wired or wireless wide area network (WAN), a cellular network, and/or a publicly-accessible, global network such as the Internet.
  • the network 112 may include any number of additional devices, such as additional computers, routers, and switches, to facilitate communications thereacross.
  • the IOT compute device 102 may establish an environment 200 for securing the sensor data received from the IOT sensor devices 104 of the IOT sensing environment 106.
  • the illustrative environment 200 includes a user interface manager 202, a data collection unit 204, an image processing unit 206, a classification unit 208, an encryption unit 210, a steganography unit 212, an embedding unit 214, a transmission unit 216, and an authentication unit 218.
  • the user interface manager 202 is configured to provide a user interface (e.g., graphical user interface) that allows the user to set or adjust one or more security settings (i.e., a level of security) associated with the sensor data or particular IOT sensor devices 104.
  • a user interface e.g., graphical user interface
  • the user may individually choose one or more security settings associated with each IOT sensor device 104.
  • the user may choose one or more security settings associated with a group of related IOT sensor devices 104. For example, the user may choose the security settings to be applied to all IOT sensor devices 104 associated with a user's home security system. Alternatively, the user may choose the security settings to be applied to all IOT sensor devices 104 of a particular type.
  • the user may set the security settings that are to be applied to all audio IOT sensor devices 104.
  • the user may choose the security settings to be applied to a type of sensor data (e.g., audio or image data) produced by various IOT sensor devices 104.
  • the user may choose the security settings to be applied to the IOT sensor devices 104 based on the type of service sought from the remote server 108 (e.g., security settings to be applied to all sensor data transmitted to that particular service). It should be appreciated that the IOT computing device 102 further determines whether the desired security settings are valid, which is discussed in more detail below.
  • the user interface manager 202 may include an application programming interface (API) 220 in some embodiments.
  • the API 220 allows interfacing with one or more IOT sensor devices 104 of the IOT sensing environment 106.
  • an IOT sensor device 104 may provide the possible security settings associated with the IOT sensor device 104 or the sensor data produced by the I OT sensor device 104 that may be set or adjusted by the user.
  • the data collection unit 204 can be configured to obtain the sensor data collected by one or m ore data sources associated with one or more I OT sensor devices 104 connected to the I OT network 1 10.
  • the image processing unit 206 can be configured to configured to convert the obtained sensor data into the im age data. I n an embodiment, any existing technique of feature technique can be used to convert the sensor data into the image data. Further, the im age processing unit 206 comprises a classification unit 208 to analyze the im age data to extract data relevant to the user of the one or m ore I OT sensor devices 104.
  • the I OT computing device 102 involves a two tier processes that includes the im age processing unit 206 for preprocessing the sensed data to extract data relevant to the user from the image data using the DPN adapted with the data wrapper mechanism , where the DPN adapted with the data wrapper m echanism utilizes the historical data associated with the user. Further, the I OT com puting device 102perform s the crypto based steganography to achieve dual offbeat shielding using the encryption unit 210 and the steganography unit 21 2.
  • the im age processing unit 206 (in the preprocessing process) is configured to rem ove the unwanted data from both linear and nonlinear data.
  • the im age processing unit 206 utilizes a m achine learning techniques based on m em ory retaining to preprocess and/or analyze the data which is gathered from the I OT sensor devices 104.
  • the I OT com puting device 102 includes two section first one is training section and another one is testing phase (discussed below in association with the authentication unit 218) .
  • the classification unit 208 is configured to classify the im age data.
  • I n an em bodim ent, a short-term memory (e.g. , associated with the data storage 1 28) is adapted to enhance the preprocessing with the historical inform ation associated with the user.
  • the classification unit 208 com m unicates with the data storage 128 to utilize the historical information of the user.
  • the classification unit 208 utilizes a deep belief network adapted with wrapper-based feature selection based on genetic m echanism .
  • the classification unit 208 can be configured to determ ine that the data relevant to the user m eets data relevancy threshold criteria.
  • the data relevancy threshold indicates that the data is relevant to the user and avoid any false identification of the relevant data.
  • the encryption unit 210 can be configured to encrypt to encrypt the image data, in response to the classification of the image data, using a cryptography-based encryption.
  • the cryptography-based encryption is a technique for converting data into some unintelligible form that can be decoded only by the intended recipients. I n cryptography-based encryption, a sender encrypts a m essage using some instructions, with the help of a key, which is shared with a receiver prior to the com m unication of the encrypted m essage to the receiver. The receiver can then decode the message using the sam e algorithm and the key.
  • the encryption unit 210 im age data that includes the best features (the data relevant to the user) m ay be utilized in for providing the data security in I OT environment system 100.
  • the encryption unit 210 may use a chaotic Advanced Encryption Standard (AES) on the data relevant to the user extracted by the classification unit 208 with reduced num ber of iterations.
  • AES chaotic Advanced Encryption Standard
  • the steganography unit 212 configured to generate one or more stego im ages com prising the encrypted image data hidden into a cover image using a steganography mechanism .
  • steganography is a m ethod of hiding data in a carrier object in such a way that the existence of the data being sent is concealed.
  • the carrier object can be any suitable carrier object, such as a text file, an im age, a video file or an audio file.
  • I n image steganography the carrier object typically is a digital im age. This type of carrier object typically is called a cover image.
  • Data typically is em bedded in binary form either in the spatial dom ain or in the frequency domain of the cover im age to produce a steganographic (or stego) image.
  • a receiver can extract the em bedded data using a predefined extraction algorithm .
  • a key used by the sender to em bed the data can be shared with the receiver prior to the stego im age transm ission to the receiver, and used by the receiver to extract the em bedded data.
  • the steganography unit 212 utilizes a Dual image based least significant bit substitution-pixel value differencing (LSBPVD) using modulus function for perform ing the steganography process with dual stego image. Accordingly, the em bedding capacity and visual quality can be improved. Thus, an extensive security analysis is provided, which dem onstrates the satisfactory security level (m eet the desired security level as set by the user) with reduced complexity.
  • LSBPVD Dual image based least significant bit substitution-pixel value differencing
  • the em bedding unit 214 is configured to generate an embedded image data comprising the encrypted image data and the one or more stego im ages.
  • the transm ission unit 216 configured to transm it the embedded im age data to the cloud storage 1 08.
  • the authentication unit 218 is configured to authenticate the embedded im age data stored in the cloud storage 108.
  • the authentication unit 218 is configured to perform a match between the one or more stego im ages and the data relevant to the user identified using the DPN adapted with the data wrapper m echanism . Further, the authentication unit 218 is configured to determ ine whether the m atch between the one or m ore stego images and the data relevant to the user m eets an authentication threshold. Furtherm ore, the authentication unit 218 is configured to provide a first indication indicating that the embedded im age data stored in the cloud storage is authenticated in response to determine that the match between the one or more stego images and the data relevant to the user meets the authentication threshold.
  • the authentication unit 218 is configured to provide a second indication indicating that the embedded image data stored in the cloud storage 108 is not authenticated in response to determine that the match between the one or more stego images and the data relevant to the user fails meets the authentication threshold.
  • the first indication and second indication may include any form of notification messages, light indicators and sound indicators which differentiate between the first indication and second indication, or the like.
  • the authentication unit 218 utilizes an Artificial Neural Network (ANN) and Anarchic Fuzzy optimization mechanism.
  • ANN Artificial Neural Network
  • the optimized ANN can be utilized as analytics to authenticate whether the stego image is valid or not.
  • the stego images produced, by the steganography unit 212, with cover image is tested by ANN.
  • the features of stego image is matched with the features (relevant data) extracted from the deep learning process to check whether there is any attack or not.
  • an Anarchic Fuzzy optimization mechanism which comprises of fuzzy c-mean and improved Glow Worm search optimization may be utilized.
  • the aforementioned learning phase and testing phase results in a less encryption time (124 sec) and due to adaptation of chen chaotic mechanism the iterations involved in conventional AES system are reduced. Further, the proposed system has taken less memory of (18.358KB) in which encryption mechanism is executed. It accomplished high peak signal to noise ratio of 98.45 and less mean square error value of 0.27 as the proposed system implants data by altering the variance value between two contiguous pixels which increases hiding capacity with less distortion. Besides it achieved the average accuracy of 97% with embedding rate of 50%. Thus, the proposed system provides a better performance in enhancing protected cloud storage on the IOT environment when compared to existing systems.
  • FIG. 3 illustrates a process flow diagram for the crypto based steganography mechanism, according to the embodiment as disclosed herein.
  • the input image is transmitted to perform the data encryption.
  • the chen chaotic mechanism in combination with AES system is utilized to encrypt the image data.
  • the image data is encrypted.
  • the encrypted image is embedded with cover image to perform the steganography mechanism.
  • the stego image is generated using the steganography mechanism as detailed above.
  • FIG. 4 illustrates a process flow diagram for generating the stego image using the steganography mechanism as detailed herein, according to the embodiment as disclosed herein.
  • a cover image is applied to the encrypted image data for performing the steganography.
  • the cover image is divided into one or more blocks, where each block is indicative of a pixel group.
  • a plurality of difference values for each block is computed, where each difference value is for one of the pixel groups.
  • block difference value for each block and, at step 410, number of embedding bits from the block difference value for each block is computed, where the block difference value is an average of the plurality of difference values.
  • a secret key within the block is embedded by modifying a pixel value of pixels using the block difference value of the block.
  • the more stego image comprising the embedded secret key is generated.
  • FIG. 5 is a flow diagram illustrating a method 500 for providing the security for securing sensor data in an Internet of things (IOT) environment, according to an embodiment as disclosed herein.
  • the method includes obtaining the sensor data collected by one or more data sources associated with one or more loT devices 104 connected to the IOT network 110.
  • the method includes converting the obtained sensor data into the image data, and analyzing the image data to extract data relevant to the user of the one or more IOT sensor devices 104, where analyzing the image data comprises classifying the image data.
  • the method includes encrypting the image data in response to the classification of the image data using a cryptography based encryption.
  • the method includes generating the one or more stego images comprising the encrypted image data hidden into the cover image using the steganography mechanism.
  • the method includes generating the embedded image data comprising the encrypted image data and the one or more stego images.
  • the method includes transmitting the embedded image data to the cloud storage 108.
  • the method includes authenticating the embedded image data stored in the cloud storage 108.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Medical Informatics (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Image Processing (AREA)

Abstract

System and method for securing sensor data in Internet of things (IoT) network System and method for securing sensor data in an Internet of things (IoT) network and/or IoT environment. The method includes obtaining a sensor data collected by one or more data sources associated with one or more IoT devices connected to the IoT network (502). Further, the method includes converting the obtained sensor data into image data, and analyze the image data to extract data relevant to a user of the one or more IoT devices (504). The image data is analyzed by classifying the image data (504). Furthermore, the method includes encrypting the image data, in response to the classifying the image data, using a cryptography-based encryption (506). Additionally, the method includes generating one or more stego images including the encrypted image data hidden into a cover image (508) and generating an embedded image data including the encrypted image data (510) and transmitting the embedded image data to a cloud storage (512).

Description

Figure imgf000003_0001
The present disclosure generally relates to Internet of Things (loT) environments. More particularly, the present disclosure relates to a system for securing sensor data in an loT environment, a method for securing sensor data in an loT environment.
Figure imgf000003_0002
Over the recent years, loT systems have evolved as systems of interrelated physical objects equipped with computing, sensing and networking capabilities enabling the objects to collect and exchange data without requiring human-to-human or human-to-computer interaction. An loT system allows physical objects to be sensed and controlled autonomously, enabling for a more direct integration of the physical world into computer-based systems. “Things” in the sense of loT may refer to a wide variety of objects, such as, e.g., persons with heart monitor implants, animals with biochip transponders, automobiles with built-in sensors, or any other natural or man-made objects that can be assigned a unique identifier, typically an IP address, and that can be provided with the ability to transfer data over a network.
An loT system typically comprises sensors and actuators that provide and receive data from a cloud through gateways or data aggregators. The loT design combines three layers. They are layer for perception, layer for network management and application layer. The observation layer additional name for perception layer is the least layer of the ordinary design of loT. This least layer's principle obligation is to gather valuable data/information from things or nature.
The network layer's fundamental duty is to help and secure information transmission between the third layer and recognition layer of loT engineering. This layer predominantly gathers data and conveys to the observation layer toward a few applications and servers. Essentially, this layer is a union of web and correspondence based systems. The application layer is concerned as a best layer of regular loT design. This layer gives the customized based administrations as specified by client significant necessities.
This present layer's fundamental obligation is to interface the real hole between the clients and applications. This loT layer joins the business to achieve the ideal state smart applications with arrangements such as the calamity checking, well-being observing, transposition, fortune, medicinal and natural condition, and took care of worldwide administration pertinent to all important applications so image played a vital role in loT applications.
However, the processing of the image is performed on a plaintext of the gathered data, thereby opening security holes enabling hackers that gain access to the relevant computing systems to manipulate the control of the objects, to get knowledge of the reported data (confidentiality) and/or to silently compromise a precious database by injecting corrupted data (integrity) in the loT environment.
The above information is presented as background information only to help the reader to understand the present invention. Applicants have made no determination and make no assertion as to whether any of the above might be applicable as Prior Art with regard to the present application.
Figure imgf000004_0001
The principal object of the embodiments herein is to overcome the drawbacks in the prior art and provide a system and method for securing sensor data in an Internet of things (loT) network and/or loT environment.
Another object of the embodiments herein is to provide a two levels learning in assist with dual offbeat shielding design for securing the sensor data in the loT network. Another object of the embodiments herein is to extract optimal features of an input image by utilizing historical information of a user of an loT device(s).
Another object of the embodiments herein is to secure the input image by utilizing the dual offbeat shielding that includes a crypto based steganography.
SUMMARY
Accordingly, the embodiments herein provide a system for securing sensor data in an Internet of things ( I oT) network and/or loT environment. The system includes a data collection unit configured to obtain the sensor data collected by one or more data sources associated with one or more loT devices connected to the loT network. Further, the system includes an image processing unit configured to convert the obtained sensor data into image data, and analyze the image data to extract data relevant to a user of the one or more loT devices. To analyze the image data the image processing unit is configured to classify the image data using a classification unit. The classification unit is configured to identify the data relevant to the user from the image data using a Deep Belief Network (DPN) adapted with a data wrapper mechanism, where the DPN adapted with the data wrapper mechanism utilizes a historical data associated with the user and determine that the data relevant to the user meets data relevancy threshold criteria. Furthermore, the system includes an encryption unit configured to encrypt the image data, in response to the classification of the image data, using a cryptography based encryption. Additionally, the system includes a steganography unit configured to generate one or more stego images comprising the encrypted image data hidden into a cover image using a steganography mechanism. Additionally, the system includes an embedding unit configured to generate an embedded image data comprising the encrypted image data and the one or more stego images. Additionally, the system includes a transmission unit configured to transmit the embedded image data to a cloud storage. Additionally, the system includes an authentication unit configured to authenticate the embedded image data stored in the cloud storage.
Accordingly, the embodiments herein provide a method for securing sensor data in an Internet of things (loT) network and/or loT environment. The method includes obtaining the sensor data collected by one or more data sources associated with one or more loT devices connected to the loT network. Further, the method includes converting the obtained sensor data into image data, and analyze the image data to extract data relevant to a user of the one or more loT devices. The image data is analyzed by classifying the image data, where classifying the image data includes identifying the data relevant to the user from the image data using a Deep Belief Network (DPN) adapted with a data wrapper mechanism, where the DPN adapted with the data wrapper mechanism utilizes a historical data associated with the user, and determine that the data relevant to the user meets data relevancy threshold criteria. Furthermore, the method includes encrypting the image data, in response to the classifying the image data, using a cryptography based encryption. Additionally, the method includes generating one or more stego images including the encrypted image data hidden into a cover image using a steganography mechanism. Additionally, the method includes generating an embedded image data including the encrypted image data and the one or more stego images. Additionally, the method includes transmitting the embedded image data to a cloud storage. Additionally, the method includes authenticating the embedded image data stored in the cloud storage.
These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
BRI EF DESCRI PTI ON OF FI GURES
This invention is illustrated in the accompanying drawings, throughout which like reference letters indicate corresponding parts in the various figures. The embodiments herein will be better understood from the following description with reference to the drawings, in which:
FIG. 1 is an illustrative system for processing sensor data produced and one or more IOT devices operating in an I nternet-of-Things (IOT) sensing environment;
FIG. 2 is a simplified block diagram of at least one embodiment of an environment that may be established by an IOT compute device of the system of FIG. 1 ;
FIG. 3 illustrates a process flow diagram for the crypto based steganography mechanism, according to an embodiment as disclosed herein;
FIG. 4 illustrates a process flow diagram for generating the stego image using the steganography mechanism as detailed herein, according to the embodiment as disclosed herein; and
FIG. 5 is a flow diagram illustrating a method for providing the security for securing sensor data in an Internet of things (loT) environment, according to an embodiment as disclosed herein.
Figure imgf000007_0001
The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well- known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. Also, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments can be combined with one or more other embodiments to form new embodiments. The term “or” as used herein, refers to a non-exclusive or, unless otherwise indicated. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein can be practiced and to further enable those skilled in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
Referring now to FIG. 1, an illustrative system 100 for anonymizing sensor data produced and one or more IOT devices 104 operating in an I nternet-of-Things (IOT) sensing environment 106. In use, the IOT devices 104 are configured to collect sensor data that may include user's personal identifiable characteristics (e.g., user's voice, image, expression, or the like) and transmit the sensor data to an IOT computing device 102 through an IOT network 110. As discussed in more detail below, the IOT computing device 102 is configured to monitor and control communication between one or more IOT devices 104 and one or more remote servers 108. In the illustrative embodiments, the IOT computing device 102 is configured to process the sensor data, provide encryption to the sensor data and transmit the sensor data to the remote servers 108 in order to avail the corresponding services associated with the sensor data.
That is, since the sensor data includes both linear data and nonlinear data, it is very crucial to analyze the sensor data to remove the unwanted data and further to extract optimal features from the received sensor data. The analyzed sensor data is transmitted to a corresponding remote service, which is performed by one or more of the remote servers 108, to be further analyzed and stored for the remote service to provide corresponding services to IOT sensor/IOT device(s) 104.
The IOT computing device 102 (e.g., IOT gateway compute device) may be embodied as any type of gateway, router, switch, or other compute device capable performing the functions described herein. For example, the IOT compute device 102 may be embodied as a router or other type of networked peripheral device that has its own IP address that is recognizable by devices on both the IOT network 110 and the network 112. As shown in FIG. 1, the illustrative IOT computing device 102includes a data processing unit 120, an input/output (“I/O”) subsystem 126, a data storage 128, and a communication subsystem 130. In some embodiments, the IOT computing device 102 may further include one or more local sensors 132, and/or one or more peripheral devices 134. It should be appreciated that the IOT computing device 102may include other or additional components, such as those commonly found in a typical computing device (e.g., various input/output devices and/or other components), in other embodiments. Additionally, in some embodiments, one or more of the illustrative components may be incorporated in, or otherwise form a portion of, another component. For example, the memory 124, or portions thereof, may be incorporated in the processor 122 in some embodiments.
The data processing unit 120 may be embodied as any type of device or collection of devices capable of performing various compute functions as described below. In some embodiments, the data processing unit 120 may be embodied as a single device such as an integrated circuit, an embedded system, a field-programmable-array (FPGA, a system-on-a-chip (SOC), or other integrated system or device. In some embodiments, the data processing unit 120 includes or is embodied as the processor 122 and memory 124. The processor 122 may be embodied as any type of processor capable of performing the functions described herein. For example, the processor 122 may be embodied as a single or multi-core processor(s) , digital signal processor, microcontroller, or other processor or processing/controlling circuit. Similarly, the memory 124 may be embodied as any type of volatile or non-volatile memory or data storage capable of performing the functions described herein. In operation, the memory 124 may store various data and software used during operation of the IOT compute device 102 such as operating systems, applications, programs, libraries, and drivers. The memory 124 is communicatively coupled to the processor 122 via the I/O subsystem 126, which may be embodied as circuitry and/or components to facilitate input/output operations with the processor 122, the memory 124, and other components of the IOT compute device 102. For example, the I/O subsystem 126 may be embodied as, or otherwise include, memory controller hubs, input/output control hubs, firmware devices, communication links (i.e., point-to-point links, bus links, wires, cables, light guides, printed circuit board traces, etc.) and/or other components and subsystems to facilitate the input/output operations. In some embodiments, the I/O subsystem 126 may be incorporated, along with the processor 122, the memory 124, and other components of the IOT compute device 102, into the data processing unit 120.
The data storage 128 may be embodied as any type of device or devices configured for short-term or long-term storage of data such as, for example, memory devices and circuits, memory cards, hard disk drives, solid-state drives, or other data storage devices. As discussed in detail below, the IOT computing device 102may store sensor data received from IOT devices 104 of the IOT sensing environment 106, security settings associated with IOT sensor devices 104 or sensor data and historical data contextually associated the user of the one or more IOT devices 104.
The communication subsystem 130 may be embodied as any type of communication circuit, device, or collection thereof, capable of enabling communications between the IOT computing device 102and other devices of the system 100 (e.g., the IOT sensor devices 104 via the IOT network 110 or the remote servers 108 via the network 112). To do so, the communication subsystem 130 may be configured to use any one or more communication technologies (e.g., wireless or wired communications) and associated protocols (e.g., Ethernet, Bluetooth® , Wi-Fi® , WiMAX, cellular such as 2G, 3G, 4G, LTE, 5G, etc.) to effect such communication.
The local sensors 132 may be similar to the IOT sensor devices 104 and may be embodied as any type of sensor capable of capturing sensor data that may include personal identifiable characteristics of the user, such as the user's voice, user's image, image of the surrounding of the user, background audio, user's activity history, user's preferences, and so forth. For example, the local sensors 132 may be embodied as any type of audio capture device capable of capturing audio local to the IOT compute device 102. In such example, the audio sensor may include, or otherwise embodied as, a microphone that captures a user's voice. In another example, the local sensors 132 may be embodied as any type of image capture device capable of capturing images local to the IOT compute device 102. In such example, the image sensor may include, or otherwise embodied as, a camera or a video camera that captures a user's image or gesture. It should be appreciated that the collected sensor data may be stored in the data storage 128 of the IOT compute device 102.
The peripheral devices 132 may include any number of additional peripheral or interface devices, such as other input/output devices, storage devices, and so forth. The particular devices included in the peripheral devices 132 may depend on, for example, the type and/or configuration of the IOT compute device 102, the IOT sensor devices 104, and/or the remote service.
Each IOT sensor device 104 may be embodied as any device capable of capturing sensor data that may include personal identifiable characteristics of a user. As discussed above, such sensor data may include data that can directly identify the user such as the user's voice, image, location, address, and/or the like and/or other data that may be used to identify characteristics of the user such as an image of the user's surrounding, background audio, user's activity history, user's preferences, and/or the like. Each IOT sensor device 104 may be embodied as an individual sensor or sensor device capable of capturing such sensor data. For example, one or more IOT sensor devices 104 may be embodied as a microphone, camera, or other sensor. Alternatively, each IOT sensor device may be embodied as a “smart” device that includes a sensor capable of capturing such sensor data. For example, one or more IOT sensor devices 104 may be embodied as a smart consumer electronic device, a smart home appliance, a security camera device, a smart audio device, a smart home automation device, a smartphone, a tablet computer, a laptop computer, a notebook, desktop computer, and/or other smart compute device. In such embodiments, the IOT sensor device 104 is configured to collect sensor data based on the sensor(s) included in the IOT sensor device 104. For example, the IOT sensor device 104 may include an audio sensor that may be embodied as any type of audio capture device capable of capturing audio local to the IOT sensor device 104. In such an example, the audio sensor may include, or otherwise embodied as, a microphone that captures a user's voice. In another example, the IOT sensor device 104 may include an image sensor that may be embodied as any type of image capture device capable of capturing image local to the IOT sensor device 104. In such an example, the image sensor may include, or otherwise embodied as, a camera or a video camera that captures a user's image or gesture. Each IOT sensor device 104 is configured to transmit the collected sensor data to the IOT computing device 102 via the IOT network 110.
The IOT network 110 may be embodied as any type of local network capable of facilitating communications between the IOT sensor device 104 and the IOT compute device 102. For example, the IOT network 110 may be embodied as, or otherwise include, a wireless or wired local area network (LAN), a wireless or wired wide area network (WAN), a personal network, a Bluethooth® network, or other local network. As such, the IOT network 110 may include any number of additional devices, such as additional computers, routers, and switches, to facilitate communications thereacross.
The IOT computing device 102 is configured to transmit the sensor data and/or the analyzed sensor data to a remote service (e.g., a cloud service) provided by one or more of the remote servers 108. To do so, the IOT compute device 102may communicate with the one or more remote servers 108 via the network 112 to transmit the sensor data produced by the IOT sensor device 104 or the analyzed sensor data (i.e., image data) converted from the sensor data by the IOT compute device 102 as discussed in more detailed below. The remote server 108 may analyze and store the received sensor data and provide various services based on such analysis, such as voice-activated services, gesture-based services, and/or any other service based on the sensor/synthetic data provided by the IOT compute device 102. The remote server 108 may be embodied as any type of computation or computer device capable of performing the functions described herein including, without limitation, a computer, a multiprocessor system, a rack-mounted server, a blade server, a laptop computer, a notebook computer, a tablet computer, a wearable computing device, a network appliance, a web appliance, a distributed computing system, a processor-based system, and/or a consumer electronic device. It should be appreciated that the remote server 108 may be embodied as a single compute device or a collection of distributed compute devices and may include components, such as a processor and memory, similar to the IOT compute device 102, the description of which is not repeated herein for clarity of the description.
In an embodiment, the remote server 108 can be a cloud storage to store the sensor data and further to identify the services to be provided to the user in relation to the sensor data. The remote server 108 can be interchangeably used as the cloud storage 108.
The network 112 may be embodied as any type of network capable of facilitating communications between the IOT computing device 102and the remote servers 108. For example, the network 112 may be embodied as, or otherwise include, a wired or wireless local area network (LAN), a wired or wireless wide area network (WAN), a cellular network, and/or a publicly-accessible, global network such as the Internet. As such, the network 112 may include any number of additional devices, such as additional computers, routers, and switches, to facilitate communications thereacross.
Referring now to FIG. 2, the IOT compute device 102 may establish an environment 200 for securing the sensor data received from the IOT sensor devices 104 of the IOT sensing environment 106. The illustrative environment 200 includes a user interface manager 202, a data collection unit 204, an image processing unit 206, a classification unit 208, an encryption unit 210, a steganography unit 212, an embedding unit 214, a transmission unit 216, and an authentication unit 218.
The user interface manager 202 is configured to provide a user interface (e.g., graphical user interface) that allows the user to set or adjust one or more security settings (i.e., a level of security) associated with the sensor data or particular IOT sensor devices 104. In some embodiments, for example, the user may individually choose one or more security settings associated with each IOT sensor device 104. In other embodiments, the user may choose one or more security settings associated with a group of related IOT sensor devices 104. For example, the user may choose the security settings to be applied to all IOT sensor devices 104 associated with a user's home security system. Alternatively, the user may choose the security settings to be applied to all IOT sensor devices 104 of a particular type. For example, the user may set the security settings that are to be applied to all audio IOT sensor devices 104. In yet some embodiments, the user may choose the security settings to be applied to a type of sensor data (e.g., audio or image data) produced by various IOT sensor devices 104. In yet other embodiments, the user may choose the security settings to be applied to the IOT sensor devices 104 based on the type of service sought from the remote server 108 (e.g., security settings to be applied to all sensor data transmitted to that particular service). It should be appreciated that the IOT computing device 102 further determines whether the desired security settings are valid, which is discussed in more detail below.
To set or adjust one or more security settings, the user interface manager 202 may include an application programming interface (API) 220 in some embodiments. The API 220 allows interfacing with one or more IOT sensor devices 104 of the IOT sensing environment 106. In such embodiments, an IOT sensor device 104 may provide the possible security settings associated with the IOT sensor device 104 or the sensor data produced by the I OT sensor device 104 that may be set or adjusted by the user.
The data collection unit 204 can be configured to obtain the sensor data collected by one or m ore data sources associated with one or more I OT sensor devices 104 connected to the I OT network 1 10.
The image processing unit 206 can be configured to configured to convert the obtained sensor data into the im age data. I n an embodiment, any existing technique of feature technique can be used to convert the sensor data into the image data. Further, the im age processing unit 206 comprises a classification unit 208 to analyze the im age data to extract data relevant to the user of the one or m ore I OT sensor devices 104.
The I OT computing device 102involves a two tier processes that includes the im age processing unit 206 for preprocessing the sensed data to extract data relevant to the user from the image data using the DPN adapted with the data wrapper mechanism , where the DPN adapted with the data wrapper m echanism utilizes the historical data associated with the user. Further, the I OT com puting device 102perform s the crypto based steganography to achieve dual offbeat shielding using the encryption unit 210 and the steganography unit 21 2.
Since the sensed data can include both linear and nonlinear data, the im age processing unit 206 (in the preprocessing process) is configured to rem ove the unwanted data from both linear and nonlinear data. The im age processing unit 206 utilizes a m achine learning techniques based on m em ory retaining to preprocess and/or analyze the data which is gathered from the I OT sensor devices 104.
The I OT com puting device 102includes two section first one is training section and another one is testing phase (discussed below in association with the authentication unit 218) . I n the training section, the classification unit 208 is configured to classify the im age data. I n an em bodim ent, a short-term memory (e.g. , associated with the data storage 1 28) is adapted to enhance the preprocessing with the historical inform ation associated with the user. The classification unit 208 com m unicates with the data storage 128 to utilize the historical information of the user.
Even though an optim ized recurrent neural network achieved m em ory retaining for better calculation based on frequent updating of weights on each node in the hidden layer, it suffers time com plexity. I n order to overcom e the time com plexity problem , the classification unit 208 utilizes a deep belief network adapted with wrapper-based feature selection based on genetic m echanism .
Further, the classification unit 208 can be configured to determ ine that the data relevant to the user m eets data relevancy threshold criteria. The data relevancy threshold indicates that the data is relevant to the user and avoid any false identification of the relevant data.
The encryption unit 210 can be configured to encrypt to encrypt the image data, in response to the classification of the image data, using a cryptography-based encryption. The cryptography-based encryption is a technique for converting data into some unintelligible form that can be decoded only by the intended recipients. I n cryptography-based encryption, a sender encrypts a m essage using some instructions, with the help of a key, which is shared with a receiver prior to the com m unication of the encrypted m essage to the receiver. The receiver can then decode the message using the sam e algorithm and the key.
I n an embodim ent, the encryption unit 210 im age data that includes the best features (the data relevant to the user) m ay be utilized in for providing the data security in I OT environment system 100. I n an em bodim ent, the encryption unit 210 may use a chaotic Advanced Encryption Standard (AES) on the data relevant to the user extracted by the classification unit 208 with reduced num ber of iterations.
The steganography unit 212 configured to generate one or more stego im ages com prising the encrypted image data hidden into a cover image using a steganography mechanism . I n an embodiment, steganography is a m ethod of hiding data in a carrier object in such a way that the existence of the data being sent is concealed. The carrier object can be any suitable carrier object, such as a text file, an im age, a video file or an audio file. I n image steganography, the carrier object typically is a digital im age. This type of carrier object typically is called a cover image. Data typically is em bedded in binary form either in the spatial dom ain or in the frequency domain of the cover im age to produce a steganographic (or stego) image. A receiver can extract the em bedded data using a predefined extraction algorithm . Alternatively, a key used by the sender to em bed the data can be shared with the receiver prior to the stego im age transm ission to the receiver, and used by the receiver to extract the em bedded data.
I n an em bodiment, the steganography unit 212 utilizes a Dual image based least significant bit substitution-pixel value differencing ( LSBPVD) using modulus function for perform ing the steganography process with dual stego image. Accordingly, the em bedding capacity and visual quality can be improved. Thus, an extensive security analysis is provided, which dem onstrates the satisfactory security level (m eet the desired security level as set by the user) with reduced complexity.
The em bedding unit 214 is configured to generate an embedded image data comprising the encrypted image data and the one or more stego im ages.
The transm ission unit 216 configured to transm it the embedded im age data to the cloud storage 1 08.
I n testing section, the authentication unit 218 is configured to authenticate the embedded im age data stored in the cloud storage 108.
I n an embodim ent, the authentication unit 218 is configured to perform a match between the one or more stego im ages and the data relevant to the user identified using the DPN adapted with the data wrapper m echanism . Further, the authentication unit 218 is configured to determ ine whether the m atch between the one or m ore stego images and the data relevant to the user m eets an authentication threshold. Furtherm ore, the authentication unit 218 is configured to provide a first indication indicating that the embedded im age data stored in the cloud storage is authenticated in response to determine that the match between the one or more stego images and the data relevant to the user meets the authentication threshold.
Additionally, the authentication unit 218 is configured to provide a second indication indicating that the embedded image data stored in the cloud storage 108 is not authenticated in response to determine that the match between the one or more stego images and the data relevant to the user fails meets the authentication threshold.
In an embodiment, the first indication and second indication may include any form of notification messages, light indicators and sound indicators which differentiate between the first indication and second indication, or the like.
In embodiment, the authentication unit 218 utilizes an Artificial Neural Network (ANN) and Anarchic Fuzzy optimization mechanism. In an embodiment, the optimized ANN can be utilized as analytics to authenticate whether the stego image is valid or not. The stego images produced, by the steganography unit 212, with cover image is tested by ANN. The features of stego image is matched with the features (relevant data) extracted from the deep learning process to check whether there is any attack or not. Also, to speed this process an Anarchic Fuzzy optimization mechanism which comprises of fuzzy c-mean and improved Glow Worm search optimization may be utilized. By this way, the proposed system enhances the security of IOT sensor data on the cloud storage 108.
The aforementioned learning phase and testing phase results in a less encryption time (124 sec) and due to adaptation of chen chaotic mechanism the iterations involved in conventional AES system are reduced. Further, the proposed system has taken less memory of (18.358KB) in which encryption mechanism is executed. It accomplished high peak signal to noise ratio of 98.45 and less mean square error value of 0.27 as the proposed system implants data by altering the variance value between two contiguous pixels which increases hiding capacity with less distortion. Besides it achieved the average accuracy of 97% with embedding rate of 50%. Thus, the proposed system provides a better performance in enhancing protected cloud storage on the IOT environment when compared to existing systems.
FIG. 3 illustrates a process flow diagram for the crypto based steganography mechanism, according to the embodiment as disclosed herein.
At step 302, the input image is transmitted to perform the data encryption. At step 304, the chen chaotic mechanism in combination with AES system is utilized to encrypt the image data. At step 306, the image data is encrypted. At step 308, the encrypted image is embedded with cover image to perform the steganography mechanism. At step 310, the stego image is generated using the steganography mechanism as detailed above.
FIG. 4 illustrates a process flow diagram for generating the stego image using the steganography mechanism as detailed herein, according to the embodiment as disclosed herein.
At step 402, a cover image is applied to the encrypted image data for performing the steganography. At step 406, the cover image is divided into one or more blocks, where each block is indicative of a pixel group. At step 406, a plurality of difference values for each block is computed, where each difference value is for one of the pixel groups. At step 408, block difference value for each block and, at step 410, number of embedding bits from the block difference value for each block is computed, where the block difference value is an average of the plurality of difference values. At step 412 a secret key within the block is embedded by modifying a pixel value of pixels using the block difference value of the block. At step 414, the more stego image comprising the embedded secret key is generated.
FIG. 5 is a flow diagram illustrating a method 500 for providing the security for securing sensor data in an Internet of things (IOT) environment, according to an embodiment as disclosed herein. At step 502, the method includes obtaining the sensor data collected by one or more data sources associated with one or more loT devices 104 connected to the IOT network 110.
At step 504, the method includes converting the obtained sensor data into the image data, and analyzing the image data to extract data relevant to the user of the one or more IOT sensor devices 104, where analyzing the image data comprises classifying the image data.
At step 506, the method includes encrypting the image data in response to the classification of the image data using a cryptography based encryption.
At step 508, the method includes generating the one or more stego images comprising the encrypted image data hidden into the cover image using the steganography mechanism.
At step 510, the method includes generating the embedded image data comprising the encrypted image data and the one or more stego images.
At step 512, the method includes transmitting the embedded image data to the cloud storage 108.
At step 514, the method includes authenticating the embedded image data stored in the cloud storage 108.
The various actions, acts, blocks, steps, or the like in the method 500 may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some of the actions, acts, blocks, steps, or the like may be omitted, added, modified, skipped, or the like without departing from the scope of the invention.
The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein.

Claims

We claim :
1. A system (100) comprising a computing device (102) for securing sensor data in an Internet of things (loT) sensing environment (106), the computing device (102) comprising: a data collection unit (204) configured to obtain the sensor data collected by one or more data sources associated with one or more loT devices (104) connected to the loT network (110); an image processing unit (206) configured to convert the obtained sensor data into image data, and analyze the image data to extract data relevant to a user of the one or more loT devices, wherein to analyze the image data the image processing unit is configured to classify the image data using a classification unit (208), wherein the classification unit is configured to: identify the data relevant to the user from the image data using a Deep Belief Network (DPN) adapted with a data wrapper mechanism, wherein the DPN adapted with the data wrapper mechanism utilizes a historical data associated with the user, and determine that the data relevant to the user meets data relevancy threshold criteria; an encryption unit (210) configured to encrypt the image data, in response to the classification of the image data, using a cryptography- based encryption; a steganography unit (212) configured to generate one or more stego images comprising the encrypted image data hidden into a cover image using a steganography mechanism; an embedding unit (214) configured to generate an embedded image data comprising the encrypted image data and the one or more stego images; a transmission unit (216) configured to transmit the embedded image data to a cloud storage (118); and an authentication unit (218) configured to authenticate the embedded image data stored in the cloud storage.
2. The system of claim 1 , wherein to generate the one or m ore stego images using the steganography m echanism , the steganography unit (212) is configured to: divide the cover image into one or m ore blocks, wherein each block is indicative of a pixel group; com pute a plurality of difference values for each block, wherein each difference value is for one of the pixel groups; com pute a block difference value for each block and number of em bedding bits from the block difference value for each block, wherein the block difference value is an average of the plurality of difference values; embed a secret key within the block by modifying a pixel value of pixels using the block difference value of the block; and generate the one or m ore stego images comprising the embedded secret key.
3. The system of claim 1 , wherein to authenticate the embedded image data stored in the cloud storage, the authentication unit (218) is configured to: match between the one or more stego im ages and the data relevant to the user identified using the DPN adapted with the data wrapper m echanism ; determ ine whether the match between the one or m ore stego images and the data relevant to the user m eets an authentication threshold; and provide a first indication indicating that the embedded image data stored in the cloud storage is authenticated in response to determ ine that the match between the one or more stego im ages and the data relevant to the user meets the authentication threshold.
4. The system of claims 1 or 3, wherein the authentication unit (218) is configured to provide a second indication indicating that the embedded image data stored in the cloud storage is not authenticated in response to determine that the match between the one or more stego images and the data relevant to the user fails meets the authentication threshold.
5. The system of claim 3, wherein the embedded image data is authenticated using an Artificial Neural Network (ANN) and Anarchic Fuzzy optimization mechanism.
6. The system of claim 1 , wherein the cryptography-based encryption utilizes a chaotic mechanism for encrypting the image data comprising the extracted data relevant and wherein the steganography mechanism utilizes a dual image based Least significant Bit substitution-Pixel Value differencing (LSBPVD).
7. A method for securing sensor data in an Internet of things (loT) network, the method comprising: obtaining, by a data collection unit (204), the sensor data collected by one or more data sources associated with one or more loT devices connected to the loT network; converting, by an image processing unit (206), the obtained sensor data into image data, and analyzing the image data to extract data relevant to a user of the one or more loT devices, wherein analyzing the image data comprises classifying, by a classification unit (208), the image data by: identifying data relevant to the user from the image data using a Deep Belief Network (DPN) adapted with a data wrapper mechanism, wherein the DPN adapted with the data wrapper mechanism utilizes a historical data associated with the user, and determining that the data relevant to the user meets data relevancy threshold criteria; encrypting, by an encryption unit (210), the image data in response to the classification of the image data, using a cryptography-based encryption; generating, by a steganography unit (212), one or more stego images comprising the encrypted image data hidden into a cover image using a steganography mechanism; generating, by an embedding unit (214), an embedded image data comprising the encrypted image data and the one or more stego images; transmitting, by a transmission unit (216), the embedded image data to a cloud storage (118); and authenticating, by an authentication unit (218), the embedded image data stored in the cloud storage.
8. The method of claim 7, wherein generating the one or more stego images using the steganography mechanism comprises: dividing the cover image into one or more blocks, wherein each block is indicative of a pixel group; computing a plurality of difference values for each block, wherein each difference value is for one of the pixel groups; computing a block difference value for each block and number of embedding bits from the block difference value for each block, wherein the block difference value is an average of the plurality of difference values; embedding a secret key within the block by modifying a pixel value of pixels using the block difference value of the block; and generating the one or more stego images comprising the embedded secret key.
9. The method of claim 7, wherein authenticating the embedded image data comprises: matching between the one or more stego images and the data relevant to the user identified using the DPN adapted with the data wrapper mechanism; determining whether the match between the one or more stego images and the data relevant to the user meets an authentication threshold; and transmitting the embedded image data to the cloud storage in response to determining that the match between the one or more stego images and the data relevant to the user meets the authentication threshold.
10. The method of claims 7 & 9, wherein the method further comprises: providing a second indication indicating that the embedded image data stored in the cloud storage is not authenticated in response to determine that the match between the one or more stego images and the data relevant to the user fails meets the authentication threshold.
PCT/IB2019/060998 2019-11-15 2019-12-18 System and method for securing sensor data in internet of things (iot) network WO2021094821A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201941046612 2019-11-15
IN201941046612 2019-11-15

Publications (1)

Publication Number Publication Date
WO2021094821A1 true WO2021094821A1 (en) 2021-05-20

Family

ID=75911866

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2019/060998 WO2021094821A1 (en) 2019-11-15 2019-12-18 System and method for securing sensor data in internet of things (iot) network

Country Status (1)

Country Link
WO (1) WO2021094821A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4167115A1 (en) * 2021-10-18 2023-04-19 Abb Schweiz Ag Security module for a field device
DE202023101591U1 (en) 2023-03-29 2023-04-20 Elham Dawood Kariri Intelligent system to ensure security in IOT-based networks using quantum cryptography

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018212811A1 (en) * 2017-05-19 2018-11-22 Google Llc Hiding information and images via deep learning
CN110110535A (en) * 2019-04-24 2019-08-09 湖北工业大学 A kind of low distortion steganography method based on picture element matrix

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018212811A1 (en) * 2017-05-19 2018-11-22 Google Llc Hiding information and images via deep learning
CN110110535A (en) * 2019-04-24 2019-08-09 湖北工业大学 A kind of low distortion steganography method based on picture element matrix

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4167115A1 (en) * 2021-10-18 2023-04-19 Abb Schweiz Ag Security module for a field device
DE202023101591U1 (en) 2023-03-29 2023-04-20 Elham Dawood Kariri Intelligent system to ensure security in IOT-based networks using quantum cryptography

Similar Documents

Publication Publication Date Title
Dhawan et al. Analysis of various data security techniques of steganography: A survey
Muhammad et al. Image steganography for authenticity of visual contents in social networks
CN108717514B (en) Data privacy protection method and system in machine learning
Al‐Haj et al. Crypto‐based algorithms for secured medical image transmission
Ker et al. Moving steganography and steganalysis from the laboratory into the real world
Panah et al. On the properties of non-media digital watermarking: a review of state of the art techniques
US20200184592A1 (en) Hiding Information and Images via Deep Learning
US20210150061A1 (en) Securing User-Entered Text In-Transit
CN101473314B (en) Entering confidential information on an untrusted machine
JP6346942B2 (en) Blocking password attacks
WO2021094821A1 (en) System and method for securing sensor data in internet of things (iot) network
JP2022524288A (en) Biometric public key system that provides revoked certificates
Sun et al. Secure and privacy preserving data processing support for active authentication
Khare et al. Video steganography using LSB technique by neural network
CN113923042B (en) Detection and identification system and method for malicious software abuse (DoH)
US10339103B2 (en) Steganography obsfucation
Omotosho et al. A secure electronic prescription system using steganography with encryption key implementation
WO2017207998A1 (en) Method of associating a person with a digital object
Agarwal et al. Encrypted transfer of confidential information using steganography and identity verification using face data
KR102103731B1 (en) System for machine learning of encyrpted data using non-interactive communication
Steinebach et al. The need for steganalysis in image distribution channels
JP2021005745A (en) Confidential data communication method, Confidential data communication program and Confidential data communication system
Li et al. Towards a protocol for autonomic covert communication
Kaur et al. Audio steganography using LSB edge detection algorithm
US20240107318A1 (en) A method and a system for securely sharing datasets via glyphs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19952862

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19952862

Country of ref document: EP

Kind code of ref document: A1