The Internet of Things (IoT) has profoundly impacted our lives and has greatly revolutionized our lifestyle. The terminal devices in an IoT data aggregation application sense real-time data for the remote cloud server to achieve intelligent decisions. However, the high frequency of collecting user data will raise people concerns about personal privacy. In recent years, many privacy-preserving data aggregation schemes have been proposed. Unfortunately, most existing schemes cannot support either arbitrary aggregation functions, or dynamic user group management, or fault tolerance. In this paper, we propose an efficient and privacy-preserving data aggregation scheme. In the scheme, we design a lightweight encryption method to protect the user privacy by using a ring topology and a random location sequence. On this basis, the proposed scheme supports not only arbitrary aggregation functions, but also flexible dynamic user management. Furthermore, the scheme achieves fault-tolerant capabilities by utilizing a future data buffering mechanism. Security analysis reveals that the scheme can achieve the desired security properties, and %extensive experimental evaluation results show the scheme's efficiency in terms of computational and communication overhead.

User profile matching can establish social relationships between different users in the social network. If the user profile is matched in plaintext, the user's privacy might face a security challenge. Although there exist some schemes realizing privacy-preserving user profile matching, the resource-limited users or social service providers in these schemes need to take higher computational complexity to ensure the privacy or matching of the data. To overcome the problems, a novel privacy-preserving user profile matching protocol in social networks is proposed by using $t$-out-of $n$ servers and the bloom filter technique, in which the computational complexity of a user is reduced by applying the Chinese Remainder Theorem, the matching users can be found with the help of any $t$ matching servers, and the privacy of the user profile is not compromised. Furthermore, if at most $t-1$ servers are allowed to collude, our scheme can still fulfill user profile privacy and user query privacy. Finally, the performance of the proposed scheme is compared with the other two schemes, and the results show that our scheme is superior to them.

Secure authentication between user equipment and 5G core network is a critical issue for 5G system. However, the traditional authentication protocol 5G-AKA and the centralized key database are at risk of several security problems, e.g. key leakage, impersonation attack, MitM attack and single point of failure. In this paper, a blockchain based asymmetric authentication and key agreement protocol (BC-AKA) is proposed for distributed 5G core network. In particular, the key used in the authentication process is replaced from a symmetric key to an asymmetric key, and the database used to store keys in conventional 5G core network is replaced with a blockchain network. A proof of concept system for distributed 5G core network is built based on Ethereum and ECC-Secp256k1, and the efficiency and effectiveness of the proposed scheme are verified by the experiment results.

To cope with the low latency requirements and security issues of the emerging applications such as Internet of Vehicles (IoV) and Industrial Internet of Things (IIoT), the blockchain-enabled Mobile Edge Computing (MEC) system has received extensive attention. However, blockchain is a computing and communication intensive technology due to the complex consensus mechanisms. To facilitate the implementation of blockchain in the MEC system, this paper adopts the committee-based Practical Byzantine Fault Tolerance (PBFT) consensus algorithm and focuses on the committee selection problem. Vehicles and IIoT devices generate the transactions which are records of the application tasks. Base Stations (BSs) with MEC servers, which serve the transactions according to the wireless channel quality and the available computing resources, are blockchain nodes and candidates for committee members. The income of transaction service fees, the penalty of service delay, the decentralization of the blockchain and the communication complexity of the consensus process constitute the performance index. The committee selection problem is modeled as a Markov decision process, and the Proximal Policy Optimization (PPO) algorithm is adopted in the solution. Simulation results show that the proposed PPO-based committee selection algorithm can adapt to the system design requirements with different emphases and outperforms other comparison methods.

With the popularity of the internet, users hope to better protect their privacy while obtaining network services. However, in the traditional centralized authentication scheme, identity information such as the user's private key is generated, stored, and managed by the network operator. Users can’t control their identity information, which will lead to a great threat to the privacy of users. Based on redactable blockchain, we propose a fine-grained and fair identity authentication scheme for mobile networks. In our proposed scheme, the user’s identity information is generated and controlled by the users. We first propose a notion of score chameleon hash (SCH), which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services. We propose another notion of self-updating secret sharing (SUSS), which allows users to update the trapdoor and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor. Experimental results show that, compared with the immutable blockchain Bitcoin, the redactable blockchain in our identity authentication scheme provides users with fine-grained and fair redacting functions, and can be adopted with a small additional overhead.

The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node. As a distributed and collaborative alternative, approaches based upon blockchain have been explored recently for Internet of Things (IoTs). However, the access from a legitimate user may be denied without the pre-defined policy and data update on the blockchain could be costly to the owners. In this paper, we first address these issues by incorporating the Accountable Subgroup Multi-Signature (ASM) algorithm into the Attribute-based Access Control (ABAC) method with Policy Smart Contract, to provide a fine-grained and flexible solution. Next, we propose a policy-based Chameleon Hash algorithm that allows the data to be updated in a reliable and convenient way by the authorized users. Finally, we evaluate our work by comparing its performance with the benchmarks. The results demonstrate significant improvement on the effectiveness and efficiency.

Health monitoring data or the data about infectious diseases such as COVID-19 may need to be constantly updated and dynamically released, but they may contain user’s sensitive information. Thus, how to preserve the user’s privacy before their release is critically important yet challenging. Differential Privacy (DP) is well-known to provide effective privacy protection, and thus the dynamic DP preserving data release was designed to publish a histogram to meet DP guarantee. Unfortunately, this scheme may result in high cumulative errors and lower the data availability. To address this problem, in this paper, we apply Jensen-Shannon (JS) divergence to design the OPTICS (Ordering Points To Identify The Clustering Structure) scheme. It uses JS divergence to measure the difference between the updated data set at the current release time and private data set at the previous release time. By comparing the difference with a threshold, only when the difference is greater than the threshold, can we apply OPTICS to publish DP protected data sets. Our experimental results show that the absolute errors and average relative errors are significantly lower than those existing works.

This paper presents a ZUC-256 stream cipher algorithm hardware system in order to prevent the advanced security threats for 5G wireless network. The main innovation of the hardware system is that a six-stage pipeline scheme comprised of initialization and work stage is employed to enhance the solving speed of the critical logical paths. Moreover, the pipeline scheme adopts a novel optimized hardware structure to fast complete the Mod($2^{31}$-1) calculation. The function of the hardware system has been validated experimentally in detail. The hardware system shows great superiorities. Compared with the same type system in recent literatures, the logic delay reduces by 47% with an additional hardware resources of only 4 multiplexers, the throughput rate reaches 5.26 Gbps and yields at least 45% better performance, the throughput rate per unit area increases 14.8%. The hardware system provides a faster and safer encryption module for the 5G wireless network.