{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T02:23:23Z","timestamp":1769912603583,"version":"3.49.0"},"reference-count":37,"publisher":"MDPI AG","issue":"15","license":[{"start":{"date-parts":[[2020,7,29]],"date-time":"2020-07-29T00:00:00Z","timestamp":1595980800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>As accessibility of networked devices becomes more and more ubiquitous, groundbreaking applications of the Internet of Things (IoT) find their place in many aspects of our society. The exploitation of these devices is the main reason for the cyberattacks in IoT networks. Security design is still an open problem and a crucial step in making IoT applications successful. In dicey environments, such as e-health, smart grid, and smart cities, real-time commands must reach the end devices in the scale of milliseconds. Traditional public-key cryptosystem, albeit necessary in the context of general Internet security, falls short in establishing new session keys in the scale of milliseconds for critical messages. In this paper, a systematic perspective for securing IoT communication, specifically satisfying the real-time constraint against certain adversaries in realistic settings. First, at the network layer, we propose a secret random route computation scheme using the software-defined network (SDN) based on a capability scheme using the network actions. The computed routes are random in the eyes of the eavesdropper. Second, at the application layer, the source breaks command messages into secret shares and sends them through the network to the destination. Only the legitimate destination device can reconstruct the command. The secret sharing scheme is efficient compared to PKI and comes with information-theoretic security against adversaries. Our proof formalizes the notion of security of the proposed scheme, and our simulations validate our design.<\/jats:p>","DOI":"10.3390\/s20154221","type":"journal-article","created":{"date-parts":[[2020,7,30]],"date-time":"2020-07-30T03:36:38Z","timestamp":1596080198000},"page":"4221","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Secure Route-Obfuscation Mechanism with Information-Theoretic Security for Internet of Things"],"prefix":"10.3390","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1225-5022","authenticated-orcid":false,"given":"Abid","family":"Rauf","sequence":"first","affiliation":[{"name":"National University of Sciences and Technology (NUST), School of Electrical Engineering and Computer Science, Islamabad 44000, Pakistan"}]},{"given":"Zhaohong","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, California State University, Chico, CA 90802, USA"}]},{"given":"Hasan","family":"Sajid","sequence":"additional","affiliation":[{"name":"National University of Sciences and Technology (NUST), School of Mechanical and Manufacturing Engineering, Islamabad 44000, Pakistan"}]},{"given":"Muhammad","family":"Ali Tahir","sequence":"additional","affiliation":[{"name":"National University of Sciences and Technology (NUST), School of Electrical Engineering and Computer Science, Islamabad 44000, Pakistan"}]}],"member":"1968","published-online":{"date-parts":[[2020,7,29]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Esiner, E. (2019, January 21\u201323). F-Pro: A Fast and Flexible Provenance-Aware Message Authentication Scheme for Smart Grid. Proceedings of the 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Beijing, China.","DOI":"10.1109\/SmartGridComm.2019.8909712"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Gan, G., Lu, Z., and Jiang, J. (2011, January 16\u201318). Internet of things security analysis. Proceedings of the 2011 International Conference on Internet Technology and Applications, Wuhan, China.","DOI":"10.1109\/ITAP.2011.6006307"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Del Pino, R., Lyubashevsky, V., Neven, G., and Seiler, G. (November, January 30). Practical quantum-safe voting from lattices. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA.","DOI":"10.1145\/3133956.3134101"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1038\/525167a","article-title":"Encryption faces quantum foe","volume":"10","author":"Cesare","year":"2015","journal-title":"Nature"},{"key":"ref_5","unstructured":"(2020, July 25). Open Networking Fundation. Software-Defined Networking: The New Norm for Networks. Available online: https:\/\/www.opennetworking.org\/images\/stories\/downloads\/sdn-resources\/white-papers\/wp-sdn-newnorm.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Wang, J., Zhai, P., Zhang, Y., Shi, L., Wu, G., Shi, X., and Zhou, P. (2016, January 15\u201316). Software defined network routing in wireless sensor network. Proceedings of the Cloud Computing, Security, Privacy in New Computing Environments, Guangzhou, China.","DOI":"10.1007\/978-3-319-69605-8_1"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1016\/j.jnca.2016.12.007","article-title":"A software defined network routing in wireless multihop network","volume":"85","author":"Wang","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1109\/JIOT.2017.2779180","article-title":"SDN-based data transfer security for Internet of Things","volume":"5","author":"Liu","year":"2017","journal-title":"IEEE Internet Things J."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"2236","DOI":"10.1109\/TIFS.2015.2453936","article-title":"A first step toward network security virtualization: From concept to prototype","volume":"10","author":"Shin","year":"2015","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Shen, S.H., Huang, L.H., Yang, D.N., and Chen, W.T. (May, January 26). Reliable multicast routing for software-defined networks. Proceedings of the 2015 IEEE Conference on Computer Communications (INFOCOM), Kowloon, Hong Kong.","DOI":"10.1109\/INFOCOM.2015.7218381"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Huang, M., Liang, W., Xu, Z., Xu, W., Guo, S., and Xu, Y. (2016, January 10\u201314). Dynamic routing for network throughput maximization in software-defined networks. Proceedings of the IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications, San Francisco, CA, USA.","DOI":"10.1109\/INFOCOM.2016.7524613"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1016\/j.comnet.2016.03.017","article-title":"An efficient routing algorithm based on segment routing in software-defined networking","volume":"103","author":"Lee","year":"2016","journal-title":"Comput. Netw."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"567","DOI":"10.1002\/wcm.995","article-title":"QoS-aware routing and power control algorithm for multimedia service over multi-hop mobile ad hoc network","volume":"12","author":"Lee","year":"2012","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"3488","DOI":"10.1109\/TC.2015.2401031","article-title":"Joint optimization of rule placement and traffic engineering for QoS provisioning in software defined network","volume":"64","author":"Huang","year":"2015","journal-title":"IEEE Trans. Comput."},{"key":"ref_15","first-page":"1208","article-title":"The Flow-oriented Scheduling Algorithms In SDN System","volume":"6","author":"Wan","year":"2016","journal-title":"Chin. J. Comput."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"400","DOI":"10.23919\/TST.2017.7986943","article-title":"RouteGuardian: Constructing secure routing paths in software-defined networking","volume":"22","author":"Wang","year":"2017","journal-title":"Tsinghua Sci. Technol."},{"key":"ref_17","unstructured":"Casado, M., Garfinkel, T., Akella, A., Freedman, M., Boneh, D., McKeown, N., and Shenker, S. (August, January 31). SANE: A Protection Architecture for Enterprise Networks. Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada."},{"key":"ref_18","unstructured":"Yoon, C., and Lee, S. (2020, July 25). Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking. Available online: https:\/\/www.blackhat.com\/docs\/us-16\/materials\/us-16-Yoon-Attacking-SDN-Infrastructure-Are-We-Ready-For-The-Next-Gen-Networking.pdf."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"675","DOI":"10.1109\/TSG.2011.2160661","article-title":"A lightweight message authentication scheme for smart grid communications","volume":"2","author":"Fouda","year":"2011","journal-title":"IEEE Trans. Smart Grid"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"629","DOI":"10.1109\/JSYST.2013.2260942","article-title":"Efficient authentication and key management mechanisms for smart grid communications","volume":"8","author":"Nicanfar","year":"2013","journal-title":"IEEE Syst. J."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"188","DOI":"10.1038\/nature23461","article-title":"Post-quantum cryptography","volume":"549","author":"Bernstein","year":"2017","journal-title":"Nature"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Paquin, C., Stebila, D., and Tamvada, G. (2020, January 15\u201317). Benchmarking post-quantum cryptography in tls. Proceedings of the Eleventh International Conference on Post-Quantum Cryptography, Paris, France.","DOI":"10.1007\/978-3-030-44223-1_5"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3378164","article-title":"Synthesis of flexible accelerators for early adoption of ring-lwe post-quantum cryptography","volume":"19","author":"Nejatollahi","year":"2020","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Andrzejczak, M. (2019, January 1\u20134). The Low-Area FPGA Design for the Post-Quantum Cryptography Proposal Round5. Proceedings of the 2019 Federated Conference on Computer Science and Information Systems (FedCSIS), Leipzig, Gemany.","DOI":"10.15439\/2019F230"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Cramer, R., Damg\u00e5rd, I.B., D\u00f6ttling, N., Fehr, S., and Spini, G. (2015, January 26\u201330). Linear secret sharing schemes from error correcting codes and universal hash functions. Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria.","DOI":"10.1007\/978-3-662-46803-6_11"},{"key":"ref_26","first-page":"840","article-title":"A new (t, n) multi-secret sharing scheme based on Shamir\u2019s secret sharing","volume":"10","author":"Pang","year":"2005","journal-title":"Appl. Math. Comput."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"1140","DOI":"10.1109\/TPDS.2013.138","article-title":"Secure and reliable routing protocols for heterogeneous multihop wireless networks","volume":"26","author":"Mahmoud","year":"2013","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Vald\u00e9s, L., Ariza, A., Allende, S.M., and Joya, G. (2019, January 12\u201314). Searching the Shortest Pair of Edge-Disjoint Paths in a Communication Network. A Fuzzy Approach. Proceedings of the 15th International Work-Conference on Artificial Neural Networks, IWANN 2019, Gran Canaria, Spain.","DOI":"10.1007\/978-3-030-20518-8_53"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1145\/359168.359176","article-title":"How to Share a Secret","volume":"22","author":"Shamir","year":"1979","journal-title":"Commun. ACM"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Yazdinejad, A., Parizi, R., Dehghantanha, A., Zhang, Q., and Choo, K.K. (2020). An energy-efficient SDN controller architecture for IoT networks with blockchain-based security. IEEE Trans. Serv. Comput.","DOI":"10.1109\/TSC.2020.2966970"},{"key":"ref_31","unstructured":"Cachin, C. (2020, July 25). Architecture of the Hyperledger Blockchain Fabric. Available online: https:\/\/pdfs.semanticscholar.org\/f852\/c5f3fe649f8a17ded391df0796677a59927f.pdf."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"379","DOI":"10.1002\/j.1538-7305.1948.tb01338.x","article-title":"A mathematical theory of communication","volume":"27","author":"Shannon","year":"1948","journal-title":"Bell Syst. Tech. J."},{"key":"ref_33","unstructured":"Cover, T.M. (1999). Elements of Information Theory, John Wiley and Sons."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Corniaux, C., and Ghodosi, H. (2014, January 24\u201326). An entropy-based demonstration of the security of Shamir\u2019s secret sharing scheme. Proceedings of the 2014 International Conference on Information Science, Electronics and Electrical Engineering, Sapporo, Japan.","DOI":"10.1109\/InfoSEEE.2014.6948065"},{"key":"ref_35","unstructured":"(2020, June 28). Mininet. An Instant Virtual Network. Available online: http:\/\/mininet.org\/."},{"key":"ref_36","unstructured":"(2020, June 28). Ryu. SDN Framework. Available online: https:\/\/github.com\/faucetsdn\/ryu."},{"key":"ref_37","unstructured":"(2020, June 28). Open vSwitch. Home Page. Available online: https:\/\/www.openvswitch.org\/."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/15\/4221\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:52:42Z","timestamp":1760176362000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/15\/4221"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,29]]},"references-count":37,"journal-issue":{"issue":"15","published-online":{"date-parts":[[2020,8]]}},"alternative-id":["s20154221"],"URL":"https:\/\/doi.org\/10.3390\/s20154221","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,7,29]]}}}