Secure Data Aggregation Using Authentication and Authorization for Privacy Preservation in Wireless Sensor Networks

Existing secure data aggregation protocols are weaker to eliminate data redundancy and protect wireless sensor networks (WSNs). Only some existing approaches have solved this singular issue when aggregating data. However, there is a need for a multi-featured protocol to handle the multiple problems of data aggregation, such as energy efficiency, authentication, authorization, and maintaining the security of the network. Looking at the significant demand for multi-featured data aggregation protocol, we propose secure data aggregation using authentication and authorization (SDAAA) protocol to detect malicious attacks, particularly cyberattacks such as sybil and sinkhole, to extend network performance. These attacks are more complex to address through existing cryptographic protocols. The proposed SDAAA protocol comprises a node authorization algorithm that permits legitimate nodes to communicate within the network. This SDAAA protocol's methods help improve the quality of service (QoS) parameters. Furthermore, we introduce a mathematical model to improve accuracy, energy efficiency, data freshness, authorization, and authentication. Finally, our protocol is tested in an intelligent healthcare WSN patient-monitoring application scenario and verified using an OMNET++ simulator. Based upon the results, we confirm that our proposed SDAAA protocol attains a throughput of 444 kbs, representing a 98% of data/network channel capacity rate; an energy consumption of 2.6 joules, representing 99% network energy efficiency; an effected network of 2.45, representing 99.5% achieved overall performance of the network; and time complexity of 0.08 s, representing 98.5% efficiency of the proposed SDAAA approach. By contrast, contending protocols such as SD, EEHA, HAS, IIF, and RHC have throughput ranges between 415-443, representing 85-90% of the data rate/channel capacity of the network; energy consumption in the range of 3.0-3.6 joules, representing 88-95% energy efficiency of the network; effected network range of 2.98, representing 72-89% improved overall performance of the network; and time complexity in the range of 0.20 s, representing 72-89% efficiency of the proposed SDAAA approach. Therefore, our proposed SDAAA protocol outperforms other known approaches, such as SD, EEHA, HAS, IIF, and RHC, designed for secure data aggregation in a similar environment.

Messaging White and Black Next of Kin in Advance to Promote Authorization for Tissue Donation

Introduction: Organ Procurement Organizations seek authorization for tissue donation from next-of-kin of deceased patients. Best practices for achieving contact and authorization are unknown, notably, authorization rates are lower for Black compared to White patients. Research Questions: Can next-of-kin (NOK) contact and authorization rates be improved if they are texted prior to telephone contact? Is a text message containing an infographic more effective, and does an infographic culturally tailored to Black families improve contact and authorization rates in the Black population? Design: This three-armed randomized trial compared (1) telephonic contact initiation (control condition); (2) generic text messaging prior to telephonic contact; and (3) text messaging one of two versions of an infographic prior to telephonic contact: (a) a generic infographic or (b) a culturally tailored infographic (sent to Black NOK only) at one Northeastern Organ Procurement Organization. Results: Tissue Donation Professionals (N = 47) and 2399 White and 745 Black NOK were included, of which 35.6% were registered donors. Authorization rates were much higher for White than Black (40.1% v 16.3%, P < 0.0001). The generic infographic resulted in significantly lower rates of contact for White NOK compared to the control condition 83.5% v 89.5%, P = 0.002), but study arm assignments were not otherwise associated with differences in contact or authorization rates. Conclusion: Although the analysis did not find a benefit for text messaging, it is possible that training for staff making requests and refining the content of the messaging could be more effective.

Public perceptions of the FDA's marketing authorization of Vuse on Twitter/X

Introduction

On October 12, 2021, the FDA issued its first marketing granted orders for Vuse, the e-cigarette product by R.J. Reynolds Vapor Company. The public perceptions and reactions to the FDA's Vuse authorization are prevalent on social media platforms such as Twitter/X. We aim to understand public perceptions of the FDA's Vuse authorization in the US using Twitter/X data.

Methods

Through the Twitter/X streaming API (Application Programming Interface), 3,852 tweets between October 12, 2021, and October 23, 2021, were downloaded using the keyword of Vuse. With the elimination of retweets, irrelevant tweets, and tweets from other countries, the final dataset consisted of 523 relevant tweets from the US. Based on their attitudes toward the FDA authorization on Vuse, these tweets were coded into three major categories: positive, negative, and neutral. These tweets were further manually classified into different categories based on their contents.

Results

There was a large peak on Twitter/X mentioning FDA's Vuse authorization on October 13, 2021, just after the authorization was announced. Of the 523 US tweets related to FDA's Vuse authorization, 6.12% (n=32) were positive, 26.77% (n=140) were negative, and 67.11% (n=351) were neutral. In positive tweets, the dominant subcategory was Cessation Claims (n=18, 56.25%). In negative tweets, the topics Health Risk (n=43, 30.71%), Criticize Authorization (n=42, 30.00%), and Big Tobacco (n=40, 38.57%) were the major topics. News (n=271, 77.21%) was the most prevalent topic among neutral tweets. In addition, tweets with a positive attitude tend to have more likes.

Discussion

Public perceptions and discussions on Twitter/X regarding the FDA's Vuse authorization in the US showed that Twitter/X users were more likely to show a negative than a positive attitude with a major concern about health risks.

European Union Legislation for the Welfare of Animals Used for Scientific Purposes: Areas Identified for Further Discussion

The Directive 2010/63/EU of the European Parliament and of the Council has been in force for more than a decade and has brought about significant improvements and novel requirements for the welfare of animals used for scientific purposes, while safeguarding research integrity. The Directive sets clear provisions for its scope, the authorization procedures, animal welfare bodies, national committees, cost/benefit analysis, severity classification, retrospective assessment, and statistical reporting, among many others. From this perspective, indicative areas in the existing legislative texts and guidance documents, which may influence animal welfare and scientific integrity, have been identified by the authors after years of working in this field. Suggested solutions to address these areas by potential future revisions in the legislation or other actions to benefit animal welfare are discussed, with the aim to clarify and simplify them for all stakeholders involved.

A Smart Image Encryption Technology via Applying Personal Information and Speaker-Verification System

In this paper, a framework for authorization and personal image protection that applies user accounts, passwords, and personal I-vectors as the keys for ciphering the image content was developed and connected. There were two main systems in this framework. The first involved a speaker verification system, wherein the user entered their account information and password to log into the system and provided a short voice sample for identification, and then the algorithm transferred the user's voice (biometric) features, along with their account and password details, to a second image encryption system. For the image encryption process, the account name and password presented by the user were applied to produce the initial conditions for hyper-chaotic systems to generate private keys for image-shuffling and ciphering. In the final stage, the biometric features were also applied to protect the content of the image, so the encryption technology would be more robust. The final results of the encryption system were acceptable, as a lower correlation was obtained in the cipher images. The voice database we applied was the Pitch Tracking Database from the Graz University of Technology (PTDB-TUG), which provided the microphone and laryngoscope signals of 20 native English speakers. For image processing, four standard testing images from the University of Southern California-Signal and Image Processing Institute (USC-SIPI), including Lena, F-16, Mandrill, and Peppers, were presented to further demonstrate the effectiveness and efficiency of the smart image encryption algorithm.

MARAS: Mutual Authentication and Role-Based Authorization Scheme for Lightweight Internet of Things Applications

The Internet of things (IoT) accommodates lightweight sensor/actuator devices with limited resources; hence, more efficient methods for known challenges are sought after. Message queue telemetry transport (MQTT) is a publish/subscribe-based protocol that allows resource-efficient communication among clients, so-called brokers, and servers. However, it lacks viable security features beyond username/password checks, yet transport-layer security (TLS/HTTPS) is not efficient for constrained devices. MQTT also lacks mutual authentication among clients and brokers. To address the issue, we developed a mutual authentication and role-based authorization scheme for lightweight Internet of things applications (MARAS). It brings mutual authentication and authorization to the network via dynamic access tokens, hash-based message authentication code (HMAC)-based one-time passwords (HOTP), advanced encryption standard (AES), hash chains, and a trusted server running OAuth2.0 along with MQTT. MARAS merely modifies "publish" and "connect" messages among 14 message types of MQTT. Its overhead to "publish" messages is 49 bytes, and to "connect" messages is 127 bytes. Our proof-of-concept showed that the overall data traffic with MARAS remains lower than double the traffic without it, because "publish" messages are the most common. Nevertheless, tests showed that round-trip times for a "connect" message (and its "ack") are delayed less than a percentile of a millisecond; for a "publish" message, the delays depend on the size and frequency of published information, but we can safely say that the delay is upper bounded by 163% of the network defaults. So, the scheme's overhead to the network is tolerable. Our comparison with similar works shows that while our communication overhead is similar, MARAS offers better computational performance as it offloads computationally intensive operations to the broker side.

DIdM-EIoTD: Distributed Identity Management for Edge Internet of Things (IoT) Devices

The Internet of Things (IoT) paradigm aims to enhance human society and living standards with the vast deployment of smart and autonomous devices, which requires seamless collaboration. The number of connected devices increases daily, introducing identity management requirements for edge IoT devices. Due to IoT devices' heterogeneity and resource-constrained configuration, traditional identity management systems are not feasible. As a result, identity management for IoT devices is still an open issue. Distributed Ledger Technology (DLT) and blockchain-based security solutions are becoming popular in different application domains. This paper presents a novel DLT-based distributed identity management architecture for edge IoT devices. The model can be adapted with any IoT solution for secure and trustworthy communication between devices. We have comprehensively reviewed popular consensus mechanisms used in DLT implementations and their connection to IoT research, specifically identity management for Edge IoT devices. Our proposed location-based identity management model is generic, distributed, and decentralized. The proposed model is verified using the Scyther formal verification tool for security performance measurement. SPIN model checker is employed for different state verification of our proposed model. The open-source simulation tool FobSim is used for fog and edge/user layer DTL deployment performance analysis. The results and discussion section represents how our proposed decentralized identity management solution should enhance user data privacy and secure and trustworthy communication in IoT.

Access Control Design Practice and Solutions in Cloud-Native Architecture: A Systematic Mapping Study

Protecting the resources of a cloud-native application is essential to meet an organization's security goals. Cloud-native applications manage thousands of user requests, and an organization must employ a proper access control mechanism. However, unfortunately, developers sometimes grumble when designing and enforcing access decisions for a gigantic scalable application. It is sometimes complicated to choose the potential access control model for the system. Cloud-native software architecture has become an integral part of the industry to manage and maintain customer needs. A microservice is a combination of small independent services that might have hundreds of parts, where the developers must protect the individual services. An efficient access control model can defend the respective services and consistency. This study intends to comprehensively analyze the current access control mechanism and techniques utilized in cloud-native architecture. For this, we present a systematic mapping study that extracts current approaches, categorizes access control patterns, and provides developers guidance to meet security principles. In addition, we have gathered 234 essential articles, of which 29 have been chosen as primary studies. Our comprehensive analysis will guide practitioners to identify proper access control mechanisms applicable to ensuring security goals in cloud-native architectures.

Data and Service Security of GNSS Sensors Integrated with Cryptographic Module

Navigation and positioning are of increasing importance because they are becoming a new form of infrastructure. To ensure both development and security, this study designed a technical innovation structure to upgrade the GNSS (Global Navigation Satellite System) data transmission and real-time differential correction service system and proposed a new multiple cryptographic fusion algorithm to achieve the encryption and decryption of GNSS data and services. First, a GNSS station encrypts GNSS data with an encryption key and obtains a public key from a GNSS data center to encrypt the GNSS data encryption key. After that, identity authentication of a GNSS station is carried out, and an SSL VPN is established between the GNSS station and a GNSS data center before GNSS data are transmitted to the GNSS data center. Then, the GNSS data center decrypts the received GNSS data. The process of an intelligent terminal for real-time differential corrections is similar to that of the GNSS station and the GNSS data center. A GNSS sensor integrated with a cryptographic module was developed to validate the structure in an open environment. The results showed that the developed GNSS sensor was successful in encrypting the data, and the GNSS data center was able to decrypt the data correctly. For the performance test, a cryptography server was able support the requirements of GNSS applications. However, a cryptography server was optimal in supporting 40~50 GNSS stations simultaneously, whereas a cluster was suggested to be configured if the number of GNSS stations was more than 60. In conclusion, the method was able to ensure the validity, confidentiality, integrity, and non-repudiation of GNSS data and services. The proposed upgrading technology was suitable for coordinating GNSS development and security.

Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions

Internet of Things (IoT) provides a wide range of services in domestic and industrial environments. Access control plays a crucial role in granting access rights to users and devices when an IoT device is connected to a network. However, many challenges exist in designing and implementing an ideal access control solution for the IoT due to the characteristics of the IoT including but not limited to the variety of the IoT devices, the resource constraints on the IoT devices, and the heterogeneous nature of the IoT. This paper conducts a comprehensive survey on access control in the IoT, including access control requirements, authorization architecture, access control models, access control policies, access control research challenges, and future directions. It identifies and summarizes key access control requirements in the IoT. The paper further evaluates the existing access control models to fulfill the access control requirements. Access control decisions are governed by access control policies. The existing approaches on dynamic policies' specification are reviewed. The challenges faced by the existing solutions for policies' specification are highlighted. Finally, the paper presents the research challenges and future directions of access control in the IoT. Due to the variety of IoT applications, there is no one-size-fits-all solution for access control in the IoT. Despite the challenges encountered in designing and implementing the access control in the IoT, it is desired to have an access control solution to meet all the identified requirements to secure the IoT.

A Blockchain-Based Authentication and Authorization Scheme for Distributed Mobile Cloud Computing Services

Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Working conditions, authorizations, mental health, and job satisfaction of physician assistants in Germany

Objective

This study explores associations among the overall and facet-specific job satisfaction, work-related factors, responsibilities, and mental health of physician assistants (PAs) in Germany to identify factors that prolong the lifetime and wellbeing of PAs in practice and to counteract the shortage of healthcare staff.

Methods

An online survey comprising sociodemographic and work-related items, items from the short questionnaire of general and facet-specific job satisfaction (KAFA), and the Depression, Anxiety, and Stress Scale (DASS-21) were distributed to PAs working in Germany in 2021 (cross-sectional survey design). Descriptive statistics, DASS-21 subscale score analysis, t-test, ANOVA, or Kruskal-Wallis test was used.

Results

PAs (n = 169) were working mainly in surgery (23.2%), internal medicine (20.3%), or orthopedics and trauma surgery (17.5%), whereas only a few PAs were working in emergency care, geriatrics, neurology, or oncology. They were responsible for a broad spectrum of medical activities depending on the practice setting. PAs working in emergency care claimed to be the most empowered, followed by PAs in orthopedics and surgery. Almost all PAs carried out documentation, anamnesis, and diagnostic services. Although almost all PAs rated their overall job satisfaction as good, satisfactory, or pleasant (91.6%), single facets of job satisfaction were rated differently. Colleagues and supervisors were assessed very positively, whereas payment and professional activities were rated rather average and development opportunities even worse. PAs working in oncology demonstrated the highest overall job satisfaction, followed by PAs working in geriatrics and emergency care. Overall job satisfaction was significantly negatively associated with depression, anxiety, and stress scores (p ≤ 0.001, p ≤ 0.05, and p ≤ 0.05, respectively). Particularly, female gender, having an urban residence, and PAs working in oncology demonstrated significantly increased anxiety scores. Moreover, depression scores of PAs working in oncology or neurology or with a low net income exceeded critical cutoff values.

Conclusion

Interventions aimed at removing the significant negative correlation among job satisfaction, depression, anxiety, and stress scores are needed. To retain PAs in their jobs, salary, autonomy, and development opportunities should be improved and prevention programs for anxiety and depression should be offered. Remarkably, PAs' overall good job satisfaction was mainly determined by good evaluations of supervisors and colleagues.

Is standby therapy for Covid-19 a practical option for travellers?

International travel has resumed while the risk of SARS-CoV-2 persists, leading to consideration of medications that can treat or prevent Covid-19 when travellers become ill abroad. Nirmatrelvir-ritonavir, molnupiravir and tixagevimab-cilgavimab are available under Emergency Use Authorization or conditional approval. We discuss the potential application of these medications to protect travellers.

DDoS Attack Prevention for Internet of Thing Devices Using Ethereum Blockchain Technology

The Internet of Things (IoT) has widely expanded due to its advantages in enhancing the business, industrial, and social ecosystems. Nevertheless, IoT infrastructure is susceptible to several cyber-attacks due to the endpoint devices' restrictions in computation, storage, and communication capacity. As such, distributed denial-of-service (DDoS) attacks pose a serious threat to the security of the IoT. Attackers can easily utilize IoT devices as part of botnets to launch DDoS attacks by taking advantage of their flaws. This paper proposes an Ethereum blockchain model to detect and prevent DDoS attacks against IoT systems. Additionally, the proposed system can be used to resolve the single points of failure (dependencies on third parties) and privacy and security in IoT systems. First, we propose implementing a decentralized platform in place of current centralized system solutions to prevent DDoS attacks on IoT devices at the application layer by authenticating and verifying these devices. Second, we suggest tracing and recording the IP address of malicious devices inside the blockchain to prevent them from connecting and communicating with the IoT networks. The system performance has been evaluated by performing 100 experiments to evaluate the time taken by the authentication process. The proposed system highlights two messages with a time of 0.012 ms: the first is the request transmitted from the IoT follower device to join the blockchain, and the second is the blockchain response. The experimental evaluation demonstrated the superiority of our system because there are fewer I/O operations in the proposed system than in other related works, and thus it runs substantially faster.

Blockchain-Based Security Mechanisms for IoMT Edge Networks in IoMT-Based Healthcare Monitoring Systems

Despite the significant benefits that the rise of Internet of Medical Things (IoMT) can bring into citizens’ quality of life by enabling IoMT-based healthcare monitoring systems, there is an urgent need for novel security mechanisms to address the pressing security challenges of IoMT edge networks in an effective and efficient manner before they gain the trust of all involved stakeholders and reach their full potential in the market of next generation IoMT-based healthcare monitoring systems. In this context, blockchain technology has been foreseen by the industry and research community as a disruptive technology that can be integrated into novel security solutions for IoMT edge networks, as it can play a significant role in securing IoMT devices and resisting unauthorized access during data transmission (i.e., tamper-proof transmission of medical data). However, despite the fact that several blockchain-based security mechanisms have already been proposed in the literature for different types of IoT edge networks, there is a lack of blockchain-based security mechanisms for IoMT edge networks, and thus more effort is required to be put on the design and development of security mechanisms relying on blockchain technology for such networks. Towards this direction, the first step is the comprehensive understanding of the following two types of blockchain-based security mechanisms: (a) the very few existing ones specifically designed for IoMT edge networks, and (b) those designed for other types of IoT networks but could be possibly adopted in IoMT edge networks due to similar capabilities and technical characteristics. Therefore, in this paper, we review the state-of-the-art of the above two types of blockchain-based security mechanisms in order to provide a foundation for organizing research efforts towards the design and development of reliable blockchain-based countermeasures, addressing the pressing security challenges of IoMT edge networks in an effective and efficient manner.

Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study

In this study, we implemented an integrated security solution with Spring Security and Keycloak open-access platform (SSK) to secure data collection and exchange over microservice architecture application programming interfaces (APIs). The adopted solution implemented the following security features: open authorization, multi-factor authentication, identity brokering, and user management to safeguard microservice APIs. Then, we extended the security solution with a virtual private network (VPN), Blowfish and crypt (Bcrypt) hash, encryption method, API key, network firewall, and secure socket layer (SSL) to build up a digital infrastructure. To accomplish and describe the adopted SSK solution, we utilized a web engineering security method. As a case study, we designed and developed an electronic health coaching (eCoach) prototype system and hosted the system in the expanded digital secure infrastructure to collect and exchange personal health data over microservice APIs. We further described our adopted security solution's procedural, technical, and practical considerations. We validated our SSK solution implementation by theoretical evaluation and experimental testing. We have compared the test outcomes with related studies qualitatively to determine the efficacy of the hybrid security solution in digital infrastructure. The SSK implementation and configuration in the eCoach prototype system has effectively secured its microservice APIs from an attack in all the considered scenarios with 100% accuracy. The developed digital infrastructure with SSK solution efficiently sustained a load of (≈)300 concurrent users. In addition, we have performed a qualitative comparison among the following security solutions: Spring-based security, Keycloak-based security, and their combination (our utilized hybrid security solution), where SSK showed a promising outcome.

Systematic Review of Authentication and Authorization Advancements for the Internet of Things

Technologies for the Internet of Things (IoT) are maturing, yet no common standards dictate their direction, leaving space for a plethora of research directions and opportunities. Among the most important IoT topics is security. When we design a robust system, it is important to know the available options for facing common tasks related to access control, authentication, and authorization. In this review, we systematically analyze 1622 peer-reviewed publications from October 2017 to December 2020 to find the taxonomy of security solutions. In addition, we assess and categorize current practices related to IoT security solutions, commonly involved technologies, and standards applied in recent research. This manuscript provides a practical road map to recent research, guiding the reader and providing an overview of recent research efforts.

GA4GH Passport standard for digital identity and access permissions

The Global Alliance for Genomics and Health (GA4GH) supports international standards that enable a federated data sharing model for the research community while respecting data security, ethical and regulatory frameworks, and data authorization and access processes for sensitive data. The GA4GH Passport standard (Passport) defines a machine-readable digital identity that conveys roles and data access permissions (called "visas") for individual users. Visas are issued by data stewards, including data access committees (DACs) working with public databases, the entities responsible for the quality, integrity, and access arrangements for the datasets in the management of human biomedical data. Passports streamline management of data access rights across data systems by using visas that present a data user's digital identity and permissions across organizations, tools, environments, and services. We describe real-world implementations of the GA4GH Passport standard in use cases from ELIXIR Europe, National Institutes of Health, and the Autism Sharing Initiative. These implementations demonstrate that the Passport standard has provided transparent mechanisms for establishing permissions and authorizing data access across platforms.

Authorizing Third-Party Applications Served through Messaging Platforms

The widespread adoption of smartphones and the new-generation wireless networks have changed the way that people interact among themselves and with their environment. The use of messaging platforms, such as WhatsApp, has become deeply ingrained in peoples’ lives, and many digital services have started to be delivered using these communication channels. In this work, we propose a new OAuth grant type to be used when the interaction between the resource owner and the client takes place through a messaging platform. This new grant type firstly allows the authorization server to be sure that no Man-in-the-Middle risk exists between the resource owner and the client before issuing an access token. Secondly, it allows the authorization server to interact with the resource owner through the same user-agent already being used to interact with the client, i.e., the messaging platform, which is expected to improve the overall user experience of the authorization process. To verify this assumption, we conducted a usability study in which subjects were required to perform the full authorization process using both the standard authorization code grant type (through a web-browser) and the new grant type defined in this work. They have also been required to fill in a small questionnaire including some demographic information and their impressions about both authorization flows. The results suggest that the proposed grant type eases the authorization process in most cases.

Modbus Access Control System Based on SSI over Hyperledger Fabric Blockchain

Security is the main challenge of the Modbus IIoT protocol. The systems designed to provide security involve solutions that manage identity based on a centralized approach by introducing a single point of failure and with an ad hoc model for an organization, which handicaps the solution scalability. Our manuscript proposes a solution based on self-sovereign identity over hyperledger fabric blockchain, promoting a decentralized identity from which both authentication and authorization are performed on-chain. The implementation of the system promotes not only Modbus security, but also aims to ensure the simplicity, compatibility and interoperability claimed by Modbus.

Machine Learning for Authentication and Authorization in IoT: Taxonomy, Challenges and Future Research Direction

With the ongoing efforts for widespread Internet of Things (IoT) adoption, one of the key factors hindering the wide acceptance of IoT is security. Securing IoT networks such as the electric power grid or water supply systems has emerged as a major national and global priority. To address the security issue of IoT, several studies are being carried out that involve the use of, but are not limited to, blockchain, artificial intelligence, and edge/fog computing. Authentication and authorization are crucial aspects of the CIA triad to protect the network from malicious parties. However, existing authorization and authentication schemes are not sufficient for handling security, due to the scale of the IoT networks and the resource-constrained nature of devices. In order to overcome challenges due to various constraints of IoT networks, there is a significant interest in using machine learning techniques to assist in the authentication and authorization process for IoT. In this paper, recent advances in authentication and authorization techniques for IoT networks are reviewed. Based on the review, we present a taxonomy of authentication and authorization schemes in IoT focusing on machine learning-based schemes. Using the presented taxonomy, a thorough analysis is provided of the authentication and authorization (AA) security threats and challenges for IoT. Furthermore, various criteria to achieve a high degree of AA resiliency in IoT implementations to enhance IoT security are evaluated. Lastly, a detailed discussion on open issues, challenges, and future research directions is presented for enabling secure communication among IoT nodes.

Multi-Layer Blockchain-Based Security Architecture for Internet of Things

The proliferation of smart devices in the Internet of Things (IoT) networks creates significant security challenges for the communications between such devices. Blockchain is a decentralized and distributed technology that can potentially tackle the security problems within the 5G-enabled IoT networks. This paper proposes a Multi layer Blockchain Security model to protect IoT networks while simplifying the implementation. The concept of clustering is utilized in order to facilitate the multi-layer architecture. The K-unknown clusters are defined within the IoT network by applying techniques that utillize a hybrid Evolutionary Computation Algorithm while using Simulated Annealing and Genetic Algorithms. The chosen cluster heads are responsible for local authentication and authorization. Local private blockchain implementation facilitates communications between the cluster heads and relevant base stations. Such a blockchain enhances credibility assurance and security while also providing a network authentication mechanism. The open-source Hyperledger Fabric Blockchain platform is deployed for the proposed model development. Base stations adopt a global blockchain approach to communicate with each other securely. The simulation results demonstrate that the proposed clustering algorithm performs well when compared to the earlier reported approaches. The proposed lightweight blockchain model is also shown to be better suited to balance network latency and throughput as compared to a traditional global blockchain.

IMSC-EIoTD: Identity Management and Secure Communication for Edge IoT Devices

The Internet of things (IoT) will accommodate several billions of devices to the Internet to enhance human society as well as to improve the quality of living. A huge number of sensors, actuators, gateways, servers, and related end-user applications will be connected to the Internet. All these entities require identities to communicate with each other. The communicating devices may have mobility and currently, the only main identity solution is IP based identity management which is not suitable for the authentication and authorization of the heterogeneous IoT devices. Sometimes devices and applications need to communicate in real-time to make decisions within very short times. Most of the recently proposed solutions for identity management are cloud-based. Those cloud-based identity management solutions are not feasible for heterogeneous IoT devices. In this paper, we have proposed an edge-fog based decentralized identity management and authentication solution for IoT devices (IoTD) and edge IoT gateways (EIoTG). We have also presented a secure communication protocol for communication between edge IoT devices and edge IoT gateways. The proposed security protocols are verified using Scyther formal verification tool, which is a popular tool for automated verification of security protocols. The proposed model is specified using the PROMELA language. SPIN model checker is used to confirm the specification of the proposed model. The results show different message flows without any error.

A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues

Over the last few decades, the proliferation of the Internet of Things (IoT) has produced an overwhelming flow of data and services, which has shifted the access control paradigm from a fixed desktop environment to dynamic cloud environments. Fog computing is associated with a new access control paradigm to reduce the overhead costs by moving the execution of application logic from the centre of the cloud data sources to the periphery of the IoT-oriented sensor networks. Indeed, accessing information and data resources from a variety of IoT sources has been plagued with inherent problems such as data heterogeneity, privacy, security and computational overheads. This paper presents an extensive survey of security, privacy and access control research, while highlighting several specific concerns in a wide range of contextual conditions (e.g., spatial, temporal and environmental contexts) which are gaining a lot of momentum in the area of industrial sensor and cloud networks. We present different taxonomies, such as contextual conditions and authorization models, based on the key issues in this area and discuss the existing context-sensitive access control approaches to tackle the aforementioned issues. With the aim of reducing administrative and computational overheads in the IoT sensor networks, we propose a new generation of Fog-Based Context-Aware Access Control (FB-CAAC) framework, combining the benefits of the cloud, IoT and context-aware computing; and ensuring proper access control and security at the edge of the end-devices. Our goal is not only to control context-sensitive access to data resources in the cloud, but also to move the execution of an application logic from the cloud-level to an intermediary-level where necessary, through adding computational nodes at the edge of the IoT sensor network. A discussion of some open research issues pertaining to context-sensitive access control to data resources is provided, including several real-world case studies. We conclude the paper with an in-depth analysis of the research challenges that have not been adequately addressed in the literature and highlight directions for future work that has not been well aligned with currently available research.

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol’s resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.

PALOT: Profiling and Authenticating Users Leveraging Internet of Things

Continuous authentication was introduced to propose novel mechanisms to validate users’ identity and address the problems and limitations exposed by traditional techniques. However, this methodology poses several challenges that remain unsolved. In this paper, we present a novel framework, PALOT, that leverages IoT to provide context-aware, continuous and non-intrusive authentication and authorization services. To this end, we propose a formal information system model based on ontologies, representing the main source of knowledge of our framework. Furthermore, to recognize users’ behavioral patterns within the IoT ecosystem, we introduced a new module called “confidence manager”. The module is then integrated into an extended version of our early framework architecture, IoTCAF, which is consequently adapted to include the above-mentioned component. Exhaustive experiments demonstrated the efficacy, feasibility and scalability of the proposed solution.

Reimbursement of Orphan Drugs in Europe in Relation to the Type of Authorization by the European Medicines Agency and the Decision Making Based on Health Technology Assessment

Objective: To assess shares of reimbursed orphan drugs and agreement in reimbursement decision-making in different European Union member states as well as to define odds for reimbursement influenced by the presence of conditional approval or exceptional circumstances granted by the European Medicines Agency (EMA) or by type of the disease. Methods: The list of authorized drugs with current orphan designations was collected from the website of the EMA. For each drug, the information regarding conditional approval or approval under exceptional circumstances was collected. The reimbursement statuses were available on national reimbursement or HTA agencies websites. The agreement for reimbursement decisions between selected countries was assessed using the κ coefficient for the measurement of agreement. The impact of the EMA's conditional approval as well as approval under exceptional circumstances was assessed using the logistic regression and presented as odds ratio. Results: The percentage of reimbursed orphan drugs varied significantly from 27% in Poland to 88% in Denmark, with an average value of 51% (p < 0.0001). Regarding the reimbursement status, the highest, substantial agreement was observed between Spain and Italy, and the lowest agreement was observed between Germany and England, with κ of 0.64 and 0.01, respectively. Conditional approval status significantly decreased the chance for reimbursement in France, Italy, and Spain by 77-80%; however, approval granted under exceptional circumstances had significant impact only in Germany with 85% decrease in chances for reimbursement. The type of the disease (oncology or metabolic) was significantly associated with both conditional approval (p of 0.03-oncology drugs were more likely to be conditionally approved then the rest of analyzed drugs) and exceptional circumstances (p of 0.02-drugs for metabolic diseases were more likely to be approved under exceptional circumstances). Conclusions: Access to reimbursed orphan drugs varies significantly across EU countries. The highest, substantial agreement in reimbursement decisions was observed between Italy and Spain and the lowest between Germany and England. Conditional approval and approval under exceptional circumstances were significant negative predictors of reimbursement in some countries and they were significantly associated with the type of the disease (oncology or metabolic).

[Safety of intensive sweeteners]

Nowadays low calorie or intesive sweeteners are getting more and more popular. These sweeteners can be placed to the market and used as food additives according to the recent EU legislation. In the meantime news are coming out one after the other stating that many of these artificial intensive sweeteners can cause cancer - the highest risk has been attributed to aspartam. Low calorie sweeteners, just like all the other additives can be authorized after strickt risk assessment procedure according to the recent food law. Only after the additive has gone through these procedure can be placed to the list of food additives, which contains not only the range of food these additives can be used, but also the recommended highest amount of daily consumption. European Food Safety Authority considering the latest scientific examination results, evaluates regularly the safety of sweeteners authorized earlier. Until now there is no evidence found to question the safety of the authorized intensive sweeteners. Orv. Hetil., 2016, 157(Suppl. 1), 14-28.

"I Am Ready and Willing to Provide the Service … Though My Religion Frowns on Abortion"-Ghanaian Midwives' Mixed Attitudes to Abortion Services: A Qualitative Study

BACKGROUND

Unsafe abortion is a major preventable public health problem and contributes to high mortality among women. Ghana has ratified international conventions to prevent unwanted pregnancies and provide safe abortion services, legally authorizing midwives to provide induced abortion services in certain circumstances.

OBJECTIVE

The aim of the study was to understand midwives' readiness to be involved in legal induced abortions, should the law become less restricted in Ghana.

METHODS

A qualitative study design, with a topic guide for individual in-depth interviews of selected midwives, was adopted. The interviews were tape-recorded and analyzed using content analysis.

RESULTS

Participants emphasized their willingness to reduce maternal mortalities, their experiences of maternal deaths, and their passion for the health of pregnant women. Knowledge of Ghana's abortion law was generally low. Different views were expressed regarding readiness to engage in abortion services. Some expressed it as being sinful and against their religion to assist in abortion care, whilst others felt it was good to save the lives of women.

CONCLUSION

The midwives made it clear that unsafe abortions are common, stigmatizing and contributing to maternal mortality, issues that must be addressed. They made various suggestions to reduce this preventable tragedy.

[Guidelines for the management of human resources]

The management of human resources is a major issue for laboratory accreditation, since it allows to show the proofs of competency assessment, a basis to ensure the confidence. In this paper, the main processes involved are described: the general process for the management of human resources and the authorization for personnel process. Guidelines for document control are also proposed. At least, examples are given to facilitate the implementation of these guidelines in a medical laboratory.

Globus Platform-as-a-Service for Collaborative Science Applications

Globus, developed as Software-as-a-Service (SaaS) for research data management, also provides APIs that constitute a flexible and powerful Platform-as-a-Service (PaaS) to which developers can outsource data management activities such as transfer and sharing, as well as identity, profile and group management. By providing these frequently important but always challenging capabilities as a service, accessible over the network, Globus PaaS streamlines web application development and makes it easy for individuals, teams, and institutions to create collaborative applications such as science gateways for science communities. We introduce the capabilities of this platform and review representative applications.