Securing Smart Healthcare Cyber-Physical Systems against Blackhole and Greyhole Attacks Using a Blockchain-Enabled Gini Index Framework
Abstract
:1. Introduction
- A layered trust framework is proposed to mitigate SPOF and improve the overheads related to messages, energy, and computations in smart healthcare CPSs.
- A decentralized and scalable framework is presented, enhancing security against blackhole and greyhole attacks using the Gini index.
- Integration of Gini index and blockchain within the smart healthcare monitoring CPS architecture is proposed to enhance the system’s ability to identify and isolate malicious nodes, improving the network integrity and performance.
2. Literature Review
2.1. Related Work on Trust Mechanisms
2.2. Related Work on Blockchain Security
3. Proposed Solution
- Integration of the Gini index and blockchain for attack detection and mitigation: When applied to CPS security, combining the Gini index and blockchain is an attractive way to improve detection and mitigate attacks. The idea behind integrating these two technologies is that they can enhance CPS security due to overlapping functionalities and synergies [66,67]. The Gini index is used to detect weak spots in a CPS [68] by keeping the focus on resource disproportions. Blockchain technology, on the other hand, has the advantages of being immutable, transparent, and decentralized, all of which strengthen CPS security [69]. Blockchain technology uses SHA-256 (Secure Hash Algorithm 256-bit) as the hashing algorithm. The hash function SHA-256 is well-known for its safety and collision resilience [70]. It generates an output with a fixed length of 256 bits. It is essential to maintaining the immutability and security of data in the blockchain since it creates a distinct hash for every block according to its contents. Blockchain technology combined with the Gini index offers a more reliable and efficient cybersecurity mechanism [67,71].
- Enhancing CPS security and benefits/synergies of integration: There are multiple methods in which the integration of blockchain with the Gini logic could enhance CPS security. Initially, although blockchain technology safeguards the Gini data’s integrity and immutability, it can also be employed to identify resource disparities and possible attacks [68,69]. Secondly, the openness and decentralized nature of blockchain allow all CPS network users to access and validate the Gini index data, encouraging cooperation and group security initiatives [69]. Additionally, the integration makes it possible for authorized users to safely share and disseminate the Gini index data, enabling real-time monitoring and defense against potential threats [71].
- Resource consumption at fog layer: All calculations and associated computational load have been moved from the device layer to the fog layer. As a result, the computational load on resource-constrained device layer nodes is reduced, and it is instead distributed to a high-performance fog server, resulting in a decrease in energy usage, message overhead, and end-to-end delay.
3.1. Assumptions
- Initially, all network nodes are trustworthy and contain no malicious nodes.
- A root node, also known as the LLN Border Router (LBR), is a resourceful computational device and is assumed to be trustworthy during the CPS’s network life.
- Each device registers with the root node using a special identification number.
- Other than the root, devices may or may not be mobile; the root will stay static.
- The communication channel is secure.
- The attacker node is not intelligent.
3.2. Gini Index-Based Trust Model
- The Gini index’s degree ranges from 0 to 1.
- “0” indicates that there is only one class (pure) or that all elements fall under that class.
- The number “1” indicates that the elements are dispersed at random (impure) throughout the classes.
- An equal distribution of elements into some classes is indicated by a Gini index value of 0.5.
3.3. Trust Calculation in Proposed Methodology
Algorithm 1: Malicious node detection. |
- 1.
- Direct Trust CalculationMonitoring nodes at the device layer of the CPS is referred to as direct trust calculation. Monitoring nodes at the device layer is performed by resource-constrained devices by continuously tracking and examining the actions and interactions of other nodes within the CPS. The real-time data gathered by these nodes include trust parameters such as the packet drop rate, energy usage, end-to-end delay, and message overhead. Monitoring nodes use trust models and algorithms as part of the direct trust calculation process to assess the reliability and behavior of CPS entities.In a CPS, direct trust computation at the device layer offers a number of benefits. First of all, it offers real-time trust evaluation, allowing for the quick detection of malicious or untrustworthy system elements. Second, direct trust computation gives a thorough evaluation of entity trustworthiness by taking into account trust factors such as the packet loss rate, energy consumption, end-to-end delay, and message overhead. Direct trust calculation at the device layer has its challenges. The precision and scalability of trust computations may be impacted by the monitoring nodes’ constrained memory and computational capacity. In order to avoid unauthorized access or manipulation of trust values, it is also essential to ensure the security and privacy of trust data. To address this issue, the proposed methodology incorporates the device layer nodes to gather only the trust parameters and send them to the fog node through a sink node for data aggregation and trust calculation. Once the overall trust calculations are computed at the fog layer, the same are stored in the global trust list and forwarded to all member nodes for subsequent actions. A general mathematical notation for calculating direct trust using the above trust parameters is depicted in Table 4, where EC stands for the energy used, L for the latency, EED for the end-to-end delay, and PDR for the number of dropped packets.
- 2.
- Indirect Trust Calculation for BlackholeSeveral features can be taken into account when utilizing the Gini index to find a blackhole node in a CPS. Here are several distinctive characteristics of a blackhole node:
- (a)
- Deviation in Gini index: The Gini index gauges how uneven or unequal the CPS network’s flow characteristics are. The Gini index values significantly differ when a blackhole node drops packets.
- (b)
- Packet loss: Incoming packets are purposefully dropped by blackhole nodes, which results in a high packet loss rate.
- (c)
- Latency: Blackhole nodes have the potential to cause large packet transport or response time delays. Blackhole node anomalous delays can be found by keeping an eye on the communication latency between nodes.
- (d)
- Energy consumption: Blackhole nodes have higher energy consumption than regular nodes due to packets being dropped.
- (e)
- Traffic distribution: Blackhole nodes can be found by examining the traffic distribution patterns and locating nodes with unusual or inconsistent traffic distribution.
In addition to the Gini score, blackhole nodes in CPS networks can be quickly identified by taking into account these properties. These metrics are tracked, analyzed, and compared across the nodes to help find those that behave strangely or might be blackhole nodes. The Gini index’s features for detecting a blackhole node in a CPS can be expressed mathematically as follows:Let represent the Gini index value of node m, denote the packet loss rate of node m, stand for the latency of node m, and signify the energy consumption of node m. Additionally, let G be the set of Gini index values for all nodes in the CPS network, denote the average Gini index value of all nodes in the CPS network, represent the predefined threshold for packet loss rate, be the predefined threshold for latency, and signify the predefined threshold for energy consumption. These notations play a pivotal role in analyzing the behavior and performance of the CPS network. The characteristics to detect a blackhole node are as follows:- (a)
- Deviation in Gini index: The Gini index deviation for node m can be defined as shown in Equation (2):
- (b)
- Packet loss: The condition to detect potential blackhole nodes based on packet loss can be expressed as described in Equation (3):
- (c)
- Latency: The condition to detect potential blackhole nodes based on latency can be expressed as described in Equation (4):
- (d)
- Throughput: The condition to detect potential blackhole nodes based on throughput can be expressed as described in Equation (5):
- (e)
- Traffic distribution: By analyzing the traffic distribution patterns and identifying nodes with abnormal or inconsistent traffic distribution, blackhole nodes in a CPS network are detected and subsequently eliminated.
The pseudo-code for the detection of blackhole nodes using the Gini index is described in Algorithm 2. The time complexity of the algorithm is O(n), while the space complexity is also O(nlogn).Algorithm 2: Detection of blackhole nodes. - 3.
- Indirect Trust Calculation for GreyholeTo identify a greyhole node in a CPS, several factors that distinguish anomalous behavior displayed by nodes and indicate the presence of a greyhole node can be taken into account. The following is a list of greyhole node characteristics:
- (a)
- Gini index deviation: Each node’s Gini index in the CPS network is determined based on the flow characteristics of packet loss, delay, and throughput. Nodes with disproportionately high Gini index values might be greyhole nodes.
- (b)
- Selective packet dropping: By keeping an eye on a node’s packet-forwarding activity, greyhole nodes can be identified.
- (c)
- Latency: Greyhole behavior can be detected by tracking the node latency and finding nodes with a higher latency than anticipated.
- (d)
- Energy consumption: Greyhole nodes can be identified by tracking the energy consumption and spotting those with noticeably low residual energy values.
- (e)
- Throughput: In comparison to other nodes, greyhole nodes may manipulate or restrict the flow of data, resulting in reduced throughput.
Greyhole nodes in the CPS can be found by taking into account the criteria mentioned above and the Gini index analysis. The mathematical model below shows how the Gini index can be used to find greyhole nodes in a CPS. Let the characteristics of node m at time T describe several parameters. The Gini index value is denoted by , representing the data distribution. The packet loss rate is indicated by , reflecting the rate of lost packets. The latency is represented by , capturing the data transmission delay. The energy consumption is denoted by , signifying the power usage. The throughput is indicated by , representing the data transfer rate. represents the threshold value for a particular metric and represents the average value of the Gini index. These parameter values are essential for evaluating and managing the performance of node m within the CPS network. The characteristics to detect a greyhole node are:- (a)
- Gini index deviation: The Gini index deviation for node m at time t can be defined as described in Equation (6):
- (b)
- Packet loss: The condition to detect potential greyhole nodes based on packet loss can be expressed as described in Equation (7):
- (c)
- Latency: The condition to detect potential greyhole nodes based on latency can be expressed as described in Equation (8):
- (d)
- Energy consumption: The condition to detect potential greyhole nodes based on energy consumption can be expressed as described in Equation (9):
- (e)
- Throughput: The condition to detect potential greyhole nodes based on throughput can be expressed as described in Equation (10):
The Gini index deviation captures the deviation of a node’s Gini index from the average. At the same time, the packet loss, latency, and throughput characteristics help identify nodes with abnormal behavior in terms of packet loss rate, latency, and data transfer rates, respectively. The pseudo-code for the detection of greyhole nodes using the Gini index is depicted in Algorithm 3. The time complexity of the algorithm is O(n), while the space complexity is also O(nlogn). - 4.
- Trust UpdateA key component of assuring the network’s dependability and security in CPS networks is trust updating. Based on the behaviors and interactions within the network, individual nodes’ given trust ratings are evaluated and updated. There are two basic ways trust updates may occur: routine/periodic updates and reactive updates brought on by modifications in node behavior.
- (a)
- Routine: Routine trust updating is carried out at predetermined intervals, usually as part of a routine maintenance operation. This method ensures that trust values are always up-to-date and represent the nodes’ current behavior. Network managers may identify potential deviations or anomalies in node activity by periodically analyzing their trustworthiness.
- (b)
- Reactive: When a node’s behavior changes significantly or displays questionable behavior, reactive trust updating takes place. These adjustments may take the form of abrupt increases in data loss, unforeseen communication delays, or departures from established behavioral norms. When these anomalies are found, a reactive action is taken to adjust the node in question’s trust value.
For a CPS network to remain trustworthy, both routine and reactive trust-update measures are essential. The routine updates offer a methodical and proactive way to monitor the network, ensuring that trust values are consistently evaluated and modified. Reactive updates, on the other hand, offer a quick way to respond to any abrupt or unexpected changes in node behavior that might point to a security risk. Combining the two strategies enables CPS networks to efficiently respond to dynamic changes in node behavior.
Algorithm 3: Detection of greyhole node. |
3.4. Smart Contracts for Node Registration
Algorithm 4: Smart contract algorithm. |
- Smart contract deployment: The fog server compiles the smart contract code and then deploys it to the blockchain.
- Node registration request: A registration request is sent to the fog server by a new node when it wants to join the network. The request contains the data needed for the registration procedure, such as the node’s identification and associated metadata.
- Smart contract interaction: By calling functions or methods specified in the deployed smart contract’s code, the fog server communicates with it.
- Validation and verification: After receiving the registration request, the smart contract runs validation and verification tests. The node’s identification is validated by the smart contract, which then confirms its veracity.
- Updating the registration list: The smart contract updates the node registration list if the registration request is validated successfully. The updated registration information is included in a new transaction that the smart contract makes on the blockchain network.
- Confirmation and event logging: When the smart contract successfully changes the registration list, it notifies the fog server by sending a confirmation response. The confirmation or event is recorded by the fog server.
3.5. Blockchain-Based Gini Index Framework in Smart Healthcare CPS
3.6. Deployment Models for Proposed Framework
4. A Case Scenario in Smart Healthcare CPS
5. Techniques in the Proposed Smart Healthcare CPS for Trust Management
- Utilization of Gini Index for Trust AssessmentThe distribution of trust parameters gathered from the device layer is subjected to the Gini index in the context of the smart healthcare CPS [34]. Based on the gathered trust parameters, the Gini index is computed, offering insights into how the actions and behaviors of nodes are distributed throughout the network. Unanticipated trends or deviations in the behavior of the devices within the smart healthcare CPS are indicated by irregularities in the Gini index. Alerts are set off by abrupt spikes or notable deviations, which indicate possible security risks [73]. Trust is evaluated in real time by the GBG-RPL. The GBG-RPL adapts, according to the trust parameter changes, making sure the system can react quickly to new security threats.
- Blockchain for Secure StorageA blockchain smart contract forms the basis of the revised blockchain-based global trust list (BRGTL) of the proposed framework. The device parameters, trust values, and trust parameters are all safely stored and kept up-to-date. The smart contract provides an unchangeable and impenetrable record of trust-related data. The BRGTL smart contract makes use of the distributed ledger to guarantee the distribution of trust information among nodes [82]. It minimizes the likelihood of an SPOF and increases the trust-management system’s overall resilience. The BRGTL serves as a historical reference for evaluations of trust. It keeps an updated record of trust values, which enables the system to monitor changes over time and spot patterns in device behavior.
- Trust Updating at Fog LayerIn the proposed framework, trust updating is carried out by the fog layer. Real-time updates to the trust values of nodes at the device layer are continually revising the trustworthiness of devices within the smart healthcare CPS. Every time a new device connects to the network or after a predetermined amount of time, the trust values are routinely updated by the GBG-RPL [89]. However, the device or subsequent trust calculation is assigned a minimum score of acceptable trust upon its initial request to join the network. The fog layer communicates with the device layer to share the updated trust values [61]. This communication ensures that devices at the device layer are informed of changes in trust assessments and can initiate action accordingly.
- Trust Management to Prevent Blackhole and Greyhole AttacksThe GBG-RPL ensures that the system can adapt to changes in the network’s behavior. If a node starts behaving maliciously, the GBG-RPL will reflect this anomaly, triggering alerts and enabling the system to take preventive actions. The BRGTL smart contract on the blockchain stores a secure and tamper-resistant record of trust values. Even if a greyhole or blackhole attack attempts to manipulate local trust values, the immutable nature of the blockchain prevents the compromise of the overall trust assessment [82]. The BRGTL smart contract acts as a decentralized source of trust. Nodes in the device layer can verify trust values against the historical records stored in the blockchain, ensuring that trust information is consistent and not manipulated by attackers.
6. System Architecture
- Observer and Acquirer/Direct Trust Collector: The sink/root node and the resource-constrained nodes are the two types of nodes present in the device layer. The computing, storage, and energy capacities of these nodes are constrained. According to the RPL architecture, these nodes are either parent or child nodes. The parent nodes carry out the functions of the observer and acquire trust parameters. In the proposed architecture, these nodes are performing two functions named observer and acquirer. The parent nodes observe the parameters of their neighbor nodes and child nodes, such as the packet loss, energy usage, end-to-end delay, and message overhead during normal RPL operations of the CPS, and pass these parameters to the sink/root node. The acquirer function collects the parameters, while the observer function monitors the behavior of the nodes. In the event that a child node is flagged as malicious in the global trust list, the parent nodes remove that child node from the CPS network. The RPL becomes unstable, and its rebuilding process is initiated whenever a node enters or exits the network. Following that, the CPS network resumes its regular RPL activities.
- Dispatcher–Eliminator: As per the proposed framework, the sink/root node has more processing power, storage, and enhanced energy backup in comparison to other nodes at the device layer. The root node has two primary functions, including dispatcher and eliminator. To connect the device layer and the fog layer, the sink/root node acts as a link. As all traffic between the fog layer and device layer is routed through the sink node, the root node also serves as the cluster head. The dispatcher function gathers all trust parameters received from the parent nodes at the device layer of the CPS network and forwards the same to the fog server at the fog layer. Furthermore, the eliminator function receives the revised BRGTL from the fog layer and forwards or broadcasts downwards to all member nodes at the device layer. The root itself is not making any decisions, and it is only receiving and forwarding the traffic between the device and the fog layer.
- Device Discoverer: The device discoverer module is a vital component of the proposed framework, operating at the fog layer to keep track of all nodes entering and leaving the CPS network. Its main function is to maintain a comprehensive record of node activity, which is essential for network management and security. This module forwards its processed device list to the trust parameter accumulator module and blockchain ledger updater (smart contract) module. A comprehensive working overview of the device discoverer module is described below.
- (a)
- Registering devices: The device discoverer is responsible for registering a newly discovered node that wants to become part of the CPS network. It gathers pertinent data about the new node, such as its exact location, identification information (such as MAC address and node ID), and additional characteristics.
- (b)
- Authenticating devices: The device discoverer verifies the legitimacy of each node’s request through authentication procedures before having registered it. This is an essential step in preventing malicious or unauthorized devices from pairing with the network.
- (c)
- Updating BRGTL: Following a successful device registration and authentication, the device discoverer modifies the global trust list that the blockchain-based trust-management system keeps up-to-date. To monitor its actions and contributions to the network, the details of the new node are added to the list, along with any available trust metrics.
- (d)
- Tracking node activity: The device discoverer continuously monitors the CPS network for any node activity, including nodes entering and leaving the network.
- (e)
- Monitoring node status: The device discoverer regularly checks the status of registered nodes to ensure their proper functioning and responsiveness.
- (f)
- Handling departure of nodes: The device discoverer deletes a node from the list of active nodes and modifies its status in the BRGTL when it departs the CPS network.
- (g)
- Detecting malicious nodes: An important function of the device discoverer is to identify potentially malicious nodes in the network by constantly tracking node behavior and activity. The trust analyzer receives reports of any odd or unusual behavior for additional analysis and suitable action.
- (h)
- Logging: Every node activity, such as fresh node registrations, exits, and any unusual behaviors found, is recorded by the device discoverer.
- (i)
- Integration with other modules: The device discoverer exchanges data regarding node actions and trust status with the other elements of the framework, including the trust analyzer and calculator and the eliminator. It offers vital information for processes related to threat prevention and trust-based decision making.
By functioning as a comprehensive node activity tracker and coordinator, the device discoverer module enhances the overall security and management of the CPS network. Its ability to identify and respond to new node entries and departures contributes to the dynamic and adaptive nature of the framework in detecting and mitigating blackhole and greyhole attacks. - Trust Parameter Accumulator: The trust parameter accumulator operates in the fog layer to collect and aggregate trust parameters received from the device layer. Its primary function is to gather all relevant trust-related data from the device layer (root node) and combine them for further processing by the trust analyzer and calculator module. The processed trust parameters are also forwarded to the blockchain ledger updater module. The trust parameter accumulator module acts as a vital intermediary between the device layer and the trust analysis components at the fog layer. By efficiently collecting, aggregating, and pre-processing the trust parameters, it enables accurate and timely evaluation of node behavior.
- Trust Analyzer and Calculator: At the fog layer, fog servers with strong computational capability are set up. On the basis of the received parameters, the trust calculator executes Gini index-based logic and calculates the Gini value, which determines whether the node’s behavior is malicious or normal. If the Gini value is >0.5, then the behavior is attributed to an attack, and if the Gini value is <0.5, then the node is treated as a normal node. However, it is noteworthy that for critical/sensitive requirements, only nodes with lower Gini values, preferably closer to zero, would be allowed to form the DODAG.It is possible to tell the difference between nodes with a regular distribution pattern and those with malicious intent by looking at their distribution patterns. The value 1 can be achieved through either a uniform or an uneven distribution. As shown in Table 6, a node-rating threshold is determined using Gini logic. The main aim of these thresholds is to isolate harmful nodes from the rest of the network. Only nodes that have passed this test are allowed to take part in routing decisions. To provide more elaborate details, the different steps and processes involved in this module are described below.
- (a)
- Trust parameter collection: The trust analyzer and calculator module receives trust parameters from the trust parameter accumulator module and parent nodes at the fog layer.
- (b)
- Trust parameter normalization: Before calculating the Gini index, the trust parameters are normalized to bring them to a consistent scale.
- (c)
- Trust score calculation: A trust score is a numerical indicator of a node’s reliability or trustworthiness in a network. Trust scores are essential for evaluating node behavior in the context of a CPS, especially when it comes to identifying and reducing the possibility of malicious nodes. The suggested method uses trust scores to assess nodes’ credibility according to trust parameters. In a CPS network, the overall “trustworthiness inequality” between nodes can be evaluated using the Gini index. It offers a tool for locating potentially dangerous nodes or ones that drastically depart from the norm when paired with trust scores. Algorithm 1 explains how the suggested method calculates the trust score.
- (d)
- Gini index calculation: The Gini value for every node under observation is determined by the trust analyzer and calculator using logic based on Gini indexes. To calculate the Gini index, add up all of the trust parameter pairs’ absolute differences, then divide the total by the number of pairs. The suggested method of Gini index computation is described in Algorithm 1.
- (e)
- Threshold setting for malicious behavior: After calculating the Gini value for each node, the trust analyzer and calculator sets a threshold value to distinguish between normal and malicious behavior. The threshold value is set at 0.5, but this can be adjusted based on the specific requirements and characteristics of the CPS network.
- (f)
- Node classification: Nodes with Gini values above the threshold (>0.5) are classified as exhibiting potentially malicious behavior, indicating a higher degree of parameter inequality. Nodes with Gini values below the threshold (<0.5) are considered normal nodes, exhibiting a more uniform distribution of trust parameters.
- (g)
- Formation of DODAG based on trust: To ensure the security and efficiency of the CPS network, the trust analyzer and calculator may influence the formation of the destination-oriented directed acyclic graph (DODAG) based on trust values. Nodes with lower Gini values, preferably closer to zero, are given priority in forming the DODAG, especially for critical/sensitive tasks or routing decisions.
- (h)
- Trust updates and periodic review: The trust analyzer and calculator periodically reviews the trust values based on the updated trust parameters received from the device discoverer and parent nodes.
- Blockchain Ledger Updater for BRGTL: The blockchain ledger updater module, functioning as a smart contract in the fog layer, plays a critical role in the proposed methodology by leveraging blockchain technology to update and maintain the BRGTL. This module integrates inputs from various components, including the device discoverer module, trust parameter accumulator module, and trust analyzer and calculator module, to ensure the trustworthiness and reliability of the CPS network. The fog server implements blockchain technology to update and keep track of the BRGTL. When a new node requests to join the network, a new entry is added here. Through the use of the sink node, the parameters of the parent node are transmitted to the fog server. A new entry is added to the blockchain if the node’s information is not already included there; otherwise, the list is not updated. Similarly, the list is updated during regular operations if there are any deviations in metrics like packet loss, end-to-end delay, message overhead, or energy consumption. Below is an elaborate description of the functionality of the blockchain ledger updater module as a smart contract.
- (a)
- Smart contract deployment: The fog server deploys the smart contract in the selected blockchain network. The smart contract’s code contains the logic for managing the global trust list and processing trust-related data. The deployment process involves uploading the compiled smart contract code to the blockchain platform through relevant APIs or tools.
- (b)
- Receiving trust parameters: The blockchain ledger updater module receives trust parameters from multiple sources, including the device discoverer module, which keeps a record of all nodes entering and leaving the CPS network. Trust parameters from various nodes, such as packet loss, end-to-end delay, message overhead, and energy consumption, are gathered and sent to the blockchain ledger updater for further processing.
- (c)
- Global trust list update: Based on the trust evaluation results, the blockchain ledger updater module updates the global trust list (BRGTL) in the blockchain. The list contains entries for each node, reflecting their trust values and other relevant information. New nodes requesting to join the network have their entries added to the BRGTL.
- (d)
- Immutability and consensus: The smart contract ensures that the global trust list on the blockchain is immutable and tamper-resistant. Once trust data are recorded, they cannot be altered or deleted, ensuring the integrity and reliability of the trust registry.
- (e)
- Decentralization and transparency: As a smart contract in the fog layer, the blockchain ledger updater operates in a decentralized manner, thus removing the need for a central authority figure.
- (f)
- Logging and event handling: The module logs and handles events related to trust parameter updates and BRGTL modifications.
By efficiently updating the BRGTL in the blockchain, this module ensures a secure and decentralized trust-management system for the CPS network. - Trust Disseminator: The trust disseminator is responsible for distributing the BRGTL from the fog layer to the device layer of the CPS network. The revised list is sent to the disseminator module after the trust has been determined and the blockchain has been updated. The disseminator module transmits the updated list to the device layer through the sink node, which is the third function of the fog server. This module is just in charge of trust distribution to the device layer and does not perform any calculations. A thorough explanation of the trust disseminator module’s working is outlined below:
- (a)
- Receiving BRGTL: After trust calculations are completed and the blockchain is updated with the latest trust values for each node, the blockchain ledger updater forwards the BRGTL to the trust disseminator module.
- (b)
- Sending BRGTL to device layer: When the data have been prepared, the sink node allows the trust disseminator to send the BRGTL to the device layer. Because it acts as an intermediary between the fog and device layers, the sink node is the most appropriate option for sharing trust data.
- (c)
- BRGTL distribution: The primary function of the trust disseminator is to use the root node to transmit the trust data to each node in the device layer. It guarantees that each node in the network is aware of the reliability of its nearby peers and other nodes.
- (d)
- Synchronizing trust update: To guarantee that each node has access to the most recent trust values, the trust disseminator module regulates the trust changes in all nodes in the device layer through the root node.
- (e)
- Trust-based decision making: Nodes can decide how to interact with other nodes based on trust when trust information is quickly disseminated. During the RPL process, nodes are able to employ this information to assess the reliability of prospective parents or children.
The trust disseminator module serves as a critical link between the fog layer, where trust evaluations occur and the BRGTL is updated, and the device layer, where trust information is required for network operations and decision making. By efficiently distributing the updated trust values, this module enhances the trust-management system’s effectiveness. It contributes to the successful detection and mitigation of blackhole and greyhole attacks in the GBG-RPL framework. - Eliminator: The eliminator module is a crucial component in the GBG-RPL methodology for taking action based on the BRGTL received from the trust disseminator module. This module ensures the containment of malicious nodes and maintains the integrity of the CPS network. Upon receipt of the BRGTL from the disseminator, the sink node forwards the same to the parent nodes. The parent node initiates action to isolate or deny access to the network to the malicious node. After attacker containment, the RPL is rebuilt, and subsequently, routine CPS network operations are started. Similarly, if a new node is joining the network, the RPL is rebuilt, followed by routine CPS network operations. The eliminator module’s functionality is critical in maintaining a secure and reliable CPS network. By promptly isolating malicious nodes and incorporating new nodes through RPL rebuilding, this module ensures that the network remains resilient to blackhole and greyhole attacks.
7. CPS Architecture in GBG-RPL
- Sensing Layer: The sensing layer serves as the core of the CPS architecture. It is made up of a number of sensors and actuators that are placed throughout the physical environment (e.g., smartwatches and fitness bands) to gather information from the patients [90]. The sensors record critical data from the patients related to location/motion, blood pressure, heartbeat, and sugar levels for central monitoring. The actuators interact with the physical world by carrying out operations according to commands from the cyber system (e.g., implantable devices like pacemakers and insulin pumps function as adjusted by the practitioners).
- Communication Layer: Data transmission between the sensing layer (devices on the patients) and the cyber layer (servers and central control/monitoring at hospitals) is carried out by the communication layer [91]. It consists of networks, gateways, and communication protocols that make it easier for data to be sent from sensors and actuators to cyber components for analysis and decision making.
- Cyber Layer: The cyber layer applies control algorithms, data analytics, and decision-making procedures to the data it receives from the sensing layer. This layer consists of computer hardware such as edge servers, cloud servers, and control systems that process the incoming data to produce useful insights and coordinate the operations of the physical layer [92].
- Data Analytics and Control Layer: Data analysis and thoughtful decision making are the main functions of this layer [93]. This layer processes the raw data gathered from the sensing layer to discover useful patterns and make informed decisions.
- User Interface and Interaction Layer: Users can interact with the CPS system through the user interface layer [94]. Applications, dashboards, and visualizations are included that let users control parameters, monitor system performance, and input data to adjust the function of the CPS device.
- Security and Privacy Layer: The safety and privacy of the CPS must be guaranteed at all costs. This layer protects the CPS against online threats and unauthorized access through a variety of security methods, encryption protocols, access-control systems, and authentication procedures [24].
- Integration and Interoperability Layer: CPSs frequently require the integration of several parts and systems from diverse vendors. Smooth coordination inside the CPS system is made possible by the integration and interoperability layer, which enables seamless communication and cooperation between these many components [95]. In the proposed methodology, the device ID along with the trust parameters are stored in the device acquirer and blockchain-based revised global trust list (BRGTL).
- Feedback and Adaptation Layer: This layer contains feedback loops and adaptive control systems that let the CPS devices react quickly to commands given by the central control/monitoring systems [96].
Workflow of Proposed Model (GBG-RPL)
- When a member node departs the CPS network or a new node enters the network, the RPL DODAG reconstruction begins.
- Parent nodes keep an eye on the trust parameters of their child nodes and neighbors. Dropped packets, energy consumption, latency from start to finish, and message size are all the parameters to keep an eye on. It is performed at the device layer and is sometimes referred to as “direct trust calculation”. Except for the sink node, all other nodes at the device layer have limited resources.
- Each child node reports its trust parameters to its parent, which then shares them with the sink. Except for transmitting the parameters to the fog server, the sink node does nothing else. This means that the sink node is connecting the device layer and the fog layer. The update of trust parameters is sent from the device layer to the fog layer every 10 milliseconds (ms). At the same time, the trickle timer for considering a packet to be dropped/lost is set at 5 ms.
- The fog server is deployed at the fog layer. It has high computational and storage capabilities and, therefore, is assigned many tasks or functionalities for execution. The first function is to maintain a global trust list, which is updated on the basis of direct and indirect trust calculations. Information regarding all member nodes resides in the global trust list.
- The second functionality is to calculate the trust value for a node by applying the Gini logic. The resulting value of the Gini logic falls between 0 and 1, where 0 denotes a fully trusted node while 1 denotes a fully compromised node. Thus, the behavior of a node is declared either malicious or normal as per the trust value calculated.
- Once the trust value has been calculated, the blockchain smart contract is implemented to update the ledger/database, which maintains the global trust list. The ledger is updated only when there is the addition of a new node or the trust status of the node changes.
- After the update of the database, the BRGTL is disseminated from the fog layer to the device layer.
- The sink node receives the updated BRGTL, which is then sent to the parent nodes so that the malicious node can be removed or a new node can be allowed to join the network.
- The RPL DODAG is rebuilt in the event that a malicious node is removed from the CPS network, a new node joins the network, or a member node leaves the network.
- After the reconstruction of the RPL DODAG, routine RPL network operations are resumed.
8. Methods for Designing, Testing, and Deploying the GBG-RPL Framework in Smart Healthcare CPS
- Designing the GBG-RPL FrameworkThe design of the GBG-RPL framework incorporates various methods to ensure a robust and adaptable system. Mathematical design plays a key role, involving the formulation of the Gini index-based algorithm along with trust metrics [97]. By leveraging mathematical principles, this method defines the trust assessment and adaptation mechanisms within the framework. Additionally, interdisciplinary collaboration is a cornerstone of the design process, fostering cooperation between cybersecurity and healthcare experts [98]. This collaborative approach ensures a holistic design that aligns with both mathematical rigor and the real-world requirements of healthcare systems. Furthermore, allowing tailoring of the GBG-RPL to specific characteristics of smart healthcare systems enables the customization of the parameters and algorithm based on the unique deployment requirements.To mitigate the security risks associated with the implementation of the proposed framework in a smart healthcare system, a comprehensive set of measures is undertaken. First and foremost, a decentralized architecture is adopted to distribute trust-management functions across multiple nodes, reducing the vulnerability to centralized attacks [85]. In the proposed framework, the trust calculations, the ledger in the form of BRGTL, device registration, and smart contracts have been implemented in the fog servers, which are deployed in the fog layer. The implementation of the fog layer mitigates the direct exposure of the trust calculation and database from the device layer where the resource-constrained devices are exposed to the attackers [17]. Regular updates and security audits would be conducted for the blockchain network and smart contracts to address vulnerabilities and ensure the robustness of the system. Scalability challenges are managed using a layered architecture, where multiple fog servers are implemented to accommodate large numbers of nodes, large data volumes, and geographic expansion. To navigate regulatory complexities, close collaboration with legal experts would ensure that the proposed framework aligns with relevant healthcare data protection regulations [99]. Thorough testing and validation during integration, the involvement of cybersecurity experts, and seamless communication between the proposed framework and existing components would address concerns related to integration complexity. These multifaceted measures collectively contribute to a resilient security infrastructure for the smart healthcare system.
- Testing the GBG-RPL FrameworkThe evaluation of the GBG-RPL framework involves two distinct testing methodologies to ensure its effectiveness and reliability. Simulation testing is conducted using the Cooja simulator, wherein trust parameters and attack configurations are systematically varied. This process helps identify potential issues and assesses the framework’s scalability and adaptability under different conditions [100]. The second part complements the simulation testing with real-world testing, which takes place in actual smart healthcare environments. The evaluation process offers an in-depth understanding of the framework’s effectiveness across diverse scenarios by utilizing the simulations and real-world testing, which add to the framework’s robustness and applicability in real-world healthcare settings.
- (a)
- Deployment Methods for the GBG-RPL FrameworkThe implementation of the GBG-RPL framework necessitates the smooth integration of GBG-RPL into the existing infrastructure of intelligent healthcare systems [9]. This integration guarantees compatibility and cooperation with other components. Another crucial component of the deployment strategy is user awareness and training, which involves teaching administrators and users about GBG-RPL’s features and security precautions. These methods enable modifications in response to real-time input and evolving needs, guaranteeing the framework’s flexibility and long-term efficacy in smart healthcare scenarios.
- (b)
- Additional ConsiderationsThe implementation of the GBG-RPL framework employs a thorough and repetitive methodology to guarantee ongoing improvement and peak efficiency. Using an iterative development cycle facilitates continuous improvement by incorporating knowledge gained from the deployment and testing phases into later iterations [101]. In order to guarantee alignment with user needs, interactive development methods involve stakeholders such as administrators, cybersecurity specialists, and healthcare professionals. Security audit and compliance measures are implemented to conduct thorough security audits, ensuring adherence to industry standards and regulations [102]. User feedback is actively sought to inform design improvements, adopting a user-centric design approach that ensures the uninterrupted availability of healthcare services. Additionally, the deployment emphasizes the adoption of best practices in cybersecurity and healthcare data management, drawing insights from successful implementations in related domains [103].
9. Experimentation
9.1. Hardware Requirements
9.2. Libraries and Frameworks
- RPL Classic: The uIP stack has capabilities including packet processing, routing, and communication protocols and supports IPv6. It ensured that the CPS network was routed effectively and consistently, which assisted in the evaluation and realistic behavior of the trust mechanisms.
- Managing Trust: A trust-managing library (TinyDTLS) was employed in the GBG-RPL technique to facilitate the detection of blackhole and greyhole attacks. With the help of these libraries, trust values could be managed and calculated while accounting for a number of variables, such as message overhead, energy consumption, packet loss, and end-to-end delay.
- Blockchain Library (web3.js): The web3.js package was used to include blockchain technology.
9.3. Simulation Environment
10. Results and Discussion
10.1. Packet Loss Ratio
10.2. Energy Consumption
10.3. Average Residual Energy
10.4. End-to-End Delay
10.5. Attack-Detection Rate
10.6. Attack-Detection Time
10.7. Message Overhead
10.8. Discussion
- Node Growth: As the smart healthcare system expands, more medical devices, wearables, and IoT-enabled devices are added, increasing the number of nodes in the network [105]. The proposed framework will accommodate the growing number of nodes without significant degradation in performance due to its distributed nature [106].
- Data Volume: With the proliferation of healthcare data generated by various devices, the system experiences an increase in the volume of data transactions [107]. The proposed framework efficiently handles the increased data volume, ensuring timely trust assessments without introducing delays due to the blockchain [108].
- Real-Time Monitoring: The smart healthcare system requires real-time monitoring of patient data, vital signs, and device interactions for prompt decision making [109]. The proposed framework is capable of performing real-time trust assessments, adapting to dynamic changes in the network, and providing timely feedback as the fog layer is closer to the end-user devices.
- Geographic Expansion: The smart healthcare system extends its services to new geographic locations, leading to a geographically distributed network [100]. The proposed framework is designed to support geographic expansion, considering potential latency issues and ensuring consistent trust management across distributed nodes.
- The proposed framework implements a distributed architecture for the Gini index where trust calculations and data processing are distributed across multiple fog nodes [110]. The proposed framework distributes the computational load, improving the overall system performance while enhancing the fault tolerance and resilience.
- The proposed framework uses a layered architecture with a fog layer and a device layer [111]. The proposed framework prevents resource bottlenecks since all the trust calculation, analysis, and data storage are shifted to the fog layer, and the network underneath works efficiently.
11. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
Abbreviation | Meaning |
AI | Artificial Intelligence |
BCPS-RPL | Blackhole detection in RPL-based CPS |
CPS | Cyber-Physical System |
DAO | Destination Advertisement Object |
DODAG | Destination-Oriented Directed Acyclic Graph |
DL | Deep Learning |
DoS | Denial of Service |
GBG-RPL | Gini-index and blockchain-based Blackhole/Greyhole RPL |
Greyhole | Greyhole Attack |
Gini | Gini Logic |
IDS | Intrusion-Detection System |
IoT | Internet of Things |
ITS | Intelligent Transportation System |
LLN | Low-Power Lossy Networks |
LBR | LLN Border Router |
MAC | Message Authentication Code |
MITM | Man-in-the-Middle |
ML | Machine Learning |
mj | MilliJoules |
OS | Operating System |
PKC | Public Key Cryptography |
RAM | Random Access Memory |
BRGTL | Blockchain-based Revised Global Trust List |
RPL | Routing Protocol for Low-power Lossy Networks |
SHA-256 | Secure Hash Algorithm 256 |
SSH | Secure Shell |
SN | Sensor Nodes |
SPOF | Single Point of Failure |
TLS | Transport Layer Security |
VPN | Virtual Private Network |
WSN | Wireless Sensor Network |
ERT | Electrical Resistivity Tomography Algorithm |
6LoWPAN | IPv6 LLN Private Access Networks |
References
- Lesch, V.; Züfle, M.; Bauer, A.; Iffländer, L.; Krupitzer, C.; Kounev, S. A literature review of IoT and CPS—What they are, and what they are not. J. Syst. Softw. 2023, 200, 111631. [Google Scholar] [CrossRef]
- Amlan, K.N.H.; Shamsu, M.; Uddin, T.M.; Riyan, N.B. 16 IoT, Cloud Computing, and Sensing Technology for Smart Cities. In Intelligent Techniques for Cyber-Physical Systems; CRC Press: Boca Raton, FL, USA, 2023; p. 267. [Google Scholar]
- Karuppiah, K.; Sankaranarayanan, B.; D’Adamo, I.; Ali, S.M. Evaluation of key factors for industry 4.0 technologies adoption in small and medium enterprises (SMEs): An emerging economy context. J. Asia Bus. Stud. 2023, 17, 347–370. [Google Scholar] [CrossRef]
- Gupta, A.; Singh, A. A Comprehensive Survey on Cyber-Physical Systems Towards Healthcare 4.0. SN Comput. Sci. 2023, 4, 199. [Google Scholar] [CrossRef]
- Kumar, M.; Kumar, A.; Verma, S.; Bhattacharya, P.; Ghimire, D.; Kim, S.H.; Hosen, A.S. Healthcare Internet of Things (H-IoT): Current Trends, Future Prospects, Applications, Challenges, and Security Issues. Electronics 2023, 12, 2050. [Google Scholar] [CrossRef]
- Prathyusha, M.; Bhowmik, B. IoT-Enabled Smart Applications and Challenges. In Proceedings of the 2023 8th International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, 1–3 June 2023; pp. 354–360. [Google Scholar]
- Boikanyo, K.; Zungeru, A.M.; Sigweni, B.; Yahya, A.; Lebekwe, C. Remote patient monitoring systems: Applications, architecture, and challenges. Sci. Afr. 2023, 20, e01638. [Google Scholar] [CrossRef]
- Watanabe, T.; Ohsugi, K.; Suminaga, Y.; Somei, M.; Kikuyama, K.; Mori, M.; Maruo, H.; Kono, N.; Kotani, T. An evaluation of the impact of the implementation of the Tele-ICU: A retrospective observational study. J. Intensive Care 2023, 11, 9. [Google Scholar] [CrossRef] [PubMed]
- Dang, V.A.; Vu Khanh, Q.; Nguyen, V.H.; Nguyen, T.; Nguyen, D.C. Intelligent Healthcare: Integration of Emerging Technologies and Internet of Things for Humanity. Sensors 2023, 23, 4200. [Google Scholar] [CrossRef]
- Ramnath, V.R. Global telehealth and digital health: How to support programs and infrastructure. In Emerging Practices in Telehealth; Elsevier: Amsterdam, The Netherlands, 2023; pp. 163–182. [Google Scholar]
- George, A.H.; Shahul, A.; George, A.S. Wearable Sensors: A New Way to Track Health and Wellness. Partn. Univers. Int. Innov. J. 2023, 1, 15–34. [Google Scholar]
- Kim, S.; Baek, S.; Sluyter, R.; Konstantinov, K.; Kim, J.H.; Kim, S.; Kim, Y.H. Wearable and implantable bioelectronics as eco-friendly and patient-friendly integrated nanoarchitectonics for next-generation smart healthcare technology. EcoMat 2023, 5, e12356. [Google Scholar] [CrossRef]
- Chopade, S.S.; Gupta, H.P.; Dutta, T. Survey on Sensors and Smart Devices for IoT Enabled Intelligent Healthcare System. Wirel. Pers. Commun. 2023, 131, 1957–1995. [Google Scholar] [CrossRef]
- Tushkanova, O.; Levshun, D.; Branitskiy, A.; Fedorchenko, E.; Novikova, E.; Kotenko, I. Detection of Cyberattacks and Anomalies in Cyber-Physical Systems: Approaches, Data Sources, Evaluation. Algorithms 2023, 16, 85. [Google Scholar] [CrossRef]
- Awotunde, J.B.; Oguns, Y.J.; Amuda, K.A.; Nigar, N.; Adeleke, T.A.; Olagunju, K.M.; Ajagbe, S.A. Cyber-Physical Systems Security: Analysis, Opportunities, Challenges, and Future Prospects. In Blockchain for Cybersecurity in Cyber-Physical Systems; Springer: Cham, Switzerland, 2023; pp. 21–46. [Google Scholar]
- Celdrán, A.H.; Sánchez, P.M.S.; Castillo, M.A.; Bovet, G.; Pérez, G.M.; Stiller, B. Intelligent and behavioral-based detection of malware in IoT spectrum sensors. Int. J. Inf. Secur. 2023, 22, 541–561. [Google Scholar] [CrossRef]
- Tariq, N.; Asim, M.; Khan, F.A.; Baker, T.; Khalid, U.; Derhab, A. A blockchain-based multi-mobile code-driven trust mechanism for detecting internal attacks in internet of things. Sensors 2020, 21, 23. [Google Scholar] [CrossRef]
- Suprabhath Koduru, S.; Machina, V.S.P.; Madichetty, S. Cyber Attacks in Cyber-Physical Microgrid Systems: A Comprehensive Review. Energies 2023, 16, 4573. [Google Scholar] [CrossRef]
- Ali, A.; Khan, F.A. An improved EKG-based key agreement scheme for body area networks. In Proceedings of the Information Security and Assurance: 4th International Conference, ISA 2010, Miyazaki, Japan, 23–25 June 2010; Proceedings 4. Springer: Berlin/Heidelberg, Germany, 2010; pp. 298–308. [Google Scholar]
- Boopathi, S. Securing Healthcare Systems Integrated With IoT: Fundamentals, Applications, and Future Trends. In Dynamics of Swarm Intelligence Health Analysis for the Next Generation; IGI Global: Hershey, PA, USA, 2023; pp. 186–209. [Google Scholar]
- Wanjale, K.; Chitre, A.; Doshi, R. Opting for Industry 4.0: Challenge or Opportunity. In AI, IoT, Big Data and Cloud Computing for Industry 4.0; Springer: Cham, Switzerland, 2023; pp. 3–20. [Google Scholar]
- Ali, A.; Khan, F.A. A broadcast-based key agreement scheme using set reconciliation for wireless body area networks. J. Med Syst. 2014, 38, 33. [Google Scholar] [CrossRef] [PubMed]
- Yu, Z.; Gao, H.; Cong, X.; Wu, N.; Song, H.H. A Survey on Cyber-Physical Systems Security. IEEE Internet Things J. 2023, 4, 1802–1831. [Google Scholar] [CrossRef]
- Lydia, M.; Prem Kumar, G.E.; Selvakumar, A.I. Securing the cyber-physical system: A review. Cyber-Phys. Syst. 2023, 9, 193–223. [Google Scholar] [CrossRef]
- Sebestyen, G.; Hangan, A. Anomaly detection techniques in cyber-physical systems. Acta Univ. Sapientiae Inform. 2017, 9, 101–118. [Google Scholar] [CrossRef]
- Kwon, H.Y.; Kim, T.; Lee, M.K. Advanced intrusion detection combining signature-based and behavior-based detection methods. Electronics 2022, 11, 867. [Google Scholar] [CrossRef]
- Ahmad, S.; Ahmed, H. Robust intrusion detection for resilience enhancement of industrial control systems: An extended state observer approach. In Proceedings of the 2022 IEEE Texas Power and Energy Conference (TPEC), College Station, TX, USA, 28 February–1 March 2022; pp. 1–6. [Google Scholar]
- Medjek, F.; Tandjaoui, D.; Djedjig, N.; Romdhani, I. Fault-tolerant AI-driven intrusion detection system for the internet of things. Int. J. Crit. Infrastruct. Prot. 2021, 34, 100436. [Google Scholar] [CrossRef]
- Musleh, D.; Alotaibi, M.; Alhaidari, F.; Rahman, A.; Mohammad, R.M. Intrusion Detection System Using Feature Extraction with Machine Learning Algorithms in IoT. J. Sens. Actuator Networks 2023, 12, 29. [Google Scholar] [CrossRef]
- Apat, H.K.; Nayak, R.; Sahoo, B. A comprehensive review on Internet of Things application placement in Fog computing environment. Internet Things 2023, 23, 100866. [Google Scholar] [CrossRef]
- Sharma, D.K.; Dhurandher, S.K.; Kumaram, S.; Gupta, K.D.; Sharma, P.K. Mitigation of black hole attacks in 6LoWPAN RPL-based Wireless sensor network for cyber physical systems. Comput. Commun. 2022, 189, 182–192. [Google Scholar] [CrossRef]
- Arshad, D.; Asim, M.; Tariq, N.; Baker, T.; Tawfik, H.; Al-Jumeily OBE, D. THC-RPL: A lightweight Trust-enabled routing in RPL-based IoT networks against Sybil attack. PLoS ONE 2022, 17, e0271277. [Google Scholar] [CrossRef] [PubMed]
- Cao, L.; Jiang, X.; Zhao, Y.; Wang, S.; You, D.; Xu, X. A survey of network attacks on cyber-physical systems. IEEE Access 2020, 8, 44219–44227. [Google Scholar] [CrossRef]
- Groves, B.; Pu, C. A Gini index-based countermeasure against sybil attack in the internet of things. In Proceedings of the MILCOM 2019–2019 IEEE Military Communications Conference (MILCOM), Norfolk, VA, USA, 12–14 November 2019; pp. 1–6. [Google Scholar]
- Chinnaraju, G.; Nithyanandam, S. Grey Hole Attack Detection and Prevention Methods in Wireless Sensor Networks. Comput. Syst. Sci. Eng. 2022, 42, 373–386. [Google Scholar] [CrossRef]
- Savoudsou, B.; Tchakounté, F.; Yenke, B.O.; Yélémou, T.; Atemkeng, M. An Enhanced Dissection of Attacks in Wireless Sensor Networks. Int. J. Comput. Digit. Syst. 2023, 13, 1. [Google Scholar] [CrossRef]
- Garcia Ribera, E.; Martinez Alvarez, B.; Samuel, C.; Ioulianou, P.P.; Vassilakis, V.G. An Intrusion Detection System for RPL-Based IoT Networks. Electronics 2022, 11, 4041. [Google Scholar] [CrossRef]
- Hashemi, S.Y.; Shams Aliee, F. Dynamic and comprehensive trust model for IoT and its integration into RPL. J. Supercomput. 2019, 75, 3555–3584. [Google Scholar] [CrossRef]
- Kaliyar, P.; Jaballah, W.B.; Conti, M.; Lal, C. LiDL: Localization with early detection of sybil and wormhole attacks in IoT networks. Comput. Secur. 2020, 94, 101849. [Google Scholar] [CrossRef]
- Bang, A.O.; Rao, U.P.; Kaliyar, P.; Conti, M. Assessment of routing attacks and mitigation techniques with RPL control messages: A survey. ACM Comput. Surv. (CSUR) 2022, 55, 1–36. [Google Scholar] [CrossRef]
- Sujatha, V.; Anita, E.M.; Vinodha, D. Lightweight Trust Based Sybil Attack Detection Framework for Wireless Sensor Network with Cluster Topology. Period. Mineral. 2022, 91, 933–941. [Google Scholar]
- Smith, A.; Ramotsoela, T.; Hancke, G.P. Behavioural Intrusion Detection for Wireless Sensor Networks. In Proceedings of the 2021 IEEE 30th International Symposium on Industrial Electronics (ISIE), Kyoto, Japan, 20–23 June 2021; pp. 1–6. [Google Scholar]
- Sharma, S.; Verma, V.K. An integrated exploration on internet of things and wireless sensor networks. Wirel. Pers. Commun. 2022, 124, 2735–2770. [Google Scholar] [CrossRef]
- Sharma, G.; Vidalis, S.; Anand, N.; Menon, C.; Kumar, S. A survey on layer-wise security attacks in IoT: Attacks, countermeasures, and open-issues. Electronics 2021, 10, 2365. [Google Scholar] [CrossRef]
- Gamec, J.; Basan, E.; Basan, A.; Nekrasov, A.; Fidge, C.; Sushkin, N. An adaptive protection system for sensor networks based on analysis of neighboring nodes. Sensors 2021, 21, 6116. [Google Scholar] [CrossRef] [PubMed]
- Sanders, K.; Yau, S.S. An Effective Approach to Protecting Low-Power and Lossy IoT Networks Against Blackhole Attacks. In Proceedings of the 2021 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics), Melbourne, Australia, 6–8 December 2021; pp. 65–72. [Google Scholar]
- Kale, S. Detection of blackhole attack in IoT. Inf. Technol. Ind. 2021, 9, 700–709. [Google Scholar]
- Saputra, R.; Andika, J.; Alaydrus, M. Detection of Blackhole Attack in Wireless Sensor Network Using Enhanced Check Agent. In Proceedings of the 2020 Fifth International Conference on Informatics and Computing (ICIC), Gorontalo, Indonesia, 3–4 November 2020; pp. 1–4. [Google Scholar]
- Wagle, S.; Bazilraj, A.; Ray, K. Energy efficient security solution for attacks on Wireless Sensor Networks. In Proceedings of the 2021 2nd International Conference on Advances in Computing, Communication, Embedded and Secure Systems (ACCESS), Ernakulam, India, 2–4 September 2021; pp. 313–318. [Google Scholar]
- Makkar, A.; Ghosh, U.; Rawat, D.B.; Abawajy, J.H. Fedlearnsp: Preserving privacy and security using federated learning and edge computing. IEEE Consum. Electron. Mag. 2021, 11, 21–27. [Google Scholar] [CrossRef]
- Makkar, A.; Ghosh, U.; Sharma, P.K.; Javed, A. A fuzzy-based approach to enhance cyber defence security for next-generation IoT. IEEE Internet Things J. 2021, 10, 2079–2086. [Google Scholar] [CrossRef]
- Dixit, M.K.; Singh, U.K.; Pandya, B.K.; Disawal, M.S. Attack Taxonomy for Cyber-Physical System. Ijraset J. Res. Appl. Sci. Eng. Technol. 2021. [Google Scholar] [CrossRef]
- Pandey, D.; Kushwaha, V. Impact of Security Attacks on Congestion in Wireless Sensor Networks. In Intelligent Cyber Physical Systems and Internet of Things: ICoICI 2022; Springer: Cham, Switzerland, 2023; pp. 721–732. [Google Scholar]
- Chennam, K.K.; Taranum, F.; Hijab, M. An Overview of Cyber Physical System (CPS) Security, Threats, and Solutions. In Convergence of Deep Learning In Cyber-IoT Systems and Security; John Wiley & Sons: Hoboken, NJ, USA, 2022; pp. 415–433. [Google Scholar]
- Saeed, U.; Jan, S.U.; Lee, Y.D.; Koo, I. Fault diagnosis based on extremely randomized trees in wireless sensor networks. Reliab. Eng. Syst. Saf. 2021, 205, 107284. [Google Scholar] [CrossRef]
- Ribera, E.G.; Alvarez, B.M.; Samuel, C.; Ioulianou, P.P.; Vassilakis, V.G. Heartbeat-based detection of blackhole and greyhole attacks in RPL networks. In Proceedings of the 2020 12th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP), Porto, Portugal, 20–22 July 2020; pp. 1–6. [Google Scholar]
- Pasikhani, A.M.; Clark, J.A.; Gope, P.; Alshahrani, A. Intrusion detection systems in RPL-based 6LoWPAN: A systematic literature review. IEEE Sens. J. 2021, 21, 12940–12968. [Google Scholar] [CrossRef]
- Aly, M.; Khomh, F.; Haoues, M.; Quintero, A.; Yacout, S. Enforcing security in Internet of Things frameworks: A systematic literature review. Internet Things 2019, 6, 100050. [Google Scholar] [CrossRef]
- Jilani, S.A.; Koner, C.; Nandi, S. Security in wireless sensor networks: Attacks and evasion. In Proceedings of the 2020 National Conference on Emerging Trends on Sustainable Technology and Engineering Applications (NCETSTEA), Durgapur, India, 7–8 February 2020; pp. 1–5. [Google Scholar]
- Sivaganesan, D. A data driven trust mechanism based on blockchain in IoT sensor networks for detection and mitigation of attacks. J. Trends Comput. Sci. Smart Technol. (TCSST) 2021, 3, 59–69. [Google Scholar]
- Alzoubi, Y.I.; Al-Ahmad, A.; Jaradat, A. Fog computing security and privacy issues, open challenges, and blockchain solution: An overview. Int. J. Electr. Comput. Eng. (2088-8708) 2021, 11, 5081–5088. [Google Scholar] [CrossRef]
- Guo, H.; Yu, X. A survey on blockchain technology and its security. Blockchain Res. Appl. 2022, 3, 100067. [Google Scholar] [CrossRef]
- Liu, Y.; Wang, J.; Yan, Z.; Wan, Z.; Jäntti, R. A Survey on Blockchain-based Trust Management for Internet of Things. IEEE Internet Things J. 2023, 10, 5898–5922. [Google Scholar] [CrossRef]
- Gong, J.; Navimipour, N.J. An in-depth and systematic literature review on the blockchain-based approaches for cloud computing. Clust. Comput. 2022, 25, 383–400. [Google Scholar] [CrossRef]
- Khan, A.A.; Laghari, A.A.; Shaikh, Z.A.; Dacko-Pikiewicz, Z.; Kot, S. Internet of Things (IoT) security with blockchain technology: A state-of-the-art review. IEEE Access 2022, 10, 122679–122695. [Google Scholar] [CrossRef]
- Dorri, A.; Luo, F.; Kanhere, S.S.; Jurdak, R.; Dong, Z.Y. SPB: A secure private blockchain-based solution for distributed energy trading. IEEE Commun. Mag. 2019, 57, 120–126. [Google Scholar] [CrossRef]
- Dedeoglu, V.; Dorri, A.; Jurdak, R.; Michelin, R.A.; Lunardi, R.C.; Kanhere, S.S.; Zorzo, A.F. A journey in applying blockchain for cyberphysical systems. In Proceedings of the 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS), Bengaluru, India, 7–11 January 2020; pp. 383–390. [Google Scholar]
- Rathore, H.; Mohamed, A.; Guizani, M. A survey of blockchain enabled cyber-physical systems. Sensors 2020, 20, 282. [Google Scholar] [CrossRef] [PubMed]
- Das, D.; Banerjee, S.; Chatterjee, P.; Ghosh, U.; Biswas, U.; Mansoor, W. Security, trust, and privacy management framework in cyber-physical systems using blockchain. In Proceedings of the 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 8–11 January 2023; pp. 1–6. [Google Scholar]
- Bhutta, M.N.M.; Khwaja, A.A.; Nadeem, A.; Ahmad, H.F.; Khan, M.K.; Hanif, M.A.; Song, H.; Alshamari, M.; Cao, Y. A survey on blockchain technology: Evolution, architecture and security. IEEE Access 2021, 9, 61048–61073. [Google Scholar] [CrossRef]
- Rahman, Z.; Khalil, I.; Yi, X.; Atiquzzaman, M. Blockchain-based security framework for a critical industry 4.0 cyber-physical system. IEEE Commun. Mag. 2021, 59, 128–134. [Google Scholar] [CrossRef]
- Lyon, M.; Cheung, L.C.; Gastwirth, J.L. The advantages of using group means in estimating the Lorenz curve and Gini index from grouped data. Am. Stat. 2016, 70, 25–32. [Google Scholar] [CrossRef]
- Hassan, M.; Tariq, N.; Alsirhani, A.; Alomari, A.; Khan, F.A.; Alshahrani, M.M.; Ashraf, M.; Humayun, M. GITM: A Gini Index-Based Trust Mechanism To Mitigate And Isolate Sybil Attack In RPL-Enabled Smart Grid Advanced Metering Infrastructures. IEEE Access 2023, 11, 62697–62720. [Google Scholar] [CrossRef]
- Jahangeer, A.; Bazai, S.U.; Aslam, S.; Marjan, S.; Anas, M.; Hashemi, S.H. A Review on the Security of IoT Networks: From Network Layer’s Perspective. IEEE Access 2023, 11, 71073–71087. [Google Scholar] [CrossRef]
- Sharif, Z.; Jung, L.T.; Ayaz, M.; Yahya, M.; Pitafi, S. Priority-based task scheduling and resource allocation in edge computing for health monitoring system. J. King Saud Univ.-Comput. Inf. Sci. 2023, 35, 544–559. [Google Scholar] [CrossRef]
- Liu, T.; Gu, T.; Jin, N.; Zhu, Y. A mixed transmission strategy to achieve energy balancing in wireless sensor networks. IEEE Trans. Wirel. Commun. 2017, 16, 2111–2122. [Google Scholar] [CrossRef]
- Liang, X. Emerging power quality challenges due to integration of renewable energy sources. IEEE Trans. Ind. Appl. 2016, 53, 855–866. [Google Scholar] [CrossRef]
- Chen, X.; Zhu, F.; Chen, Z.; Min, G.; Zheng, X.; Rong, C. Resource allocation for cloud-based software services using prediction-enabled feedback control with reinforcement learning. IEEE Trans. Cloud Comput. 2020, 10, 1117–1129. [Google Scholar] [CrossRef]
- Du, H.; Lin, T.; Li, Q.; Fu, X.; Xu, X.; Cheng, J. Transmission expansion planning for power grids considering resilience enhancement. Electr. Power Syst. Res. 2022, 211, 108218. [Google Scholar] [CrossRef]
- Battula, S.K.; Naha, R.K.; KC, U.; Hameed, K.; Garg, S.; Amin, M.B. Mobility-Based Resource Allocation and Provisioning in Fog and Edge Computing Paradigms: Review, Challenges, and Future Directions. Mobile Edge Computing; Springer: Cham, Switzerland, 2021; pp. 251–279. [Google Scholar]
- Hojeij, M.R. Resource Allocation Techniques for Non-Orthogonal Multiple Access Systems. Ph.D. Thesis, Ecole Nationale Supérieure Mines-Télécom Atlantique, Nantes, Franch, 2018. [Google Scholar]
- Taherdoost, H. Smart Contracts in Blockchain Technology: A Critical Review. Information 2023, 14, 117. [Google Scholar] [CrossRef]
- Shirvani, M.H.; Masdari, M. A survey study on trust-based security in Internet of Things: Challenges and issues. Internet Things 2023, 21, 100640. [Google Scholar] [CrossRef]
- Mohammed, M.H.S. A hybrid framework for securing data transmission in Internet of Things (IoTs) environment using blockchain approach. In Proceedings of the 2021 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), Toronto, ON, Canada, 21–24 April 2021; pp. 1–10. [Google Scholar]
- Luecking, M.; Fries, C.; Lamberti, R.; Stork, W. Decentralized identity and trust management framework for Internet of Things. In Proceedings of the 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Toronto, ON, Canada, 2–6 May 2020; pp. 1–9. [Google Scholar]
- Laroui, M.; Nour, B.; Moungla, H.; Cherif, M.A.; Afifi, H.; Guizani, M. Edge and fog computing for IoT: A survey on current research activities & future directions. Comput. Commun. 2021, 180, 210–231. [Google Scholar]
- Sadeeq, M.M.; Abdulkareem, N.M.; Zeebaree, S.R.; Ahmed, D.M.; Sami, A.S.; Zebari, R.R. IoT and Cloud computing issues, challenges and opportunities: A review. Qubahan Acad. J. 2021, 1, 1–7. [Google Scholar] [CrossRef]
- Kavitha, A.; Reddy, V.B.; Singh, N.; Gunjan, V.K.; Lakshmanna, K.; Khan, A.A.; Wechtaisong, C. Security in IoT mesh networks based on trust similarity. IEEE Access 2022, 10, 121712–121724. [Google Scholar] [CrossRef]
- Boualam, S.R.; Ouaissa, M.; Ouaissa, M.; Ezzouhairi, A. A Survey on Security Aspects in RPL Protocol Over IoT Networks. In Big Data Analytics and Computational Intelligence for Cybersecurity; Springer: Cham, Switzerland, 2022; pp. 31–40. [Google Scholar]
- Habib, M.K.; Chimsom, C. CPS: Role, characteristics, architectures and future potentials. Procedia Comput. Sci. 2022, 200, 1347–1358. [Google Scholar] [CrossRef]
- Singh, A.K.; Pamula, R.; Srivastava, G. An adaptive energy aware DTN-based communication layer for cyber-physical systems. Sustain. Comput. Informatics Syst. 2022, 35, 100657. [Google Scholar] [CrossRef]
- Sharma, U.; Nand, P.; Chatterjee, J.M.; Jain, V.; Jhanjhi, N.Z.; Sujatha, R. Cyber-Physical Systems: Foundations and Techniques; John Wiley & Sons: Hoboken, NJ, USA, 2022. [Google Scholar]
- Abdullah, A.S.; Parkavi, R.; Saranya, T.; Priyadharshini, P.; Ansari, A. Data Analytics and Its Applications in Cyber-Physical Systems. In Cyber-Physical Systems and Industry 4.0: Practical Applications and Security Management; Apple Academic Press: Waretown, NJ, USA, 2022; p. 115. [Google Scholar]
- Nandhini, R.S.; Lakshmanan, R. A Review of the Integration of Cyber-Physical System and Internet of Things. Int. J. Adv. Comput. Sci. Appl. 2022, 13, 459–465. [Google Scholar] [CrossRef]
- Zhang, K.; Shi, Y.; Karnouskos, S.; Sauter, T.; Fang, H.; Colombo, A.W. Advancements in industrial cyber-physical systems: An overview and perspectives. IEEE Trans. Ind. Inform. 2022, 19, 716–729. [Google Scholar] [CrossRef]
- Abhijith, V.; Sowmiya, B.; Sudersan, S.; Thangavel, M.; Varalakshmi, P. A review on security issues in healthcare cyber-physical systems. In Cyber Intelligence and Information Retrieval: Proceedings of CIIR 2021; Springer: Singapore, 2022; pp. 37–48. [Google Scholar]
- Duo, W.; Zhou, M.; Abusorrah, A. A survey of cyber attacks on cyber physical systems: Recent advances and challenges. IEEE/CAA J. Autom. Sin. 2022, 9, 784–800. [Google Scholar] [CrossRef]
- Lepore, D.; Dolui, K.; Tomashchuk, O.; Shim, H.; Puri, C.; Li, Y.; Chen, N.; Spigarelli, F. Interdisciplinary research unlocking innovative solutions in healthcare. Technovation 2023, 120, 102511. [Google Scholar] [CrossRef]
- Kotzias, K.; Bukhsh, F.A.; Arachchige, J.J.; Daneva, M.; Abhishta, A. Industry 4.0 and healthcare: Context, applications, benefits and challenges. IET Softw. 2023, 17, 195–248. [Google Scholar] [CrossRef]
- Hartmann, M.; Hashmi, U.S.; Imran, A. Edge computing in smart health care systems: Review, challenges, and research directions. Trans. Emerg. Telecommun. Technol. 2022, 33, e3710. [Google Scholar] [CrossRef]
- Ali, M.; Naeem, F.; Tariq, M.; Kaddoum, G. Federated learning for privacy preservation in smart healthcare systems: A comprehensive survey. IEEE J. Biomed. Health Inform. 2022, 27, 778–789. [Google Scholar] [CrossRef] [PubMed]
- Raghuvanshi, A.; Singh, U.K.; Joshi, C. A review of various security and privacy innovations for IoT applications in healthcare. In Advanced Healthcare Systems: Empowering Physicians with IoT-Enabled Technologies; Wiley Online Library: Hoboken, NJ, USA, 2022; pp. 43–58. [Google Scholar]
- Al-Rawashdeh, M.; Keikhosrokiani, P.; Belaton, B.; Alawida, M.; Zwiri, A. IoT adoption and application for smart healthcare: A systematic review. Sensors 2022, 22, 5377. [Google Scholar] [CrossRef] [PubMed]
- Mohammed, B.G.; Hasan, D.S. Smart Healthcare Monitoring System Using IoT. Int. J. Interact. Mob. Technol. (iJIM) 2023, 17, 141–152. [Google Scholar] [CrossRef]
- Dwivedi, R.; Mehrotra, D.; Chandra, S. Potential of Internet of Medical Things (IoMT) applications in building a smart healthcare system: A systematic review. J. Oral Biol. Craniofacial Res. 2022, 12, 302–318. [Google Scholar] [CrossRef] [PubMed]
- Kamruzzaman, M.; Yan, B.; Sarker, M.N.I.; Alruwaili, O.; Wu, M.; Alrashdi, I. Blockchain and fog computing in IoT-driven healthcare services for smart cities. J. Healthc. Eng. 2022, 2022, 9957888. [Google Scholar] [CrossRef]
- Singh, S.; Sharma, S.K.; Mehrotra, P.; Bhatt, P.; Kaurav, M. Blockchain technology for efficient data management in healthcare system: Opportunity, challenges and future perspectives. Mater. Today Proc. 2022, 62, 5042–5046. [Google Scholar] [CrossRef]
- Singh, K.D.; Singh, P.; Chhabra, R.; Kaur, G.; Bansal, A.; Tripathi, V. Cyber-Physical Systems for Smart City Applications: A Comparative Study. In Proceedings of the 2023 International Conference on Advancement in Computation & Computer Technologies (InCACCT), Gharuan, India, 5–6 May 2023; pp. 871–876. [Google Scholar] [CrossRef]
- Ch, R.; Srivastava, G.; Nagasree, Y.L.V.; Ponugumati, A.; Ramachandran, S. Robust cyber-physical system enabled smart healthcare unit using blockchain technology. Electronics 2022, 11, 3070. [Google Scholar] [CrossRef]
- Rani, S.; Chauhan, M.; Kataria, A.; Khang, A. IoT equipped intelligent distributed framework for smart healthcare systems. In Towards the Integration of IoT, Cloud and Big Data: Services, Applications and Standards; Springer: Singapore, 2023; pp. 97–114. [Google Scholar]
- Quy, V.K.; Hau, N.V.; Anh, D.V.; Ngoc, L.A. Smart healthcare IoT applications based on fog computing: Architecture, applications and challenges. Complex Intell. Syst. 2022, 8, 3805–3815. [Google Scholar] [CrossRef]
- Kim, S.; Park, K.J.; Lu, C. A survey on network security for cyber–physical systems: From threats to resilient design. IEEE Commun. Surv. Tutorials 2022, 24, 1534–1573. [Google Scholar] [CrossRef]
- Li, G.; Ren, L.; Fu, Y.; Yang, Z.; Adetola, V.; Wen, J.; Zhu, Q.; Wu, T.; Candan, K.S.; O’Neill, Z. A critical review of cyber-physical security for building automation systems. Annu. Rev. Control. 2023, 55, 237–254. [Google Scholar] [CrossRef]
- Katulić, F.; Sumina, D.; Groš, S.; Erceg, I. Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes. IEEE Access 2023, 11, 47007–47023. [Google Scholar] [CrossRef]
- Moin, A.; Badii, A.; Günnemann, S.; Challenger, M. AI-Enabled Software and System Architecture Frameworks: Focusing on smart Cyber-Physical Systems (CPS). arXiv 2023, arXiv:2308.05239. [Google Scholar]
- Bao, Y.; Qiu, W.; Cheng, X. Privacy-preserving and fine-grained data sharing for resource-constrained healthcare CPS devices. Expert Syst. 2023, 40, e13220. [Google Scholar] [CrossRef]
- Alshaibi, A.; Al-Ani, M.; Al-Azzawi, A.; Konev, A.; Shelupanov, A. The comparison of cybersecurity datasets. Data 2022, 7, 22. [Google Scholar] [CrossRef]
- Tharot, K.; Duong, Q.B.; Riel, A.; Thiriet, J.M. A Low-Cost Environment for Teaching Fundamental Cybersecurity Concepts in CPS. In European Conference on Software Process Improvement; Springer: Cham, Switzerland, 2023; pp. 356–365. [Google Scholar]
- Verma, R. Smart city healthcare cyber physical system: Characteristics, technologies and challenges. Wirel. Pers. Commun. 2022, 122, 1413–1433. [Google Scholar] [CrossRef]
- Samarpita, S.; Mishra, R.; Satpathy, R.; Pati, B. Security Issues and Privacy Challenges of Cyber-Physical System in Smart Healthcare Applications. In Big Data Analytics in Intelligent IoT and Cyber-Physical Systems; Springer: Singapore, 2023; pp. 73–87. [Google Scholar]
Reference | Technique | Attack | Centralized | Network Life | Scalability | Computation OH | Message OH | Energy OH |
---|---|---|---|---|---|---|---|---|
[17] | Trust | Internal | × | Medium | ✓ | Low | High | High |
[32] | Trust | Sybil | ✓ | Low | × | High | High | High |
[35] | Trust | Greyhole | ✓ | Low | × | High | High | High |
[36] | Trust | Blackhole | ✓ | Low | × | High | High | High |
[37] | Trust | Multiple | ✓ | Low | × | High | High | High |
[43] | Trust | Multiple | ✓ | Low | × | High | High | High |
[46] | Trust | Blackhole | ✓ | Low | × | Low | High | High |
[47] | Trust | Blackhole | × | Low | × | High | High | High |
[49] | Trust | Multiple | ✓ | Low | × | Low | High | High |
[54] | Trust | Blackhole | ✓ | Low | × | High | High | High |
[57] | Trust | Multiple | ✓ | Low | × | Low | High | High |
[58] | Trust | Multiple | ✓ | Low | × | High | High | High |
[59] | Trust | Multiple | ✓ | Low | × | High | High | High |
[60] | Trust | Multiple | ✓ | Low | × | High | High | High |
[61] | Trust | Multiple | × | Low | × | High | High | High |
Reference | Year | Pros | Cons | Practicality | Real-Time Applications |
---|---|---|---|---|---|
[17] | 2020 | Leverages blockchain for secure and tamper-proof storage of trust information. | Need for further validation and evaluation in real-world IoT scenarios. | ✓ | ✓ |
[60] | 2021 | Uses data-driven approaches to detect and mitigate attacks. | Need for practical implementation and evaluation in real-world IoT deployments. | ✓ | ✓ |
[61] | 2021 | Explores security concerns in fog computing and potential solutions using blockchain. | Lack of in-depth analysis and specific implementation details for blockchain solutions in fog computing. | ✓ | ✓ |
[62] | 2022 | Explores the applications, benefits, and challenges of blockchain. | Some security aspects discussed may become outdated over time. | × | × |
[63] | 2023 | Analyzes the challenges and opportunities of integrating blockchain into trust-management systems. | Fast-evolving nature of blockchain and IoT technologies may require frequent updates. | ✓ | ✓ |
[64] | 2022 | Identifies the benefits, challenges, and potential applications of integrating blockchain with cloud computing. | Findings may become outdated due to the rapidly evolving nature of blockchain technology. | × | × |
[65] | 2022 | Presents an overview of blockchain-based security solutions for IoT. | Lack of empirical evaluations and case studies to demonstrate the practical effectiveness of reviewed approaches. | × | × |
Symbol | Meaning |
---|---|
I | Gini index (inequality of flow distribution in CPS network) |
Proportion of flow i in the network | |
Drop rate (the rate at which network packets are dropped or rejected) | |
L | Latency (delay experienced by packets during transmission) |
T | Throughput (success rate of data transmission across the network) |
Gini index value of node m | |
Packet loss rate of node m | |
Latency of node m | |
Throughput of node m | |
G | Set of Gini index values for all nodes in the CPS network |
Average Gini index value of all nodes in the CPS network | |
N | Set of entities in the system |
Trust values assigned to each entity in N | |
D | Set of dropped packets for each entity in N |
E | Set of energy consumption values for each entity in N |
O | Set of message overhead values for each entity in N |
Gini index value of node m at time T | |
Packet loss rate of node m at time T | |
Latency of node m at time T | |
Throughput of node m at time T | |
Threshold value for node m | |
Average value for the Gini index |
Parameter | Description |
---|---|
PDR | Packet Drop Rate |
EC | Energy Consumption |
EED | End-to-End Delay |
L | Latency |
Model Type | Advantages | Disadvantages |
---|---|---|
Centralized [83] | Simplicity: Straightforward and easy to implement, especially for smaller-scale smart healthcare CPS. Control: Allows for easier management and coordination of security measures. | Single point of failure (SPOF): The centralized entity becomes an SPOF. Scalability issues: Challenges in scaling up for larger and more complex healthcare systems. |
Hybrid [84] | Combines centralization and decentralization: Offers a balance between control and resilience. Scalability: More scalable than a purely centralized approach. | Complexity: Introduces complexity due to integration between centralized and decentralized components. |
Fully Decentralized [85] | Resilience: More resilient against SPOF. Security: Improved security due to the absence of a central authority. | Complexity: Complex to implement and manage. Scalability challenges: Challenges, especially in large-scale smart healthcare CPS. |
Fog Computing [86] | Reduced latency: Reduces latency and improves real-time decision making. Enhanced privacy: Reduces the need to transmit sensitive information across the network. | Consistency challenges: Ensuring consistent trust assessments across edge devices may require additional coordination mechanisms. |
Cloud-Based [87] | Scalability: Allows for scalability by leveraging cloud resources. Resource management: Can better manage computational resources. | Dependency on cloud service providers (CSP): Reliance on external CSPs introduces a dependency. Security concerns: Security concerns due to the centralization of data. |
Mesh Network [88] | Redundancy: Provides redundancy and resilience. Adaptability: Well-suited for dynamic healthcare environments. | Complex routing: Challenges in ensuring timely and efficient communication for trust parameter exchange. Resource consumption: Consumes more energy and resources compared to other models. |
Trust Value | Trust Status |
---|---|
0.7–1 | Poor Trust |
0.5–0.6 | Less Fair Trust |
0.2–0.4 | Fair Trust |
0.0–0.2 | Good Trust |
Simulation Parameters | Value |
---|---|
OS/Platform | Linux |
Simulation Software | Cooja 3.0 |
Nodes Used | 30–90 |
Simulated Attacks | Blackhole and Greyhole |
Attacker to Normal Node Ratio | 1:10 |
Receive Ratio | 30–100% |
Transmit Ratio | 100% |
Transmission Range | 50 m |
Range of Interference | 50 m |
Protocol Used for Routing | RPL |
Routine Trust Calculation | 10 msec |
Trickle Timer | 5 msec |
Initial Node Energy | 100 J |
Tx Energy | 0.0010875 mJ/bit |
Rx Energy | 0.0009 mJ/bit |
Standby Energy | 0.708 mJ/s |
Used Networking protocol | Internet Protocol-based |
Time for Simulation | 60 min |
Reference Technique | BCPS-RPL [31] |
Proposed Technique | GBG-RPL |
Node Type | Assigned Role |
---|---|
Full Node |
|
Root Node |
|
Resource-Constrained Node |
|
Role | Responsibility |
---|---|
Healthcare Data Providers (Hospitals, Clinics, Laboratories) | Ensure data quality, integrity, and compliance with health regulations. |
Smart Contract Developers | Design, develop, and maintain the GBG-RPL framework’s smart contracts and ensure the security and scalability of the blockchain infrastructure. |
Data Scientists and Analysts | Optimize algorithms for the GBG-RPL framework and generate reports and visualizations for healthcare stakeholders. |
Smart Contract Auditors | Review and audit the smart contracts of the GBG-RPL framework to identify and rectify security vulnerabilities. |
Healthcare Regulators | Monitor the implementation of the GBG-RPL framework to ensure compliance with healthcare regulations and data protection laws. |
Healthcare Providers (Doctors, Nurses, and Caregivers) | Use the insights from the GBG-RPL framework to improve patient care. |
Patients and Healthcare Consumers | Provide feedback on the usability and relevance of the index. |
Type | Description | Security Aspect |
---|---|---|
Access Controls and Identity Management [69] | Ensure communication access to authorized entities within the CPS. | Prevent unauthorized access and establish trusted communication channels. |
TLS and SSL [113] | Provide encryption and authentication for end-to-end security of data in transit. | Protect against eavesdropping and MITM attacks. |
MAC and Digital Signatures [114] | Verify the authenticity and integrity of transmitted messages. | Ensure that data remain unchanged and originate from a legitimate source. |
VPNs [115] | Create encrypted tunnels between nodes. | Enhance privacy and security. |
PKC [116] | Ensures that data remain confidential from the point of origin to the destination. | Minimize the risk of interception and unauthorized access. |
SSH [117] | Encrypts communication sessions for remote access and command execution. | Adds an extra layer of protection against unauthorized access and data tampering. |
Network Segmentation [118] | Divides the network into segments with restricted access. | Limits the impact of unauthorized access and reduces the attack surface. |
Sequence of Integration | Purpose | Actions |
---|---|---|
Assess Existing Infrastructure | Understanding of the current architecture, components, and communication protocols of the smart healthcare CPS. | Conduct a thorough assessment of the existing infrastructure. |
Identify Integration Points | Determine specific points within the smart healthcare CPS where the GBG-RPL framework would be integrated. | Identify areas such as trust-management modules and communication interfaces where the GBG-RPL can be integrated. |
Define Data Exchange Protocols | Establish standardized protocols for the exchange of data between the GBG-RPL framework and existing components of the smart healthcare CPS. | Define communication standards, data formats, and protocols to ensure interoperability. |
Adapt GBG-RPL to the Healthcare Domain | Tailor the GBG-RPL algorithms and parameters to suit the specific requirements and characteristics of healthcare. | Customize the GBG-RPL to handle healthcare-related trust metrics. |
Ensure Security Measures | Address security considerations to protect healthcare data and maintain the integrity of trust assessments. | Implement hashing and layered architecture to safeguard data exchanged between the Gini index and other components. |
Testing and Validation | Verify the integration’s functionality, performance, and security through comprehensive testing. | Conduct integration testing to validate compatibility with existing CPS components. |
User Training and Adoption | Prepare healthcare professionals, administrators, and other users for the introduction of the proposed framework, ensuring they understand its role and benefits. | Provide training sessions, workshops, and documentation. |
Test Deployment | Conduct a test deployment in a controlled environment. | Deploy the proposed framework on a limited scale, monitor its operation, and collect feedback. |
Optimization and Full Deployment | Implement necessary optimizations based on feedback. | Make refinements to the integration. |
Metric | GBG-RPL | BCPS-RPL | % Improvement |
---|---|---|---|
Packet Loss Ratio | 0.375 | 0.404 | 7.18% |
Residual Energy | 0.635 | 0.559 | 11.97% |
Energy Consumption | 0.04768 | 0.0591 | 19.27% |
Attack-Detection Rate | 0.77 | 0.688 | 10.65% |
Avg. Attack-Detection Time (30 nodes) | 14.33 | 17.67 | 18.88% |
Message Overhead | 9435 | 12050 | 21.65% |
End-to-End Delay (30 nodes) | 0.907 | 1.267 | 28.34% |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Javed, M.; Tariq, N.; Ashraf, M.; Khan, F.A.; Asim, M.; Imran, M. Securing Smart Healthcare Cyber-Physical Systems against Blackhole and Greyhole Attacks Using a Blockchain-Enabled Gini Index Framework. Sensors 2023, 23, 9372. https://doi.org/10.3390/s23239372
Javed M, Tariq N, Ashraf M, Khan FA, Asim M, Imran M. Securing Smart Healthcare Cyber-Physical Systems against Blackhole and Greyhole Attacks Using a Blockchain-Enabled Gini Index Framework. Sensors. 2023; 23(23):9372. https://doi.org/10.3390/s23239372
Chicago/Turabian StyleJaved, Mannan, Noshina Tariq, Muhammad Ashraf, Farrukh Aslam Khan, Muhammad Asim, and Muhammad Imran. 2023. "Securing Smart Healthcare Cyber-Physical Systems against Blackhole and Greyhole Attacks Using a Blockchain-Enabled Gini Index Framework" Sensors 23, no. 23: 9372. https://doi.org/10.3390/s23239372